RE: [EXT] Re: [PATCH] i2c: core: Disable i2c_generic_scl_recovery callback checks with CFI

From: Zhipeng Wang
Date: Thu Jun 30 2022 - 02:20:35 EST


CONFIG_CFI_CLANG breaks cross-module function address equality because the jump tables are built at link time. That works for the monolithic kernel, but loadable modules are linked separately. CFI in loadable modules works, but each module gets its own jump tables. That function pointers are replaced by pointers into the jump tables; since modules have different jump tables, they will get different pointers as well. In other words, the values of two pointers to the same function will differ if one of them is in a loadable module.

In summary. info->recover_bus = i2c_generic_scl_recovery in I2C adapter driver, and in the I2C core to judge whether bri->recover_bus and i2c_generic_scl_recovery are equal, the case cannot work, after enabling CFI.

From a) to fix this issue, we can only avoid the case mentioned above. I didn't find a better way, so I submitted this patch.
From b) CFI to fix this issue, does Sami @samitolvanen@xxxxxxxxxx have a solution? According to my understanding, this is a side effect of Control Flow Integrity (CFI).

BRs
Zhipeng

-----Original Message-----
From: Wolfram Sang <wsa@xxxxxxxxxx>
Sent: 2022年6月30日 3:29
To: Zhipeng Wang <zhipeng.wang_1@xxxxxxx>
Cc: linux-i2c@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
Subject: [EXT] Re: [PATCH] i2c: core: Disable i2c_generic_scl_recovery callback checks with CFI

On Tue, Jun 28, 2022 at 10:41:55AM +0800, Zhipeng Wang wrote:
> CONFIG_CFI_CLANG breaks cross-module function address equality, which
> breaks i2c_generic_scl_recovery as it compares a locally taken
> function address to a one passed from a different module. Remove these
> sanity checks for now.

Can't we better fix a) the code or b) CFI?