Commit cf90d038 authored by Sami Tolvanen's avatar Sami Tolvanen Committed by Kees Cook
Browse files

lkdtm: Emit an indirect call for CFI tests 



Clang can convert the indirect calls in lkdtm_CFI_FORWARD_PROTO into
direct calls. Move the call into a noinline function that accepts the
target address as an argument to ensure the compiler actually emits an
indirect call instead.

Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarNathan Chancellor <nathan@kernel.org>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-8-samitolvanen@google.com
parent e84e008e

drivers/misc/lkdtm/cfi.c

+9 −6
Original line number Diff line number Diff line
@@ -20,6 +20,13 @@ static noinline int lkdtm_increment_int(int *counter) 


	return *counter;

}



/* Don't allow the compiler to inline the calls. */

static noinline void lkdtm_indirect_call(void (*func)(int *))

{

	func(&called_count);

}



/*

 * This tries to call an indirect function with a mismatched prototype.

 */
@@ -29,15 +36,11 @@ static void lkdtm_CFI_FORWARD_PROTO(void) 
	 * Matches lkdtm_increment_void()'s prototype, but not

	 * lkdtm_increment_int()'s prototype.

	 */

	void (*func)(int *);



	pr_info("Calling matched prototype ...\n");

	func = lkdtm_increment_void;

	func(&called_count);

	lkdtm_indirect_call(lkdtm_increment_void);



	pr_info("Calling mismatched prototype ...\n");

	func = (void *)lkdtm_increment_int;

	func(&called_count);

	lkdtm_indirect_call((void *)lkdtm_increment_int);



	pr_err("FAIL: survived mismatched prototype function call!\n");

	pr_expected_config(CONFIG_CFI_CLANG);