Received: by 2002:a05:6358:111d:b0:dc:6189:e246 with SMTP id f29csp438555rwi; Wed, 2 Nov 2022 13:47:45 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6qP9OEG9Q3xKRsl47doFsT49oJ5BnPB4DtkOjovaRADmBMmwfKTnHJicFaOErcxCmV5NuS X-Received: by 2002:a17:907:3d90:b0:7ae:e8f:2fb7 with SMTP id he16-20020a1709073d9000b007ae0e8f2fb7mr2207669ejc.524.1667422065118; Wed, 02 Nov 2022 13:47:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667422065; cv=none; d=google.com; s=arc-20160816; b=PWXiuQ+ztV5j2UmpxLuXRPggWodRxxgRkllzuTIFx8+cGpCgO7vknE/94956ik1lz5 MopcPO0RtXBI3cxno9fJXhg5VFkZfo6bMr2fPk7vRz35jjXflDVK5NYsXC91OKy4S52I XUtmbtJav4ObiRCUka8TAkvPBpwefmAQg0wIttjTr3oqshr218gRLGY7Sq2S7iri/7qr yCLPxmUEu/b1Ii850fNhbyh7m4mEYxW9Vdx5P/DAwlRskO5jsOUF153XJn9pKqFXXfln IJ1pjyZTLm70u/W4/KHy35oV6zixcs7JdFxEUpGXyneivkoOaZvT2UpZ9b7rhzQPiNm0 8rDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=sWyBVEM8hwMwiI6KCUrsj8HJZ/3gsNVQIBfGENxD3+U=; b=vT2fAVwKVyb1mjvPwEdnrzPLeDvzO2okHJ5/vHk+RZnExtMjsyFEKXDTiLQjrVxmRt VaG1BMTFaWucj0zOZzkHmhX30sAw5kuVp95si7+hdpjG4amXhNrrI8rKCOyP52rn2WZ9 4dlrNbRy/AEFdcRXuVpyEq46l1AAX56aJMqiZX0UAobHDmJvRAbKaybFzU/hKbYEuI/7 VOoVaybvhZhgeooaNlGAWXbG1HtELXz7PaN5RU4oygxvyFE0Ffpjofd1KqRdHOop1AgW 2DUx7JxgEV3tY6hBhmBSWO09+4m434Rj/BcZQoZwI6eAst8IFvowH4SVzTLLx9IAVAmy rCEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LfjPqEtY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y100-20020a50bb6d000000b00452697eda4csi15059780ede.58.2022.11.02.13.47.21; Wed, 02 Nov 2022 13:47:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LfjPqEtY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230202AbiKBUX6 (ORCPT + 99 others); Wed, 2 Nov 2022 16:23:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229531AbiKBUXz (ORCPT ); Wed, 2 Nov 2022 16:23:55 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F645195; Wed, 2 Nov 2022 13:23:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C988F61BB6; Wed, 2 Nov 2022 20:23:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 31530C433C1; Wed, 2 Nov 2022 20:23:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1667420634; bh=SoPxowNL2wQMY8yb7AJeEyGxnbtrkZim847pUvBQbwE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LfjPqEtYXiCdkBLiD6Mb9K3XA51IVPUzGRUTvms6p8otl6PuFvxWJt1eNfolnsfMh 8dOIiVYrNAvWUbc0eNesbhfxuTxND9PyOfr87g31Ntyy1O1D+CTiL0Ie98zFKhuL6L pQ6P5NPg9O9EYdY94YsL2yXqg36H/b9HAt0cdMS0OgSSvy64YmI0vtfYhObAcu3zvz dNfsvy2LS2sTnLtx58wwVQmNFpMeTJG42JD4GtztqHso9Ufxk1sH8tTONFs9g9eRjR Xm+yRgTchmBGh4Sk8fbw4WKFDXV+G1cCqTlkngWQBtrxjrVSY5vsGgYa9I9w0HKA3v fRU/uLjxEBNqQ== Date: Wed, 2 Nov 2022 13:23:51 -0700 From: Nathan Chancellor To: Kees Cook Cc: William Breathitt Gray , linux-iio@vger.kernel.org, Nick Desaulniers , Tom Rix , Sami Tolvanen , llvm@lists.linux.dev, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Patrick Havelange , Jarkko Nikula , Oleksij Rempel , Pengutronix Kernel Team , Fabrice Gasnier , Vignesh Raghavendra , Julien Panis , David Lechner , linux-arm-kernel@lists.infradead.org, linux-stm32@st-md-mailman.stormreply.com, linux-omap@vger.kernel.org Subject: Re: [PATCH 1/4] counter: Adjust final parameter type in function and signal callbacks Message-ID: References: <20221102172217.2860740-1-nathan@kernel.org> <202211021216.FF49E84C69@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202211021216.FF49E84C69@keescook> X-Spam-Status: No, score=-8.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 02, 2022 at 12:21:23PM -0700, Kees Cook wrote: > On Wed, Nov 02, 2022 at 10:22:14AM -0700, Nathan Chancellor wrote: > > The ->signal_u32_read(), ->count_u32_read(), and ->count_u32_write() > > callbacks in 'struct counter_comp' expect the final parameter to have a > > type of 'u32' or 'u32 *' but the ops functions that are being assigned > > to those callbacks have an enumerated type as the final parameter. While > > these are compatible from an ABI perspective, they will fail the > > aforementioned CFI checks. > > > > Adjust the type of the final parameter in the ->signal_read(), > > ->function_read(), and ->function_write() callbacks in 'struct > > counter_ops' and their implementations to match the prototypes in > > 'struct counter_comp' to clear up these warnings and CFI failures. > > I don't understand these changes. Where do 'struct counter_comp' > and 'struct counter_ops' get confused? I can only find matching > ops/assignments/calls, so I must be missing something. This looks like > a loss of CFI granularity instead of having wrappers added if there is > an enum/u32 conversion needed somewhere. Right, I am not the biggest fan of this change myself and it is entirely possible that I am misreading the warnings from the commit message but I do not see how comp_node.comp.signal_u32_read = counter->ops->signal_read; and comp_node.comp.count_u32_read = counter->ops->function_read; in counter_add_watch(), comp.signal_u32_read = counter->ops->signal_read; in counter_signal_attrs_create(), and comp.count_u32_read = counter->ops->function_read; comp.count_u32_write = counter->ops->function_write; in counter_count_attrs_create() are currently safe under kCFI, since the final parameter type of the prototypes in 'struct counter_ops' does not match the final parameter type of the prototypes in 'struct counter_comp'. I would expect the indirect calls in counter_get_data() and counter_comp_u32_show() to fail currently. I briefly looked at making the 'struct counter_comp' callbacks match the 'struct counter_ops' ones but the COUNTER_COMP macros in include/linux/counter.h made it seem like these callbacks might be used by implementations that might use different enumerated types as the final parameter. I can look a little closer to see if we can make everything match. I am not sure how wrappers would work here, I can take a look into how feasible that is. Cheers, Nathan