1 /* SPDX-License-Identifier: GPL-2.0 */
6 * Clang Control Flow Integrity (CFI) support.
8 * Copyright (C) 2022 Google LLC
10 #include <linux/bug.h>
14 * An overview of the various calling conventions...
39 * call foo / call foo+4
50 * movl $0x12345678, %eax
51 * # 11 nops when CONFIG_CALL_PADDING
58 * call foo # / call foo+4 when IBT
63 * movl $(-0x12345678), %r10d
64 * addl -4(%r11), %r10d # -15 when CONFIG_CALL_PADDING
70 * FineIBT (builds as kCFI + CALL_PADDING + IBT + RETPOLINE and runtime patches into):
74 * subl 0x12345678, %r10d
79 * osp nop3 # was endbr64
84 * call foo / call foo+4
89 * movl $0x12345678, %r10d
96 CFI_DEFAULT, /* FineIBT if hardware has IBT, otherwise kCFI */
97 CFI_OFF, /* Taditional / IBT depending on .config */
98 CFI_KCFI, /* Optionally CALL_PADDING, IBT, RETPOLINE */
99 CFI_FINEIBT, /* see arch/x86/kernel/alternative.c */
102 extern enum cfi_mode cfi_mode;
106 #ifdef CONFIG_CFI_CLANG
107 enum bug_trap_type handle_cfi_failure(struct pt_regs *regs);
109 extern u32 cfi_bpf_hash;
110 extern u32 cfi_bpf_subprog_hash;
112 static inline int cfi_get_offset(void)
118 if (IS_ENABLED(CONFIG_CALL_PADDING))
125 #define cfi_get_offset cfi_get_offset
127 extern u32 cfi_get_func_hash(void *func);
130 static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs)
132 return BUG_TRAP_TYPE_NONE;
134 #define cfi_bpf_hash 0U
135 #define cfi_bpf_subprog_hash 0U
136 static inline u32 cfi_get_func_hash(void *func)
140 #endif /* CONFIG_CFI_CLANG */
142 #if HAS_KERNEL_IBT == 1
143 #define CFI_NOSEAL(x) asm(IBT_NOSEAL(__stringify(x)))
146 #endif /* _ASM_X86_CFI_H */