1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ASM_X86_IBT_H
3 #define _ASM_X86_IBT_H
4 
5 #include <linux/types.h>
6 
7 /*
8  * The rules for enabling IBT are:
9  *
10  *  - CC_HAS_IBT:         the toolchain supports it
11  *  - X86_KERNEL_IBT:     it is selected in Kconfig
12  *  - !__DISABLE_EXPORTS: this is regular kernel code
13  *
14  * Esp. that latter one is a bit non-obvious, but some code like compressed,
15  * purgatory, realmode etc.. is built with custom CFLAGS that do not include
16  * -fcf-protection=branch and things will go *bang*.
17  *
18  * When all the above are satisfied, HAS_KERNEL_IBT will be 1, otherwise 0.
19  */
20 #if defined(CONFIG_X86_KERNEL_IBT) && !defined(__DISABLE_EXPORTS)
21 
22 #define HAS_KERNEL_IBT	1
23 
24 #ifndef __ASSEMBLER__
25 
26 #ifdef CONFIG_X86_64
27 #define ASM_ENDBR	"endbr64\n\t"
28 #else
29 #define ASM_ENDBR	"endbr32\n\t"
30 #endif
31 
32 #define __noendbr	__attribute__((nocf_check))
33 
34 /*
35  * Create a dummy function pointer reference to prevent objtool from marking
36  * the function as needing to be "sealed" (i.e. ENDBR converted to NOP by
37  * apply_seal_endbr()).
38  */
39 #define IBT_NOSEAL(fname)				\
40 	".pushsection .discard.ibt_endbr_noseal\n\t"	\
41 	_ASM_PTR fname "\n\t"				\
42 	".popsection\n\t"
43 
gen_endbr(void)44 static __always_inline __attribute_const__ u32 gen_endbr(void)
45 {
46 	u32 endbr;
47 
48 	/*
49 	 * Generate ENDBR64 in a way that is sure to not result in
50 	 * an ENDBR64 instruction as immediate.
51 	 */
52 	asm ( "mov $~0xfa1e0ff3, %[endbr]\n\t"
53 	      "not %[endbr]\n\t"
54 	       : [endbr] "=&r" (endbr) );
55 
56 	return endbr;
57 }
58 
gen_endbr_poison(void)59 static __always_inline __attribute_const__ u32 gen_endbr_poison(void)
60 {
61 	/*
62 	 * 4 byte NOP that isn't NOP4 (in fact it is OSP NOP3), such that it
63 	 * will be unique to (former) ENDBR sites.
64 	 */
65 	return 0x001f0f66; /* osp nopl (%rax) */
66 }
67 
__is_endbr(u32 val)68 static inline bool __is_endbr(u32 val)
69 {
70 	if (val == gen_endbr_poison())
71 		return true;
72 
73 	/* See cfi_fineibt_bhi_preamble() */
74 	if (IS_ENABLED(CONFIG_FINEIBT_BHI) && val == 0x001f0ff5)
75 		return true;
76 
77 	val &= ~0x01000000U; /* ENDBR32 -> ENDBR64 */
78 	return val == gen_endbr();
79 }
80 
81 extern __noendbr bool is_endbr(u32 *val);
82 extern __noendbr u64 ibt_save(bool disable);
83 extern __noendbr void ibt_restore(u64 save);
84 
85 #else /* __ASSEMBLER__ */
86 
87 #ifdef CONFIG_X86_64
88 #define ENDBR	endbr64
89 #else
90 #define ENDBR	endbr32
91 #endif
92 
93 #endif /* __ASSEMBLER__ */
94 
95 #else /* !IBT */
96 
97 #define HAS_KERNEL_IBT	0
98 
99 #ifndef __ASSEMBLER__
100 
101 #define ASM_ENDBR
102 #define IBT_NOSEAL(name)
103 
104 #define __noendbr
105 
is_endbr(u32 * val)106 static inline bool is_endbr(u32 *val) { return false; }
107 
ibt_save(bool disable)108 static inline u64 ibt_save(bool disable) { return 0; }
ibt_restore(u64 save)109 static inline void ibt_restore(u64 save) { }
110 
111 #else /* __ASSEMBLER__ */
112 
113 #define ENDBR
114 
115 #endif /* __ASSEMBLER__ */
116 
117 #endif /* CONFIG_X86_KERNEL_IBT */
118 
119 #define ENDBR_INSN_SIZE		(4*HAS_KERNEL_IBT)
120 
121 #endif /* _ASM_X86_IBT_H */
122