git.ipfire.org Git - thirdparty/linux.git/commit

author	Sami Tolvanen <samitolvanen@google.com>
	Thu, 8 Sep 2022 21:54:47 +0000 (14:54 -0700)
committer	Kees Cook <keescook@chromium.org>
	Mon, 26 Sep 2022 17:13:13 +0000 (10:13 -0700)
commit	89245600941e4e0f87d77f60ee269b5e61ef4e49
tree	a0069b5bd625907cb854091e6dbbeed4964815b0	tree \| snapshot
parent	92efda8eb15295a07f450828b2db14485bfc09c2	commit \| diff

cfi: Switch to -fsanitize=kcfi

Switch from Clang's original forward-edge control-flow integrity
implementation to -fsanitize=kcfi, which is better suited for the
kernel, as it doesn't require LTO, doesn't use a jump table that
requires altering function references, and won't break cross-module
function address equality.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-6-samitolvanen@google.com

Makefile		diff \| blob \| blame \| history
arch/Kconfig		diff \| blob \| blame \| history
include/asm-generic/vmlinux.lds.h		diff \| blob \| blame \| history
include/linux/cfi.h		diff \| blob \| blame \| history
include/linux/compiler-clang.h		diff \| blob \| blame \| history
include/linux/module.h		diff \| blob \| blame \| history
kernel/cfi.c		diff \| blob \| blame \| history
kernel/module/main.c		diff \| blob \| blame \| history
scripts/module.lds.S		diff \| blob \| blame \| history