Re: [PATCH 03/17] mm: add generic __va_function and __pa_function macros

[PATCH 00/17] Add support for Clang CFI · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
[PATCH 02/17] cfi: add __cficanonical · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 02/17] cfi: add __cficanonical · Kees Cook <hidden> · 2021-03-12
Re: [PATCH 02/17] cfi: add __cficanonical · Bjorn Helgaas <helgaas@kernel.org> · 2021-03-12
[PATCH 01/17] add support for Clang CFI · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 01/17] add support for Clang CFI · Kees Cook <hidden> · 2021-03-12
[PATCH 03/17] mm: add generic __va_function and __pa_function macros · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 03/17] mm: add generic __va_function and __pa_function macros · Kees Cook <hidden> · 2021-03-12
[PATCH 04/17] module: cfi: ensure __cfi_check alignment · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 04/17] module: cfi: ensure __cfi_check alignment · Kees Cook <hidden> · 2021-03-12
Re: [PATCH 04/17] module: cfi: ensure __cfi_check alignment · Sami Tolvanen <samitolvanen@google.com> · 2021-03-16
[PATCH 05/17] workqueue: cfi: disable callback pointer check with modules · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 05/17] workqueue: cfi: disable callback pointer check with modules · Kees Cook <hidden> · 2021-03-12
[PATCH 07/17] kallsyms: cfi: strip hashes from static functions · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 07/17] kallsyms: cfi: strip hashes from static functions · Kees Cook <hidden> · 2021-03-12
Re: [PATCH 07/17] kallsyms: cfi: strip hashes from static functions · Sami Tolvanen <samitolvanen@google.com> · 2021-03-16
[PATCH 08/17] bpf: disable CFI in dispatcher functions · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 08/17] bpf: disable CFI in dispatcher functions · Kees Cook <hidden> · 2021-03-12
[PATCH 09/17] lib/list_sort: fix function type mismatches · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 09/17] lib/list_sort: fix function type mismatches · Kees Cook <hidden> · 2021-03-12
[PATCH 06/17] kthread: cfi: disable callback pointer check with modules · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 06/17] kthread: cfi: disable callback pointer check with modules · Kees Cook <hidden> · 2021-03-12
Re: [PATCH 06/17] kthread: cfi: disable callback pointer check with modules · Christoph Hellwig <hch@infradead.org> · 2021-03-12
Re: [PATCH 06/17] kthread: cfi: disable callback pointer check with modules · Sami Tolvanen <samitolvanen@google.com> · 2021-03-17
[PATCH 11/17] psci: use __pa_function for cpu_resume · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 11/17] psci: use __pa_function for cpu_resume · Kees Cook <hidden> · 2021-03-12
[PATCH 10/17] lkdtm: use __va_function · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 10/17] lkdtm: use __va_function · Kees Cook <hidden> · 2021-03-12
[PATCH 12/17] arm64: implement __va_function · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 12/17] arm64: implement __va_function · Kees Cook <hidden> · 2021-03-12
[PATCH 13/17] arm64: use __pa_function · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 13/17] arm64: use __pa_function · Kees Cook <hidden> · 2021-03-12
[PATCH 14/17] arm64: add __nocfi to functions that jump to a physical address · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 14/17] arm64: add __nocfi to functions that jump to a physical address · Kees Cook <hidden> · 2021-03-12
[PATCH 15/17] arm64: add __nocfi to __apply_alternatives · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 15/17] arm64: add __nocfi to __apply_alternatives · Kees Cook <hidden> · 2021-03-12
[PATCH 16/17] KVM: arm64: Disable CFI for nVHE · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 16/17] KVM: arm64: Disable CFI for nVHE · Kees Cook <hidden> · 2021-03-12
[PATCH 17/17] arm64: allow CONFIG_CFI_CLANG to be selected · Sami Tolvanen <samitolvanen@google.com> · 2021-03-12
Re: [PATCH 17/17] arm64: allow CONFIG_CFI_CLANG to be selected · Kees Cook <hidden> · 2021-03-12
Re: [PATCH 17/17] arm64: allow CONFIG_CFI_CLANG to be selected · Sami Tolvanen <samitolvanen@google.com> · 2021-03-16
Re: [PATCH 17/17] arm64: allow CONFIG_CFI_CLANG to be selected · Kees Cook <hidden> · 2021-03-16

From: Kees Cook <hidden>
Date: 2021-03-12 02:41:15
Also in: bpf, linux-arm-kernel, linux-hardening, linux-kbuild, linux-pci, lkml

On Thu, Mar 11, 2021 at 04:49:05PM -0800, Sami Tolvanen wrote:

With CONFIG_CFI_CLANG, the compiler replaces function addresses
in instrumented C code with jump table addresses. This means that
__pa_symbol(function) returns the physical address of the jump table
entry instead of the actual function, which may not work as the jump
table code will immediately jump to a virtual address that may not be
mapped.

To avoid this address space confusion, this change adds generic
definitions for __va_function and __pa_function, which architectures
that support CFI can override. The typical implementation of the
__va_function macro would use inline assembly to take the function
address, which avoids compiler instrumentation.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

Reviewed-by: Kees Cook <redacted>

-- 
Kees Cook

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help