On Sat, Apr 17, 2021 at 3:16 AM Thomas Gleixner <[email protected]> wrote: > > On Sat, Apr 17 2021 at 01:02, Thomas Gleixner wrote: > > On Fri, Apr 16 2021 at 15:37, Kees Cook wrote: > > > >> On Fri, Apr 16, 2021 at 03:20:17PM -0700, Andy Lutomirski wrote: > >>> But obviously there is code that needs real function pointers. How > >>> about making this a first-class feature, or at least hacking around it > >>> more cleanly. For example, what does this do: > >>> > >>> char entry_whatever[]; > >>> wrmsrl(..., (unsigned long)entry_whatever); > >> > >> This is just casting. It'll still resolve to the jump table entry. > >> > >>> or, alternatively, > >>> > >>> extern void func() __attribute__((nocfi)); > >> > >> __nocfi says func() should not perform checking of correct jump table > >> membership for indirect calls. > >> > >> But we don't want a global marking for a function to be ignored by CFI; > >> we don't want functions to escape CFI -- we want specific _users_ to > >> either not check CFI for indirect calls (__nocfi) or we want specific > >> passed addresses to avoid going through the jump table > >> (function_nocfi()). > > > > And that's why you mark entire files to be exempt without any rationale > > why it makes sense. > > The reason why you have to do that is because function_nocfi() is not > provided by the compiler. > > So you need to hack around that with that macro which fails to work > e.g. for the idt data arrays. > > Is there any fundamental reason why the compiler does not provide that > in a form which allows to use it everywhere?
I'm not aware of a fundamental reason why the compiler couldn't provide a built-in here. This series attempts to work with what's available at the moment, and admittedly that's not quite ideal on x86. > It's not too much asked from a tool which provides new functionality to > provide it in a way which is usable. Sure, that's reasonable. I'll talk to our compiler folks and see how we can proceed here. Sami
