From: Josh Poimboeuf <jpoimboe@redhat.com>
To: x86@kernel.org
Cc: Masami Hiramatsu <masami.hiramatsu@gmail.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
bpf@vger.kernel.org, Steven Rostedt <rostedt@goodmis.org>,
Nikolay Borisov <nborisov@suse.com>
Subject: [PATCH] x86: Disable CET instrumentation in the kernel
Date: Thu, 28 Jan 2021 15:52:19 -0600
Message-ID: <20210128215219.6kct3h2eiustncws@treble> (raw)
In-Reply-To: <20210128165014.xc77qtun6fl2qfun@treble>
With retpolines disabled, some configurations of GCC will add Intel CET
instrumentation to the kernel by default. That breaks certain tracing
scenarios by adding a superfluous ENDBR64 instruction before the fentry
call, for functions which can be called indirectly.
CET instrumentation isn't currently necessary in the kernel, as CET is
only supported in user space. Disable it unconditionally.
Reported-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
Makefile | 6 ------
arch/x86/Makefile | 3 +++
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index e0af7a4a5598..51c2bf34142d 100644
--- a/Makefile
+++ b/Makefile
@@ -948,12 +948,6 @@ KBUILD_CFLAGS += $(call cc-option,-Werror=designated-init)
# change __FILE__ to the relative path from the srctree
KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
-# ensure -fcf-protection is disabled when using retpoline as it is
-# incompatible with -mindirect-branch=thunk-extern
-ifdef CONFIG_RETPOLINE
-KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
-endif
-
# include additional Makefiles when needed
include-y := scripts/Makefile.extrawarn
include-$(CONFIG_KASAN) += scripts/Makefile.kasan
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 32dcdddc1089..109c7f86483c 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -120,6 +120,9 @@ else
KBUILD_CFLAGS += -mno-red-zone
KBUILD_CFLAGS += -mcmodel=kernel
+
+ # Intel CET isn't enabled in the kernel
+ KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
endif
ifdef CONFIG_X86_X32
--
2.29.2
next prev parent reply index
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <25cd2608-03c2-94b8-7760-9de9935fde64@suse.com>
[not found] ` <20210128001353.66e7171b395473ef992d6991@kernel.org>
[not found] ` <20210128002452.a79714c236b69ab9acfa986c@kernel.org>
[not found] ` <a35a6f15-9ab1-917c-d443-23d3e78f2d73@suse.com>
[not found] ` <20210128103415.d90be51ec607bb6123b2843c@kernel.org>
2021-01-28 3:38 ` kprobes broken since 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()") Masami Hiramatsu
2021-01-28 7:11 ` Nikolay Borisov
2021-01-28 16:12 ` Nikolay Borisov
2021-01-28 16:45 ` Nikolay Borisov
2021-01-28 16:50 ` Josh Poimboeuf
2021-01-28 21:52 ` Josh Poimboeuf [this message]
2021-01-29 6:23 ` [PATCH] x86: Disable CET instrumentation in the kernel Nikolay Borisov
2021-01-29 10:21 ` Borislav Petkov
[not found] ` <20210129151034.iba4eaa2fuxsipqa@treble>
2021-01-29 16:30 ` Borislav Petkov
2021-01-29 16:49 ` Josh Poimboeuf
2021-01-29 16:54 ` Nikolay Borisov
2021-01-29 17:03 ` Josh Poimboeuf
2021-01-29 17:07 ` Borislav Petkov
2021-01-29 17:58 ` Seth Forshee
2021-01-28 18:24 ` kprobes broken since 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()") Peter Zijlstra
2021-01-29 1:34 ` Alexei Starovoitov
2021-01-29 6:36 ` Nikolay Borisov
[not found] ` <YBPNyRyrkzw2echi@hirez.programming.kicks-ass.net>
[not found] ` <20210129224011.81bcdb3eba1227c414e69e1f@kernel.org>
[not found] ` <20210129105952.74dc8464@gandalf.local.home>
2021-01-29 16:24 ` Peter Zijlstra
2021-01-29 17:45 ` Alexei Starovoitov
2021-01-29 17:59 ` Peter Zijlstra
2021-01-29 19:01 ` Steven Rostedt
2021-01-29 21:05 ` Alexei Starovoitov
2021-01-30 1:41 ` Masami Hiramatsu
2021-01-29 21:24 ` Steven Rostedt
2021-01-30 8:28 ` Peter Zijlstra
2021-01-30 12:44 ` Steven Rostedt
2021-02-02 10:45 ` Peter Zijlstra
2021-02-02 14:52 ` Steven Rostedt
2021-02-02 16:45 ` Peter Zijlstra
2021-02-02 16:56 ` Steven Rostedt
2021-02-02 18:30 ` Peter Zijlstra
2021-02-02 21:05 ` Steven Rostedt
2021-02-03 13:33 ` Masami Hiramatsu
2021-02-03 13:52 ` Steven Rostedt
2021-01-30 2:02 ` Masami Hiramatsu
2021-01-30 3:08 ` Alexei Starovoitov
2021-01-30 12:10 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210128215219.6kct3h2eiustncws@treble \
--to=jpoimboe@redhat.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masami.hiramatsu@gmail.com \
--cc=mhiramat@kernel.org \
--cc=nborisov@suse.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
BPF Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/bpf/0 bpf/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 bpf bpf/ https://lore.kernel.org/bpf \
bpf@vger.kernel.org
public-inbox-index bpf
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.bpf
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git