首頁 探索 說明
登入
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 5c86c450e2
分支列表 標籤列表
android_kernel_...
/
arch
/
x86
/
kernel
/
cfi.c

cfi.c 2.1 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. // SPDX-License-Identifier: GPL-2.0
    2. 

  2. /*
    3. 

  3.  * Clang Control Flow Integrity (CFI) support.
    4. 

  4.  *
    5. 

  5.  * Copyright (C) 2022 Google LLC
    6. 

  6.  */
    7. 

  7. #include <asm/cfi.h>
    8. 

  8. #include <asm/insn.h>
    9. 

  9. #include <asm/insn-eval.h>
    10. 

  10. #include <linux/string.h>
    11. 

  11. 

  12. /*
    13. 

  13.  * Returns the target address and the expected type when regs->ip points
    14. 

  14.  * to a compiler-generated CFI trap.
    15. 

  15.  */
    16. 

  16. static bool decode_cfi_insn(struct pt_regs *regs, unsigned long *target,
    17. 

  17. 			    u32 *type)
    18. 

  18. {
    19. 

  19. 	char buffer[MAX_INSN_SIZE];
    20. 

  20. 	struct insn insn;
    21. 

  21. 	int offset = 0;
    22. 

  22. 

  23. 	*target = *type = 0;
    24. 

  24. 

  25. 	/*
    26. 

  26. 	 * The compiler generates the following instruction sequence
    27. 

  27. 	 * for indirect call checks:
    28. 

  28. 	 *
    29. 

  29. 	 *   movl    -<id>, %r10d       ; 6 bytes
    30. 

  30. 	 *   addl    -4(%reg), %r10d    ; 4 bytes
    31. 

  31. 	 *   je      .Ltmp1             ; 2 bytes
    32. 

  32. 	 *   ud2                        ; <- regs->ip
    33. 

  33. 	 *   .Ltmp1:
    34. 

  34. 	 *
    35. 

  35. 	 * We can decode the expected type and the target address from the
    36. 

  36. 	 * movl/addl instructions.
    37. 

  37. 	 */
    38. 

  38. 	if (copy_from_kernel_nofault(buffer, (void *)regs->ip - 12, MAX_INSN_SIZE))
    39. 

  39. 		return false;
    40. 

  40. 	if (insn_decode_kernel(&insn, &buffer[offset]))
    41. 

  41. 		return false;
    42. 

  42. 	if (insn.opcode.value != 0xBA)
    43. 

  43. 		return false;
    44. 

  44. 

  45. 	*type = -(u32)insn.immediate.value;
    46. 

  46. 

  47. 	if (copy_from_kernel_nofault(buffer, (void *)regs->ip - 6, MAX_INSN_SIZE))
    48. 

  48. 		return false;
    49. 

  49. 	if (insn_decode_kernel(&insn, &buffer[offset]))
    50. 

  50. 		return false;
    51. 

  51. 	if (insn.opcode.value != 0x3)
    52. 

  52. 		return false;
    53. 

  53. 

  54. 	/* Read the target address from the register. */
    55. 

  55. 	offset = insn_get_modrm_rm_off(&insn, regs);
    56. 

  56. 	if (offset < 0)
    57. 

  57. 		return false;
    58. 

  58. 

  59. 	*target = *(unsigned long *)((void *)regs + offset);
    60. 

  60. 

  61. 	return true;
    62. 

  62. }
    63. 

  63. 

  64. /*
    65. 

  65.  * Checks if a ud2 trap is because of a CFI failure, and handles the trap
    66. 

  66.  * if needed. Returns a bug_trap_type value similarly to report_bug.
    67. 

  67.  */
    68. 

  68. enum bug_trap_type handle_cfi_failure(struct pt_regs *regs)
    69. 

  69. {
    70. 

  70. 	unsigned long target;
    71. 

  71. 	u32 type;
    72. 

  72. 

  73. 	if (!is_cfi_trap(regs->ip))
    74. 

  74. 		return BUG_TRAP_TYPE_NONE;
    75. 

  75. 

  76. 	if (!decode_cfi_insn(regs, &target, &type))
    77. 

  77. 		return report_cfi_failure_noaddr(regs, regs->ip);
    78. 

  78. 

  79. 	return report_cfi_failure(regs, regs->ip, &target, type);
    80. 

  80. }
    81. 

  81. 

  82. /*
    83. 

  83.  * Ensure that __kcfi_typeid_ symbols are emitted for functions that may
    84. 

  84.  * not be indirectly called with all configurations.
    85. 

  85.  */
    86. 

  86. __ADDRESSABLE(__memcpy)
    87.