This series adds support for Clang's Control-Flow Integrity (CFI) checking for x86_64. With CFI, the compiler injects a runtime check before each indirect function call to ensure the target is a valid function with the correct static type. This restricts possible call targets and makes it more difficult for an attacker to exploit bugs that allow the modification of stored function pointers. For more details, see:
https://clang.llvm.org/docs/ControlFlowIntegrity.html The first two patches contain objtool support for CFI, and the remaining patches disable CFI where it shouldn't be used and fix other smaller issues, such as type conflicts that confuse the compiler. Note that the patches are based on next-20210416. You can also pull the series from https://github.com/samitolvanen/linux.git x86-cfi-v1 Kees Cook (3): x86/extable: Do not mark exception callback as CFI x86/alternatives: Use C int3 selftest but disable KASAN x86, relocs: Ignore __typeid__ relocations Sami Tolvanen (12): objtool: Find a destination for jumps beyond the section end objtool: Add CONFIG_CFI_CLANG support objtool: Add ASM_STACK_FRAME_NON_STANDARD static_call: Use global functions for the self-test x86: Implement function_nocfi x86: Avoid CFI jump tables in IDT and entry points x86/ftrace: Use function_nocfi in MCOUNT_ADDR x86/purgatory: Disable CFI x86, module: Ignore __typeid__ relocations x86, cpu: Use LTO for cpu.c with CFI x86, kprobes: Fix optprobe_template_func type mismatch x86, build: Allow CONFIG_CFI_CLANG to be selected arch/x86/Kconfig | 1 + arch/x86/include/asm/desc.h | 8 ++++- arch/x86/include/asm/ftrace.h | 2 +- arch/x86/include/asm/page.h | 14 +++++++++ arch/x86/kernel/Makefile | 3 ++ arch/x86/kernel/alternative.c | 21 +++---------- arch/x86/kernel/cpu/common.c | 8 ++--- arch/x86/kernel/idt.c | 2 +- arch/x86/kernel/kprobes/opt.c | 4 +-- arch/x86/kernel/module.c | 4 +++ arch/x86/kernel/traps.c | 2 +- arch/x86/mm/extable.c | 1 + arch/x86/power/Makefile | 2 ++ arch/x86/purgatory/Makefile | 2 +- arch/x86/tools/relocs.c | 7 +++++ arch/x86/xen/Makefile | 2 ++ include/linux/objtool.h | 5 +++ kernel/static_call.c | 4 +-- tools/include/linux/objtool.h | 5 +++ tools/objtool/check.c | 4 +++ tools/objtool/elf.c | 48 +++++++++++++++++++++++++++++ tools/objtool/include/objtool/elf.h | 2 +- 22 files changed, 119 insertions(+), 32 deletions(-) base-commit: 18250b538735142307082e4e99e3ae5c12d44013 -- 2.31.1.368.gbe11c130af-goog
