add support for clang Control Flow Integrity (CFI)

This change adds the CONFIG_CFI_CLANG option, CFI error handling, and a faster look-up table for cross module CFI checks. Bug: 67506682 Change-Id: Ic009f0a629b552a0eb16e6d89808c7029e91447d Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
2017-05-11 15:03:36 -07:00 · 2017-05-11 15:03:36 -07:00 · 00a195e7c0
commit 00a195e7c0
parent b13cf8585d
13 changed files with 444 additions and 2 deletions
--- a/include/linux/module.h
+++ b/include/linux/module.h
@ -20,6 +20,7 @@
 #include <linux/export.h>
 #include <linux/extable.h>	/* only as arch move module.h -> extable.h */
 #include <linux/rbtree_latch.h>
+#include <linux/cfi.h>

 #include <linux/percpu.h>
 #include <asm/module.h>
@ -349,6 +350,10 @@ struct module {
 	const unsigned long *crcs;
 	unsigned int num_syms;

+#ifdef CONFIG_CFI_CLANG
+	cfi_check_fn cfi_check;
+#endif
+
 	/* Kernel parameters. */
 #ifdef CONFIG_SYSFS
 	struct mutex param_lock;