mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-14 14:34:28 +08:00
865dad2022
This replaces the prior support for Clang's standard Control Flow Integrity (CFI) instrumentation, which has required a lot of special conditions (e.g. LTO) and work-arounds. The current implementation ("Kernel CFI") is specific to C, directly designed for the Linux kernel, and takes advantage of architectural features like x86's IBT. This series retains arm64 support and adds x86 support. Additional "generic" architectural support is expected soon: https://github.com/samitolvanen/llvm-project/commits/kcfi_generic - treewide: Remove old CFI support details - arm64: Replace Clang CFI support with Clang KCFI support - x86: Introduce Clang KCFI support -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmM4aAUWHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJkgWD/4mUgb7xewNIG/+fuipGd620Iao K0T8q4BNxLNRltOxNc3Q0WMDCggX0qJGCeds7EdFQJQOGxWcbifM8MAS4idAGM0G fc3Gxl1imC/oF6goCAbQgndA6jYFIWXGsv8LsRjAXRidWLFr3GFAqVqYJyokSySr 8zMQsEDuF4I1gQnOhEWdtPZbV3MQ4ZjfFzpv+33agbq6Gb72vKvDh3G6g2VXlxjt 1qnMtS+eEpbBU65cJkOi4MSLgymWbnIAeTMb0dbsV4kJ08YoTl8uz1B+weeH6GgT WP73ZJ4nqh1kkkT9EqS9oKozNB9fObhvCokEuAjuQ7i1eCEZsbShvRc0iL7OKTGG UfuTJa5qQ4h7Z0JS35FCSJETa+fcG0lTyEd133nLXLMZP9K2antf+A6O//fd0J1V Jg4VN7DQmZ+UNGOzRkL6dTtQUy4PkxhniIloaClfSYXxhNirA+v//sHTnTK3z2Bl 6qceYqmFmns2Laual7+lvnZgt6egMBcmAL/MOdbU74+KIR9Xw76wxQjifktHX+WF FEUQkUJDB5XcUyKlbvHoqobRMxvEZ8RIlC5DIkgFiPRE3TI0MqfzNSFnQ/6+lFNg Y0AS9HYJmcj8sVzAJ7ji24WPFCXzsbFn6baJa9usDNbWyQZokYeiv7ZPNPHPDVrv YEBP6aYko0lVSUS9qw== =Li4D -----END PGP SIGNATURE----- Merge tag 'kcfi-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull kcfi updates from Kees Cook: "This replaces the prior support for Clang's standard Control Flow Integrity (CFI) instrumentation, which has required a lot of special conditions (e.g. LTO) and work-arounds. The new implementation ("Kernel CFI") is specific to C, directly designed for the Linux kernel, and takes advantage of architectural features like x86's IBT. This series retains arm64 support and adds x86 support. GCC support is expected in the future[1], and additional "generic" architectural support is expected soon[2]. Summary: - treewide: Remove old CFI support details - arm64: Replace Clang CFI support with Clang KCFI support - x86: Introduce Clang KCFI support" Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107048 [1] Link: https://github.com/samitolvanen/llvm-project/commits/kcfi_generic [2] * tag 'kcfi-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (22 commits) x86: Add support for CONFIG_CFI_CLANG x86/purgatory: Disable CFI x86: Add types to indirectly called assembly functions x86/tools/relocs: Ignore __kcfi_typeid_ relocations kallsyms: Drop CONFIG_CFI_CLANG workarounds objtool: Disable CFI warnings objtool: Preserve special st_shndx indexes in elf_update_symbol treewide: Drop __cficanonical treewide: Drop WARN_ON_FUNCTION_MISMATCH treewide: Drop function_nocfi init: Drop __nocfi from __init arm64: Drop unneeded __nocfi attributes arm64: Add CFI error handling arm64: Add types to indirect called assembly functions psci: Fix the function type for psci_initcall_t lkdtm: Emit an indirect call for CFI tests cfi: Add type helper macros cfi: Switch to -fsanitize=kcfi cfi: Drop __CFI_ADDRESSABLE cfi: Remove CONFIG_CFI_CLANG_SHADOW ... |
||
---|---|---|
.. | ||
bitops | ||
vdso | ||
access_ok.h | ||
archrandom.h | ||
asm-offsets.h | ||
asm-prototypes.h | ||
atomic64.h | ||
atomic.h | ||
audit_change_attr.h | ||
audit_dir_write.h | ||
audit_read.h | ||
audit_signal.h | ||
audit_write.h | ||
barrier.h | ||
bitops.h | ||
bitsperlong.h | ||
bug.h | ||
bugs.h | ||
cache.h | ||
cacheflush.h | ||
checksum.h | ||
cmpxchg-local.h | ||
cmpxchg.h | ||
compat.h | ||
current.h | ||
delay.h | ||
device.h | ||
div64.h | ||
dma-mapping.h | ||
dma.h | ||
early_ioremap.h | ||
emergency-restart.h | ||
error-injection.h | ||
exec.h | ||
export.h | ||
extable.h | ||
fb.h | ||
fixmap.h | ||
flat.h | ||
ftrace.h | ||
futex.h | ||
getorder.h | ||
gpio.h | ||
hardirq.h | ||
hugetlb.h | ||
hw_irq.h | ||
hyperv-tlfs.h | ||
ide_iops.h | ||
int-ll64.h | ||
io.h | ||
ioctl.h | ||
iomap.h | ||
irq_regs.h | ||
irq_work.h | ||
irq.h | ||
irqflags.h | ||
Kbuild | ||
kdebug.h | ||
kmap_size.h | ||
kprobes.h | ||
kvm_para.h | ||
kvm_types.h | ||
linkage.h | ||
local64.h | ||
local.h | ||
logic_io.h | ||
mcs_spinlock.h | ||
memory_model.h | ||
mm_hooks.h | ||
mmiowb_types.h | ||
mmiowb.h | ||
mmu_context.h | ||
mmu.h | ||
module.h | ||
module.lds.h | ||
mshyperv.h | ||
msi.h | ||
nommu_context.h | ||
numa.h | ||
page.h | ||
param.h | ||
parport.h | ||
pci_iomap.h | ||
pci.h | ||
percpu.h | ||
pgalloc.h | ||
pgtable_uffd.h | ||
pgtable-nop4d.h | ||
pgtable-nopmd.h | ||
pgtable-nopud.h | ||
preempt.h | ||
qrwlock_types.h | ||
qrwlock.h | ||
qspinlock_types.h | ||
qspinlock.h | ||
resource.h | ||
rwonce.h | ||
seccomp.h | ||
sections.h | ||
serial.h | ||
set_memory.h | ||
shmparam.h | ||
signal.h | ||
simd.h | ||
softirq_stack.h | ||
spinlock_types.h | ||
spinlock.h | ||
statfs.h | ||
string.h | ||
switch_to.h | ||
syscall.h | ||
syscalls.h | ||
termios-base.h | ||
termios.h | ||
timex.h | ||
tlb.h | ||
tlbflush.h | ||
topology.h | ||
trace_clock.h | ||
uaccess.h | ||
unaligned.h | ||
user.h | ||
vermagic.h | ||
vga.h | ||
vmlinux.lds.h | ||
vtime.h | ||
word-at-a-time.h | ||
xor.h |