cfi: Use __builtin_function_start

Clang 14 added support for the __builtin_function_start function,
which allows us to implement the function_nocfi macro without
architecture-specific inline assembly and in a way that also works
with static initializers.

Change CONFIG_CFI_CLANG to depend on Clang >= 14, define
function_nocfi using __builtin_function_start, and remove the arm64
inline assembly implementation.

Link: https://github.com/llvm/llvm-project/commit/ec2e26eaf63558934f5b73a6e530edc453cf9508
Link: https://github.com/ClangBuiltLinux/linux/issues/1353
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Will Deacon <will@kernel.org> # arm64
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220405221618.633743-1-samitolvanen@google.com

diff --git a/arch/Kconfig b/arch/Kconfig
index 29b0167c088b8af08b7fd53f08b32f4d15296e76..c1627bce4a3a4fddd2573b618b3a7d9e25d50f56 100644 (file)
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -723,10 +723,7 @@ config ARCH_SUPPORTS_CFI_CLANG
 config CFI_CLANG
        bool "Use Clang's Control Flow Integrity (CFI)"
        depends on LTO_CLANG && ARCH_SUPPORTS_CFI_CLANG
-       # Clang >= 12:
-       # - https://bugs.llvm.org/show_bug.cgi?id=46258
-       # - https://bugs.llvm.org/show_bug.cgi?id=47479
-       depends on CLANG_VERSION >= 120000
+       depends on CLANG_VERSION >= 140000
        select KALLSYMS
        help
          This option enables Clang’s forward-edge Control Flow Integrity

diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h
index dc3ea4080e2eb62962a1d1d9eca8ab3e67ebd7e2..6fb2e6bcc392fe8b0f5e7ebee1a1893fdc4c548d 100644 (file)
--- a/arch/arm64/include/asm/compiler.h
+++ b/arch/arm64/include/asm/compiler.h
@@ -23,20 +23,4 @@
 #define __builtin_return_address(val)                                  \
        (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))
 
-#ifdef CONFIG_CFI_CLANG
-/*
- * With CONFIG_CFI_CLANG, the compiler replaces function address
- * references with the address of the function's CFI jump table
- * entry. The function_nocfi macro always returns the address of the
- * actual function instead.
- */
-#define function_nocfi(x) ({                                           \
-       void *addr;                                                     \
-       asm("adrp %0, " __stringify(x) "\n\t"                           \
-           "add  %0, %0, :lo12:" __stringify(x)                        \
-           : "=r" (addr));                                             \
-       addr;                                                           \
-})
-#endif
-
 #endif /* __ASM_COMPILER_H */

diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
index babb1347148c5d6327601aac1d569b63825d370b..c84fec767445d69f5fadf1a2687d0c99da2b8ce4 100644 (file)
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@@ -69,6 +69,16 @@
 #define __nocfi                __attribute__((__no_sanitize__("cfi")))
 #define __cficanonical __attribute__((__cfi_canonical_jump_table__))
 
+#if defined(CONFIG_CFI_CLANG)
+/*
+ * With CONFIG_CFI_CLANG, the compiler replaces function address
+ * references with the address of the function's CFI jump table
+ * entry. The function_nocfi macro always returns the address of the
+ * actual function instead.
+ */
+#define function_nocfi(x)      __builtin_function_start(x)
+#endif
+
 /*
  * Turn individual warnings and errors on and off locally, depending
  * on version.