drivers/char/tpm/tpm-chip.c · 43686598b55785bfc1f961b3731b2302fe08f393 · Kirill Smelkov / linux

tpm: Avoid function type cast of put_device() · e10de46b
Ard Biesheuvel authored Oct 21, 2022


The TPM code registers put_device() as a devm cleanup handler, and casts
the reference to the right function pointer type for this to be
permitted by the compiler.

However, under kCFI, this is rejected at runtime, resulting in a splat
like

   CFI failure at devm_action_release+0x24/0x3c (target: put_device+0x0/0x24; expected type: 0xa488ebfc)
   Internal error: Oops - CFI: 0000000000000000 [#1] PREEMPT SMP
   Modules linked in:  ...
   CPU: 20 PID: 454 Comm: systemd-udevd Not tainted 6.1.0-rc1+ #51
   Hardware name: Socionext SynQuacer E-series DeveloperBox, BIOS build #1 Oct  3 2022
   pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
   pc : devm_action_release+0x24/0x3c
   lr : devres_release_all+0xb4/0x114
   sp : ffff800009bb3630
   x29: ffff800009bb3630 x28: 0000000000000000 x27: 0000000000000011
   x26: ffffaa6f9922c0c8 x25: 0000000000000002 x24: 000000000000000f
   x23: ffff800009bb3648 x22: ffff7aefc3be2100 x21: ffff7aefc3be2e00
   x20: 0000000000000005 x19: ffff7aefc1e1ec10 x18: ffff800009af70a8
   x17: 00000000a488ebfc x16: 0000000094ee7df3 x15: 0000000000000000
   x14: 4075c5c2ef7affff x13: e46a91c5c5e2ef42 x12: ffff7aefc2c57540
   x11: 0000000000000001 x10: 0000000000000001 x9 : 0000000100000000
   x8 : ffffaa6fa09b39b4 x7 : 7f7f7f7f7f7f7f7f x6 : 8000000000000000
   x5 : 000000008020000e x4 : ffff7aefc2c57500 x3 : ffff800009bb3648
   x2 : ffff800009bb3648 x1 : ffff7aefc3be2e80 x0 : ffff7aefc3bb7000
   Call trace:
    devm_action_release+0x24/0x3c
    devres_release_all+0xb4/0x114
    really_probe+0xb0/0x49c
    __driver_probe_device+0x114/0x180
    driver_probe_device+0x48/0x1ec
    __driver_attach+0x118/0x284
    bus_for_each_dev+0x94/0xe4
    driver_attach+0x24/0x34
    bus_add_driver+0x10c/0x220
    driver_register+0x78/0x118
    __platform_driver_register+0x24/0x34
    init_module+0x20/0xfe4 [tpm_tis_synquacer]
    do_one_initcall+0xd4/0x248
    do_init_module+0x44/0x28c
    load_module+0x16b4/0x1920

Fix this by going through a helper function of the correct type.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
e10de46b
tpm-chip.c 13.9 KB
Replace tpm-chip.c
