Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2586548rdb; Fri, 8 Dec 2023 12:28:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IFrgEO973uKl++8IzfUJv+Nnp77khCHN3ZzSiGOVSfuuGckwUUXJFAl2BYLM69PG7j+qsCd X-Received: by 2002:a17:90b:4d82:b0:286:6cc1:3f03 with SMTP id oj2-20020a17090b4d8200b002866cc13f03mr680370pjb.58.1702067296569; Fri, 08 Dec 2023 12:28:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702067296; cv=none; d=google.com; s=arc-20160816; b=NqWbYspmN373Zk3mibT4f/kXwqVPi/b3haW2NBU7D8jXdXwGfVmzz3Ad/hmTbywHP0 2Z7b5xeGPFFhSpTssVxOidDxx+AfgLHnm7pSyBX1yUxVwaDSmDV90vMPaAJhCNSIqjy/ Hmhme/ePRHT32Ba3Cn3XQ/ZR+OCu3kccwYlYkmev/Iw/IUJIyyO/kT5ZsEp6WyDaJ9VD fwoGDsXVJFjuIQ6erC9Hxkxqv4pzItwOYrr3scx9fMuMlSlQmvfI5W6OUQeoua0jLlXH y898dHoRaHr8bOzTxq6zgViEcYGjMF5jZQwWanzZU5rOjLcegNBVTU4z0ZDnNT+vQAju BO2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=JEaruMuB4Tlqt0BFZFCjzDOPeC0+ZhBXuiC6tNuESkE=; fh=31pHNESfIDSRXSirSss2cSA7Q2Y3tA2WaWyHSS2Dgno=; b=XCR/ILAwUPoON/JJlTHn8gs68toJg7VXXLYEwmHlAzWB2HiS5qR0ulGGkQX5nHgy9k Cd7iG8Nf+4EK2xq+TSRkaV7a7LM3QwDywXs0cpK6HDOht54fSKLw+yH4lPl/hRg9gWSS PF7luFEhANzgOexpwtOc929yWt3kYbBczPop6rLIy4JdHmraP4Wkka2z3jYJEGPztu/t 2DVUPG4am2gnLgfRJRRiBdtQrPGeu0QCVdyeEIWrgY2ckw5nka5z+IWgQBbqvOZWh/Ee +hzqrZ2PkukGz74C8gWDuK05t/Wg7rpbIMMJcxQ/8epHmfKYT99FxZsG+HbMYYJbje5s IhIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=oz3bCKHb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id h18-20020a17090acf1200b0028a3551919dsi1365914pju.52.2023.12.08.12.28.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Dec 2023 12:28:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=oz3bCKHb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 4199A80F648F; Fri, 8 Dec 2023 12:28:14 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230309AbjLHU2C (ORCPT + 99 others); Fri, 8 Dec 2023 15:28:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37370 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229572AbjLHU2B (ORCPT ); Fri, 8 Dec 2023 15:28:01 -0500 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 725F110DA; Fri, 8 Dec 2023 12:28:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=JEaruMuB4Tlqt0BFZFCjzDOPeC0+ZhBXuiC6tNuESkE=; b=oz3bCKHbBr+1i7AwlkU2bW8Cqa fholQKO6Zp3YpCPRXSWI5rxDyivDmwxbDxZBBDM2Ssv89zNbOFqaWoxUsLTzzOAnNUgyvJ4g4USwF eG+movaebo/2MUs/btQCZ2t/mvdVUv6L7vmw4/fSiDopqEA+7Frtmtsnjlaa2orWePsxhlpt73OLE elw/iRqBA0vjTIbd3gZIWPVL2BQTI8M3iA1KA7pJQIA2V17zdx3Y/BEG41NFkgHe6O622279bc1h6 8DrPXnGmpn+YHXoYZtSJoiHBNcAr+At1J1GbouwOpW7CY3gCF3VAvkm+ERrBWLaTXxrto7kX4kVqM XnUF7hpQ==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1rBhRb-006Vhh-O8; Fri, 08 Dec 2023 20:27:31 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 1000) id 5B7EB3003F0; Fri, 8 Dec 2023 21:27:31 +0100 (CET) Date: Fri, 8 Dec 2023 21:27:31 +0100 From: Peter Zijlstra To: Alexei Starovoitov Cc: Jiri Olsa , Song Liu , Song Liu , Paul Walmsley , Palmer Dabbelt , Albert Ou , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , X86 ML , "H. Peter Anvin" , "David S. Miller" , David Ahern , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Arnd Bergmann , Sami Tolvanen , Kees Cook , Nathan Chancellor , Nick Desaulniers , linux-riscv , LKML , Network Development , bpf , linux-arch , clang-built-linux , Josh Poimboeuf , Joao Moreira , Mark Rutland Subject: Re: [PATCH v2 2/2] x86/cfi,bpf: Fix BPF JIT call Message-ID: <20231208202731.GF36716@noisy.programming.kicks-ass.net> References: <20231206163814.GB36423@noisy.programming.kicks-ass.net> <20231206183713.GA35897@noisy.programming.kicks-ass.net> <20231207093105.GA28727@noisy.programming.kicks-ass.net> <20231208102940.GB28727@noisy.programming.kicks-ass.net> <20231208134041.GD28727@noisy.programming.kicks-ass.net> <20231208172152.GD36716@noisy.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 08 Dec 2023 12:28:14 -0800 (PST) On Fri, Dec 08, 2023 at 11:40:27AM -0800, Alexei Starovoitov wrote: > What is "sealing" by objtool? Ah, LTO like pass that tries to determine if a function ever gets it's address taken. The basic problem is that the compiler (barring its own LTO pass) must emit CFI for every non-local symbol in a translation unit. This means that a ton of functions will have CFI on, even if they're never indirectly called. So objtool collects all functions that have CFI but do not get their address taken, and sticks their address in a .discard section, then at boot time we iterate this section and scribble the CFI state for all these functions, making them invalid to be called indirectly. For one this avoids malicious code from finding a function address in the symbol table and indirectly calling it anyway as a means to circumvent the EXPORT symbols. So objtool does not think bpf_cgroup_release() gets its address taken, specifically it does not find it's address in a section it knows about. And hence it goes on the list and we scribble it and the indirect call goes *boom*.