| Message ID | 20220711161130.529294-1-dimitri.ledkov@canonical.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | headers: backport IBT / CFI support | expand |
On 7/11/22 18:11, Dimitri John Ledkov wrote: > Kernels that support IBT on x86 require module_init/exit() functions > to have cfi protection included. Backport __CFI_ADDRESSABLE changes > from upstream linux/module.h into backports version of module.h > header. > > This results in backported modules correctly pick up CFI protection > only when building against IBT enabled kernels. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Thank you for your patch I applied it to master. Hauke -- To unsubscribe from this list: send the line "unsubscribe backports" in
diff --git a/backport/backport-include/linux/module.h b/backport/backport-include/linux/module.h index cd342e0d2fdd..efe970f174ed 100644 --- a/backport/backport-include/linux/module.h +++ b/backport/backport-include/linux/module.h @@ -3,6 +3,10 @@ #include_next <linux/module.h> #include <linux/rcupdate.h> +#ifndef __CFI_ADDRESSABLE +#define __CFI_ADDRESSABLE(fn, __attr) +#endif + /* * The define overwriting module_init is based on the original module_init * which looks like this: @@ -34,6 +38,7 @@ extern void backport_dependency_symbol(void); return initfn(); \ } \ int init_module(void) __attribute__((cold,alias("__init_backport")));\ + __CFI_ADDRESSABLE(init_module, __initdata); \ BACKPORT_MOD_VERSIONS /* @@ -58,7 +63,8 @@ extern void backport_dependency_symbol(void); exitfn(); \ rcu_barrier(); \ } \ - void cleanup_module(void) __attribute__((cold,alias("__exit_compat"))); + void cleanup_module(void) __attribute__((cold,alias("__exit_compat"))); \ + __CFI_ADDRESSABLE(cleanup_module, __exitdata); #endif #endif /* __BACKPORT_LINUX_MODULE_H */
Kernels that support IBT on x86 require module_init/exit() functions to have cfi protection included. Backport __CFI_ADDRESSABLE changes from upstream linux/module.h into backports version of module.h header. This results in backported modules correctly pick up CFI protection only when building against IBT enabled kernels. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- backport/backport-include/linux/module.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)