From: Josh Poimboeuf <jpoimboe@redhat.com>
To: x86@kernel.org
Cc: Masami Hiramatsu <masami.hiramatsu@gmail.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
bpf@vger.kernel.org, Steven Rostedt <rostedt@goodmis.org>,
Nikolay Borisov <nborisov@suse.com>
Subject: [PATCH] x86: Disable CET instrumentation in the kernel
Date: Thu, 28 Jan 2021 15:52:19 -0600 [thread overview]
Message-ID: <20210128215219.6kct3h2eiustncws@treble> (raw)
In-Reply-To: <20210128165014.xc77qtun6fl2qfun@treble>
With retpolines disabled, some configurations of GCC will add Intel CET
instrumentation to the kernel by default. That breaks certain tracing
scenarios by adding a superfluous ENDBR64 instruction before the fentry
call, for functions which can be called indirectly.
CET instrumentation isn't currently necessary in the kernel, as CET is
only supported in user space. Disable it unconditionally.
Reported-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
Makefile | 6 ------
arch/x86/Makefile | 3 +++
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index e0af7a4a5598..51c2bf34142d 100644
--- a/Makefile
+++ b/Makefile
@@ -948,12 +948,6 @@ KBUILD_CFLAGS += $(call cc-option,-Werror=designated-init)
# change __FILE__ to the relative path from the srctree
KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
-# ensure -fcf-protection is disabled when using retpoline as it is
-# incompatible with -mindirect-branch=thunk-extern
-ifdef CONFIG_RETPOLINE
-KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
-endif
-
# include additional Makefiles when needed
include-y := scripts/Makefile.extrawarn
include-$(CONFIG_KASAN) += scripts/Makefile.kasan
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 32dcdddc1089..109c7f86483c 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -120,6 +120,9 @@ else
KBUILD_CFLAGS += -mno-red-zone
KBUILD_CFLAGS += -mcmodel=kernel
+
+ # Intel CET isn't enabled in the kernel
+ KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
endif
ifdef CONFIG_X86_X32
--
2.29.2
next prev parent reply other threads:[~2021-01-28 21:54 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <25cd2608-03c2-94b8-7760-9de9935fde64@suse.com>
[not found] ` <20210128001353.66e7171b395473ef992d6991@kernel.org>
[not found] ` <20210128002452.a79714c236b69ab9acfa986c@kernel.org>
[not found] ` <a35a6f15-9ab1-917c-d443-23d3e78f2d73@suse.com>
[not found] ` <20210128103415.d90be51ec607bb6123b2843c@kernel.org>
2021-01-28 3:38 ` kprobes broken since 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()") Masami Hiramatsu
2021-01-28 7:11 ` Nikolay Borisov
2021-01-28 16:12 ` Nikolay Borisov
2021-01-28 16:45 ` Nikolay Borisov
2021-01-28 16:50 ` Josh Poimboeuf
2021-01-28 21:52 ` Josh Poimboeuf [this message]
2021-01-29 6:23 ` [PATCH] x86: Disable CET instrumentation in the kernel Nikolay Borisov
2021-01-29 10:21 ` Borislav Petkov
[not found] ` <20210129151034.iba4eaa2fuxsipqa@treble>
2021-01-29 16:30 ` Borislav Petkov
2021-01-29 16:49 ` Josh Poimboeuf
2021-01-29 16:54 ` Nikolay Borisov
2021-01-29 17:03 ` Josh Poimboeuf
2021-01-29 17:07 ` Borislav Petkov
2021-01-29 17:58 ` Seth Forshee
2021-01-28 18:24 ` kprobes broken since 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()") Peter Zijlstra
2021-01-29 1:34 ` Alexei Starovoitov
2021-01-29 6:36 ` Nikolay Borisov
[not found] ` <YBPNyRyrkzw2echi@hirez.programming.kicks-ass.net>
[not found] ` <20210129224011.81bcdb3eba1227c414e69e1f@kernel.org>
[not found] ` <20210129105952.74dc8464@gandalf.local.home>
2021-01-29 16:24 ` Peter Zijlstra
2021-01-29 17:45 ` Alexei Starovoitov
2021-01-29 17:59 ` Peter Zijlstra
2021-01-29 19:01 ` Steven Rostedt
2021-01-29 21:05 ` Alexei Starovoitov
2021-01-30 1:41 ` Masami Hiramatsu
2021-01-29 21:24 ` Steven Rostedt
2021-01-30 8:28 ` Peter Zijlstra
2021-01-30 12:44 ` Steven Rostedt
2021-02-02 10:45 ` Peter Zijlstra
2021-02-02 14:52 ` Steven Rostedt
2021-02-02 16:45 ` Peter Zijlstra
2021-02-02 16:56 ` Steven Rostedt
2021-02-02 18:30 ` Peter Zijlstra
2021-02-02 21:05 ` Steven Rostedt
2021-02-03 13:33 ` Masami Hiramatsu
2021-02-03 13:52 ` Steven Rostedt
2021-01-30 2:02 ` Masami Hiramatsu
2021-01-30 3:08 ` Alexei Starovoitov
2021-01-30 12:10 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210128215219.6kct3h2eiustncws@treble \
--to=jpoimboe@redhat.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masami.hiramatsu@gmail.com \
--cc=mhiramat@kernel.org \
--cc=nborisov@suse.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).