Re: [PATCH 1/2] ANDROID: cfi: enable sanitize for cfi.c
From: Sami Tolvanen
Date: Thu Jun 30 2022 - 12:19:59 EST
On Thu, Jun 30, 2022 at 2:47 AM Haibo Li <haibo.li@xxxxxxxxxxxx> wrote:
>
> currenly,cfi.c is excluded from cfi sanitize because of cfi handler.
> The side effect is that we can not transfer function pointer to
> other files which enable cfi sanitize.
>
> Enable cfi sanitize for cfi.c and bypass cfi check for __cfi_slowpath_diag
>
> Signed-off-by: Haibo Li <haibo.li@xxxxxxxxxxxx>
> Signed-off-by: Lecopzer Chen <lecopzer.chen@xxxxxxxxxxxx>
> ---
> kernel/Makefile | 3 ---
> kernel/cfi.c | 8 +++++++-
> 2 files changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/Makefile b/kernel/Makefile
> index a7e1f49ab2b3..a997bef1a200 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n
> UBSAN_SANITIZE_kcov.o := n
> CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector
>
> -# Don't instrument error handlers
> -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI)
> -
> obj-y += sched/
> obj-y += locking/
> obj-y += power/
> diff --git a/kernel/cfi.c b/kernel/cfi.c
> index 08102d19ec15..456771c8e454 100644
> --- a/kernel/cfi.c
> +++ b/kernel/cfi.c
> @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr)
> return fn;
> }
>
> -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
> +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void *diag)
> {
> cfi_check_fn fn = find_check_fn((unsigned long)ptr);
>
> @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
> else /* Don't allow unchecked modules */
> handle_cfi_failure(ptr);
> }
> +
> +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag)
> +{
> + /*run cfi check without cfi sanitize to avoid calling cfi handler recursively*/
> + _run_cfi_check(id, ptr, diag);
> +}
> EXPORT_SYMBOL(__cfi_slowpath_diag);
You can just add __nocfi to __cfi_slowpath_diag, right? There's no
need for the separate function.
Sami