Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1947012iob;
        Sun, 15 May 2022 03:35:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxWSHkVH3cOJNL6nP+Lz0nXh/+Z0cRk0vDGbGEn3jkRZcYk1YWmHYECaCKBo5T9xKE6UaJm
X-Received: by 2002:a05:600c:a01:b0:395:c416:d82d with SMTP id z1-20020a05600c0a0100b00395c416d82dmr14503872wmp.88.1652610903877;
        Sun, 15 May 2022 03:35:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652610903; cv=none;
        d=google.com; s=arc-20160816;
        b=wS/j0mB2hHt5Dw3UmAkjjpZBE1HU3OY3T+UF5XwRizu6RnD95fJijHysgER8+JClb+
         RSRlLAvMsDlOrn++hRh845GG/WlvH8g/gmQnFFA09QBrKkb9TjXw24mEAUCEZLNOkzBP
         KF2dL7bgYg7eIzYmIWQl52fmoylK+yd08gAFUBtVL0azW3a3EYMG/qClhgISGXxdbfvQ
         6ZN07ewUxrNV+Qjw4wAVUEnSqs/Pq1qucFv0pFBRQlaIT1EVSoSuZTTpAXh0+25ZDrU5
         oABXtpPJXR+qzBgXaAJXL6X402dcA7OxSvTsQ37rbZWefz92lGromy6Vyzk8TJtF9Mo/
         nLNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=s6gyFIzNx3uPs0E9QTdHeabUUHOLCiS5BRmtEkTrJ0M=;
        b=rOzSoUpYaZgKF4YlDpWUjy8xxolqtaneLq7tEfumpDJz0PA2pfUu7h9ZhBZYMHYAlq
         GiussFJ4aUwpwUmIfGbSToRIzCZ1YKZc+Zj5L/+o1hN9/pancGFnWt9FNiG7FR5RU6BA
         F1pghnTXvN8DiVolehoxz0C9K3jmLFnTqHeLwpbrNjPcae87YMa2RQNYtw705qjHfmZA
         XyOgn3XLumlu2kaf27cv0lF6quPHtVBZyOGRNH84PwhJ8DtDx4PRvGX8gE6j03H2UQUO
         ad6tUUTqNx4QKSxPPb1QIF2HsgWRzLHx/+oVq77qu1L9Co2fiHWFAYL40Tt3eEqM//RI
         2BSg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=c7bt5Yyi;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id e18-20020a5d5312000000b0020d03d23bfasi2031575wrv.299.2022.05.15.03.34.36;
        Sun, 15 May 2022 03:35:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=c7bt5Yyi;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235340AbiENVtk (ORCPT <rfc822;yangyccccc@gmail.com> + 99 others);
        Sat, 14 May 2022 17:49:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55998 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229730AbiENVti (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 14 May 2022 17:49:38 -0400
Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33D8A12D1B
        for <linux-kernel@vger.kernel.org>; Sat, 14 May 2022 14:49:38 -0700 (PDT)
Received: by mail-pf1-x42c.google.com with SMTP id v11so10735785pff.6
        for <linux-kernel@vger.kernel.org>; Sat, 14 May 2022 14:49:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=s6gyFIzNx3uPs0E9QTdHeabUUHOLCiS5BRmtEkTrJ0M=;
        b=c7bt5Yyim6jXKVU+nad9I6JP2/SU4szhm6beG8K9aijDODZgSy0Agoa/TRIPhM8F1M
         rmYwZd8/LYOr0N85MfiL1hP82YXqGevzNXXADwKiS+C2Z1EidmmFYt0rEWxDNpDTeDfz
         isXaa8uHnFoI1HAe6xmc8AxSjWofOHnUnKFTc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=s6gyFIzNx3uPs0E9QTdHeabUUHOLCiS5BRmtEkTrJ0M=;
        b=LsmCzvYThvEXslbayW0Pj9+FVMg2uHs05k6WeKDdL92rm5CmyZpv1YjvJ6f1OJeaka
         tqFuY2mgSIIlw/zKASxkhXn+5D/Pb6wljVDDYM61TI0debmLjZ2XrD99fvcLja+wCogm
         Uu21g/qvzGHnEDH4cAECSNfS+kPbUoTsQfHXJXIQIx3tUQSIatdyvZnYZhDhzuyoKFQ8
         gzV7NL5yZ7j4mdVFicuaWhSJnkkLXgnsMec5VW4jqRNgX7iliMCg797xsgdZPjh2Rv0T
         YPA8RndDLMY6yhfy5YHTjSY25/5EIBBkayq4ZKiYmaRnPg5UV5orL83B+yWV9QBYr12X
         p5MA==
X-Gm-Message-State: AOAM532OeVB/eH/gdBFak222bpIKFdxA2pCaucqY7nWeZGVkHVQol/82
        i28It/TIIp+63TPX9nOd07T3NA==
X-Received: by 2002:a65:4ccd:0:b0:3c2:428d:d13b with SMTP id n13-20020a654ccd000000b003c2428dd13bmr9330640pgt.425.1652564977729;
        Sat, 14 May 2022 14:49:37 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id f1-20020a170902ff0100b0015e8d4eb26asm4114685plj.180.2022.05.14.14.49.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 14 May 2022 14:49:37 -0700 (PDT)
Date:   Sat, 14 May 2022 14:49:36 -0700
From:   Kees Cook <keescook@chromium.org>
To:     Sami Tolvanen <samitolvanen@google.com>
Cc:     linux-kernel@vger.kernel.org, Josh Poimboeuf <jpoimboe@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>, x86@kernel.org,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        Mark Rutland <mark.rutland@arm.com>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Joao Moreira <joao@overdrivepizza.com>,
        Sedat Dilek <sedat.dilek@gmail.com>,
        Steven Rostedt <rostedt@goodmis.org>,
        linux-hardening@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev
Subject: Re: [RFC PATCH v2 07/21] cfi: Add type helper macros
Message-ID: <202205141447.E3B5A29@keescook>
References: <20220513202159.1550547-1-samitolvanen@google.com>
 <20220513202159.1550547-8-samitolvanen@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220513202159.1550547-8-samitolvanen@google.com>
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, May 13, 2022 at 01:21:45PM -0700, Sami Tolvanen wrote:
> With CONFIG_CFI_CLANG, assembly functions called indirectly
> from C code must be annotated with type identifiers to pass CFI
> checking. The compiler emits a __kcfi_typeid_<function> symbol for
> each address-taken function declaration in C, which contains the
> expected type identifier. Add typed versions of SYM_FUNC_START and
> SYM_FUNC_START_ALIAS, which emit the type identifier before the
> function.
> 
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

And the reason to not make this change universally (i.e. directly in
SYM_FUNC_START) is to minimize how many of these symbol annotations get
emitted? (And to more directly indicate which asm is called indirectly?)

What happens if an asm function is called indirectly and it doesn't have
this annotation? (Is this case detectable at compile-time?)

Regardless:

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook