search

ClangBuiltLinux / linux

Linux kernel source tree
Other
241 stars 14 forks source link

CFI failure at kobj_attr_show (target: platform_profile_choices_show) #2047

Open flukeeey opened 2 months ago

flukeeey commented 2 months ago

Hi!

When attempting to read /sys/firmware/acpi/platform_profile or /sys/firmware/acpi/platform_profile_choices I receive a "SIGSEGV (Address boundary error)" error, with the following oops:

[ 4218.319433] CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c)
[ 4218.319505] Oops: invalid opcode: 0000 [#2] PREEMPT SMP NOPTI
[ 4218.319512] CPU: 10 UID: 1000 PID: 6119 Comm: cat Tainted: G      D            6.11.0-rc4-nomod-00001-g20e8b2f2a6b2-dirty #142
[ 4218.319516] Tainted: [D]=DIE
[ 4218.319518] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.05 03/29/2024
[ 4218.319521] RIP: 0010:kobj_attr_show+0x19/0x30
[ 4218.319524] Code: cc b8 4f a9 a9 ff 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 5e 10 4d 85 db 74 14 41 ba f4 a6 96 85 45 03 53 f1 74 02 <0f> 0b 41 ff e3 cc 66 90 48 c7 c0 fb ff ff ff e9 3e 60 31 00 cc cc
[ 4218.319529] RSP: 0018:ffff9629888bbdd8 EFLAGS: 00010286
[ 4218.319532] RAX: ffff89c14636b660 RBX: ffff89c143f55708 RCX: 0000000000000000
[ 4218.319535] RDX: ffff89c14edd9000 RSI: ffffffffb330e148 RDI: ffff89c143e79d00
[ 4218.319536] RBP: ffff89c143f55730 R08: 0000000000001000 R09: ffff89c14edd9000
[ 4218.319538] R10: 00000000e5a3ca4d R11: ffffffffb0982cf0 R12: ffffffffb291f6a8
[ 4218.319540] R13: ffff89c2ba0b6240 R14: ffff89c143e79d00 R15: ffff89c14edd9000
[ 4218.319542] FS:  00007f258e80e740(0000) GS:ffff89c7c1e80000(0000) knlGS:0000000000000000
[ 4218.319545] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4218.319547] CR2: 00007f258e4e0000 CR3: 00000001f4e2e000 CR4: 0000000000f506f0
[ 4218.319549] PKRU: 55555554
[ 4218.319550] Call Trace:
[ 4218.319555]  <TASK>
[ 4218.319558]  ? __die+0xd9/0x120
[ 4218.319562]  ? die+0x2a/0x50
[ 4218.319564]  ? do_trap+0x9d/0x180
[ 4218.319577]  ? kobj_attr_show+0x19/0x30
[ 4218.319579]  ? kobj_attr_show+0x19/0x30
[ 4218.319581]  ? handle_invalid_op+0x65/0x80
[ 4218.319584]  ? kobj_attr_show+0x19/0x30
[ 4218.319586]  ? exc_invalid_op+0x38/0x60
[ 4218.319594]  ? asm_exc_invalid_op+0x1a/0x20
[ 4218.319613]  ? __cfi_platform_profile_choices_show+0x10/0x10
[ 4218.319616]  ? kobj_attr_show+0x19/0x30
[ 4218.319619]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 4218.319624]  sysfs_kf_seq_show+0xa1/0x110
[ 4218.319628]  seq_read_iter+0x1cf/0x4d0
[ 4218.319632]  vfs_read+0x2b2/0x340
[ 4218.319638]  ksys_read+0x80/0x100
[ 4218.319642]  do_syscall_64+0x56/0x100
[ 4218.319644]  entry_SYSCALL_64_after_hwframe+0x55/0x5d
[ 4218.319646] RIP: 0033:0x7f258e91cc21
[ 4218.319649] Code: ff ff eb bd 67 e8 3f ae 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 80 3d 45 34 0e 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec
[ 4218.319650] RSP: 002b:00007ffcc83f1e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 4218.319652] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f258e91cc21
[ 4218.319654] RDX: 0000000000040000 RSI: 00007f258e4e1000 RDI: 0000000000000003
[ 4218.319655] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007f258ea52380
[ 4218.319656] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f258e4e1000
[ 4218.319658] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000040000
[ 4218.319659]  </TASK>
[ 4218.319661] ---[ end trace 0000000000000000 ]---

System is an AMD Framework Laptop 13 running Arch Linux, kernel version 6.11.0-rc4 (commit: 20e8b2f2a6b2).

/proc/version:

Linux version 6.11.0-rc4-nomod-00001-g20e8b2f2a6b2-dirty (user@localhost) (ClangBuiltLinux clang version 19.1.0-rc2 (https://github.com/llvm/llvm-project.git d033ae172d1c5a85fd09c36e23608a9241ea2990), ClangBuiltLinux LLD 19.1.0 (https://github.com/llvm/llvm-project.git d033ae172d1c5a85fd09c36e23608a9241ea2990)) #142 SMP PREEMPT Mon Aug 19 16:25:43 BST 2024

Apologies if this is the incorrect place to report a CFI violation, and please let me know if I can assist further in investigation.

config.txt

nathanchance commented 2 months ago

Can you test this patch?

diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c
index d2f7fd7743a1..11278f785526 100644
--- a/drivers/acpi/platform_profile.c
+++ b/drivers/acpi/platform_profile.c
@@ -22,8 +22,8 @@ static const char * const profile_names[] = {
 };
 static_assert(ARRAY_SIZE(profile_names) == PLATFORM_PROFILE_LAST);

-static ssize_t platform_profile_choices_show(struct device *dev,
-                   struct device_attribute *attr,
+static ssize_t platform_profile_choices_show(struct kobject *kobj,
+                   struct kobj_attribute *attr,
                    char *buf)
 {
    int len = 0;
@@ -49,8 +49,8 @@ static ssize_t platform_profile_choices_show(struct device *dev,
    return len;
 }

-static ssize_t platform_profile_show(struct device *dev,
-                   struct device_attribute *attr,
+static ssize_t platform_profile_show(struct kobject *kobj,
+                   struct kobj_attribute *attr,
                    char *buf)
 {
    enum platform_profile_option profile = PLATFORM_PROFILE_BALANCED;
@@ -77,8 +77,8 @@ static ssize_t platform_profile_show(struct device *dev,
    return sysfs_emit(buf, "%s\n", profile_names[profile]);
 }

-static ssize_t platform_profile_store(struct device *dev,
-               struct device_attribute *attr,
+static ssize_t platform_profile_store(struct kobject *kobj,
+               struct kobj_attribute *attr,
                const char *buf, size_t count)
 {
    int err, i;
@@ -115,12 +115,12 @@ static ssize_t platform_profile_store(struct device *dev,
    return count;
 }

-static DEVICE_ATTR_RO(platform_profile_choices);
-static DEVICE_ATTR_RW(platform_profile);
+static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices);
+static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile);

 static struct attribute *platform_profile_attrs[] = {
-   &dev_attr_platform_profile_choices.attr,
-   &dev_attr_platform_profile.attr,
+   &attr_platform_profile_choices.attr,
+   &attr_platform_profile.attr,
    NULL
 };

I've put it on paste.debian.net too since copying from GitHub does not always work well: https://paste.debian.net/downloadh/747d3f6b

$ curl -LSs https://paste.debian.net/downloadh/747d3f6b | git apply -3v
Checking patch drivers/acpi/platform_profile.c...
Applied patch to 'drivers/acpi/platform_profile.c' cleanly.
Applied patch drivers/acpi/platform_profile.c cleanly.

If it works, please let me know if you would like a Reported-by: tag and what name/email I should use when I write the formal patch (and I'll stick a Tested-by: on there too).

flukeeey commented 2 months ago

Looks to be working perfectly now!

I can cat both of the aforementioned files, and also set the platform profile by echoing 'low-power', 'balanced', or 'performance' to /sys/firmware/acpi/platform_profile.

Please use John Rowley <lkml@johnrowley.me> for those two tags.

Many thanks for the prompt fix (and the kudos). :smile:

nathanchance commented 2 months ago

Thanks a lot for the quick testing! I have sent a formal patch: https://lore.kernel.org/20240819-acpi-platform_profile-fix-cfi-violation-v1-1-479365d848f6@kernel.org/

dileks commented 1 month ago

@nathanchance @samitolvanen

What is the status of this patch?

We had similiar issues - one I can remember was (2020 - early days of Clang-CFI):

"perf/x86: fix sysfs type mismatches" https://git.kernel.org/linus/ebd19fc372e3e78bf165f230e7c084e304441c08

nathanchance commented 1 month ago

What is the status of this patch?

Per the thread, I was waiting for Greg to give me some guidance on his proposed solution but I'll consider just sending v2 with the wording changes I mentioned if he does not reply by the end of the week.