Message ID | 20220610233513.1798771-8-samitolvanen@google.com (mailing list archive) |
---|---|
State | Changes Requested |
Headers | show |
Series | KCFI support | expand |
On Fri, Jun 10, 2022 at 4:35 PM Sami Tolvanen <samitolvanen@google.com> wrote: > > Clang can convert the indirect calls in lkdtm_CFI_FORWARD_PROTO into > direct calls. Move the call into a noinline function that accepts the > target address as an argument to ensure the compiler actually emits an > indirect call instead. Thanks for the patch! Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com> > --- > drivers/misc/lkdtm/cfi.c | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > > diff --git a/drivers/misc/lkdtm/cfi.c b/drivers/misc/lkdtm/cfi.c > index 666a7f4bc137..b6b375112a2a 100644 > --- a/drivers/misc/lkdtm/cfi.c > +++ b/drivers/misc/lkdtm/cfi.c > @@ -20,6 +20,13 @@ static noinline int lkdtm_increment_int(int *counter) > > return *counter; > } > + > +/* Don't allow the compiler to inline the calls. */ > +static noinline void lkdtm_indirect_call(void (*func)(int *)) > +{ > + func(&called_count); > +} > + > /* > * This tries to call an indirect function with a mismatched prototype. > */ > @@ -29,15 +36,11 @@ static void lkdtm_CFI_FORWARD_PROTO(void) > * Matches lkdtm_increment_void()'s prototype, but not > * lkdtm_increment_int()'s prototype. > */ > - void (*func)(int *); > - > pr_info("Calling matched prototype ...\n"); > - func = lkdtm_increment_void; > - func(&called_count); > + lkdtm_indirect_call(lkdtm_increment_void); > > pr_info("Calling mismatched prototype ...\n"); > - func = (void *)lkdtm_increment_int; > - func(&called_count); > + lkdtm_indirect_call((void *)lkdtm_increment_int); > > pr_err("FAIL: survived mismatched prototype function call!\n"); > pr_expected_config(CONFIG_CFI_CLANG); > -- > 2.36.1.476.g0c4daa206d-goog >
On Fri, Jun 10, 2022 at 04:35:00PM -0700, Sami Tolvanen wrote: > Clang can convert the indirect calls in lkdtm_CFI_FORWARD_PROTO into > direct calls. Move the call into a noinline function that accepts the > target address as an argument to ensure the compiler actually emits an > indirect call instead. > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Acked-by: Kees Cook <keescook@chromium.org>
diff --git a/drivers/misc/lkdtm/cfi.c b/drivers/misc/lkdtm/cfi.c index 666a7f4bc137..b6b375112a2a 100644 --- a/drivers/misc/lkdtm/cfi.c +++ b/drivers/misc/lkdtm/cfi.c @@ -20,6 +20,13 @@ static noinline int lkdtm_increment_int(int *counter) return *counter; } + +/* Don't allow the compiler to inline the calls. */ +static noinline void lkdtm_indirect_call(void (*func)(int *)) +{ + func(&called_count); +} + /* * This tries to call an indirect function with a mismatched prototype. */ @@ -29,15 +36,11 @@ static void lkdtm_CFI_FORWARD_PROTO(void) * Matches lkdtm_increment_void()'s prototype, but not * lkdtm_increment_int()'s prototype. */ - void (*func)(int *); - pr_info("Calling matched prototype ...\n"); - func = lkdtm_increment_void; - func(&called_count); + lkdtm_indirect_call(lkdtm_increment_void); pr_info("Calling mismatched prototype ...\n"); - func = (void *)lkdtm_increment_int; - func(&called_count); + lkdtm_indirect_call((void *)lkdtm_increment_int); pr_err("FAIL: survived mismatched prototype function call!\n"); pr_expected_config(CONFIG_CFI_CLANG);
Clang can convert the indirect calls in lkdtm_CFI_FORWARD_PROTO into direct calls. Move the call into a noinline function that accepts the target address as an argument to ensure the compiler actually emits an indirect call instead. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> --- drivers/misc/lkdtm/cfi.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-)