Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3355946iob; Mon, 16 May 2022 20:30:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyNaXTg0V0mvP5fJyhAVVUWg3Wjy4/L8vAgSdgdpJZR5fj0iINV8qgL+mKYYggYGoPZaMos X-Received: by 2002:a17:906:2319:b0:6f3:ad55:8fee with SMTP id l25-20020a170906231900b006f3ad558feemr17782023eja.26.1652758254043; Mon, 16 May 2022 20:30:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652758254; cv=none; d=google.com; s=arc-20160816; b=l3y017o3qmGczoHHtooRqCFiNtHdmazPibC1BJ5kqmIuCy0ZelYevaPN5qKe76Wkqh sMHG8sXLFMk9/rdH2NWuHppng6HfSvKe232nhfFQO5GrMsPopChycSaBOd4Vl3/c/4Qo SOdmL3PARlDTP7BCsmcvsJrRQNCmQmVoMX1saCwaGj8WC6tAHOfq1xMARMW/NGPIewxb uyfeGCcHEd7eRLxbK13dp0WQ2M4K38naHkjzeY7rKjOgn0OvvvMwVPsvLMbTYw2gX/Pp Vgak8XcqFmYjW+FWe6BLydWFfSZiXqCwA+Ec46Yl3E01tm4jm9FTmqxPyrqGF7rsO8NK 4KlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=DJ1mj/6AEbnCZ4HPughZpfwPoxjL4U+12a8eW3KN+cU=; b=mhewp1QqXk40vz9sV0S7RvxukASW3i+LiVpQ0709mkOuIDNmn/l3YdmatkzwcUpgNp GadeUWoaMysehsaU8TjuZK1sWQpJ+6M1ldXnNvRTwRNz2aC9fEilvD3Zn+tw5VIoTpok lB36aT/7fHxGBVh8UVGJw7NjAhRA4Abc5RVJQsde1cbFRJ3phYz76CJeLrL51Mz8S/NU 5CxEn3K11btRnRgz+wqWG7Tfk9eiZaBIKsMmjUAWuKe8DOLHoNEFsRSW1/0UgujTZaaz gc5SdTS0ML4KD6aKCeVto7MXBTNV1VihOeo9rNwHrg7vR7sGt1tIikZSx7LAPfagwNp3 QIHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BrUCwqzx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ne21-20020a1709077b9500b006e86bb4999esi1652046ejc.976.2022.05.16.20.30.29; Mon, 16 May 2022 20:30:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BrUCwqzx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343769AbiEPQjl (ORCPT + 99 others); Mon, 16 May 2022 12:39:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236213AbiEPQjj (ORCPT ); Mon, 16 May 2022 12:39:39 -0400 Received: from mail-yw1-x112a.google.com (mail-yw1-x112a.google.com [IPv6:2607:f8b0:4864:20::112a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E75403BA58 for ; Mon, 16 May 2022 09:39:38 -0700 (PDT) Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-2fed823dd32so49674077b3.12 for ; Mon, 16 May 2022 09:39:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DJ1mj/6AEbnCZ4HPughZpfwPoxjL4U+12a8eW3KN+cU=; b=BrUCwqzxN2mNfk/ExieimQ9XkZd769u40ZXKgP3WMEJSnoidxk7l4mgPgX8TQLEUf+ mHoGRcO4qbZrF3SZvjLddv1SFfTTPb/Qdm7F/4Iww+SxqXQBztROLAuEfJN/v/B1VpYQ Ow8ybjFEWj00m3V7QA+mRR5vUigRQPZszrSAj3T8lfAbC2/FCRo96LSLXzVjjdgvWDsV Yfs6cGR6w4Xbfm8W5Mf6h60V4gzbxVxbjBnQXmEnogjmm/VFkWUOQpgtI8/qriceckOr RaOqb/nWuFQtgqtCf0NnQumcR5ga8ZlkjY+sc2wBUohWGR5PrpBBo67IOdsHmRMHYVWj 3kpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DJ1mj/6AEbnCZ4HPughZpfwPoxjL4U+12a8eW3KN+cU=; b=rhamj+ezypJkyyph+MAdeDAs46R42wZkcmqn4jl+8/NlvifEwBf8YenI2zVcLJwHBh 9ZqEG175eo77DGmPCbbsXIq9oEUNlJRvXk5WKN0kIileLtLTEhYu6L1ZH2p8i7JGcPoC 4UuFUQajvvA3JsLMDCYMiNiREPOy2Bt6hynsvCvyQyVB++KuI713yu4rS1lSX6q2LwVx l16lvmSeLgcyysgBPhYnhgFvBHrx13vUgNsRSUyi6db64cyOB7pwj20Fxfyn9p5qMmd9 xVUilSxAHPCLyM2YbbUJ1Rrc4wzlHdm30DoZ6BQYXNbmj4PKVEV4hAAeJrsaWJ4Gkvp7 IvVA== X-Gm-Message-State: AOAM532paQZoC79W0sQA3Eil9FOtFFu82gEj8CHwu9u2/sJ9BiQuJThu XyFC6jbysdt70+vKc1CuVFurxB2Xup/PhZ9KivkJDK5eGuo= X-Received: by 2002:a81:4ecf:0:b0:2fe:d9f2:15b3 with SMTP id c198-20020a814ecf000000b002fed9f215b3mr11033942ywb.305.1652719177966; Mon, 16 May 2022 09:39:37 -0700 (PDT) MIME-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> <20220513202159.1550547-21-samitolvanen@google.com> In-Reply-To: From: Sami Tolvanen Date: Mon, 16 May 2022 09:39:02 -0700 Message-ID: Subject: Re: [RFC PATCH v2 20/21] x86: Add support for CONFIG_CFI_CLANG To: David Laight Cc: "linux-kernel@vger.kernel.org" , Kees Cook , Josh Poimboeuf , Peter Zijlstra , "x86@kernel.org" , Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , "linux-hardening@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "llvm@lists.linux.dev" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 16, 2022 at 1:32 AM David Laight wrote: > > From: Sami Tolvanen > > Sent: 13 May 2022 21:22 > > > > With CONFIG_CFI_CLANG, the compiler injects a type preamble > > immediately before each function and a check to validate the target > > function type before indirect calls: > > > > ; type preamble > > __cfi_function: > > int3 > > int3 > > mov , %eax > > Interesting - since this code can't be executed there is no > point adding an instruction 'prefix' to the 32bit constant. The reason to embed the type into an instruction is to avoid the need to special case objtool's instruction decoder. > > int3 > > int3 > > function: > > ... > > ; indirect call check > > cmpl , -6(%r11) > > je .Ltmp1 > > ud2 > > .Ltmp1: > > call __x86_indirect_thunk_r11 > > > > Define the __CFI_TYPE helper macro for manual type annotations in > > assembly code, add error handling for the CFI ud2 traps, and allow > > CONFIG_CFI_CLANG to be selected on x86_64. > > > ... > > + > > + /* > > + * The compiler generates the following instruction sequence > > + * for indirect call checks: > > + * > > + * cmpl , -6(%reg) ; 7 bytes > > If the is between -128 and 127 then an 8bit constant > (sign extended) might be used. > Possibly the compiler forces the assembler to generate the > long form. > > There could also be a REX prefix. > That will break any code that tries to use %reg. The compiler always generates this specific instruction sequence. > > + * je .Ltmp1 ; 2 bytes > > + * ud2 ; <- addr > > + * .Ltmp1: > > + * > > + * Both the type and the target address can be decoded from the > > + * cmpl instruction. > > + */ > > + if (copy_from_kernel_nofault(buffer, (void *)regs->ip - 9, MAX_INSN_SIZE)) > > + return; > > + if (insn_decode_kernel(&insn, buffer)) > > + return; > > + if (insn.opcode.value != 0x81 || X86_MODRM_REG(insn.modrm.value) != 7) > > + return; > > Since you are looking for a very specific opcode why bother > calling insn_decode_kernel() - just check for the required (masked) > byte values. Because I need to decode both the immediate value and the register from that instruction. > > + > > + *type = insn.immediate.value; > > + > > + offset = insn_get_modrm_rm_off(&insn, regs); > > Given the expected instruction, isn't that -6 ?? No, this is the register offset. > > + if (offset < 0) > > + return; > > + > > + *target = *(unsigned long *)((void *)regs + offset); > > WTF is that calculating?? It's reading the register value from pt_regs. Sami