Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp666670pxb; Fri, 16 Apr 2021 15:18:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdcoZhUYanShGn/4XMmEmguR+ovKcAp5N2DoUoNouPZZA1KsQyHqVoEZeOFaEsfo88esRx X-Received: by 2002:a17:906:c04a:: with SMTP id bm10mr10391045ejb.521.1618611490131; Fri, 16 Apr 2021 15:18:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618611490; cv=none; d=google.com; s=arc-20160816; b=JOQdskIvQ2+XIMIihB8ZDsdxvIlrxFjd+LG5+zHg1wK3gay1AtowQbNNf2nA/f3C2y hRZNVmUe7sN87TxMx2/xKbppuBfpN8ot+LvJsFI+MdjcRPP/5dAAOlksPyC//B+OYJji wMV8+/Mhu6Mn+YzJZQsv5f1NLWn2h6XJYjtBFLIbZ2zAD5tJWec0fCLxpCJNgtAvsn7t TFgr4L52MUSp3tGimQdp3n8cV7HKO2pQ6fEgQ9i8F5Housyj8pnOcRNoDQ65C5wXbjw/ MWhK4lFJlza7QzSZySvPD1lTS9nYViIFT0Siiaz63MmvSH8yyOTxxRYxja2Hq13TKWyN xGlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=HqXM3kMLEn96G3/nALKZvPIkVzBlUz9VyGBmJqc5JzE=; b=NUEyohZd9XS+5xs6WDEWTtujznb8/9pTHwpAI9lIIkUC1DCaj3+qWqpbYt2AiXcVwr 0iN3mMpMdNk+ofG9EPvNXw91lGJNhIvx4FCNqr+vOVahWlOxOJXhDNPDOCxCQ2I1/lKz W32MaL+VKOyv9jl+dUbE6Y4SW+I/hWRYVs4grdHwjASjz9Ri471ZQXHQ6OcUgkTsTugl 4CU+XoNBy4lb2SQyd7leZHIwTsZHlkziRjj04o7P/kPZtc1gvU5zFbEtPl4t7J+/NMkz DRCIKv/n20JY7jkp9qdq+/mJcgc+LaP3xQufdwf+1isR8jLzE4DQiqd2zqFtUE4j1BQ4 N6kw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lcOphGXH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c15si5312064ejx.658.2021.04.16.15.17.47; Fri, 16 Apr 2021 15:18:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lcOphGXH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235717AbhDPWRO (ORCPT + 99 others); Fri, 16 Apr 2021 18:17:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235558AbhDPWRJ (ORCPT ); Fri, 16 Apr 2021 18:17:09 -0400 Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D531C061756 for ; Fri, 16 Apr 2021 15:16:42 -0700 (PDT) Received: by mail-pg1-x532.google.com with SMTP id y32so20099291pga.11 for ; Fri, 16 Apr 2021 15:16:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=HqXM3kMLEn96G3/nALKZvPIkVzBlUz9VyGBmJqc5JzE=; b=lcOphGXHxVCzzELzDBN2FJM2bizris3iFcQmVQ2GqUkS1yorPWLL0S4SG4QBEsW18l eSOeuRXOZFGM9Z9QTHb3Uae3bi6Mr8u73uIPz8YeDbYhragANRApSsFT9csLi05M26wd jwZqdXOVrcpkGtBg3WTqwQ7lM3gMoKb/q6rp0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=HqXM3kMLEn96G3/nALKZvPIkVzBlUz9VyGBmJqc5JzE=; b=LMO3mwVPluqeEpmu8Vh1a9d3nFewkwO3zVSlE2hU+mh216uLmVVFh+SUWMCl+RPqaS xwO82DnR7QsYe71twc4VrJs67Yc18UDVLUyFlowHLKqBPPFT9oEzoHtsGKVJ1Y0C9Xmo 1C1WotR56TcFwXsXKbbWDbgSNJ86aBYXFd7yNyvZ2OjWPctb/NfcVG+hfAHpffl3KJ8s CDb1JaEV9TKby3f/ON6qfD5TbWuot9djOJzOo+UFJg0Eb/DNszF0BslpCvP1IUVVtdPv biCmf02ZvfPWLwrS6/lAm53MK0Tx288FOdQhywP9ngkGQrM9uoSxLQGelPh9Nzke+6k1 2aKQ== X-Gm-Message-State: AOAM5314IJppP/gCIwkp48Gljnd4X8nDVjCdDhKmWFHzUW/wLGg88ZL1 aJ9QHB9QUtt4J7JDLcsC8hAQ2w== X-Received: by 2002:aa7:8d44:0:b029:244:a363:dd57 with SMTP id s4-20020aa78d440000b0290244a363dd57mr9504822pfe.8.1618611401923; Fri, 16 Apr 2021 15:16:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s6sm5697805pfw.96.2021.04.16.15.16.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Apr 2021 15:16:41 -0700 (PDT) Date: Fri, 16 Apr 2021 15:16:40 -0700 From: Kees Cook To: Borislav Petkov Cc: Sami Tolvanen , X86 ML , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Mark Rutland , linux-hardening@vger.kernel.org, LKML , clang-built-linux Subject: Re: [PATCH 05/15] x86: Implement function_nocfi Message-ID: <202104161510.246509CE@keescook> References: <20210416203844.3803177-1-samitolvanen@google.com> <20210416203844.3803177-6-samitolvanen@google.com> <20210416211855.GD22348@zn.tnic> <20210416220251.GE22348@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210416220251.GE22348@zn.tnic> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 17, 2021 at 12:02:51AM +0200, Borislav Petkov wrote: > On Fri, Apr 16, 2021 at 02:49:23PM -0700, Sami Tolvanen wrote: > > __nocfi only disables CFI checking in a function, the compiler still > > changes function addresses to point to the CFI jump table, which is > > why we need function_nocfi(). > > So call it __func_addr() or get_function_addr() or so, so that at least > it is clear what this does. FWIW, it's been renamed already. I'll CC Mark back into the thread. https://lore.kernel.org/lkml/20210325101655.GB36570@C02TD0UTHF1T.local/ > Also, am I going to get a steady stream of patches adding that wrapper > to function names or is this it? IOW, have you built an allyesconfig to > see how many locations need touching? Nooo. Much like __nocfi, this should be extremely rare and is only used in places that must not be doing CFI nor working on the jump tables (e.g. the syscall MSR). There list for arm64 in -next, for example, is short: 429d9a552e81 arm64: ftrace: use function_nocfi for ftrace_call fbcdf27674bc arm64: add __nocfi to __apply_alternatives f2324191e959 arm64: add __nocfi to functions that jump to a physical address c4a384170f17 arm64: use function_nocfi with __pa_symbol 5198a15901d2 psci: use function_nocfi for cpu_resume 8e284f3ebed2 bpf: disable CFI in dispatcher functions -- Kees Cook