Message ID | 20210312004919.669614-18-samitolvanen@google.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Add support for Clang CFI | expand |
On Thu, Mar 11, 2021 at 04:49:19PM -0800, Sami Tolvanen wrote: > Select ARCH_SUPPORTS_CFI_CLANG to allow CFI to be enabled. > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Random thought: the vDSO doesn't need special handling because it doesn't make any indirect calls, yes?
On Thu, Mar 11, 2021 at 6:51 PM Kees Cook <keescook@chromium.org> wrote: > > On Thu, Mar 11, 2021 at 04:49:19PM -0800, Sami Tolvanen wrote: > > Select ARCH_SUPPORTS_CFI_CLANG to allow CFI to be enabled. > > > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com> > > Reviewed-by: Kees Cook <keescook@chromium.org> > > Random thought: the vDSO doesn't need special handling because it > doesn't make any indirect calls, yes? That might be true, but we also filter out CC_FLAGS_LTO for the vDSO, which disables CFI as well. Sami
On Tue, Mar 16, 2021 at 01:44:33PM -0700, Sami Tolvanen wrote: > On Thu, Mar 11, 2021 at 6:51 PM Kees Cook <keescook@chromium.org> wrote: > > > > On Thu, Mar 11, 2021 at 04:49:19PM -0800, Sami Tolvanen wrote: > > > Select ARCH_SUPPORTS_CFI_CLANG to allow CFI to be enabled. > > > > > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com> > > > > Reviewed-by: Kees Cook <keescook@chromium.org> > > > > Random thought: the vDSO doesn't need special handling because it > > doesn't make any indirect calls, yes? > > That might be true, but we also filter out CC_FLAGS_LTO for the vDSO, > which disables CFI as well. Oh right! That would do it. :)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 1f212b47a48a..6be5b61a0f17 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -75,6 +75,7 @@ config ARM64 select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN select ARCH_SUPPORTS_LTO_CLANG_THIN + select ARCH_SUPPORTS_CFI_CLANG select ARCH_SUPPORTS_ATOMIC_RMW select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 && (GCC_VERSION >= 50000 || CC_IS_CLANG) select ARCH_SUPPORTS_NUMA_BALANCING
Select ARCH_SUPPORTS_CFI_CLANG to allow CFI to be enabled. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+)