kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI

export CC_FLAGS_LTO

endif

ifdef CONFIG_CFI_CLANG

ifdef CONFIG_CFI

CC_FLAGS_CFI	:= -fsanitize=kcfi

ifdef CONFIG_CFI_ICALL_NORMALIZE_INTEGERS

	CC_FLAGS_CFI	+= -fsanitize-cfi-icall-experimental-normalize-integers

	  If unsure, say N.

config ARCH_SUPPORTS_CFI_CLANG

config ARCH_SUPPORTS_CFI

	bool

	help

	  An architecture should select this option if it can support Clang's

	  Control-Flow Integrity (CFI) checking.

	  An architecture should select this option if it can support Kernel

	  Control-Flow Integrity (CFI) checking (-fsanitize=kcfi).

config ARCH_USES_CFI_TRAPS

	bool

	help

	  An architecture should select this option if it requires the

	  .kcfi_traps section for KCFI trap handling.

config CFI_CLANG

	bool "Use Clang's Control Flow Integrity (CFI)"

	depends on ARCH_SUPPORTS_CFI_CLANG

config CFI

	bool "Use Kernel Control Flow Integrity (kCFI)"

	default CFI_CLANG

	depends on ARCH_SUPPORTS_CFI

	depends on $(cc-option,-fsanitize=kcfi)

	help

	  This option enables Clang's forward-edge Control Flow Integrity

	  (CFI) checking, where the compiler injects a runtime check to each

	  This option enables forward-edge Control Flow Integrity (CFI)

	  checking, where the compiler injects a runtime check to each

	  indirect function call to ensure the target is a valid function with

	  the correct static type. This restricts possible call targets and

	  makes it more difficult for an attacker to exploit bugs that allow

	    https://clang.llvm.org/docs/ControlFlowIntegrity.html

config CFI_CLANG

	bool

	transitional

	help

	  Transitional config for CFI_CLANG to CFI migration.

config CFI_ICALL_NORMALIZE_INTEGERS

	bool "Normalize CFI tags for integers"

	depends on CFI_CLANG

	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG

	depends on CFI

	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS

	help

	  This option normalizes the CFI tags for integer types so that all

	  integer types of the same size and signedness receive the same CFI

	  This option is necessary for using CFI with Rust. If unsure, say N.

config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG

config HAVE_CFI_ICALL_NORMALIZE_INTEGERS

	def_bool y

	depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)

	# With GCOV/KASAN we need this fix: https://github.com/llvm/llvm-project/pull/104826

config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC

	def_bool y

	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG

	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS

	depends on RUSTC_VERSION >= 107900

	# With GCOV/KASAN we need this fix: https://github.com/rust-lang/rust/pull/129373

	depends on (RUSTC_LLVM_VERSION >= 190103 && RUSTC_VERSION >= 108200) || \

config CFI_PERMISSIVE

	bool "Use CFI in permissive mode"

	depends on CFI_CLANG

	depends on CFI

	help

	  When selected, Control Flow Integrity (CFI) violations result in a

	  warning instead of a kernel panic. This option should only be used

	select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7

	select ARCH_NEED_CMPXCHG_1_EMU if CPU_V6

	select ARCH_SUPPORTS_ATOMIC_RMW

	select ARCH_SUPPORTS_CFI_CLANG

	select ARCH_SUPPORTS_CFI

	select ARCH_SUPPORTS_HUGETLBFS if ARM_LPAE

	select ARCH_SUPPORTS_PER_VMA_LOCK

	select ARCH_USE_BUILTIN_BSWAP

	watchpoint_single_step_handler(addr);

}

#ifdef CONFIG_CFI_CLANG

#ifdef CONFIG_CFI

static void hw_breakpoint_cfi_handler(struct pt_regs *regs)

{

	/*

obj-$(CONFIG_CPU_V6K)		+= proc-v6.o

obj-$(CONFIG_CPU_V7)		+= proc-v7.o proc-v7-bugs.o

obj-$(CONFIG_CPU_V7M)		+= proc-v7m.o

obj-$(CONFIG_CFI_CLANG)		+= proc.o

obj-$(CONFIG_CFI)		+= proc.o

obj-$(CONFIG_OUTER_CACHE)	+= l2c-common.o

obj-$(CONFIG_CACHE_B15_RAC)	+= cache-b15-rac.o