On Mon, 10 Jun 2024 07:32:29 +0100, Pierre-Clément Tosi wrote:
> CONFIG_CFI_CLANG ("kernel Control Flow Integrity") makes the compiler inject
> runtime type checks before any indirect function call. On AArch64, it generates
> a BRK instruction to be executed on type mismatch and encodes the indices of the
> registers holding the branch target and expected type in the immediate of the
> instruction. As a result, a synchronous exception gets triggered on kCFI failure
> and the fault handler can retrieve the immediate (and indices) from ESR_ELx.
>
> [...]
Applied to kvmarm/next, thanks!
[1/8] KVM: arm64: Fix clobbered ELR in sync abort/SError
https://git.kernel.org/kvmarm/kvmarm/c/a8f0655887cc
[2/8] KVM: arm64: Fix __pkvm_init_switch_pgd call ABI
https://git.kernel.org/kvmarm/kvmarm/c/ea9d7c83d14e
[3/8] KVM: arm64: nVHE: Simplify invalid_host_el2_vect
https://git.kernel.org/kvmarm/kvmarm/c/6e3b773ed6bc
[4/8] KVM: arm64: nVHE: gen-hyprel: Skip R_AARCH64_ABS32
https://git.kernel.org/kvmarm/kvmarm/c/4ab3f9dd561b
[5/8] KVM: arm64: VHE: Mark __hyp_call_panic __noreturn
https://git.kernel.org/kvmarm/kvmarm/c/3c6eb6487693
[6/8] arm64: Introduce esr_brk_comment, esr_is_cfi_brk
https://git.kernel.org/kvmarm/kvmarm/c/7a928b32f1de
[7/8] KVM: arm64: Introduce print_nvhe_hyp_panic helper
https://git.kernel.org/kvmarm/kvmarm/c/8f3873a39529
[8/8] KVM: arm64: nVHE: Support CONFIG_CFI_CLANG at EL2
https://git.kernel.org/kvmarm/kvmarm/c/eca4ba5b6dff
--
Best,
Oliver
