2bf2346159
There are four different callback functions that are used for the rproc_handle_resource_t callback that all have different second parameter types. rproc_handle_vdev -> struct fw_rsc_vdev rproc_handle_trace -> struct fw_rsc_trace rproc_handle_devmem -> struct fw_rsc_devmem rproc_handle_carveout -> struct fw_rsc_carveout These callbacks are cast to rproc_handle_resource_t so that there is no error about incompatible pointer types. Unfortunately, this is a Clang's Control-Flow Integrity checking violation, which verifies that the callback function's types match the prototypes exactly before jumping. [ 7.275750] Kernel panic - not syncing: CFI failure (target: rproc_handle_vdev+0x0/0x4) [ 7.283763] CPU: 2 PID: 1 Comm: init Tainted: G C O 5.4.70-03301-g527af2c96672 #17 [ 7.292463] Hardware name: NXP i.MX8MPlus EVK board (DT) [ 7.297779] Call trace: [ 7.300232] dump_backtrace.cfi_jt+0x0/0x4 [ 7.304337] show_stack+0x18/0x24 [ 7.307660] dump_stack+0xb8/0x114 [ 7.311069] panic+0x164/0x3d4 [ 7.314130] __ubsan_handle_cfi_check_fail_abort+0x0/0x14 [ 7.319533] perf_proc_update_handler+0x0/0xcc [ 7.323983] __cfi_check+0x63278/0x6a290 [ 7.327913] rproc_boot+0x3f8/0x738 [ 7.331404] rproc_add+0x68/0x110 [ 7.334738] imx_rproc_probe+0x5e4/0x708 [imx_rproc] [ 7.339711] platform_drv_probe+0xac/0xf0 [ 7.343726] really_probe+0x260/0x65c [ 7.347393] driver_probe_device+0x64/0x100 [ 7.351580] device_driver_attach+0x6c/0xac [ 7.355766] __driver_attach+0xdc/0x184 [ 7.359609] bus_for_each_dev+0x98/0x104 [ 7.363537] driver_attach+0x24/0x30 [ 7.367117] bus_add_driver+0x100/0x1e0 [ 7.370958] driver_register+0x78/0x114 [ 7.374800] __platform_driver_register+0x44/0x50 [ 7.379514] init_module+0x20/0xfe8 [imx_rproc] [ 7.384049] do_one_initcall+0x190/0x348 [ 7.387979] do_init_module+0x5c/0x210 [ 7.391731] load_module+0x2fbc/0x3590 [ 7.395485] __arm64_sys_finit_module+0xb8/0xec [ 7.400025] el0_svc_common+0xb4/0x19c [ 7.403777] el0_svc_handler+0x74/0x98 [ 7.407531] el0_svc+0x8/0xc [ 7.410419] SMP: stopping secondary CPUs [ 7.414648] Kernel Offset: disabled [ 7.418142] CPU features: 0x00010002,2000200c [ 7.422501] Memory Limit: none To fix this, change the second parameter of all functions to void * and use a local variable with the correct type so that everything works properly. With this, we can remove casting to rproc_handle_resource_t for these functions. Signed-off-by: Jindong Yue <jindong.yue@nxp.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org> Link: https://lore.kernel.org/r/20210224055825.7417-1-jindong.yue@nxp.com Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| da8xx_remoteproc.c | ||
| imx_rproc.c | ||
| ingenic_rproc.c | ||
| keystone_remoteproc.c | ||
| mtk_common.h | ||
| mtk_scp.c | ||
| mtk_scp_ipi.c | ||
| omap_remoteproc.c | ||
| omap_remoteproc.h | ||
| pru_rproc.c | ||
| pru_rproc.h | ||
| qcom_common.c | ||
| qcom_common.h | ||
| qcom_pil_info.c | ||
| qcom_pil_info.h | ||
| qcom_q6v5.c | ||
| qcom_q6v5.h | ||
| qcom_q6v5_adsp.c | ||
| qcom_q6v5_mss.c | ||
| qcom_q6v5_pas.c | ||
| qcom_q6v5_wcss.c | ||
| qcom_sysmon.c | ||
| qcom_wcnss.c | ||
| qcom_wcnss.h | ||
| qcom_wcnss_iris.c | ||
| remoteproc_cdev.c | ||
| remoteproc_core.c | ||
| remoteproc_coredump.c | ||
| remoteproc_debugfs.c | ||
| remoteproc_elf_helpers.h | ||
| remoteproc_elf_loader.c | ||
| remoteproc_internal.h | ||
| remoteproc_sysfs.c | ||
| remoteproc_virtio.c | ||
| st_remoteproc.c | ||
| st_slim_rproc.c | ||
| stm32_rproc.c | ||
| ti_k3_dsp_remoteproc.c | ||
| ti_k3_r5_remoteproc.c | ||
| ti_sci_proc.h | ||
| wkup_m3_rproc.c | ||