On 19/12/2023 6:20 pm, Linus Torvalds wrote:
> On Tue, 19 Dec 2023 at 01:58, Borislav Petkov <b...@alien8.de> wrote:
>> Looking at the dmesg, I think you missed the most important part - the
>> preceding line:
>>
>> [ 13.480504][ T48] CFI failure at int80_emulation+0x67/0xb0 (target:
>> sys_ni_posix_timers+0x0/0x70; expected type: 0xb02b34d9)
>> ^^^^^^^^^^^
> So I think the issue here is that sys_ni_posix_timers is just linker
> alias that is used for any non-implemented posix timer system call.
My reading of the original report is that there used to be:
dmesg.WARNING:CPU:#PID:#at_do_int80_syscall_32
and now there's:
dmesg.WARNING:CPU:#PID:#at_int80_emulation
i.e. kCFI was broken before, and all we did with be5341eb0d43 was change
the inlining, and therefore how the error was rendered.
> See:
>
> #define __SYS_NI(abi, name) \
> SYSCALL_ALIAS(__##abi##_##name, sys_ni_posix_timers);
AFAICT, this is the problem, but it was preexiting too.
This is stuffing a function of type void into an array of function
pointers wanting pt_regs * which is indeed a kCFI violation.
Isn't the fix simply this?
~Andrew
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index fd9d12de7e92..12195164d5a4 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -1171,7 +1171,7 @@ asmlinkage long sys_ni_syscall(void);
#endif /* CONFIG_ARCH_HAS_SYSCALL_WRAPPER */
-asmlinkage long sys_ni_posix_timers(void);
+asmlinkage long sys_ni_posix_timers(const struct pt_regs *regs);
/*
* Kernel code should not call syscalls (i.e., sys_xyzyyz()) directly.
diff --git a/kernel/time/posix-stubs.c b/kernel/time/posix-stubs.c
index 828aeecbd1e8..29692354a908 100644
--- a/kernel/time/posix-stubs.c
+++ b/kernel/time/posix-stubs.c
@@ -22,7 +22,7 @@
#include <asm/syscall_wrapper.h>
#endif
-asmlinkage long sys_ni_posix_timers(void)
+asmlinkage long sys_ni_posix_timers(const struct pt_regs *regs)
{
pr_err_once("process %d (%s) attempted a POSIX timer syscall "
"while CONFIG_POSIX_TIMERS is not set\n",
