| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202510141409.B33E2667@keescook>
Date: Tue, 14 Oct 2025 14:10:00 -0700
From: Kees Cook <kees@...nel.org>
To: Nathan Chancellor <nathan@...nel.org>
Cc: Mika Westerberg <mika.westerberg@...ux.intel.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Jan Dabros <jsd@...ihalf.com>, Andi Shyti <andi.shyti@...nel.org>,
Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
Bill Wendling <morbo@...gle.com>,
Justin Stitt <justinstitt@...gle.com>,
Sami Tolvanen <samitolvanen@...gle.com>, linux-i2c@...r.kernel.org,
linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH] i2c: designware: Remove i2c_dw_remove_lock_support()
On Mon, Oct 13, 2025 at 06:05:03PM -0700, Nathan Chancellor wrote:
> When building certain configurations with CONFIG_FINEIBT=y after
> commit 894af4a1cde6 ("objtool: Validate kCFI calls"), there is a
> warning due to an indirect call in dw_i2c_plat_remove():
>
> $ cat allno.config
> CONFIG_ACPI=y
> CONFIG_CFI=y
> CONFIG_COMMON_CLK=y
> CONFIG_CPU_MITIGATIONS=y
> CONFIG_I2C=y
> CONFIG_I2C_DESIGNWARE_BAYTRAIL=y
> CONFIG_I2C_DESIGNWARE_CORE=y
> CONFIG_I2C_DESIGNWARE_PLATFORM=y
> CONFIG_IOSF_MBI=y
> CONFIG_MITIGATION_RETPOLINE=y
> CONFIG_MODULES=y
> CONFIG_PCI=y
> CONFIG_X86_KERNEL_IBT=y
>
> $ make -skj"$(nproc)" ARCH=x86_64 LLVM=1 clean allnoconfig vmlinux
> vmlinux.o: warning: objtool: dw_i2c_plat_remove+0x3c: no-cfi indirect call!
>
> With this configuration, i2c_dw_semaphore_cb_table has the BAYTRAIL
> member and the sentinel (i.e., 2 members), both of which have an
> implicit
>
> .remove = NULL,
>
> so Clang effectively turns i2c_dw_remove_lock_support(), which is later
> inlined into dw_i2c_plat_remove(), into:
>
> static void i2c_dw_remove_lock_support(struct dw_i2c_dev *dev)
> {
> if (dev->semaphore_idx > 2)
> (*NULL)(dev):
> }
>
> which is not necessarily problematic from a logic perspective (as the
> code was not bounds checking semaphore_idx so an out of bounds index
> could already crash) but objtool's new __nocfi indirect call checking
> trips over Clang dropping the kCFI setup from a known NULL indirect
> call.
>
> While it would be possible to fix this by transforming the initial check
> into
>
> if (dev->semaphore_idx < 0 || dev->semaphore_idx >= ARRAY_SIZE(i2c_dw_semaphore_cb_table))
>
> the remove member is unused after commit 440da737cf8d ("i2c: designware:
> Use PCI PSP driver for communication"), so i2c_dw_remove_lock_support()
> can be removed altogether, as it will never actually do anything.
>
> Closes: https://github.com/ClangBuiltLinux/linux/issues/2133
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
Thanks for the analysis!
Reviewed-by: Kees Cook <kees@...nel.org>
--
Kees Cook
Powered by blists - more mailing lists