ibt.h source code [linux/arch/x86/include/asm/ibt.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	#ifndef _ASM_X86_IBT_H
3	#define _ASM_X86_IBT_H
4
5	#include <linux/types.h>
6
7	/*
8	* The rules for enabling IBT are:
9	*
10	* - CC_HAS_IBT: the toolchain supports it
11	* - X86_KERNEL_IBT: it is selected in Kconfig
12	* - !__DISABLE_EXPORTS: this is regular kernel code
13	*
14	* Esp. that latter one is a bit non-obvious, but some code like compressed,
15	* purgatory, realmode etc.. is built with custom CFLAGS that do not include
16	* -fcf-protection=branch and things will go bang.
17	*
18	* When all the above are satisfied, HAS_KERNEL_IBT will be 1, otherwise 0.
19	*/
20	#if defined(CONFIG_X86_KERNEL_IBT) && !defined(__DISABLE_EXPORTS)
21
22	#define HAS_KERNEL_IBT 1
23
24	#ifndef __ASSEMBLER__
25
26	#ifdef CONFIG_X86_64
27	#define ASM_ENDBR "endbr64\n\t"
28	#else
29	#define ASM_ENDBR "endbr32\n\t"
30	#endif
31
32	#define __noendbr __attribute__((nocf_check))
33
34	/*
35	* Create a dummy function pointer reference to prevent objtool from marking
36	* the function as needing to be "sealed" (i.e. ENDBR converted to NOP by
37	* apply_seal_endbr()).
38	*/
39	#define IBT_NOSEAL(fname) \
40	".pushsection .discard.ibt_endbr_noseal\n\t" \
41	_ASM_PTR fname "\n\t" \
42	".popsection\n\t"
43
44	static __always_inline __attribute_const__ u32 gen_endbr(void)
45	{
46	u32 endbr;
47
48	/*
49	* Generate ENDBR64 in a way that is sure to not result in
50	* an ENDBR64 instruction as immediate.
51	*/
52	asm ( "mov $~0xfa1e0ff3, %[endbr]\n\t"
53	"not %[endbr]\n\t"
54	: [endbr] "=&r" (endbr) );
55
56	return endbr;
57	}
58
59	static __always_inline __attribute_const__ u32 gen_endbr_poison(void)
60	{
61	/*
62	* 4 byte NOP that isn't NOP4 (in fact it is OSP NOP3), such that it
63	* will be unique to (former) ENDBR sites.
64	*/
65	return `0x001f0f66`; / osp nopl (%rax) /
66	}
67
68	static inline bool __is_endbr(u32 val)
69	{
70	if (val == gen_endbr_poison())
71	return true;
72
73	/ See cfi_fineibt_bhi_preamble() /
74	if (IS_ENABLED(CONFIG_FINEIBT_BHI) && val == `0x001f0ff5`)
75	return true;
76
77	val &= ~`0x01000000U`; / ENDBR32 -> ENDBR64 /
78	return val == gen_endbr();
79	}
80
81	extern __noendbr bool is_endbr(u32 *val);
82	extern __noendbr u64 ibt_save(bool disable);
83	extern __noendbr void ibt_restore(u64 save);
84
85	#else /* __ASSEMBLER__ */
86
87	#ifdef CONFIG_X86_64
88	#define ENDBR endbr64
89	#else
90	#define ENDBR endbr32
91	#endif
92
93	#endif /* __ASSEMBLER__ */
94
95	#else /* !IBT */
96
97	#define HAS_KERNEL_IBT 0
98
99	#ifndef __ASSEMBLER__
100
101	#define ASM_ENDBR
102	#define IBT_NOSEAL(name)
103
104	#define __noendbr
105
106	static inline bool is_endbr(u32 val) { return* false; }
107
108	static inline u64 ibt_save(bool disable) { return `0`; }
109	static inline void ibt_restore(u64 save) { }
110
111	#else /* __ASSEMBLER__ */
112
113	#define ENDBR
114
115	#endif /* __ASSEMBLER__ */
116
117	#endif /* CONFIG_X86_KERNEL_IBT */
118
119	#define ENDBR_INSN_SIZE (4*HAS_KERNEL_IBT)
120
121	#endif /* _ASM_X86_IBT_H */
122

source code of linux/arch/x86/include/asm/ibt.h