Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I am getting CFI failure #1620

Closed
SHREEDHARBg opened this issue Mar 30, 2022 · 2 comments
Closed

I am getting CFI failure #1620

SHREEDHARBg opened this issue Mar 30, 2022 · 2 comments
Labels
[FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity more info needed More information requested to issue author from project members.

Comments

@SHREEDHARBg
Copy link

SHREEDHARBg commented Mar 30, 2022
edited by nathanchance
Loading

Here I am facing cfi failure because of xmit_one function please any one help me out for this one

Below I attached dmesg.

[    5.563902] CFI failure (target: tcf_chain_put_by_act.cfi_jt+0x4/0x8):
[    5.563915] WARNING: CPU: 2 PID: 0 at kernel/cfi.c:30 __cfi_check_fail+0x4c/0x54
[    5.563918] Modules linked in: nmtp_plugin microchip_hub thfsplus(O) tntfs(PO) texfat(PO) ecdh_generic ecc dmatest ccm arc4
[    5.563931] (AND OS)CPU: 2 PID: 0 Comm: swapper/2 Tainted: P        W  O      5.4.61-android11-2-gd4a626af17cf-ab647 #1
[    5.563934] Hardware name: Samsung ExynosAuto9 SADK Android IVI VM (DT)
[    5.563938] pstate: 60400005 (nZCv daif +PAN -UAO)
[    5.563942] pc : __cfi_check_fail+0x4c/0x54
[    5.563945] lr : __cfi_check_fail+0x4c/0x54
[    5.563948] sp : ffffffc010043760
[    5.563950] x29: ffffffc010043760 x28: 0000003375e084d0 
[    5.563953] x27: ffffffc011d16018 x26: 0000000000000000 
[    5.563956] x25: ffffffc011d57158 
[    5.563960] type=1400 audit(1546344005.747:470): avc: denied { open } for comm="trc-logcat-main" path="/proc/878/cmdline" dev="proc" ino=28868 scontext=u:r:traceserver:s0 tcontext=u:r:esoinputservd:s0 tclass=file permissive=1
[    5.563962] x24: ffffff8b499ae180 
[    5.563966] x23: ffffffc010386000 x22: 0000000000000001 
[    5.563968] x21: fb5758f90df1e592 x20: ffffffc012049500 
[    5.563971] x19: ffffffc011108f94 x18: ffffffc0100350b0 
[    5.563974] x17: 0000000000000041 x16: ffffffc0110ea020 
[    5.563976] x15: 0000000000000004 x14: 0000000000000064 
[    5.563979] x13: 000000000007a87c x12: 0000000000000000 
[    5.563981] x11: 0000000000000001 x10: ffffffc011d16018 
[    5.563984] x9 : 236c34d494744800 x8 : 236c34d494744800 
[    5.563987] x7 : 632e7463615f7962 x6 : ffffffc012865177 
[    5.563990] x5 : ff00000000000000 x4 : 000000000000000c 
[    5.563992] x3 : 0a3a293878302f34 x2 : 0000000000000007 
[    5.563995] x1 : 0000000000000006 x0 : 000000000000003a 
[    5.563998] Call trace(AND OS):
[    5.564001] __cfi_check_fail+0x4c/0x54
[    5.564006] __cfi_check+0x5ed80/0x663f0
[    5.564010] xmit_one+0x2d8/0x2dc
[    5.564013] dev_hard_start_xmit+0x58/0xa4
[    5.564017] sch_direct_xmit+0xd4/0x314
[    5.564019] __qdisc_run+0x88/0xe0
[    5.564023] __dev_queue_xmit.llvm.18437653760953882880+0x490/0x9e8
[    5.564026] neigh_resolve_output+0x1c0/0x240
[    5.564031] ip6_finish_output2+0x524/0x6c8
[    5.564034] __ip6_finish_output+0x15c/0x22c
[    5.564037] ip6_finish_output+0x54/0xe4
[    5.564039] ip6_output+0xcc/0x1c4
[    5.564043] mld_sendpack+0x374/0x560
[    5.564046] mld_ifc_timer_expire+0x2bc/0x39c
[    5.564050] call_timer_fn+0x14c/0x2c0
[    5.564053] expire_timers+0x70/0x1c4
[    5.564056] __run_timers+0x218/0x270
[    5.564059] run_timer_softirq+0x30/0x58
[    5.564062] __do_softirq+0x204/0x480
[    5.564066] irq_exit+0x118/0x11c
[    5.564070] __handle_domain_irq+0x94/0xe8
[    5.564073] gic_handle_irq+0x4c/0xb4
[    5.564076] el1_irq+0x104/0x200
[    5.564079] arch_cpu_idle+0x2c/0x4c
[    5.564083] do_idle.llvm.14783080187703386766+0xbc/0x138
[    5.564086] cpu_startup_entry+0x24/0x28
[    5.564091] secondary_start_kernel+0x1a4/0x1bc
[    5.564094] ---[ end trace 6e84a3c27d23d5a1 ]---
[    5.566890] type=1400 audit(1546344005.747:471): avc: denied { search } for comm="trc-logcat-main" name="1006" dev="proc" ino=26965 scontext=u:r:traceserver:s0 tcontext=u:r:rsi_gateway_hcp3:s0 tclass=dir permissive=1
[    5.566943] type=1400 audit(1546344005.747:472): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=28871 scontext=u:r:traceserver:s0 tcontext=u:r:rsi_gateway_hcp3:s0 tclass=file permissive=1
[    5.566968] type=1400 audit(1546344005.747:473): avc: denied { open } for comm="trc-logcat-main" path="/proc/1006/cmdline" dev="proc" ino=28871 scontext=u:r:traceserver:s0 tcontext=u:r:rsi_gateway_hcp3:s0 tclass=file permissive=1
[    5.567582] type=1400 audit(1546344005.747:474): avc: denied { search } for comm="trc-logcat-main" name="625" dev="proc" ino=24927 scontext=u:r:traceserver:s0 tcontext=u:r:cameraserver:s0 tclass=dir permissive=1
[    5.567670] type=1400 audit(1546344005.747:475): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=26201 scontext=u:r:traceserver:s0 tcontext=u:r:cameraserver:s0 tclass=file permissive=1
[    5.567895] type=1400 audit(1546344005.747:476): avc: denied { open } for comm="trc-logcat-main" path="/proc/625/cmdline" dev="proc" ino=26201 scontext=u:r:traceserver:s0 tcontext=u:r:cameraserver:s0 tclass=file permissive=1
[    5.570798] ------------[ cut here ]------------
[    5.570812] CFI failure (target: tcf_chain_put_by_act.cfi_jt+0x4/0x8):
[    5.570825] WARNING: CPU: 1 PID: 476 at kernel/cfi.c:30 __cfi_check_fail+0x4c/0x54
[    5.570828] Modules linked in: nmtp_plugin microchip_hub thfsplus(O) tntfs(PO) texfat(PO) ecdh_generic ecc dmatest ccm arc4
[    5.570840] (AND OS)CPU: 1 PID: 476 Comm: kworker/1:2 Tainted: P        W  O      5.4.61-android11-2-gd4a626af17cf-ab647 #1
[    5.570842] Hardware name: Samsung ExynosAuto9 SADK Android IVI VM (DT)
[    5.570849] Workqueue: ipv6_addrconf addrconf_dad_work
[    5.570853] pstate: 60c00005 (nZCv daif +PAN +UAO)
[    5.570856] pc : __cfi_check_fail+0x4c/0x54
[    5.570860] lr : __cfi_check_fail+0x4c/0x54
[    5.570862] sp : ffffffc0160cb760
[    5.570864] x29: ffffffc0160cb760 x28: 00000000000100ff 
[    5.570868] x27: ffffffc011d16018 x26: 0000000000000000 
[    5.570870] x25: ffffffc011d57158 x24: ffffff8b7c48c100 
[    5.570873] x23: ffffffc010386000 x22: 0000000000000001 
[    5.570876] x21: fb5758f90df1e592 x20: ffffffc012049500 
[    5.570878] x19: ffffffc011108f94 x18: ffffffc015701090 
[    5.570881] x17: 0000000000000041 x16: ffffffc0110ea020 
[    5.570884] x15: 0000000000000004 x14: 0000000000000064 
[    5.570886] x13: 000000000007c020 x12: 0000000000000000 
[    5.570889] x11: 0000000000000001 x10: ffffffc011d16018 
[    5.570892] x9 : 236c34d494744800 x8 : 236c34d494744800 
[    5.570895] x7 : 632e7463615f7962 x6 : ffffffc012866cb2 
[    5.570897] x5 : ff00000000000000 x4 : 000000000000000c 
[    5.570900] x3 : 0a3a293878302f34 x2 : 0000000000000007 
[    5.570902] x1 : 0000000000000006 x0 : 000000000000003a 
[    5.570905] Call trace(AND OS):
[    5.570909] __cfi_check_fail+0x4c/0x54
[    5.570913] __cfi_check+0x5ed80/0x663f0
[    5.570917] xmit_one+0x2d8/0x2dc
[    5.570920] dev_hard_start_xmit+0x58/0xa4
[    5.570923] sch_direct_xmit+0xd4/0x314
[    5.570926] __qdisc_run+0x88/0xe0
[    5.570929] __dev_queue_xmit.llvm.18437653760953882880+0x490/0x9e8
[    5.570933] neigh_resolve_output+0x1c0/0x240
[    5.570937] ip6_finish_output2+0x524/0x6c8
[    5.570940] __ip6_finish_output+0x15c/0x22c
[    5.570943] ip6_finish_output+0x54/0xe4
[    5.570945] ip6_output+0xcc/0x1c4
[    5.570949] ndisc_send_skb+0x368/0x558
[    5.570952] ndisc_send_ns+0x264/0x2a0
[    5.570955] addrconf_dad_work+0x40c/0x680
[    5.570958] process_one_work+0x2ec/0x5bc
[    5.570962] worker_thread+0x254/0x528
[    5.570965] kthread+0x174/0x184
[    5.570969] ret_from_fork+0x10/0x18
[    5.570972] ---[ end trace 6e84a3c27d23d5a2 ]---
[    5.571475] L2TP WiFi AP setup completed !
[    5.572275] type=1400 audit(1546344005.755:477): avc: denied { search } for comm="trc-logcat-main" name="1023" dev="proc" ino=26993 scontext=u:r:traceserver:s0 tcontext=u:r:ruleengine:s0 tclass=dir permissive=1
[    5.572396] type=1400 audit(1546344005.755:478): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=29756 scontext=u:r:traceserver:s0 tcontext=u:r:ruleengine:s0 tclass=file permissive=1
[    5.572634] type=1400 audit(1546344005.755:479): avc: denied { open } for comm="trc-logcat-main" path="/proc/1023/cmdline" dev="proc" ino=29756 scontext=u:r:traceserver:s0 tcontext=u:r:ruleengine:s0 tclass=file permissive=1
[    5.573155] type=1400 audit(1546344005.755:480): avc: denied { search } for comm="trc-logcat-main" name="1013" dev="proc" ino=26970 scontext=u:r:traceserver:s0 tcontext=u:r:someipcommforwarder:s0 tclass=dir permissive=1
[    5.573202] type=1400 audit(1546344005.755:481): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=29759 scontext=u:r:traceserver:s0 tcontext=u:r:someipcommforwarder:s0 tclass=file permissive=1
[    5.573226] type=1400 audit(1546344005.755:482): avc: denied { open } for comm="trc-logcat-main" path="/proc/1013/cmdline" dev="proc" ino=29759 scontext=u:r:traceserver:s0 tcontext=u:r:someipcommforwarder:s0 tclass=file permissive=1
[    5.573379] type=1400 audit(1546344005.755:483): avc: denied { search } for comm="trc-logcat-main" name="1029" dev="proc" ino=27006 scontext=u:r:traceserver:s0 tcontext=u:r:logtransfer-provider:s0 tclass=dir permissive=1
[    5.573404] type=1400 audit(1546344005.755:484): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=29762 scontext=u:r:traceserver:s0 tcontext=u:r:logtransfer-provider:s0 tclass=file permissive=1
[    5.573427] type=1400 audit(1546344005.755:485): avc: denied { open } for comm="trc-logcat-main" path="/proc/1029/cmdline" dev="proc" ino=29762 scontext=u:r:traceserver:s0 tcontext=u:r:logtransfer-provider:s0 tclass=file permissive=1
[    5.574399] type=1400 audit(1546344005.755:486): avc: denied { search } for comm="trc-logcat-main" name="1041" dev="proc" ino=27032 scontext=u:r:traceserver:s0 tcontext=u:r:logtransfer-server:s0 tclass=dir permissive=1
[    5.574456] type=1400 audit(1546344005.755:487): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=27051 scontext=u:r:traceserver:s0 tcontext=u:r:logtransfer-server:s0 tclass=file permissive=1
[    5.574482] type=1400 audit(1546344005.755:488): avc: denied { open } for comm="trc-logcat-main" path="/proc/1041/cmdline" dev="proc" ino=27051 scontext=u:r:traceserver:s0 tcontext=u:r:logtransfer-server:s0 tclass=file permissive=1
[    5.580305] type=1400 audit(1546344005.763:489): avc: denied { search } for comm="rc-logcat-other" name="468" dev="proc" ino=21836 scontext=u:r:traceserver:s0 tcontext=u:r:harman_usb_hal:s0 tclass=dir permissive=1
[    5.581053] type=1400 audit(1546344005.763:490): avc: denied { search } for comm="trc-logcat-main" name="474" dev="proc" ino=19077 scontext=u:r:traceserver:s0 tcontext=u:r:audioserver:s0 tclass=dir permissive=1
[    5.581406] type=1400 audit(1546344005.763:491): avc: denied { search } for comm="trc-logcat-main" name="867" dev="proc" ino=25570 scontext=u:r:traceserver:s0 tcontext=u:r:manifestmgr:s0 tclass=dir permissive=1
[    5.581442] type=1400 audit(1546344005.763:492): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=29771 scontext=u:r:traceserver:s0 tcontext=u:r:manifestmgr:s0 tclass=file permissive=1
[    5.581467] type=1400 audit(1546344005.763:493): avc: denied { open } for comm="trc-logcat-main" path="/proc/867/cmdline" dev="proc" ino=29771 scontext=u:r:traceserver:s0 tcontext=u:r:manifestmgr:s0 tclass=file permissive=1
[    5.584299] type=1400 audit(1546344005.767:494): avc: denied { search } for comm="trc-logcat-main" name="1033" dev="proc" ino=29724 scontext=u:r:traceserver:s0 tcontext=u:r:diagnosis-8153:s0 tclass=dir permissive=1
[    5.584375] type=1400 audit(1546344005.767:495): avc: denied { read } for comm="trc-logcat-main" name="cmdline" dev="proc" ino=26239 scontext=u:r:traceserver:s0 tcontext=u:r:diagnosis-8153:s0 tclass=file permissive=1
[    5.584399] type=1400 audit(1546344005.767:496): avc: denied { open } for comm="trc-logcat-main" path="/proc/1033/cmdline" dev="proc" ino=26239 scontext=u:r:traceserver:s0 tcontext=u:r:diagnosis-8153:s0 tclass=file permissive=1
[    5.584906] ------------[ cut here ]------------
[    5.584917] CFI failure (target: tcf_chain_put_by_act.cfi_jt+0x4/0x8):
[    5.584930] WARNING: CPU: 1 PID: 476 at kernel/cfi.c:30 __cfi_check_fail+0x4c/0x54
[    5.584933] Modules linked in: nmtp_plugin microchip_hub thfsplus(O) tntfs(PO) texfat(PO) ecdh_generic ecc dmatest ccm arc4
[    5.584945] (AND OS)CPU: 1 PID: 476 Comm: kworker/1:2 Tainted: P        W  O      5.4.61-android11-2-gd4a626af17cf-ab647 #1
[    5.584948] Hardware name: Samsung ExynosAuto9 SADK Android IVI VM (DT)
[    5.584955] Workqueue: ipv6_addrconf addrconf_dad_work
[    5.584958] pstate: 60c00005 (nZCv daif +PAN +UAO)
[    5.584962] pc : __cfi_check_fail+0x4c/0x54
[    5.584965] lr : __cfi_check_fail+0x4c/0x54
[    5.584968] sp : ffffffc0160cb760
[    5.584970] x29: ffffffc0160cb760 x28: 00000000000100ff 
[    5.584973] x27: ffffffc011d16018 x26: 0000000000000000 
[    5.584976] x25: ffffffc011d57158 x24: ffffff8b7c48c100 
[    5.584979] x23: ffffffc010386000 x22: 0000000000000001 
[    5.584982] x21: fb5758f90df1e592 x20: ffffffc012049500 
[    5.584984] x19: ffffffc011108f94 x18: ffffffc015701090 
[    5.584987] x17: 0000000000000041 x16: ffffffc0110ea020 
[    5.584990] x15: 0000000000000004 x14: 0000000000000064 
[    5.584992] x13: 000000000007e2a0 x12: 0000000000000000 
[    5.584995] x11: 0000000000000001 x10: ffffffc011d16018 
[    5.584998] x9 : 236c34d494744800 x8 : 236c34d494744800 
[    5.585000] x7 : 632e7463615f7962 x6 : ffffffc012869328 
[    5.585003] x5 : ff00000000000000 x4 : 000000000000000c 
[    5.585006] x3 : 0a3a293878302f34 x2 : 0000000000000007 
[    5.585008] x1 : 0000000000000006 x0 : 000000000000003a 
[    5.585011] Call trace(AND OS):
[    5.585015] __cfi_check_fail+0x4c/0x54
[    5.585019] __cfi_check+0x5ed80/0x663f0
[    5.585023] xmit_one+0x2d8/0x2dc
[    5.585026] dev_hard_start_xmit+0x58/0xa4
[    5.585029] sch_direct_xmit+0xd4/0x314
[    5.585032] __qdisc_run+0x88/0xe0
[    5.585035] __dev_queue_xmit.llvm.18437653760953882880+0x490/0x9e8
[    5.585038] neigh_resolve_output+0x1c0/0x240
[    5.585043] ip6_finish_output2+0x524/0x6c8
[    5.585045] __ip6_finish_output+0x15c/0x22c
[    5.585049] ip6_finish_output+0x54/0xe4
[    5.585052] type=1400 audit(1546344005.767:497): avc: denied { search } for comm="trc-logcat-main" name="462" dev="proc" ino=19062 scontext=u:r:traceserver:s0 tcontext=u:r:authentictime:s0 tclass=dir
@nathanchance
Copy link
Member

Is the CFI failure target correct? I do not see anywhere that tcf_chain_put_by_act() is called via an indirect call.

@nathanchance nathanchance added the [FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity label Mar 30, 2022
@nickdesaulniers
Copy link
Member

cc @samitolvanen

I do not see anywhere that tcf_chain_put_by_act() is called via an indirect call.

Same, but this is a downstream kernel, based on 5.4.61 it looks like.

[ 5.563931] (AND OS)CPU: 2 PID: 0 Comm: swapper/2 Tainted: P W O 5.4.61-android11-2-gd4a626af17cf-ab647 #1

I still don't see such call sites as of 5.4.188. Going back to 5.4.61, I still don't see it.

So this is probably an issue with whatever this downstream tree is doing. @SHREEDHARBg please reopen with a link to your kernel sources that have an indirect call to tcf_chain_put_by_act that isn't upstream.

@nickdesaulniers nickdesaulniers added the more info needed More information requested to issue author from project members. label Mar 30, 2022
@nathanchance nathanchance mentioned this issue Mar 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[FEATURE] CFI Related to building the kernel with Clang Control Flow Integrity more info needed More information requested to issue author from project members.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickdesaulniers @nathanchance @SHREEDHARBg