x86/alternative: Use .ibt_endbr_seal to seal indirect calls

Objtool's --ibt option generates .ibt_endbr_seal which lists superfluous ENDBR instructions. That is those instructions for which the function is never indirectly called. Overwrite these ENDBR instructions with a NOP4 such that these function can never be indirect called, reducing the number of viable ENDBR targets in the kernel. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lore.kernel.org/r/20220308154319.822545231@infradead.org
author: Peter Zijlstra <peterz@infradead.org> 2022-03-08 16:30:56 +0100
committer: Peter Zijlstra <peterz@infradead.org> 2022-03-15 10:32:47 +0100
commit: ed53a0d971926e484d86cce617ec02a7ee85c3fe (patch)
tree: 1423484f3912113c56c0b77fa5b0397113040828 /arch/x86/include/asm/ibt.h
parent: 89bc853eae4ad125030ef99f207ba76c2f00a26e (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/x86/include/asm/ibt.h b/arch/x86/include/asm/ibt.h
index 52fb05d66489..689880eca9ba 100644
--- a/arch/x86/include/asm/ibt.h
+++ b/arch/x86/include/asm/ibt.h
@@ -46,8 +46,20 @@ static inline __attribute_const__ u32 gen_endbr(void)
 	return endbr;
 }
 
+static inline __attribute_const__ u32 gen_endbr_poison(void)
+{
+	/*
+	 * 4 byte NOP that isn't NOP4 (in fact it is OSP NOP3), such that it
+	 * will be unique to (former) ENDBR sites.
+	 */
+	return 0x001f0f66; /* osp nopl (%rax) */
+}
+
 static inline bool is_endbr(u32 val)
 {
+	if (val == gen_endbr_poison())
+		return true;
+
 	val &= ~0x01000000U; /* ENDBR32 -> ENDBR64 */
 	return val == gen_endbr();
 }
author	Peter Zijlstra <peterz@infradead.org>	2022-03-08 16:30:56 +0100
committer	Peter Zijlstra <peterz@infradead.org>	2022-03-15 10:32:47 +0100
commit	ed53a0d971926e484d86cce617ec02a7ee85c3fe (patch)
tree	1423484f3912113c56c0b77fa5b0397113040828 /arch/x86/include/asm/ibt.h
parent	89bc853eae4ad125030ef99f207ba76c2f00a26e (diff)