| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ef3c1a62-029e-ffae-8a37-fde35a8235d5@wanadoo.fr>
Date: Sat, 19 Nov 2022 09:05:28 +0100
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Kees Cook <keescook@...omium.org>, Daniel Palmer <daniel@...ngy.jp>
Cc: kernel test robot <lkp@...el.com>,
Romain Perier <romain.perier@...il.com>,
Alessandro Zummo <a.zummo@...ertech.it>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
linux-arm-kernel@...ts.infradead.org, linux-rtc@...r.kernel.org,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Tom Rix <trix@...hat.com>, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] rtc: msc313: Fix function prototype mismatch in
msc313_rtc_probe()
Le 19/11/2022 à 00:31, Kees Cook a écrit :
> With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
> indirect call targets are validated against the expected function
> pointer prototype to make sure the call target is valid to help mitigate
> ROP attacks. If they are not identical, there is a failure at run time,
> which manifests as either a kernel panic or thread getting killed.
>
> msc313_rtc_probe() was passing clk_disable_unprepare() directly, which
> did not have matching prototypes for devm_add_action_or_reset()'s callback
> argument. Add a wrapper and remove the cast.
>
> This was found as a result of Clang's new -Wcast-function-type-strict
> flag, which is more sensitive than the simpler -Wcast-function-type,
> which only checks for type width mismatches.
>
> Reported-by: kernel test robot <lkp@...el.com>
> Link: https://lore.kernel.org/lkml/202211041527.HD8TLSE1-lkp@intel.com
> Cc: Daniel Palmer <daniel@...ngy.jp>
> Cc: Romain Perier <romain.perier@...il.com>
> Cc: Alessandro Zummo <a.zummo@...ertech.it>
> Cc: Alexandre Belloni <alexandre.belloni@...tlin.com>
> Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>
> Cc: linux-arm-kernel@...ts.infradead.org
> Cc: linux-rtc@...r.kernel.org
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
> drivers/rtc/rtc-msc313.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/rtc/rtc-msc313.c b/drivers/rtc/rtc-msc313.c
> index f3fde013c4b8..36e3e77f303e 100644
> --- a/drivers/rtc/rtc-msc313.c
> +++ b/drivers/rtc/rtc-msc313.c
> @@ -177,6 +177,13 @@ static irqreturn_t msc313_rtc_interrupt(s32 irq, void *dev_id)
> return IRQ_HANDLED;
> }
>
> +static void msc313_clk_disable_unprepare(void *data)
> +{
> + struct clk *clk = data;
> +
> + clk_disable_unprepare(clk);
> +}
> +
> static int msc313_rtc_probe(struct platform_device *pdev)
> {
> struct device *dev = &pdev->dev;
> @@ -224,7 +231,7 @@ static int msc313_rtc_probe(struct platform_device *pdev)
> return ret;
> }
>
> - ret = devm_add_action_or_reset(dev, (void (*) (void *))clk_disable_unprepare, clk);
> + ret = devm_add_action_or_reset(dev, msc313_clk_disable_unprepare, clk);
> if (ret)
> return ret;
>
Hi,
another way to fix it, is to use devm_clk_get_enabled().
It removes some LoC instead of introducing some new ones and saves a few
bytes of memory.
CJ
Powered by blists - more mailing lists