Message ID | 20210312004919.669614-4-samitolvanen@google.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Add support for Clang CFI | expand |
On Thu, Mar 11, 2021 at 04:49:05PM -0800, Sami Tolvanen wrote: > With CONFIG_CFI_CLANG, the compiler replaces function addresses > in instrumented C code with jump table addresses. This means that > __pa_symbol(function) returns the physical address of the jump table > entry instead of the actual function, which may not work as the jump > table code will immediately jump to a virtual address that may not be > mapped. > > To avoid this address space confusion, this change adds generic > definitions for __va_function and __pa_function, which architectures > that support CFI can override. The typical implementation of the > __va_function macro would use inline assembly to take the function > address, which avoids compiler instrumentation. > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/include/linux/mm.h b/include/linux/mm.h index 77e64e3eac80..1262c4c0242c 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -116,6 +116,14 @@ extern int mmap_rnd_compat_bits __read_mostly; #define __pa_symbol(x) __pa(RELOC_HIDE((unsigned long)(x), 0)) #endif +#ifndef __va_function +#define __va_function(x) (x) +#endif + +#ifndef __pa_function +#define __pa_function(x) __pa_symbol(__va_function(x)) +#endif + #ifndef page_to_virt #define page_to_virt(x) __va(PFN_PHYS(page_to_pfn(x))) #endif
With CONFIG_CFI_CLANG, the compiler replaces function addresses in instrumented C code with jump table addresses. This means that __pa_symbol(function) returns the physical address of the jump table entry instead of the actual function, which may not work as the jump table code will immediately jump to a virtual address that may not be mapped. To avoid this address space confusion, this change adds generic definitions for __va_function and __pa_function, which architectures that support CFI can override. The typical implementation of the __va_function macro would use inline assembly to take the function address, which avoids compiler instrumentation. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> --- include/linux/mm.h | 8 ++++++++ 1 file changed, 8 insertions(+)