Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1426749rwb; Wed, 14 Dec 2022 10:02:22 -0800 (PST) X-Google-Smtp-Source: AA0mqf5Q9dVN0rbJBX6gqPks4+ezWPMyYGTjP+iqUOpqDPVPOtFYgTvnBKj0MTgDhRwz5fFlZa72 X-Received: by 2002:a05:6a00:1c9d:b0:577:753a:6af with SMTP id y29-20020a056a001c9d00b00577753a06afmr26637054pfw.31.1671040942384; Wed, 14 Dec 2022 10:02:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671040942; cv=none; d=google.com; s=arc-20160816; b=U0cUVwjLuuU7ghEoqsvHKPegyENxBv4IHTa/kAtKVezz9KB0JWXcNJL+D482Oq2JK2 bonYa22f3q3mgu8YfV7g+H9mGVz8mlPRDufpJ98Es7FNvXA9cebZqYmJR7IdP3/3mAST XiPZdshaawLCNzsUFzlqlpHhf86wpVb3BO1DagFXWa0Pqot00Se4V5lOI4z/3sqdJcZx 22dM+kQEfnNejItEvjpNyT5/a4Av1nhifKmjZ/TODhZX0lvQ43NwaZBwHc4OpiRimImV woTxE+twEsHEzfINveuopte62Ozr1uhHB1HV1UKe5BYe/ujARy1kktymlilpECp+VX0r u1MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=/gMcAsZd62vQQ+U5Vzjbz1HbDiYN+5cCOnUt2EVlef4=; b=Zv7EDeKgIFD/DaJXGJUKbPhSQ8mwGB/z2OMFWhblWmeJm0O6OQvtm0xCWyOA/pavau qiAxNek9YKC1I0ix7xAh+89xZmsmrYUzx7QYA1XFyMKP36Y6CGDdg3l22BeTDFsoxpCG x2xgoTMLXc6Ebc7ex3L6vm/RJsPNXyt5m55eX5iADnRbT2G6OWsQIaVVwa9mobJwWpEe V7RPdYBRQdDBcvfgNwCwHkPmliOGpZ//EAafZuGdGdHM+m5RGL5HYlxtOesdkJ3f2/z0 qGvHCd7oI6DH/9WpXavFAFRElzYRL1OcKkW2iiVXoTUFKNeYWE2VaSCnGmE8gFwfULk4 /0DQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u22-20020a056a00159600b0056b99990e87si405700pfk.215.2022.12.14.10.02.10; Wed, 14 Dec 2022 10:02:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238519AbiLNRfO convert rfc822-to-8bit (ORCPT + 69 others); Wed, 14 Dec 2022 12:35:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238064AbiLNRfJ (ORCPT ); Wed, 14 Dec 2022 12:35:09 -0500 Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.85.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9A1226ACC for ; Wed, 14 Dec 2022 09:35:06 -0800 (PST) Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mtapsc-4-oxZQ4DUbPQStXoCR3WtWJQ-1; Wed, 14 Dec 2022 17:35:03 +0000 X-MC-Unique: oxZQ4DUbPQStXoCR3WtWJQ-1 Received: from AcuMS.Aculab.com (10.202.163.6) by AcuMS.aculab.com (10.202.163.6) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 14 Dec 2022 17:35:01 +0000 Received: from AcuMS.Aculab.com ([::1]) by AcuMS.aculab.com ([::1]) with mapi id 15.00.1497.044; Wed, 14 Dec 2022 17:35:01 +0000 From: David Laight To: 'Greg Kroah-Hartman' , Prashanth K CC: "Gustavo A . R . Silva" , Shuah Khan , John Keeping , Linyu Yuan , Pratham Pratap , Vincent Pelletier , Dan Carpenter , Udipto Goswami , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "# 5 . 15" Subject: RE: usb: f_fs: Fix CFI failure in ki_complete Thread-Topic: usb: f_fs: Fix CFI failure in ki_complete Thread-Index: AQHZDjGpwikydY+vnkC/L44cbfn06q5tpHEA Date: Wed, 14 Dec 2022 17:35:01 +0000 Message-ID: References: <1670851464-8106-1-git-send-email-quic_prashk@quicinc.com> In-Reply-To: Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,PDS_BAD_THREAD_QP_64, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg Kroah-Hartman > Sent: 12 December 2022 13:35 > > On Mon, Dec 12, 2022 at 06:54:24PM +0530, Prashanth K wrote: > > Function pointer ki_complete() expects 'long' as its second > > argument, but we pass integer from ffs_user_copy_worker. This > > might cause a CFI failure, as ki_complete is an indirect call > > with mismatched prototype. Fix this by typecasting the second > > argument to long. > > "might"? Does it or not? If it does, why hasn't this been reported > before? Does the cast even help at all. ... > > - io_data->kiocb->ki_complete(io_data->kiocb, ret); > > + io_data->kiocb->ki_complete(io_data->kiocb, (long)ret); ... If definition of the parameter in the structure member ki_complete() definition is 'long' then the compiler has to promote 'ret' to long anyway. CFI has nothing to do with it. OTOH if you've used a cast to assign a function with a different prototype to ki_complete then 'all bets are off' and you get all the run time errors you deserve. CFI just converts some of them to compile time errors. For instance if you assign xx_complete(long) to (*ki_complete)(int) then it is very likely that xx_complete() will an argument with some of the high bits set. But adding a cast to the call - ki_complete((long)int_var) will make absolutely no difference. The compiler wont zero/sign extend int_var to 64bits for you, that will just get optimised away and the high bits will be unchanged. You're description seems to be the other way around (which might be safe, but CFI probably still barfs). But you need to fix the indirect calls so the function types match. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)