| Message ID | 20220427001226.1224704-1-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 77acbdc0f314b7040afcc02be267fe71161f4ac7 |
| Headers | show |
| Series | lkdtm: cfi: Fix type width for masking PAC bits | expand |
Hi Kees, On Wed, Apr 27, 2022 at 2:12 AM Kees Cook <keescook@chromium.org> wrote: > The masking for PAC bits wasn't handling 32-bit architectures correctly. > Replace the u64 cast with uintptr_t. > > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> > Link: https://lore.kernel.org/lkml/CAMuHMdVz-J-1ZQ08u0bsQihDkcRmEPrtX5B_oRJ+Ns5jrasnUw@mail.gmail.com > Fixes: 2e53b877dc12 ("lkdtm: Add CFI_BACKWARD to test ROP mitigations") > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Cc: Arnd Bergmann <arnd@arndb.de> > Signed-off-by: Kees Cook <keescook@chromium.org> Thank you, that fixes the m68k allmodconfig build, so Tested-by: Geert Uytterhoeven <geert@linux-m68k.org> > --- a/drivers/misc/lkdtm/cfi.c > +++ b/drivers/misc/lkdtm/cfi.c > @@ -59,7 +59,7 @@ static void lkdtm_CFI_FORWARD_PROTO(void) > #endif > > #define no_pac_addr(addr) \ > - ((__force __typeof__(addr))((__force u64)(addr) | PAGE_OFFSET)) > + ((__force __typeof__(addr))((uintptr_t)(addr) | PAGE_OFFSET)) Not related to this patch, but "| PAGE_OFFSET" is not identical to "+ PAGE_OFFSET" for large kernel sizes. More specifically, I'm thinking about platforms where "large" would be >= 32 MiB: arch/mips/include/asm/mach-ar7/spaces.h:#define PAGE_OFFSET _AC(0x94000000, UL) or >= 128 MiB: arch/x86/Kconfig: default 0x78000000 if VMSPLIT_2G_OPT Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
On 4/26/22 17:12, Kees Cook wrote: > The masking for PAC bits wasn't handling 32-bit architectures correctly. > Replace the u64 cast with uintptr_t. > > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> > Link: https://lore.kernel.org/lkml/CAMuHMdVz-J-1ZQ08u0bsQihDkcRmEPrtX5B_oRJ+Ns5jrasnUw@mail.gmail.com > Fixes: 2e53b877dc12 ("lkdtm: Add CFI_BACKWARD to test ROP mitigations") > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Cc: Arnd Bergmann <arnd@arndb.de> > Signed-off-by: Kees Cook <keescook@chromium.org> Tested-by: Randy Dunlap <rdunlap@infradead.org> fwiw Thanks. > --- > drivers/misc/lkdtm/cfi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/misc/lkdtm/cfi.c b/drivers/misc/lkdtm/cfi.c > index 804965a480b7..666a7f4bc137 100644 > --- a/drivers/misc/lkdtm/cfi.c > +++ b/drivers/misc/lkdtm/cfi.c > @@ -59,7 +59,7 @@ static void lkdtm_CFI_FORWARD_PROTO(void) > #endif > > #define no_pac_addr(addr) \ > - ((__force __typeof__(addr))((__force u64)(addr) | PAGE_OFFSET)) > + ((__force __typeof__(addr))((uintptr_t)(addr) | PAGE_OFFSET)) > > /* The ultimate ROP gadget. */ > static noinline __no_ret_protection
diff --git a/drivers/misc/lkdtm/cfi.c b/drivers/misc/lkdtm/cfi.c index 804965a480b7..666a7f4bc137 100644 --- a/drivers/misc/lkdtm/cfi.c +++ b/drivers/misc/lkdtm/cfi.c @@ -59,7 +59,7 @@ static void lkdtm_CFI_FORWARD_PROTO(void) #endif #define no_pac_addr(addr) \ - ((__force __typeof__(addr))((__force u64)(addr) | PAGE_OFFSET)) + ((__force __typeof__(addr))((uintptr_t)(addr) | PAGE_OFFSET)) /* The ultimate ROP gadget. */ static noinline __no_ret_protection
The masking for PAC bits wasn't handling 32-bit architectures correctly. Replace the u64 cast with uintptr_t. Reported-by: kernel test robot <lkp@intel.com> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Link: https://lore.kernel.org/lkml/CAMuHMdVz-J-1ZQ08u0bsQihDkcRmEPrtX5B_oRJ+Ns5jrasnUw@mail.gmail.com Fixes: 2e53b877dc12 ("lkdtm: Add CFI_BACKWARD to test ROP mitigations") Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/misc/lkdtm/cfi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)