• Pierre-Clément Tosi's avatar
    KVM: arm64: nVHE: Support CONFIG_CFI_CLANG at EL2 · eca4ba5b
    Pierre-Clément Tosi authored
    The compiler implements kCFI by adding type information (u32) above
    every function that might be indirectly called and, whenever a function
    pointer is called, injects a read-and-compare of that u32 against the
    value corresponding to the expected type. In case of a mismatch, a BRK
    instruction gets executed. When the hypervisor triggers such an
    exception in nVHE, it panics and triggers and exception return to EL1.
    
    Therefore, teach nvhe_hyp_panic_handler() to detect kCFI errors from the
    ESR and report them. If necessary, remind the user that EL2 kCFI is not
    affected by CONFIG_CFI_PERMISSIVE.
    
    Pass $(CC_FLAGS_CFI) to the compiler when building the nVHE hyp code.
    
    Use SYM_TYPED_FUNC_START() for __pkvm_init_switch_pgd, as nVHE can't
    call it directly and must use a PA function pointer from C (because it
    is part of the idmap page), which would trigger a kCFI failure if the
    type ID wasn't present.
    Signed-off-by: default avatarPierre-Clément Tosi <ptosi@google.com>
    Acked-by: default avatarWill Deacon <will@kernel.org>
    Link: https://lore.kernel.org/r/20240610063244.2828978-9-ptosi@google.comSigned-off-by: default avatarOliver Upton <oliver.upton@linux.dev>
    eca4ba5b
handle_exit.c 12.7 KB