x86/ibt: Clean up is_endbr() · tjh.dev/kernel@72e213a

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

x86/ibt: Clean up is_endbr()

Pretty much every caller of is_endbr() actually wants to test something at an
address and ends up doing get_kernel_nofault(). Fold the lot into a more
convenient helper.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20250207122546.181367417@infradead.org

Peter Zijlstra 1 year ago 72e213a7 92d2da37

+27 -52

7 changed files

expand all

arch

x86

events

core.c

include

asm

ftrace.h

ibt.h

kernel

alternative.c

kprobes

core.c

net

bpf_jit_comp.c

kernel

trace

bpf_trace.c

+1 -1

arch/x86/events/core.c

··· 2844 2844 return true; 2845 2845 2846 2846 /* endbr64 (64-bit only) */ 2847 - if (user_64bit_mode(regs) && is_endbr(*(u32 *)auprobe->insn)) 2847 + if (user_64bit_mode(regs) && is_endbr((u32 *)auprobe->insn)) 2848 2848 return true; 2849 2849 2850 2850 return false;

+2 -14

arch/x86/include/asm/ftrace.h

··· 36 36 37 37 static inline unsigned long arch_ftrace_get_symaddr(unsigned long fentry_ip) 38 38 { 39 - #ifdef CONFIG_X86_KERNEL_IBT 40 - u32 instr; 41 - 42 - /* We want to be extra safe in case entry ip is on the page edge, 43 - * but otherwise we need to avoid get_kernel_nofault()'s overhead. 44 - */ 45 - if ((fentry_ip & ~PAGE_MASK) < ENDBR_INSN_SIZE) { 46 - if (get_kernel_nofault(instr, (u32 *)(fentry_ip - ENDBR_INSN_SIZE))) 47 - return fentry_ip; 48 - } else { 49 - instr = *(u32 *)(fentry_ip - ENDBR_INSN_SIZE); 50 - } 51 - if (is_endbr(instr)) 39 + if (is_endbr((void*)(fentry_ip - ENDBR_INSN_SIZE))) 52 40 fentry_ip -= ENDBR_INSN_SIZE; 53 - #endif 41 + 54 42 return fentry_ip; 55 43 } 56 44 #define ftrace_get_symaddr(fentry_ip) arch_ftrace_get_symaddr(fentry_ip)

+3 -2

arch/x86/include/asm/ibt.h

··· 65 65 return 0x001f0f66; /* osp nopl (%rax) */ 66 66 } 67 67 68 - static inline bool is_endbr(u32 val) 68 + static inline bool __is_endbr(u32 val) 69 69 { 70 70 if (val == gen_endbr_poison()) 71 71 return true; ··· 74 74 return val == gen_endbr(); 75 75 } 76 76 77 + extern __noendbr bool is_endbr(u32 *val); 77 78 extern __noendbr u64 ibt_save(bool disable); 78 79 extern __noendbr void ibt_restore(u64 save); 79 80 ··· 99 98 100 99 #define __noendbr 101 100 102 - static inline bool is_endbr(u32 val) { return false; } 101 + static inline bool is_endbr(u32 *val) { return false; } 103 102 104 103 static inline u64 ibt_save(bool disable) { return 0; } 105 104 static inline void ibt_restore(u64 save) { }

+14 -6

arch/x86/kernel/alternative.c

··· 852 852 853 853 #ifdef CONFIG_X86_KERNEL_IBT 854 854 855 + __noendbr bool is_endbr(u32 *val) 856 + { 857 + u32 endbr; 858 + 859 + __get_kernel_nofault(&endbr, val, u32, Efault); 860 + return __is_endbr(endbr); 861 + 862 + Efault: 863 + return false; 864 + } 865 + 855 866 static void poison_cfi(void *addr); 856 867 857 868 static void __init_or_module poison_endbr(void *addr, bool warn) 858 869 { 859 - u32 endbr, poison = gen_endbr_poison(); 870 + u32 poison = gen_endbr_poison(); 860 871 861 - if (WARN_ON_ONCE(get_kernel_nofault(endbr, addr))) 862 - return; 863 - 864 - if (!is_endbr(endbr)) { 872 + if (!is_endbr(addr)) { 865 873 WARN_ON_ONCE(warn); 866 874 return; 867 875 } ··· 996 988 static u32 cfi_rehash(u32 hash) 997 989 { 998 990 hash ^= cfi_seed; 999 - while (unlikely(is_endbr(hash) || is_endbr(-hash))) { 991 + while (unlikely(__is_endbr(hash) || __is_endbr(-hash))) { 1000 992 bool lsb = hash & 1; 1001 993 hash >>= 1; 1002 994 if (lsb)

+1 -10

arch/x86/kernel/kprobes/core.c

··· 373 373 kprobe_opcode_t *arch_adjust_kprobe_addr(unsigned long addr, unsigned long offset, 374 374 bool *on_func_entry) 375 375 { 376 - u32 insn; 377 - 378 - /* 379 - * Since 'addr' is not guaranteed to be safe to access, use 380 - * copy_from_kernel_nofault() to read the instruction: 381 - */ 382 - if (copy_from_kernel_nofault(&insn, (void *)addr, sizeof(u32))) 383 - return NULL; 384 - 385 - if (is_endbr(insn)) { 376 + if (is_endbr((u32 *)addr)) { 386 377 *on_func_entry = !offset || offset == 4; 387 378 if (*on_func_entry) 388 379 offset = 4;

+2 -2

arch/x86/net/bpf_jit_comp.c

··· 641 641 * See emit_prologue(), for IBT builds the trampoline hook is preceded 642 642 * with an ENDBR instruction. 643 643 */ 644 - if (is_endbr(*(u32 *)ip)) 644 + if (is_endbr(ip)) 645 645 ip += ENDBR_INSN_SIZE; 646 646 647 647 return __bpf_arch_text_poke(ip, t, old_addr, new_addr); ··· 3036 3036 /* skip patched call instruction and point orig_call to actual 3037 3037 * body of the kernel function. 3038 3038 */ 3039 - if (is_endbr(*(u32 *)orig_call)) 3039 + if (is_endbr(orig_call)) 3040 3040 orig_call += ENDBR_INSN_SIZE; 3041 3041 orig_call += X86_PATCH_SIZE; 3042 3042 }

+4 -17

kernel/trace/bpf_trace.c

··· 1038 1038 .arg1_type = ARG_PTR_TO_CTX, 1039 1039 }; 1040 1040 1041 - #ifdef CONFIG_X86_KERNEL_IBT 1042 - static unsigned long get_entry_ip(unsigned long fentry_ip) 1041 + static inline unsigned long get_entry_ip(unsigned long fentry_ip) 1043 1042 { 1044 - u32 instr; 1045 - 1046 - /* We want to be extra safe in case entry ip is on the page edge, 1047 - * but otherwise we need to avoid get_kernel_nofault()'s overhead. 1048 - */ 1049 - if ((fentry_ip & ~PAGE_MASK) < ENDBR_INSN_SIZE) { 1050 - if (get_kernel_nofault(instr, (u32 *)(fentry_ip - ENDBR_INSN_SIZE))) 1051 - return fentry_ip; 1052 - } else { 1053 - instr = *(u32 *)(fentry_ip - ENDBR_INSN_SIZE); 1054 - } 1055 - if (is_endbr(instr)) 1043 + #ifdef CONFIG_X86_KERNEL_IBT 1044 + if (is_endbr((void *)(fentry_ip - ENDBR_INSN_SIZE))) 1056 1045 fentry_ip -= ENDBR_INSN_SIZE; 1046 + #endif 1057 1047 return fentry_ip; 1058 1048 } 1059 - #else 1060 - #define get_entry_ip(fentry_ip) fentry_ip 1061 - #endif 1062 1049 1063 1050 BPF_CALL_1(bpf_get_func_ip_kprobe, struct pt_regs *, regs) 1064 1051 {