pCFI: Upgrade "Frame pointer is not on the stack" from FAULT to ALERT

Fixes #210
lkrg-org · Sep 23, 2024 · 4bcdc01 · 4bcdc01
1 parent fbd8966
commit 4bcdc01
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/modules/exploit_detection/p_exploit_detection.c b/src/modules/exploit_detection/p_exploit_detection.c
@@ -1673,6 +1673,9 @@ int p_ed_enforce_pcfi(struct task_struct *p_task, struct p_ed_process *p_orig, s
  p_sp_addr = p_regs_get_sp(p_regs);
 
  if (p_ed_pcfi_validate_sp(p_task,p_orig,p_sp_addr)) {
+#ifndef CONFIG_UNWINDER_ORC
+p_ed_enforce_pcfi_do:
+#endif
  // kill this process!
  p_pcfi_kill_task_by_task(p_task);
  p_not_valid = 1;
@@ -1692,8 +1695,9 @@ int p_ed_enforce_pcfi(struct task_struct *p_task, struct p_ed_process *p_orig, s
 
 #ifndef CONFIG_UNWINDER_ORC
  if (!p_is_obj_on_stack(p_task, p_fp)) {
- p_print_log(P_LOG_FAULT, "Frame pointer is not on the stack, so CFI is not enforced");
- goto p_ed_enforce_pcfi_out;
+ p_print_log(P_LOG_ALERT, "DETECT: Task: Frame pointer is not on the stack for pid %u, name %s",
+ task_pid_nr(p_task), p_task->comm);
+ goto p_ed_enforce_pcfi_do;
  }
 #endif