From ff301ceb5299551c3650d0e07ba879b766da4cc0 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Thu, 8 Apr 2021 11:28:27 -0700 Subject: cfi: add __cficanonical With CONFIG_CFI_CLANG, the compiler replaces a function address taken in C code with the address of a local jump table entry, which passes runtime indirect call checks. However, the compiler won't replace addresses taken in assembly code, which will result in a CFI failure if we later jump to such an address in instrumented C code. The code generated for the non-canonical jump table looks this: : /* In C, &noncanonical points here */ jmp noncanonical ... : /* function body */ ... This change adds the __cficanonical attribute, which tells the compiler to use a canonical jump table for the function instead. This means the compiler will rename the actual function to .cfi and points the original symbol to the jump table entry instead: : /* jump table entry */ jmp canonical.cfi ... : /* function body */ ... As a result, the address taken in assembly, or other non-instrumented code always points to the jump table and therefore, can be used for indirect calls in instrumented code without tripping CFI checks. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Acked-by: Bjorn Helgaas # pci.h Tested-by: Nathan Chancellor Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20210408182843.1754385-3-samitolvanen@google.com --- include/linux/compiler-clang.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/linux/compiler-clang.h') diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 6de9d0c9377e..adbe76b203e2 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -63,3 +63,4 @@ #endif #define __nocfi __attribute__((__no_sanitize__("cfi"))) +#define __cficanonical __attribute__((__cfi_canonical_jump_table__)) -- cgit