2022-11-02 17:37:02

by Nathan Chancellor

[permalink] [raw]
Subject: [PATCH 3/4] counter: ti-ecap-capture: Adjust final parameter type of ecap_cnt_pol_{read,write}()

With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:

drivers/counter/ti-ecap-capture.c:384:2: error: incompatible function pointer types initializing 'int (*)(struct counter_device *, struct counter_signal *, size_t, u32 *)' (aka 'int (*)(struct counter_device *, struct counter_signal *, unsigned long, unsigned int *)') with an expression of type 'int (struct counter_device *, struct counter_signal *, size_t, enum counter_signal_polarity *)' (aka 'int (struct counter_device *, struct counter_signal *, unsigned long, enum counter_signal_polarity *)') [-Werror,-Wincompatible-function-pointer-types-strict]
COUNTER_COMP_ARRAY_POLARITY(ecap_cnt_pol_read, ecap_cnt_pol_write, ecap_cnt_pol_array),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/counter.h:627:27: note: expanded from macro 'COUNTER_COMP_ARRAY_POLARITY'
.signal_array_u32_read = (_read), \
^~~~~~~
drivers/counter/ti-ecap-capture.c:384:2: error: incompatible function pointer types initializing 'int (*)(struct counter_device *, struct counter_signal *, size_t, u32)' (aka 'int (*)(struct counter_device *, struct counter_signal *, unsigned long, unsigned int)') with an expression of type 'int (struct counter_device *, struct counter_signal *, size_t, enum counter_signal_polarity)' (aka 'int (struct counter_device *, struct counter_signal *, unsigned long, enum counter_signal_polarity)') [-Werror,-Wincompatible-function-pointer-types-strict]
COUNTER_COMP_ARRAY_POLARITY(ecap_cnt_pol_read, ecap_cnt_pol_write, ecap_cnt_pol_array),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/counter.h:628:28: note: expanded from macro 'COUNTER_COMP_ARRAY_POLARITY'
.signal_array_u32_write = (_write), \
^~~~~~~~
2 errors generated.

->signal_array_u32_read() and ->signal_array_u32_write() in 'struct
counter_comp' expect a final parameter type of 'u32 *' and 'u32'
respectively, not 'enum counter_signal_polarity *' and 'enum
counter_signal_polarity'. Adjust the final parameter type of
ecap_cnt_pol_{read,write}() to match the prototype's to resolve the
warning and CFI failure.

Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Reported-by: Sami Tolvanen <[email protected]>
Signed-off-by: Nathan Chancellor <[email protected]>
---
Cc: Vignesh Raghavendra <[email protected]>
Cc: Julien Panis <[email protected]>
Cc: [email protected]
---
drivers/counter/ti-ecap-capture.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/counter/ti-ecap-capture.c b/drivers/counter/ti-ecap-capture.c
index 96e5d1f271b8..49e349680884 100644
--- a/drivers/counter/ti-ecap-capture.c
+++ b/drivers/counter/ti-ecap-capture.c
@@ -234,7 +234,7 @@ static int ecap_cnt_clk_get_freq(struct counter_device *counter,

static int ecap_cnt_pol_read(struct counter_device *counter,
struct counter_signal *signal,
- size_t idx, enum counter_signal_polarity *pol)
+ size_t idx, u32 *pol)
{
struct ecap_cnt_dev *ecap_dev = counter_priv(counter);
int bitval;
@@ -250,7 +250,7 @@ static int ecap_cnt_pol_read(struct counter_device *counter,

static int ecap_cnt_pol_write(struct counter_device *counter,
struct counter_signal *signal,
- size_t idx, enum counter_signal_polarity pol)
+ size_t idx, u32 pol)
{
struct ecap_cnt_dev *ecap_dev = counter_priv(counter);

--
2.38.1