Re: [PATCH 09/14] x86/ibt: Implement IBT+
From: Peter Zijlstra
Date: Tue Nov 05 2024 - 05:40:34 EST
On Fri, Sep 27, 2024 at 09:49:05PM +0200, Peter Zijlstra wrote:
> +#ifdef CONFIG_X86_KERNEL_IBT_PLUS
> +__init_or_module void apply_direct_call_offset(s32 *start, s32 *end)
> +{
> + s32 *s;
> +
> + /*
> + * incompatible with call depth tracking
> + */
> + if (cpu_feature_enabled(X86_FEATURE_CALL_DEPTH))
> + return;
> +
> + for (s = start; s < end; s++) {
> + void *dest, *addr = (void *)s + *s;
> + struct insn insn;
> + int ret;
> +
> + ret = insn_decode_kernel(&insn, addr);
> + if (WARN_ON_ONCE(ret < 0))
> + continue;
> +
> + dest = addr + insn.length + insn.immediate.value;
> + if (!is_endbr(dest))
> + continue;
> +
> + switch (insn.opcode.bytes[0]) {
> + case CALL_INSN_OPCODE:
> + case JMP32_INSN_OPCODE:
> + apply_reloc(4, addr+1, 4);
> + continue;
> +
> + case JMP8_INSN_OPCODE:
> + case 0x70 ... 0x7f: /* Jcc.d8 */
> + apply_reloc(1, addr+1, 4);
> + continue;
*sigh*... I have a clang-19 build (thanks 0day) that uses a jmp.d8 +0x7e
as a tail-call, guess how well it goes adding 4 to that :-(
Luckily the next instruction is a giant (alignment) NOP, so I *could* go
fix that up, but perhaps this is pushing things too far ...
> +
> + case 0x0f:
> + switch (insn.opcode.bytes[1]) {
> + case 0x80 ... 0x8f:
> + apply_reloc(4, addr+2, 4);
> + continue;
> +
> + default:
> + break;
> + }
> + break;
> +
> + default:
> + break;
> + }
> +
> + printk("at: %pS, instruction: %*ph\n", addr, insn.length, addr);
> + BUG();
> + }
> +}
> +#else
> +__init_or_module void apply_direct_call_offset(s32 *start, s32 *end) { }
> +#endif