summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 08eee1a)
raw | patch | inline | side by side (parent: 08eee1a)
| author | Chih-En Lin <shiyn.lin@gmail.com> | |
| Fri, 1 Jul 2022 13:09:38 +0000 (21:09 +0800) | ||
| committer | Chih-En Lin <shiyn.lin@gmail.com> | |
| Fri, 1 Jul 2022 13:31:08 +0000 (21:31 +0800) |
Currently, in 13.2 Flashing keyboard LEDs, the description of the
control-flow integrity, "Furthermore, the function prototype with
unsigned long argument may be an obstacle to the control-flow integrity
.", will confuse the reader.
It may lead the reader to think about hardware-assisted CFI like Intel
CET uses the shadow stack attack for ROP (backward-edge protection). But
the description of CFI here talks about the function pointer checking
with the prototype (forward-edge protection).
So add more information to make it more clear.
Close #151
control-flow integrity, "Furthermore, the function prototype with
unsigned long argument may be an obstacle to the control-flow integrity
.", will confuse the reader.
It may lead the reader to think about hardware-assisted CFI like Intel
CET uses the shadow stack attack for ROP (backward-edge protection). But
the description of CFI here talks about the function pointer checking
with the prototype (forward-edge protection).
So add more information to make it more clear.
Close #151
| lkmpg.tex | patch | blob | blame | history |
diff --git a/lkmpg.tex b/lkmpg.tex
index f7c94e58460b663e1a3737b576a66d7226f6de01..e460614e2a883c221059d2326aa59f3918767409 100644 (file)
--- a/lkmpg.tex
+++ b/lkmpg.tex
@@ -1700,10 +1700,11 @@ Keyboard LEDs are present on every hardware, they are always visible, they do no
From v4.14 to v4.15, the timer API made a series of changes to improve memory safety.
A buffer overflow in the area of a \cpp|timer_list| structure may be able to overwrite the \cpp|function| and \cpp|data| fields, providing the attacker with a way to use return-object programming (ROP) to call arbitrary functions within the kernel.
Also, the function prototype of the callback, containing a \cpp|unsigned long| argument, will prevent work from any type checking.
-Furthermore, the function prototype with \cpp|unsigned long| argument may be an obstacle to the \textit{control-flow integrity}.
+Furthermore, the function prototype with \cpp|unsigned long| argument may be an obstacle to the forward-edge protection of \textit{control-flow integrity}.
Thus, it is better to use a unique prototype to separate from the cluster that takes an \cpp|unsigned long| argument.
The timer callback should be passed a pointer to the \cpp|timer_list| structure rather than an \cpp|unsigned long| argument.
Then, it wraps all the information the callback needs, including the \cpp|timer_list| structure, into a larger structure, and it can use the \cpp|container_of| macro instead of the \cpp|unsigned long| value.
+For more information see: \href{https://lwn.net/Articles/735887/}{Improving the kernel timers API}.
Before Linux v4.14, \cpp|setup_timer| was used to initialize the timer and the \cpp|timer_list| structure looked like:
\begin{code}