On Fri, Apr 16, 2021 at 03:20:17PM -0700, Andy Lutomirski wrote: > But obviously there is code that needs real function pointers. How > about making this a first-class feature, or at least hacking around it > more cleanly. For example, what does this do: > > char entry_whatever[]; > wrmsrl(..., (unsigned long)entry_whatever);
This is just casting. It'll still resolve to the jump table entry. > or, alternatively, > > extern void func() __attribute__((nocfi)); __nocfi says func() should not perform checking of correct jump table membership for indirect calls. But we don't want a global marking for a function to be ignored by CFI; we don't want functions to escape CFI -- we want specific _users_ to either not check CFI for indirect calls (__nocfi) or we want specific passed addresses to avoid going through the jump table (function_nocfi()). So, instead of a cast, a wrapper is used to bypass instrumentation in the very few cases its needed. (Note that such a wrapper is no-op without CFI enabled.) -- Kees Cook
