cfi: Switch to -fsanitize=kcfi
Switch from Clang's original forward-edge control-flow integrity implementation to -fsanitize=kcfi, which is better suited for the kernel, as it doesn't require LTO, doesn't use a jump table that requires altering function references, and won't break cross-module function address equality. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220908215504.3686827-6-samitolvanen@google.com
This commit is contained in:
Sami Tolvanen
Kees Cook
parent
92efda8eb1
commit
8924560094
9 changed files with 139 additions and 182 deletions
|
|
@ -421,6 +421,22 @@
|
|||
__end_ro_after_init = .;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* .kcfi_traps contains a list KCFI trap locations.
|
||||
*/
|
||||
#ifndef KCFI_TRAPS
|
||||
#ifdef CONFIG_ARCH_USES_CFI_TRAPS
|
||||
#define KCFI_TRAPS \
|
||||
__kcfi_traps : AT(ADDR(__kcfi_traps) - LOAD_OFFSET) { \
|
||||
__start___kcfi_traps = .; \
|
||||
KEEP(*(.kcfi_traps)) \
|
||||
__stop___kcfi_traps = .; \
|
||||
}
|
||||
#else
|
||||
#define KCFI_TRAPS
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Read only Data
|
||||
*/
|
||||
|
|
@ -529,6 +545,8 @@
|
|||
__stop___modver = .; \
|
||||
} \
|
||||
\
|
||||
KCFI_TRAPS \
|
||||
\
|
||||
RO_EXCEPTION_TABLE \
|
||||
NOTES \
|
||||
BTF \
|
||||
|
|
@ -537,21 +555,6 @@
|
|||
__end_rodata = .;
|
||||
|
||||
|
||||
/*
|
||||
* .text..L.cfi.jumptable.* contain Control-Flow Integrity (CFI)
|
||||
* jump table entries.
|
||||
*/
|
||||
#ifdef CONFIG_CFI_CLANG
|
||||
#define TEXT_CFI_JT \
|
||||
. = ALIGN(PMD_SIZE); \
|
||||
__cfi_jt_start = .; \
|
||||
*(.text..L.cfi.jumptable .text..L.cfi.jumptable.*) \
|
||||
. = ALIGN(PMD_SIZE); \
|
||||
__cfi_jt_end = .;
|
||||
#else
|
||||
#define TEXT_CFI_JT
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Non-instrumentable text section
|
||||
*/
|
||||
|
|
@ -579,7 +582,6 @@
|
|||
*(.text..refcount) \
|
||||
*(.ref.text) \
|
||||
*(.text.asan.* .text.tsan.*) \
|
||||
TEXT_CFI_JT \
|
||||
MEM_KEEP(init.text*) \
|
||||
MEM_KEEP(exit.text*) \
|
||||
|
||||
|
|
@ -1008,8 +1010,7 @@
|
|||
* keep any .init_array.* sections.
|
||||
* https://bugs.llvm.org/show_bug.cgi?id=46478
|
||||
*/
|
||||
#if defined(CONFIG_GCOV_KERNEL) || defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN) || \
|
||||
defined(CONFIG_CFI_CLANG)
|
||||
#if defined(CONFIG_GCOV_KERNEL) || defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN)
|
||||
# ifdef CONFIG_CONSTRUCTORS
|
||||
# define SANITIZER_DISCARDS \
|
||||
*(.eh_frame)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue