ANDROID: x86: map CFI jump tables in pti_clone_entry_text

Allow CFI enabled entry code to make indirect calls by also mapping
CFI jump tables, and add a check to ensure the jump table section is
not empty.

Bug: 145210207
Change-Id: I4ad3506f7a365cd068009348d45b54e228e42e33
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

arch/x86/include/asm/sections.h

@@ -8,6 +8,7 @@
 #include <asm/extable.h>
 
 extern char __brk_base[], __brk_limit[];
+extern char __cfi_jt_start[], __cfi_jt_end[];
 extern char __end_rodata_aligned[];
 
 #if defined(CONFIG_X86_64)

arch/x86/kernel/vmlinux.lds.S

@@ -490,3 +490,7 @@ INIT_PER_CPU(irq_stack_backing_store);
            "kexec control code size is too big");
 #endif
 
+#ifdef CONFIG_CFI_CLANG
+. = ASSERT((__cfi_jt_end - __cfi_jt_start > 0),
+	   "CFI jump table is empty");
+#endif

arch/x86/mm/pti.c

@@ -498,6 +498,15 @@ static void pti_clone_entry_text(void)
 	pti_clone_pgtable((unsigned long) __entry_text_start,
 			  (unsigned long) __entry_text_end,
 			  PTI_CLONE_PMD);
+
+	/*
+	 * If CFI is enabled, also map jump tables, so the entry code can
+	 * make indirect calls.
+	 */
+	if (IS_ENABLED(CONFIG_CFI_CLANG))
+		pti_clone_pgtable((unsigned long) __cfi_jt_start,
+				  (unsigned long) __cfi_jt_end,
+				  PTI_CLONE_PMD);
 }
 
 /*