In the Linux kernel, a vulnerability has been resolved that affects the i.MX8M Plus hardware. This vulnerability, identified as CVE-2024-56787, is related to the soc-imx8m.c driver calling of_clk_get_by_name(). When this issue arises, it results in -EPROBE_DEFER because the clock driver is not yet probed. Regular testing without driver_async_probe couldn't detect this vulnerability earlier. To address this vulnerability, the SoC code has been converted to a platform driver, and a platform device is instantiated in the current device_initcall().

The full code snipplet that resolves this issue is as follows

soc: imx8m: Probe the SoC driver as platform driver

With driver_async_probe=* on kernel command line, the following trace is
produced because on i.MX8M Plus hardware because the soc-imx8m.c driver
calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock
driver is not yet probed. This was not detected during regular testing
without driver_async_probe.

Convert the SoC code to platform driver and instantiate a platform device
in its current device_initcall() to probe the platform driver. Rework
.soc_revision callback to always return valid error code and return SoC
revision via the parameter. This way, if anything in the .soc_revision callback
return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get
retried later.

The exploit details show that when the soc-imx8m.c driver calls of_clk_get_by_name(), it produces a WARNING trace because the clock driver isn't probed yet. This issue was observed during driver_async_probe, which results in an undesirable behavior in the Linux kernel. The solution is to convert the SoC code to a platform driver and instantiate a platform device in its current device_initcall(). This will fix the callback behavior to always return a valid error code and retry the probe later if necessary.

1. Linux Kernel Mailing List (LKML) discussion
2. GitHub Linux-kernel commit

In conclusion, the Linux kernel vulnerability CVE-2024-56787 has been successfully resolved by converting the existing SoC code to a platform driver and reworking the .soc_revision callback to properly address probe retries. Thus, systems running on i.MX8M Plus hardware will no longer encounter issues related to clock driver probes and the associated -EPROBE_DEFER error.

Timeline

Published on: 01/08/2025 18:15:19 UTC
Last modified on: 01/09/2025 21:28:12 UTC