From 8da32d526ded3207923d17442269d8c05e875282 Mon Sep 17 00:00:00 2001
From: Sami Tolvanen <samitolvanen@google.com>
Date: Tue, 24 Aug 2021 11:32:35 -0700
Subject: [PATCH] ANDROID: cfi: explicitly clear diag in __cfi_slowpath

When CONFIG_CFI_PERMISSIVE is not set, ensure the third argument
passed to __cfi_check from __cfi_slowpath is NULL to avoid an invalid
memory access in __cfi_check_fail. __cfi_check_fail always traps
anyway, but the error message will be less confusing with this patch.

Note that kernels built with full LTO aren't affected as they always
clear the argument before a __cfi_slowpath call. Later kernel versions
are also not affected as they use -fno-sanitize-trap=cfi.

Bug: 196763360
Change-Id: Ifa5b4e324737a3069f7a772dd9b392042ec8407e
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
---
 kernel/cfi.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/cfi.c b/kernel/cfi.c
index db013eb92dd2..44b8bdaf2006 100644
--- a/kernel/cfi.c
+++ b/kernel/cfi.c
@@ -320,6 +320,9 @@ void cfi_slowpath_handler(uint64_t id, void *ptr, void *diag)
 {
 	cfi_check_fn fn = find_check_fn((unsigned long)ptr);
 
+	if (!IS_ENABLED(CONFIG_CFI_PERMISSIVE))
+		diag = NULL;
+
 	if (likely(fn))
 		fn(id, ptr, diag);
 	else /* Don't allow unchecked modules */