From patchwork Wed Jul 19 22:47:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 122916 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2771659vqt; Wed, 19 Jul 2023 16:28:23 -0700 (PDT) X-Google-Smtp-Source: APBJJlEe2Ke86YRe+bYt3Iq8TjxYqz18NXJXtePm2juZFHzdiTweRk0Su0m8PIEbWFZE4W6OsNKl X-Received: by 2002:a05:6a21:6d92:b0:134:e14c:851b with SMTP id wl18-20020a056a216d9200b00134e14c851bmr4503858pzb.23.1689809303254; Wed, 19 Jul 2023 16:28:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689809303; cv=none; d=google.com; s=arc-20160816; b=KfiDvlkPnrg5zamrCwa0oS7mR6F0I3BOAuSPqNxwT2AsfNc03VIhzaPlk+IqxBUArl EQsSzSKA54Yp2Q2Jg2s6FFLz2lrY7JLl/itju+VETJhyRgi6fGgPPIfSm1Gt8+laNfST IHohhLVi2rVzb8vLIWe4sMVzzsHh+A1sw4Yp3cyqO18i7CVk3yaa2l+MbrS3CIov8SA/ Xes8soH8AnYGljvnw3pMkiZWLX6mLctWsOk1eoXVLTeb47bXwo42PeObflxKkrzMEBVz MieNZ0Ko7YSQGTfXABTZhKART7DJ+iyvnH2uYd+tmcDHyzBFJgmP6CyeZ9OVs+BdlCq9 Nxlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=X21oR3yx5vjsn3hK7ydmleLGo5jUYPZI+AyJ+/pV4H0=; fh=TP5hGXUss9NVznuLhHn29IY8s2b42GYJvI6UwvTtDG8=; b=UWaA0DI7q5Y2n1HuuzVfpxdGEtEwbDL1PIo/LL8esttQXo4+KX7sjmCLZDPsexB0aL mDo1+AWWs3CxEyeapd7pWZOyqChwjzBUwpBJWZIe8x4MjKYhgotMEy+F2mSe2m0K2keY +8sytgAHNt1KGDCCY36JcUTTtsKoIp28y6YOibdJ1pJR6P8ac06hn1tHP39EgNqE+/Z6 JQu+SL4ejPsg3GU8t5Fi+ZDMj3aGKBoj7qtq57Aj7o8ennypglkx0PjNaj67jMawOsPi dgHh7wWIoRTWb4kpIViL25owH1rE+NGFAKSnmdc8RZTs1m8w+e7V+hsJvrjSn4/bHtVX Dkiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Yz4cnKwq; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 21-20020a170902c21500b001b811b9d416si4319490pll.578.2023.07.19.16.28.10; Wed, 19 Jul 2023 16:28:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Yz4cnKwq; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230486AbjGSWuN (ORCPT + 99 others); Wed, 19 Jul 2023 18:50:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231355AbjGSWsC (ORCPT ); Wed, 19 Jul 2023 18:48:02 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9741270E; Wed, 19 Jul 2023 15:47:43 -0700 (PDT) Date: Wed, 19 Jul 2023 22:47:41 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1689806861; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X21oR3yx5vjsn3hK7ydmleLGo5jUYPZI+AyJ+/pV4H0=; b=Yz4cnKwquuXIRTAvlv9/KLS/Y7AlwEXT9NAR2WVtfjtnN8riMN+sZh8bVcn9TOVkSKePPi 6I3cCVaPJLqwqIyQw6CFvDPbnU2zkI8zpSIz0w9fsCTTTDl23JuRSexgU/zCEf0APLxNmg wYZ5FCeGOiU1B9P5vfsHeERohi4YiELpPNxf6ruC/oMGKKPwKD7XG4Q9SaCD5cAg1S1sm1 ucg3lkOlAD3YHUmSxFvsBWPNT1LkF14MZ/kTvgnRtCwZYppVaRJzAlOVWxip3EcypMNSLN 7A0p7x24SZh+POybXv5reWNRzEQesRUWSFGk3vztEqxXPNnYoTLOp2jU8lgaHw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1689806861; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X21oR3yx5vjsn3hK7ydmleLGo5jUYPZI+AyJ+/pV4H0=; b=JEylgxJhPQur2RHXls4VoMexNfD4ZMyWH9B4jH7SyjT9/MMQ4cUySzoMRyS7M8JWrtT1qV NRxjhOOr7KC9XgBg== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/traps: Move control protection handler to separate file Cc: Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <168980686123.28540.7605094244307909213.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771893480160539830 X-GMAIL-MSGID: 1771893480160539830 The following commit has been merged into the x86/shstk branch of tip: Commit-ID: 2da5b91fe4092aab9d92138c78b68e9856b078d0 Gitweb: https://git.kernel.org/tip/2da5b91fe4092aab9d92138c78b68e9856b078d0 Author: Rick Edgecombe AuthorDate: Mon, 12 Jun 2023 17:10:33 -07:00 Committer: Rick Edgecombe CommitterDate: Tue, 11 Jul 2023 14:12:18 -07:00 x86/traps: Move control protection handler to separate file Today the control protection handler is defined in traps.c and used only for the kernel IBT feature. To reduce ifdeffery, move it to it's own file. In future patches, functionality will be added to make this handler also handle user shadow stack faults. So name the file cet.c. No functional change. Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230613001108.3040476-8-rick.p.edgecombe%40intel.com --- arch/x86/kernel/Makefile | 2 +- arch/x86/kernel/cet.c | 76 +++++++++++++++++++++++++++++++++++++++- arch/x86/kernel/traps.c | 75 +-------------------------------------- 3 files changed, 78 insertions(+), 75 deletions(-) create mode 100644 arch/x86/kernel/cet.c diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 4070a01..abee056 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -145,6 +145,8 @@ obj-$(CONFIG_CFI_CLANG) += cfi.o obj-$(CONFIG_CALL_THUNKS) += callthunks.o +obj-$(CONFIG_X86_CET) += cet.o + ### # 64 bit specific files ifeq ($(CONFIG_X86_64),y) diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c new file mode 100644 index 0000000..7ad22b7 --- /dev/null +++ b/arch/x86/kernel/cet.c @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include + +static __ro_after_init bool ibt_fatal = true; + +extern void ibt_selftest_ip(void); /* code label defined in asm below */ + +enum cp_error_code { + CP_EC = (1 << 15) - 1, + + CP_RET = 1, + CP_IRET = 2, + CP_ENDBR = 3, + CP_RSTRORSSP = 4, + CP_SETSSBSY = 5, + + CP_ENCL = 1 << 15, +}; + +DEFINE_IDTENTRY_ERRORCODE(exc_control_protection) +{ + if (!cpu_feature_enabled(X86_FEATURE_IBT)) { + pr_err("Unexpected #CP\n"); + BUG(); + } + + if (WARN_ON_ONCE(user_mode(regs) || (error_code & CP_EC) != CP_ENDBR)) + return; + + if (unlikely(regs->ip == (unsigned long)&ibt_selftest_ip)) { + regs->ax = 0; + return; + } + + pr_err("Missing ENDBR: %pS\n", (void *)instruction_pointer(regs)); + if (!ibt_fatal) { + printk(KERN_DEFAULT CUT_HERE); + __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); + return; + } + BUG(); +} + +/* Must be noinline to ensure uniqueness of ibt_selftest_ip. */ +noinline bool ibt_selftest(void) +{ + unsigned long ret; + + asm (" lea ibt_selftest_ip(%%rip), %%rax\n\t" + ANNOTATE_RETPOLINE_SAFE + " jmp *%%rax\n\t" + "ibt_selftest_ip:\n\t" + UNWIND_HINT_FUNC + ANNOTATE_NOENDBR + " nop\n\t" + + : "=a" (ret) : : "memory"); + + return !ret; +} + +static int __init ibt_setup(char *str) +{ + if (!strcmp(str, "off")) + setup_clear_cpu_cap(X86_FEATURE_IBT); + + if (!strcmp(str, "warn")) + ibt_fatal = false; + + return 1; +} + +__setup("ibt=", ibt_setup); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 58b1f20..6f666df 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -213,81 +213,6 @@ DEFINE_IDTENTRY(exc_overflow) do_error_trap(regs, 0, "overflow", X86_TRAP_OF, SIGSEGV, 0, NULL); } -#ifdef CONFIG_X86_KERNEL_IBT - -static __ro_after_init bool ibt_fatal = true; - -extern void ibt_selftest_ip(void); /* code label defined in asm below */ - -enum cp_error_code { - CP_EC = (1 << 15) - 1, - - CP_RET = 1, - CP_IRET = 2, - CP_ENDBR = 3, - CP_RSTRORSSP = 4, - CP_SETSSBSY = 5, - - CP_ENCL = 1 << 15, -}; - -DEFINE_IDTENTRY_ERRORCODE(exc_control_protection) -{ - if (!cpu_feature_enabled(X86_FEATURE_IBT)) { - pr_err("Unexpected #CP\n"); - BUG(); - } - - if (WARN_ON_ONCE(user_mode(regs) || (error_code & CP_EC) != CP_ENDBR)) - return; - - if (unlikely(regs->ip == (unsigned long)&ibt_selftest_ip)) { - regs->ax = 0; - return; - } - - pr_err("Missing ENDBR: %pS\n", (void *)instruction_pointer(regs)); - if (!ibt_fatal) { - printk(KERN_DEFAULT CUT_HERE); - __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); - return; - } - BUG(); -} - -/* Must be noinline to ensure uniqueness of ibt_selftest_ip. */ -noinline bool ibt_selftest(void) -{ - unsigned long ret; - - asm (" lea ibt_selftest_ip(%%rip), %%rax\n\t" - ANNOTATE_RETPOLINE_SAFE - " jmp *%%rax\n\t" - "ibt_selftest_ip:\n\t" - UNWIND_HINT_FUNC - ANNOTATE_NOENDBR - " nop\n\t" - - : "=a" (ret) : : "memory"); - - return !ret; -} - -static int __init ibt_setup(char *str) -{ - if (!strcmp(str, "off")) - setup_clear_cpu_cap(X86_FEATURE_IBT); - - if (!strcmp(str, "warn")) - ibt_fatal = false; - - return 1; -} - -__setup("ibt=", ibt_setup); - -#endif /* CONFIG_X86_KERNEL_IBT */ - #ifdef CONFIG_X86_F00F_BUG void handle_invalid_op(struct pt_regs *regs) #else