From patchwork Tue Mar 16 15:13:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142439 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E266BC2BA82 for ; Tue, 16 Mar 2021 15:13:31 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 581EA650AE for ; Tue, 16 Mar 2021 15:13:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 581EA650AE Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id EDC7B8D0009; Tue, 16 Mar 2021 11:13:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EB41B8D0002; Tue, 16 Mar 2021 11:13:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D2D898D0009; Tue, 16 Mar 2021 11:13:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0004.hostedemail.com [216.40.44.4]) by kanga.kvack.org (Postfix) with ESMTP id B77E48D0002 for ; Tue, 16 Mar 2021 11:13:30 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 72736824999B for ; Tue, 16 Mar 2021 15:13:30 +0000 (UTC) X-FDA: 77926081380.17.096C060 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf21.hostedemail.com (Postfix) with ESMTP id 2D786E005F3B for ; Tue, 16 Mar 2021 15:13:28 +0000 (UTC) IronPort-SDR: N3ryy3LUiJ4B2dQmGbjdbI5x4k8GIMheEqu5NWDP3vB/9P1uOs4XbIeFwLEPLOYJmP9pXfcMN+ 3EfeqXvT+bAA== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213103" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213103" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:26 -0700 IronPort-SDR: uMY687gh99pXLo1Mj6EVVgzk43L0VwcgKUJ5TPuqIglPMML/cAUIRf6pVMlQZgoJBr+VqDdBVv X3GUfHsh65fg== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449748970" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:26 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v23 1/9] x86/cet/ibt: Update Kconfig for user-mode Indirect Branch Tracking Date: Tue, 16 Mar 2021 08:13:11 -0700 Message-Id: <20210316151320.6123-2-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: yx9rah8udxa7zta846gno1jdg7ngcm53 X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 2D786E005F3B Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf21; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907608-806836 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Indirect branch tracking is a hardware security feature that verifies near indirect call/jump instructions arrive at intended targets, which are labeled by the compiler with ENDBR opcodes. If such instructions reach unlabeled locations, the processor raises control-protection faults. Check the compiler is up-to-date at config time. Signed-off-by: Yu-cheng Yu Reviewed-by: Kees Cook --- arch/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 2c93178262f5..96000ed48469 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1953,6 +1953,7 @@ config X86_CET def_bool n depends on AS_WRUSS depends on ARCH_HAS_SHADOW_STACK + depends on $(cc-option,-fcf-protection) select ARCH_USES_HIGH_VMA_FLAGS select ARCH_MAYBE_MKWRITE select ARCH_USE_GNU_PROPERTY From patchwork Tue Mar 16 15:13:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142447 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 990CAC2BB1F for ; Tue, 16 Mar 2021 15:13:33 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0F44B650D9 for ; Tue, 16 Mar 2021 15:13:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0F44B650D9 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 93A358D000A; Tue, 16 Mar 2021 11:13:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 824688D0002; Tue, 16 Mar 2021 11:13:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6C5EC8D000A; Tue, 16 Mar 2021 11:13:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0100.hostedemail.com [216.40.44.100]) by kanga.kvack.org (Postfix) with ESMTP id 49C918D0002 for ; Tue, 16 Mar 2021 11:13:32 -0400 (EDT) Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id F1421180226E4 for ; Tue, 16 Mar 2021 15:13:31 +0000 (UTC) X-FDA: 77926081422.12.2950951 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf19.hostedemail.com (Postfix) with ESMTP id D433A90009F8 for ; Tue, 16 Mar 2021 15:13:30 +0000 (UTC) IronPort-SDR: eTtpK+SMwB6sue8g2aDjMue9cxsvthIt/d4lWluMfcYPI39gxmb5wM2pN2/azTugzJZgsP6Blz r30Cko8lnbTA== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213110" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213110" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:27 -0700 IronPort-SDR: 9kDor0KI39wVbwc1M4d/GTKqqxvKHqvwFZRq7n10mYohkQzX4SjBOyfrPojjE4KGifrb+ZGwlk Jk2koIlodcgw== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449748977" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:26 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v23 2/9] x86/cet/ibt: User-mode Indirect Branch Tracking support Date: Tue, 16 Mar 2021 08:13:12 -0700 Message-Id: <20210316151320.6123-3-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: xjsziecb8gtk169ar4omdmub1at1g9po X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: D433A90009F8 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf19; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907610-465264 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Introduce user-mode Indirect Branch Tracking (IBT) support. Add routines for the setup/disable of IBT. Signed-off-by: Yu-cheng Yu Reviewed-by: Kees Cook --- arch/x86/include/asm/cet.h | 3 +++ arch/x86/kernel/cet.c | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h index c2437378f339..c20c2f671145 100644 --- a/arch/x86/include/asm/cet.h +++ b/arch/x86/include/asm/cet.h @@ -15,6 +15,7 @@ struct cet_status { unsigned long shstk_base; unsigned long shstk_size; unsigned int locked:1; + unsigned int ibt_enabled:1; }; #ifdef CONFIG_X86_CET @@ -27,6 +28,8 @@ void cet_free_shstk(struct task_struct *p); int cet_verify_rstor_token(bool ia32, unsigned long ssp, unsigned long *new_ssp); void cet_restore_signal(struct sc_ext *sc); int cet_setup_signal(bool ia32, unsigned long rstor, struct sc_ext *sc); +int cet_setup_ibt(void); +void cet_disable_ibt(void); #else static inline int prctl_cet(int option, u64 arg2) { return -EINVAL; } static inline int cet_setup_thread_shstk(struct task_struct *p, diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c index 12738cdfb5f2..3361706ba950 100644 --- a/arch/x86/kernel/cet.c +++ b/arch/x86/kernel/cet.c @@ -13,6 +13,8 @@ #include #include #include +#include +#include #include #include #include @@ -346,3 +348,34 @@ int cet_setup_signal(bool ia32, unsigned long rstor_addr, struct sc_ext *sc_ext) return 0; } + +int cet_setup_ibt(void) +{ + u64 msr_val; + + if (!static_cpu_has(X86_FEATURE_IBT)) + return -EOPNOTSUPP; + + start_update_msrs(); + rdmsrl(MSR_IA32_U_CET, msr_val); + msr_val |= (CET_ENDBR_EN | CET_NO_TRACK_EN); + wrmsrl(MSR_IA32_U_CET, msr_val); + end_update_msrs(); + current->thread.cet.ibt_enabled = 1; + return 0; +} + +void cet_disable_ibt(void) +{ + u64 msr_val; + + if (!static_cpu_has(X86_FEATURE_IBT)) + return; + + start_update_msrs(); + rdmsrl(MSR_IA32_U_CET, msr_val); + msr_val &= ~CET_ENDBR_EN; + wrmsrl(MSR_IA32_U_CET, msr_val); + end_update_msrs(); + current->thread.cet.ibt_enabled = 0; +} From patchwork Tue Mar 16 15:13:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142423 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56591C2BB4C for ; Tue, 16 Mar 2021 15:13:36 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id CF798650B1 for ; Tue, 16 Mar 2021 15:13:35 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CF798650B1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 6ED0E8D000B; Tue, 16 Mar 2021 11:13:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 69D5B8D0002; Tue, 16 Mar 2021 11:13:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 53E508D000B; Tue, 16 Mar 2021 11:13:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0008.hostedemail.com [216.40.44.8]) by kanga.kvack.org (Postfix) with ESMTP id 334368D0002 for ; Tue, 16 Mar 2021 11:13:35 -0400 (EDT) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id E122B1801D304 for ; Tue, 16 Mar 2021 15:13:34 +0000 (UTC) X-FDA: 77926081548.25.8538636 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf21.hostedemail.com (Postfix) with ESMTP id 92609E005F1F for ; Tue, 16 Mar 2021 15:13:30 +0000 (UTC) IronPort-SDR: B/SPow6n63q+SrrDTfClQu/QYGvidGIIUyFeOWZrQGPHfs9qwLQbIUVnWJsss9p3lPr07K225Y /kcN83CdTFlw== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213117" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213117" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:28 -0700 IronPort-SDR: +H1wZ8FltEIiGz1j4CNBJ9kEmdSVW9b8OoHvKqpQu7ZtE9/oV6+dkw606AXNdQjxhe4nsFEYLW YVLOwMA0NJIQ== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449748983" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:27 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v23 3/9] x86/cet/ibt: Handle signals for Indirect Branch Tracking Date: Tue, 16 Mar 2021 08:13:13 -0700 Message-Id: <20210316151320.6123-4-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: y6cje6wqnpas4xqjqbnfemy4f7314isr X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 92609E005F1F Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf21; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907610-190630 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When an indirect CALL/JMP instruction is executed and before it reaches the target, it is in 'WAIT_ENDBR' status, which can be read from MSR_IA32_U_CET. The status is part of a task's status before a signal is raised and preserved in the signal frame. It is restored for sigreturn. IBT state machine is described in Intel SDM Vol. 1, Sec. 18.3. Signed-off-by: Yu-cheng Yu Reviewed-by: Kees Cook --- arch/x86/kernel/cet.c | 26 ++++++++++++++++++++++++-- arch/x86/kernel/fpu/signal.c | 8 +++++--- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c index 3361706ba950..34a26eb7f259 100644 --- a/arch/x86/kernel/cet.c +++ b/arch/x86/kernel/cet.c @@ -300,6 +300,13 @@ void cet_restore_signal(struct sc_ext *sc_ext) msr_val |= CET_SHSTK_EN; } + if (cet->ibt_enabled) { + msr_val |= (CET_ENDBR_EN | CET_NO_TRACK_EN); + + if (sc_ext->wait_endbr) + msr_val |= CET_WAIT_ENDBR; + } + if (test_thread_flag(TIF_NEED_FPU_LOAD)) cet_user_state->user_cet = msr_val; else @@ -340,9 +347,24 @@ int cet_setup_signal(bool ia32, unsigned long rstor_addr, struct sc_ext *sc_ext) sc_ext->ssp = new_ssp; } - if (ssp) { + if (ssp || cet->ibt_enabled) { start_update_msrs(); - wrmsrl(MSR_IA32_PL3_SSP, ssp); + + if (ssp) + wrmsrl(MSR_IA32_PL3_SSP, ssp); + + if (cet->ibt_enabled) { + u64 r; + + rdmsrl(MSR_IA32_U_CET, r); + + if (r & CET_WAIT_ENDBR) { + sc_ext->wait_endbr = 1; + r &= ~CET_WAIT_ENDBR; + wrmsrl(MSR_IA32_U_CET, r); + } + } + end_update_msrs(); } diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 270e4649f435..b914d74c8ba6 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -57,7 +57,8 @@ int save_cet_to_sigframe(int ia32, void __user *fp, unsigned long restorer) { int err = 0; - if (!current->thread.cet.shstk_size) + if (!current->thread.cet.shstk_size && + !current->thread.cet.ibt_enabled) return 0; if (fp) { @@ -89,7 +90,8 @@ static int get_cet_from_sigframe(int ia32, void __user *fp, struct sc_ext *ext) memset(ext, 0, sizeof(*ext)); - if (!current->thread.cet.shstk_size) + if (!current->thread.cet.shstk_size && + !current->thread.cet.ibt_enabled) return 0; if (fp) { @@ -577,7 +579,7 @@ static unsigned long fpu__alloc_sigcontext_ext(unsigned long sp) * sigcontext_ext is at: fpu + fpu_user_xstate_size + * FP_XSTATE_MAGIC2_SIZE, then aligned to 8. */ - if (cet->shstk_size) + if (cet->shstk_size || cet->ibt_enabled) sp -= (sizeof(struct sc_ext) + 8); return sp; From patchwork Tue Mar 16 15:13:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142445 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6EFD5C433E6 for ; Tue, 16 Mar 2021 15:13:41 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 17FDE650B1 for ; Tue, 16 Mar 2021 15:13:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 17FDE650B1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id D2F9D8D000D; Tue, 16 Mar 2021 11:13:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CDF678D000E; Tue, 16 Mar 2021 11:13:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B80F48D000D; Tue, 16 Mar 2021 11:13:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0093.hostedemail.com [216.40.44.93]) by kanga.kvack.org (Postfix) with ESMTP id 9335F8D0002 for ; Tue, 16 Mar 2021 11:13:39 -0400 (EDT) Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id D01013ABC for ; Tue, 16 Mar 2021 15:13:36 +0000 (UTC) X-FDA: 77926081674.24.3BD6FE0 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf19.hostedemail.com (Postfix) with ESMTP id 23AF590009EF for ; Tue, 16 Mar 2021 15:13:31 +0000 (UTC) IronPort-SDR: ulUUwVOJK14ZqVjHPo33gcp0CZVz3wdDgwFBlqSmRLaFOgkLXTQs9IeIuu6EbJ0r0tSB4iv8s7 wYFEDS97nEog== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213122" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213122" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:29 -0700 IronPort-SDR: 8n/K6qndfmpzOS2rbaobdhZlkA/nM0/tV3a3VKvhGc/MkATFURCloTHVWZFrrtMead7wDTeU4D pTYAO1jApIIA== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449748989" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:28 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v23 4/9] x86/cet/ibt: Update ELF header parsing for Indirect Branch Tracking Date: Tue, 16 Mar 2021 08:13:14 -0700 Message-Id: <20210316151320.6123-5-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: 94tbzhfaq5i4qpuoxg7kgtu5s8mhhfb8 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 23AF590009EF Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf19; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907611-414825 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: An ELF file's .note.gnu.property indicates features the file supports. The property is parsed at loading time and passed to arch_setup_elf_ property(). Update it for Indirect Branch Tracking. Signed-off-by: Yu-cheng Yu Reviewed-by: Kees Cook --- arch/x86/kernel/process_64.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index cda830b0f7ee..11497689a841 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -864,6 +864,14 @@ int arch_setup_elf_property(struct arch_elf_state *state) r = cet_setup_shstk(); } + if (r < 0) + return r; + + if (static_cpu_has(X86_FEATURE_IBT)) { + if (state->gnu_property & GNU_PROPERTY_X86_FEATURE_1_IBT) + r = cet_setup_ibt(); + } + return r; } #endif From patchwork Tue Mar 16 15:13:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142443 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 475C9C2BB55 for ; Tue, 16 Mar 2021 15:13:47 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id DB0CB650B1 for ; Tue, 16 Mar 2021 15:13:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DB0CB650B1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 0121B8D000F; Tue, 16 Mar 2021 11:13:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F01388D0002; Tue, 16 Mar 2021 11:13:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D7B748D000F; Tue, 16 Mar 2021 11:13:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0074.hostedemail.com [216.40.44.74]) by kanga.kvack.org (Postfix) with ESMTP id B63A08D0002 for ; Tue, 16 Mar 2021 11:13:41 -0400 (EDT) Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 645626D8B for ; Tue, 16 Mar 2021 15:13:41 +0000 (UTC) X-FDA: 77926081842.29.7715670 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf21.hostedemail.com (Postfix) with ESMTP id 2C745E0001AC for ; Tue, 16 Mar 2021 15:13:34 +0000 (UTC) IronPort-SDR: KsYiFCGNXpd8cwoSTv1SkC8OMqHEQOVS4sdmVmwOV8RBxVfX7ZnYUfAKENpydPHhaKizqvSDyf SfX5ocJXBelQ== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213132" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213132" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:29 -0700 IronPort-SDR: P16eRxhtJC3tkDD98N2OMboHCYq0E3um85KyfEWr4F2N1LB0zW3rb/s+39WRsOkzHi3ON4CeOt d9id7phAfdHQ== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449748998" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:29 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v23 5/9] x86/cet/ibt: Update arch_prctl functions for Indirect Branch Tracking Date: Tue, 16 Mar 2021 08:13:15 -0700 Message-Id: <20210316151320.6123-6-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: f3ctkx8u534d4ze5pz1knh463ap54pzk X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 2C745E0001AC Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf21; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907614-453327 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "H.J. Lu" Update ARCH_X86_CET_STATUS and ARCH_X86_CET_DISABLE for Indirect Branch Tracking. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu Reviewed-by: Kees Cook --- arch/x86/kernel/cet_prctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c index 0030c63a08c0..4df1eac41965 100644 --- a/arch/x86/kernel/cet_prctl.c +++ b/arch/x86/kernel/cet_prctl.c @@ -22,6 +22,9 @@ static int cet_copy_status_to_user(struct cet_status *cet, u64 __user *ubuf) buf[2] = cet->shstk_size; } + if (cet->ibt_enabled) + buf[0] |= GNU_PROPERTY_X86_FEATURE_1_IBT; + return copy_to_user(ubuf, buf, sizeof(buf)); } @@ -46,6 +49,8 @@ int prctl_cet(int option, u64 arg2) return -EINVAL; if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK) cet_disable_shstk(); + if (arg2 & GNU_PROPERTY_X86_FEATURE_1_IBT) + cet_disable_ibt(); return 0; case ARCH_X86_CET_LOCK: From patchwork Tue Mar 16 15:13:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142437 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1E13C43381 for ; Tue, 16 Mar 2021 15:13:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 698A26508E for ; Tue, 16 Mar 2021 15:13:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 698A26508E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 938758D0010; Tue, 16 Mar 2021 11:13:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 90E7D8D0002; Tue, 16 Mar 2021 11:13:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 762178D0010; Tue, 16 Mar 2021 11:13:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0220.hostedemail.com [216.40.44.220]) by kanga.kvack.org (Postfix) with ESMTP id 4DEDE8D0002 for ; Tue, 16 Mar 2021 11:13:43 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 057421803A166 for ; Tue, 16 Mar 2021 15:13:43 +0000 (UTC) X-FDA: 77926081926.02.BF05872 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf07.hostedemail.com (Postfix) with ESMTP id F3E1CA001ABB for ; Tue, 16 Mar 2021 15:13:35 +0000 (UTC) IronPort-SDR: Va8a9BIz1RA9iQoM2SmM7IQSwfyafP9RZwostw/LAuw7gyr6QcuRic8vzVcIAz4f1Aikg6o4QN L3i4xEjc+IQA== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213136" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213136" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:30 -0700 IronPort-SDR: /RLryx7L59dd3UdJqntuQHMiDOCDuccNgP0d2n9LHTfD/E+xNf6CHs+k8KWgvc8tQfpqTo5rCR UxDz5dg8tdwg== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449749003" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:29 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu , Jarkko Sakkinen Subject: [PATCH v23 6/9] x86/entry: Introduce ENDBR macro Date: Tue, 16 Mar 2021 08:13:16 -0700 Message-Id: <20210316151320.6123-7-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: xs3hn51qmr17xz1fm7n41bnce9mtxphm X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: F3E1CA001ABB Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf07; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907615-453509 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) component of CET. IBT prevents attacks by ensuring that (most) indirect branches and function calls may only land at ENDBR instructions. Branches that don't follow the rules will result in control flow (#CF) exceptions. ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR instructions are inserted automatically by the compiler, but branch targets written in assembly must have ENDBR added manually. There are two ENDBR versions: one for 64-bit and the other for 32. Introduce a macro to eliminate ifdeffery at call sites. Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Jarkko Sakkinen Cc: Peter Zijlstra --- arch/x86/entry/calling.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h index 07a9331d55e7..a63d33f7f069 100644 --- a/arch/x86/entry/calling.h +++ b/arch/x86/entry/calling.h @@ -392,3 +392,21 @@ For 32-bit we have the following conventions - kernel is built with .endm #endif /* CONFIG_SMP */ +/* + * ENDBR is an instruction for the Indirect Branch Tracking (IBT) component + * of CET. IBT prevents attacks by ensuring that (most) indirect branches + * function calls may only land at ENDBR instructions. Branches that don't + * follow the rules will result in control flow (#CF) exceptions. + * ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR + * instructions are inserted automatically by the compiler, but branch + * targets written in assembly must have ENDBR added manually. + */ +.macro ENDBR +#ifdef CONFIG_X86_CET +#ifdef __i386__ + endbr32 +#else + endbr64 +#endif +#endif +.endm From patchwork Tue Mar 16 15:13:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142429 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6AEA8C2BB53 for ; Tue, 16 Mar 2021 15:13:44 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1161F64E98 for ; Tue, 16 Mar 2021 15:13:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1161F64E98 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1BCD88D000E; Tue, 16 Mar 2021 11:13:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 196048D0002; Tue, 16 Mar 2021 11:13:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F02C38D000F; Tue, 16 Mar 2021 11:13:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0112.hostedemail.com [216.40.44.112]) by kanga.kvack.org (Postfix) with ESMTP id C49F08D0002 for ; Tue, 16 Mar 2021 11:13:39 -0400 (EDT) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 3952B75A0 for ; Tue, 16 Mar 2021 15:13:39 +0000 (UTC) X-FDA: 77926081758.25.D323AB1 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf19.hostedemail.com (Postfix) with ESMTP id 4949190009F6 for ; Tue, 16 Mar 2021 15:13:36 +0000 (UTC) IronPort-SDR: beUwAP3rcnXMbH5kgmvapf/9vM/q7RT0naWXPxk7EYoFkB7/g8hF2HNmp4RXKZBPbyU1YtOcDt hxHblEtToVaA== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213143" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213143" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:31 -0700 IronPort-SDR: XMUGFtokid+XPAH9VQHcrNL+ZV5UltfjoavGNjyXATpoL0I04trswapBg305eszfrbRqEB0FEF hjkTLoWaawWw== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449749007" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:30 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v23 7/9] x86/vdso/32: Add ENDBR to __kernel_vsyscall entry point Date: Tue, 16 Mar 2021 08:13:17 -0700 Message-Id: <20210316151320.6123-8-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: 31nbaxgp6ddcr5u5wcdgnwz54n11cnom X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 4949190009F6 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf19; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907616-436447 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "H.J. Lu" ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) component of CET. IBT prevents attacks by ensuring that (most) indirect branches and function calls may only land at ENDBR instructions. Branches that don't follow the rules will result in control flow (#CF) exceptions. ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR instructions are inserted automatically by the compiler, but branch targets written in assembly must have ENDBR added manually. Add that to __kernel_vsyscall entry point. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Kees Cook --- arch/x86/entry/vdso/vdso32/system_call.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/entry/vdso/vdso32/system_call.S b/arch/x86/entry/vdso/vdso32/system_call.S index de1fff7188aa..adbe948c1a81 100644 --- a/arch/x86/entry/vdso/vdso32/system_call.S +++ b/arch/x86/entry/vdso/vdso32/system_call.S @@ -7,6 +7,7 @@ #include #include #include +#include "../../calling.h" .text .globl __kernel_vsyscall @@ -14,6 +15,7 @@ ALIGN __kernel_vsyscall: CFI_STARTPROC + ENDBR /* * Reshuffle regs so that all of any of the entry instructions * will preserve enough state. From patchwork Tue Mar 16 15:13:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142435 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 888A6C4332D for ; Tue, 16 Mar 2021 15:13:54 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2829365095 for ; Tue, 16 Mar 2021 15:13:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2829365095 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id C1D5F8D0008; Tue, 16 Mar 2021 11:13:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BCE8D8D0002; Tue, 16 Mar 2021 11:13:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A46EE8D0008; Tue, 16 Mar 2021 11:13:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0123.hostedemail.com [216.40.44.123]) by kanga.kvack.org (Postfix) with ESMTP id 890D08D0002 for ; Tue, 16 Mar 2021 11:13:45 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 5ACBF824999B for ; Tue, 16 Mar 2021 15:13:44 +0000 (UTC) X-FDA: 77926081968.30.B94EB2F Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf19.hostedemail.com (Postfix) with ESMTP id 72FFF9000738 for ; Tue, 16 Mar 2021 15:13:38 +0000 (UTC) IronPort-SDR: Du2spqh8Xgz51aI5hjfHu/MTxssAZlpRC4gu3lWG3KcW6e3GmIEN0ka6lJ/ouEJooGZJcskO8E hitsqmjWoQTA== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213154" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213154" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:31 -0700 IronPort-SDR: EVggXsuEwaWhosM4/oMU+onDpXH9FGC32isT8ARcWW5qcISJoNY7uuHOg7PDxOhbcZ2Nq+PInJ VS6b1Ox8o61g== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449749010" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:31 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v23 8/9] x86/vdso: Insert endbr32/endbr64 to vDSO Date: Tue, 16 Mar 2021 08:13:18 -0700 Message-Id: <20210316151320.6123-9-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: tirxbyxw8bz86mwag17pkqdeszkzsyzg X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 72FFF9000738 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf19; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907618-432288 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "H.J. Lu" When Indirect Branch Tracking (IBT) is enabled, vDSO functions may be called indirectly, and must have ENDBR32 or ENDBR64 as the first instruction. The compiler must support -fcf-protection=branch so that it can be used to compile vDSO. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu Acked-by: Andy Lutomirski Reviewed-by: Kees Cook --- arch/x86/entry/vdso/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 05c4abc2fdfd..c9eccbc06e8c 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -93,6 +93,10 @@ endif $(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +ifdef CONFIG_X86_CET +$(vobjs) $(vobjs32): KBUILD_CFLAGS += -fcf-protection=branch +endif + # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. # From patchwork Tue Mar 16 15:13:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12142441 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 360B1C4332B for ; Tue, 16 Mar 2021 15:13:52 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id CF1D36508E for ; Tue, 16 Mar 2021 15:13:51 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CF1D36508E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1BFEF8D0011; Tue, 16 Mar 2021 11:13:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 16F028D0002; Tue, 16 Mar 2021 11:13:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F28078D0011; Tue, 16 Mar 2021 11:13:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0145.hostedemail.com [216.40.44.145]) by kanga.kvack.org (Postfix) with ESMTP id D54028D0002 for ; Tue, 16 Mar 2021 11:13:43 -0400 (EDT) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 799A712E7 for ; Tue, 16 Mar 2021 15:13:43 +0000 (UTC) X-FDA: 77926081926.10.E39D4B7 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf21.hostedemail.com (Postfix) with ESMTP id 2337EE005F27 for ; Tue, 16 Mar 2021 15:13:41 +0000 (UTC) IronPort-SDR: /75V3ybllYEB6C5/3uK/U8mGqRaXCLYsq7muEE8j9s4lpfzfw/DReApttc5Lsm7TrT6NT+/XkO TUV5pQ/CYEOA== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="209213159" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="209213159" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:32 -0700 IronPort-SDR: T9KhWEDAq74fmTozthHpnQiG7lBU2imJ+JQKt7d/ROsKfTOXOvmzwXVPP/yB2cpF4lkbLUgp7v tnnU68xSiJFQ== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="449749012" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 08:13:31 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu , Jarkko Sakkinen Subject: [PATCH v23 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave Date: Tue, 16 Mar 2021 08:13:19 -0700 Message-Id: <20210316151320.6123-10-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210316151320.6123-1-yu-cheng.yu@intel.com> References: <20210316151320.6123-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Stat-Signature: joikcpqqe7sbm1yuhkzhdu5qzhdwrikx X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 2337EE005F27 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf21; identity=mailfrom; envelope-from=""; helo=mga01.intel.com; client-ip=192.55.52.88 X-HE-DKIM-Result: none/none X-HE-Tag: 1615907621-665228 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) component of CET. IBT prevents attacks by ensuring that (most) indirect branches and function calls may only land at ENDBR instructions. Branches that don't follow the rules will result in control flow (#CF) exceptions. ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR instructions are inserted automatically by the compiler, but branch targets written in assembly must have ENDBR added manually. Add ENDBR to __vdso_sgx_enter_enclave() branch targets. Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Jarkko Sakkinen Cc: Peter Zijlstra Reviewed-by: Jarkko Sakkinen --- arch/x86/entry/vdso/vsgx.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/entry/vdso/vsgx.S b/arch/x86/entry/vdso/vsgx.S index 86a0e94f68df..1baa9b49053e 100644 --- a/arch/x86/entry/vdso/vsgx.S +++ b/arch/x86/entry/vdso/vsgx.S @@ -6,6 +6,7 @@ #include #include "extable.h" +#include "../calling.h" /* Relative to %rbp. */ #define SGX_ENCLAVE_OFFSET_OF_RUN 16 @@ -27,6 +28,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) /* Prolog */ .cfi_startproc + ENDBR push %rbp .cfi_adjust_cfa_offset 8 .cfi_rel_offset %rbp, 0 @@ -62,6 +64,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) .Lasync_exit_pointer: .Lenclu_eenter_eresume: enclu + ENDBR /* EEXIT jumps here unless the enclave is doing something fancy. */ mov SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx @@ -91,6 +94,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) jmp .Lout .Lhandle_exception: + ENDBR mov SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx /* Set the exception info. */