> Clang's Control Flow Integrity (CFI) is a security mechanism that can > help prevent JOP chains, deployed extensively in downstream kernels > used in Android. > > It's deployment is hindered by mismatches in function signatures. For > this case, we make callbacks match their intended function signature, > and cast parameters within them rather than casting the callback when > passed as a parameter. > > When running `mount -t ntfs ...` we observe the following trace: > > Call trace: > __cfi_check_fail+0x1c/0x24 > name_to_dev_t+0x0/0x404 > iget5_locked+0x594/0x5e8 > ntfs_fill_super+0xbfc/0x43ec > mount_bdev+0x30c/0x3cc > ntfs_mount+0x18/0x24 > mount_fs+0x1b0/0x380 > vfs_kern_mount+0x90/0x398 > do_mount+0x5d8/0x1a10 > SyS_mount+0x108/0x144 > el0_svc_naked+0x34/0x38 > > Signed-off-by: Luca Stefani <luca.stefani.ge1@xxxxxxxxx> > Tested-by: freak07 <michalechner92@xxxxxxxxxxxxxx> > Acked-by: Anton Altaparmakov <anton@xxxxxxxxxx> > --- > fs/ntfs/dir.c | 2 +- > fs/ntfs/inode.c | 27 ++++++++++++++------------- > fs/ntfs/inode.h | 4 +--- > fs/ntfs/mft.c | 4 ++-- > 4 files changed, 18 insertions(+), 19 deletions(-) > Hi, I think stable tree should pick this change. Below is the mainline commit. (1146f7e2dc15 ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type) 5.4 stable have the same issue when CFI is enabled.
