WSL2-Linux-Kernel/fs/ext4
Kees Cook c98077f759 ext4: Fix function prototype mismatch for ext4_feat_ktype
commit 118901ad1f upstream.

With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed.

ext4_feat_ktype was setting the "release" handler to "kfree", which
doesn't have a matching function prototype. Add a simple wrapper
with the correct prototype.

This was found as a result of Clang's new -Wcast-function-type-strict
flag, which is more sensitive than the simpler -Wcast-function-type,
which only checks for type width mismatches.

Note that this code is only reached when ext4 is a loadable module and
it is being unloaded:

 CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698)
 ...
 RIP: 0010:kobject_put+0xbb/0x1b0
 ...
 Call Trace:
  <TASK>
  ext4_exit_sysfs+0x14/0x60 [ext4]
  cleanup_module+0x67/0xedb [ext4]

Fixes: b99fee58a2 ("ext4: create ext4_feat kobject dynamically")
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: stable@vger.kernel.org
Build-tested-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20230103234616.never.915-kees@kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20230104210908.gonna.388-kees@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-02-25 12:06:45 +01:00
..
.kunitconfig ext4: add .kunitconfig fragment to enable ext4-specific tests 2021-02-11 23:16:30 -05:00
Kconfig ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it 2021-02-11 23:12:59 -05:00
Makefile ext4: Move orphan inode handling into a separate file 2021-08-30 23:36:51 -04:00
acl.c vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
balloc.c ext4: use ext4_debug() instead of jbd_debug() 2023-01-12 11:59:04 +01:00
bitmap.c
block_validity.c ext4: standardize error message in ext4_protect_reserved_inode() 2020-12-17 13:30:55 -05:00
dir.c ext4: fix potential infinite loop in ext4_dx_readdir() 2021-10-01 00:05:09 -04:00
ext4.h ext4: don't set up encryption key during jbd2 transaction 2023-01-12 11:59:04 +01:00
ext4_extents.h ext4: fix sparse warnings 2021-08-30 23:36:50 -04:00
ext4_jbd2.c ext4: use ext4_debug() instead of jbd_debug() 2023-01-12 11:59:04 +01:00
ext4_jbd2.h ext4: Support for checksumming from journal triggers 2021-08-30 23:36:50 -04:00
extents.c ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline 2023-01-12 11:59:02 +01:00
extents_status.c ext4: fix reserved cluster accounting in __es_remove_extent() 2023-01-12 11:59:01 +01:00
extents_status.h
fast_commit.c ext4: fix off-by-one errors in fast-commit block filling 2023-01-12 11:59:05 +01:00
fast_commit.h ext4: add missing validation of fast-commit record lengths 2023-01-12 11:59:05 +01:00
file.c ext4: avoid crash when inline data creation follows DIO write 2022-10-26 12:34:28 +02:00
fsmap.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
fsmap.h ext4: fsmap: fix the block/inode bitmap comment 2021-06-24 09:48:29 -04:00
fsync.c block: use an on-stack bio in blkdev_issue_flush 2021-01-27 09:51:48 -07:00
hash.c ext4: handle casefolding with encryption 2021-04-05 22:04:20 -04:00
ialloc.c ext4: make directory inode spreading reflect flexbg size 2022-09-28 11:11:57 +02:00
indirect.c ext4: use ext4_debug() instead of jbd_debug() 2023-01-12 11:59:04 +01:00
inline.c ext4: correct max_inline_xattr_value_size computing 2022-08-17 14:24:27 +02:00
inode-test.c fs: ext4: Modify inode-test.c to use KUnit parameterized testing feature 2020-12-02 16:07:25 -07:00
inode.c ext4: use ext4_debug() instead of jbd_debug() 2023-01-12 11:59:04 +01:00
ioctl.c ext4: initialize quota before expanding inode in setproject ioctl 2023-01-12 11:59:03 +01:00
mballoc.c ext4: use locality group preallocation for small closed files 2022-09-28 11:11:58 +02:00
mballoc.h ext4: fix various seppling typos 2021-04-09 23:14:59 -04:00
migrate.c ext4: fix warning in 'ext4_da_release_space' 2022-11-10 18:15:40 +01:00
mmp.c ext4: fix potential uninitialized access to retval in kmmpd 2021-07-23 07:31:29 -04:00
move_extent.c ext4: use common helpers in all places reading metadata buffers 2020-10-18 10:37:14 -04:00
namei.c ext4: don't set up encryption key during jbd2 transaction 2023-01-12 11:59:04 +01:00
orphan.c ext4: use ext4_debug() instead of jbd_debug() 2023-01-12 11:59:04 +01:00
page-io.c ext4: fix symlink file size not match to file content 2022-04-27 14:39:01 +02:00
readpage.c block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
resize.c ext4: fix bad checksum after online resize 2023-02-06 07:59:01 +01:00
super.c ext4: don't allow journal inode to have encrypt flag 2023-01-12 11:59:19 +01:00
symlink.c ext4: report correct st_size for encrypted symlinks 2021-07-25 20:01:06 -07:00
sysfs.c ext4: Fix function prototype mismatch for ext4_feat_ktype 2023-02-25 12:06:45 +01:00
truncate.h ext4: Convert to use mapping->invalidate_lock 2021-07-13 14:29:00 +02:00
verity.c fs: ext4: initialize fsdata in pagecache_write() 2023-01-12 11:59:00 +01:00
xattr.c ext4: fix deadlock due to mbcache entry corruption 2023-01-12 11:59:07 +01:00
xattr.h ext4: remove EA inode entry from mbcache on inode eviction 2022-08-17 14:24:27 +02:00
xattr_hurd.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_security.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_trusted.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_user.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00