CFI failure at kobj_attr_show (target: platform_profile_choices_show)

[flukeeey]

Hi!

When attempting to read /sys/firmware/acpi/platform_profile or /sys/firmware/acpi/platform_profile_choices I receive a "SIGSEGV (Address boundary error)" error, with the following oops:

[ 4218.319433] CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c)
[ 4218.319505] Oops: invalid opcode: 0000 [#2] PREEMPT SMP NOPTI
[ 4218.319512] CPU: 10 UID: 1000 PID: 6119 Comm: cat Tainted: G      D            6.11.0-rc4-nomod-00001-g20e8b2f2a6b2-dirty #142
[ 4218.319516] Tainted: [D]=DIE
[ 4218.319518] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.05 03/29/2024
[ 4218.319521] RIP: 0010:kobj_attr_show+0x19/0x30
[ 4218.319524] Code: cc b8 4f a9 a9 ff 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 5e 10 4d 85 db 74 14 41 ba f4 a6 96 85 45 03 53 f1 74 02 <0f> 0b 41 ff e3 cc 66 90 48 c7 c0 fb ff ff ff e9 3e 60 31 00 cc cc
[ 4218.319529] RSP: 0018:ffff9629888bbdd8 EFLAGS: 00010286
[ 4218.319532] RAX: ffff89c14636b660 RBX: ffff89c143f55708 RCX: 0000000000000000
[ 4218.319535] RDX: ffff89c14edd9000 RSI: ffffffffb330e148 RDI: ffff89c143e79d00
[ 4218.319536] RBP: ffff89c143f55730 R08: 0000000000001000 R09: ffff89c14edd9000
[ 4218.319538] R10: 00000000e5a3ca4d R11: ffffffffb0982cf0 R12: ffffffffb291f6a8
[ 4218.319540] R13: ffff89c2ba0b6240 R14: ffff89c143e79d00 R15: ffff89c14edd9000
[ 4218.319542] FS:  00007f258e80e740(0000) GS:ffff89c7c1e80000(0000) knlGS:0000000000000000
[ 4218.319545] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4218.319547] CR2: 00007f258e4e0000 CR3: 00000001f4e2e000 CR4: 0000000000f506f0
[ 4218.319549] PKRU: 55555554
[ 4218.319550] Call Trace:
[ 4218.319555]  <TASK>
[ 4218.319558]  ? __die+0xd9/0x120
[ 4218.319562]  ? die+0x2a/0x50
[ 4218.319564]  ? do_trap+0x9d/0x180
[ 4218.319577]  ? kobj_attr_show+0x19/0x30
[ 4218.319579]  ? kobj_attr_show+0x19/0x30
[ 4218.319581]  ? handle_invalid_op+0x65/0x80
[ 4218.319584]  ? kobj_attr_show+0x19/0x30
[ 4218.319586]  ? exc_invalid_op+0x38/0x60
[ 4218.319594]  ? asm_exc_invalid_op+0x1a/0x20
[ 4218.319613]  ? __cfi_platform_profile_choices_show+0x10/0x10
[ 4218.319616]  ? kobj_attr_show+0x19/0x30
[ 4218.319619]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 4218.319624]  sysfs_kf_seq_show+0xa1/0x110
[ 4218.319628]  seq_read_iter+0x1cf/0x4d0
[ 4218.319632]  vfs_read+0x2b2/0x340
[ 4218.319638]  ksys_read+0x80/0x100
[ 4218.319642]  do_syscall_64+0x56/0x100
[ 4218.319644]  entry_SYSCALL_64_after_hwframe+0x55/0x5d
[ 4218.319646] RIP: 0033:0x7f258e91cc21
[ 4218.319649] Code: ff ff eb bd 67 e8 3f ae 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 80 3d 45 34 0e 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec
[ 4218.319650] RSP: 002b:00007ffcc83f1e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 4218.319652] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f258e91cc21
[ 4218.319654] RDX: 0000000000040000 RSI: 00007f258e4e1000 RDI: 0000000000000003
[ 4218.319655] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007f258ea52380
[ 4218.319656] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f258e4e1000
[ 4218.319658] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000040000
[ 4218.319659]  </TASK>
[ 4218.319661] ---[ end trace 0000000000000000 ]---

System is an AMD Framework Laptop 13 running Arch Linux, kernel version 6.11.0-rc4 (commit: 20e8b2f2a6b2).

/proc/version:

Linux version 6.11.0-rc4-nomod-00001-g20e8b2f2a6b2-dirty (user@localhost) (ClangBuiltLinux clang version 19.1.0-rc2 (https://github.com/llvm/llvm-project.git d033ae172d1c5a85fd09c36e23608a9241ea2990), ClangBuiltLinux LLD 19.1.0 (https://github.com/llvm/llvm-project.git d033ae172d1c5a85fd09c36e23608a9241ea2990)) #142 SMP PREEMPT Mon Aug 19 16:25:43 BST 2024

Apologies if this is the incorrect place to report a CFI violation, and please let me know if I can assist further in investigation.

config.txt

[nathanchance]

Can you test this patch?

diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c
index d2f7fd7743a1..11278f785526 100644
--- a/drivers/acpi/platform_profile.c
+++ b/drivers/acpi/platform_profile.c
@@ -22,8 +22,8 @@ static const char * const profile_names[] = {
 };
 static_assert(ARRAY_SIZE(profile_names) == PLATFORM_PROFILE_LAST);
 
-static ssize_t platform_profile_choices_show(struct device *dev,
-					struct device_attribute *attr,
+static ssize_t platform_profile_choices_show(struct kobject *kobj,
+					struct kobj_attribute *attr,
 					char *buf)
 {
 	int len = 0;
@@ -49,8 +49,8 @@ static ssize_t platform_profile_choices_show(struct device *dev,
 	return len;
 }
 
-static ssize_t platform_profile_show(struct device *dev,
-					struct device_attribute *attr,
+static ssize_t platform_profile_show(struct kobject *kobj,
+					struct kobj_attribute *attr,
 					char *buf)
 {
 	enum platform_profile_option profile = PLATFORM_PROFILE_BALANCED;
@@ -77,8 +77,8 @@ static ssize_t platform_profile_show(struct device *dev,
 	return sysfs_emit(buf, "%s\n", profile_names[profile]);
 }
 
-static ssize_t platform_profile_store(struct device *dev,
-			    struct device_attribute *attr,
+static ssize_t platform_profile_store(struct kobject *kobj,
+			    struct kobj_attribute *attr,
 			    const char *buf, size_t count)
 {
 	int err, i;
@@ -115,12 +115,12 @@ static ssize_t platform_profile_store(struct device *dev,
 	return count;
 }
 
-static DEVICE_ATTR_RO(platform_profile_choices);
-static DEVICE_ATTR_RW(platform_profile);
+static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices);
+static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile);
 
 static struct attribute *platform_profile_attrs[] = {
-	&dev_attr_platform_profile_choices.attr,
-	&dev_attr_platform_profile.attr,
+	&attr_platform_profile_choices.attr,
+	&attr_platform_profile.attr,
 	NULL
 };
 

I've put it on paste.debian.net too since copying from GitHub does not always work well: https://paste.debian.net/downloadh/747d3f6b

$ curl -LSs https://paste.debian.net/downloadh/747d3f6b | git apply -3v
Checking patch drivers/acpi/platform_profile.c...
Applied patch to 'drivers/acpi/platform_profile.c' cleanly.
Applied patch drivers/acpi/platform_profile.c cleanly.

If it works, please let me know if you would like a Reported-by: tag and what name/email I should use when I write the formal patch (and I'll stick a Tested-by: on there too).

[flukeeey]

Looks to be working perfectly now!

I can cat both of the aforementioned files, and also set the platform profile by echoing 'low-power', 'balanced', or 'performance' to /sys/firmware/acpi/platform_profile.

Please use John Rowley <[email protected]> for those two tags.

Many thanks for the prompt fix (and the kudos). 😄

[nathanchance]

Thanks a lot for the quick testing! I have sent a formal patch: https://lore.kernel.org/20240819-acpi-platform_profile-fix-cfi-violation-v1-1-479365d848f6@kernel.org/

[dileks]

@nathanchance @samitolvanen

What is the status of this patch?

We had similiar issues - one I can remember was (2020 - early days of Clang-CFI):

"perf/x86: fix sysfs type mismatches"
https://git.kernel.org/linus/ebd19fc372e3e78bf165f230e7c084e304441c08

[nathanchance]

What is the status of this patch?

Per the thread, I was waiting for Greg to give me some guidance on his proposed solution but I'll consider just sending v2 with the wording changes I mentioned if he does not reply by the end of the week.

[flukeeey]

Hi @nathanchance, sorry for the ping but has there been any movement on this? I'm still seeing this issue in the just-released 6.12. Happy to test any v2 patches if you have them lying around.

Thanks. :)

[nathanchance]

Sorry for dropping the ball on the resend, I have sent v2 now:

https://lore.kernel.org/20241118-acpi-platform_profile-fix-cfi-violation-v2-1-62ff952804de@kernel.org/

[flukeeey]

All good! You're doing an amazing job in this project. 👌😊 I can give this patch a try later on. ---------------------------------------- *From: *Nathan Chancellor ***@***.***> *To: *ClangBuiltLinux/linux ***@***.***> *CC: *flukeeey ***@***.***>; Author ***@***.***> *Date: *18 Nov 2024 14:41:34 *Subject: *Re: [ClangBuiltLinux/linux] CFI failure at kobj_attr_show (target: platform_profile_choices_show) (Issue #2047)

…

Sorry for dropping the ball on the resend, I have sent v2 now: ***@***.***/ — Reply to this email directly, view it on GitHub[#2047 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/BASZQVSRRKVHGJIT3FPZSBT2BH4BXAVCNFSM6AAAAABMYJ5PISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBTGI2DQNBXGA]. You are receiving this because you authored the thread. [Tracking image][https://github.com/notifications/beacon/BASZQVQQJQLIG4JANJUQEU32BH4BXA5CNFSM6AAAAABMYJ5PISWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTUUANOVM.gif]

[flukeeey]

v2 is working well for me. 👍

[dileks]

How to reproduce?

grep -i acpi /boot/config-6.12.0-1-amd64-clang19-kcfi | grep -i platform
CONFIG_ACPI_PLATFORM_PROFILE=m
CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI=m

modprobe -v platform_profile
insmod /lib/modules/6.12.0-1-amd64-clang19-kcfi/kernel/drivers/acpi/platform_profile.ko.zst

lsmod | grep plat
platform_profile       16384  0

mount -t sysfs sysfs /sys

find /sys -name 'platform_profile'
/sys/module/platform_profile

ll /sys/module/platform_profile
insgesamt 0
drwxr-xr-x   5 root root    0 20. Nov 05:35 .
drwxr-xr-x 221 root root    0 20. Nov 05:29 ..
-r--r--r--   1 root root 4,0K 20. Nov 05:29 coresize
drwxr-xr-x   2 root root    0 20. Nov 05:29 holders
-r--r--r--   1 root root 4,0K 20. Nov 05:35 initsize
-r--r--r--   1 root root 4,0K 20. Nov 05:35 initstate
drwxr-xr-x   2 root root    0 20. Nov 05:34 notes
-r--r--r--   1 root root 4,0K 20. Nov 05:29 refcnt
drwxr-xr-x   2 root root    0 20. Nov 05:34 sections
-r--r--r--   1 root root 4,0K 20. Nov 05:35 taint
--w-------   1 root root 4,0K 20. Nov 05:35 uevent

Link: https://cateee.net/lkddb/web-lkddb/ACPI_PLATFORM_PROFILE.html
Link: https://man7.org/linux/man-pages/man5/sysfs.5.html

[nathanchance]

How to reproduce?

find /sys -name 'platform_profile'
/sys/module/platform_profile

Seems like you do not have a platform that actually supports platform profiles. You can grep around for select ACPI_PLATFORM_PROFILE or platform_profile_register() to see what platform drivers (and perhaps models) support it. It is not a standalone driver, which is why its option was hidden in https://git.kernel.org/linus/21f05a437e96d485180f33294757b14cfcf338d2.

[nathanchance]

I noticed a series on the mailing list that appears to massively update this driver, such that my patch may not apply (or be necessary) anymore (but I have not looked too closely). @flukeeey could you see if applying that series resolves this issue? If it does, I can potentially request that my patch be applied only to 6.13 and earlier, while that series can be the solution for 6.14 and beyond.

[flukeeey]

I checked out next-20241120, applied the patch set you linked to (cleanly), and unfortunately I'm still getting a CFI violation:

[    9.654964] CFI failure at kobj_attr_store+0x19/0x30 (target: platform_profile_store+0x0/0x120; expected type: 0xd8eb342e)
[    9.655014] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[    9.655978] CPU: 11 UID: 0 PID: 1131 Comm: tlp Not tainted 6.12.0-next-20241120-00022-gb57882579bd9 #11
[    9.656391] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.05 03/29/2024
[    9.656761] RIP: 0010:kobj_attr_store+0x19/0x30
[    9.657094] Code: cc b8 4b 0d 6b f8 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 5e 18 4d 85 db 74 14 41 ba d2 cb 14 27 45 03 53 f1 74 02 <0f> 0b 41 ff e3 cc 66 90 48 c7 c0 fb ff ff ff e9 ee 7b 1b 00 cc cc
[    9.657849] RSP: 0018:ffffb2ed0303fd58 EFLAGS: 00010a86
[    9.658205] RAX: ffff96d7461a5f68 RBX: ffff96d748875500 RCX: 0000000000000009
[    9.658581] RDX: ffff96d74884e140 RSI: ffffffff9cf27e88 RDI: ffff96d74451e9c0
[    9.658957] RBP: ffff96d748875520 R08: 0000000000000009 R09: 00007fce160b1009
[    9.659327] R10: 000000008f587ea6 R11: ffffffff9af95100 R12: 0000000000000009
[    9.659708] R13: fffffffffffffff2 R14: ffffb2ed0303fdc0 R15: ffff96d74884e140
[    9.660092] FS:  00007fce1a9192c8(0000) GS:ffff96ddc1d80000(0000) knlGS:0000000000000000
[    9.660499] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    9.660892] CR2: 00007fce160b1000 CR3: 00000001596ae000 CR4: 0000000000f50ef0
[    9.661295] PKRU: 55555554
[    9.661718] Call Trace:
[    9.662119]  <TASK>
[    9.662524]  ? __die+0xd9/0x120
[    9.662912]  ? die+0x2a/0x50
[    9.663291]  ? do_trap+0x9d/0x180
[    9.663687]  ? kobj_attr_store+0x19/0x30
[    9.664068]  ? kobj_attr_store+0x19/0x30
[    9.664447]  ? handle_invalid_op+0x65/0x80
[    9.664846]  ? kobj_attr_store+0x19/0x30
[    9.665233]  ? exc_invalid_op+0x38/0x60
[    9.665639]  ? asm_exc_invalid_op+0x1a/0x20
[    9.666025]  ? __cfi_platform_profile_store+0x10/0x10
[    9.666411]  ? kobj_attr_store+0x19/0x30
[    9.666819]  ? srso_alias_return_thunk+0x5/0xfbef5
[    9.667211]  kernfs_fop_write_iter.llvm.2586889851919050866+0x103/0x180
[    9.667639]  vfs_write+0x302/0x460
[    9.668055]  ksys_write+0x71/0xe0
[    9.668473]  do_syscall_64+0x72/0xf0
[    9.668896]  ? srso_alias_return_thunk+0x5/0xfbef5
[    9.669332]  ? do_user_addr_fault+0x3ff/0x5f0
[    9.669847]  ? srso_alias_return_thunk+0x5/0xfbef5
[    9.670282]  ? srso_alias_return_thunk+0x5/0xfbef5
[    9.670723]  ? arch_exit_to_user_mode_prepare+0x9/0x50
[    9.671160]  ? srso_alias_return_thunk+0x5/0xfbef5
[    9.671625]  ? irqentry_exit_to_user_mode+0x7d/0xa0
[    9.672070]  entry_SYSCALL_64_after_hwframe+0x55/0x5d
[    9.672533] RIP: 0033:0x7fce1a84a735
[    9.672989] Code: c0 0f 85 24 00 00 00 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> e9 15 b9 ff ff cc cc cc cc cc 55 48 89 e5 41 56 53 48 81 ec a0
[    9.674017] RSP: 002b:00007ffdd93355c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[    9.674539] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fce1a84a735
[    9.675041] RDX: 0000000000000009 RSI: 00007fce160b1000 RDI: 0000000000000001
[    9.675542] RBP: 00007ffdd9335600 R08: 0000000000000000 R09: 0000000000000000
[    9.676014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce1a9192c8
[    9.676488] R13: 0000000000000009 R14: 0000000000000000 R15: 00007fce1a919304
[    9.676928]  </TASK>
[    9.677363] ---[ end trace 0000000000000000 ]---
[    9.677839] RIP: 0010:kobj_attr_store+0x19/0x30
[    9.678312] Code: cc b8 4b 0d 6b f8 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 5e 18 4d 85 db 74 14 41 ba d2 cb 14 27 45 03 53 f1 74 02 <0f> 0b 41 ff e3 cc 66 90 48 c7 c0 fb ff ff ff e9 ee 7b 1b 00 cc cc
[    9.679283] RSP: 0018:ffffb2ed0303fd58 EFLAGS: 00010a86
[    9.680242] RAX: ffff96d7461a5f68 RBX: ffff96d748875500 RCX: 0000000000000009
[    9.681513] RDX: ffff96d74884e140 RSI: ffffffff9cf27e88 RDI: ffff96d74451e9c0
[    9.682072] RBP: ffff96d748875520 R08: 0000000000000009 R09: 00007fce160b1009
[    9.682583] R10: 000000008f587ea6 R11: ffffffff9af95100 R12: 0000000000000009
[    9.683072] R13: fffffffffffffff2 R14: ffffb2ed0303fdc0 R15: ffff96d74884e140
[    9.683566] FS:  00007fce1a9192c8(0000) GS:ffff96ddc1d80000(0000) knlGS:0000000000000000
[    9.684073] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    9.684567] CR2: 00007fce160b1000 CR3: 00000001596ae000 CR4: 0000000000f50ef0
[    9.685094] PKRU: 55555554

[nathanchance]

Thanks a lot for verifying! I think my patch is still going to be needed then. They are keeping /sys/firmware/acpi/platform_profile around as a legacy option (since removing it altogether could obviously break user space) but the driver will also have a struct device with its own set of sysfs files, which is basically what Greg was asking for in v1. Can you verify that applying an updated version of my change on top of that series fixes your issue? It would be good to make sure that the other sysfs files (which I think you can find by searching for platform-profile- in /sys) also work fine. I am hoping that v2 will get applied but if that series gets applied first, I want to be prepared to send an updated version relatively quickly so we can try to finally get this squared away :)

[flukeeey]

Looking good!

I did the following:

1. Checkout: next-20241120
2. Apply: v7_20241119_mario_limonciello_add_support_for_binding_acpi_platform_profile_to_multiple_drivers.mbx
3. Apply: your patch in the linked gist

And everything is working well, including:

• /sys/firmware/acpi/platform_profile{,_choices}
• /sys/class/platform-profile/platform-profile-0/{profile,choices}

I will move to using the latter set of files in future, and look into submitting a patch/issue to the TLP power management project, which I'm using to switch between profiles (amongst other things) when moving battery<->AC.

Thanks. :)

[dileks]

How to reproduce?

find /sys -name 'platform_profile'
/sys/module/platform_profile

Seems like you do not have a platform that actually supports platform profiles. You can grep around for select ACPI_PLATFORM_PROFILE or platform_profile_register() to see what platform drivers (and perhaps models) support it. It is not a standalone driver, which is why its option was hidden in https://git.kernel.org/linus/21f05a437e96d485180f33294757b14cfcf338d2.

That above commit removed important information in drivers/acpi/Kconfig.