lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Apr 2021 11:28:42 -0700 From: Sami Tolvanen <samitolvanen@...gle.com> To: Kees Cook <keescook@...omium.org> Cc: Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Masahiro Yamada <masahiroy@...nel.org>, Will Deacon <will@...nel.org>, Jessica Yu <jeyu@...nel.org>, Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>, "Paul E. McKenney" <paulmck@...nel.org>, Christoph Hellwig <hch@...radead.org>, Peter Zijlstra <peterz@...radead.org>, Sedat Dilek <sedat.dilek@...il.com>, Mark Rutland <mark.rutland@....com>, Catalin Marinas <catalin.marinas@....com>, bpf@...r.kernel.org, linux-hardening@...r.kernel.org, linux-arch@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-kbuild@...r.kernel.org, linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com, Sami Tolvanen <samitolvanen@...gle.com> Subject: [PATCH v6 17/18] KVM: arm64: Disable CFI for nVHE Disable CFI for the nVHE code to avoid address space confusion. Signed-off-by: Sami Tolvanen <samitolvanen@...gle.com> Reviewed-by: Kees Cook <keescook@...omium.org> Tested-by: Nathan Chancellor <nathan@...nel.org> --- arch/arm64/kvm/hyp/nvhe/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile index a6707df4f6c0..fb24a0f022ad 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -75,9 +75,9 @@ quiet_cmd_hyprel = HYPREL $@ quiet_cmd_hypcopy = HYPCOPY $@ cmd_hypcopy = $(OBJCOPY) --prefix-symbols=__kvm_nvhe_ $< $@ -# Remove ftrace and Shadow Call Stack CFLAGS. -# This is equivalent to the 'notrace' and '__noscs' annotations. -KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) +# Remove ftrace, Shadow Call Stack, and CFI CFLAGS. +# This is equivalent to the 'notrace', '__noscs', and '__nocfi' annotations. +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) $(CC_FLAGS_CFI), $(KBUILD_CFLAGS)) # KVM nVHE code is run at a different exception code with a different map, so # compiler instrumentation that inserts callbacks or checks into the code may -- 2.31.1.295.g9ea45b61b8-goog
Powered by blists - more mailing lists