ibt.h source code [linux/arch/x86/include/asm/ibt.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	#ifndef _ASM_X86_IBT_H
3	#define _ASM_X86_IBT_H
4
5	#include <linux/types.h>
6
7	/*
8	* The rules for enabling IBT are:
9	*
10	* - CC_HAS_IBT: the toolchain supports it
11	* - X86_KERNEL_IBT: it is selected in Kconfig
12	* - !__DISABLE_EXPORTS: this is regular kernel code
13	*
14	* Esp. that latter one is a bit non-obvious, but some code like compressed,
15	* purgatory, realmode etc.. is built with custom CFLAGS that do not include
16	* -fcf-protection=branch and things will go bang.
17	*
18	* When all the above are satisfied, HAS_KERNEL_IBT will be 1, otherwise 0.
19	*/
20	#if defined(CONFIG_X86_KERNEL_IBT) && !defined(__DISABLE_EXPORTS)
21
22	#define HAS_KERNEL_IBT 1
23
24	#ifndef __ASSEMBLY__
25
26	#ifdef CONFIG_X86_64
27	#define ASM_ENDBR "endbr64\n\t"
28	#else
29	#define ASM_ENDBR "endbr32\n\t"
30	#endif
31
32	#define __noendbr __attribute__((nocf_check))
33
34	/*
35	* Create a dummy function pointer reference to prevent objtool from marking
36	* the function as needing to be "sealed" (i.e. ENDBR converted to NOP by
37	* apply_seal_endbr()).
38	*/
39	#define IBT_NOSEAL(fname) \
40	".pushsection .discard.ibt_endbr_noseal\n\t" \
41	_ASM_PTR fname "\n\t" \
42	".popsection\n\t"
43
44	static inline __attribute_const__ u32 gen_endbr(void)
45	{
46	u32 endbr;
47
48	/*
49	* Generate ENDBR64 in a way that is sure to not result in
50	* an ENDBR64 instruction as immediate.
51	*/
52	asm ( "mov $~0xfa1e0ff3, %[endbr]\n\t"
53	"not %[endbr]\n\t"
54	: [endbr] "=&r" (endbr) );
55
56	return endbr;
57	}
58
59	static inline __attribute_const__ u32 gen_endbr_poison(void)
60	{
61	/*
62	* 4 byte NOP that isn't NOP4 (in fact it is OSP NOP3), such that it
63	* will be unique to (former) ENDBR sites.
64	*/
65	return `0x001f0f66`; / osp nopl (%rax) /
66	}
67
68	static inline bool is_endbr(u32 val)
69	{
70	if (val == gen_endbr_poison())
71	return true;
72
73	val &= ~`0x01000000U`; / ENDBR32 -> ENDBR64 /
74	return val == gen_endbr();
75	}
76
77	extern __noendbr u64 ibt_save(bool disable);
78	extern __noendbr void ibt_restore(u64 save);
79
80	#else /* __ASSEMBLY__ */
81
82	#ifdef CONFIG_X86_64
83	#define ENDBR endbr64
84	#else
85	#define ENDBR endbr32
86	#endif
87
88	#endif /* __ASSEMBLY__ */
89
90	#else /* !IBT */
91
92	#define HAS_KERNEL_IBT 0
93
94	#ifndef __ASSEMBLY__
95
96	#define ASM_ENDBR
97	#define IBT_NOSEAL(name)
98
99	#define __noendbr
100
101	static inline bool is_endbr(u32 val) { return false; }
102
103	static inline u64 ibt_save(bool disable) { return `0`; }
104	static inline void ibt_restore(u64 save) { }
105
106	#else /* __ASSEMBLY__ */
107
108	#define ENDBR
109
110	#endif /* __ASSEMBLY__ */
111
112	#endif /* CONFIG_X86_KERNEL_IBT */
113
114	#define ENDBR_INSN_SIZE (4*HAS_KERNEL_IBT)
115
116	#endif /* _ASM_X86_IBT_H */
117

source code of linux/arch/x86/include/asm/ibt.h