1146f7e2dc
Clang's Control Flow Integrity (CFI) is a security mechanism that can help prevent JOP chains, deployed extensively in downstream kernels used in Android. Its deployment is hindered by mismatches in function signatures. For this case, we make callbacks match their intended function signature, and cast parameters within them rather than casting the callback when passed as a parameter. When running `mount -t ntfs ...` we observe the following trace: Call trace: __cfi_check_fail+0x1c/0x24 name_to_dev_t+0x0/0x404 iget5_locked+0x594/0x5e8 ntfs_fill_super+0xbfc/0x43ec mount_bdev+0x30c/0x3cc ntfs_mount+0x18/0x24 mount_fs+0x1b0/0x380 vfs_kern_mount+0x90/0x398 do_mount+0x5d8/0x1a10 SyS_mount+0x108/0x144 el0_svc_naked+0x34/0x38 Signed-off-by: Luca Stefani <luca.stefani.ge1@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Tested-by: freak07 <michalechner92@googlemail.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Nathan Chancellor <natechancellor@gmail.com> Acked-by: Anton Altaparmakov <anton@tuxera.com> Link: http://lkml.kernel.org/r/20200718112513.533800-1-luca.stefani.ge1@gmail.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
---|---|---|
.. | ||
aops.c | ||
aops.h | ||
attrib.c | ||
attrib.h | ||
bitmap.c | ||
bitmap.h | ||
collate.c | ||
collate.h | ||
compress.c | ||
debug.c | ||
debug.h | ||
dir.c | ||
dir.h | ||
endian.h | ||
file.c | ||
index.c | ||
index.h | ||
inode.c | ||
inode.h | ||
Kconfig | ||
layout.h | ||
lcnalloc.c | ||
lcnalloc.h | ||
logfile.c | ||
logfile.h | ||
Makefile | ||
malloc.h | ||
mft.c | ||
mft.h | ||
mst.c | ||
namei.c | ||
ntfs.h | ||
quota.c | ||
quota.h | ||
runlist.c | ||
runlist.h | ||
super.c | ||
sysctl.c | ||
sysctl.h | ||
time.h | ||
types.h | ||
unistr.c | ||
upcase.c | ||
usnjrnl.c | ||
usnjrnl.h | ||
volume.h |