[PATCH AUTOSEL 6.1 51/68] cfi: Add CFI_NOSEAL()
From: Sasha Levin
Date: Tue Jan 16 2024 - 16:17:05 EST
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
[ Upstream commit e9d13b9d2f99ccf7afeab490d97eaa5ac9846598 ]
Add a CFI_NOSEAL() helper to mark functions that need to retain their
CFI information, despite not otherwise leaking their address.
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20231215092707.669401084@xxxxxxxxxxxxx
Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
arch/x86/include/asm/cfi.h | 5 +++++
include/linux/cfi.h | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/arch/x86/include/asm/cfi.h b/arch/x86/include/asm/cfi.h
index 58dacd90daef..67b010c224e4 100644
--- a/arch/x86/include/asm/cfi.h
+++ b/arch/x86/include/asm/cfi.h
@@ -9,6 +9,7 @@
*/
#include <linux/cfi.h>
+#include <asm/ibt.h>
#ifdef CONFIG_CFI_CLANG
enum bug_trap_type handle_cfi_failure(struct pt_regs *regs);
@@ -19,4 +20,8 @@ static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs)
}
#endif /* CONFIG_CFI_CLANG */
+#if HAS_KERNEL_IBT == 1
+#define CFI_NOSEAL(x) asm(IBT_NOSEAL(__stringify(x)))
+#endif
+
#endif /* _ASM_X86_CFI_H */
diff --git a/include/linux/cfi.h b/include/linux/cfi.h
index 5e134f4ce8b7..f2f722c5aedd 100644
--- a/include/linux/cfi.h
+++ b/include/linux/cfi.h
@@ -36,4 +36,8 @@ static inline void module_cfi_finalize(const Elf_Ehdr *hdr,
#endif /* CONFIG_ARCH_USES_CFI_TRAPS */
#endif /* CONFIG_MODULES */
+#ifndef CFI_NOSEAL
+#define CFI_NOSEAL(x)
+#endif
+
#endif /* _LINUX_CFI_H */
--
2.43.0