projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: f022814 3986f65)
Merge tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
authorLinus Torvalds <torvalds@linux-foundation.org>
Sun, 27 Mar 2022 17:17:23 +0000 (10:17 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sun, 27 Mar 2022 17:17:23 +0000 (10:17 -0700)
Pull x86 CET-IBT (Control-Flow-Integrity) support from Peter Zijlstra:
 "Add support for Intel CET-IBT, available since Tigerlake (11th gen),
  which is a coarse grained, hardware based, forward edge
  Control-Flow-Integrity mechanism where any indirect CALL/JMP must
  target an ENDBR instruction or suffer #CP.

  Additionally, since Alderlake (12th gen)/Sapphire-Rapids, speculation
  is limited to 2 instructions (and typically fewer) on branch targets
  not starting with ENDBR. CET-IBT also limits speculation of the next
  sequential instruction after the indirect CALL/JMP [1].

  CET-IBT is fundamentally incompatible with retpolines, but provides,
  as described above, speculation limits itself"

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html

* tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (53 commits)
  kvm/emulate: Fix SETcc emulation for ENDBR
  x86/Kconfig: Only allow CONFIG_X86_KERNEL_IBT with ld.lld >= 14.0.0
  x86/Kconfig: Only enable CONFIG_CC_HAS_IBT for clang >= 14.0.0
  kbuild: Fixup the IBT kbuild changes
  x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
  x86: Remove toolchain check for X32 ABI capability
  x86/alternative: Use .ibt_endbr_seal to seal indirect calls
  objtool: Find unused ENDBR instructions
  objtool: Validate IBT assumptions
  objtool: Add IBT/ENDBR decoding
  objtool: Read the NOENDBR annotation
  x86: Annotate idtentry_df()
  x86,objtool: Move the ASM_REACHABLE annotation to objtool.h
  x86: Annotate call_on_stack()
  objtool: Rework ASM_REACHABLE
  x86: Mark __invalid_creds() __noreturn
  exit: Mark do_group_exit() __noreturn
  x86: Mark stop_this_cpu() __noreturn
  objtool: Ignore extra-symbol code
  objtool: Rename --duplicate to --lto
  ...

17 files changed:
1  2 
arch/powerpc/include/asm/livepatch.h patch | diff1 | diff2 | blob | history
arch/x86/Kconfig patch | diff1 | diff2 | blob | history
arch/x86/include/asm/cpufeatures.h patch | diff1 | diff2 | blob | history
arch/x86/include/asm/msr-index.h patch | diff1 | diff2 | blob | history
arch/x86/include/asm/paravirt_types.h patch | diff1 | diff2 | blob | history
arch/x86/include/asm/text-patching.h patch | diff1 | diff2 | blob | history
arch/x86/kernel/alternative.c patch | diff1 | diff2 | blob | history
arch/x86/kernel/module.c patch | diff1 | diff2 | blob | history
arch/x86/kvm/emulate.c patch | diff1 | diff2 | blob | history
arch/x86/net/bpf_jit_comp.c patch | diff1 | diff2 | blob | history
include/asm-generic/vmlinux.lds.h patch | diff1 | diff2 | blob | history
include/linux/kprobes.h patch | diff1 | diff2 | blob | history
kernel/bpf/trampoline.c patch | diff1 | diff2 | blob | history
kernel/exit.c patch | diff1 | diff2 | blob | history
kernel/trace/ftrace.c patch | diff1 | diff2 | blob | history
scripts/Makefile.lib patch | diff1 | diff2 | blob | history
scripts/mod/modpost.c patch | diff1 | diff2 | blob | history

diff --cc arch/powerpc/include/asm/livepatch.h
index 6f10de6,7b9dcd5..fd65931
--- 1/arch/powerpc/include/asm/livepatch.h
--- 2/arch/powerpc/include/asm/livepatch.h
+++ b/arch/powerpc/include/asm/livepatch.h
@@@ -14,21 -14,11 +14,10 @@@
  #ifdef CONFIG_LIVEPATCH
  static inline void klp_arch_set_pc(struct ftrace_regs *fregs, unsigned long ip)
  {
 -      struct pt_regs *regs = ftrace_get_regs(fregs);
 -
 -      regs_set_return_ip(regs, ip);
 +      ftrace_instruction_pointer_set(fregs, ip);
  }
  
- #define klp_get_ftrace_location klp_get_ftrace_location
- static inline unsigned long klp_get_ftrace_location(unsigned long faddr)
- {
-       /*
-        * Live patch works on PPC32 and only with -mprofile-kernel on PPC64. In
-        * both cases, the ftrace location is always within the first 16 bytes.
-        */
-       return ftrace_location_range(faddr, faddr + 16);
- }
- #endif /* CONFIG_LIVEPATCH */
 +#ifdef CONFIG_LIVEPATCH_64
  static inline void klp_init_thread_info(struct task_struct *p)
  {
        /* + 1 to account for STACK_END_MAGIC */
diff --cc arch/x86/Kconfig
Simple merge
diff --cc arch/x86/include/asm/cpufeatures.h
Simple merge
diff --cc arch/x86/include/asm/msr-index.h
Simple merge
diff --cc arch/x86/include/asm/paravirt_types.h
Simple merge
diff --cc arch/x86/include/asm/text-patching.h
Simple merge
diff --cc arch/x86/kernel/alternative.c
Simple merge
diff --cc arch/x86/kernel/module.c
Simple merge
diff --cc arch/x86/kvm/emulate.c
Simple merge
diff --cc arch/x86/net/bpf_jit_comp.c
index 6efbb87,b592ea0..8fe35ed
--- 1/arch/x86/net/bpf_jit_comp.c
--- 2/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@@ -380,7 -395,14 +391,14 @@@ int bpf_arch_text_poke(void *ip, enum b
                /* BPF poking in modules is not supported */
                return -EINVAL;
  
 -      return __bpf_arch_text_poke(ip, t, old_addr, new_addr, true);
+       /*
+        * See emit_prologue(), for IBT builds the trampoline hook is preceded
+        * with an ENDBR instruction.
+        */
+       if (is_endbr(*(u32 *)ip))
+               ip += ENDBR_INSN_SIZE;
 +      return __bpf_arch_text_poke(ip, t, old_addr, new_addr);
  }
  
  #define EMIT_LFENCE() EMIT3(0x0F, 0xAE, 0xE8)
diff --cc include/asm-generic/vmlinux.lds.h
Simple merge
diff --cc include/linux/kprobes.h
Simple merge
diff --cc kernel/bpf/trampoline.c
Simple merge
diff --cc kernel/exit.c
Simple merge
diff --cc kernel/trace/ftrace.c
Simple merge
diff --cc scripts/Makefile.lib
Simple merge
diff --cc scripts/mod/modpost.c
Simple merge
Domain: System / Kernel;