diff options
| author | Sami Tolvanen <samitolvanen@google.com> | 2021-04-08 21:28:35 +0300 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2021-04-09 02:04:22 +0300 |
| commit | 6c4df54ed293f6383efb97fca0e643b8dcbc3769 (patch) | |
| tree | 82f453876971aeb991bfc1210db1e8a5c2f1620d /drivers/misc/lkdtm | |
| parent | 4f0f586bf0c898233d8f316f471a21db2abd522d (diff) | |
| download | linux-6c4df54ed293f6383efb97fca0e643b8dcbc3769.tar.xz | |
lkdtm: use function_nocfi
To ensure we take the actual address of a function in kernel text,
use function_nocfi. Otherwise, with CONFIG_CFI_CLANG, the compiler
replaces the address with a pointer to the CFI jump table, which is
actually in the module when compiled with CONFIG_LKDTM=m.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210408182843.1754385-11-samitolvanen@google.com
Diffstat (limited to 'drivers/misc/lkdtm')
| -rw-r--r-- | drivers/misc/lkdtm/usercopy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c index 109e8d4302c1..15d220ef35a5 100644 --- a/drivers/misc/lkdtm/usercopy.c +++ b/drivers/misc/lkdtm/usercopy.c @@ -314,7 +314,7 @@ void lkdtm_USERCOPY_KERNEL(void) pr_info("attempting bad copy_to_user from kernel text: %px\n", vm_mmap); - if (copy_to_user((void __user *)user_addr, vm_mmap, + if (copy_to_user((void __user *)user_addr, function_nocfi(vm_mmap), unconst + PAGE_SIZE)) { pr_warn("copy_to_user failed, but lacked Oops\n"); goto free_user; |