| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | #ifndef _ASM_X86_IBT_H |
| 3 | #define _ASM_X86_IBT_H |
| 4 | |
| 5 | #include <linux/types.h> |
| 6 | |
| 7 | /* |
| 8 | * The rules for enabling IBT are: |
| 9 | * |
| 10 | * - CC_HAS_IBT: the toolchain supports it |
| 11 | * - X86_KERNEL_IBT: it is selected in Kconfig |
| 12 | * - !__DISABLE_EXPORTS: this is regular kernel code |
| 13 | * |
| 14 | * Esp. that latter one is a bit non-obvious, but some code like compressed, |
| 15 | * purgatory, realmode etc.. is built with custom CFLAGS that do not include |
| 16 | * -fcf-protection=branch and things will go *bang*. |
| 17 | * |
| 18 | * When all the above are satisfied, HAS_KERNEL_IBT will be 1, otherwise 0. |
| 19 | */ |
| 20 | #if defined(CONFIG_X86_KERNEL_IBT) && !defined(__DISABLE_EXPORTS) |
| 21 | |
| 22 | #define HAS_KERNEL_IBT 1 |
| 23 | |
| 24 | #ifndef __ASSEMBLER__ |
| 25 | |
| 26 | #ifdef CONFIG_X86_64 |
| 27 | #define ASM_ENDBR "endbr64\n\t" |
| 28 | #else |
| 29 | #define ASM_ENDBR "endbr32\n\t" |
| 30 | #endif |
| 31 | |
| 32 | #define __noendbr __attribute__((nocf_check)) |
| 33 | |
| 34 | /* |
| 35 | * Create a dummy function pointer reference to prevent objtool from marking |
| 36 | * the function as needing to be "sealed" (i.e. ENDBR converted to NOP by |
| 37 | * apply_seal_endbr()). |
| 38 | */ |
| 39 | #define IBT_NOSEAL(fname) \ |
| 40 | ".pushsection .discard.ibt_endbr_noseal\n\t" \ |
| 41 | _ASM_PTR fname "\n\t" \ |
| 42 | ".popsection\n\t" |
| 43 | |
| 44 | static __always_inline __attribute_const__ u32 gen_endbr(void) |
| 45 | { |
| 46 | u32 endbr; |
| 47 | |
| 48 | /* |
| 49 | * Generate ENDBR64 in a way that is sure to not result in |
| 50 | * an ENDBR64 instruction as immediate. |
| 51 | */ |
| 52 | asm ( "mov $~0xfa1e0ff3, %[endbr]\n\t" |
| 53 | "not %[endbr]\n\t" |
| 54 | : [endbr] "=&r"(endbr) ); |
| 55 | |
| 56 | return endbr; |
| 57 | } |
| 58 | |
| 59 | static __always_inline __attribute_const__ u32 gen_endbr_poison(void) |
| 60 | { |
| 61 | /* |
| 62 | * 4 byte NOP that isn't NOP4, such that it will be unique to (former) |
| 63 | * ENDBR sites. Additionally it carries UDB as immediate. |
| 64 | */ |
| 65 | return 0xd6401f0f; /* nopl -42(%rax) */ |
| 66 | } |
| 67 | |
| 68 | static inline bool __is_endbr(u32 val) |
| 69 | { |
| 70 | if (val == gen_endbr_poison()) |
| 71 | return true; |
| 72 | |
| 73 | val &= ~0x01000000U; /* ENDBR32 -> ENDBR64 */ |
| 74 | return val == gen_endbr(); |
| 75 | } |
| 76 | |
| 77 | extern __noendbr bool is_endbr(u32 *val); |
| 78 | extern __noendbr u64 ibt_save(bool disable); |
| 79 | extern __noendbr void ibt_restore(u64 save); |
| 80 | |
| 81 | #else /* __ASSEMBLER__ */ |
| 82 | |
| 83 | #ifdef CONFIG_X86_64 |
| 84 | #define ENDBR endbr64 |
| 85 | #else |
| 86 | #define ENDBR endbr32 |
| 87 | #endif |
| 88 | |
| 89 | #endif /* __ASSEMBLER__ */ |
| 90 | |
| 91 | #else /* !IBT */ |
| 92 | |
| 93 | #define HAS_KERNEL_IBT 0 |
| 94 | |
| 95 | #ifndef __ASSEMBLER__ |
| 96 | |
| 97 | #define ASM_ENDBR |
| 98 | #define IBT_NOSEAL(name) |
| 99 | |
| 100 | #define __noendbr |
| 101 | |
| 102 | static inline bool is_endbr(u32 *val) { return false; } |
| 103 | |
| 104 | static inline u64 ibt_save(bool disable) { return 0; } |
| 105 | static inline void ibt_restore(u64 save) { } |
| 106 | |
| 107 | #else /* __ASSEMBLER__ */ |
| 108 | |
| 109 | #define ENDBR |
| 110 | |
| 111 | #endif /* __ASSEMBLER__ */ |
| 112 | |
| 113 | #endif /* CONFIG_X86_KERNEL_IBT */ |
| 114 | |
| 115 | #define ENDBR_INSN_SIZE (4*HAS_KERNEL_IBT) |
| 116 | |
| 117 | #endif /* _ASM_X86_IBT_H */ |
| 118 |
Generated while processing Linux/arch/x86/entry/entry.S
Generated on 2025-Oct-12 from project Linux revision 6.17.0 (67029a49db6c)
Powered by 
Code Browser 2.1
Generator usage only permitted with license.