diff options
| author | Sami Tolvanen <[email protected]> | 2021-04-08 11:28:27 -0700 |
|---|---|---|
| committer | Kees Cook <[email protected]> | 2021-04-08 16:04:20 -0700 |
| commit | ff301ceb5299551c3650d0e07ba879b766da4cc0 (patch) | |
| tree | 21ad193e648129c2c9194bda75acc035364983c4 /tools/perf/scripts/python/export-to-sqlite.py | |
| parent | cf68fffb66d60d96209446bfc4a15291dc5a5d41 (diff) | |
cfi: add __cficanonical
With CONFIG_CFI_CLANG, the compiler replaces a function address taken
in C code with the address of a local jump table entry, which passes
runtime indirect call checks. However, the compiler won't replace
addresses taken in assembly code, which will result in a CFI failure
if we later jump to such an address in instrumented C code. The code
generated for the non-canonical jump table looks this:
<noncanonical.cfi_jt>: /* In C, &noncanonical points here */
jmp noncanonical
...
<noncanonical>: /* function body */
...
This change adds the __cficanonical attribute, which tells the
compiler to use a canonical jump table for the function instead. This
means the compiler will rename the actual function to <function>.cfi
and points the original symbol to the jump table entry instead:
<canonical>: /* jump table entry */
jmp canonical.cfi
...
<canonical.cfi>: /* function body */
...
As a result, the address taken in assembly, or other non-instrumented
code always points to the jump table and therefore, can be used for
indirect calls in instrumented code without tripping CFI checks.
Signed-off-by: Sami Tolvanen <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
Acked-by: Bjorn Helgaas <[email protected]> # pci.h
Tested-by: Nathan Chancellor <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')
0 files changed, 0 insertions, 0 deletions