In the Linux kernel, a vulnerability has been resolved that affects the i.MX8M Plus hardware. This vulnerability, identified as CVE-2024-56787, is related to the soc-imx8m.c driver calling of_clk_get_by_name(). When this issue arises, it results in -EPROBE_DEFER because the clock driver is not yet probed. Regular testing without driver_async_probe couldn't detect this vulnerability earlier. To address this vulnerability, the SoC code has been converted to a platform driver, and a platform device is instantiated in the current device_initcall().
The full code snipplet that resolves this issue is as follows
soc: imx8m: Probe the SoC driver as platform driver
With driver_async_probe=* on kernel command line, the following trace is
produced because on i.MX8M Plus hardware because the soc-imx8m.c driver
calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock
driver is not yet probed. This was not detected during regular testing
without driver_async_probe.
Convert the SoC code to platform driver and instantiate a platform device
in its current device_initcall() to probe the platform driver. Rework
.soc_revision callback to always return valid error code and return SoC
revision via the parameter. This way, if anything in the .soc_revision callback
return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get
retried later.
The exploit details show that when the soc-imx8m.c driver calls of_clk_get_by_name(), it produces a WARNING trace because the clock driver isn't probed yet. This issue was observed during driver_async_probe, which results in an undesirable behavior in the Linux kernel. The solution is to convert the SoC code to a platform driver and instantiate a platform device in its current device_initcall(). This will fix the callback behavior to always return a valid error code and retry the probe later if necessary.
Original references for this vulnerability can be found in the following links
1. Linux Kernel Mailing List (LKML) discussion
2. GitHub Linux-kernel commit
In conclusion, the Linux kernel vulnerability CVE-2024-56787 has been successfully resolved by converting the existing SoC code to a platform driver and reworking the .soc_revision callback to properly address probe retries. Thus, systems running on i.MX8M Plus hardware will no longer encounter issues related to clock driver probes and the associated -EPROBE_DEFER error.
Timeline
Published on: 01/08/2025 18:15:19 UTC
Last modified on: 01/09/2025 21:28:12 UTC