Re: [RFC PATCH v2 20/21] x86: Add support for CONFIG_CFI_CLANG
From: Kees Cook
Date: Sat May 14 2022 - 23:20:02 EST
On Fri, May 13, 2022 at 01:21:58PM -0700, Sami Tolvanen wrote:
> With CONFIG_CFI_CLANG, the compiler injects a type preamble
> immediately before each function and a check to validate the target
> function type before indirect calls:
>
> ; type preamble
> __cfi_function:
> int3
> int3
> mov <id>, %eax
> int3
> int3
> function:
> ...
> ; indirect call check
> cmpl <id>, -6(%r11)
> je .Ltmp1
> ud2
> .Ltmp1:
> call __x86_indirect_thunk_r11
>
> Define the __CFI_TYPE helper macro for manual type annotations in
> assembly code, add error handling for the CFI ud2 traps, and allow
> CONFIG_CFI_CLANG to be selected on x86_64.
>
> Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>
Looks good testing with LKDTM...
$ echo CFI_FORWARD_PROTO | cat >/sys/kernel/debug/provoke-crash/DIRECT
[ 144.084017] lkdtm: Performing direct entry CFI_FORWARD_PROTO
[ 144.086138] lkdtm: Calling matched prototype ...
[ 144.087833] lkdtm: Calling mismatched prototype ...
[ 144.089777] CFI failure at lkdtm_CFI_FORWARD_PROTO+0x34/0x67 [lkdtm] (target: lkdtm_increment_int+0x0/0x7 [lkdtm]; expected type: 0x7e0c52a5)
Tested-by: Kees Cook <keescook@xxxxxxxxxxxx>
--
Kees Cook