Commit 4f0f586b authored by Sami Tolvanen's avatar Sami Tolvanen Committed by Kees Cook
Browse files

treewide: Change list_sort to use const pointers 



list_sort() internally casts the comparison function passed to it
to a different type with constant struct list_head pointers, and
uses this pointer to call the functions, which trips indirect call
Control-Flow Integrity (CFI) checking.

Instead of removing the consts, this change defines the
list_cmp_func_t type and changes the comparison function types of
all list_sort() callers to use const pointers, thus avoiding type
mismatches.

Suggested-by: default avatarNick Desaulniers <ndesaulniers@google.com>
Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarNick Desaulniers <ndesaulniers@google.com>
Tested-by: default avatarNathan Chancellor <nathan@kernel.org>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210408182843.1754385-10-samitolvanen@google.com
parent 9f5b4009

arch/arm64/kvm/vgic/vgic-its.c

+4 −4
Original line number Diff line number Diff line
@@ -2190,8 +2190,8 @@ static int vgic_its_restore_ite(struct vgic_its *its, u32 event_id, 
	return offset;

}



static int vgic_its_ite_cmp(void *priv, struct list_head *a,

			    struct list_head *b)

static int vgic_its_ite_cmp(void *priv, const struct list_head *a,

			    const struct list_head *b)

{

	struct its_ite *itea = container_of(a, struct its_ite, ite_list);

	struct its_ite *iteb = container_of(b, struct its_ite, ite_list);
@@ -2329,8 +2329,8 @@ static int vgic_its_restore_dte(struct vgic_its *its, u32 id, 
	return offset;

}



static int vgic_its_device_cmp(void *priv, struct list_head *a,

			       struct list_head *b)

static int vgic_its_device_cmp(void *priv, const struct list_head *a,

			       const struct list_head *b)

{

	struct its_device *deva = container_of(a, struct its_device, dev_list);

	struct its_device *devb = container_of(b, struct its_device, dev_list);

arch/arm64/kvm/vgic/vgic.c

+2 −1
Original line number Diff line number Diff line
@@ -255,7 +255,8 @@ static struct kvm_vcpu *vgic_target_oracle(struct vgic_irq *irq) 
 * Return negative if "a" sorts before "b", 0 to preserve order, and positive

 * to sort "b" before "a".

 */

static int vgic_irq_cmp(void *priv, struct list_head *a, struct list_head *b)

static int vgic_irq_cmp(void *priv, const struct list_head *a,

			const struct list_head *b)

{

	struct vgic_irq *irqa = container_of(a, struct vgic_irq, ap_list);

	struct vgic_irq *irqb = container_of(b, struct vgic_irq, ap_list);

block/blk-mq-sched.c

+2 −1
Original line number Diff line number Diff line
@@ -75,7 +75,8 @@ void blk_mq_sched_restart(struct blk_mq_hw_ctx *hctx) 
	blk_mq_run_hw_queue(hctx, true);

}



static int sched_rq_cmp(void *priv, struct list_head *a, struct list_head *b)

static int sched_rq_cmp(void *priv, const struct list_head *a,

			const struct list_head *b)

{

	struct request *rqa = container_of(a, struct request, queuelist);

	struct request *rqb = container_of(b, struct request, queuelist);

block/blk-mq.c

+2 −1
Original line number Diff line number Diff line
@@ -1895,7 +1895,8 @@ void blk_mq_insert_requests(struct blk_mq_hw_ctx *hctx, struct blk_mq_ctx *ctx, 
	spin_unlock(&ctx->lock);

}



static int plug_rq_cmp(void *priv, struct list_head *a, struct list_head *b)

static int plug_rq_cmp(void *priv, const struct list_head *a,

		       const struct list_head *b)

{

	struct request *rqa = container_of(a, struct request, queuelist);

	struct request *rqb = container_of(b, struct request, queuelist);

drivers/acpi/nfit/core.c

+2 −1
Original line number Diff line number Diff line
@@ -1195,7 +1195,8 @@ static int __nfit_mem_init(struct acpi_nfit_desc *acpi_desc, 
	return 0;

}



static int nfit_mem_cmp(void *priv, struct list_head *_a, struct list_head *_b)

static int nfit_mem_cmp(void *priv, const struct list_head *_a,

		const struct list_head *_b)

{

	struct nfit_mem *a = container_of(_a, typeof(*a), list);

	struct nfit_mem *b = container_of(_b, typeof(*b), list);