Kernels that support IBT on x86 require module_init/exit() functions
to have cfi protection included. Backport __CFI_ADDRESSABLE changes
from upstream linux/module.h into backports version of module.h
header.
This results in backported modules correctly pick up CFI protection
only when building against IBT enabled kernels.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx>
---
backport/backport-include/linux/module.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/backport/backport-include/linux/module.h b/backport/backport-include/linux/module.h
index cd342e0d2fdd..efe970f174ed 100644
--- a/backport/backport-include/linux/module.h
+++ b/backport/backport-include/linux/module.h
@@ -3,6 +3,10 @@
#include_next <linux/module.h>
#include <linux/rcupdate.h>
+#ifndef __CFI_ADDRESSABLE
+#define __CFI_ADDRESSABLE(fn, __attr)
+#endif
+
/*
* The define overwriting module_init is based on the original module_init
* which looks like this:
@@ -34,6 +38,7 @@ extern void backport_dependency_symbol(void);
return initfn(); \
} \
int init_module(void) __attribute__((cold,alias("__init_backport")));\
+ __CFI_ADDRESSABLE(init_module, __initdata); \
BACKPORT_MOD_VERSIONS
/*
@@ -58,7 +63,8 @@ extern void backport_dependency_symbol(void);
exitfn(); \
rcu_barrier(); \
} \
- void cleanup_module(void) __attribute__((cold,alias("__exit_compat")));
+ void cleanup_module(void) __attribute__((cold,alias("__exit_compat"))); \
+ __CFI_ADDRESSABLE(cleanup_module, __exitdata);
#endif
#endif /* __BACKPORT_LINUX_MODULE_H */
--
2.32.0
--
To unsubscribe from this list: send the line "unsubscribe backports" in
