From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C5B8C433ED for ; Thu, 1 Apr 2021 22:14:39 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 70FB3610F9 for ; Thu, 1 Apr 2021 22:14:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 70FB3610F9 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 6DB026B0123; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C2FE6B0125; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3EFA66B0126; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0103.hostedemail.com [216.40.44.103]) by kanga.kvack.org (Postfix) with ESMTP id 0DDAE6B0123 for ; Thu, 1 Apr 2021 18:14:33 -0400 (EDT) Received: from smtpin31.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 84C5EF029 for ; Thu, 1 Apr 2021 22:14:32 +0000 (UTC) X-FDA: 77985203184.31.DA36166 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by imf26.hostedemail.com (Postfix) with ESMTP id C569540002D0 for ; Thu, 1 Apr 2021 22:14:30 +0000 (UTC) IronPort-SDR: dhIY1yRalucDStjFIyJc1deq5/oTSj2cFJMgdki9RvZiTrLUGYfWrw25XDMRTgSFkxNBrzoaA6 CZ3EqDRrmZhw== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="192372125" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="192372125" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:29 -0700 IronPort-SDR: 4UZdjzxA+n9288G5UQT4CLuxI057gYd9lwhM+eVMUBVgkVYelhKG0aXgVHfl+NVtS1TJyk6T+C Nn7+Hf1MLtKg== X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="394700370" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 15:14:26 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang Cc: Yu-cheng Yu , Jarkko Sakkinen Subject: [PATCH v24 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave Date: Thu, 1 Apr 2021 15:14:03 -0700 Message-Id: <20210401221403.32253-10-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210401221403.32253-1-yu-cheng.yu@intel.com> References: <20210401221403.32253-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: C569540002D0 X-Stat-Signature: o48p378xgo4443fxi9x84jp35qtat331 Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf26; identity=mailfrom; envelope-from=""; helo=mga03.intel.com; client-ip=134.134.136.65 X-HE-DKIM-Result: none/none X-HE-Tag: 1617315270-111452 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) component of CET. IBT prevents attacks by ensuring that (most) indirect branches and function calls may only land at ENDBR instructions. Branche= s that don't follow the rules will result in control flow (#CF) exceptions. ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR instructions are inserted automatically by the compiler, but branch targets written in assembly must have ENDBR added manually. Add ENDBR to __vdso_sgx_enter_enclave() branch targets. Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Jarkko Sakkinen Cc: Peter Zijlstra --- arch/x86/entry/vdso/vsgx.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/entry/vdso/vsgx.S b/arch/x86/entry/vdso/vsgx.S index 86a0e94f68df..c63eafa54abd 100644 --- a/arch/x86/entry/vdso/vsgx.S +++ b/arch/x86/entry/vdso/vsgx.S @@ -4,6 +4,7 @@ #include #include #include +#include =20 #include "extable.h" =20 @@ -27,6 +28,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) /* Prolog */ .cfi_startproc + ENDBR push %rbp .cfi_adjust_cfa_offset 8 .cfi_rel_offset %rbp, 0 @@ -62,6 +64,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) .Lasync_exit_pointer: .Lenclu_eenter_eresume: enclu + ENDBR =20 /* EEXIT jumps here unless the enclave is doing something fancy. */ mov SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx @@ -91,6 +94,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave) jmp .Lout =20 .Lhandle_exception: + ENDBR mov SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx =20 /* Set the exception info. */ --=20 2.21.0