arm64: add __nocfi to __apply_alternatives

__apply_alternatives makes indirect calls to functions whose address is taken in assembly code using the alternative_cb macro. With non-canonical CFI, the compiler won't replace these function references with the jump table addresses, which trips CFI. Disable CFI checking in the function to work around the issue. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210408182843.1754385-16-samitolvanen@google.com
author: Sami Tolvanen <samitolvanen@google.com> 2021-04-08 11:28:40 -0700
committer: Kees Cook <keescook@chromium.org> 2021-04-08 16:04:23 -0700
commit: 9562f3dc6f502d78fd5c8c56f5826e93b781bd46 (patch)
tree: abc24fa2fbbd466329211e1b16e3120d100b2d49 /arch/arm64/kernel
parent: cbdac8413e33bd1b9de45eeb10221c4686d743a6 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c
index 1184c44ea2c7..abc84636af07 100644
--- a/arch/arm64/kernel/alternative.c
+++ b/arch/arm64/kernel/alternative.c
@@ -133,8 +133,8 @@ static void clean_dcache_range_nopatch(u64 start, u64 end)
 	} while (cur += d_size, cur < end);
 }
 
-static void __apply_alternatives(void *alt_region,  bool is_module,
-				 unsigned long *feature_mask)
+static void __nocfi __apply_alternatives(void *alt_region,  bool is_module,
+					 unsigned long *feature_mask)
 {
 	struct alt_instr *alt;
 	struct alt_region *region = alt_region;
author	Sami Tolvanen <samitolvanen@google.com>	2021-04-08 11:28:40 -0700
committer	Kees Cook <keescook@chromium.org>	2021-04-08 16:04:23 -0700
commit	9562f3dc6f502d78fd5c8c56f5826e93b781bd46 (patch)
tree	abc24fa2fbbd466329211e1b16e3120d100b2d49 /arch/arm64/kernel
parent	cbdac8413e33bd1b9de45eeb10221c4686d743a6 (diff)