[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 34/70] x86/emul: CFI hardening

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Wed, 16 Feb 2022 21:34:25 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AgdBK7sUvLgEaiJIffffzhuXLDVk8ixdjkNCD5Km92c=; b=du958pim3qok83Ruf5239enGJ2zY7TAqGbF97APiCmPbJYqn9W8kumAEh6CM6b0UG9yFzikereMvgRxCsBDIBtUs/Br7FWL+xo+p45f7nFAlvJgFLrFiqPS6kh3/Le7lu2soAH6TloW8GUa5+utvhVNU8kbyIsL48KD8rG97mXOwdtkp5zhPvnJGQoPUqMO68rFCy7sBM1aN/exxQIr3MHrVcArh32U3LmJmrclbC71U37LCLMOfunUSaVUAEs+ew+WkuO1yzPaSOjgWOwCUQQUpg3dqSH1xbz3scgzoiMIVjC1fkydFmDdDQHB4o7RpcBdzFACOOVjhLvJ4iXsbtQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BQcBpjbkHWQ69GfKGrdoJ7Co/rcg6Jp1sVU4I8eRwEc91gxPZjp9Wlqu+82ES03YVWfxj4GJf3zi6nFc24S2FaT+Fafc7CBQZkc/q1A/6M8KgmjLeNI4MqXEQxpPdDPte6bbSQLAbstnrJ7HYATii5zwzLm2GekoTNmen7+fXUBSqwe0CgoyxdQmHbZWPtiABnHCNJTiNU45azgPaGtVywptb03qyxkoiaLZpHnARtYD0xYKiD9NemL1DtX2yDfiUSb9HyrtRPQNI9ayRGu3flL0q6cuozze9hk0E31GhPq/iHNqUGZwUOvwIhiTQGb4aVTAn7AHOnCFB6rLfG+Z4Q==
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 21:34:51 +0000
  • Ironport-data: A9a23:d5hlJq1LJWXbBMB6l/bD5QR2kn2cJEfYwER7XKvMYLTBsI5bp2RTz GMXXmmCMveCazPzeN0kPYrkoR4Au5TWndI2GwFopC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkS5PE3oHJ9RGQ74nRLlbHILOCanAZqTNMEn9700o5wrBh2OaEvPDia++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFMZH4rHomjLmOQf2VhNrXSq 9Avbl2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/TrS+NbPqsTbZIhhUlrZzqhwPEs1 P53r6CLZV0JGZaPxucXFBZaKnQrVUFG0OevzXmXtMWSywvNcmf2wuUoB0YzVWEa0r8pWycUr 6VecW1TKEDY7w616OvTpu1Er8IvNsT0eqgYvWlt12rxBvc6W5HTBa7N4Le02R9u2J4UR6eCO qL1bxJhfjTiWh8IYmwPGcsyvbuSv1n1SGVx/Qf9Sa0fvDGIkV0ZPKLWGMrYfJmGSNtYmm6cp 3na5CLpDxcCLtudxDGZtHW2iYfnnyn2RYYTH72Q7eNxjRuYwWl7NfENfQLl+7/j0Bf4Ao8Bb RxPksYzkUQs3BOKE8XWZQeEm1LenjknGIRTGao16jjYn8I4/D2lLmQDSzdAbvkvu8k3WSEm2 ze1oj/5OdB8mObLECzAr994uRv3YHFIdjFaOUfoWCNYu4GLnW0lsv7Yoj+P+oaRh8a9Jzz/y iviQMMW1+RK1p5jO0lWEDn6b9OQSnrhE1ZdCub/BDvNAuZFiGiNPdHABb/zt6soEWphZgPd1 EXoYuDHhAz0MbmDlTaWXMIGF6yz6vCOPVX02AAzQ8h8rm78qi/6J+i8BQ2Swm8zb67onhezP ifuVf55vscPbBNGk4crC25ONyja5fe5Tom0PhwlRtFPfoJwZGe6ENJGPiatM5TWuBF0y8kXY M7DGe71VCpyIfk3nVKeGrZGuZd2l39W+I8mbc2ip/hR+eHFPyD9pHZsGAbmU93VG4ve8FWPq IcAbZLXo/idOcWnChTqHUcoBQliBVAwBIzsqtwRceiGIwF8H3omBeOXyrQkE7GJVYwO/gsR1 n3iCEJe1nTlgnjLdVeDZnx5Meu9Vpdjt3MreycrOA/wiXQkZI+u6oYZdoc2IuZ7pLAyk6YsQ qlXYdiED9ROVi/Dp2YXY67iodEwbx+snw+PYXaoOWBtY556SgXV0db4ZQ+zpjIWBy+6uJJm8 b2t3w/WW7QZQAFmAJqEYf6j1Qrp73MchPhzTw3DJdwKIBfg941jKirQiP4rIp5TdUWfl2XCj wvPWEUWv+jApYMx4eLlv6Hcotf7CfZ6E2pbA3LfseS8Ox7F8zfx2oRHSuuJI2zQDTum5KW4a OxJ5PjgK/lbzk1Suo9xHrs3n6Iz49zj++1Twgh+RSiZal2qDvVrI2Wc3NkJvapIn+cLtQyzU 0OJ299bJbTWZ5+1TA9PfFIoPraZyPUZujjO9vBkckz16Rh+8KeDTUgPbQKHjzZQLectPY4oq Qv7VBX6N+BrZsIWD+u7
  • Ironport-hdrordr: A9a23:T2Lz7qGw1rGhmbANpLqFTJHXdLJyesId70hD6qkvc3Nom52j+/ xGws536fatskdtZJkh8erwXZVp2RvnhNBICPoqTMuftW7dySqVxeBZnMTfKljbdREWmdQtrJ uIH5IOa+EYSGIK9/oSgzPIU+rIouP3iJxA7N22pxwGLGFXguNbnnxE426gYxdLrWJ9dP4E/e +nl6x6Tk2bCBMqh6qAdxs4dtmGg+eOuIPtYBYACRJiwhKJlymU5LnzFAXd9gsCUhtUqI1Ssl Ttokjc3OGOovu7whjT2yv49JJNgubszdNFGYilltUVEDPxkQylDb4RGYFq/QpF5d1H2mxa1+ UkkC1QefibLEmhJ11dlCGdnzUIFgxes0MKh2Xo2kcL6vaJOw7SQ/Ax+76xNCGptnbI9esMoJ 6ilQiixutqJAKFkyLn69fSURZ20kKyvHo5iOYWy2dSSI0EddZq3MYiFW5uYd899RjBmcsa+S hVfbXhzecTdUnfY2HSv2FpztDpVnMvHg2eSkxHvsCOyTBZkH1w0kNdnaUk7zs93YN4T4MB6/ XPM6xumr0LRsgKbbhlDONERcesEGTCTR/FLWrXK1X6E6MMPW7LtvfMkfgIzfDvfIZNwIo5mZ zHXl8dvWkue1j2AcnLx5FP+gClehT1Yd0s8LAp23FUgMyPeFPbC1z1dLl1qbrSnxw2OLyvZ8 qO
  • Ironport-sdr: G84SvqdtrEHcTfvW0lzFkka4Tw1RFjydBtjP6BvC6maKhrJZ5YV7mKfyDuweBvZQeLQ+sYzwAH 7AQRlD+eGk6MTm9mGyctgbnOti870+na+C8gJW6KsE7ahk7ld4aurWpuJ2e2v4CS2uUxg+OGbO 6foGCY2LSVLRDVs2+afex62rKPSLoQBbvDEEBaYoQ5G3v09AKS0DKF5pJTc0g4X37SlIAGCEfb nV7i3SWijW7UH7OeVd/4D6b++x3CxFfPmBtEujYOLpO5UFmpfcicmdRZHjFVmT5sEdgXL2+THz cWN+meIUyWejaKSMfr0lnQ9q
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYIaPBW5BDF7b7HkCjMh8IXdikYayTDOOAgAGT+YCAAAhigIACDWqA
  • Thread-topic: [PATCH v2 34/70] x86/emul: CFI hardening
On 15/02/2022 14:13, Jan Beulich wrote:
> On 15.02.2022 14:43, Andrew Cooper wrote:
>> On 14/02/2022 13:38, Jan Beulich wrote:
>>> On 14.02.2022 13:50, Andrew Cooper wrote:
>>>> Control Flow Integrity schemes use toolchain and optionally hardware 
>>>> support
>>>> to help protect against call/jump/return oriented programming attacks.
>>>>
>>>> Use cf_check to annotate function pointer targets for the toolchain.
>>>>
>>>> pv_emul_is_mem_write() is only used in a single file.  Having it as a 
>>>> static
>>>> inline is pointless because it can't be inlined to begin with.
>>> I'd like you to consider to re-word this:
>> This is the reworded version.
>>
>>> It being static inline was for
>>> the case of there appearing a 2nd user. I don't view such as pointless.
>> I find that impossible to reconcile with your normal review feedback.
> Interesting. I don't think I would have objected to something like
> this, if it was conceivable that a 2nd user may appear. I don't
> think this is the only inline function we've got with just a single
> user. I also don't think this is the only inline function we've got
> with its address taken, and hence having an out-of-line instantiation.
>
>> It is unconditionally forced out of line because of how it's used,
>> meaning that if it ever got used in a second translation unit we'd end
>> up with a duplicate function, at which point it would need to be
>> non-static and exported to pass review.  (And sanity.)
> I'm afraid you've lost me here. What duplicate function? Before and
> after the patch the function is static; what changes is merely the
> "inline". Two CUs can have identically named static functions, can't
> they? Or if that's not the point you try to make, then I have no idea
> what it is that you're trying to tell me.

Yes, the same static inline can be out-of-lined in multiple translation
units.  This creates two identical copies of the logic, and then falls
foul of our unique symbols constraint.

The absence of complaints in the general case shows that we don't
currently any cases where a static inline is out-of-lined in multiple
translation units.

Under IBT, it means more tagged functions, which I suppose doesn't make
a useful difference from the attackers point of view, but it's still
logic duplication in the final build that we'd prefer to avoid.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.