The following commit has been merged into the x86/core branch of tip:
Commit-ID: 1d60b295042d20f312de17d74076a74a0d13a32d
Gitweb: https://git.kernel.org/tip/1d60b295042d20f312de17d74076a74a0d13a32d
Author: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
AuthorDate: Mon, 24 Feb 2025 13:37:05 +01:00
Committer: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
CommitterDate: Wed, 26 Feb 2025 11:41:53 +01:00
x86/ibt: Add exact_endbr() helper
For when we want to exactly match ENDBR, and not everything that we
can scribble it with.
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Reviewed-by: Kees Cook <kees@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20250224124200.059556588@xxxxxxxxxxxxx
---
arch/x86/kernel/alternative.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 1142ebd..1cc0e4d 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -863,6 +863,17 @@ Efault:
return false;
}
+static __noendbr bool exact_endbr(u32 *val)
+{
+ u32 endbr;
+
+ __get_kernel_nofault(&endbr, val, u32, Efault);
+ return endbr == gen_endbr();
+
+Efault:
+ return false;
+}
+
static void poison_cfi(void *addr);
static void __init_or_module poison_endbr(void *addr)
@@ -1426,10 +1437,9 @@ static void poison_cfi(void *addr)
bool decode_fineibt_insn(struct pt_regs *regs, unsigned long *target, u32 *type)
{
unsigned long addr = regs->ip - fineibt_preamble_ud2;
- u32 endbr, hash;
+ u32 hash;
- __get_kernel_nofault(&endbr, addr, u32, Efault);
- if (endbr != gen_endbr())
+ if (!exact_endbr((void *)addr))
return false;
*target = addr + fineibt_preamble_size;
|