Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3326598iob; Mon, 16 May 2022 19:30:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyMQ/PyX8P4zTGwOwov8jl387BWun5EoUUunV76ZXNPNvcq8NsSmEj7yHTdwkSulInYswFX X-Received: by 2002:a17:907:9482:b0:6f5:171d:f7f5 with SMTP id dm2-20020a170907948200b006f5171df7f5mr17871360ejc.68.1652754638172; Mon, 16 May 2022 19:30:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652754638; cv=none; d=google.com; s=arc-20160816; b=In88xwnZ7U/iFVB32ADP58SnJ5VaUwJImus/VoqsP1YZUE4jr3Nn/9EfocFqBmpjSt vev45LYOd2n61M9+L8pEB9fAK7AgOO2dRuROBRNHysb2TEvXphiM15a9Uu0F+R0XVTw4 Hl51kfwv6p2KL2aohH9SLu9x8OlAfN8MgLbURJB7Bw8wkraKq4YwoF+Tw2VrMITnVi34 KBovWxL8F1K3ZOmPjiziMDyPNTeSJIUYiGmQnEmBjHlsmSH9URO1Y76bKqmPkUqQNl+5 cVm1Sf/E0+eW29JTkkXORFYClLz4ZOJNUyaLRCzduHSMQ2CgnX4SFvK/RUl7ULiKFkZO 2eiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=l7Fo0NeV7YueiEmkqNM4ZujNOBF0kyGi5nhK9D38CaE=; b=pZM5NMj0SJFNBZ8ocnYOTBZI0UmpCXgDE4xHHPEOGs5w46uR2ZCgGL4Depu+NBdZEV cJNoD7XcqjKOi0Evrg7H44ILh//CtQ20pOcHEgj+wl19n00w9QA2qNGxYoZO1fI/Nw3E kzl6q6q7o5wJ1NVk34BVIiqX55B8BWjgv6+Ir56HWdelcYIPdu0iEzgdvsGKkPnCti1s tLWoIbWnXwIoKddfkujg7GvZdcAiaUDGpho33NGnoZUapUYyAjAncd69vk6fi588+AZd ok8nG6/CEi38m+aZHoEi1cod+F0aDjucxNagTpxk4WkG2cr0aXbRBd9J3HJB1HfLIQPY QduQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=iiwL2Jqv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qx9-20020a170906fcc900b006e893bdaefesi867069ejb.884.2022.05.16.19.30.12; Mon, 16 May 2022 19:30:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=iiwL2Jqv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242028AbiEPM23 (ORCPT + 99 others); Mon, 16 May 2022 08:28:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241824AbiEPM21 (ORCPT ); Mon, 16 May 2022 08:28:27 -0400 Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54FFA2F389 for ; Mon, 16 May 2022 05:28:26 -0700 (PDT) Received: by mail-lf1-x131.google.com with SMTP id t25so25472892lfg.7 for ; Mon, 16 May 2022 05:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=l7Fo0NeV7YueiEmkqNM4ZujNOBF0kyGi5nhK9D38CaE=; b=iiwL2Jqvlxyr2hAuSFDNP8tiNHrlQxAX6X5eXc/cmjVuAYKf/iJzMy3/a+Qcm5JmQL ANO+Qp7/aXRFbYOyyTTLldnKd18zxolxl4isMaGC4vJQu/+9sbuJytY3Ypx90mj8zQC4 tzNBayxdsgod0IQH/BUq/qfbBMJ0FzLwTtHS4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=l7Fo0NeV7YueiEmkqNM4ZujNOBF0kyGi5nhK9D38CaE=; b=DjeuEKhTkzU/Hgjl887T6nKTj9ol2c6a/n90SGmF5D+sVWJW1xIjtRf6VFu4GZCOBE 88Z9bCEbYBVxLINWOTu81VcBr4vyl7RTcVUcWGhMwNix13qg1NWGJWDXJIFYbLI9FzQG WZoguyeDYm/eYdfLRo1gdOl9pizR7Qrf41RNXpbMe777qpMBvyHXgDLjXFEVVeKvb6Pq uCdKyx7SwVS1eWstpN2RA8XE61Nii4OQswUsG4YGTdm8ceYrK5c/OHwhehWV+jd6frHr UdNVzDitXgGtIX+z+pOfWys2kxx5i7GWuEyS28xdlgQ3+mc517fSudVXgU4hvwC5TJ48 60GA== X-Gm-Message-State: AOAM531HkQ3iLEnr3njcrUeeA0r9mnWotXzha8S6jbDrU7ZN3RyWiZv7 +x82x2it61BmfQlLq7eYSqGKhg== X-Received: by 2002:a05:6512:2391:b0:473:ac1e:f2ce with SMTP id c17-20020a056512239100b00473ac1ef2cemr12881841lfv.297.1652704104659; Mon, 16 May 2022 05:28:24 -0700 (PDT) Received: from [172.16.11.74] ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id 27-20020ac25f5b000000b0047255d210desm1296280lfz.13.2022.05.16.05.28.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 May 2022 05:28:24 -0700 (PDT) Message-ID: <9bd2db3e-2955-66ba-574e-7976bdd95a8e@rasmusvillemoes.dk> Date: Mon, 16 May 2022 14:28:22 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [RFC PATCH v2 07/21] cfi: Add type helper macros Content-Language: en-US To: Kees Cook , Sami Tolvanen Cc: linux-kernel@vger.kernel.org, Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev References: <20220513202159.1550547-1-samitolvanen@google.com> <20220513202159.1550547-8-samitolvanen@google.com> <202205141447.E3B5A29@keescook> From: Rasmus Villemoes In-Reply-To: <202205141447.E3B5A29@keescook> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14/05/2022 23.49, Kees Cook wrote: > On Fri, May 13, 2022 at 01:21:45PM -0700, Sami Tolvanen wrote: >> With CONFIG_CFI_CLANG, assembly functions called indirectly >> from C code must be annotated with type identifiers to pass CFI >> checking. The compiler emits a __kcfi_typeid_ symbol for >> each address-taken function declaration in C, which contains the >> expected type identifier. Add typed versions of SYM_FUNC_START and >> SYM_FUNC_START_ALIAS, which emit the type identifier before the >> function. >> >> Signed-off-by: Sami Tolvanen > > And the reason to not make this change universally (i.e. directly in > SYM_FUNC_START) is to minimize how many of these symbol annotations get > emitted? (And to more directly indicate which asm is called indirectly?) > > What happens if an asm function is called indirectly and it doesn't have > this annotation? Presumably that's a fail. I'm also interested in how this works at the asm/linker level. I assume that the .o file generated from the asm input has __kcfi_typeid_ as an undefined symbol; the compiler emits that symbol as an absolute one upon taking the address of , and the linker then has the info it needs to patch things up. But what then happens if we have some function implemented in assembly which for whatever .config reason never has its address taken in any .c translation unit that gets linked in? Does the __kcfi_typeid_ symbol silently resolve to 0, or does the link fail? I can't really imagine the compiler emitting __kcfi_typeid_ symbols for each and every function it sees merely declared in some header. Two different .c files both taking the address of should of course emit the same value for __kcfi_typeid_. Is there any sanity check anywhere that that's actually the case? Can we please have some objdump/readelf output from some .o files involved here? Rasmus