Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2338536pxb; Sun, 31 Oct 2021 13:24:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUmq9uDJxsL9wayrXMT6o0eIrgaKY42pQDrjUoeKVPdvUoENdYii28c52nTE8c/BDRSyWc X-Received: by 2002:a17:907:3e92:: with SMTP id hs18mr31012908ejc.433.1635711860537; Sun, 31 Oct 2021 13:24:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635711860; cv=none; d=google.com; s=arc-20160816; b=Y8x4mejdPUyJMZj7KtTDKWxjtbmzr8wPBQE+tHQI6l1y2QCMrkmdTIlSInr0Y1Zd+k aRuOi/YxkUxufKLjAM3MTmj7CKfqfmBcmF2U17DEQkPdk2tLSicE1WVZ6vBYv9kkFAss Jshe48XxASsS7RSlo/y3qmTt9/GooYhF0unYyS3JIrnSTO2GTBFbzpq9fHi9KRKlc9FS G3xZN3nCG/LET0AJbs4wEjtGTSugtQRas1d+qBni4M7AsOiBCccxbZP3ycOamiv2WF5w 8rxIHmrlPBbDVhRn+fD9q1/wrEQ3SYIN71svLAdW3TUGsTzJfSmT5mlJL26LtfNyat2E i6mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=OV4mLA2HfSFKTFr/ywK4hMqZCwkktb6AU5o1Z5CXfPU=; b=wxTQAh4Mt/rGAkcQndf+APpycacan4aKDJCSEPkSGx/DIXQmr7xv6UJ9rx7D3li8v2 zH7yYrIJIyo+UqRoG1HRpsxnx60fPiWDtli2PjUusKRN6T+AxumLUToyBri0dHrzz3DM E53JDhIUCq3/peYEQgUxHrDzBHZJ/P1MSPprOefSA8YwZWz6DRPZ69RmEjOtiPz3hJ9h JFcOJMMFtfcG+wbLfwaXWx9zH0cEq2mqqx4kpQzTNgC8pXPavIgcZy2E/dPKopcLBFc3 6ma/3rPlDuw5b9GYP/YIGgCKNIx3VNbMk9D3akMVXjGFyoNg5w9jJX5XfMDMRIZB+9dI uIkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=k7J966P1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hk18si16851170ejb.238.2021.10.31.13.23.53; Sun, 31 Oct 2021 13:24:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=k7J966P1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230125AbhJaUYl (ORCPT + 99 others); Sun, 31 Oct 2021 16:24:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:52110 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229982AbhJaUYk (ORCPT ); Sun, 31 Oct 2021 16:24:40 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 68E2B60527; Sun, 31 Oct 2021 20:22:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1635711728; bh=OV4mLA2HfSFKTFr/ywK4hMqZCwkktb6AU5o1Z5CXfPU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=k7J966P1qoVmo8mQ/jwihh8G+KQ0VcIE9PU7aAqP/OUUr3FD11feERUPT4jjSOwUT aojSFEPeGTBLJJR7AFFV8D2XVs1urWBlBA9PBd7la+RskrJlGIyc6d9Ijj1Vi+2MBm bHf15ugE6Vn4fguVv2boeGMvpULZR6BTD5/S1p3nB47SbOYWYPW7VZ9+qlAhIjAzXh NJsAZhiAPxXcErahYQrnxi7aIPOLIP4tKYkbBYGfu4e/Yldp6BYwtdJrCD2m/W7cBo baTTptHhvzg83zWTmLSlnGdbBEHJmY/Bc1ocGq+oydFKqX3W0dY8ETLZlzd+Notqwd wmsolstlN5V3Q== Received: by mail-oi1-f176.google.com with SMTP id n11so13972355oig.6; Sun, 31 Oct 2021 13:22:08 -0700 (PDT) X-Gm-Message-State: AOAM530iCXODujUhl1DUhghU5S3fQRzSvkRQSJ2c3fQdxPKLLNAdy+h0 3X1Ypkf32uieaf/qN0zfSOiMoHSw6xBa+SYLoA4= X-Received: by 2002:a05:6808:20a6:: with SMTP id s38mr2002205oiw.47.1635711727713; Sun, 31 Oct 2021 13:22:07 -0700 (PDT) MIME-Version: 1.0 References: <20211029200324.GR174703@worktop.programming.kicks-ass.net> <20211030074758.GT174703@worktop.programming.kicks-ass.net> <20211030180249.GU174703@worktop.programming.kicks-ass.net> <20211031163920.GV174703@worktop.programming.kicks-ass.net> In-Reply-To: From: Ard Biesheuvel Date: Sun, 31 Oct 2021 21:21:56 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] static_call,x86: Robustify trampoline patching To: Peter Zijlstra Cc: Sami Tolvanen , Mark Rutland , X86 ML , Kees Cook , Josh Poimboeuf , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, Linux Kernel Mailing List , llvm@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 31 Oct 2021 at 21:11, Peter Zijlstra wrote: > > On Sun, Oct 31, 2021 at 05:44:04PM +0100, Ard Biesheuvel wrote: > > > > Is is also a terriblly gross hack. I really want the clang-cfi stuff to > > > improve, not add layers of hacks on top of it. > > > > I'm just as annoyed as you are about the apparent need for this. > > However, emitting an alias at build time is far better IMHO than > > adding a magic byte sequence and having to check it at runtime. > > Oh, I'm keeping that magic sequence :-) That's hardening in general, and > I don't want to ever want to debug a wrong poke like that again. > > Adding an extra label fixes this thing, but there's still the other > cases where we need/want/desire a *real* function pointer. > > I'm very close to saying that anything that mucks up function pointers > like this is a complete non-starter. Let's start re-start this whole CFI > endeavour from the start. Well, CFI is already in mainline for arm64, whereas static call support is not. So we have to deal with it one way or the other. So for the static call targets, I agree that we want to support any expression that produces a function pointer, but that part is not actually broken, it is just sub-optimal iff you are using CFI Clang. For taking the address of the trampoline, I think the solutions we have are sufficient (although I am not inclined to add the magic sig to arm64 if the label is sufficient). That means we can support static calls on arm64 now without breaking Clang CFI, and work on a solution for the redundant jumps on a more relaxed schedule.