mirror of
https://github.com/Fishwaldo/linux-bl808.git
synced 2025-06-17 20:25:19 +00:00
cfi: add __cficanonical
With CONFIG_CFI_CLANG, the compiler replaces a function address taken in C code with the address of a local jump table entry, which passes runtime indirect call checks. However, the compiler won't replace addresses taken in assembly code, which will result in a CFI failure if we later jump to such an address in instrumented C code. The code generated for the non-canonical jump table looks this: <noncanonical.cfi_jt>: /* In C, &noncanonical points here */ jmp noncanonical ... <noncanonical>: /* function body */ ... This change adds the __cficanonical attribute, which tells the compiler to use a canonical jump table for the function instead. This means the compiler will rename the actual function to <function>.cfi and points the original symbol to the jump table entry instead: <canonical>: /* jump table entry */ jmp canonical.cfi ... <canonical.cfi>: /* function body */ ... As a result, the address taken in assembly, or other non-instrumented code always points to the jump table and therefore, can be used for indirect calls in instrumented code without tripping CFI checks. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Bjorn Helgaas <bhelgaas@google.com> # pci.h Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210408182843.1754385-3-samitolvanen@google.com
This commit is contained in:
Sami Tolvanen
Kees Cook
parent
cf68fffb66
commit
ff301ceb52
4 changed files with 9 additions and 4 deletions
|
|
@ -63,3 +63,4 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define __nocfi __attribute__((__no_sanitize__("cfi")))
|
#define __nocfi __attribute__((__no_sanitize__("cfi")))
|
||||||
|
#define __cficanonical __attribute__((__cfi_canonical_jump_table__))
|
||||||
|
|
|
||||||
|
|
@ -246,6 +246,10 @@ struct ftrace_likely_data {
|
||||||
# define __nocfi
|
# define __nocfi
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef __cficanonical
|
||||||
|
# define __cficanonical
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef asm_volatile_goto
|
#ifndef asm_volatile_goto
|
||||||
#define asm_volatile_goto(x...) asm goto(x)
|
#define asm_volatile_goto(x...) asm goto(x)
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -220,8 +220,8 @@ extern bool initcall_debug;
|
||||||
__initcall_name(initstub, __iid, id)
|
__initcall_name(initstub, __iid, id)
|
||||||
|
|
||||||
#define __define_initcall_stub(__stub, fn) \
|
#define __define_initcall_stub(__stub, fn) \
|
||||||
int __init __stub(void); \
|
int __init __cficanonical __stub(void); \
|
||||||
int __init __stub(void) \
|
int __init __cficanonical __stub(void) \
|
||||||
{ \
|
{ \
|
||||||
return fn(); \
|
return fn(); \
|
||||||
} \
|
} \
|
||||||
|
|
|
||||||
|
|
@ -1944,8 +1944,8 @@ enum pci_fixup_pass {
|
||||||
#ifdef CONFIG_LTO_CLANG
|
#ifdef CONFIG_LTO_CLANG
|
||||||
#define __DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \
|
#define __DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \
|
||||||
class_shift, hook, stub) \
|
class_shift, hook, stub) \
|
||||||
void stub(struct pci_dev *dev); \
|
void __cficanonical stub(struct pci_dev *dev); \
|
||||||
void stub(struct pci_dev *dev) \
|
void __cficanonical stub(struct pci_dev *dev) \
|
||||||
{ \
|
{ \
|
||||||
hook(dev); \
|
hook(dev); \
|
||||||
} \
|
} \
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue