lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Sep 2021 17:09:07 +0000
From:   Kalesh Singh <kaleshsingh@...gle.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     surenb@...gle.com, hridya@...gle.com, namhyung@...nel.org,
        samitolvanen@...gle.com, ndesaulniers@...gle.com,
        kernel-team@...roid.com, Kalesh Singh <kaleshsingh@...gle.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org
Subject: [PATCH] tracing/cfi: Fix cmp_entries_* functions signature mismatch

If CONFIG_CFI_CLANG=y, attempting to read an event histogram will cause
the kernel to panic due to failed CFI check.

    1. echo 'hist:keys=common_pid' >> events/sched/sched_switch/trigger
    2. cat >> events/sched/sched_switch/hist
    3. kernel panices on attempting to read hist

This happens because the sort() function expects a generic
int (*)(const void *, const void *) pointer for the compare function.
To prevent this CFI failure, change tracing map cmp_entries_* function
signatures to match this.

Signed-off-by: Kalesh Singh <kaleshsingh@...gle.com>
---
 kernel/trace/tracing_map.c | 40 ++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c
index d6bddb157ef2..a8c80ebbf9da 100644
--- a/kernel/trace/tracing_map.c
+++ b/kernel/trace/tracing_map.c
@@ -834,19 +834,21 @@ int tracing_map_init(struct tracing_map *map)
 	return err;
 }
 
-static int cmp_entries_dup(const struct tracing_map_sort_entry **a,
-			   const struct tracing_map_sort_entry **b)
+static int cmp_entries_dup(const void *__a, const void *__b)
 {
 	int ret = 0;
+	const struct tracing_map_sort_entry *a
+		= *(const struct tracing_map_sort_entry **)__a;
+	const struct tracing_map_sort_entry *b
+		= *(const struct tracing_map_sort_entry **)__b;
 
-	if (memcmp((*a)->key, (*b)->key, (*a)->elt->map->key_size))
+	if (memcmp(a->key, b->key, a->elt->map->key_size))
 		ret = 1;
 
 	return ret;
 }
 
-static int cmp_entries_sum(const struct tracing_map_sort_entry **a,
-			   const struct tracing_map_sort_entry **b)
+static int cmp_entries_sum(const void *__a, const void *__b)
 {
 	const struct tracing_map_elt *elt_a, *elt_b;
 	struct tracing_map_sort_key *sort_key;
@@ -854,9 +856,13 @@ static int cmp_entries_sum(const struct tracing_map_sort_entry **a,
 	tracing_map_cmp_fn_t cmp_fn;
 	void *val_a, *val_b;
 	int ret = 0;
+	const struct tracing_map_sort_entry *a
+		= *(const struct tracing_map_sort_entry **)__a;
+	const struct tracing_map_sort_entry *b
+		= *(const struct tracing_map_sort_entry **)__b;
 
-	elt_a = (*a)->elt;
-	elt_b = (*b)->elt;
+	elt_a = a->elt;
+	elt_b = b->elt;
 
 	sort_key = &elt_a->map->sort_key;
 
@@ -873,8 +879,7 @@ static int cmp_entries_sum(const struct tracing_map_sort_entry **a,
 	return ret;
 }
 
-static int cmp_entries_key(const struct tracing_map_sort_entry **a,
-			   const struct tracing_map_sort_entry **b)
+static int cmp_entries_key(const void *__a, const void *__b)
 {
 	const struct tracing_map_elt *elt_a, *elt_b;
 	struct tracing_map_sort_key *sort_key;
@@ -882,9 +887,13 @@ static int cmp_entries_key(const struct tracing_map_sort_entry **a,
 	tracing_map_cmp_fn_t cmp_fn;
 	void *val_a, *val_b;
 	int ret = 0;
+	const struct tracing_map_sort_entry *a
+		= *(const struct tracing_map_sort_entry **)__a;
+	const struct tracing_map_sort_entry *b
+		= *(const struct tracing_map_sort_entry **)__b;
 
-	elt_a = (*a)->elt;
-	elt_b = (*b)->elt;
+	elt_a = a->elt;
+	elt_b = b->elt;
 
 	sort_key = &elt_a->map->sort_key;
 
@@ -989,10 +998,8 @@ static void sort_secondary(struct tracing_map *map,
 			   struct tracing_map_sort_key *primary_key,
 			   struct tracing_map_sort_key *secondary_key)
 {
-	int (*primary_fn)(const struct tracing_map_sort_entry **,
-			  const struct tracing_map_sort_entry **);
-	int (*secondary_fn)(const struct tracing_map_sort_entry **,
-			    const struct tracing_map_sort_entry **);
+	int (*primary_fn)(const void *, const void *);
+	int (*secondary_fn)(const void *, const void *);
 	unsigned i, start = 0, n_sub = 1;
 
 	if (is_key(map, primary_key->field_idx))
@@ -1061,8 +1068,7 @@ int tracing_map_sort_entries(struct tracing_map *map,
 			     unsigned int n_sort_keys,
 			     struct tracing_map_sort_entry ***sort_entries)
 {
-	int (*cmp_entries_fn)(const struct tracing_map_sort_entry **,
-			      const struct tracing_map_sort_entry **);
+	int (*cmp_entries_fn)(const void *, const void *);
 	struct tracing_map_sort_entry *sort_entry, **entries;
 	int i, n_entries, ret;
 

base-commit: 58e2cf5d794616b84f591d4d1276c8953278ce24
-- 
2.33.0.685.g46640cef36-goog

Powered by blists - more mailing lists