~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/arch/x86/include/asm/cfi.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SPDX-License-Identifier: GPL-2.0 */
  2 #ifndef _ASM_X86_CFI_H
  3 #define _ASM_X86_CFI_H
  4 
  5 /*
  6  * Clang Control Flow Integrity (CFI) support.
  7  *
  8  * Copyright (C) 2022 Google LLC
  9  */
 10 #include <linux/bug.h>
 11 #include <asm/ibt.h>
 12 
 13 /*
 14  * An overview of the various calling conventions...
 15  *
 16  * Traditional:
 17  *
 18  * foo:
 19  *   ... code here ...
 20  *   ret
 21  *
 22  * direct caller:
 23  *   call foo
 24  *
 25  * indirect caller:
 26  *   lea foo(%rip), %r11
 27  *   ...
 28  *   call *%r11
 29  *
 30  *
 31  * IBT:
 32  *
 33  * foo:
 34  *   endbr64
 35  *   ... code here ...
 36  *   ret
 37  *
 38  * direct caller:
 39  *   call foo / call foo+4
 40  *
 41  * indirect caller:
 42  *   lea foo(%rip), %r11
 43  *   ...
 44  *   call *%r11
 45  *
 46  *
 47  * kCFI:
 48  *
 49  * __cfi_foo:
 50  *   movl $0x12345678, %eax
 51  *                              # 11 nops when CONFIG_CALL_PADDING
 52  * foo:
 53  *   endbr64                    # when IBT
 54  *   ... code here ...
 55  *   ret
 56  *
 57  * direct call:
 58  *   call foo                   # / call foo+4 when IBT
 59  *
 60  * indirect call:
 61  *   lea foo(%rip), %r11
 62  *   ...
 63  *   movl $(-0x12345678), %r10d
 64  *   addl -4(%r11), %r10d       # -15 when CONFIG_CALL_PADDING
 65  *   jz   1f
 66  *   ud2
 67  * 1:call *%r11
 68  *
 69  *
 70  * FineIBT (builds as kCFI + CALL_PADDING + IBT + RETPOLINE and runtime patches into):
 71  *
 72  * __cfi_foo:
 73  *   endbr64
 74  *   subl 0x12345678, %r10d
 75  *   jz   foo
 76  *   ud2
 77  *   nop
 78  * foo:
 79  *   osp nop3                   # was endbr64
 80  *   ... code here ...
 81  *   ret
 82  *
 83  * direct caller:
 84  *   call foo / call foo+4
 85  *
 86  * indirect caller:
 87  *   lea foo(%rip), %r11
 88  *   ...
 89  *   movl $0x12345678, %r10d
 90  *   subl $16, %r11
 91  *   nop4
 92  *   call *%r11
 93  *
 94  */
 95 enum cfi_mode {
 96         CFI_AUTO,       /* FineIBT if hardware has IBT, otherwise kCFI */
 97         CFI_OFF,        /* Taditional / IBT depending on .config */
 98         CFI_KCFI,       /* Optionally CALL_PADDING, IBT, RETPOLINE */
 99         CFI_FINEIBT,    /* see arch/x86/kernel/alternative.c */
100 };
101 
102 extern enum cfi_mode cfi_mode;
103 
104 struct pt_regs;
105 
106 #ifdef CONFIG_CFI_CLANG
107 enum bug_trap_type handle_cfi_failure(struct pt_regs *regs);
108 #define __bpfcall
109 extern u32 cfi_bpf_hash;
110 extern u32 cfi_bpf_subprog_hash;
111 
112 static inline int cfi_get_offset(void)
113 {
114         switch (cfi_mode) {
115         case CFI_FINEIBT:
116                 return 16;
117         case CFI_KCFI:
118                 if (IS_ENABLED(CONFIG_CALL_PADDING))
119                         return 16;
120                 return 5;
121         default:
122                 return 0;
123         }
124 }
125 #define cfi_get_offset cfi_get_offset
126 
127 extern u32 cfi_get_func_hash(void *func);
128 
129 #else
130 static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs)
131 {
132         return BUG_TRAP_TYPE_NONE;
133 }
134 #define cfi_bpf_hash 0U
135 #define cfi_bpf_subprog_hash 0U
136 static inline u32 cfi_get_func_hash(void *func)
137 {
138         return 0;
139 }
140 #endif /* CONFIG_CFI_CLANG */
141 
142 #if HAS_KERNEL_IBT == 1
143 #define CFI_NOSEAL(x)   asm(IBT_NOSEAL(__stringify(x)))
144 #endif
145 
146 #endif /* _ASM_X86_CFI_H */
147 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php