8821au-20210708 icon indicating copy to clipboard operation
8821au-20210708 copied to clipboard

Published 20 hours ago verified publisher icon morrownr

Kernel panics if CONFIG_CFI_CLANG is enabled

Open King-Mucus opened this issue 1 year ago • 0 comments

CFI stands for "Control flow integrity". Here is the prompt for this kernel config option:

`This option enables Clang’s forward-edge Control Flow Integrity (CFI) checking, where the compiler injects a runtime check to each indirect function call to ensure the target is a valid function with the correct static type. This restricts possible call targets and makes it more difficult for an attacker to exploit bugs that allow the modification of stored function pointers. More information can be found from Clang's documentation:

https://clang.llvm.org/docs/ControlFlowIntegrity.html`

More info: https://www.kernelconfig.io/config_cfi_clang

Steps to reproduce:

  1. Compile your own kernel, enabling the CONFIG_CC_IS_CLANG and CONFIG_CFI_CLANG.
  2. Compile and install 8821au module
  3. Load the module

This instantly causes a kernel panic, immediately crashing the Linux system. The corresponding kernel panic message is displayed if you load the module within the console or during boot.

CFI is not specific to Clang/LLVM. I believe this might also affect GGC builds with analogous options enabled. This link might have useful info on that regard: https://patrickfunke.de/control-flow-integrity-cfi-for-gcc-llvm/

King-Mucus avatar Apr 07 '23 18:04 King-Mucus