tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

cfi: Use __builtin_function_start

Clang 14 added support for the __builtin_function_start function,
which allows us to implement the function_nocfi macro without
architecture-specific inline assembly and in a way that also works
with static initializers.

Change CONFIG_CFI_CLANG to depend on Clang >= 14, define
function_nocfi using __builtin_function_start, and remove the arm64
inline assembly implementation.

Link: https://github.com/llvm/llvm-project/commit/ec2e26eaf63558934f5b73a6e530edc453cf9508
Link: https://github.com/ClangBuiltLinux/linux/issues/1353
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Will Deacon <will@kernel.org> # arm64
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220405221618.633743-1-samitolvanen@google.com

authored by

Sami Tolvanen and committed by
Kees Cook e6f3b3c9 75c1182e

+11 -20
+1 -4
arch/Kconfig
··· 723 723 config CFI_CLANG 724 724 bool "Use Clang's Control Flow Integrity (CFI)" 725 725 depends on LTO_CLANG && ARCH_SUPPORTS_CFI_CLANG 726 - # Clang >= 12: 727 - # - https://bugs.llvm.org/show_bug.cgi?id=46258 728 - # - https://bugs.llvm.org/show_bug.cgi?id=47479 729 - depends on CLANG_VERSION >= 120000 726 + depends on CLANG_VERSION >= 140000 730 727 select KALLSYMS 731 728 help 732 729 This option enables Clang’s forward-edge Control Flow Integrity
-16
arch/arm64/include/asm/compiler.h
··· 23 23 #define __builtin_return_address(val) \ 24 24 (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val))) 25 25 26 - #ifdef CONFIG_CFI_CLANG 27 - /* 28 - * With CONFIG_CFI_CLANG, the compiler replaces function address 29 - * references with the address of the function's CFI jump table 30 - * entry. The function_nocfi macro always returns the address of the 31 - * actual function instead. 32 - */ 33 - #define function_nocfi(x) ({ \ 34 - void *addr; \ 35 - asm("adrp %0, " __stringify(x) "\n\t" \ 36 - "add %0, %0, :lo12:" __stringify(x) \ 37 - : "=r" (addr)); \ 38 - addr; \ 39 - }) 40 - #endif 41 - 42 26 #endif /* __ASM_COMPILER_H */
+10
include/linux/compiler-clang.h
··· 69 69 #define __nocfi __attribute__((__no_sanitize__("cfi"))) 70 70 #define __cficanonical __attribute__((__cfi_canonical_jump_table__)) 71 71 72 + #if defined(CONFIG_CFI_CLANG) 73 + /* 74 + * With CONFIG_CFI_CLANG, the compiler replaces function address 75 + * references with the address of the function's CFI jump table 76 + * entry. The function_nocfi macro always returns the address of the 77 + * actual function instead. 78 + */ 79 + #define function_nocfi(x) __builtin_function_start(x) 80 + #endif 81 + 72 82 /* 73 83 * Turn individual warnings and errors on and off locally, depending 74 84 * on version.