Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFI failure in drivers/acpi/bgrt.c #1406

Closed
nathanchance opened this issue Jun 23, 2021 · 2 comments
Closed

CFI failure in drivers/acpi/bgrt.c #1406

nathanchance opened this issue Jun 23, 2021 · 2 comments
Assignees
@nathanchance
Labels
[BUG] linux A bug that should be fixed in the mainline kernel. [FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity [FIXED][LINUX] 5.14 This bug was fixed in Linux 5.14

Comments

@nathanchance
Copy link
Member 

[  267.761818] ------------[ cut here ]------------
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.761845] WARNING: CPU: 3 PID: 1356 at kernel/cfi.c:29 __ubsan_handle_cfi_check_fail+0x33/0x40
[  267.761855] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel joydev at24 mousedev mei_hdcp asus_nb_wmi iTCO_wdt kvm asus_wmi intel_pmc_bxt hid_multitouch intel_rapl_msr iTCO_vendor_support sparse_keymap i915 irqbypass iwlmvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel mac80211 snd_hda_codec_realtek snd_hda_codec_generic aesni_intel ledtrig_audio uvcvideo crypto_simd libarc4 snd_hda_intel cryptd snd_intel_dspcfg ttm snd_intel_sdw_acpi videobuf2_vmalloc i2c_algo_bit rapl videobuf2_memops iwlwifi snd_hda_codec videobuf2_v4l2 ak8975 intel_cstate btusb intel_uncore drm_kms_helper btrtl videobuf2_common snd_hda_core btintel btbcm processor_thermal_device vfat videodev cec psmouse snd_hwdep i2c_i801 processor_thermal_rfim bluetooth pcspkr fat snd_pcm cfg80211 intel_gtt processor_thermal_mbox processor_thermal_rapl ecdh_generic i2c_smbus agpgart snd_timer mei_me ecc intel_rapl_common
[  267.761957]  sysimgblt mc syscopyarea usbhid snd crc16 int340x_thermal_zone sysfillrect lpc_ich rfkill mei fb_sys_fops soundcore intel_soc_dts_iosf wmi inv_mpu6050_i2c inv_mpu6050 video acpi_als dell_smo8800 industrialio_triggered_buffer i2c_mux kfifo_buf int3400_thermal industrialio soc_button_array acpi_thermal_rel mac_hid asus_wireless drm fuse pkcs8_key_parser bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic serio_raw atkbd libps2 xhci_pci crc32c_intel i8042 xhci_pci_renesas serio
[  267.762010] CPU: 3 PID: 1356 Comm: read_all Tainted: G        W         5.13.0-rc7-next-20210622-cfi-00023-g139059454c14 #1
[  267.762015] Hardware name: ASUSTeK COMPUTER INC. Q302LA/Q302LA, BIOS Q302LA.203 05/15/2014
[  267.762018] RIP: 0010:__ubsan_handle_cfi_check_fail+0x33/0x40
[  267.762025] Code: 48 c7 c7 28 49 cf bb 48 c7 c6 a9 73 88 bb e8 34 21 39 00 85 c0 75 02 5b c3 48 c7 c7 4f 7b 82 bb 48 89 de 31 c0 e8 0d 4e e3 ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 85 f6 74 25 41 b9 ea ff ff
[  267.762030] RSP: 0018:ffffbbe6c1a8fd48 EFLAGS: 00010246
[  267.762034] RAX: 377a89fc5e6a8300 RBX: ffffffffbac48f80 RCX: 0000000000000027
[  267.762037] RDX: c0000000fff7ffff RSI: ffffbbe6c1a8fc10 RDI: ffff95fe52799558
[  267.762040] RBP: ffffffffbb933798 R08: 0000000000000000 R09: ffff95fe5aa00000
[  267.762042] R10: 0000000000000000 R11: 00000000fff7ffff R12: ffff95fd40d97000
[  267.762045] R13: ffffffffbac36d38 R14: ffff95fd43ae8000 R15: ffffffffbbcf58e8
[  267.762048] FS:  00007fac49da4740(0000) GS:ffff95fe52780000(0000) knlGS:0000000000000000
[  267.762052] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.762055] CR2: 00007ffec1e5fff0 CR3: 00000001124be006 CR4: 00000000001706e0
[  267.762058] Call Trace:
[  267.762063]  ? sriov_numvfs_show.73a2e77a6db0571a8e0a653199da1033.cfi_jt+0x8/0x8
[  267.762072]  __cfi_check+0x50a64/0x53ef0
[  267.762078]  kobj_attr_show.a042bf906f94fc2f512c48bcc41c82c2+0x73/0x80
[  267.762085]  sysfs_kf_seq_show.dd8aaab44953102b1caeadaa95ffe6cd+0xbe/0x140
[  267.762094]  ? uart_proc_show.6bf11b7709e97fbffabb5ad5cb853962.cfi_jt+0x8/0x8
[  267.762104]  ? get_rid_cb.82c1e48ba220f6aaf5c7a5e77aa28377.cfi_jt+0x10/0x10
[  267.762113]  seq_read_iter+0x19d/0x690
[  267.762128]  ? configfs_read_iter.8deedd4ede62ee51185fbb0a8add7642.cfi_jt+0x8/0x8
[  267.762137]  vfs_read+0x2f7/0x3b0
[  267.762156]  ksys_read+0x66/0xd0
[  267.762162]  ? __ia32_sys_process_madvise.cfi_jt+0x8/0x8
[  267.762170]  do_syscall_64+0x69/0xd0
[  267.762178]  ? __irq_exit_rcu.llvm.6104590644448514954+0x40/0xc0
[  267.762184]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.762190] RIP: 0033:0x7fac49f85762
[  267.762194] Code: 48 8b 15 69 98 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
[  267.762198] RSP: 002b:00007ffec1e70bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  267.762202] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fac49f85762
[  267.762205] RDX: 00000000000003ff RSI: 00007ffec1e710b0 RDI: 0000000000000003
[  267.762208] RBP: 000000003e18f351 R08: 0000000000000010 R09: 00007ffec1e702f0
[  267.762211] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac49fa3000
[  267.762214] R13: 000055faf33db010 R14: 00007ffec1e710b0 R15: 00007ffec1e70cb0
[  267.762219] ---[ end trace a4b20c39b367ab11 ]---
[  267.762244] ------------[ cut here ]------------
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762259] WARNING: CPU: 3 PID: 1356 at kernel/cfi.c:29 __ubsan_handle_cfi_check_fail+0x33/0x40
[  267.762268] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel joydev at24 mousedev mei_hdcp asus_nb_wmi iTCO_wdt kvm asus_wmi intel_pmc_bxt hid_multitouch intel_rapl_msr iTCO_vendor_support sparse_keymap i915 irqbypass iwlmvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel mac80211 snd_hda_codec_realtek snd_hda_codec_generic aesni_intel ledtrig_audio uvcvideo crypto_simd libarc4 snd_hda_intel cryptd snd_intel_dspcfg ttm snd_intel_sdw_acpi videobuf2_vmalloc i2c_algo_bit rapl videobuf2_memops iwlwifi snd_hda_codec videobuf2_v4l2 ak8975 intel_cstate btusb intel_uncore drm_kms_helper btrtl videobuf2_common snd_hda_core btintel btbcm processor_thermal_device vfat videodev cec psmouse snd_hwdep i2c_i801 processor_thermal_rfim bluetooth pcspkr fat snd_pcm cfg80211 intel_gtt processor_thermal_mbox processor_thermal_rapl ecdh_generic i2c_smbus agpgart snd_timer mei_me ecc intel_rapl_common
[  267.762347]  sysimgblt mc syscopyarea usbhid snd crc16 int340x_thermal_zone sysfillrect lpc_ich rfkill mei fb_sys_fops soundcore intel_soc_dts_iosf wmi inv_mpu6050_i2c inv_mpu6050 video acpi_als dell_smo8800 industrialio_triggered_buffer i2c_mux kfifo_buf int3400_thermal industrialio soc_button_array acpi_thermal_rel mac_hid asus_wireless drm fuse pkcs8_key_parser bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic serio_raw atkbd libps2 xhci_pci crc32c_intel i8042 xhci_pci_renesas serio
[  267.762393] CPU: 3 PID: 1356 Comm: read_all Tainted: G        W         5.13.0-rc7-next-20210622-cfi-00023-g139059454c14 #1
[  267.762397] Hardware name: ASUSTeK COMPUTER INC. Q302LA/Q302LA, BIOS Q302LA.203 05/15/2014
[  267.762400] RIP: 0010:__ubsan_handle_cfi_check_fail+0x33/0x40
[  267.762406] Code: 48 c7 c7 28 49 cf bb 48 c7 c6 a9 73 88 bb e8 34 21 39 00 85 c0 75 02 5b c3 48 c7 c7 4f 7b 82 bb 48 89 de 31 c0 e8 0d 4e e3 ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 85 f6 74 25 41 b9 ea ff ff
[  267.762410] RSP: 0018:ffffbbe6c1a8fd48 EFLAGS: 00010246
[  267.762413] RAX: 377a89fc5e6a8300 RBX: ffffffffbac49178 RCX: 0000000000000027
[  267.762415] RDX: c0000000fff7ffff RSI: ffffbbe6c1a8fc10 RDI: ffff95fe52799558
[  267.762418] RBP: ffffffffbb933798 R08: 0000000000000000 R09: ffff95fe5aa00000
[  267.762421] R10: 0000000000000000 R11: 00000000fff7ffff R12: ffff95fd40d97000
[  267.762423] R13: ffffffffbac36d38 R14: ffff95fd43ae8000 R15: ffffffffbbd5ef20
[  267.762426] FS:  00007fac49da4740(0000) GS:ffff95fe52780000(0000) knlGS:0000000000000000
[  267.762429] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.762433] CR2: 00007ffec1e5fff0 CR3: 00000001124be006 CR4: 00000000001706e0
[  267.762436] Call Trace:
[  267.762438]  ? mapping21_show.5fcbee2a76db2fdde54cc6c2c5a8bb67.cfi_jt+0x8/0x8
[  267.762446]  __cfi_check+0x50a64/0x53ef0
[  267.762452]  kobj_attr_show.a042bf906f94fc2f512c48bcc41c82c2+0x73/0x80
[  267.762458]  sysfs_kf_seq_show.dd8aaab44953102b1caeadaa95ffe6cd+0xbe/0x140
[  267.762465]  ? uart_proc_show.6bf11b7709e97fbffabb5ad5cb853962.cfi_jt+0x8/0x8
[  267.762473]  ? get_rid_cb.82c1e48ba220f6aaf5c7a5e77aa28377.cfi_jt+0x10/0x10
[  267.762481]  seq_read_iter+0x19d/0x690
[  267.762486]  ? configfs_read_iter.8deedd4ede62ee51185fbb0a8add7642.cfi_jt+0x8/0x8
[  267.762493]  vfs_read+0x2f7/0x3b0
[  267.762500]  ksys_read+0x66/0xd0
[  267.762505]  ? __ia32_sys_process_madvise.cfi_jt+0x8/0x8
[  267.762511]  do_syscall_64+0x69/0xd0
[  267.762517]  ? __irq_exit_rcu.llvm.6104590644448514954+0x40/0xc0
[  267.762522]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.762527] RIP: 0033:0x7fac49f85762
[  267.762531] Code: 48 8b 15 69 98 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
[  267.762534] RSP: 002b:00007ffec1e70bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  267.762538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fac49f85762
[  267.762540] RDX: 00000000000003ff RSI: 00007ffec1e710b0 RDI: 0000000000000003
[  267.762543] RBP: 000000003e18f351 R08: 0000000000000010 R09: 00007ffec1e702f0
[  267.762546] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac49fa3000
[  267.762548] R13: 000055faf33db010 R14: 00007ffec1e710b0 R15: 00007ffec1e70cb0
[  267.762553] ---[ end trace a4b20c39b367ab12 ]---
[  267.762582] ------------[ cut here ]------------
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762600] WARNING: CPU: 3 PID: 1356 at kernel/cfi.c:29 __ubsan_handle_cfi_check_fail+0x33/0x40
[  267.762608] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel joydev at24 mousedev mei_hdcp asus_nb_wmi iTCO_wdt kvm asus_wmi intel_pmc_bxt hid_multitouch intel_rapl_msr iTCO_vendor_support sparse_keymap i915 irqbypass iwlmvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel mac80211 snd_hda_codec_realtek snd_hda_codec_generic aesni_intel ledtrig_audio uvcvideo crypto_simd libarc4 snd_hda_intel cryptd snd_intel_dspcfg ttm snd_intel_sdw_acpi videobuf2_vmalloc i2c_algo_bit rapl videobuf2_memops iwlwifi snd_hda_codec videobuf2_v4l2 ak8975 intel_cstate btusb intel_uncore drm_kms_helper btrtl videobuf2_common snd_hda_core btintel btbcm processor_thermal_device vfat videodev cec psmouse snd_hwdep i2c_i801 processor_thermal_rfim bluetooth pcspkr fat snd_pcm cfg80211 intel_gtt processor_thermal_mbox processor_thermal_rapl ecdh_generic i2c_smbus agpgart snd_timer mei_me ecc intel_rapl_common
[  267.762691]  sysimgblt mc syscopyarea usbhid snd crc16 int340x_thermal_zone sysfillrect lpc_ich rfkill mei fb_sys_fops soundcore intel_soc_dts_iosf wmi inv_mpu6050_i2c inv_mpu6050 video acpi_als dell_smo8800 industrialio_triggered_buffer i2c_mux kfifo_buf int3400_thermal industrialio soc_button_array acpi_thermal_rel mac_hid asus_wireless drm fuse pkcs8_key_parser bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic serio_raw atkbd libps2 xhci_pci crc32c_intel i8042 xhci_pci_renesas serio
[  267.762741] CPU: 3 PID: 1356 Comm: read_all Tainted: G        W         5.13.0-rc7-next-20210622-cfi-00023-g139059454c14 #1
[  267.762746] Hardware name: ASUSTeK COMPUTER INC. Q302LA/Q302LA, BIOS Q302LA.203 05/15/2014
[  267.762749] RIP: 0010:__ubsan_handle_cfi_check_fail+0x33/0x40
[  267.762756] Code: 48 c7 c7 28 49 cf bb 48 c7 c6 a9 73 88 bb e8 34 21 39 00 85 c0 75 02 5b c3 48 c7 c7 4f 7b 82 bb 48 89 de 31 c0 e8 0d 4e e3 ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 85 f6 74 25 41 b9 ea ff ff
[  267.762759] RSP: 0018:ffffbbe6c1a8fd48 EFLAGS: 00010246
[  267.762763] RAX: 377a89fc5e6a8300 RBX: ffffffffbac4a780 RCX: 0000000000000027
[  267.762766] RDX: c0000000fff7ffff RSI: ffffbbe6c1a8fc10 RDI: ffff95fe52799558
[  267.762769] RBP: ffffffffbb933798 R08: 0000000000000000 R09: ffff95fe5aa00000
[  267.762773] R10: 0000000000000000 R11: 00000000fff7ffff R12: ffff95fd40d97000
[  267.762775] R13: ffffffffbac36d38 R14: ffff95fd43ae8000 R15: ffffffffbbd58af0
[  267.762778] FS:  00007fac49da4740(0000) GS:ffff95fe52780000(0000) knlGS:0000000000000000
[  267.762783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.762786] CR2: 00007ffec1e5fff0 CR3: 00000001124be006 CR4: 00000000001706e0
[  267.762789] Call Trace:
[  267.762792]  ? edge_show.bf2007b7aed0a1ecb9063b3e3e2f91ee.cfi_jt+0x8/0x8
[  267.762801]  __cfi_check+0x50a64/0x53ef0
[  267.762807]  kobj_attr_show.a042bf906f94fc2f512c48bcc41c82c2+0x73/0x80
[  267.762813]  sysfs_kf_seq_show.dd8aaab44953102b1caeadaa95ffe6cd+0xbe/0x140
[  267.762821]  ? uart_proc_show.6bf11b7709e97fbffabb5ad5cb853962.cfi_jt+0x8/0x8
[  267.762830]  ? get_rid_cb.82c1e48ba220f6aaf5c7a5e77aa28377.cfi_jt+0x10/0x10
[  267.762838]  seq_read_iter+0x19d/0x690
[  267.762843]  ? configfs_read_iter.8deedd4ede62ee51185fbb0a8add7642.cfi_jt+0x8/0x8
[  267.762866]  vfs_read+0x2f7/0x3b0
[  267.762875]  ksys_read+0x66/0xd0
[  267.762881]  ? __ia32_sys_process_madvise.cfi_jt+0x8/0x8
[  267.762889]  do_syscall_64+0x69/0xd0
[  267.762895]  ? __irq_exit_rcu.llvm.6104590644448514954+0x40/0xc0
[  267.762901]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.762908] RIP: 0033:0x7fac49f85762
[  267.762911] Code: 48 8b 15 69 98 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
[  267.762915] RSP: 002b:00007ffec1e70bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  267.762920] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fac49f85762
[  267.762923] RDX: 00000000000003ff RSI: 00007ffec1e710b0 RDI: 0000000000000003
[  267.762926] RBP: 000000003e18f351 R08: 0000000000000010 R09: 00007ffec1e702f0
[  267.762928] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac49fa3000
[  267.762932] R13: 000055faf33db010 R14: 00007ffec1e710b0 R15: 00007ffec1e70cb0
[  267.762937] ---[ end trace a4b20c39b367ab13 ]---
[  267.762971] ------------[ cut here ]------------
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762987] WARNING: CPU: 3 PID: 1356 at kernel/cfi.c:29 __ubsan_handle_cfi_check_fail+0x33/0x40
[  267.762996] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel joydev at24 mousedev mei_hdcp asus_nb_wmi iTCO_wdt kvm asus_wmi intel_pmc_bxt hid_multitouch intel_rapl_msr iTCO_vendor_support sparse_keymap i915 irqbypass iwlmvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel mac80211 snd_hda_codec_realtek snd_hda_codec_generic aesni_intel ledtrig_audio uvcvideo crypto_simd libarc4 snd_hda_intel cryptd snd_intel_dspcfg ttm snd_intel_sdw_acpi videobuf2_vmalloc i2c_algo_bit rapl videobuf2_memops iwlwifi snd_hda_codec videobuf2_v4l2 ak8975 intel_cstate btusb intel_uncore drm_kms_helper btrtl videobuf2_common snd_hda_core btintel btbcm processor_thermal_device vfat videodev cec psmouse snd_hwdep i2c_i801 processor_thermal_rfim bluetooth pcspkr fat snd_pcm cfg80211 intel_gtt processor_thermal_mbox processor_thermal_rapl ecdh_generic i2c_smbus agpgart snd_timer mei_me ecc intel_rapl_common
[  267.763078]  sysimgblt mc syscopyarea usbhid snd crc16 int340x_thermal_zone sysfillrect lpc_ich rfkill mei fb_sys_fops soundcore intel_soc_dts_iosf wmi inv_mpu6050_i2c inv_mpu6050 video acpi_als dell_smo8800 industrialio_triggered_buffer i2c_mux kfifo_buf int3400_thermal industrialio soc_button_array acpi_thermal_rel mac_hid asus_wireless drm fuse pkcs8_key_parser bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic serio_raw atkbd libps2 xhci_pci crc32c_intel i8042 xhci_pci_renesas serio
[  267.763130] CPU: 3 PID: 1356 Comm: read_all Tainted: G        W         5.13.0-rc7-next-20210622-cfi-00023-g139059454c14 #1
[  267.763135] Hardware name: ASUSTeK COMPUTER INC. Q302LA/Q302LA, BIOS Q302LA.203 05/15/2014
[  267.763138] RIP: 0010:__ubsan_handle_cfi_check_fail+0x33/0x40
[  267.763144] Code: 48 c7 c7 28 49 cf bb 48 c7 c6 a9 73 88 bb e8 34 21 39 00 85 c0 75 02 5b c3 48 c7 c7 4f 7b 82 bb 48 89 de 31 c0 e8 0d 4e e3 ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 85 f6 74 25 41 b9 ea ff ff
[  267.763148] RSP: 0018:ffffbbe6c1a8fd48 EFLAGS: 00010246
[  267.763152] RAX: 377a89fc5e6a8300 RBX: ffffffffbac4a758 RCX: 0000000000000027
[  267.763155] RDX: c0000000fff7ffff RSI: ffffbbe6c1a8fc10 RDI: ffff95fe52799558
[  267.763158] RBP: ffffffffbb933798 R08: 0000000000000000 R09: ffff95fe5aa00000
[  267.763161] R10: 0000000000000000 R11: 00000000fff7ffff R12: ffff95fd40d97000
[  267.763164] R13: ffffffffbac36d38 R14: ffff95fd43ae8000 R15: ffffffffbbd5ef40
[  267.763167] FS:  00007fac49da4740(0000) GS:ffff95fe52780000(0000) knlGS:0000000000000000
[  267.763171] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.763174] CR2: 00007ffec1e5fff0 CR3: 00000001124be006 CR4: 00000000001706e0
[  267.763178] Call Trace:
[  267.763180]  ? phys_index_show.7d2fae191844e237e591f0395a2a395f.cfi_jt+0x8/0x8
[  267.763188]  __cfi_check+0x50a64/0x53ef0
[  267.763194]  kobj_attr_show.a042bf906f94fc2f512c48bcc41c82c2+0x73/0x80
[  267.763201]  sysfs_kf_seq_show.dd8aaab44953102b1caeadaa95ffe6cd+0xbe/0x140
[  267.763209]  ? uart_proc_show.6bf11b7709e97fbffabb5ad5cb853962.cfi_jt+0x8/0x8
[  267.763217]  ? get_rid_cb.82c1e48ba220f6aaf5c7a5e77aa28377.cfi_jt+0x10/0x10
[  267.763226]  seq_read_iter+0x19d/0x690
[  267.763231] systemd-journald[214]: Compressed data object 989 -> 537 using ZSTD
[  267.763230]  ? configfs_read_iter.8deedd4ede62ee51185fbb0a8add7642.cfi_jt+0x8/0x8
[  267.763238]  vfs_read+0x2f7/0x3b0
[  267.763247]  ksys_read+0x66/0xd0
[  267.763252]  ? __ia32_sys_process_madvise.cfi_jt+0x8/0x8
[  267.763259]  do_syscall_64+0x69/0xd0
[  267.763265]  ? __irq_exit_rcu.llvm.6104590644448514954+0x40/0xc0
[  267.763272]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.763278] RIP: 0033:0x7fac49f85762
[  267.763282] Code: 48 8b 15 69 98 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
[  267.763285] RSP: 002b:00007ffec1e70bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  267.763290] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fac49f85762
[  267.763293] RDX: 00000000000003ff RSI: 00007ffec1e710b0 RDI: 0000000000000003
[  267.763296] RBP: 000000003e18f351 R08: 0000000000000010 R09: 00007ffec1e702f0
[  267.763300] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac49fa3000
[  267.763303] R13: 000055faf33db010 R14: 00007ffec1e710b0 R15: 00007ffec1e70cb0
[  267.763308] ---[ end trace a4b20c39b367ab14 ]---
[  267.763327] ------------[ cut here ]------------
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763343] WARNING: CPU: 3 PID: 1356 at kernel/cfi.c:29 __ubsan_handle_cfi_check_fail+0x33/0x40
[  267.763351] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel joydev at24 mousedev mei_hdcp asus_nb_wmi iTCO_wdt kvm asus_wmi intel_pmc_bxt hid_multitouch intel_rapl_msr iTCO_vendor_support sparse_keymap i915 irqbypass iwlmvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel mac80211 snd_hda_codec_realtek snd_hda_codec_generic aesni_intel ledtrig_audio uvcvideo crypto_simd libarc4 snd_hda_intel cryptd snd_intel_dspcfg ttm snd_intel_sdw_acpi videobuf2_vmalloc i2c_algo_bit rapl videobuf2_memops iwlwifi snd_hda_codec videobuf2_v4l2 ak8975 intel_cstate btusb intel_uncore drm_kms_helper btrtl videobuf2_common snd_hda_core btintel btbcm processor_thermal_device vfat videodev cec psmouse snd_hwdep i2c_i801 processor_thermal_rfim bluetooth pcspkr fat snd_pcm cfg80211 intel_gtt processor_thermal_mbox processor_thermal_rapl ecdh_generic i2c_smbus agpgart snd_timer mei_me ecc intel_rapl_common
[  267.763432]  sysimgblt mc syscopyarea usbhid snd crc16 int340x_thermal_zone sysfillrect lpc_ich rfkill mei fb_sys_fops soundcore intel_soc_dts_iosf wmi inv_mpu6050_i2c inv_mpu6050 video acpi_als dell_smo8800 industrialio_triggered_buffer i2c_mux kfifo_buf int3400_thermal industrialio soc_button_array acpi_thermal_rel mac_hid asus_wireless drm fuse pkcs8_key_parser bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic serio_raw atkbd libps2 xhci_pci crc32c_intel i8042 xhci_pci_renesas serio
[  267.763484] CPU: 3 PID: 1356 Comm: read_all Tainted: G        W         5.13.0-rc7-next-20210622-cfi-00023-g139059454c14 #1
[  267.763488] Hardware name: ASUSTeK COMPUTER INC. Q302LA/Q302LA, BIOS Q302LA.203 05/15/2014
[  267.763491] RIP: 0010:__ubsan_handle_cfi_check_fail+0x33/0x40
[  267.763498] Code: 48 c7 c7 28 49 cf bb 48 c7 c6 a9 73 88 bb e8 34 21 39 00 85 c0 75 02 5b c3 48 c7 c7 4f 7b 82 bb 48 89 de 31 c0 e8 0d 4e e3 ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 85 f6 74 25 41 b9 ea ff ff
[  267.763501] RSP: 0018:ffffbbe6c1a8fd48 EFLAGS: 00010246
[  267.763505] RAX: 377a89fc5e6a8300 RBX: ffffffffbac48f90 RCX: 0000000000000027
[  267.763508] RDX: c0000000fff7ffff RSI: ffffbbe6c1a8fc10 RDI: ffff95fe52799558
[  267.763511] RBP: ffffffffbb933798 R08: 0000000000000000 R09: ffff95fe5aa00000
[  267.763515] R10: 0000000000000000 R11: 00000000fff7ffff R12: ffff95fd40d97000
[  267.763517] R13: ffffffffbac36d38 R14: ffff95fd43ae8000 R15: ffffffffbbc31f18
[  267.763521] FS:  00007fac49da4740(0000) GS:ffff95fe52780000(0000) knlGS:0000000000000000
[  267.763524] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.763527] CR2: 00007ffec1e5fff0 CR3: 00000001124be006 CR4: 00000000001706e0
[  267.763531] Call Trace:
[  267.763533]  ? sdev_show_queue_ramp_up_period.d40394367ee5e7d688252a477c3b0d21.cfi_jt+0x8/0x8
[  267.763541]  __cfi_check+0x50a64/0x53ef0
[  267.763547]  kobj_attr_show.a042bf906f94fc2f512c48bcc41c82c2+0x73/0x80
[  267.763553]  sysfs_kf_seq_show.dd8aaab44953102b1caeadaa95ffe6cd+0xbe/0x140
[  267.763560]  ? uart_proc_show.6bf11b7709e97fbffabb5ad5cb853962.cfi_jt+0x8/0x8
[  267.763569]  ? get_rid_cb.82c1e48ba220f6aaf5c7a5e77aa28377.cfi_jt+0x10/0x10
[  267.763576]  seq_read_iter+0x19d/0x690
[  267.763581]  ? configfs_read_iter.8deedd4ede62ee51185fbb0a8add7642.cfi_jt+0x8/0x8
[  267.763588]  vfs_read+0x2f7/0x3b0
[  267.763596]  ksys_read+0x66/0xd0
[  267.763602]  ? __ia32_sys_process_madvise.cfi_jt+0x8/0x8
[  267.763609]  do_syscall_64+0x69/0xd0
[  267.763616]  ? __irq_exit_rcu.llvm.6104590644448514954+0x40/0xc0
[  267.763622]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.763628] RIP: 0033:0x7fac49f85762
[  267.763631] Code: 48 8b 15 69 98 00 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
[  267.763635] RSP: 002b:00007ffec1e70bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  267.763639] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fac49f85762
[  267.763642] RDX: 00000000000003ff RSI: 00007ffec1e710b0 RDI: 0000000000000003
[  267.763645] RBP: 000000003e18f351 R08: 0000000000000010 R09: 00007ffec1e702f0
[  267.763648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac49fa3000
[  267.763651] R13: 000055faf33db010 R14: 00007ffec1e710b0 R15: 00007ffec1e70cb0
[  267.763655] ---[ end trace a4b20c39b367ab15 ]---

Patch submitted: https://lore.kernel.org/r/20210623013802.1904951-1-nathan@kernel.org/
@nathanchance nathanchance added [BUG] linux A bug that should be fixed in the mainline kernel. [PATCH] Submitted A patch has been submitted for review [FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity labels Jun 23, 2021
@nathanchance nathanchance self-assigned this Jun 23, 2021
fengguang pushed a commit to 0day-ci/linux that referenced this issue Jun 23, 2021
@nathanchance @intel-lab-lkp
ACPI: bgrt: Fix CFI violation
969015a 
clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
@nathanchance
Copy link
Member Author

Patch accepted: https://git.kernel.org/rafael/linux-pm/c/f37ccf8fce155d08ae2a4fb3db677911ced0c21a

@nathanchance nathanchance added [PATCH] Accepted A submitted patch has been accepted upstream and removed [PATCH] Submitted A patch has been submitted for review labels Jun 23, 2021
@nathanchance
Copy link
Member Author

Merged into mainline: https://git.kernel.org/torvalds/c/f37ccf8fce15

@nathanchance nathanchance added [FIXED][LINUX] 5.14 This bug was fixed in Linux 5.14 and removed [PATCH] Accepted A submitted patch has been accepted upstream labels Jun 29, 2021
Whissi pushed a commit to Whissi/linux-stable that referenced this issue Jul 14, 2021
@nathanchance @gregkh
ACPI: bgrt: Fix CFI violation
3c59143 
[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Whissi pushed a commit to Whissi/linux-stable that referenced this issue Jul 14, 2021
@nathanchance @gregkh
ACPI: bgrt: Fix CFI violation
cc0b177 
[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
woodsts pushed a commit to woodsts/linux-stable that referenced this issue Jul 14, 2021
@nathanchance @gregkh
ACPI: bgrt: Fix CFI violation
3baa60e 
[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
mentalmuso pushed a commit to mentalmuso/weta-kernel-s21 that referenced this issue Jul 15, 2021
@nathanchance @mentalmuso
ACPI: bgrt: Fix CFI violation
fc3e7ce 
[ Upstream commit f37ccf8fce155d08ae2a4fb3db677911ced0c21a ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1cdbab ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
mentalmuso pushed a commit to mentalmuso/weta-kernel-s21 that referenced this issue Jul 15, 2021
@nathanchance @mentalmuso
ACPI: bgrt: Fix CFI violation
d6a6432 
[ Upstream commit f37ccf8fce155d08ae2a4fb3db677911ced0c21a ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1cdbab ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
mentalmuso pushed a commit to mentalmuso/weta-kernel-s21 that referenced this issue Jul 15, 2021
@nathanchance @mentalmuso
ACPI: bgrt: Fix CFI violation
a3eae01 
[ Upstream commit f37ccf8fce155d08ae2a4fb3db677911ced0c21a ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1cdbab ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
adeepn pushed a commit to jethome-ru/linux-stable that referenced this issue Jul 29, 2021
@nathanchance @adeepn
ACPI: bgrt: Fix CFI violation
b36e831 
[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
adeepn pushed a commit to jethome-ru/linux-stable that referenced this issue Jul 29, 2021
@nathanchance @adeepn
ACPI: bgrt: Fix CFI violation
b625aba 
[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
gregmarsden pushed a commit to oracle/linux-uek that referenced this issue Aug 6, 2021
@nathanchance @jfvogel
ACPI: bgrt: Fix CFI violation
6f437a6 
[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 3c59143b9a1e0f1ad14d6f04a270e5c7a1a8a167)
Signed-off-by: Jack Vogel <jack.vogel@oracle.com>
alotofsalteggs pushed a commit to alotofsalteggs/focal that referenced this issue Aug 9, 2021
@nathanchance @smb49
ACPI: bgrt: Fix CFI violation
ce03460 
BugLink: https://bugs.launchpad.net/bugs/1938199

[ Upstream commit f37ccf8fce155d08ae2a4fb3db677911ced0c21a ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
delphix-devops-bot pushed a commit to delphix/linux-kernel-aws that referenced this issue Sep 10, 2021
@nathanchance @smb49
ACPI: bgrt: Fix CFI violation
4301fa4 
BugLink: https://bugs.launchpad.net/bugs/1938199

[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
it-is-a-robot pushed a commit to openeuler-mirror/kernel that referenced this issue Oct 14, 2021
@nathanchance
ACPI: bgrt: Fix CFI violation
0a2133b 
stable inclusion
from stable-5.10.50
commit cc0b1776fd1d98599e3053dd9ebe5786336735e9
bugzilla: 174522 https://gitee.com/openeuler/kernel/issues/I4DNFY

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cc0b1776fd1d98599e3053dd9ebe5786336735e9

--------------------------------

[ Upstream commit f37ccf8 ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Acked-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
haridhayal11 pushed a commit to haridhayal11/android_kernel_samsung_exynos2100 that referenced this issue Jan 22, 2022
@nathanchance @haridhayal11
ACPI: bgrt: Fix CFI violation
c886c73 
[ Upstream commit f37ccf8fce155d08ae2a4fb3db677911ced0c21a ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
haridhayal11 pushed a commit to haridhayal11/android_kernel_samsung_exynos2100 that referenced this issue Jan 23, 2022
@nathanchance @haridhayal11
ACPI: bgrt: Fix CFI violation
986f005 
[ Upstream commit f37ccf8fce155d08ae2a4fb3db677911ced0c21a ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
haridhayal11 pushed a commit to haridhayal11/android_kernel_samsung_exynos2100 that referenced this issue Jan 23, 2022
@nathanchance @haridhayal11
ACPI: bgrt: Fix CFI violation
67c803d 
[ Upstream commit f37ccf8fce155d08ae2a4fb3db677911ced0c21a ]

clang's Control Flow Integrity requires that every indirect call has a
valid target, which is based on the type of the function pointer. The
*_show() functions in this file are written as if they will be called
from dev_attr_show(); however, they will be called from
sysfs_kf_seq_show() because the files were created by
sysfs_create_group() and the sysfs ops are based on kobj_sysfs_ops
because of kobject_add_and_create(). Because the *_show() functions do
not match the type of the show() member in struct kobj_attribute, there
is a CFI violation.

$ cat /sys/firmware/acpi/bgrt/{status,type,version,{x,y}offset}}
1
0
1
522
307

$ dmesg | grep "CFI failure"
[  267.761825] CFI failure (target: type_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762246] CFI failure (target: xoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762584] CFI failure (target: status_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.762973] CFI failure (target: yoffset_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):
[  267.763330] CFI failure (target: version_show.d5e1ad21498a5fd14edbc5c320906598.cfi_jt+0x0/0x8):

Convert these functions to the type of the show() member in struct
kobj_attribute so that there is no more CFI violation. Because these
functions are all so similar, combine them into a macro.

Fixes: d1ff4b1 ("ACPI: Add support for exposing BGRT data")
Link: ClangBuiltLinux/linux#1406
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nathanchance nathanchance

Labels
[BUG] linux A bug that should be fixed in the mainline kernel. [FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity [FIXED][LINUX] 5.14 This bug was fixed in Linux 5.14
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nathanchance