ANDROID: add support for Clang's Control Flow Integrity (CFI) This change adds the CONFIG_CFI_CLANG option, CFI error handling, and a faster look-up table for cross module CFI checks. Bug: 145210207 Change-Id: I68d620ca548a911e2f49ba801bc0531406e679a3 Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

commit: 2c351bb70ac5e5212f247a495199042a95b43e38 [log] [tgz]
author: Sami Tolvanen <samitolvanen@google.com> Thu Apr 25 16:09:05 2019 -0700
committer: Alistair Delva <adelva@google.com> Thu Jan 14 16:28:57 2021 +0000
tree: 980633883b6cd4dfa1c90ccaafe296d59ca36275
parent: 3d04fb2c95c39bc96b17c1122990eec77807e5e7 [diff] [blame]
diff --git a/Makefile b/Makefile
index f6bc8f8..7953a60 100644
--- a/Makefile
+++ b/Makefile

@@ -915,6 +915,27 @@
 export CC_FLAGS_LTO
 endif
 
+ifdef CONFIG_CFI_CLANG
+CC_FLAGS_CFI	:= -fsanitize=cfi \
+		   -fsanitize-cfi-cross-dso \
+		   -fno-sanitize-cfi-canonical-jump-tables \
+		   -fno-sanitize-blacklist
+
+ifdef CONFIG_CFI_PERMISSIVE
+CC_FLAGS_CFI	+= -fsanitize-recover=cfi \
+		   -fno-sanitize-trap=cfi
+else
+ifndef CONFIG_UBSAN_TRAP
+CC_FLAGS_CFI	+= -ftrap-function=__ubsan_handle_cfi_check_fail_abort
+endif
+endif
+
+# If LTO flags are filtered out, we must also filter out CFI.
+CC_FLAGS_LTO	+= $(CC_FLAGS_CFI)
+KBUILD_CFLAGS	+= $(CC_FLAGS_CFI)
+export CC_FLAGS_CFI
+endif
+
 ifdef CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_32B
 KBUILD_CFLAGS += -falign-functions=32
 endif
commit	2c351bb70ac5e5212f247a495199042a95b43e38	[log] [tgz]
author	Sami Tolvanen <samitolvanen@google.com>	Thu Apr 25 16:09:05 2019 -0700
committer	Alistair Delva <adelva@google.com>	Thu Jan 14 16:28:57 2021 +0000
tree	980633883b6cd4dfa1c90ccaafe296d59ca36275
parent	3d04fb2c95c39bc96b17c1122990eec77807e5e7 [diff] [blame]