KVM: arm64: Disable CFI for nVHE

Disable CFI for the nVHE code to avoid address space confusion. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210408182843.1754385-18-samitolvanen@google.com
author: Sami Tolvanen <samitolvanen@google.com> 2021-04-08 11:28:42 -0700
committer: Kees Cook <keescook@chromium.org> 2021-04-08 16:04:23 -0700
commit: 67dfd72b3e8ab237aaa09cad5380b9e8c8cb65db (patch)
tree: 92e5553011a2c282827567994b88d99a0b946d25
parent: 800618f955a9647d8e03b9a367da974f7eecb120 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
index a6707df4f6c0..fb24a0f022ad 100644
--- a/arch/arm64/kvm/hyp/nvhe/Makefile
+++ b/arch/arm64/kvm/hyp/nvhe/Makefile
@@ -75,9 +75,9 @@ quiet_cmd_hyprel = HYPREL  $@
 quiet_cmd_hypcopy = HYPCOPY $@
       cmd_hypcopy = $(OBJCOPY) --prefix-symbols=__kvm_nvhe_ $< $@
 
-# Remove ftrace and Shadow Call Stack CFLAGS.
-# This is equivalent to the 'notrace' and '__noscs' annotations.
-KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
+# Remove ftrace, Shadow Call Stack, and CFI CFLAGS.
+# This is equivalent to the 'notrace', '__noscs', and '__nocfi' annotations.
+KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) $(CC_FLAGS_CFI), $(KBUILD_CFLAGS))
 
 # KVM nVHE code is run at a different exception code with a different map, so
 # compiler instrumentation that inserts callbacks or checks into the code may
author	Sami Tolvanen <samitolvanen@google.com>	2021-04-08 11:28:42 -0700
committer	Kees Cook <keescook@chromium.org>	2021-04-08 16:04:23 -0700
commit	67dfd72b3e8ab237aaa09cad5380b9e8c8cb65db (patch)
tree	92e5553011a2c282827567994b88d99a0b946d25
parent	800618f955a9647d8e03b9a367da974f7eecb120 (diff)