diff --git a/patches.kernel.org/6.2.1-010-ext4-Fix-function-prototype-mismatch-for-ext4_f.patch b/patches.kernel.org/6.2.1-010-ext4-Fix-function-prototype-mismatch-for-ext4_f.patch new file mode 100644 index 0000000..9d44eeb --- /dev/null +++ b/patches.kernel.org/6.2.1-010-ext4-Fix-function-prototype-mismatch-for-ext4_f.patch @@ -0,0 +1,80 @@ +From: Kees Cook +Date: Wed, 4 Jan 2023 13:09:12 -0800 +Subject: [PATCH] ext4: Fix function prototype mismatch for ext4_feat_ktype +References: bsc#1012628 +Patch-mainline: 6.2.1 +Git-commit: 118901ad1f25d2334255b3d50512fa20591531cd + +commit 118901ad1f25d2334255b3d50512fa20591531cd upstream. + +With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), +indirect call targets are validated against the expected function +pointer prototype to make sure the call target is valid to help mitigate +ROP attacks. If they are not identical, there is a failure at run time, +which manifests as either a kernel panic or thread getting killed. + +ext4_feat_ktype was setting the "release" handler to "kfree", which +doesn't have a matching function prototype. Add a simple wrapper +with the correct prototype. + +This was found as a result of Clang's new -Wcast-function-type-strict +flag, which is more sensitive than the simpler -Wcast-function-type, +which only checks for type width mismatches. + +Note that this code is only reached when ext4 is a loadable module and +it is being unloaded: + + CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698) + ... + RIP: 0010:kobject_put+0xbb/0x1b0 + ... + Call Trace: + + ext4_exit_sysfs+0x14/0x60 [ext4] + cleanup_module+0x67/0xedb [ext4] + +Fixes: b99fee58a20a ("ext4: create ext4_feat kobject dynamically") +Cc: Theodore Ts'o +Cc: Eric Biggers +Cc: stable@vger.kernel.org +Build-tested-by: Gustavo A. R. Silva +Reviewed-by: Gustavo A. R. Silva +Reviewed-by: Nathan Chancellor +Link: https://lore.kernel.org/r/20230103234616.never.915-kees@kernel.org +Signed-off-by: Kees Cook +Reviewed-by: Eric Biggers +Link: https://lore.kernel.org/r/20230104210908.gonna.388-kees@kernel.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + fs/ext4/sysfs.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c +index d233c24e..e2b8b343 100644 +--- a/fs/ext4/sysfs.c ++++ b/fs/ext4/sysfs.c +@@ -491,6 +491,11 @@ static void ext4_sb_release(struct kobject *kobj) + complete(&sbi->s_kobj_unregister); + } + ++static void ext4_feat_release(struct kobject *kobj) ++{ ++ kfree(kobj); ++} ++ + static const struct sysfs_ops ext4_attr_ops = { + .show = ext4_attr_show, + .store = ext4_attr_store, +@@ -505,7 +510,7 @@ static struct kobj_type ext4_sb_ktype = { + static struct kobj_type ext4_feat_ktype = { + .default_groups = ext4_feat_groups, + .sysfs_ops = &ext4_attr_ops, +- .release = (void (*)(struct kobject *))kfree, ++ .release = ext4_feat_release, + }; + + void ext4_notify_error_sysfs(struct ext4_sb_info *sbi) +-- +2.35.3 + diff --git a/series.conf b/series.conf index e43418a..78a296d 100644 --- a/series.conf +++ b/series.conf @@ -36,6 +36,7 @@ patches.kernel.org/6.2.1-007-audit-update-the-mailing-list-in-MAINTAINERS.patch patches.kernel.org/6.2.1-008-platform-x86-amd-pmf-Add-depends-on-CONFIG_POWE.patch patches.kernel.org/6.2.1-009-platform-x86-nvidia-wmi-ec-backlight-Add-force-.patch + patches.kernel.org/6.2.1-010-ext4-Fix-function-prototype-mismatch-for-ext4_f.patch ######################################################## # Build fixes that apply to the vanilla kernel too.