From 6ae96921a320c1bddbbee05e3abea86943e1d7ed Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Tue, 9 Mar 2021 17:01:12 +0000 Subject: [PATCH] ANDROID: KVM: arm64: Disable CFI only for nVHE hyp object This patch effectively reverts 2df99b639771 ("ANDROID: KVM: arm64: disable CFI for hypervisor code") now that the arm64 KVM hypervisor code builds correctly with LTO enabled, which is also the case upstream. CFI remains disabled, but only for the nVHE hyp object at EL2. Cc: Sami Tolvanen Signed-off-by: Will Deacon Bug: 145210207 Change-Id: I5084f880576dd6a23b8e15eec840f666f36bd2b1 --- arch/arm64/kvm/Makefile | 1 - arch/arm64/kvm/hyp/Makefile | 3 --- arch/arm64/kvm/hyp/nvhe/Makefile | 6 +++--- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile index 31da7a4b6e27..589921392cb1 100644 --- a/arch/arm64/kvm/Makefile +++ b/arch/arm64/kvm/Makefile @@ -4,7 +4,6 @@ # ccflags-y += -I $(srctree)/$(src) -CFLAGS_REMOVE_debug.o += $(CC_FLAGS_CFI) KVM=../../../virt/kvm diff --git a/arch/arm64/kvm/hyp/Makefile b/arch/arm64/kvm/hyp/Makefile index 41d51b0a7e3f..687598e41b21 100644 --- a/arch/arm64/kvm/hyp/Makefile +++ b/arch/arm64/kvm/hyp/Makefile @@ -11,6 +11,3 @@ subdir-ccflags-y := -I$(incdir) \ $(DISABLE_STACKLEAK_PLUGIN) obj-$(CONFIG_KVM) += vhe/ nvhe/ pgtable.o - -# Disable LTO+CFI for the files in this directory -KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO), $(KBUILD_CFLAGS)) diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile index a6707df4f6c0..5d1264914cbb 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -75,9 +75,9 @@ quiet_cmd_hyprel = HYPREL $@ quiet_cmd_hypcopy = HYPCOPY $@ cmd_hypcopy = $(OBJCOPY) --prefix-symbols=__kvm_nvhe_ $< $@ -# Remove ftrace and Shadow Call Stack CFLAGS. -# This is equivalent to the 'notrace' and '__noscs' annotations. -KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) +# Remove ftrace, Shadow Call Stack and CFI CFLAGS. +# This is equivalent to the 'notrace', '__noscs' and '__nocfi' annotations. +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) $(CC_FLAGS_CFI), $(KBUILD_CFLAGS)) # KVM nVHE code is run at a different exception code with a different map, so # compiler instrumentation that inserts callbacks or checks into the code may