crypto: acomp - Fix CFI failure due to type punning

To avoid a crash when control flow integrity is enabled, make the workspace ("stream") free function use a consistent type, and call it through a function pointer that has that same type. Fixes: 42d9f6c774 ("crypto: acomp - Move scomp stream allocation code into acomp") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2025-09-18 22:14:16 +00:00 · 2025-07-08 17:59:54 -07:00 · 2025-07-08 17:59:54 -07:00 · 962ddc5a7a
commit 962ddc5a7a
parent 3d9eb180fb
3 changed files with 13 additions and 6 deletions
--- a/crypto/deflate.c
+++ b/crypto/deflate.c
@ -48,9 +48,14 @@ static void *deflate_alloc_stream(void)
 	return ctx;
 }

+static void deflate_free_stream(void *ctx)
+{
+	kvfree(ctx);
+}
+
 static struct crypto_acomp_streams deflate_streams = {
 	.alloc_ctx = deflate_alloc_stream,
-	.cfree_ctx = kvfree,
+	.free_ctx = deflate_free_stream,
 };

 static int deflate_compress_one(struct acomp_req *req,
--- a/crypto/zstd.c
+++ b/crypto/zstd.c
@ -54,9 +54,14 @@ static void *zstd_alloc_stream(void)
 	return ctx;
 }

+static void zstd_free_stream(void *ctx)
+{
+	kvfree(ctx);
+}
+
 static struct crypto_acomp_streams zstd_streams = {
 	.alloc_ctx = zstd_alloc_stream,
-	.cfree_ctx = kvfree,
+	.free_ctx = zstd_free_stream,
 };

 static int zstd_init(struct crypto_acomp *acomp_tfm)
--- a/include/crypto/internal/acompress.h
+++ b/include/crypto/internal/acompress.h
@ -63,10 +63,7 @@ struct crypto_acomp_stream {
 struct crypto_acomp_streams {
 	/* These must come first because of struct scomp_alg. */
 	void *(*alloc_ctx)(void);
-	union {
-		void (*free_ctx)(void *);
-		void (*cfree_ctx)(const void *);
-	};
+	void (*free_ctx)(void *);

 	struct crypto_acomp_stream __percpu *streams;
 	struct work_struct stream_work;