From patchwork Mon Mar 20 16:39:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 72293 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp1325975wrt; Mon, 20 Mar 2023 10:02:18 -0700 (PDT) X-Google-Smtp-Source: AK7set+sxflKQc6G16R24QSWiaiO4lOy9SMwYFy4RHuE06bDLp0U0fQfkNY9rhcujvwB12uKtHWu X-Received: by 2002:a17:902:f545:b0:19c:eb9a:7712 with SMTP id h5-20020a170902f54500b0019ceb9a7712mr22970162plf.1.1679331737866; Mon, 20 Mar 2023 10:02:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679331737; cv=none; d=google.com; s=arc-20160816; b=WvWhA6wo+uiLNZUQH480e648M7xVHYi1O/f+tVq5tl76wIHWpo2vujmoqd559Y848G bIBJZ/3JZ7gQPwU5y3nJRLcjY0/n0TSs6uudVWQbgKOO1FkkXNwZybMcEQ9LszlMqYz7 nqM+ujyJnzu8qOQOA8yMQVSnw/Eev0OnO6bivk68zdryAFHTGTPdcSvZsSZ3eDrIrS29 yKFZL6DBcP9+Zkd8XW9Ci4K+sb5Jc3WSgvC6JGucpc+2Z277wXwdfEiEjWbUZZvqgCbi USS3lK15SReXlZ7W8zyDpUfdP5+rquBHCe0vZJVGL+ofpG12JpBuRXMjdx7dM6tlmzKv D3oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=JuaMGlprU5ha55klIjjd+7lbfYKhYcjfunRgfgyOQk8=; b=PBjoL30xq6n3RdNmAT36SqEw76rFss7yJyOUhta/KhSr8gmdQdtXzIg4xtIbAnZMRb xgwj2X/B+GUxW1QEOiTnw+KqH0QIX7ny+nWKfk2uLtwIVXY1KHl/UJUwo3A/95UJBACo 4C1BIqCtl1NdNKnoWF2h9sgOzQArIeYEI4rndq4btxh+mzXGwWMkytjeE9/Uihf3FLfF 4HvvTmvAsx9veOG6WO2WRqAP82mDoxeZOewXhXng7roauyJYQ9ENdHexN9B9mL8zm7z5 mwUK5QMl8srVaZ9cgq2sSTE4FNA6kG+X3oqS8B/qoFXpUcNEv5wRRoU0lLnH2Q3syHV0 J7uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=mzDNA2wD; dkim=neutral (no key) header.i=@linutronix.de header.b=xvyPs0tF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q12-20020a17090311cc00b0019cec510d4csi12481346plh.444.2023.03.20.10.01.52; Mon, 20 Mar 2023 10:02:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=mzDNA2wD; dkim=neutral (no key) header.i=@linutronix.de header.b=xvyPs0tF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232570AbjCTQug (ORCPT + 99 others); Mon, 20 Mar 2023 12:50:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232830AbjCTQtt (ORCPT ); Mon, 20 Mar 2023 12:49:49 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 833F4BDE4; Mon, 20 Mar 2023 09:42:12 -0700 (PDT) Date: Mon, 20 Mar 2023 16:39:29 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1679330370; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JuaMGlprU5ha55klIjjd+7lbfYKhYcjfunRgfgyOQk8=; b=mzDNA2wDUS2Fm6ccyxvmffUt+lLVQdLCWFSpiJpZb64u+tdlbqpXc89RJZbPaMGNDozA4G V8Nvfbasfm0HB0Srm3AcBVghj+o6jQy6cwsyzvEfc9gQxGSJP7I1vKSiO0yUipTWczHQm5 w1DkaV1uA1ZPOM0xf0kNVFMd0VdNVlZYJL4pIg6cmQ1BMYH9WxfGDxOdokI+/ntwnWRLVX NB4kxoNcHAdbHaED6HboFR9v/tlb9njptpTuuODLDwT4HCrw084Qpig4FBt62nhekExKN/ yYEkMY5la7X+ksZMvjQ9eeEAAT+Y+CWUp/bjOAayFvHSR+p25eDN8/Bc0L7bLA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1679330370; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JuaMGlprU5ha55klIjjd+7lbfYKhYcjfunRgfgyOQk8=; b=xvyPs0tFMcpteK6yMeztixCOACD+bx/QEEp4dGIqSUR4yMQcFnsV3nXZEOOCDYOnTPPkyv fwt1xVfd1eOshnAQ== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/traps: Move control protection handler to separate file Cc: Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <167933036978.5837.12031387744724790018.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760906956091210528?= X-GMAIL-MSGID: =?utf-8?q?1760906956091210528?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: 0a3589d0e0ff7d57b76f49503f1877789641a5f6 Gitweb: https://git.kernel.org/tip/0a3589d0e0ff7d57b76f49503f1877789641a5f6 Author: Rick Edgecombe AuthorDate: Sat, 18 Mar 2023 17:15:02 -07:00 Committer: Dave Hansen CommitterDate: Mon, 20 Mar 2023 09:01:08 -07:00 x86/traps: Move control protection handler to separate file Today the control protection handler is defined in traps.c and used only for the kernel IBT feature. To reduce ifdeffery, move it to it's own file. In future patches, functionality will be added to make this handler also handle user shadow stack faults. So name the file cet.c. No functional change. Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230319001535.23210-8-rick.p.edgecombe%40intel.com --- arch/x86/kernel/Makefile | 2 +- arch/x86/kernel/cet.c | 76 +++++++++++++++++++++++++++++++++++++++- arch/x86/kernel/traps.c | 75 +-------------------------------------- 3 files changed, 78 insertions(+), 75 deletions(-) create mode 100644 arch/x86/kernel/cet.c diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index dd61752..92446f1 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -144,6 +144,8 @@ obj-$(CONFIG_CFI_CLANG) += cfi.o obj-$(CONFIG_CALL_THUNKS) += callthunks.o +obj-$(CONFIG_X86_CET) += cet.o + ### # 64 bit specific files ifeq ($(CONFIG_X86_64),y) diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c new file mode 100644 index 0000000..7ad22b7 --- /dev/null +++ b/arch/x86/kernel/cet.c @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include + +static __ro_after_init bool ibt_fatal = true; + +extern void ibt_selftest_ip(void); /* code label defined in asm below */ + +enum cp_error_code { + CP_EC = (1 << 15) - 1, + + CP_RET = 1, + CP_IRET = 2, + CP_ENDBR = 3, + CP_RSTRORSSP = 4, + CP_SETSSBSY = 5, + + CP_ENCL = 1 << 15, +}; + +DEFINE_IDTENTRY_ERRORCODE(exc_control_protection) +{ + if (!cpu_feature_enabled(X86_FEATURE_IBT)) { + pr_err("Unexpected #CP\n"); + BUG(); + } + + if (WARN_ON_ONCE(user_mode(regs) || (error_code & CP_EC) != CP_ENDBR)) + return; + + if (unlikely(regs->ip == (unsigned long)&ibt_selftest_ip)) { + regs->ax = 0; + return; + } + + pr_err("Missing ENDBR: %pS\n", (void *)instruction_pointer(regs)); + if (!ibt_fatal) { + printk(KERN_DEFAULT CUT_HERE); + __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); + return; + } + BUG(); +} + +/* Must be noinline to ensure uniqueness of ibt_selftest_ip. */ +noinline bool ibt_selftest(void) +{ + unsigned long ret; + + asm (" lea ibt_selftest_ip(%%rip), %%rax\n\t" + ANNOTATE_RETPOLINE_SAFE + " jmp *%%rax\n\t" + "ibt_selftest_ip:\n\t" + UNWIND_HINT_FUNC + ANNOTATE_NOENDBR + " nop\n\t" + + : "=a" (ret) : : "memory"); + + return !ret; +} + +static int __init ibt_setup(char *str) +{ + if (!strcmp(str, "off")) + setup_clear_cpu_cap(X86_FEATURE_IBT); + + if (!strcmp(str, "warn")) + ibt_fatal = false; + + return 1; +} + +__setup("ibt=", ibt_setup); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index d317dc3..cc223e6 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -213,81 +213,6 @@ DEFINE_IDTENTRY(exc_overflow) do_error_trap(regs, 0, "overflow", X86_TRAP_OF, SIGSEGV, 0, NULL); } -#ifdef CONFIG_X86_KERNEL_IBT - -static __ro_after_init bool ibt_fatal = true; - -extern void ibt_selftest_ip(void); /* code label defined in asm below */ - -enum cp_error_code { - CP_EC = (1 << 15) - 1, - - CP_RET = 1, - CP_IRET = 2, - CP_ENDBR = 3, - CP_RSTRORSSP = 4, - CP_SETSSBSY = 5, - - CP_ENCL = 1 << 15, -}; - -DEFINE_IDTENTRY_ERRORCODE(exc_control_protection) -{ - if (!cpu_feature_enabled(X86_FEATURE_IBT)) { - pr_err("Unexpected #CP\n"); - BUG(); - } - - if (WARN_ON_ONCE(user_mode(regs) || (error_code & CP_EC) != CP_ENDBR)) - return; - - if (unlikely(regs->ip == (unsigned long)&ibt_selftest_ip)) { - regs->ax = 0; - return; - } - - pr_err("Missing ENDBR: %pS\n", (void *)instruction_pointer(regs)); - if (!ibt_fatal) { - printk(KERN_DEFAULT CUT_HERE); - __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); - return; - } - BUG(); -} - -/* Must be noinline to ensure uniqueness of ibt_selftest_ip. */ -noinline bool ibt_selftest(void) -{ - unsigned long ret; - - asm (" lea ibt_selftest_ip(%%rip), %%rax\n\t" - ANNOTATE_RETPOLINE_SAFE - " jmp *%%rax\n\t" - "ibt_selftest_ip:\n\t" - UNWIND_HINT_FUNC - ANNOTATE_NOENDBR - " nop\n\t" - - : "=a" (ret) : : "memory"); - - return !ret; -} - -static int __init ibt_setup(char *str) -{ - if (!strcmp(str, "off")) - setup_clear_cpu_cap(X86_FEATURE_IBT); - - if (!strcmp(str, "warn")) - ibt_fatal = false; - - return 1; -} - -__setup("ibt=", ibt_setup); - -#endif /* CONFIG_X86_KERNEL_IBT */ - #ifdef CONFIG_X86_F00F_BUG void handle_invalid_op(struct pt_regs *regs) #else