ANDROID: cfi: explicitly clear diag in __cfi_slowpath

When CONFIG_CFI_PERMISSIVE is not set, ensure the third argument
passed to __cfi_check from __cfi_slowpath is NULL to avoid an invalid
memory access in __cfi_check_fail. __cfi_check_fail always traps
anyway, but the error message will be less confusing with this patch.

Note that kernels built with full LTO aren't affected as they always
clear the argument before a __cfi_slowpath call. Later kernel versions
are also not affected as they use -fno-sanitize-trap=cfi.

Bug: 196763360
Change-Id: Ifa5b4e324737a3069f7a772dd9b392042ec8407e
Signed-off-by: Sami Tolvanen <[email protected]>

kernel/cfi.c

@@ -320,6 +320,9 @@ void cfi_slowpath_handler(uint64_t id, void *ptr, void *diag)
 {
 	cfi_check_fn fn = find_check_fn((unsigned long)ptr);
 
+	if (!IS_ENABLED(CONFIG_CFI_PERMISSIVE))
+		diag = NULL;
+
 	if (likely(fn))
 		fn(id, ptr, diag);
 	else /* Don't allow unchecked modules */