drm/i915: Fix CFI violation with show_dynamic_id()

stable inclusion from stable-v5.10.121 commit 3161044e75b71d191b2b859826cfbb0d5589de5a category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5L6CQ Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3161044e75b71d191b2b859826cfbb0d5589de5a -------------------------------- [ Upstream commit 58606220 ] When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() callback to kobj_attr_show(). kobj_attr_show() uses container_of() to get the ->show() callback from the attribute it was passed, meaning the ->show() callback needs to be the same type as the ->show() callback in 'struct kobj_attribute'. However, show_dynamic_id() has the type of the ->show() callback in 'struct device_attribute', which causes a CFI violation when opening the 'id' sysfs node under drm/card0/metrics. This happens to work because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast happens to allow the ->show() callback to still work. Change the type of show_dynamic_id() to match the ->show() callback in 'struct kobj_attributes' and update the type of sysfs_metric_id to match, which resolves the CFI violation. Fixes: f89823c2 ("drm/i915/perf: Implement I915_PERF_ADD/REMOVE_CONFIG interface") Signed-off-by: N Nathan Chancellor <nathan@kernel.org> Reviewed-by: N Kees Cook <keescook@chromium.org> Reviewed-by: N Sami Tolvanen <samitolvanen@google.com> Signed-off-by: N Tvrtko Ursulin <tvrtko.ursulin@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220513075136.1027007-1-tvrtko.ursulin@linux.intel.com (cherry picked from commit 18fb42db) Signed-off-by: N Jani Nikula <jani.nikula@intel.com> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com>

drm/i915: Fix CFI violation with show_dynamic_id()
stable inclusion from stable-v5.10.121 commit 3161044e75b71d191b2b859826cfbb0d5589de5a category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5L6CQ Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3161044e75b71d191b2b859826cfbb0d5589de5a -------------------------------- [ Upstream commit 58606220 ] When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() callback to kobj_attr_show(). kobj_attr_show() uses container_of() to get the ->show() callback from the attribute it was passed, meaning the ->show() callback needs to be the same type as the ->show() callback in 'struct kobj_attribute'. However, show_dynamic_id() has the type of the ->show() callback in 'struct device_attribute', which causes a CFI violation when opening the 'id' sysfs node under drm/card0/metrics. This happens to work because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast happens to allow the ->show() callback to still work. Change the type of show_dynamic_id() to match the ->show() callback in 'struct kobj_attributes' and update the type of sysfs_metric_id to match, which resolves the CFI violation. Fixes: f89823c2 ("drm/i915/perf: Implement I915_PERF_ADD/REMOVE_CONFIG interface") Signed-off-by: N Nathan Chancellor <nathan@kernel.org> Reviewed-by: N Kees Cook <keescook@chromium.org> Reviewed-by: N Sami Tolvanen <samitolvanen@google.com> Signed-off-by: N Tvrtko Ursulin <tvrtko.ursulin@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220513075136.1027007-1-tvrtko.ursulin@linux.intel.com (cherry picked from commit 18fb42db) Signed-off-by: N Jani Nikula <jani.nikula@intel.com> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com>
29419e1e · Nathan Chancellor · Zheng Zengkai · 547f879a · 29419e1e · 29419e1e
显示空白变更内容
内联并排

Showing with 3 addition and 3 deletion

drivers/gpu/drm/i915/i915_perf.c drivers/gpu/drm/i915/i915_perf.c +2 -2

drivers/gpu/drm/i915/i915_perf_types.h drivers/gpu/drm/i915/i915_perf_types.h +1 -1

未找到文件。
--- a/drivers/gpu/drm/i915/i915_perf.c
+++ b/drivers/gpu/drm/i915/i915_perf.c
@@ -3964,8 +3964,8 @@ static struct i915_oa_reg *alloc_oa_regs(struct i915_perf *perf,
 	return ERR_PTR(err);
 }
-static ssize_t show_dynamic_id(struct device *dev,
+static ssize_t show_dynamic_id(struct kobject *kobj,
-			       struct device_attribute *attr,
+			       struct kobj_attribute *attr,
 			       char *buf)
 {
 	struct i915_oa_config *oa_config =

--- a/drivers/gpu/drm/i915/i915_perf_types.h
+++ b/drivers/gpu/drm/i915/i915_perf_types.h
@@ -54,7 +54,7 @@ struct i915_oa_config {
 	struct attribute_group sysfs_metric;
 	struct attribute *attrs[2];
-	struct device_attribute sysfs_metric_id;
+	struct kobj_attribute sysfs_metric_id;
 	struct kref ref;
 	struct rcu_head rcu;