From patchwork Fri Oct 5 08:13:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 148147 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp150966lji; Fri, 5 Oct 2018 01:13:46 -0700 (PDT) X-Google-Smtp-Source: ACcGV6359EQyChauPxgLvPrm2mTmCaTSSofdB3cV2SYF271SF46+JoWUY/zJeBWeyWKwWRxzkPzK X-Received: by 2002:a17:902:7283:: with SMTP id d3-v6mr10347960pll.326.1538727226227; Fri, 05 Oct 2018 01:13:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538727226; cv=none; d=google.com; s=arc-20160816; b=cFhhfVgRmh6lYE83/5+Fay4YfhA7kCCDgPBpPoq3YZs0Yvk3MYzuddZ7MXzkmpe75F lEwD6n+BcRUeXaL1MQiH3JuzccEiV/F/sehcZjl4iE5eVih9hT2AKRj5421IZ3qTaIoo Wnw9LVMwPjp+Gu5CjPx9Oa2fcKJXpJ5wTybJUCgnTGR7/+mofIrCI+jbcG4JOHM1T//T Bh7QJNDQyXEzQXdkmOEjVWYJ6BkQ8GurhJSNSnFmtipBP77XPGFApGfT2vG3bc3OxH4c EMylf5iPoCrJX0fydNhgLcymWASRYxMHYjSk1h94xuO+VBm829coWYeOeKaDLaqkY1LO zHiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=M974k2iyDJIOjsCt9yr954r2LChEqIlYPLi3JqN8ezM=; b=IkUlIvG/0kHaakUy3lx4uKxqbo3GNtiipvMY04eMYgE80RKUqhsSSwHRHvIMfpnY8b +RGiz6yWshoixldhr6dBAXs9ltZUoyw0pfga8TlLfL+jsjQ9UkM4e3pKd5RAUV/YsbFl ejp37d0sA8X6oQw3Sz40TpJpruTvcmUF80Q7PI0JPNapDde97fI+akF02Q9KaFbKOsxg 8fWznPutdgFIGk4WoNPoLxFUyNp1tamclE+4TvmkrlGN8BcOZFmi5HdJU8fzkdEAmjxK XPsUfkXDWgampbfxrCtR4I1d+5m5bYYs1UuAATSUBqu9nk0Ofip89I/3phPNoS0gF+wp P03A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MWd+hOYP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y30-v6si7612388pgk.13.2018.10.05.01.13.45; Fri, 05 Oct 2018 01:13:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MWd+hOYP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728407AbeJEPLS (ORCPT + 32 others); Fri, 5 Oct 2018 11:11:18 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:33122 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728259AbeJEPLR (ORCPT ); Fri, 5 Oct 2018 11:11:17 -0400 Received: by mail-wm1-f66.google.com with SMTP id y140-v6so3198694wmd.0 for ; Fri, 05 Oct 2018 01:13:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=M974k2iyDJIOjsCt9yr954r2LChEqIlYPLi3JqN8ezM=; b=MWd+hOYP/XT8JhDN37zPYJpwEJYaMjz+DGw/Gv25gw+eg0s/a5gjnsTq2fxMFRjXfa XOMVBcpP7CyWqNHbBWmey7hjHyMNnG+gxrzc/jDFOObGBsroeG0GPzJLFwCtev3yPYQp vVyxleV0C7JUqQAW22vpLbZCcIWLOpw1cxhDg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=M974k2iyDJIOjsCt9yr954r2LChEqIlYPLi3JqN8ezM=; b=S3OJbaNXf01x3dL6PRKNk8CArExdDMpYeJpJq/XQR+7f45+SusiWL042j6mqyINvU7 gpHa80Fk/AfbI7EWHH5bNrmitfP9aTX/v8RzMhiRajh6wFHpk6gmuGcWSMWGxYwCIoeZ B4+JDokLGGScpnj/yHStic4YejoPHfun5az9Y7otvUwWSBcur/KiJwwCvhLllidcQVw/ 3Q+HrYEl2PxfGPU65VznPrfxr2CpANaKLPrObl53ECA8Mb/KraE+YPCVV5+HkwX81B0L I67kBBhq+CfbA2knGym9+ZwTOx5FbAFg74CsIi0KlWqLrebLzrhHgLW8tEhIAfw6GdIY a8Kg== X-Gm-Message-State: ABuFfoggDQ5Rtptf68p3s9W20q/Imk7whzT0fB/ecLiHP8BOqCnvq5hF QKmSQhgDIBLCHADrZZ9I152gncywoc4= X-Received: by 2002:a1c:9901:: with SMTP id b1-v6mr4381093wme.15.1538727220155; Fri, 05 Oct 2018 01:13:40 -0700 (PDT) Received: from localhost.localdomain ([2a01:cb1d:112:6f00:697e:67d9:a05d:22c7]) by smtp.gmail.com with ESMTPSA id t4-v6sm6565620wrb.45.2018.10.05.01.13.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Oct 2018 01:13:39 -0700 (PDT) From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , "Jason A . Donenfeld" , Eric Biggers , Samuel Neves , Andy Lutomirski , Arnd Bergmann , Herbert Xu , "David S. Miller" , Catalin Marinas , Will Deacon , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , Thomas Gleixner , Ingo Molnar , Kees Cook , "Martin K. Petersen" , Greg Kroah-Hartman , Andrew Morton , Richard Weinberger , Peter Zijlstra , linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org Subject: [RFC PATCH 1/9] kernel: add support for patchable function pointers Date: Fri, 5 Oct 2018 10:13:25 +0200 Message-Id: <20181005081333.15018-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005081333.15018-1-ard.biesheuvel@linaro.org> References: <20181005081333.15018-1-ard.biesheuvel@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add a function pointer abstraction that can be implemented by the arch in a manner that avoids the downsides of function pointers, i.e., the fact that they are typically located in a writable data section, and their vulnerability to Spectre like defects. The FFP (or fast function pointer) is callable as a function, since the generic incarnation is simply that. However, due to the fact that C does not distinguish between functions and function pointers at the call site, the architecture can instead emit it as a patchable sequence of instructions consisting of ordinary branches. Signed-off-by: Ard Biesheuvel --- arch/Kconfig | 3 ++ include/linux/ffp.h | 43 ++++++++++++++++++++ 2 files changed, 46 insertions(+) -- 2.11.0 diff --git a/arch/Kconfig b/arch/Kconfig index 6801123932a5..2af3442a61d3 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -862,6 +862,9 @@ config HAVE_ARCH_PREL32_RELOCATIONS architectures, and don't require runtime relocation on relocatable kernels. +config HAVE_ARCH_FFP + bool + source "kernel/gcov/Kconfig" source "scripts/gcc-plugins/Kconfig" diff --git a/include/linux/ffp.h b/include/linux/ffp.h new file mode 100644 index 000000000000..8fc3b4c9b38f --- /dev/null +++ b/include/linux/ffp.h @@ -0,0 +1,43 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef __LINUX_FFP_H +#define __LINUX_FFP_H + +#include +#include + +#ifdef CONFIG_HAVE_ARCH_FFP +#include +#else + +struct ffp { + void (**fn)(void); + void (*default_fn)(void); +}; + +#define DECLARE_FFP(_fn, _def) \ + extern typeof(_def) *_fn; \ + extern struct ffp const __ffp_ ## _fn + +#define DEFINE_FFP(_fn, _def) \ + typeof(_def) *_fn = &_def; \ + struct ffp const __ffp_ ## _fn \ + = { (void(**)(void))&_fn, (void(*)(void))&_def }; \ + EXPORT_SYMBOL(__ffp_ ## _fn) + +static inline void ffp_set_target(const struct ffp *m, void *new_fn) +{ + WRITE_ONCE(*m->fn, new_fn); +} + +static inline void ffp_reset_target(const struct ffp *m) +{ + WRITE_ONCE(*m->fn, m->default_fn); +} + +#endif + +#define SET_FFP(_fn, _new) ffp_set_target(&__ffp_ ## _fn, _new) +#define RESET_FFP(_fn) ffp_reset_target(&__ffp_ ## _fn) + +#endif