Commit c90841db authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'hardening-v6.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull hardening fixes from Kees Cook:
 "This is a work-around for a (now fixed) corner case in the arm32 build
  with Clang KCFI enabled.

   - Introduce __nocfi_generic for arm32 Clang (Nathan Chancellor)"

* tag 'hardening-v6.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  libeth: xdp: Disable generic kCFI pass for libeth_xdp_tx_xmit_bulk()
  ARM: Select ARCH_USES_CFI_GENERIC_LLVM_PASS
  compiler_types: Introduce __nocfi_generic
parents c2c2ccfd c57f5fee

arch/Kconfig

+7 −0
Original line number Diff line number Diff line
@@ -917,6 +917,13 @@ config ARCH_USES_CFI_TRAPS 
	  An architecture should select this option if it requires the

	  .kcfi_traps section for KCFI trap handling.



config ARCH_USES_CFI_GENERIC_LLVM_PASS

	bool

	help

	  An architecture should select this option if it uses the generic

	  KCFIPass in LLVM to expand kCFI bundles instead of architecture-specific

	  lowering.



config CFI

	bool "Use Kernel Control Flow Integrity (kCFI)"

	default CFI_CLANG

arch/arm/Kconfig

+2 −0
Original line number Diff line number Diff line
@@ -44,6 +44,8 @@ config ARM 
	select ARCH_USE_BUILTIN_BSWAP

	select ARCH_USE_CMPXCHG_LOCKREF

	select ARCH_USE_MEMTEST

	# https://github.com/llvm/llvm-project/commit/d130f402642fba3d065aacb506cb061c899558de

	select ARCH_USES_CFI_GENERIC_LLVM_PASS if CLANG_VERSION < 220000

	select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU

	select ARCH_WANT_GENERAL_HUGETLB

	select ARCH_WANT_IPC_PARSE_VERSION

include/linux/compiler_types.h

+6 −0
Original line number Diff line number Diff line
@@ -461,6 +461,12 @@ struct ftrace_likely_data { 
# define __nocfi

#endif



#if defined(CONFIG_ARCH_USES_CFI_GENERIC_LLVM_PASS)

# define __nocfi_generic	__nocfi

#else

# define __nocfi_generic

#endif



/*

 * Any place that could be marked with the "alloc_size" attribute is also

 * a place to be marked with the "malloc" attribute, except those that may

include/net/libeth/xdp.h

+1 −1
Original line number Diff line number Diff line
@@ -513,7 +513,7 @@ struct libeth_xdp_tx_desc { 
 * can't fail, but can send less frames if there's no enough free descriptors

 * available. The actual free space is returned by @prep from the driver.

 */

static __always_inline u32

static __always_inline __nocfi_generic u32

libeth_xdp_tx_xmit_bulk(const struct libeth_xdp_tx_frame *bulk, void *xdpsq,

			u32 n, bool unroll, u64 priv,

			u32 (*prep)(void *xdpsq, struct libeth_xdpsq *sq),