On Fri, Jul 21, 2023 at 08:51:35PM +0200, Peter Zijlstra wrote:
> On Fri, Jul 21, 2023 at 06:02:56PM +0200, Greg Kroah-Hartman wrote:
> > From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> >
> > [ Upstream commit 04505bbbbb15da950ea0239e328a76a3ad2376e0 ]
> >
> > Alyssa noticed that when building the kernel with CFI_CLANG+IBT and
> > booting on IBT enabled hardware to obtain FineIBT, the indirect
> > functions look like:
> >
> > __cfi_foo:
> > endbr64
> > subl $hash, %r10d
> > jz 1f
> > ud2
> > nop
> > 1:
> > foo:
> > endbr64
> >
> > This is because the compiler generates code for kCFI+IBT. In that case
> > the caller does the hash check and will jump to +0, so there must be
> > an ENDBR there. The compiler doesn't know about FineIBT at all; also
> > it is possible to actually use kCFI+IBT when booting with 'cfi=kcfi'
> > on IBT enabled hardware.
> >
> > Having this second ENDBR however makes it possible to elide the CFI
> > check. Therefore, we should poison this second ENDBR when switching to
> > FineIBT mode.
> >
> > Fixes: 931ab63664f0 ("x86/ibt: Implement FineIBT")
> > Reported-by: "Milburn, Alyssa" <alyssa.milburn@xxxxxxxxx>
> > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
> > Reviewed-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>
> > Link: https://lore.kernel.org/r/20230615193722.194131053@xxxxxxxxxxxxx
> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
>
> If you take this patch you should also take the patches from Brian that
> moves ret_from_fork() into C, otherwise you end up with a non-bootable
> kernel.
Thanks for letting me know, I've just dropped this patch instead for
now.
greg k-h
