mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
a7f2106930
This change adds generic support for Clang's Shadow Call Stack, which uses a shadow stack to protect return addresses from being overwritten by an attacker. Details are available here: https://clang.llvm.org/docs/ShadowCallStack.html Note that security guarantees in the kernel differ from the ones documented for user space. The kernel must store addresses of shadow stacks used by other tasks and interrupt handlers in memory, which means an attacker capable reading and writing arbitrary memory may be able to locate them and hijack control flow by modifying shadow stacks that are not currently in use. Bug: 145210207 Change-Id: Ia5f1650593fa95da4efcf86f84830a20989f161c (am from https://lore.kernel.org/patchwork/patch/1149054/) Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
68 lines
2.0 KiB
C
68 lines
2.0 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef __LINUX_COMPILER_TYPES_H
|
|
#error "Please don't include <linux/compiler-clang.h> directly, include <linux/compiler.h> instead."
|
|
#endif
|
|
|
|
/* Some compiler specific definitions are overwritten here
|
|
* for Clang compiler
|
|
*/
|
|
|
|
#ifdef uninitialized_var
|
|
#undef uninitialized_var
|
|
#define uninitialized_var(x) x = *(&(x))
|
|
#endif
|
|
|
|
/* same as gcc, this was present in clang-2.6 so we can assume it works
|
|
* with any version that can compile the kernel
|
|
*/
|
|
#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
|
|
|
|
/* all clang versions usable with the kernel support KASAN ABI version 5 */
|
|
#define KASAN_ABI_VERSION 5
|
|
|
|
/* __no_sanitize_address has been already defined compiler-gcc.h */
|
|
#undef __no_sanitize_address
|
|
|
|
#if __has_feature(address_sanitizer) || __has_feature(hwaddress_sanitizer)
|
|
/* emulate gcc's __SANITIZE_ADDRESS__ flag */
|
|
#define __SANITIZE_ADDRESS__
|
|
#define __no_sanitize_address \
|
|
__attribute__((no_sanitize("address", "hwaddress")))
|
|
#else
|
|
#define __no_sanitize_address
|
|
#endif
|
|
|
|
/* Clang doesn't have a way to turn it off per-function, yet. */
|
|
#ifdef __noretpoline
|
|
#undef __noretpoline
|
|
#endif
|
|
|
|
#ifdef CONFIG_LTO_CLANG
|
|
#ifdef CONFIG_FTRACE_MCOUNT_RECORD
|
|
#define __norecordmcount \
|
|
__attribute__((__section__(".text..ftrace")))
|
|
#endif
|
|
|
|
#define __nocfi __attribute__((no_sanitize("cfi")))
|
|
#endif
|
|
|
|
/*
|
|
* Not all versions of clang implement the the type-generic versions
|
|
* of the builtin overflow checkers. Fortunately, clang implements
|
|
* __has_builtin allowing us to avoid awkward version
|
|
* checks. Unfortunately, we don't know which version of gcc clang
|
|
* pretends to be, so the macro may or may not be defined.
|
|
*/
|
|
#undef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW
|
|
#if __has_builtin(__builtin_mul_overflow) && \
|
|
__has_builtin(__builtin_add_overflow) && \
|
|
__has_builtin(__builtin_sub_overflow)
|
|
#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
|
|
#endif
|
|
|
|
#if __has_feature(shadow_call_stack)
|
|
# define __noscs __attribute__((__no_sanitize__("shadow-call-stack")))
|
|
#else
|
|
# define __noscs
|
|
#endif
|