lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <174056726271.10177.1691643759974399191.tip-bot2@tip-bot2>
Date: Wed, 26 Feb 2025 10:54:22 -0000
From: "tip-bot2 for Peter Zijlstra" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: "Peter Zijlstra (Intel)" <peterz@...radead.org>,
 Kees Cook <kees@...nel.org>, x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [tip: x86/core] x86/ibt: Add exact_endbr() helper

The following commit has been merged into the x86/core branch of tip:

Commit-ID:     1d60b295042d20f312de17d74076a74a0d13a32d
Gitweb:        https://git.kernel.org/tip/1d60b295042d20f312de17d74076a74a0d13a32d
Author:        Peter Zijlstra <peterz@...radead.org>
AuthorDate:    Mon, 24 Feb 2025 13:37:05 +01:00
Committer:     Peter Zijlstra <peterz@...radead.org>
CommitterDate: Wed, 26 Feb 2025 11:41:53 +01:00

x86/ibt: Add exact_endbr() helper

For when we want to exactly match ENDBR, and not everything that we
can scribble it with.

Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
Reviewed-by: Kees Cook <kees@...nel.org>
Link: https://lore.kernel.org/r/20250224124200.059556588@infradead.org
---
 arch/x86/kernel/alternative.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 1142ebd..1cc0e4d 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -863,6 +863,17 @@ Efault:
 	return false;
 }
 
+static __noendbr bool exact_endbr(u32 *val)
+{
+	u32 endbr;
+
+	__get_kernel_nofault(&endbr, val, u32, Efault);
+	return endbr == gen_endbr();
+
+Efault:
+	return false;
+}
+
 static void poison_cfi(void *addr);
 
 static void __init_or_module poison_endbr(void *addr)
@@ -1426,10 +1437,9 @@ static void poison_cfi(void *addr)
 bool decode_fineibt_insn(struct pt_regs *regs, unsigned long *target, u32 *type)
 {
 	unsigned long addr = regs->ip - fineibt_preamble_ud2;
-	u32 endbr, hash;
+	u32 hash;
 
-	__get_kernel_nofault(&endbr, addr, u32, Efault);
-	if (endbr != gen_endbr())
+	if (!exact_endbr((void *)addr))
 		return false;
 
 	*target = addr + fineibt_preamble_size;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ