Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI
The kernel's CFI implementation uses the KCFI ABI specifically, and is
not strictly tied to a particular compiler. In preparation for GCC
supporting KCFI, rename CONFIG_CFI_CLANG to CONFIG_CFI (along with
associated options).
Use new "transitional" Kconfig option for old CONFIG_CFI_CLANG that will
enable CONFIG_CFI during olddefconfig.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20250923213422.1105654-3-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
+100
-90
+1
-1
Makefile
+1
-1
Makefile
+23
-13
arch/Kconfig
+23
-13
arch/Kconfig
···
867
867
868
868
If unsure, say N.
869
869
870
-
config ARCH_SUPPORTS_CFI_CLANG
870
+
config ARCH_SUPPORTS_CFI
871
871
bool
872
872
help
873
-
An architecture should select this option if it can support Clang's
874
-
Control-Flow Integrity (CFI) checking.
873
+
An architecture should select this option if it can support Kernel
874
+
Control-Flow Integrity (CFI) checking (-fsanitize=kcfi).
875
875
876
876
config ARCH_USES_CFI_TRAPS
877
877
bool
878
+
help
879
+
An architecture should select this option if it requires the
880
+
.kcfi_traps section for KCFI trap handling.
878
881
879
-
config CFI_CLANG
880
-
bool "Use Clang's Control Flow Integrity (CFI)"
881
-
depends on ARCH_SUPPORTS_CFI_CLANG
882
+
config CFI
883
+
bool "Use Kernel Control Flow Integrity (kCFI)"
884
+
default CFI_CLANG
885
+
depends on ARCH_SUPPORTS_CFI
882
886
depends on $(cc-option,-fsanitize=kcfi)
883
887
help
884
-
This option enables Clang's forward-edge Control Flow Integrity
885
-
(CFI) checking, where the compiler injects a runtime check to each
888
+
This option enables forward-edge Control Flow Integrity (CFI)
889
+
checking, where the compiler injects a runtime check to each
886
890
indirect function call to ensure the target is a valid function with
887
891
the correct static type. This restricts possible call targets and
888
892
makes it more difficult for an attacker to exploit bugs that allow
···
895
891
896
892
https://clang.llvm.org/docs/ControlFlowIntegrity.html
897
893
894
+
config CFI_CLANG
895
+
bool
896
+
transitional
897
+
help
898
+
Transitional config for CFI_CLANG to CFI migration.
899
+
898
900
config CFI_ICALL_NORMALIZE_INTEGERS
899
901
bool "Normalize CFI tags for integers"
900
-
depends on CFI_CLANG
901
-
depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
902
+
depends on CFI
903
+
depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS
902
904
help
903
905
This option normalizes the CFI tags for integer types so that all
904
906
integer types of the same size and signedness receive the same CFI
···
917
907
918
908
This option is necessary for using CFI with Rust. If unsure, say N.
919
909
920
-
config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
910
+
config HAVE_CFI_ICALL_NORMALIZE_INTEGERS
921
911
def_bool y
922
912
depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
923
913
# With GCOV/KASAN we need this fix: https://github.com/llvm/llvm-project/pull/104826
···
925
915
926
916
config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
927
917
def_bool y
928
-
depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
918
+
depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS
929
919
depends on RUSTC_VERSION >= 107900
930
920
# With GCOV/KASAN we need this fix: https://github.com/rust-lang/rust/pull/129373
931
921
depends on (RUSTC_LLVM_VERSION >= 190103 && RUSTC_VERSION >= 108200) || \
···
933
923
934
924
config CFI_PERMISSIVE
935
925
bool "Use CFI in permissive mode"
936
-
depends on CFI_CLANG
926
+
depends on CFI
937
927
help
938
928
When selected, Control Flow Integrity (CFI) violations result in a
939
929
warning instead of a kernel panic. This option should only be used
+1
-1
arch/arm/Kconfig
+1
-1
arch/arm/Kconfig
···
38
38
select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7
39
39
select ARCH_NEED_CMPXCHG_1_EMU if CPU_V6
40
40
select ARCH_SUPPORTS_ATOMIC_RMW
41
-
select ARCH_SUPPORTS_CFI_CLANG
41
+
select ARCH_SUPPORTS_CFI
42
42
select ARCH_SUPPORTS_HUGETLBFS if ARM_LPAE
43
43
select ARCH_SUPPORTS_PER_VMA_LOCK
44
44
select ARCH_USE_BUILTIN_BSWAP
+1
-1
arch/arm/kernel/hw_breakpoint.c
+1
-1
arch/arm/kernel/hw_breakpoint.c
+1
-1
arch/arm/mm/Makefile
+1
-1
arch/arm/mm/Makefile
···
89
89
obj-$(CONFIG_CPU_V6K) += proc-v6.o
90
90
obj-$(CONFIG_CPU_V7) += proc-v7.o proc-v7-bugs.o
91
91
obj-$(CONFIG_CPU_V7M) += proc-v7m.o
92
-
obj-$(CONFIG_CFI_CLANG) += proc.o
92
+
obj-$(CONFIG_CFI) += proc.o
93
93
94
94
obj-$(CONFIG_OUTER_CACHE) += l2c-common.o
95
95
obj-$(CONFIG_CACHE_B15_RAC) += cache-b15-rac.o
+1
-1
arch/arm/mm/cache-fa.S
+1
-1
arch/arm/mm/cache-fa.S
···
112
112
* - end - virtual end address
113
113
*/
114
114
SYM_TYPED_FUNC_START(fa_coherent_kern_range)
115
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
115
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
116
116
b fa_coherent_user_range
117
117
#endif
118
118
SYM_FUNC_END(fa_coherent_kern_range)
+1
-1
arch/arm/mm/cache-v4.S
+1
-1
arch/arm/mm/cache-v4.S
+2
-2
arch/arm/mm/cache-v4wb.S
+2
-2
arch/arm/mm/cache-v4wb.S
···
136
136
*/
137
137
SYM_TYPED_FUNC_START(v4wb_flush_kern_dcache_area)
138
138
add r1, r0, r1
139
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
139
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
140
140
b v4wb_coherent_user_range
141
141
#endif
142
142
SYM_FUNC_END(v4wb_flush_kern_dcache_area)
···
152
152
* - end - virtual end address
153
153
*/
154
154
SYM_TYPED_FUNC_START(v4wb_coherent_kern_range)
155
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
155
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
156
156
b v4wb_coherent_user_range
157
157
#endif
158
158
SYM_FUNC_END(v4wb_coherent_kern_range)
+1
-1
arch/arm/mm/cache-v4wt.S
+1
-1
arch/arm/mm/cache-v4wt.S
···
108
108
* - end - virtual end address
109
109
*/
110
110
SYM_TYPED_FUNC_START(v4wt_coherent_kern_range)
111
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
111
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
112
112
b v4wt_coherent_user_range
113
113
#endif
114
114
SYM_FUNC_END(v4wt_coherent_kern_range)
+1
-1
arch/arm/mm/cache-v6.S
+1
-1
arch/arm/mm/cache-v6.S
···
117
117
* - the Icache does not read data from the write buffer
118
118
*/
119
119
SYM_TYPED_FUNC_START(v6_coherent_kern_range)
120
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
120
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
121
121
b v6_coherent_user_range
122
122
#endif
123
123
SYM_FUNC_END(v6_coherent_kern_range)
+1
-1
arch/arm/mm/cache-v7.S
+1
-1
arch/arm/mm/cache-v7.S
···
261
261
* - the Icache does not read data from the write buffer
262
262
*/
263
263
SYM_TYPED_FUNC_START(v7_coherent_kern_range)
264
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
264
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
265
265
b v7_coherent_user_range
266
266
#endif
267
267
SYM_FUNC_END(v7_coherent_kern_range)
+1
-1
arch/arm/mm/cache-v7m.S
+1
-1
arch/arm/mm/cache-v7m.S
···
286
286
* - the Icache does not read data from the write buffer
287
287
*/
288
288
SYM_TYPED_FUNC_START(v7m_coherent_kern_range)
289
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
289
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
290
290
b v7m_coherent_user_range
291
291
#endif
292
292
SYM_FUNC_END(v7m_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm1020.S
+1
-1
arch/arm/mm/proc-arm1020.S
···
203
203
* - end - virtual end address
204
204
*/
205
205
SYM_TYPED_FUNC_START(arm1020_coherent_kern_range)
206
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
206
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
207
207
b arm1020_coherent_user_range
208
208
#endif
209
209
SYM_FUNC_END(arm1020_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm1020e.S
+1
-1
arch/arm/mm/proc-arm1020e.S
···
200
200
* - end - virtual end address
201
201
*/
202
202
SYM_TYPED_FUNC_START(arm1020e_coherent_kern_range)
203
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
203
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
204
204
b arm1020e_coherent_user_range
205
205
#endif
206
206
SYM_FUNC_END(arm1020e_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm1022.S
+1
-1
arch/arm/mm/proc-arm1022.S
···
199
199
* - end - virtual end address
200
200
*/
201
201
SYM_TYPED_FUNC_START(arm1022_coherent_kern_range)
202
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
202
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
203
203
b arm1022_coherent_user_range
204
204
#endif
205
205
SYM_FUNC_END(arm1022_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm1026.S
+1
-1
arch/arm/mm/proc-arm1026.S
···
194
194
* - end - virtual end address
195
195
*/
196
196
SYM_TYPED_FUNC_START(arm1026_coherent_kern_range)
197
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
197
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
198
198
b arm1026_coherent_user_range
199
199
#endif
200
200
SYM_FUNC_END(arm1026_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm920.S
+1
-1
arch/arm/mm/proc-arm920.S
···
180
180
* - end - virtual end address
181
181
*/
182
182
SYM_TYPED_FUNC_START(arm920_coherent_kern_range)
183
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
183
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
184
184
b arm920_coherent_user_range
185
185
#endif
186
186
SYM_FUNC_END(arm920_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm922.S
+1
-1
arch/arm/mm/proc-arm922.S
···
182
182
* - end - virtual end address
183
183
*/
184
184
SYM_TYPED_FUNC_START(arm922_coherent_kern_range)
185
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
185
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
186
186
b arm922_coherent_user_range
187
187
#endif
188
188
SYM_FUNC_END(arm922_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm925.S
+1
-1
arch/arm/mm/proc-arm925.S
···
229
229
* - end - virtual end address
230
230
*/
231
231
SYM_TYPED_FUNC_START(arm925_coherent_kern_range)
232
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
232
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
233
233
b arm925_coherent_user_range
234
234
#endif
235
235
SYM_FUNC_END(arm925_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm926.S
+1
-1
arch/arm/mm/proc-arm926.S
···
192
192
* - end - virtual end address
193
193
*/
194
194
SYM_TYPED_FUNC_START(arm926_coherent_kern_range)
195
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
195
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
196
196
b arm926_coherent_user_range
197
197
#endif
198
198
SYM_FUNC_END(arm926_coherent_kern_range)
+1
-1
arch/arm/mm/proc-arm940.S
+1
-1
arch/arm/mm/proc-arm940.S
···
153
153
* - end - virtual end address
154
154
*/
155
155
SYM_TYPED_FUNC_START(arm940_coherent_user_range)
156
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
156
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
157
157
b arm940_flush_kern_dcache_area
158
158
#endif
159
159
SYM_FUNC_END(arm940_coherent_user_range)
+1
-1
arch/arm/mm/proc-arm946.S
+1
-1
arch/arm/mm/proc-arm946.S
···
173
173
* - end - virtual end address
174
174
*/
175
175
SYM_TYPED_FUNC_START(arm946_coherent_kern_range)
176
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
176
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
177
177
b arm946_coherent_user_range
178
178
#endif
179
179
SYM_FUNC_END(arm946_coherent_kern_range)
+1
-1
arch/arm/mm/proc-feroceon.S
+1
-1
arch/arm/mm/proc-feroceon.S
···
208
208
*/
209
209
.align 5
210
210
SYM_TYPED_FUNC_START(feroceon_coherent_kern_range)
211
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
211
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
212
212
b feroceon_coherent_user_range
213
213
#endif
214
214
SYM_FUNC_END(feroceon_coherent_kern_range)
+1
-1
arch/arm/mm/proc-mohawk.S
+1
-1
arch/arm/mm/proc-mohawk.S
···
163
163
* - end - virtual end address
164
164
*/
165
165
SYM_TYPED_FUNC_START(mohawk_coherent_kern_range)
166
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
166
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
167
167
b mohawk_coherent_user_range
168
168
#endif
169
169
SYM_FUNC_END(mohawk_coherent_kern_range)
+1
-1
arch/arm/mm/proc-xsc3.S
+1
-1
arch/arm/mm/proc-xsc3.S
···
223
223
* it also trashes the mini I-cache used by JTAG debuggers.
224
224
*/
225
225
SYM_TYPED_FUNC_START(xsc3_coherent_kern_range)
226
-
#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
226
+
#ifdef CONFIG_CFI /* Fallthrough if !CFI */
227
227
b xsc3_coherent_user_range
228
228
#endif
229
229
SYM_FUNC_END(xsc3_coherent_kern_range)
+1
-1
arch/arm/mm/tlb-v4.S
+1
-1
arch/arm/mm/tlb-v4.S
···
52
52
* - start - virtual address (may not be aligned)
53
53
* - end - virtual address (may not be aligned)
54
54
*/
55
-
#ifdef CONFIG_CFI_CLANG
55
+
#ifdef CONFIG_CFI
56
56
SYM_TYPED_FUNC_START(v4_flush_kern_tlb_range)
57
57
b .v4_flush_kern_tlb_range
58
58
SYM_FUNC_END(v4_flush_kern_tlb_range)
+2
-2
arch/arm64/Kconfig
+2
-2
arch/arm64/Kconfig
···
100
100
select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK
101
101
select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN
102
102
select ARCH_SUPPORTS_LTO_CLANG_THIN
103
-
select ARCH_SUPPORTS_CFI_CLANG
103
+
select ARCH_SUPPORTS_CFI
104
104
select ARCH_SUPPORTS_ATOMIC_RMW
105
105
select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
106
106
select ARCH_SUPPORTS_NUMA_BALANCING
···
212
212
select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS \
213
213
if DYNAMIC_FTRACE_WITH_ARGS && DYNAMIC_FTRACE_WITH_CALL_OPS
214
214
select HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS \
215
-
if (DYNAMIC_FTRACE_WITH_ARGS && !CFI_CLANG && \
215
+
if (DYNAMIC_FTRACE_WITH_ARGS && !CFI && \
216
216
(CC_IS_CLANG || !CC_OPTIMIZE_FOR_SIZE))
217
217
select FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY \
218
218
if DYNAMIC_FTRACE_WITH_ARGS
+1
-1
arch/arm64/kernel/debug-monitors.c
+1
-1
arch/arm64/kernel/debug-monitors.c
···
212
212
if (esr_brk_comment(esr) == BUG_BRK_IMM)
213
213
return bug_brk_handler(regs, esr);
214
214
215
-
if (IS_ENABLED(CONFIG_CFI_CLANG) && esr_is_cfi_brk(esr))
215
+
if (IS_ENABLED(CONFIG_CFI) && esr_is_cfi_brk(esr))
216
216
return cfi_brk_handler(regs, esr);
217
217
218
218
if (esr_brk_comment(esr) == FAULT_BRK_IMM)
+2
-2
arch/arm64/kernel/traps.c
+2
-2
arch/arm64/kernel/traps.c
···
1015
1015
return DBG_HOOK_HANDLED;
1016
1016
}
1017
1017
1018
-
#ifdef CONFIG_CFI_CLANG
1018
+
#ifdef CONFIG_CFI
1019
1019
int cfi_brk_handler(struct pt_regs *regs, unsigned long esr)
1020
1020
{
1021
1021
unsigned long target;
···
1039
1039
arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE);
1040
1040
return DBG_HOOK_HANDLED;
1041
1041
}
1042
-
#endif /* CONFIG_CFI_CLANG */
1042
+
#endif /* CONFIG_CFI */
1043
1043
1044
1044
int reserved_fault_brk_handler(struct pt_regs *regs, unsigned long esr)
1045
1045
{
+1
-1
arch/arm64/kvm/handle_exit.c
+1
-1
arch/arm64/kvm/handle_exit.c
···
545
545
kvm_err("nVHE hyp BUG at: %s:%u!\n", file, line);
546
546
else
547
547
print_nvhe_hyp_panic("BUG", panic_addr);
548
-
} else if (IS_ENABLED(CONFIG_CFI_CLANG) && esr_is_cfi_brk(esr)) {
548
+
} else if (IS_ENABLED(CONFIG_CFI) && esr_is_cfi_brk(esr)) {
549
549
kvm_nvhe_report_cfi_failure(panic_addr);
550
550
} else if (IS_ENABLED(CONFIG_UBSAN_KVM_EL2) &&
551
551
ESR_ELx_EC(esr) == ESR_ELx_EC_BRK64 &&
+1
-1
arch/arm64/net/bpf_jit_comp.c
+1
-1
arch/arm64/net/bpf_jit_comp.c
+3
-3
arch/riscv/Kconfig
+3
-3
arch/riscv/Kconfig
···
60
60
select ARCH_STACKWALK
61
61
select ARCH_SUPPORTS_ATOMIC_RMW
62
62
# clang >= 17: https://github.com/llvm/llvm-project/commit/62fa708ceb027713b386c7e0efda994f8bdc27e2
63
-
select ARCH_SUPPORTS_CFI_CLANG if CLANG_VERSION >= 170000
63
+
select ARCH_SUPPORTS_CFI if (!CC_IS_CLANG || CLANG_VERSION >= 170000)
64
64
select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU
65
65
select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE
66
66
select ARCH_SUPPORTS_HUGETLBFS if MMU
···
76
76
select ARCH_USE_MEMTEST
77
77
select ARCH_USE_QUEUED_RWLOCKS
78
78
select ARCH_USE_SYM_ANNOTATIONS
79
-
select ARCH_USES_CFI_TRAPS if CFI_CLANG
79
+
select ARCH_USES_CFI_TRAPS if CFI
80
80
select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH if MMU
81
81
select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU
82
82
select ARCH_WANT_FRAME_POINTERS
···
154
154
select HAVE_DYNAMIC_FTRACE if !XIP_KERNEL && MMU && (CLANG_SUPPORTS_DYNAMIC_FTRACE || GCC_SUPPORTS_DYNAMIC_FTRACE)
155
155
select FUNCTION_ALIGNMENT_4B if HAVE_DYNAMIC_FTRACE && RISCV_ISA_C
156
156
select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS if HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS
157
-
select HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS if (DYNAMIC_FTRACE_WITH_ARGS && !CFI_CLANG)
157
+
select HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS if (DYNAMIC_FTRACE_WITH_ARGS && !CFI)
158
158
select HAVE_DYNAMIC_FTRACE_WITH_ARGS if HAVE_DYNAMIC_FTRACE
159
159
select HAVE_FTRACE_GRAPH_FUNC
160
160
select HAVE_FUNCTION_GRAPH_TRACER if HAVE_DYNAMIC_FTRACE_WITH_ARGS
+2
-2
arch/riscv/include/asm/cfi.h
+2
-2
arch/riscv/include/asm/cfi.h
···
11
11
12
12
struct pt_regs;
13
13
14
-
#ifdef CONFIG_CFI_CLANG
14
+
#ifdef CONFIG_CFI
15
15
enum bug_trap_type handle_cfi_failure(struct pt_regs *regs);
16
16
#define __bpfcall
17
17
#else
···
19
19
{
20
20
return BUG_TRAP_TYPE_NONE;
21
21
}
22
-
#endif /* CONFIG_CFI_CLANG */
22
+
#endif /* CONFIG_CFI */
23
23
24
24
#endif /* _ASM_RISCV_CFI_H */
+1
-1
arch/riscv/kernel/Makefile
+1
-1
arch/riscv/kernel/Makefile
+2
-2
arch/riscv/net/bpf_jit_comp64.c
+2
-2
arch/riscv/net/bpf_jit_comp64.c
···
18
18
#define RV_MAX_REG_ARGS 8
19
19
#define RV_FENTRY_NINSNS 2
20
20
#define RV_FENTRY_NBYTES (RV_FENTRY_NINSNS * 4)
21
-
#define RV_KCFI_NINSNS (IS_ENABLED(CONFIG_CFI_CLANG) ? 1 : 0)
21
+
#define RV_KCFI_NINSNS (IS_ENABLED(CONFIG_CFI) ? 1 : 0)
22
22
/* imm that allows emit_imm to emit max count insns */
23
23
#define RV_MAX_COUNT_IMM 0x7FFF7FF7FF7FF7FF
24
24
···
469
469
470
470
static inline void emit_kcfi(u32 hash, struct rv_jit_context *ctx)
471
471
{
472
-
if (IS_ENABLED(CONFIG_CFI_CLANG))
472
+
if (IS_ENABLED(CONFIG_CFI))
473
473
emit(hash, ctx);
474
474
}
475
475
+1
-1
arch/riscv/purgatory/Makefile
+1
-1
arch/riscv/purgatory/Makefile
+6
-6
arch/x86/Kconfig
+6
-6
arch/x86/Kconfig
···
127
127
select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64
128
128
select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
129
129
select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096
130
-
select ARCH_SUPPORTS_CFI_CLANG if X86_64
131
-
select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG
130
+
select ARCH_SUPPORTS_CFI if X86_64
131
+
select ARCH_USES_CFI_TRAPS if X86_64 && CFI
132
132
select ARCH_SUPPORTS_LTO_CLANG
133
133
select ARCH_SUPPORTS_LTO_CLANG_THIN
134
134
select ARCH_SUPPORTS_RT
···
2396
2396
default 3 if FUNCTION_ALIGNMENT_8B
2397
2397
default 0
2398
2398
2399
-
# Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG
2399
+
# Basically: FUNCTION_ALIGNMENT - 5*CFI
2400
2400
# except Kconfig can't do arithmetic :/
2401
2401
config FUNCTION_PADDING_BYTES
2402
2402
int
2403
-
default FUNCTION_PADDING_CFI if CFI_CLANG
2403
+
default FUNCTION_PADDING_CFI if CFI
2404
2404
default FUNCTION_ALIGNMENT
2405
2405
2406
2406
config CALL_PADDING
···
2410
2410
2411
2411
config FINEIBT
2412
2412
def_bool y
2413
-
depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE
2413
+
depends on X86_KERNEL_IBT && CFI && MITIGATION_RETPOLINE
2414
2414
select CALL_PADDING
2415
2415
2416
2416
config FINEIBT_BHI
···
2427
2427
2428
2428
config PREFIX_SYMBOLS
2429
2429
def_bool y
2430
-
depends on CALL_PADDING && !CFI_CLANG
2430
+
depends on CALL_PADDING && !CFI
2431
2431
2432
2432
menuconfig CPU_MITIGATIONS
2433
2433
bool "Mitigations for CPU vulnerabilities"
+2
-2
arch/x86/include/asm/cfi.h
+2
-2
arch/x86/include/asm/cfi.h
···
113
113
114
114
struct pt_regs;
115
115
116
-
#ifdef CONFIG_CFI_CLANG
116
+
#ifdef CONFIG_CFI
117
117
enum bug_trap_type handle_cfi_failure(struct pt_regs *regs);
118
118
#define __bpfcall
119
119
···
157
157
{
158
158
return 0;
159
159
}
160
-
#endif /* CONFIG_CFI_CLANG */
160
+
#endif /* CONFIG_CFI */
161
161
162
162
#if HAS_KERNEL_IBT == 1
163
163
#define CFI_NOSEAL(x) asm(IBT_NOSEAL(__stringify(x)))
+1
-1
arch/x86/kernel/Makefile
+1
-1
arch/x86/kernel/Makefile
+2
-2
arch/x86/kernel/alternative.c
+2
-2
arch/x86/kernel/alternative.c
···
1170
1170
1171
1171
#ifdef CONFIG_CFI_AUTO_DEFAULT
1172
1172
# define __CFI_DEFAULT CFI_AUTO
1173
-
#elif defined(CONFIG_CFI_CLANG)
1173
+
#elif defined(CONFIG_CFI)
1174
1174
# define __CFI_DEFAULT CFI_KCFI
1175
1175
#else
1176
1176
# define __CFI_DEFAULT CFI_OFF
···
1182
1182
bool cfi_bhi __ro_after_init = false;
1183
1183
#endif
1184
1184
1185
-
#ifdef CONFIG_CFI_CLANG
1185
+
#ifdef CONFIG_CFI
1186
1186
u32 cfi_get_func_hash(void *func)
1187
1187
{
1188
1188
u32 hash;
+1
-1
arch/x86/kernel/kprobes/core.c
+1
-1
arch/x86/kernel/kprobes/core.c
+1
-1
arch/x86/purgatory/Makefile
+1
-1
arch/x86/purgatory/Makefile
+1
-1
drivers/misc/lkdtm/cfi.c
+1
-1
drivers/misc/lkdtm/cfi.c
+1
-1
include/asm-generic/vmlinux.lds.h
+1
-1
include/asm-generic/vmlinux.lds.h
···
157
157
#define PATCHABLE_DISCARDS *(__patchable_function_entries)
158
158
#endif
159
159
160
-
#ifndef CONFIG_ARCH_SUPPORTS_CFI_CLANG
160
+
#ifndef CONFIG_ARCH_SUPPORTS_CFI
161
161
/*
162
162
* Simply points to ftrace_stub, but with the proper protocol.
163
163
* Defined by the linker script in linux/vmlinux.lds.h
+3
-3
include/linux/cfi.h
+3
-3
include/linux/cfi.h
···
11
11
#include <linux/module.h>
12
12
#include <asm/cfi.h>
13
13
14
-
#ifdef CONFIG_CFI_CLANG
14
+
#ifdef CONFIG_CFI
15
15
extern bool cfi_warn;
16
16
17
17
enum bug_trap_type report_cfi_failure(struct pt_regs *regs, unsigned long addr,
···
52
52
extern u32 cfi_bpf_hash;
53
53
extern u32 cfi_bpf_subprog_hash;
54
54
55
-
#else /* CONFIG_CFI_CLANG */
55
+
#else /* CONFIG_CFI */
56
56
57
57
static inline int cfi_get_offset(void) { return 0; }
58
58
static inline u32 cfi_get_func_hash(void *func) { return 0; }
···
60
60
#define cfi_bpf_hash 0U
61
61
#define cfi_bpf_subprog_hash 0U
62
62
63
-
#endif /* CONFIG_CFI_CLANG */
63
+
#endif /* CONFIG_CFI */
64
64
65
65
#ifdef CONFIG_ARCH_USES_CFI_TRAPS
66
66
bool is_cfi_trap(unsigned long addr);
+4
-4
include/linux/cfi_types.h
+4
-4
include/linux/cfi_types.h
···
8
8
#ifdef __ASSEMBLY__
9
9
#include <linux/linkage.h>
10
10
11
-
#ifdef CONFIG_CFI_CLANG
11
+
#ifdef CONFIG_CFI
12
12
/*
13
13
* Use the __kcfi_typeid_<function> type identifier symbol to
14
14
* annotate indirectly called assembly functions. The compiler emits
···
29
29
#define SYM_TYPED_START(name, linkage, align...) \
30
30
SYM_TYPED_ENTRY(name, linkage, align)
31
31
32
-
#else /* CONFIG_CFI_CLANG */
32
+
#else /* CONFIG_CFI */
33
33
34
34
#define SYM_TYPED_START(name, linkage, align...) \
35
35
SYM_START(name, linkage, align)
36
36
37
-
#endif /* CONFIG_CFI_CLANG */
37
+
#endif /* CONFIG_CFI */
38
38
39
39
#ifndef SYM_TYPED_FUNC_START
40
40
#define SYM_TYPED_FUNC_START(name) \
···
43
43
44
44
#else /* __ASSEMBLY__ */
45
45
46
-
#ifdef CONFIG_CFI_CLANG
46
+
#ifdef CONFIG_CFI
47
47
#define DEFINE_CFI_TYPE(name, func) \
48
48
/* \
49
49
* Force a reference to the function so the compiler generates \
+1
-1
include/linux/compiler.h
+1
-1
include/linux/compiler.h
···
248
248
249
249
#endif /* __KERNEL__ */
250
250
251
-
#if defined(CONFIG_CFI_CLANG) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
251
+
#if defined(CONFIG_CFI) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
252
252
/*
253
253
* Force a reference to the external symbol so the compiler generates
254
254
* __kcfi_typid.
+2
-2
init/Kconfig
+2
-2
init/Kconfig
···
2063
2063
depends on !GCC_PLUGIN_RANDSTRUCT
2064
2064
depends on !RANDSTRUCT
2065
2065
depends on !DEBUG_INFO_BTF || (PAHOLE_HAS_LANG_EXCLUDE && !LTO)
2066
-
depends on !CFI_CLANG || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
2067
-
select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG
2066
+
depends on !CFI || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
2067
+
select CFI_ICALL_NORMALIZE_INTEGERS if CFI
2068
2068
depends on !CALL_PADDING || RUSTC_VERSION >= 108100
2069
2069
depends on !KASAN_SW_TAGS
2070
2070
depends on !(MITIGATION_RETHUNK && KASAN) || RUSTC_VERSION >= 108300
+1
-1
kernel/Makefile
+1
-1
kernel/Makefile
···
122
122
obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o
123
123
obj-$(CONFIG_HAVE_STATIC_CALL) += static_call.o
124
124
obj-$(CONFIG_HAVE_STATIC_CALL_INLINE) += static_call_inline.o
125
-
obj-$(CONFIG_CFI_CLANG) += cfi.o
125
+
obj-$(CONFIG_CFI) += cfi.o
126
126
127
127
obj-$(CONFIG_PERF_EVENTS) += events/
128
128
+2
-2
kernel/configs/hardening.config
+2
-2
kernel/configs/hardening.config
···
93
93
# Provides some protections against SYN flooding.
94
94
CONFIG_SYN_COOKIES=y
95
95
96
-
# Enable Kernel Control Flow Integrity (currently Clang only).
97
-
CONFIG_CFI_CLANG=y
96
+
# Enable Kernel Control Flow Integrity.
97
+
CONFIG_CFI=y
98
98
# CONFIG_CFI_PERMISSIVE is not set
99
99
100
100
# Attack surface reduction: do not autoload TTY line disciplines.
+1
-1
kernel/module/Kconfig
+1
-1
kernel/module/Kconfig
+1
-1
kernel/module/tree_lookup.c
+1
-1
kernel/module/tree_lookup.c
···
14
14
* Use a latched RB-tree for __module_address(); this allows us to use
15
15
* RCU lookups of the address from any context.
16
16
*
17
-
* This is conditional on PERF_EVENTS || TRACING || CFI_CLANG because those can
17
+
* This is conditional on PERF_EVENTS || TRACING || CFI because those can
18
18
* really hit __module_address() hard by doing a lot of stack unwinding;
19
19
* potentially from NMI context.
20
20
*/
+1
-1
lib/Kconfig.debug
+1
-1
lib/Kconfig.debug
···
2894
2894
config LONGEST_SYM_KUNIT_TEST
2895
2895
tristate "Test the longest symbol possible" if !KUNIT_ALL_TESTS
2896
2896
depends on KUNIT && KPROBES
2897
-
depends on !PREFIX_SYMBOLS && !CFI_CLANG && !GCOV_KERNEL
2897
+
depends on !PREFIX_SYMBOLS && !CFI && !GCOV_KERNEL
2898
2898
default KUNIT_ALL_TESTS
2899
2899
help
2900
2900
Tests the longest symbol possible
+3
-3
tools/include/linux/cfi_types.h
+3
-3
tools/include/linux/cfi_types.h
···
8
8
#ifdef __ASSEMBLY__
9
9
#include <linux/linkage.h>
10
10
11
-
#ifdef CONFIG_CFI_CLANG
11
+
#ifdef CONFIG_CFI
12
12
/*
13
13
* Use the __kcfi_typeid_<function> type identifier symbol to
14
14
* annotate indirectly called assembly functions. The compiler emits
···
29
29
#define SYM_TYPED_START(name, linkage, align...) \
30
30
SYM_TYPED_ENTRY(name, linkage, align)
31
31
32
-
#else /* CONFIG_CFI_CLANG */
32
+
#else /* CONFIG_CFI */
33
33
34
34
#define SYM_TYPED_START(name, linkage, align...) \
35
35
SYM_START(name, linkage, align)
36
36
37
-
#endif /* CONFIG_CFI_CLANG */
37
+
#endif /* CONFIG_CFI */
38
38
39
39
#ifndef SYM_TYPED_FUNC_START
40
40
#define SYM_TYPED_FUNC_START(name) \
+1
-1
tools/perf/util/include/linux/linkage.h
+1
-1
tools/perf/util/include/linux/linkage.h
···
120
120
#endif
121
121
122
122
// In the kernel sources (include/linux/cfi_types.h), this has a different
123
-
// definition when CONFIG_CFI_CLANG is used, for tools/ just use the !clang
123
+
// definition when CONFIG_CFI is used, for tools/ just use the !cfi
124
124
// definition:
125
125
#ifndef SYM_TYPED_START
126
126
#define SYM_TYPED_START(name, linkage, align...) \