Commit 92efda8e authored by Sami Tolvanen's avatar Sami Tolvanen Committed by Kees Cook

cfi: Drop __CFI_ADDRESSABLE

The __CFI_ADDRESSABLE macro is used for init_module and cleanup_module
to ensure we have the address of the CFI jump table, and with
CONFIG_X86_KERNEL_IBT to ensure LTO won't optimize away the symbols.
As __CFI_ADDRESSABLE is no longer necessary with -fsanitize=kcfi, add
a more flexible version of the __ADDRESSABLE macro and always ensure
these symbols won't be dropped.
Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarNathan Chancellor <nathan@kernel.org>
Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-5-samitolvanen@google.com
parent 9fca7115
...@@ -13,26 +13,6 @@ typedef void (*cfi_check_fn)(uint64_t id, void *ptr, void *diag); ...@@ -13,26 +13,6 @@ typedef void (*cfi_check_fn)(uint64_t id, void *ptr, void *diag);
/* Compiler-generated function in each module, and the kernel */ /* Compiler-generated function in each module, and the kernel */
extern void __cfi_check(uint64_t id, void *ptr, void *diag); extern void __cfi_check(uint64_t id, void *ptr, void *diag);
/*
* Force the compiler to generate a CFI jump table entry for a function
* and store the jump table address to __cfi_jt_<function>.
*/
#define __CFI_ADDRESSABLE(fn, __attr) \
const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn
#else /* !CONFIG_CFI_CLANG */
#ifdef CONFIG_X86_KERNEL_IBT
#define __CFI_ADDRESSABLE(fn, __attr) \
const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn
#endif /* CONFIG_X86_KERNEL_IBT */
#endif /* CONFIG_CFI_CLANG */ #endif /* CONFIG_CFI_CLANG */
#ifndef __CFI_ADDRESSABLE
#define __CFI_ADDRESSABLE(fn, __attr)
#endif
#endif /* _LINUX_CFI_H */ #endif /* _LINUX_CFI_H */
...@@ -221,9 +221,11 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, ...@@ -221,9 +221,11 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
* otherwise, or eliminated entirely due to lack of references that are * otherwise, or eliminated entirely due to lack of references that are
* visible to the compiler. * visible to the compiler.
*/ */
#define __ADDRESSABLE(sym) \ #define ___ADDRESSABLE(sym, __attrs) \
static void * __section(".discard.addressable") __used \ static void * __used __attrs \
__UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)&sym; __UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)&sym;
#define __ADDRESSABLE(sym) \
___ADDRESSABLE(sym, __section(".discard.addressable"))
/** /**
* offset_to_ptr - convert a relative memory offset to an absolute pointer * offset_to_ptr - convert a relative memory offset to an absolute pointer
......
...@@ -132,7 +132,7 @@ extern void cleanup_module(void); ...@@ -132,7 +132,7 @@ extern void cleanup_module(void);
{ return initfn; } \ { return initfn; } \
int init_module(void) __copy(initfn) \ int init_module(void) __copy(initfn) \
__attribute__((alias(#initfn))); \ __attribute__((alias(#initfn))); \
__CFI_ADDRESSABLE(init_module, __initdata); ___ADDRESSABLE(init_module, __initdata);
/* This is only required if you want to be unloadable. */ /* This is only required if you want to be unloadable. */
#define module_exit(exitfn) \ #define module_exit(exitfn) \
...@@ -140,7 +140,7 @@ extern void cleanup_module(void); ...@@ -140,7 +140,7 @@ extern void cleanup_module(void);
{ return exitfn; } \ { return exitfn; } \
void cleanup_module(void) __copy(exitfn) \ void cleanup_module(void) __copy(exitfn) \
__attribute__((alias(#exitfn))); \ __attribute__((alias(#exitfn))); \
__CFI_ADDRESSABLE(cleanup_module, __exitdata); ___ADDRESSABLE(cleanup_module, __exitdata);
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment