3c516f89e1
With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately
before each function and a check to validate the target function type
before indirect calls:
; type preamble
__cfi_function:
mov <id>, %eax
function:
...
; indirect call check
mov -<id>,%r10d
add -0x4(%r11),%r10d
je .Ltmp1
ud2
.Ltmp1:
call __x86_indirect_thunk_r11
Add error handling code for the ud2 traps emitted for the checks, and
allow CONFIG_CFI_CLANG to be selected on x86_64.
This produces the following oops on CFI failure (generated using lkdtm):
[ 21.441706] CFI failure at lkdtm_indirect_call+0x16/0x20 [lkdtm]
(target: lkdtm_increment_int+0x0/0x10 [lkdtm]; expected type: 0x7e0c52a)
[ 21.444579] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 21.445296] CPU: 0 PID: 132 Comm: sh Not tainted
5.19.0-rc8-00020-g9f27360e674c #1
[ 21.445296] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 21.445296] RIP: 0010:lkdtm_indirect_call+0x16/0x20 [lkdtm]
[ 21.445296] Code: 52 1c c0 48 c7 c1 c5 50 1c c0 e9 25 48 2a cc 0f 1f
44 00 00 49 89 fb 48 c7 c7 50 b4 1c c0 41 ba 5b ad f3 81 45 03 53 f8
[ 21.445296] RSP: 0018:ffffa9f9c02ffdc0 EFLAGS: 00000292
[ 21.445296] RAX: 0000000000000027 RBX: ffffffffc01cb300 RCX: 385cbbd2e070a700
[ 21.445296] RDX: 0000000000000000 RSI: c0000000ffffdfff RDI: ffffffffc01cb450
[ 21.445296] RBP: 0000000000000006 R08: 0000000000000000 R09: ffffffff8d081610
[ 21.445296] R10: 00000000bcc90825 R11: ffffffffc01c2fc0 R12: 0000000000000000
[ 21.445296] R13: ffffa31b827a6000 R14: 0000000000000000 R15: 0000000000000002
[ 21.445296] FS: 00007f08b42216a0(0000) GS:ffffa31b9f400000(0000)
knlGS:0000000000000000
[ 21.445296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 21.445296] CR2: 0000000000c76678 CR3: 0000000001940000 CR4: 00000000000006f0
[ 21.445296] Call Trace:
[ 21.445296] <TASK>
[ 21.445296] lkdtm_CFI_FORWARD_PROTO+0x30/0x50 [lkdtm]
[ 21.445296] direct_entry+0x12d/0x140 [lkdtm]
[ 21.445296] full_proxy_write+0x5d/0xb0
[ 21.445296] vfs_write+0x144/0x460
[ 21.445296] ? __x64_sys_wait4+0x5a/0xc0
[ 21.445296] ksys_write+0x69/0xd0
[ 21.445296] do_syscall_64+0x51/0xa0
[ 21.445296] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 21.445296] RIP: 0033:0x7f08b41a6fe1
[ 21.445296] Code: be 07 00 00 00 41 89 c0 e8 7e ff ff ff 44 89 c7 89
04 24 e8 91 c6 02 00 8b 04 24 48 83 c4 68 c3 48 63 ff b8 01 00 00 03
[ 21.445296] RSP: 002b:00007ffcdf65c2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 21.445296] RAX: ffffffffffffffda RBX: 00007f08b4221690 RCX: 00007f08b41a6fe1
[ 21.445296] RDX: 0000000000000012 RSI: 0000000000c738f0 RDI: 0000000000000001
[ 21.445296] RBP: 0000000000000001 R08: fefefefefefefeff R09: fefefefeffc5ff4e
[ 21.445296] R10: 00007f08b42222b0 R11: 0000000000000246 R12: 0000000000c738f0
[ 21.445296] R13: 0000000000000012 R14: 00007ffcdf65c401 R15: 0000000000c70450
[ 21.445296] </TASK>
[ 21.445296] Modules linked in: lkdtm
[ 21.445296] Dumping ftrace buffer:
[ 21.445296] (ftrace buffer empty)
[ 21.471442] ---[ end trace 0000000000000000 ]---
[ 21.471811] RIP: 0010:lkdtm_indirect_call+0x16/0x20 [lkdtm]
[ 21.472467] Code: 52 1c c0 48 c7 c1 c5 50 1c c0 e9 25 48 2a cc 0f 1f
44 00 00 49 89 fb 48 c7 c7 50 b4 1c c0 41 ba 5b ad f3 81 45 03 53 f8
[ 21.474400] RSP: 0018:ffffa9f9c02ffdc0 EFLAGS: 00000292
[ 21.474735] RAX: 0000000000000027 RBX: ffffffffc01cb300 RCX: 385cbbd2e070a700
[ 21.475664] RDX: 0000000000000000 RSI: c0000000ffffdfff RDI: ffffffffc01cb450
[ 21.476471] RBP: 0000000000000006 R08: 0000000000000000 R09: ffffffff8d081610
[ 21.477127] R10: 00000000bcc90825 R11: ffffffffc01c2fc0 R12: 0000000000000000
[ 21.477959] R13: ffffa31b827a6000 R14: 0000000000000000 R15: 0000000000000002
[ 21.478657] FS: 00007f08b42216a0(0000) GS:ffffa31b9f400000(0000)
knlGS:0000000000000000
[ 21.479577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 21.480307] CR2: 0000000000c76678 CR3: 0000000001940000 CR4: 00000000000006f0
[ 21.481460] Kernel panic - not syncing: Fatal exception
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-23-samitolvanen@google.com
153 lines
4.7 KiB
Makefile
153 lines
4.7 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the linux kernel.
|
|
#
|
|
|
|
extra-y := head_$(BITS).o
|
|
extra-y += head$(BITS).o
|
|
extra-y += ebda.o
|
|
extra-y += platform-quirks.o
|
|
extra-y += vmlinux.lds
|
|
|
|
CPPFLAGS_vmlinux.lds += -U$(UTS_MACHINE)
|
|
|
|
ifdef CONFIG_FUNCTION_TRACER
|
|
# Do not profile debug and lowlevel utilities
|
|
CFLAGS_REMOVE_tsc.o = -pg
|
|
CFLAGS_REMOVE_paravirt-spinlocks.o = -pg
|
|
CFLAGS_REMOVE_pvclock.o = -pg
|
|
CFLAGS_REMOVE_kvmclock.o = -pg
|
|
CFLAGS_REMOVE_ftrace.o = -pg
|
|
CFLAGS_REMOVE_early_printk.o = -pg
|
|
CFLAGS_REMOVE_head64.o = -pg
|
|
CFLAGS_REMOVE_sev.o = -pg
|
|
endif
|
|
|
|
KASAN_SANITIZE_head$(BITS).o := n
|
|
KASAN_SANITIZE_dumpstack.o := n
|
|
KASAN_SANITIZE_dumpstack_$(BITS).o := n
|
|
KASAN_SANITIZE_stacktrace.o := n
|
|
KASAN_SANITIZE_paravirt.o := n
|
|
KASAN_SANITIZE_sev.o := n
|
|
|
|
# With some compiler versions the generated code results in boot hangs, caused
|
|
# by several compilation units. To be safe, disable all instrumentation.
|
|
KCSAN_SANITIZE := n
|
|
|
|
# If instrumentation of this dir is enabled, boot hangs during first second.
|
|
# Probably could be more selective here, but note that files related to irqs,
|
|
# boot, dumpstack/stacktrace, etc are either non-interesting or can lead to
|
|
# non-deterministic coverage.
|
|
KCOV_INSTRUMENT := n
|
|
|
|
CFLAGS_irq.o := -I $(srctree)/$(src)/../include/asm/trace
|
|
|
|
obj-y := process_$(BITS).o signal.o
|
|
obj-$(CONFIG_COMPAT) += signal_compat.o
|
|
obj-y += traps.o idt.o irq.o irq_$(BITS).o dumpstack_$(BITS).o
|
|
obj-y += time.o ioport.o dumpstack.o nmi.o
|
|
obj-$(CONFIG_MODIFY_LDT_SYSCALL) += ldt.o
|
|
obj-y += setup.o x86_init.o i8259.o irqinit.o
|
|
obj-$(CONFIG_JUMP_LABEL) += jump_label.o
|
|
obj-$(CONFIG_IRQ_WORK) += irq_work.o
|
|
obj-y += probe_roms.o
|
|
obj-$(CONFIG_X86_32) += sys_ia32.o
|
|
obj-$(CONFIG_IA32_EMULATION) += sys_ia32.o
|
|
obj-$(CONFIG_X86_64) += sys_x86_64.o
|
|
obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o
|
|
obj-$(CONFIG_SYSFS) += ksysfs.o
|
|
obj-y += bootflag.o e820.o
|
|
obj-y += pci-dma.o quirks.o topology.o kdebugfs.o
|
|
obj-y += alternative.o i8253.o hw_breakpoint.o
|
|
obj-y += tsc.o tsc_msr.o io_delay.o rtc.o
|
|
obj-y += resource.o
|
|
obj-y += irqflags.o
|
|
obj-y += static_call.o
|
|
|
|
obj-y += process.o
|
|
obj-y += fpu/
|
|
obj-y += ptrace.o
|
|
obj-$(CONFIG_X86_32) += tls.o
|
|
obj-$(CONFIG_IA32_EMULATION) += tls.o
|
|
obj-y += step.o
|
|
obj-$(CONFIG_INTEL_TXT) += tboot.o
|
|
obj-$(CONFIG_ISA_DMA_API) += i8237.o
|
|
obj-y += stacktrace.o
|
|
obj-y += cpu/
|
|
obj-y += acpi/
|
|
obj-y += reboot.o
|
|
obj-$(CONFIG_X86_MSR) += msr.o
|
|
obj-$(CONFIG_X86_CPUID) += cpuid.o
|
|
obj-$(CONFIG_PCI) += early-quirks.o
|
|
apm-y := apm_32.o
|
|
obj-$(CONFIG_APM) += apm.o
|
|
obj-$(CONFIG_SMP) += smp.o
|
|
obj-$(CONFIG_SMP) += smpboot.o
|
|
obj-$(CONFIG_X86_TSC) += tsc_sync.o
|
|
obj-$(CONFIG_SMP) += setup_percpu.o
|
|
obj-$(CONFIG_X86_MPPARSE) += mpparse.o
|
|
obj-y += apic/
|
|
obj-$(CONFIG_X86_REBOOTFIXUPS) += reboot_fixups_32.o
|
|
obj-$(CONFIG_DYNAMIC_FTRACE) += ftrace.o
|
|
obj-$(CONFIG_FUNCTION_TRACER) += ftrace_$(BITS).o
|
|
obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o
|
|
obj-$(CONFIG_FTRACE_SYSCALLS) += ftrace.o
|
|
obj-$(CONFIG_X86_TSC) += trace_clock.o
|
|
obj-$(CONFIG_TRACING) += trace.o
|
|
obj-$(CONFIG_RETHOOK) += rethook.o
|
|
obj-$(CONFIG_CRASH_CORE) += crash_core_$(BITS).o
|
|
obj-$(CONFIG_KEXEC_CORE) += machine_kexec_$(BITS).o
|
|
obj-$(CONFIG_KEXEC_CORE) += relocate_kernel_$(BITS).o crash.o
|
|
obj-$(CONFIG_KEXEC_FILE) += kexec-bzimage64.o
|
|
obj-$(CONFIG_CRASH_DUMP) += crash_dump_$(BITS).o
|
|
obj-y += kprobes/
|
|
obj-$(CONFIG_MODULES) += module.o
|
|
obj-$(CONFIG_X86_32) += doublefault_32.o
|
|
obj-$(CONFIG_KGDB) += kgdb.o
|
|
obj-$(CONFIG_VM86) += vm86_32.o
|
|
obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
|
|
|
|
obj-$(CONFIG_HPET_TIMER) += hpet.o
|
|
|
|
obj-$(CONFIG_AMD_NB) += amd_nb.o
|
|
obj-$(CONFIG_DEBUG_NMI_SELFTEST) += nmi_selftest.o
|
|
|
|
obj-$(CONFIG_KVM_GUEST) += kvm.o kvmclock.o
|
|
obj-$(CONFIG_PARAVIRT) += paravirt.o
|
|
obj-$(CONFIG_PARAVIRT_SPINLOCKS)+= paravirt-spinlocks.o
|
|
obj-$(CONFIG_PARAVIRT_CLOCK) += pvclock.o
|
|
obj-$(CONFIG_X86_PMEM_LEGACY_DEVICE) += pmem.o
|
|
|
|
obj-$(CONFIG_JAILHOUSE_GUEST) += jailhouse.o
|
|
|
|
obj-$(CONFIG_EISA) += eisa.o
|
|
obj-$(CONFIG_PCSPKR_PLATFORM) += pcspeaker.o
|
|
|
|
obj-$(CONFIG_X86_CHECK_BIOS_CORRUPTION) += check.o
|
|
|
|
obj-$(CONFIG_OF) += devicetree.o
|
|
obj-$(CONFIG_UPROBES) += uprobes.o
|
|
|
|
obj-$(CONFIG_PERF_EVENTS) += perf_regs.o
|
|
obj-$(CONFIG_TRACING) += tracepoint.o
|
|
obj-$(CONFIG_SCHED_MC_PRIO) += itmt.o
|
|
obj-$(CONFIG_X86_UMIP) += umip.o
|
|
|
|
obj-$(CONFIG_UNWINDER_ORC) += unwind_orc.o
|
|
obj-$(CONFIG_UNWINDER_FRAME_POINTER) += unwind_frame.o
|
|
obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o
|
|
|
|
obj-$(CONFIG_AMD_MEM_ENCRYPT) += sev.o
|
|
|
|
obj-$(CONFIG_CFI_CLANG) += cfi.o
|
|
|
|
###
|
|
# 64 bit specific files
|
|
ifeq ($(CONFIG_X86_64),y)
|
|
obj-$(CONFIG_AUDIT) += audit_64.o
|
|
|
|
obj-$(CONFIG_GART_IOMMU) += amd_gart_64.o aperture_64.o
|
|
|
|
obj-$(CONFIG_MMCONF_FAM10H) += mmconf-fam10h_64.o
|
|
obj-y += vsmp_64.o
|
|
endif
|