diff options
| author | Peter Zijlstra <peterz@infradead.org> | 2025-04-12 13:56:01 +0200 |
|---|---|---|
| committer | Peter Zijlstra <peterz@infradead.org> | 2025-08-18 14:23:09 +0200 |
| commit | 894af4a1cde61c3401f237184fb770f72ff12df8 (patch) | |
| tree | 6b00452a8bbc9e38b6d4578cf5990c19911724a0 /drivers/misc | |
| parent | 28d11e4548b75d0960429344f12d5f6cc9cee25b (diff) | |
objtool: Validate kCFI calls
Validate that all indirect calls adhere to kCFI rules. Notably doing
nocfi indirect call to a cfi function is broken.
Apparently some Rust 'core' code violates this and explodes when ran
with FineIBT.
All the ANNOTATE_NOCFI_SYM sites are prime targets for attackers.
- runtime EFI is especially henous because it also needs to disable
IBT. Basically calling unknown code without CFI protection at
runtime is a massice security issue.
- Kexec image handover; if you can exploit this, you get to keep it :-)
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Acked-by: Sean Christopherson <seanjc@google.com>
Link: https://lkml.kernel.org/r/20250714103441.496787279@infradead.org
Diffstat (limited to 'drivers/misc')
| -rw-r--r-- | drivers/misc/lkdtm/perms.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 6c24426104ba..e1f5e9abb301 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -9,6 +9,7 @@ #include <linux/vmalloc.h> #include <linux/mman.h> #include <linux/uaccess.h> +#include <linux/objtool.h> #include <asm/cacheflush.h> #include <asm/sections.h> @@ -86,6 +87,10 @@ static noinline __nocfi void execute_location(void *dst, bool write) func(); pr_err("FAIL: func returned\n"); } +/* + * Explicitly doing the wrong thing for testing. + */ +ANNOTATE_NOCFI_SYM(execute_location); static void execute_user_location(void *dst) { |