From 5ee4402c076ee765061e4090346ce9da43c09bfb Mon Sep 17 00:00:00 2001 From: Danny Lin Date: Mon, 6 Jul 2020 14:51:53 -0700 Subject: [PATCH] rmnet_shs: Fix CFI violation in packet assignment This fixes the following CFI violation when the rmnet_shs module is loaded: CFI failure (target: [] rmnet_shs_assign+0x0/0x9d0): ------------[ cut here ]------------ WARNING: CPU: 1 PID: 0 at rmnet_deliver_skb+0x224/0x24c CPU: 1 PID: 0 Comm: swapper/1 Tainted: G S W 4.14.186 #1 Hardware name: Qualcomm Technologies, Inc. SM8150 V2 PM8150 MTP 18865 19863 14 15 (DT) task: 0000000098c067f6 task.stack: 00000000289c42de pc : rmnet_deliver_skb+0x224/0x24c lr : rmnet_deliver_skb+0x224/0x24c sp : ffffff801000bc10 pstate : 60400145 x29: ffffff801000bc10 x28: ffffff9cdc68e798 x27: ffffffe5ed28e090 x26: 0000000000000000 x25: 0000000000000000 x24: ffffffe585b41ca8 x23: 0000000000000001 x22: ffffff9cddd1e27c x21: ffffffe5f40fd100 x20: ffffffe5dfb95000 x19: ffffffe4eff9d500 x18: 0000000000000002 x17: 000000000000009c x16: 000000000000009c x15: 0000000000000068 x14: 0000000000000082 x13: ffffff9cdefaec08 x12: 0000000000000004 x11: 00000000ffffffff x10: ffffffe5f5200000 x9 : 99d99e2e2d2e1900 x8 : 99d99e2e2d2e1900 x7 : 0000000000000000 x6 : ffffffe5f5209fc2 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000003a29 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000046 \x0aPC: 0xffffff9cdd12b3fc: b3fc a9424ff4 a94157f6 a8c37bfd d65f03c0 91246100 aa1303e1 9431af1a a9424ff4 b41c a94157f6 a8c37bfd d65f03c0 900091e0 91188000 aa1603e1 aa1603e2 97d8aba3 b43c d4210000 17ffff9e aa1503e0 97d9478c 17ffffa5 aa1503e0 aa0803f6 97d94788 b45c aa1603e8 17ffffac d10103ff a9017bfd a90257f6 a9034ff4 910043fd aa0003f3 \x0aLR: 0xffffff9cdd12b3fc: b3fc a9424ff4 a94157f6 a8c37bfd d65f03c0 91246100 aa1303e1 9431af1a a9424ff4 b41c a94157f6 a8c37bfd d65f03c0 900091e0 91188000 aa1603e1 aa1603e2 97d8aba3 b43c d4210000 17ffff9e aa1503e0 97d9478c 17ffffa5 aa1503e0 aa0803f6 97d94788 b45c aa1603e8 17ffffac d10103ff a9017bfd a90257f6 a9034ff4 910043fd aa0003f3 \x0aSP: 0xffffff801000bbd0: bbd0 dd12b43c ffffff9c 60400145 00000000 1000bbb8 ffffff80 dd12b2b4 ffffff9c bbf0 ffffffff 0000007f 2d2e1900 99d99e2e 1000bc10 ffffff80 dd12b43c ffffff9c bc10 1000bc40 ffffff80 ddd18d48 ffffff9c 00000040 00000000 ddd18338 ffffff9c bc30 eff9d500 ffffffe4 85b41c18 ffffffe5 1000bc50 ffffff80 ddd1a390 ffffff9c Call trace: rmnet_deliver_skb+0x224/0x24c rmnet_perf_core_send_skb+0x138/0x140 rmnet_perf_opt_flush_single_flow_node+0x624/0x668 rmnet_perf_core_deaggregate+0x194/0x2c4 rmnet_rx_handler+0x17c/0x270 __netif_receive_skb_core+0x50c/0xba0 process_backlog+0x1e4/0x3d0 net_rx_action+0x134/0x4f4 __do_softirq+0x16c/0x344 irq_exit+0x16c/0x178 handle_IPI+0x220/0x2e0 gic_handle_irq.16379+0xa8/0x180 el1_irq+0xb0/0x124 lpm_cpuidle_enter+0x33c/0x358 cpuidle_enter_state+0x220/0x400 do_idle+0x430/0x5f0 cpu_startup_entry+0x74/0x78 __cpu_disable+0x0/0xf0 ---[ end trace 6e7b287874dec53f ]--- Reported-by: Adam W. Willis Signed-off-by: Danny Lin Signed-off-by: Adam W. Willis Signed-off-by: Carlos Ayrton Lopez Arroyo <15030201@itcelaya.edu.mx> --- drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c index 083c8d6bc403..3adb4b7498f7 100644 --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c @@ -88,13 +88,13 @@ void rmnet_set_skb_proto(struct sk_buff *skb) EXPORT_SYMBOL(rmnet_set_skb_proto); /* Shs hook handler */ -int (*rmnet_shs_skb_entry)(struct sk_buff *skb, - struct rmnet_port *port) __rcu __read_mostly; +void (*rmnet_shs_skb_entry)(struct sk_buff *skb, + struct rmnet_port *port) __rcu __read_mostly; EXPORT_SYMBOL(rmnet_shs_skb_entry); /* Shs hook handler for work queue*/ -int (*rmnet_shs_skb_entry_wq)(struct sk_buff *skb, - struct rmnet_port *port) __rcu __read_mostly; +void (*rmnet_shs_skb_entry_wq)(struct sk_buff *skb, + struct rmnet_port *port) __rcu __read_mostly; EXPORT_SYMBOL(rmnet_shs_skb_entry_wq); /* Generic handler */ @@ -102,7 +102,7 @@ EXPORT_SYMBOL(rmnet_shs_skb_entry_wq); void rmnet_deliver_skb(struct sk_buff *skb, struct rmnet_port *port) { - int (*rmnet_shs_stamp)(struct sk_buff *skb, struct rmnet_port *port); + void (*rmnet_shs_stamp)(struct sk_buff *skb, struct rmnet_port *port); struct rmnet_priv *priv = netdev_priv(skb->dev); trace_rmnet_low(RMNET_MODULE, RMNET_DLVR_SKB, 0xDEF, 0xDEF, @@ -147,7 +147,7 @@ void rmnet_deliver_skb_wq(struct sk_buff *skb, struct rmnet_port *port, enum rmnet_packet_context ctx) { - int (*rmnet_shs_stamp)(struct sk_buff *skb, struct rmnet_port *port); + void (*rmnet_shs_stamp)(struct sk_buff *skb, struct rmnet_port *port); struct rmnet_priv *priv = netdev_priv(skb->dev); trace_rmnet_low(RMNET_MODULE, RMNET_DLVR_SKB, 0xDEF, 0xDEF,