From patchwork Thu Apr 1 22:13:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179737 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 586F4C43461 for ; Thu, 1 Apr 2021 22:14:24 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id CE3936023B for ; Thu, 1 Apr 2021 22:14:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CE3936023B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 0BB7D6B0113; Thu, 1 Apr 2021 18:14:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 044E66B0115; Thu, 1 Apr 2021 18:14:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB43B6B0116; Thu, 1 Apr 2021 18:14:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0229.hostedemail.com [216.40.44.229]) by kanga.kvack.org (Postfix) with ESMTP id B3A856B0113 for ; Thu, 1 Apr 2021 18:14:22 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 7949DEFFF for ; Thu, 1 Apr 2021 22:14:22 +0000 (UTC) X-FDA: 77985202764.30.4A3207C Received: from smtprelay.hostedemail.com (smtprelay0233.hostedemail.com [216.40.44.233]) by imf02.hostedemail.com (Postfix) with ESMTP id 8021240002D0 for ; Thu, 1 Apr 2021 22:14:19 +0000 (UTC) Received: from forelay.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay08.hostedemail.com (Postfix) with ESMTP id CC49F182CED2A for ; Thu, 1 Apr 2021 22:14:21 +0000 (UTC) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id B8276182D93F0 for ; Thu, 1 Apr 2021 22:14:21 +0000 (UTC) X-FDA: 77985202722.10.EB14A74 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf15.hostedemail.com (Postfix) with ESMTP id 9D43CA00039B for ; Thu, 1 Apr 2021 22:14:20 +0000 (UTC) IronPort-SDR: B43BV+I24TiEXgswgiTpKslN6x7OGZowmutUCxcKeC1wPIF51mSUSwMGJR+6ozb3Qbi7CjhsQX UPEIOniu1hAg== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="256322555" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="256322555" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:20 -0700 IronPort-SDR: fBqciuBv6IEHIthWZevJwFpjfSmCaNlYpPcIQ+q6x+IUnG5kSdWCt/MYAzm1gqXz7NPf7GtX5X r7JQGbzrRXGA== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700319" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:18 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v24 1/9] x86/cet/ibt: Add Kconfig option for Indirect Branch Tracking Date: Thu, 1 Apr 2021 15:13:55 -0700 Message-Id: <20210401221403.32253-2-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf15; identity=mailfrom; envelope-from=""; helo=mga07.intel.com; client-ip=134.134.136.100 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315260-146270 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 8021240002D0 X-Stat-Signature: mporr6bd7kb471sgnhzmxeh9kijm3pqu Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf02; identity=mailfrom; envelope-from=""; helo=smtprelay.hostedemail.com; client-ip=216.40.44.233 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315259-578566 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Indirect Branch Tracking (IBT) provides protection against CALL-/JMP- oriented programming attacks. It is active when the kernel has this feature enabled, and the processor and the application support it. When this feature is enabled, legacy non-IBT applications continue to work, but without IBT protection. Signed-off-by: Yu-cheng Yu Cc: Kees Cook --- arch/x86/Kconfig | 20 ++++++++++++++++++++ arch/x86/include/asm/disabled-features.h | 8 +++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index a69e351e7386..a58c5230e957 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1969,6 +1969,26 @@ config X86_SHADOW_STACK If unsure, say N. +config X86_IBT + prompt "Intel Indirect Branch Tracking" + def_bool n + depends on X86_64 + depends on $(cc-option,-fcf-protection) + select X86_CET + help + Indirect Branch Tracking (IBT) provides protection against + CALL-/JMP-oriented programming attacks. It is active when + the kernel has this feature enabled, and the processor and + the application support it. When this feature is enabled, + legacy non-IBT applications continue to work, but without + IBT protection. + Support for this feature is present on Tiger Lake family of + processors released in 2020 or later. Enabling this feature + increases kernel text size by 3.7 KB. + See Documentation/x86/intel_cet.rst for more information. + + If unsure, say N. + config EFI bool "EFI runtime service support" depends on ACPI diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 018cd7acd3e9..9b826b9dd83d 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -74,6 +74,12 @@ #define DISABLE_SHSTK (1 << (X86_FEATURE_SHSTK & 31)) #endif +#ifdef CONFIG_X86_IBT +#define DISABLE_IBT 0 +#else +#define DISABLE_IBT (1 << (X86_FEATURE_IBT & 31)) +#endif + #ifdef CONFIG_X86_CET #define DISABLE_CET 0 #else @@ -103,7 +109,7 @@ #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57|DISABLE_UMIP| \ DISABLE_ENQCMD|DISABLE_SHSTK) #define DISABLED_MASK17 0 -#define DISABLED_MASK18 0 +#define DISABLED_MASK18 (DISABLE_IBT) #define DISABLED_MASK19 0 #define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 20) From patchwork Thu Apr 1 22:13:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179743 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3626CC43460 for ; Thu, 1 Apr 2021 22:14:29 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BC56B6023B for ; Thu, 1 Apr 2021 22:14:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BC56B6023B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 37A4D6B0119; Thu, 1 Apr 2021 18:14:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 269C46B011B; Thu, 1 Apr 2021 18:14:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 093FE6B011C; Thu, 1 Apr 2021 18:14:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0054.hostedemail.com [216.40.44.54]) by kanga.kvack.org (Postfix) with ESMTP id CF3EA6B0119 for ; Thu, 1 Apr 2021 18:14:25 -0400 (EDT) Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 24B0D182D10B6 for ; Thu, 1 Apr 2021 22:14:24 +0000 (UTC) X-FDA: 77985202848.03.96F5C43 Received: from smtprelay.hostedemail.com (smtprelay0129.hostedemail.com [216.40.44.129]) by imf14.hostedemail.com (Postfix) with ESMTP id C221BC0007C1 for ; Thu, 1 Apr 2021 22:14:21 +0000 (UTC) Received: from forelay.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay05.hostedemail.com (Postfix) with ESMTP id 722D9182D10B6 for ; Thu, 1 Apr 2021 22:14:23 +0000 (UTC) Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 5A3828248047 for ; Thu, 1 Apr 2021 22:14:23 +0000 (UTC) X-FDA: 77985202806.04.B6AC33C Received: from smtprelay.hostedemail.com (smtprelay0141.hostedemail.com [216.40.44.141]) by imf12.hostedemail.com (Postfix) with ESMTP id E37C9EB for ; Thu, 1 Apr 2021 22:14:21 +0000 (UTC) Received: from forelay.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay01.hostedemail.com (Postfix) with ESMTP id A1A9E100E7B42 for ; Thu, 1 Apr 2021 22:14:22 +0000 (UTC) Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 86409180AB5C0 for ; Thu, 1 Apr 2021 22:14:22 +0000 (UTC) X-FDA: 77985202764.04.BCE942D Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf05.hostedemail.com (Postfix) with ESMTP id 6A40BE000102 for ; Thu, 1 Apr 2021 22:14:21 +0000 (UTC) IronPort-SDR: gDy+y8imtyWnxVPNmFdCYwAIYpPLCpPCGSwi4HZ1tmtIvS1XGI/sZUK0INoq6zrqgq9Kk2qVmP jGbDZ13stZsw== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="256322558" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="256322558" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:20 -0700 IronPort-SDR: 4L3RNjy02GcIcNYyHEnLDRALuW28qKzsBGIbyP+a+XRG2s5WVY5i92In3mCkVWRDVePDt0sUHA eiI1yzXykUmQ== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700326" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:20 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v24 2/9] x86/cet/ibt: Add user-mode Indirect Branch Tracking support Date: Thu, 1 Apr 2021 15:13:56 -0700 Message-Id: <20210401221403.32253-3-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf05; identity=mailfrom; envelope-from=""; helo=mga07.intel.com; client-ip=134.134.136.100 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315261-485863 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf12; identity=mailfrom; envelope-from=""; helo=smtprelay.hostedemail.com; client-ip=216.40.44.141 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315261-602061 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: C221BC0007C1 X-Stat-Signature: bf38nm94m4gbfgi3eypxct7d18635tzy Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf14; identity=mailfrom; envelope-from=""; helo=smtprelay.hostedemail.com; client-ip=216.40.44.129 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315261-27755 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Introduce user-mode Indirect Branch Tracking (IBT) support. Add routines for the setup/disable of IBT. Signed-off-by: Yu-cheng Yu Cc: Kees Cook --- v24: - Move IBT routines to a separate ibt.c, update related areas accordingly. arch/x86/include/asm/cet.h | 9 ++++++ arch/x86/kernel/Makefile | 1 + arch/x86/kernel/ibt.c | 57 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 arch/x86/kernel/ibt.c diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h index 26124820d46f..b3df306699b4 100644 --- a/arch/x86/include/asm/cet.h +++ b/arch/x86/include/asm/cet.h @@ -15,6 +15,7 @@ struct cet_status { unsigned long shstk_base; unsigned long shstk_size; unsigned int locked:1; + unsigned int ibt_enabled:1; }; #ifdef CONFIG_X86_SHADOW_STACK @@ -41,6 +42,14 @@ static inline int shstk_check_rstor_token(bool ia32, unsigned long token_addr, unsigned long *new_ssp) { return 0; } #endif +#ifdef CONFIG_X86_IBT +int ibt_setup(void); +void ibt_disable(void); +#else +static inline int ibt_setup(void) { return 0; } +static inline void ibt_disable(void) {} +#endif + #ifdef CONFIG_X86_CET int prctl_cet(int option, u64 arg2); #else diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 868cb3aac618..9653e422d0f3 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -152,6 +152,7 @@ obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += sev-es.o obj-$(CONFIG_X86_SHADOW_STACK) += shstk.o obj-$(CONFIG_X86_CET) += cet_prctl.o +obj-$(CONFIG_X86_IBT) += ibt.o ### # 64 bit specific files diff --git a/arch/x86/kernel/ibt.c b/arch/x86/kernel/ibt.c new file mode 100644 index 000000000000..d2cef1a0345b --- /dev/null +++ b/arch/x86/kernel/ibt.c @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * ibt.c - Intel Indirect Branch Tracking support + * + * Copyright (c) 2021, Intel Corporation. + * Yu-cheng Yu + */ + +#include +#include +#include +#include +#include +#include + +static void start_update_msrs(void) +{ + fpregs_lock(); + if (test_thread_flag(TIF_NEED_FPU_LOAD)) + __fpregs_load_activate(); +} + +static void end_update_msrs(void) +{ + fpregs_unlock(); +} + +int ibt_setup(void) +{ + u64 msr_val; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return -EOPNOTSUPP; + + start_update_msrs(); + rdmsrl(MSR_IA32_U_CET, msr_val); + msr_val |= (CET_ENDBR_EN | CET_NO_TRACK_EN); + wrmsrl(MSR_IA32_U_CET, msr_val); + end_update_msrs(); + current->thread.cet.ibt_enabled = 1; + return 0; +} + +void ibt_disable(void) +{ + u64 msr_val; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return; + + start_update_msrs(); + rdmsrl(MSR_IA32_U_CET, msr_val); + msr_val &= ~CET_ENDBR_EN; + wrmsrl(MSR_IA32_U_CET, msr_val); + end_update_msrs(); + current->thread.cet.ibt_enabled = 0; +} From patchwork Thu Apr 1 22:13:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179739 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6099BC43470 for ; Thu, 1 Apr 2021 22:14:25 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id F26C76023B for ; Thu, 1 Apr 2021 22:14:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F26C76023B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 774306B0115; Thu, 1 Apr 2021 18:14:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6D7B56B0117; Thu, 1 Apr 2021 18:14:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 527896B0118; Thu, 1 Apr 2021 18:14:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0142.hostedemail.com [216.40.44.142]) by kanga.kvack.org (Postfix) with ESMTP id 2ED286B0115 for ; Thu, 1 Apr 2021 18:14:24 -0400 (EDT) Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 8EF1EF03C for ; Thu, 1 Apr 2021 22:14:22 +0000 (UTC) X-FDA: 77985202764.03.ACD610C Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf15.hostedemail.com (Postfix) with ESMTP id 8111FA00039C for ; Thu, 1 Apr 2021 22:14:21 +0000 (UTC) IronPort-SDR: R+NKyzLFkzjKrcuPW1AD+9FL8HEy9Q/4eP2y0Fz1gJHYccgLQSH991ZY0sPbcPsIkQN5VkHv7x XDZ/KKPDi/zQ== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="256322564" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="256322564" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:21 -0700 IronPort-SDR: 7atfJo7+ybHJIawrPasNPqL1tsPBYkSVsVYulWtdvTLKsDQXL0qwpGh70BGDvYih2E+b6Se2m4 ARnXJqX9iTgA== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700333" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:20 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v24 3/9] x86/cet/ibt: Handle signals for Indirect Branch Tracking Date: Thu, 1 Apr 2021 15:13:57 -0700 Message-Id: <20210401221403.32253-4-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 8111FA00039C X-Stat-Signature: knfjxwxa61zeip7h7pntip8r8zseh1fn X-Rspamd-Server: rspam02 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf15; identity=mailfrom; envelope-from=""; helo=mga07.intel.com; client-ip=134.134.136.100 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315261-698293 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When an indirect CALL/JMP instruction is executed and before it reaches the target, it is in 'WAIT_ENDBR' status, which can be read from MSR_IA32_U_CET. The status is part of a task's status before a signal is raised and preserved in the signal frame. It is restored for sigreturn. IBT state machine is described in Intel SDM Vol. 1, Sec. 18.3. Signed-off-by: Yu-cheng Yu Cc: Kees Cook --- v24: - Update for changes from splitting shadow stack and ibt. arch/x86/kernel/fpu/signal.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 2e56f2fe8be0..1f54c18607c9 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -71,16 +71,32 @@ int save_extra_state_to_sigframe(int ia32, void __user *fp, unsigned long restor return err; ext.ssp = token_addr; + } + if (new_ssp || cet->ibt_enabled) { fpregs_lock(); if (test_thread_flag(TIF_NEED_FPU_LOAD)) __fpregs_load_activate(); + if (new_ssp) wrmsrl(MSR_IA32_PL3_SSP, new_ssp); + + if (cet->ibt_enabled) { + u64 r; + + rdmsrl(MSR_IA32_U_CET, r); + + if (r & CET_WAIT_ENDBR) { + ext.wait_endbr = 1; + r &= ~CET_WAIT_ENDBR; + wrmsrl(MSR_IA32_U_CET, r); + } + } + fpregs_unlock(); } - if (ext.ssp) { + if (ext.ssp || cet->ibt_enabled) { void __user *p = fp; ext.total_size = sizeof(ext); @@ -110,7 +126,8 @@ static int get_extra_state_from_sigframe(int ia32, void __user *fp, struct sc_ex if (!cpu_feature_enabled(X86_FEATURE_CET)) return 0; - if (!cet->shstk_size) + if (!cet->shstk_size && + !cet->ibt_enabled) return 0; memset(ext, 0, sizeof(*ext)); @@ -162,6 +179,13 @@ void restore_extra_state(struct sc_ext *sc_ext) msr_val |= CET_SHSTK_EN; } + if (cet->ibt_enabled) { + msr_val |= (CET_ENDBR_EN | CET_NO_TRACK_EN); + + if (sc_ext->wait_endbr) + msr_val |= CET_WAIT_ENDBR; + } + if (test_thread_flag(TIF_NEED_FPU_LOAD)) cet_user_state->user_cet = msr_val; else @@ -626,7 +650,7 @@ static unsigned long fpu__alloc_sigcontext_ext(unsigned long sp) * sigcontext_ext is at: fpu + fpu_user_xstate_size + * FP_XSTATE_MAGIC2_SIZE, then aligned to 8. */ - if (cet->shstk_size) + if (cet->shstk_size || cet->ibt_enabled) sp -= (sizeof(struct sc_ext) + 8); #endif return sp; From patchwork Thu Apr 1 22:13:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179745 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B7D2C433ED for ; Thu, 1 Apr 2021 22:14:31 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0F74A6023B for ; Thu, 1 Apr 2021 22:14:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0F74A6023B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id BDEF36B011B; Thu, 1 Apr 2021 18:14:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B8FB26B011D; Thu, 1 Apr 2021 18:14:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 993356B011E; Thu, 1 Apr 2021 18:14:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0018.hostedemail.com [216.40.44.18]) by kanga.kvack.org (Postfix) with ESMTP id 77FEB6B011B for ; Thu, 1 Apr 2021 18:14:29 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 3D109183044F2 for ; Thu, 1 Apr 2021 22:14:29 +0000 (UTC) X-FDA: 77985203058.18.0EEA13C Received: from smtprelay.hostedemail.com (smtprelay0086.hostedemail.com [216.40.44.86]) by imf11.hostedemail.com (Postfix) with ESMTP id 499992000255 for ; Thu, 1 Apr 2021 22:14:27 +0000 (UTC) Received: from forelay.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay04.hostedemail.com (Postfix) with ESMTP id 8104A1819BB50 for ; Thu, 1 Apr 2021 22:14:28 +0000 (UTC) Received: from smtpin09.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 6C5D68248047 for ; Thu, 1 Apr 2021 22:14:24 +0000 (UTC) X-FDA: 77985202848.09.6A18443 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf18.hostedemail.com (Postfix) with ESMTP id DFB1A200025C for ; Thu, 1 Apr 2021 22:14:22 +0000 (UTC) IronPort-SDR: a4uqc10tKeOfCb9fZVVxiPKnALOn+m0UiUWkrdldRCfGCzg6vN7NQpUSngt02bvZ9XFaYF17Xz B0HO9taykvnw== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="256322569" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="256322569" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:22 -0700 IronPort-SDR: xcmeGt37H4cpNRDB6a2sjlBNYQAaHOLxcYFzO/QRT/++/0LOSmpIM7YWct2CmELezS9Ne/2WFN hvZlbhF+7LPg== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700339" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:21 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v24 4/9] x86/cet/ibt: Update ELF header parsing for Indirect Branch Tracking Date: Thu, 1 Apr 2021 15:13:58 -0700 Message-Id: <20210401221403.32253-5-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf18; identity=mailfrom; envelope-from=""; helo=mga07.intel.com; client-ip=134.134.136.100 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315262-768978 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 499992000255 X-Stat-Signature: pooctxniem9qmtf883mooobnpmnzheub Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf11; identity=mailfrom; envelope-from=""; helo=smtprelay.hostedemail.com; client-ip=216.40.44.86 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315267-703722 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: An ELF file's .note.gnu.property indicates features the file supports. The property is parsed at loading time and passed to arch_setup_elf_ property(). Update it for Indirect Branch Tracking. Signed-off-by: Yu-cheng Yu Cc: Kees Cook --- v24: - Update for changes introduced from splitting shadow stack and ibt. arch/x86/Kconfig | 2 ++ arch/x86/kernel/process_64.c | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index a58c5230e957..5496a1b79318 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1975,6 +1975,8 @@ config X86_IBT depends on X86_64 depends on $(cc-option,-fcf-protection) select X86_CET + select ARCH_USE_GNU_PROPERTY + select ARCH_BINFMT_ELF_STATE help Indirect Branch Tracking (IBT) provides protection against CALL-/JMP-oriented programming attacks. It is active when diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 892d8e742e3b..8137e8af4503 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -864,6 +864,14 @@ int arch_setup_elf_property(struct arch_elf_state *state) r = shstk_setup(); } + if (r < 0) + return r; + + if (cpu_feature_enabled(X86_FEATURE_IBT)) { + if (state->gnu_property & GNU_PROPERTY_X86_FEATURE_1_IBT) + r = ibt_setup(); + } + return r; } #endif From patchwork Thu Apr 1 22:13:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179747 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AFD2C433ED for ; Thu, 1 Apr 2021 22:14:33 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C255A60724 for ; Thu, 1 Apr 2021 22:14:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C255A60724 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 3588C6B011D; Thu, 1 Apr 2021 18:14:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 26E146B011F; Thu, 1 Apr 2021 18:14:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 01FFB6B0120; Thu, 1 Apr 2021 18:14:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0076.hostedemail.com [216.40.44.76]) by kanga.kvack.org (Postfix) with ESMTP id C7B906B011D for ; Thu, 1 Apr 2021 18:14:30 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 50B99EFFF for ; Thu, 1 Apr 2021 22:14:29 +0000 (UTC) X-FDA: 77985203058.02.7931FDC Received: from smtprelay.hostedemail.com (smtprelay0229.hostedemail.com [216.40.44.229]) by imf10.hostedemail.com (Postfix) with ESMTP id A2C3F40002C2 for ; Thu, 1 Apr 2021 22:14:27 +0000 (UTC) Received: from forelay.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay02.hostedemail.com (Postfix) with ESMTP id 6553FF02F for ; Thu, 1 Apr 2021 22:14:28 +0000 (UTC) Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 4BDE41832884C for ; Thu, 1 Apr 2021 22:14:24 +0000 (UTC) X-FDA: 77985202848.21.45EC9FC Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf14.hostedemail.com (Postfix) with ESMTP id BFA0BC0001FA for ; Thu, 1 Apr 2021 22:14:21 +0000 (UTC) IronPort-SDR: uMUBnpmKLPAeak07hKMp/ItKjxXi9NiZjTud8TkRrbY/5JSFeV4LPTaSJ9jWQxE48S7XkIyNVQ HXy9m0dMVhwA== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="256322574" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="256322574" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:22 -0700 IronPort-SDR: LifuTxKaBv1L2f+5d2yrq0QuNEtEJoPxnih+pxcKNyEmbo47tK0KEKM1hFgeQAhbXfD48RSyuY vOZvm0dJaD9A== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700345" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:22 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v24 5/9] x86/cet/ibt: Update arch_prctl functions for Indirect Branch Tracking Date: Thu, 1 Apr 2021 15:13:59 -0700 Message-Id: <20210401221403.32253-6-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf14; identity=mailfrom; envelope-from=""; helo=mga07.intel.com; client-ip=134.134.136.100 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315261-185029 X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: A2C3F40002C2 X-Stat-Signature: tbsasuxwfekxd9sposi75b1r4qh9qgdf Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf10; identity=mailfrom; envelope-from=""; helo=smtprelay.hostedemail.com; client-ip=216.40.44.229 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315267-898229 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "H.J. Lu" Update ARCH_X86_CET_STATUS and ARCH_X86_CET_DISABLE for Indirect Branch Tracking. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu Reviewed-by: Kees Cook --- v24: - Update for function name changes introduced from splitting shadow stack and ibt. arch/x86/kernel/cet_prctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c index 5f0054177d2a..ae31741d829a 100644 --- a/arch/x86/kernel/cet_prctl.c +++ b/arch/x86/kernel/cet_prctl.c @@ -22,6 +22,9 @@ static int cet_copy_status_to_user(struct cet_status *cet, u64 __user *ubuf) buf[2] = cet->shstk_size; } + if (cet->ibt_enabled) + buf[0] |= GNU_PROPERTY_X86_FEATURE_1_IBT; + return copy_to_user(ubuf, buf, sizeof(buf)); } @@ -46,6 +49,8 @@ int prctl_cet(int option, u64 arg2) return -EINVAL; if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK) shstk_disable(); + if (arg2 & GNU_PROPERTY_X86_FEATURE_1_IBT) + ibt_disable(); return 0; case ARCH_X86_CET_LOCK: From patchwork Thu Apr 1 22:14:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179741 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6543AC43600 for ; Thu, 1 Apr 2021 22:14:27 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0CCE26023B for ; Thu, 1 Apr 2021 22:14:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0CCE26023B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 664706B0117; Thu, 1 Apr 2021 18:14:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 59D3F6B0119; Thu, 1 Apr 2021 18:14:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 331886B011A; Thu, 1 Apr 2021 18:14:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0079.hostedemail.com [216.40.44.79]) by kanga.kvack.org (Postfix) with ESMTP id 0D0D96B0117 for ; Thu, 1 Apr 2021 18:14:25 -0400 (EDT) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 7ADBDF02F for ; Thu, 1 Apr 2021 22:14:24 +0000 (UTC) X-FDA: 77985202848.06.AD250FF Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf22.hostedemail.com (Postfix) with ESMTP id 4E68BC0007C8 for ; Thu, 1 Apr 2021 22:14:23 +0000 (UTC) IronPort-SDR: ikgvgfwxArG/++8GZcBg/yOVVorqoo3sgJ8YZ6/AVLWJ9/ayow8r6jfx+EDVmxxJqXG92IuzkP 9LtP1E3enL/w== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="256322579" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="256322579" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:23 -0700 IronPort-SDR: FVEvP7O8v7jgazFK+X5qaGUySQuE+kEBfNFD48AT3iJZZH+3O92cgLAND5nzyTLc3oVWN7k999 NaZdCYrFEbsw== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700348" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:22 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v24 6/9] x86/vdso: Insert endbr32/endbr64 to vDSO Date: Thu, 1 Apr 2021 15:14:00 -0700 Message-Id: <20210401221403.32253-7-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 4E68BC0007C8 X-Stat-Signature: qiww48jc8u5ocu7uchbzgmzphkz9n6ry Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf22; identity=mailfrom; envelope-from=""; helo=mga07.intel.com; client-ip=134.134.136.100 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315263-786542 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "H.J. Lu" When Indirect Branch Tracking (IBT) is enabled, vDSO functions may be called indirectly, and must have ENDBR32 or ENDBR64 as the first instruction. The compiler must support -fcf-protection=branch so that it can be used to compile vDSO. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Kees Cook --- v24: - Replace CONFIG_X86_CET with CONFIG_X86_IBT to reflect splitting of shadow stack and ibt. arch/x86/entry/vdso/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 05c4abc2fdfd..a773a5f03b63 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -93,6 +93,10 @@ endif $(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +ifdef CONFIG_X86_IBT +$(vobjs) $(vobjs32): KBUILD_CFLAGS += -fcf-protection=branch +endif + # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. # From patchwork Thu Apr 1 22:14:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE8AFC43462 for ; Thu, 1 Apr 2021 22:14:34 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 8DD9C6023B for ; Thu, 1 Apr 2021 22:14:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8DD9C6023B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 54E8C6B0121; Thu, 1 Apr 2021 18:14:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4B0BF6B011F; Thu, 1 Apr 2021 18:14:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 229616B011F; Thu, 1 Apr 2021 18:14:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0177.hostedemail.com [216.40.44.177]) by kanga.kvack.org (Postfix) with ESMTP id E472D6B011F for ; Thu, 1 Apr 2021 18:14:31 -0400 (EDT) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id AAB2DF034 for ; Thu, 1 Apr 2021 22:14:31 +0000 (UTC) X-FDA: 77985203142.05.B0874D8 Received: from smtprelay.hostedemail.com (smtprelay0121.hostedemail.com [216.40.44.121]) by imf20.hostedemail.com (Postfix) with ESMTP id 856A3132 for ; Thu, 1 Apr 2021 22:14:30 +0000 (UTC) Received: from forelay.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay02.hostedemail.com (Postfix) with ESMTP id 0AF7CEFFF for ; Thu, 1 Apr 2021 22:14:31 +0000 (UTC) Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id E6D98F03C for ; Thu, 1 Apr 2021 22:14:30 +0000 (UTC) X-FDA: 77985203100.29.C3F7851 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by imf07.hostedemail.com (Postfix) with ESMTP id 1DE43A000394 for ; Thu, 1 Apr 2021 22:14:29 +0000 (UTC) IronPort-SDR: NI4sTqpiZW+k2HZrKl3assFaz9sNl7kOhQZFARFQ1CjS0yzCHfmsNg3sStbLWY6q41IMnI6Igw pzgLdyFNc2Tw== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="192372120" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="192372120" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:29 -0700 IronPort-SDR: uUvZ559LvnbZb72AI8yapz1/IojTv+Q7saMhNrUEgXHYcM0A1aAwAxmJvb2YoHrhzkdwfhyYem 9ioDIcKIY90Q== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700358" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:23 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu , Jarkko Sakkinen Subject: [PATCH v24 7/9] x86/vdso: Introduce ENDBR macro Date: Thu, 1 Apr 2021 15:14:01 -0700 Message-Id: <20210401221403.32253-8-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf07; identity=mailfrom; envelope-from=""; helo=mga03.intel.com; client-ip=134.134.136.65 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315269-819911 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 856A3132 X-Stat-Signature: mub7c7um5gq5hbq9wqwpham5w5hqxhy5 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf20; identity=mailfrom; envelope-from=""; helo=smtprelay.hostedemail.com; client-ip=216.40.44.121 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315270-823354 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) component of CET. IBT prevents attacks by ensuring that (most) indirect branches and function calls may only land at ENDBR instructions. Branches that don't follow the rules will result in control flow (#CF) exceptions. ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR instructions are inserted automatically by the compiler, but branch targets written in assembly must have ENDBR added manually. There are two ENDBR versions: endbr64 and endbr32. The compilers (gcc and clang) have _CET_ENDBR defined for the proper one. Introduce ENDBR macro, which equals the compiler macro when enabled, otherwise nothing. Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Jarkko Sakkinen Cc: Peter Zijlstra --- arch/x86/entry/vdso/Makefile | 1 + arch/x86/include/asm/vdso.h | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index a773a5f03b63..be2ce5c8cb42 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -95,6 +95,7 @@ $(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $( ifdef CONFIG_X86_IBT $(vobjs) $(vobjs32): KBUILD_CFLAGS += -fcf-protection=branch +$(vobjs) $(vobjs32): KBUILD_AFLAGS += -fcf-protection=branch endif # diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h index 98aa103eb4ab..0128486ba09f 100644 --- a/arch/x86/include/asm/vdso.h +++ b/arch/x86/include/asm/vdso.h @@ -52,6 +52,23 @@ extern int map_vdso_once(const struct vdso_image *image, unsigned long addr); extern bool fixup_vdso_exception(struct pt_regs *regs, int trapnr, unsigned long error_code, unsigned long fault_addr); -#endif /* __ASSEMBLER__ */ +#else /* __ASSEMBLER__ */ + +/* + * ENDBR is an instruction for the Indirect Branch Tracking (IBT) component + * of CET. IBT prevents attacks by ensuring that (most) indirect branches + * function calls may only land at ENDBR instructions. Branches that don't + * follow the rules will result in control flow (#CF) exceptions. + * ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR + * instructions are inserted automatically by the compiler, but branch + * targets written in assembly must have ENDBR added manually. + */ +#ifdef __CET__ +#include +#define ENDBR _CET_ENDBR +#else +#define ENDBR +#endif +#endif /* __ASSEMBLER__ */ #endif /* _ASM_X86_VDSO_H */ From patchwork Thu Apr 1 22:14:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179751 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D536C43461 for ; Thu, 1 Apr 2021 22:14:37 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id A894361105 for ; Thu, 1 Apr 2021 22:14:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A894361105 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 99A6F6B011F; Thu, 1 Apr 2021 18:14:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 722F86B0123; Thu, 1 Apr 2021 18:14:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 43BBE6B0124; Thu, 1 Apr 2021 18:14:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0050.hostedemail.com [216.40.44.50]) by kanga.kvack.org (Postfix) with ESMTP id 171506B0121 for ; Thu, 1 Apr 2021 18:14:32 -0400 (EDT) Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id D10828248047 for ; Thu, 1 Apr 2021 22:14:31 +0000 (UTC) X-FDA: 77985203142.24.5785C7E Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by imf07.hostedemail.com (Postfix) with ESMTP id E5436A00038A for ; Thu, 1 Apr 2021 22:14:30 +0000 (UTC) IronPort-SDR: Q/Cg4CRsEr1A+IyOh2caKf+DP/F79RAQ0KN5dRVwrmgDuJ+du0IZgYCI6xbENI+u85yWkP2B2U vckaTKViFmRQ== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="192372122" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="192372122" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:29 -0700 IronPort-SDR: EfFYxmM0btWvPE7M4m9lxafXNEuJwU60qUB73YgMo04Iq28pYo+nQ4DfKzZEaFz/pdcJYC2O8U ltnfRXVZd3yQ== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700365" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:26 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu Subject: [PATCH v24 8/9] x86/vdso/32: Add ENDBR to __kernel_vsyscall entry point Date: Thu, 1 Apr 2021 15:14:02 -0700 Message-Id: <20210401221403.32253-9-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: E5436A00038A X-Stat-Signature: e5xmmggwuw43tzo63rxi7ai7g3iebr59 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf07; identity=mailfrom; envelope-from=""; helo=mga03.intel.com; client-ip=134.134.136.65 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315270-985650 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "H.J. Lu" ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) component of CET. IBT prevents attacks by ensuring that (most) indirect branches and function calls may only land at ENDBR instructions. Branches that don't follow the rules will result in control flow (#CF) exceptions. ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR instructions are inserted automatically by the compiler, but branch targets written in assembly must have ENDBR added manually. Add that to __kernel_vsyscall entry point. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Kees Cook --- arch/x86/entry/vdso/vdso32/system_call.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/entry/vdso/vdso32/system_call.S b/arch/x86/entry/vdso/vdso32/system_call.S index de1fff7188aa..c962e7e4f7e3 100644 --- a/arch/x86/entry/vdso/vdso32/system_call.S +++ b/arch/x86/entry/vdso/vdso32/system_call.S @@ -7,6 +7,7 @@ #include #include #include +#include .text .globl __kernel_vsyscall @@ -14,6 +15,7 @@ ALIGN __kernel_vsyscall: CFI_STARTPROC + ENDBR /* * Reshuffle regs so that all of any of the entry instructions * will preserve enough state. From patchwork Thu Apr 1 22:14:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12179753 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C5B8C433ED for ; Thu, 1 Apr 2021 22:14:39 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 70FB3610F9 for ; Thu, 1 Apr 2021 22:14:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 70FB3610F9 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 6DB026B0123; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C2FE6B0125; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3EFA66B0126; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0103.hostedemail.com [216.40.44.103]) by kanga.kvack.org (Postfix) with ESMTP id 0DDAE6B0123 for ; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) Received: from smtpin31.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 84C5EF029 for ; Thu, 1 Apr 2021 22:14:32 +0000 (UTC) X-FDA: 77985203184.31.DA36166 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by imf26.hostedemail.com (Postfix) with ESMTP id C569540002D0 for ; Thu, 1 Apr 2021 22:14:30 +0000 (UTC) IronPort-SDR: dhIY1yRalucDStjFIyJc1deq5/oTSj2cFJMgdki9RvZiTrLUGYfWrw25XDMRTgSFkxNBrzoaA6 CZ3EqDRrmZhw== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="192372125" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="192372125" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:29 -0700 IronPort-SDR: 4UZdjzxA+n9288G5UQT4CLuxI057gYd9lwhM+eVMUBVgkVYelhKG0aXgVHfl+NVtS1TJyk6T+C Nn7+Hf1MLtKg== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700370" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:26 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu , Jarkko Sakkinen Subject: [PATCH v24 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave Date: Thu, 1 Apr 2021 15:14:03 -0700 Message-Id: <20210401221403.32253-10-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: C569540002D0 X-Stat-Signature: o48p378xgo4443fxi9x84jp35qtat331 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf26; identity=mailfrom; envelope-from=""; helo=mga03.intel.com; client-ip=134.134.136.65 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315270-111452 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) component of CET. IBT prevents attacks by ensuring that (most) indirect branches and function calls may only land at ENDBR instructions. Branches that don't follow the rules will result in control flow (#CF) exceptions. ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR instructions are inserted automatically by the compiler, but branch targets written in assembly must have ENDBR added manually. Add ENDBR to __vdso_sgx_enter_enclave() branch targets. Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Jarkko Sakkinen Cc: Peter Zijlstra Acked-by: Jarkko Sakkinen --- arch/x86/entry/vdso/vsgx.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/entry/vdso/vsgx.S b/arch/x86/entry/vdso/vsgx.S index 86a0e94f68df..c63eafa54abd 100644 --- a/arch/x86/entry/vdso/vsgx.S +++ b/arch/x86/entry/vdso/vsgx.S @@ -4,6 +4,7 @@ #include #include #include +#include #include "extable.h" @@ -27,6 +28,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) /* Prolog */ .cfi_startproc + ENDBR push %rbp .cfi_adjust_cfa_offset 8 .cfi_rel_offset %rbp, 0 @@ -62,6 +64,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) .Lasync_exit_pointer: .Lenclu_eenter_eresume: enclu + ENDBR /* EEXIT jumps here unless the enclave is doing something fancy. */ mov SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx @@ -91,6 +94,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) jmp .Lout .Lhandle_exception: + ENDBR mov SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx /* Set the exception info. */