ANDROID: x86: map CFI jump tables in pti_clone_entry_text

Allow CFI enabled entry code to make indirect calls by also mapping CFI jump tables, and add a check to ensure the jump table section is not empty. Bug: 145297900 Change-Id: I1204c50a139ba62234f3bb4699c50921a831162b Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
2026-06-06 10:58:48 +09:00 · 2020-01-09 13:11:05 -08:00
parent 25776752e7
commit 52fb2d451e
3 changed files with 21 additions and 0 deletions
--- a/arch/x86/include/asm/sections.h
+++ b/arch/x86/include/asm/sections.h
@@ -6,6 +6,7 @@
 #include <asm/extable.h>

 extern char __brk_base[], __brk_limit[];
+extern char __cfi_jt_start[], __cfi_jt_end[];
 extern char __end_rodata_aligned[];

 #if defined(CONFIG_X86_64)
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -144,6 +144,13 @@ SECTIONS
 		*(.text.__x86.indirect_thunk)
 		__indirect_thunk_end = .;
 #endif
+
+#ifdef CONFIG_CFI_CLANG
+		. = ALIGN(PAGE_SIZE);
+		__cfi_jt_start = .;
+		*(.text..L.cfi.jumptable .text..L.cfi.jumptable.*)
+		__cfi_jt_end = .;
+#endif
 	} :text =0xcccc

 	/* End of text section, which should occupy whole number of pages */
@@ -456,3 +463,7 @@ INIT_PER_CPU(irq_stack_backing_store);
           "kexec control code size is too big");
 #endif

+#ifdef CONFIG_CFI_CLANG
+. = ASSERT((__cfi_jt_end - __cfi_jt_start > 0),
+	   "CFI jump table is empty");
+#endif
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -505,6 +505,15 @@ static void pti_clone_entry_text(void)
 	pti_clone_pgtable((unsigned long) __entry_text_start,
 			  (unsigned long) __irqentry_text_end,
 			  PTI_CLONE_PMD);
+
+	/*
+	 * If CFI is enabled, also map jump tables, so the entry code can
+	 * make indirect calls.
+	 */
+	if (IS_ENABLED(CONFIG_CFI_CLANG))
+		pti_clone_pgtable((unsigned long) __cfi_jt_start,
+				  (unsigned long) __cfi_jt_end,
+				  PTI_CLONE_PMD);
 }

 /*