[PATCH] nvmem: apple-spmi-nvmem: wrap regmap calls to satisfy CFI

[PATCH] nvmem: apple-spmi-nvmem: wrap regmap calls to satisfy CFI

[Jens Reidel]

The Apple SPMI NVMEM driver previously cast regmap_bulk_read/write to
void * when assigning them to nvmem_config's reg_read/reg_write
function pointers.

This cast breaks the expected function signature of nvmem_reg_read_t
and nvmem_reg_write_t. With CFI enabled, indirect calls through
these pointers fail:

  CFI failure at nvmem_reg_write+0x194/0x1e4 (target: regmap_bulk_write+0x0/0x2c8; expected type: 0x83a189c3)
  ...
  Call trace:
   nvmem_reg_write+0x194/0x1e4 (P)
   __nvmem_cell_entry_write+0x298/0x2e8
   nvmem_cell_write+0x24/0x34
   macsmc_reboot_probe+0x1dc/0x454 [macsmc_reboot]
  ...

Introduce thin wrapper functions with the correct nvmem function
pointer types to satisfy the CFI checks.

Fixes: fe91c24a551c ("nvmem: Add apple-spmi-nvmem driver")
Signed-off-by: Jens Reidel <adrian@mainlining.org>
Reported-by: Clayton Craft <craftyguy@postmarketos.org>
Tested-by: Clayton Craft <craftyguy@postmarketos.org>
Cc: stable@vger.kernel.org
---
 drivers/nvmem/apple-spmi-nvmem.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/drivers/nvmem/apple-spmi-nvmem.c b/drivers/nvmem/apple-spmi-nvmem.c
index 88614005d5ce1dc2d1cafcb89ac66d8376ffcc96..7acb0c07d6abe9e9984908f5ea2f4e2e9c10bb06 100644
--- a/drivers/nvmem/apple-spmi-nvmem.c
+++ b/drivers/nvmem/apple-spmi-nvmem.c
@@ -18,6 +18,22 @@ static const struct regmap_config apple_spmi_regmap_config = {
 	.max_register	= 0xffff,
 };
 
+static int apple_spmi_nvmem_read(void *priv, unsigned int offset, void *val,
+				 size_t bytes)
+{
+	struct regmap *map = priv;
+
+	return regmap_bulk_read(map, offset, val, bytes);
+}
+
+static int apple_spmi_nvmem_write(void *priv, unsigned int offset, void *val,
+				  size_t bytes)
+{
+	struct regmap *map = priv;
+
+	return regmap_bulk_write(map, offset, val, bytes);
+}
+
 static int apple_spmi_nvmem_probe(struct spmi_device *sdev)
 {
 	struct regmap *regmap;
@@ -28,8 +44,8 @@ static int apple_spmi_nvmem_probe(struct spmi_device *sdev)
 		.word_size = 1,
 		.stride = 1,
 		.size = 0xffff,
-		.reg_read = (void *)regmap_bulk_read,
-		.reg_write = (void *)regmap_bulk_write,
+		.reg_read = apple_spmi_nvmem_read,
+		.reg_write = apple_spmi_nvmem_write,
 	};
 
 	regmap = devm_regmap_init_spmi_ext(sdev, &apple_spmi_regmap_config);

---
base-commit: 0c1c7a6a83feaf2cf182c52983ffe330ffb50280
change-id: 20251118-apple-spmi-nvmem-cfi-6037c1abfd12

Best regards,
-- 
Jens Reidel <adrian@mainlining.org>

Re: [PATCH] nvmem: apple-spmi-nvmem: wrap regmap calls to satisfy CFI

[Sven Peter]

On 18.11.25 03:35, Jens Reidel wrote:
> The Apple SPMI NVMEM driver previously cast regmap_bulk_read/write to
> void * when assigning them to nvmem_config's reg_read/reg_write
> function pointers.
> 
> This cast breaks the expected function signature of nvmem_reg_read_t
> and nvmem_reg_write_t. With CFI enabled, indirect calls through
> these pointers fail:
> 
>    CFI failure at nvmem_reg_write+0x194/0x1e4 (target: regmap_bulk_write+0x0/0x2c8; expected type: 0x83a189c3)
>    ...
>    Call trace:
>     nvmem_reg_write+0x194/0x1e4 (P)
>     __nvmem_cell_entry_write+0x298/0x2e8
>     nvmem_cell_write+0x24/0x34
>     macsmc_reboot_probe+0x1dc/0x454 [macsmc_reboot]
>    ...
> 
> Introduce thin wrapper functions with the correct nvmem function
> pointer types to satisfy the CFI checks.
> 
> Fixes: fe91c24a551c ("nvmem: Add apple-spmi-nvmem driver")
> Signed-off-by: Jens Reidel <adrian@mainlining.org>
> Reported-by: Clayton Craft <craftyguy@postmarketos.org>
> Tested-by: Clayton Craft <craftyguy@postmarketos.org>
> Cc: stable@vger.kernel.org
> ---

Reviewed-by: Sven Peter <sven@kernel.org>


Thanks,


Sven