The following commit has been merged into the x86/core branch of tip: Commit-ID: 1d60b295042d20f312de17d74076a74a0d13a32d Gitweb: https://git.kernel.org/tip/1d60b295042d20f312de17d74076a74a0d13a32d Author: Peter Zijlstra <peterz@xxxxxxxxxxxxx> AuthorDate: Mon, 24 Feb 2025 13:37:05 +01:00 Committer: Peter Zijlstra <peterz@xxxxxxxxxxxxx> CommitterDate: Wed, 26 Feb 2025 11:41:53 +01:00 x86/ibt: Add exact_endbr() helper For when we want to exactly match ENDBR, and not everything that we can scribble it with. Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> Reviewed-by: Kees Cook <kees@xxxxxxxxxx> Link: https://lore.kernel.org/r/20250224124200.059556588@xxxxxxxxxxxxx --- arch/x86/kernel/alternative.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 1142ebd..1cc0e4d 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -863,6 +863,17 @@ Efault: return false; } +static __noendbr bool exact_endbr(u32 *val) +{ + u32 endbr; + + __get_kernel_nofault(&endbr, val, u32, Efault); + return endbr == gen_endbr(); + +Efault: + return false; +} + static void poison_cfi(void *addr); static void __init_or_module poison_endbr(void *addr) @@ -1426,10 +1437,9 @@ static void poison_cfi(void *addr) bool decode_fineibt_insn(struct pt_regs *regs, unsigned long *target, u32 *type) { unsigned long addr = regs->ip - fineibt_preamble_ud2; - u32 endbr, hash; + u32 hash; - __get_kernel_nofault(&endbr, addr, u32, Efault); - if (endbr != gen_endbr()) + if (!exact_endbr((void *)addr)) return false; *target = addr + fineibt_preamble_size;
![]() |