cfi: Switch to -fsanitize=kcfi
Switch from Clang's original forward-edge control-flow integrity implementation to -fsanitize=kcfi, which is better suited for the kernel, as it doesn't require LTO, doesn't use a jump table that requires altering function references, and won't break cross-module function address equality. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220908215504.3686827-6-samitolvanen@google.com
This commit is contained in:
Sami Tolvanen
+3
-32
@@ -53,6 +53,7 @@
|
||||
#include <linux/bsearch.h>
|
||||
#include <linux/dynamic_debug.h>
|
||||
#include <linux/audit.h>
|
||||
#include <linux/cfi.h>
|
||||
#include <uapi/linux/module.h>
|
||||
#include "internal.h"
|
||||
|
||||
@@ -2597,8 +2598,9 @@ static int complete_formation(struct module *mod, struct load_info *info)
|
||||
if (err < 0)
|
||||
goto out;
|
||||
|
||||
/* This relies on module_mutex for list integrity. */
|
||||
/* These rely on module_mutex for list integrity. */
|
||||
module_bug_finalize(info->hdr, info->sechdrs, mod);
|
||||
module_cfi_finalize(info->hdr, info->sechdrs, mod);
|
||||
|
||||
if (module_check_misalignment(mod))
|
||||
goto out_misaligned;
|
||||
@@ -2660,8 +2662,6 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void cfi_init(struct module *mod);
|
||||
|
||||
/*
|
||||
* Allocate and load the module: note that size of section 0 is always
|
||||
* zero, and we rely on this for optional sections.
|
||||
@@ -2791,9 +2791,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
|
||||
|
||||
flush_module_icache(mod);
|
||||
|
||||
/* Setup CFI for the module. */
|
||||
cfi_init(mod);
|
||||
|
||||
/* Now copy in args */
|
||||
mod->args = strndup_user(uargs, ~0UL >> 1);
|
||||
if (IS_ERR(mod->args)) {
|
||||
@@ -2955,32 +2952,6 @@ static inline int within(unsigned long addr, void *start, unsigned long size)
|
||||
return ((void *)addr >= start && (void *)addr < start + size);
|
||||
}
|
||||
|
||||
static void cfi_init(struct module *mod)
|
||||
{
|
||||
#ifdef CONFIG_CFI_CLANG
|
||||
initcall_t *init;
|
||||
#ifdef CONFIG_MODULE_UNLOAD
|
||||
exitcall_t *exit;
|
||||
#endif
|
||||
|
||||
rcu_read_lock_sched();
|
||||
mod->cfi_check = (cfi_check_fn)
|
||||
find_kallsyms_symbol_value(mod, "__cfi_check");
|
||||
init = (initcall_t *)
|
||||
find_kallsyms_symbol_value(mod, "__cfi_jt_init_module");
|
||||
/* Fix init/exit functions to point to the CFI jump table */
|
||||
if (init)
|
||||
mod->init = *init;
|
||||
#ifdef CONFIG_MODULE_UNLOAD
|
||||
exit = (exitcall_t *)
|
||||
find_kallsyms_symbol_value(mod, "__cfi_jt_cleanup_module");
|
||||
if (exit)
|
||||
mod->exit = *exit;
|
||||
#endif
|
||||
rcu_read_unlock_sched();
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Keep in sync with MODULE_FLAGS_BUF_SIZE !!! */
|
||||
char *module_flags(struct module *mod, char *buf, bool show_state)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user