mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-31 08:28:13 +00:00
7001052160
coarse grained, hardware based, forward edge Control-Flow-Integrity mechanism where any indirect CALL/JMP must target an ENDBR instruction or suffer #CP. Additionally, since Alderlake (12th gen)/Sapphire-Rapids, speculation is limited to 2 instructions (and typically fewer) on branch targets not starting with ENDBR. CET-IBT also limits speculation of the next sequential instruction after the indirect CALL/JMP [1]. CET-IBT is fundamentally incompatible with retpolines, but provides, as described above, speculation limits itself. [1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html -----BEGIN PGP SIGNATURE----- iQJJBAABCgAzFiEEv3OU3/byMaA0LqWJdkfhpEvA5LoFAmI/LI8VHHBldGVyekBp bmZyYWRlYWQub3JnAAoJEHZH4aRLwOS6ZnkP/2QCgQLTu6oRxv9O020CHwlaSEeD 1Hoy3loum5q5hAi1Ik3dR9p0H5u64c9qbrBVxaFoNKaLt5GKrtHaDSHNk2L/CFHX urpH65uvTLxbyZzcahkAahoJ71XU+m7PcrHLWMunw9sy10rExYVsUOlFyoyG6XCF BDCNZpdkC09ZM3vwlWGMZd5Pp+6HcZNPyoV9tpvWAS2l+WYFWAID7mflbpQ+tA8b y/hM6b3Ud0rT2ubuG1iUpopgNdwqQZ+HisMPGprh+wKZkYwS2l8pUTrz0MaBkFde go7fW16kFy2HQzGm6aIEBmfcg0palP/mFVaWP0zS62LwhJSWTn5G6xWBr3yxSsht 9gWCiI0oDZuTg698MedWmomdG2SK6yAuZuqmdKtLLoWfWgviPEi7TDFG/cKtZdAW ag8GM8T4iyYZzpCEcWO9GWbjo6TTGq30JBQefCBG47GjD0csv2ubXXx0Iey+jOwT x3E8wnv9dl8V9FSd/tMpTFmje8ges23yGrWtNpb5BRBuWTeuGiBPZED2BNyyIf+T dmewi2ufNMONgyNp27bDKopY81CPAQq9cVxqNm9Cg3eWPFnpOq2KGYEvisZ/rpEL EjMQeUBsy/C3AUFAleu1vwNnkwP/7JfKYpN00gnSyeQNZpqwxXBCKnHNgOMTXyJz beB/7u2KIUbKEkSN =jZfK -----END PGP SIGNATURE----- Merge tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 CET-IBT (Control-Flow-Integrity) support from Peter Zijlstra: "Add support for Intel CET-IBT, available since Tigerlake (11th gen), which is a coarse grained, hardware based, forward edge Control-Flow-Integrity mechanism where any indirect CALL/JMP must target an ENDBR instruction or suffer #CP. Additionally, since Alderlake (12th gen)/Sapphire-Rapids, speculation is limited to 2 instructions (and typically fewer) on branch targets not starting with ENDBR. CET-IBT also limits speculation of the next sequential instruction after the indirect CALL/JMP [1]. CET-IBT is fundamentally incompatible with retpolines, but provides, as described above, speculation limits itself" [1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html * tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (53 commits) kvm/emulate: Fix SETcc emulation for ENDBR x86/Kconfig: Only allow CONFIG_X86_KERNEL_IBT with ld.lld >= 14.0.0 x86/Kconfig: Only enable CONFIG_CC_HAS_IBT for clang >= 14.0.0 kbuild: Fixup the IBT kbuild changes x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy x86: Remove toolchain check for X32 ABI capability x86/alternative: Use .ibt_endbr_seal to seal indirect calls objtool: Find unused ENDBR instructions objtool: Validate IBT assumptions objtool: Add IBT/ENDBR decoding objtool: Read the NOENDBR annotation x86: Annotate idtentry_df() x86,objtool: Move the ASM_REACHABLE annotation to objtool.h x86: Annotate call_on_stack() objtool: Rework ASM_REACHABLE x86: Mark __invalid_creds() __noreturn exit: Mark do_group_exit() __noreturn x86: Mark stop_this_cpu() __noreturn objtool: Ignore extra-symbol code objtool: Rename --duplicate to --lto ... |
||
---|---|---|
.. | ||
acpi | ||
apic | ||
cpu | ||
fpu | ||
kprobes | ||
.gitignore | ||
alternative.c | ||
amd_gart_64.c | ||
amd_nb.c | ||
aperture_64.c | ||
apm_32.c | ||
asm-offsets.c | ||
asm-offsets_32.c | ||
asm-offsets_64.c | ||
audit_64.c | ||
bootflag.c | ||
check.c | ||
cpuid.c | ||
crash.c | ||
crash_core_32.c | ||
crash_core_64.c | ||
crash_dump_32.c | ||
crash_dump_64.c | ||
devicetree.c | ||
doublefault_32.c | ||
dumpstack.c | ||
dumpstack_32.c | ||
dumpstack_64.c | ||
e820.c | ||
early-quirks.c | ||
early_printk.c | ||
ebda.c | ||
eisa.c | ||
espfix_64.c | ||
ftrace.c | ||
ftrace_32.S | ||
ftrace_64.S | ||
head32.c | ||
head64.c | ||
head_32.S | ||
head_64.S | ||
hpet.c | ||
hw_breakpoint.c | ||
i8237.c | ||
i8253.c | ||
i8259.c | ||
idt.c | ||
io_delay.c | ||
ioport.c | ||
irq.c | ||
irq_32.c | ||
irq_64.c | ||
irq_work.c | ||
irqflags.S | ||
irqinit.c | ||
itmt.c | ||
jailhouse.c | ||
jump_label.c | ||
kdebugfs.c | ||
kexec-bzimage64.c | ||
kgdb.c | ||
ksysfs.c | ||
kvm.c | ||
kvmclock.c | ||
ldt.c | ||
machine_kexec_32.c | ||
machine_kexec_64.c | ||
Makefile | ||
mmconf-fam10h_64.c | ||
module.c | ||
mpparse.c | ||
msr.c | ||
nmi.c | ||
nmi_selftest.c | ||
paravirt-spinlocks.c | ||
paravirt.c | ||
pci-dma.c | ||
pci-iommu_table.c | ||
pci-swiotlb.c | ||
pcspeaker.c | ||
perf_regs.c | ||
platform-quirks.c | ||
pmem.c | ||
probe_roms.c | ||
process.c | ||
process.h | ||
process_32.c | ||
process_64.c | ||
ptrace.c | ||
pvclock.c | ||
quirks.c | ||
reboot.c | ||
reboot_fixups_32.c | ||
relocate_kernel_32.S | ||
relocate_kernel_64.S | ||
resource.c | ||
rtc.c | ||
setup.c | ||
setup_percpu.c | ||
sev-shared.c | ||
sev.c | ||
sev_verify_cbit.S | ||
signal.c | ||
signal_compat.c | ||
smp.c | ||
smpboot.c | ||
stacktrace.c | ||
static_call.c | ||
step.c | ||
sys_ia32.c | ||
sys_x86_64.c | ||
tboot.c | ||
time.c | ||
tls.c | ||
tls.h | ||
topology.c | ||
trace.c | ||
trace_clock.c | ||
tracepoint.c | ||
traps.c | ||
tsc.c | ||
tsc_msr.c | ||
tsc_sync.c | ||
umip.c | ||
unwind_frame.c | ||
unwind_guess.c | ||
unwind_orc.c | ||
uprobes.c | ||
verify_cpu.S | ||
vm86_32.c | ||
vmlinux.lds.S | ||
vsmp_64.c | ||
x86_init.c |