Change Details

This is a WIP for KCFI in FreeBSD I have implemented a basic function which enable KCFI be triggered as expected. Currently, we are able to boot in to os without any KCFI error emitted What I think disable is reasonable so I disabled it in default: 1. link_elf_invoke_cbs, elf_lookup_ifunc: The kernel elf loader cannot know the actual return type of ifunc (they can only know ifunc will return a pointer), so the case of cbs. 2. ccfn in vsscanf: vsscanf may get strtoq or strtouq which return the different type 3. se->sy_call in syscallenter: kernel pack all parameter into a void * but the callee has the detailed type (For example: read_args, write_args). What disable works but maybe able to fix: 1. callout parameter in fork_exit: don't know why broke so disabled now 2. post_ithread in ithread_execute_handlers: post_ithread callback callee have detailed type. But the caller use (void *) only. Don't know if breaks the current code for callee by letting callee use (void *) also is a good idea. What needs discussion: 1. .m interface: [[ https://reviews.freebsd.org/D49113 | D49113 ]] 2. eventhandler registration in kernel sometime doesn't follow the calling convention in eventhandler definition. Fixed in [[ https://reviews.freebsd.org/D49111 | D49111 ]] 3. subsystems in kernel has their general error function. Takes sys/kern/vfs_default.c for example, we have vop_ebadf, vop_eopnotsupp, ...etc. : Fixed in current patch 4. vs->func in vnet_register_sysinit: take void * but caller has the detailed type [[ https://reviews.freebsd.org/D48490 | fixed in D48490 ]] My TODO List: Check if the ud2 is triggerd by kcfi: fixed in current patch Some file is not compiled with KCFI without setting CFLAG in kern.mk: fixed in current patch

This is a functional part for KCFI in FreeBSD I have implemented a basic function which enable KCFI be triggered as expected. Currently, we are able to boot in to os without any KCFI error emitted What I think disable is reasonable so I disabled it in default: 1. link_elf_invoke_cbs, elf_lookup_ifunc: The kernel elf loader cannot know the actual return type of ifunc (they can only know ifunc will return a pointer), so the case of cbs. 2. ccfn in vsscanf: vsscanf may get strtoq or strtouq which return the different type 3. se->sy_call in syscallenter: kernel pack all parameter into a void * but the callee has the detailed type (For example: read_args, write_args). What disable works but maybe able to fix: 1. callout parameter in fork_exit: don't know why broke so disabled now 2. post_ithread in ithread_execute_handlers: post_ithread callback callee have detailed type. But the caller use (void *) only. Don't know if breaks the current code for callee by letting callee use (void *) also is a good idea. What needs discussion: 1. .m interface: [[ https://reviews.freebsd.org/D49113 | D49113 ]] 2. eventhandler registration in kernel sometime doesn't follow the calling convention in eventhandler definition. Fixed in [[ https://reviews.freebsd.org/D49111 | D49111 ]] 3. subsystems in kernel has their general error function. Takes sys/kern/vfs_default.c for example, we have vop_ebadf, vop_eopnotsupp, ...etc. : Fixed in current patch 4. vs->func in vnet_register_sysinit: take void * but caller has the detailed type [[ https://reviews.freebsd.org/D48490 | fixed in D48490 ]] My TODO List: Check if the ud2 is triggerd by kcfi: fixed in current patch Some file is not compiled with KCFI without setting CFLAG in kern.mk: fixed in current patch

This is a WIPfunctional part for KCFI in FreeBSD I have implemented a basic function which enable KCFI be triggered as expected. Currently, we are able to boot in to os without any KCFI error emitted What I think disable is reasonable so I disabled it in default: 1. link_elf_invoke_cbs, elf_lookup_ifunc: The kernel elf loader cannot know the actual return type of ifunc (they can only know ifunc will return a pointer), so the case of cbs. 2. ccfn in vsscanf: vsscanf may get strtoq or strtouq which return the different type 3. se->sy_call in syscallenter: kernel pack all parameter into a void * but the callee has the detailed type (For example: read_args, write_args). What disable works but maybe able to fix: 1. callout parameter in fork_exit: don't know why broke so disabled now 2. post_ithread in ithread_execute_handlers: post_ithread callback callee have detailed type. But the caller use (void *) only. Don't know if breaks the current code for callee by letting callee use (void *) also is a good idea. What needs discussion: 1. .m interface: [[ https://reviews.freebsd.org/D49113 | D49113 ]] 2. eventhandler registration in kernel sometime doesn't follow the calling convention in eventhandler definition. Fixed in [[ https://reviews.freebsd.org/D49111 | D49111 ]] 3. subsystems in kernel has their general error function. Takes sys/kern/vfs_default.c for example, we have vop_ebadf, vop_eopnotsupp, ...etc. : Fixed in current patch 4. vs->func in vnet_register_sysinit: take void * but caller has the detailed type [[ https://reviews.freebsd.org/D48490 | fixed in D48490 ]] My TODO List: Check if the ud2 is triggerd by kcfi: fixed in current patch Some file is not compiled with KCFI without setting CFLAG in kern.mk: fixed in current patch