Re: [PATCH] tpm: Avoid function type cast of put_device()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Oct 21, 2022 at 02:33:09PM +0200, Ard Biesheuvel wrote:
> The TPM code registers put_device() as a devm cleanup handler, and casts
> the reference to the right function pointer type for this to be
> permitted by the compiler.
> 
> However, under kCFI, this is rejected at runtime, resulting in a splat
> like
> 
>    CFI failure at devm_action_release+0x24/0x3c (target: put_device+0x0/0x24; expected type: 0xa488ebfc)
>    Internal error: Oops - CFI: 0000000000000000 [#1] PREEMPT SMP
>    Modules linked in:  ...
>    CPU: 20 PID: 454 Comm: systemd-udevd Not tainted 6.1.0-rc1+ #51
>    Hardware name: Socionext SynQuacer E-series DeveloperBox, BIOS build #1 Oct  3 2022
>    pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>    pc : devm_action_release+0x24/0x3c
>    lr : devres_release_all+0xb4/0x114
>    sp : ffff800009bb3630
>    x29: ffff800009bb3630 x28: 0000000000000000 x27: 0000000000000011
>    x26: ffffaa6f9922c0c8 x25: 0000000000000002 x24: 000000000000000f
>    x23: ffff800009bb3648 x22: ffff7aefc3be2100 x21: ffff7aefc3be2e00
>    x20: 0000000000000005 x19: ffff7aefc1e1ec10 x18: ffff800009af70a8
>    x17: 00000000a488ebfc x16: 0000000094ee7df3 x15: 0000000000000000
>    x14: 4075c5c2ef7affff x13: e46a91c5c5e2ef42 x12: ffff7aefc2c57540
>    x11: 0000000000000001 x10: 0000000000000001 x9 : 0000000100000000
>    x8 : ffffaa6fa09b39b4 x7 : 7f7f7f7f7f7f7f7f x6 : 8000000000000000
>    x5 : 000000008020000e x4 : ffff7aefc2c57500 x3 : ffff800009bb3648
>    x2 : ffff800009bb3648 x1 : ffff7aefc3be2e80 x0 : ffff7aefc3bb7000
>    Call trace:
>     devm_action_release+0x24/0x3c
>     devres_release_all+0xb4/0x114
>     really_probe+0xb0/0x49c
>     __driver_probe_device+0x114/0x180
>     driver_probe_device+0x48/0x1ec
>     __driver_attach+0x118/0x284
>     bus_for_each_dev+0x94/0xe4
>     driver_attach+0x24/0x34
>     bus_add_driver+0x10c/0x220
>     driver_register+0x78/0x118
>     __platform_driver_register+0x24/0x34
>     init_module+0x20/0xfe4 [tpm_tis_synquacer]
>     do_one_initcall+0xd4/0x248
>     do_init_module+0x44/0x28c
>     load_module+0x16b4/0x1920
> 
> Fix this by going through a helper function of the correct type.
> 
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-- 
Kees Cook
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux