[PATCH v3 0/9] CFI for ARM32 using LLVM

[Linus Walleij <linus.walleij@linaro.org>]

This is a first patch set to support CLANG CFI (Control Flow
Integrity) on ARM32.

For information about what CFI is, see:
https://clang.llvm.org/docs/ControlFlowIntegrity.html

For the kernel KCFI flavor, see:
https://lwn.net/Articles/898040/

The base changes required to bring up KCFI on ARM32 was mostly
related to the use of custom vtables in the kernel, combined
with defines to call into these vtable members directly from
sites where they are used.

The approach to all of these vtable+define issues has been
the same: instead of a define, wrap the call in a static inline
function that explicitly calls the vtable member.

The permissive mode handles the new breakpoint type (0x03) that
LLVM CLANG is emitting.

To runtime-test the patches:
- Enable CONFIG_LKDTM
- echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT

The patch set has been booted to userspace on the following
test platforms:

- Arm Versatile (QEMU)
- Arm Versatile Express (QEMU)
- multi_v7 booted on Versatile Express (QEMU)
- Footbridge Netwinder (SA110 ARMv4)
- Ux500 (ARMv7 SMP)

I am not saying there will not be corner cases that we need
to fix in addition to this, but it is enough to get started.
Looking at what was fixed for arm64 I am a bit weary that
e.g. BPF might need something to trampoline properly.

But hopefullt people can get to testing it and help me fix
remaining issues before the final version, or we can fix it
in-tree.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
Changes in v3:
- Use report_cfi_failure() like everyone else in the breakpoint
  handler.
- I think we cannot implement target and type for the report callback
  without operand bundling compiler extensions, so just leaving these as zero.
- Link to v2: https://lore.kernel.org/r/20240307-arm32-cfi-v2-0-cc74ea0306b3@linaro.org

Changes in v2:
- Add the missing ftrace graph tracer stub.
- Enable permissive mode using a breakpoint handler.
- Link to v1: https://lore.kernel.org/r/20240225-arm32-cfi-v1-0-6943306f065b@linaro.org

---
Linus Walleij (9):
      ARM: Support CLANG CFI
      ARM: tlbflush: Make TLB flushes into static inlines
      ARM: bugs: Check in the vtable instead of defined aliases
      ARM: proc: Use inlines instead of defines
      ARM: delay: Turn delay functions into static inlines
      ARM: turn CPU cache flush functions into static inlines
      ARM: page: Turn highpage accesses into static inlines
      ARM: ftrace: Define ftrace_stub_graph
      ARM: KCFI: Allow permissive CFI mode

 arch/arm/Kconfig                     |  1 +
 arch/arm/common/mcpm_entry.c         | 10 ++-----
 arch/arm/include/asm/cacheflush.h    | 45 ++++++++++++++++++++++------
 arch/arm/include/asm/delay.h         | 16 ++++++++--
 arch/arm/include/asm/hw_breakpoint.h |  1 +
 arch/arm/include/asm/page.h          | 36 ++++++++++++++++++-----
 arch/arm/include/asm/proc-fns.h      | 57 +++++++++++++++++++++++++++++-------
 arch/arm/include/asm/tlbflush.h      | 18 ++++++++----
 arch/arm/kernel/bugs.c               |  2 +-
 arch/arm/kernel/entry-ftrace.S       |  4 +++
 arch/arm/kernel/hw_breakpoint.c      | 30 +++++++++++++++++++
 arch/arm/mach-sunxi/mc_smp.c         |  7 +----
 arch/arm/mm/dma.h                    | 28 ++++++++++++++----
 arch/arm/mm/proc-syms.c              |  7 +----
 arch/arm/mm/proc-v7-bugs.c           |  4 +--
 15 files changed, 202 insertions(+), 64 deletions(-)
---
base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d
change-id: 20240115-arm32-cfi-65d60f201108

Best regards,
-- 
Linus Walleij <linus.walleij@linaro.org>