arm64: Add types to indirect called assembly functions

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

With CONFIG_CFI_CLANG, assembly functions indirectly called from C
code must be annotated with type identifiers to pass CFI checking. Use
SYM_TYPED_FUNC_START for the indirectly called functions, and ensure
we emit `bti c` also with SYM_TYPED_FUNC_START.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-10-samitolvanen@google.com

authored by

Sami Tolvanen and committed by

Kees Cook 3 years ago c50d3285 44f665b6

+15 -7

5 changed files

expand all

arch

arm64

crypto

ghash-ce-core.S

sm3-ce-core.S

include

asm

linkage.h

kernel

cpu-reset.S

proc.S

+3 -2

arch/arm64/crypto/ghash-ce-core.S

··· 6 6 */ 7 7 8 8 #include <linux/linkage.h> 9 + #include <linux/cfi_types.h> 9 10 #include <asm/assembler.h> 10 11 11 12 SHASH .req v0 ··· 351 350 * void pmull_ghash_update(int blocks, u64 dg[], const char *src, 352 351 * struct ghash_key const *k, const char *head) 353 352 */ 354 - SYM_FUNC_START(pmull_ghash_update_p64) 353 + SYM_TYPED_FUNC_START(pmull_ghash_update_p64) 355 354 __pmull_ghash p64 356 355 SYM_FUNC_END(pmull_ghash_update_p64) 357 356 358 - SYM_FUNC_START(pmull_ghash_update_p8) 357 + SYM_TYPED_FUNC_START(pmull_ghash_update_p8) 359 358 __pmull_ghash p8 360 359 SYM_FUNC_END(pmull_ghash_update_p8) 361 360

+2 -1

arch/arm64/crypto/sm3-ce-core.S

··· 6 6 */ 7 7 8 8 #include <linux/linkage.h> 9 + #include <linux/cfi_types.h> 9 10 #include <asm/assembler.h> 10 11 11 12 .irp b, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 ··· 74 73 * int blocks) 75 74 */ 76 75 .text 77 - SYM_FUNC_START(sm3_ce_transform) 76 + SYM_TYPED_FUNC_START(sm3_ce_transform) 78 77 /* load state */ 79 78 ld1 {v8.4s-v9.4s}, [x0] 80 79 rev64 v8.4s, v8.4s

arch/arm64/include/asm/linkage.h

··· 39 39 SYM_START(name, SYM_L_WEAK, SYM_A_NONE) \ 40 40 bti c ; 41 41 42 + #define SYM_TYPED_FUNC_START(name) \ 43 + SYM_TYPED_START(name, SYM_L_GLOBAL, SYM_A_ALIGN) \ 44 + bti c ; 45 + 42 46 #endif

+3 -2

arch/arm64/kernel/cpu-reset.S

··· 8 8 */ 9 9 10 10 #include <linux/linkage.h> 11 + #include <linux/cfi_types.h> 11 12 #include <asm/assembler.h> 12 13 #include <asm/sysreg.h> 13 14 #include <asm/virt.h> ··· 29 28 * branch to what would be the reset vector. It must be executed with the 30 29 * flat identity mapping. 31 30 */ 32 - SYM_CODE_START(cpu_soft_restart) 31 + SYM_TYPED_FUNC_START(cpu_soft_restart) 33 32 mov_q x12, INIT_SCTLR_EL1_MMU_OFF 34 33 pre_disable_mmu_workaround 35 34 /* ··· 48 47 mov x1, x3 // arg1 49 48 mov x2, x4 // arg2 50 49 br x8 51 - SYM_CODE_END(cpu_soft_restart) 50 + SYM_FUNC_END(cpu_soft_restart) 52 51 53 52 .popsection

+3 -2

arch/arm64/mm/proc.S

··· 10 10 #include <linux/init.h> 11 11 #include <linux/linkage.h> 12 12 #include <linux/pgtable.h> 13 + #include <linux/cfi_types.h> 13 14 #include <asm/assembler.h> 14 15 #include <asm/asm-offsets.h> 15 16 #include <asm/asm_pointer_auth.h> ··· 186 185 * This is the low-level counterpart to cpu_replace_ttbr1, and should not be 187 186 * called by anything else. It can only be executed from a TTBR0 mapping. 188 187 */ 189 - SYM_FUNC_START(idmap_cpu_replace_ttbr1) 188 + SYM_TYPED_FUNC_START(idmap_cpu_replace_ttbr1) 190 189 save_and_disable_daif flags=x2 191 190 192 191 __idmap_cpu_set_reserved_ttbr1 x1, x3 ··· 254 253 SYM_DATA(__idmap_kpti_flag, .long 1) 255 254 .popsection 256 255 257 - SYM_FUNC_START(idmap_kpti_install_ng_mappings) 256 + SYM_TYPED_FUNC_START(idmap_kpti_install_ng_mappings) 258 257 cpu .req w0 259 258 temp_pte .req x0 260 259 num_cpus .req w1