bpf: disable CFI in dispatcher functions

BPF dispatcher functions are patched at runtime to perform direct instead of indirect calls. Disable CFI for the dispatcher functions to avoid conflicts. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210408182843.1754385-9-samitolvanen@google.com
author: Sami Tolvanen <samitolvanen@google.com> 2021-04-08 11:28:33 -0700
committer: Kees Cook <keescook@chromium.org> 2021-04-08 16:04:21 -0700
commit: 9f5b4009980f369acb80b72235b2d66c3fd6eca6 (patch)
tree: b13d52ef509ebb7e7efbb2ecae47763870c83b88 /include
parent: 8b8e6b5d3b013b0bd849990af2cc0f1321850e19 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 3625f019767d..2f46f98479e1 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -650,7 +650,7 @@ struct bpf_dispatcher {
 	struct bpf_ksym ksym;
 };
 
-static __always_inline unsigned int bpf_dispatcher_nop_func(
+static __always_inline __nocfi unsigned int bpf_dispatcher_nop_func(
 	const void *ctx,
 	const struct bpf_insn *insnsi,
 	unsigned int (*bpf_func)(const void *,
@@ -678,7 +678,7 @@ void bpf_trampoline_put(struct bpf_trampoline *tr);
 }
 
 #define DEFINE_BPF_DISPATCHER(name)					\
-	noinline unsigned int bpf_dispatcher_##name##_func(		\
+	noinline __nocfi unsigned int bpf_dispatcher_##name##_func(	\
 		const void *ctx,					\
 		const struct bpf_insn *insnsi,				\
 		unsigned int (*bpf_func)(const void *,			\
author	Sami Tolvanen <samitolvanen@google.com>	2021-04-08 11:28:33 -0700
committer	Kees Cook <keescook@chromium.org>	2021-04-08 16:04:21 -0700
commit	9f5b4009980f369acb80b72235b2d66c3fd6eca6 (patch)
tree	b13d52ef509ebb7e7efbb2ecae47763870c83b88 /include
parent	8b8e6b5d3b013b0bd849990af2cc0f1321850e19 (diff)