Commit 67dfd72b authored by Sami Tolvanen's avatar Sami Tolvanen Committed by Kees Cook
Browse files

KVM: arm64: Disable CFI for nVHE 



Disable CFI for the nVHE code to avoid address space confusion.

Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarNathan Chancellor <nathan@kernel.org>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210408182843.1754385-18-samitolvanen@google.com
parent 800618f9

arch/arm64/kvm/hyp/nvhe/Makefile

+3 −3
Original line number Diff line number Diff line
@@ -75,9 +75,9 @@ quiet_cmd_hyprel = HYPREL $@ 
quiet_cmd_hypcopy = HYPCOPY $@

      cmd_hypcopy = $(OBJCOPY) --prefix-symbols=__kvm_nvhe_ $< $@



# Remove ftrace and Shadow Call Stack CFLAGS.

# This is equivalent to the 'notrace' and '__noscs' annotations.

KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))

# Remove ftrace, Shadow Call Stack, and CFI CFLAGS.

# This is equivalent to the 'notrace', '__noscs', and '__nocfi' annotations.

KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) $(CC_FLAGS_CFI), $(KBUILD_CFLAGS))



# KVM nVHE code is run at a different exception code with a different map, so

# compiler instrumentation that inserts callbacks or checks into the code may