Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1617029pxf; Fri, 2 Apr 2021 16:31:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxB8v/O9H3iluYOKn6GGNcE48MTRan/Yj38FjRG53ocMA10Qu21QxoeBDeMniy1KZbSeTvv X-Received: by 2002:a5e:c911:: with SMTP id z17mr13135613iol.153.1617406290331; Fri, 02 Apr 2021 16:31:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617406290; cv=none; d=google.com; s=arc-20160816; b=cOewiqSMI/cKSN16IqcVsWFohnHDQcBDnoPSJKggQjcyesrliYNeVLAWzzIfraJLms uTEw0h7zNjXXvDFI1ZKjnDJWNQq1XB9uEadS1VvlndfjyPAnvH9smPbSkqmG7QwC55uJ b0+oZP/zrBIhoqF0ywpeAq+QlnLC8eB6MRu6ebBCLfLOLm85U/vlsKeriI02Z1YfnPbG KmSNUWc3xn3pmFTDrQyZW1khWR+0wRk21YmxEomhxEKCekVab3N3dqEK+hESdGeMdNcp eRGhdQqZWgGHdA9+FDTr/yZa7b7XIOaHRsv3tq48Aalythhoah7pUV6WdUwp3VsiPS0A RGoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=DUrZ26ujqM3QH+AI2fr1q6gmaG6zG9DayC1eq0IxhSk=; b=xtaV2O8h6H9NC9hQmkA55dW9OJRQwy68iVhcTRpxFBAD12DoInGFTIHyS7Fj89MPog 6T96xz3nLELeaBzv7wNBno6whFBaEpZuR+0oAmF7JxSmtjhNMab06Kb+X9aCWewCXbC+ W32GrpB3v6nm5NyFhwHk0JyP8HPtRp3iVc47D0f32Pa3gyyJiDK7qzbhfDY6pk626PAn 394eboKRduM1AVtcPNcG1DZOU/2K6G6REUTfhiGFaPPpM0iRQG6miDq+a2q9F8jopJf8 R6QqeC9I4qY4GTJRNpYTy4qUGFBHJwSi5foj/qpjgzQZwk/Sdhhca3AsE1eoZw88u6Di z5fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=VC23UchA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f10si8471684ilu.55.2021.04.02.16.31.05; Fri, 02 Apr 2021 16:31:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=VC23UchA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235256AbhDBXaa (ORCPT + 99 others); Fri, 2 Apr 2021 19:30:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234908AbhDBXa0 (ORCPT ); Fri, 2 Apr 2021 19:30:26 -0400 Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B9FFC061788 for ; Fri, 2 Apr 2021 16:30:21 -0700 (PDT) Received: by mail-qt1-x82d.google.com with SMTP id f12so4656390qtq.4 for ; Fri, 02 Apr 2021 16:30:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=DUrZ26ujqM3QH+AI2fr1q6gmaG6zG9DayC1eq0IxhSk=; b=VC23UchA4J9bfV/sfuT9otlTK2bD8j2XBa0RdA8wXN1iCDY4ehhZfOmbvIvnizSYXz dzQpEFn04N7wmFOzpZPsMZ/mo1/4AoaX9/fX5DCf/MxyRxaXYxJg/z6VMx9ebrtIXIZL Mh0y20k8HZZFmYoAUlCC/CEAa2+HN1ksO+WA8Dp3Y6SzL/auivv3nJWGW3lgdgRoQ4ab 82W7LZfjiPO+6rtsaGclwHeChKw6j0vqAy7Ht4pr2LKNgHGqy55PMlhLF9XvxVKwbXF+ CeDgl0yoYaQ56Avn9f54CnIcgYg6gSaKEuyQWgi2l5pf9aDorerWwdiSEDTFD2ZP6hwy EV7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=DUrZ26ujqM3QH+AI2fr1q6gmaG6zG9DayC1eq0IxhSk=; b=VzkWUYmn5AFTiTkagLnMR97GEMPjxiqR4IONN/3/FpjhF3HjFNmH6Z6VNv88Zar9t3 rGGMnnoxYmxUhwVIaTTYYg9KV0lW4gUjqUz7Zi+Ty96Q7gxU2qVqy4czQAGMmzpe6umI Zc7xjND0OMnMDfi48zcgPy0DPi3q6Y+VL0eLe081Gv6IbbzxxiqGGVEg2I40KLofeOD1 OK4P7bk4Nz1Lsh1jVF9SYJLV/4uublXCd40T2qfZl9mFtaeK2XcS64KpH7sJVuP/bCwr x4DpKb0xVHrJGSL9Y6lLEhBGmWg1z5mVlkrLHHwAgwstlH6JDPSH050m1N/b4BLcJx1C H34A== X-Gm-Message-State: AOAM5325cbQT0hxMKtPJ/r/UVstj6Tz3+l2Q3cHe9N3g/fBK3CqkAMQD G4UsmxQVoUlWyXGeER3mKDj3/g== X-Received: by 2002:ac8:544:: with SMTP id c4mr13510366qth.248.1617406220566; Fri, 02 Apr 2021 16:30:20 -0700 (PDT) Received: from ziepe.ca (hlfxns017vw-142-162-115-133.dhcp-dynamic.fibreop.ns.bellaliant.net. [142.162.115.133]) by smtp.gmail.com with ESMTPSA id j6sm8695976qkl.84.2021.04.02.16.30.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Apr 2021 16:30:19 -0700 (PDT) Received: from jgg by mlx with local (Exim 4.94) (envelope-from ) id 1lSTF4-0003Yk-So; Fri, 02 Apr 2021 20:30:18 -0300 Date: Fri, 2 Apr 2021 20:30:18 -0300 From: Jason Gunthorpe To: Kees Cook Cc: Nathan Chancellor , Doug Ledford , Leon Romanovsky , Parav Pandit , Sami Tolvanen , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com Subject: Re: CFI violation in drivers/infiniband/core/sysfs.c Message-ID: <20210402233018.GA7721@ziepe.ca> References: <20210402195241.gahc5w25gezluw7p@archlinux-ax161> <202104021555.08B883C7@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202104021555.08B883C7@keescook> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 02, 2021 at 04:03:30PM -0700, Kees Cook wrote: > > relevant. It seems to me that the hw_counters 'struct attribute_group' > > should probably be its own kobj within both of these structures so they > > can have their own sysfs ops (unless there is some other way to do this > > that I am missing). Err, yes, every subclass of the attribute should be accompanied by a distinct kobject type to relay the show methods with typesafety, this is how this design pattern is intended to be used. If I understand your report properly the hw_stats_attribute is being assigned to a 'port_type' kobject and it only works by pure luck because the show/store happens to overlap between port and hsa attributes? > > I would appreciate someone else taking a look and seeing if I am off > > base or if there is an easier way to solve this. > > So, it seems that the reason for a custom kobj_type here is to use the > .release callback. Every kobject should be associated with a specific, fixed, attribute type. The purpose of the wrappers is to inject type safety so the attribute implementations know they are working on the right stuff. In turn, an attribute of a specific attribute type can only be injected into a kobject that has the matching type. This code is insane because it does this: hsag->attrs[i] = alloc_hsa(i, port_num, stats->names[i]); // This is port kobject struct kobject *kobj = &port->kobj; ret = sysfs_create_group(kobj, hsag); [..] // This is a struct device kobject struct kobject *kobj = &device->dev.kobj; ret = sysfs_create_group(kobj, hsag); Which is absolutely not allowed, you can't have a generic attribute handler and stuff it into two different types! Things MUST use the proper attribute subclass for what they are being attached to. The answer is that the setup_hw_stats_() for port and device must be split up and the attribute implementations for each of them have to subclass starting from the correct type. So we'd end up with two attributes for hw_stats struct port_hw_stats { struct port_attr attr; struct hw_stats_data data; }; struct device_hw_stats { struct device_attr attr; struct hw_stats_data data; }; And then two show/set functions that bounce through the correct types to the data. And so on. Jason