tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

compiler_types: Introduce __nocfi_generic

There are two different ways that LLVM can expand kCFI operand bundles
in LLVM IR: generically in the middle end or using an architecture
specific sequence when lowering LLVM IR to machine code in the backend.
The generic pass allows any architecture to take advantage of kCFI but
the expansion of these bundles in the middle end can mess with
optimizations that may turn indirect calls into direct calls when the
call target is known at compile time, such as after inlining.

Add __nocfi_generic, dependent on an architecture selecting
CONFIG_ARCH_USES_CFI_GENERIC_LLVM_PASS, to disable kCFI bundle
generation in functions where only the generic kCFI pass may cause
problems.

Link: https://github.com/ClangBuiltLinux/linux/issues/2124
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Link: https://patch.msgid.link/20251025-idpf-fix-arm-kcfi-build-error-v1-1-ec57221153ae@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>

authored by

Nathan Chancellor and committed by
Kees Cook 39c89ee6 211ddde0

+13
+7
arch/Kconfig
··· 917 917 An architecture should select this option if it requires the 918 918 .kcfi_traps section for KCFI trap handling. 919 919 920 + config ARCH_USES_CFI_GENERIC_LLVM_PASS 921 + bool 922 + help 923 + An architecture should select this option if it uses the generic 924 + KCFIPass in LLVM to expand kCFI bundles instead of architecture-specific 925 + lowering. 926 + 920 927 config CFI 921 928 bool "Use Kernel Control Flow Integrity (kCFI)" 922 929 default CFI_CLANG
+6
include/linux/compiler_types.h
··· 461 461 # define __nocfi 462 462 #endif 463 463 464 + #if defined(CONFIG_ARCH_USES_CFI_GENERIC_LLVM_PASS) 465 + # define __nocfi_generic __nocfi 466 + #else 467 + # define __nocfi_generic 468 + #endif 469 + 464 470 /* 465 471 * Any place that could be marked with the "alloc_size" attribute is also 466 472 * a place to be marked with the "malloc" attribute, except those that may