Skip to content

Commit dcb4a9c

Browse files
committed
fix_nvoc_ctor.cocci: fix NVOC_DYNAMIC_OBJ_CREATE CFI violations
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
1 parent 568a7b9 commit dcb4a9c

File tree

1 file changed

+43
-0
lines changed

1 file changed

+43
-0
lines changed

src/nvidia/fix_nvoc_ctor.cocci

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
// Coccinelle script to fix 'objCreatefn' function pointer casts to use proper
2+
// types to prevent runtime CFI violations, e.g. under RAP.
3+
//
4+
// As for fix_nvoc_dtor.cocci, we need to create a thunk.
5+
//
6+
// typedef NV_STATUS (*NVOC_DYNAMIC_OBJ_CREATE)(Dynamic**, Dynamic *pParent, NvU32 createFlags, va_list);
7+
//
8+
// (c) 2025,2026 Open Source Security, Inc. All Rights Reserved.
9+
10+
// replace function casts to (NVOC_DYNAMIC_OBJ_CREATE) with its thunk
11+
@ctor_cast@
12+
identifier fn;
13+
fresh identifier fnthunk = "THUNK_" ## fn;
14+
@@
15+
- (NVOC_DYNAMIC_OBJ_CREATE) &fn
16+
+ &fnthunk
17+
18+
// add decl for the thunk
19+
// XXX: little hacky, as the decl is in the .h file, thereby we cannot match on
20+
// XXX: @ctor_cast@ and need to use heuristics based on the function name.
21+
@thunk_decl@
22+
identifier fn =~ "^__nvoc_objCreateDynamic_";
23+
fresh identifier fnthunk = "THUNK_" ## fn;
24+
typedef NV_STATUS, Dynamic, NvU32, va_list;
25+
type T1, T2, T3, T4, R;
26+
@@
27+
// XXX: matching function decls is only poorly supported, so we need this hack
28+
-R fn(T1, T2, T3, T4)
29+
+R fn(T1, T2, T3, T4);
30+
+NV_STATUS fnthunk(Dynamic **, Dynamic *, NvU32, va_list)
31+
;
32+
33+
// add thunk function
34+
@thunk_def@
35+
identifier ctor_cast.fn, ctor_cast.fnthunk, a1, a2, a3, a4;
36+
typedef NV_STATUS, Dynamic, NvU32, va_list;
37+
type T1, T2, T3, T4, R;
38+
@@
39+
R fn(T1 a1, T2 a2, T3 a3, T4 a4) { ... }
40+
+
41+
+NV_STATUS fnthunk(Dynamic **a1, Dynamic *a2, NvU32 a3, va_list a4) {
42+
+ return fn((T1)a1, (T2)a2, a3, a4);
43+
+}

0 commit comments

Comments
 (0)