From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=QyIB=IO=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,
	USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 18C55C433DB
	for <linux-mm@archiver.kernel.org>; Tue, 16 Mar 2021 19:27:28 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id A10DC64EB3
	for <linux-mm@archiver.kernel.org>; Tue, 16 Mar 2021 19:27:27 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A10DC64EB3
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 24D986B0036; Tue, 16 Mar 2021 15:27:27 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1FF606B006C; Tue, 16 Mar 2021 15:27:27 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 0C7A56B006E; Tue, 16 Mar 2021 15:27:27 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0099.hostedemail.com [216.40.44.99])
	by kanga.kvack.org (Postfix) with ESMTP id E10EE6B0036
	for <linux-mm@kvack.org>; Tue, 16 Mar 2021 15:27:26 -0400 (EDT)
Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 9729C181AF5CA
	for <linux-mm@kvack.org>; Tue, 16 Mar 2021 19:27:26 +0000 (UTC)
X-FDA: 77926721292.18.ACAA6C6
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
	by imf26.hostedemail.com (Postfix) with ESMTP id 81233407F8DF
	for <linux-mm@kvack.org>; Tue, 16 Mar 2021 19:27:25 +0000 (UTC)
IronPort-SDR: WCqwgL2Br6dGJV40AK8d4h7Q72sDMTgn6FPyI1b1tmvnKA6qlrk6YE4X45QQaF+ZRUYTqIyt1j
 Q26IryybSROg==
X-IronPort-AV: E=McAfee;i="6000,8403,9925"; a="209267522"
X-IronPort-AV: E=Sophos;i="5.81,254,1610438400"; 
   d="scan'208";a="209267522"
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 12:27:21 -0700
IronPort-SDR: uFgLa216tNsrzWIgcRCdtwQiM9p8zrA76JWNP1+VGm7SvOsa4P1fAsWowUhRqqtgPdRlhqiz7V
 CgKQgK3Q/nHA==
X-IronPort-AV: E=Sophos;i="5.81,254,1610438400"; 
   d="scan'208";a="372079895"
Received: from yyu32-mobl1.amr.corp.intel.com (HELO [10.212.191.248]) ([10.212.191.248])
  by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 12:27:18 -0700
Subject: Re: [PATCH v23 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org,
 linux-arch@vger.kernel.org, linux-api@vger.kernel.org,
 Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@kernel.org>,
 Balbir Singh <bsingharora@gmail.com>, Borislav Petkov <bp@alien8.de>,
 Cyrill Gorcunov <gorcunov@gmail.com>,
 Dave Hansen <dave.hansen@linux.intel.com>,
 Eugene Syromiatnikov <esyr@redhat.com>, Florian Weimer <fweimer@redhat.com>,
 "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
 Jonathan Corbet <corbet@lwn.net>, Kees Cook <keescook@chromium.org>,
 Mike Kravetz <mike.kravetz@oracle.com>, Nadav Amit <nadav.amit@gmail.com>,
 Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
 Peter Zijlstra <peterz@infradead.org>, Randy Dunlap <rdunlap@infradead.org>,
 "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
 Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
 Dave Martin <Dave.Martin@arm.com>, Weijiang Yang <weijiang.yang@intel.com>,
 Pengfei Xu <pengfei.xu@intel.com>, Haitao Huang <haitao.huang@intel.com>
References: <20210316151320.6123-1-yu-cheng.yu@intel.com>
 <20210316151320.6123-10-yu-cheng.yu@intel.com> <YFEFhoi/SB12HUrg@kernel.org>
From: "Yu, Yu-cheng" <yu-cheng.yu@intel.com>
Message-ID: <b523b794-3553-f7bb-3a69-24d936f0fefa@intel.com>
Date: Tue, 16 Mar 2021 12:27:19 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <YFEFhoi/SB12HUrg@kernel.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 81233407F8DF
X-Stat-Signature: 8iz9ah9qkkwptjf557tcpx3pffxakwzw
Received-SPF: none (intel.com>: No applicable sender policy available) receiver=imf26; identity=mailfrom; envelope-from="<yu-cheng.yu@intel.com>"; helo=mga01.intel.com; client-ip=192.55.52.88
X-HE-DKIM-Result: none/none
X-HE-Tag: 1615922845-117321
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 3/16/2021 12:22 PM, Jarkko Sakkinen wrote:
> On Tue, Mar 16, 2021 at 08:13:19AM -0700, Yu-cheng Yu wrote:
>> ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
>> component of CET.  IBT prevents attacks by ensuring that (most) indirect
>> branches and function calls may only land at ENDBR instructions.  Branches
>> that don't follow the rules will result in control flow (#CF) exceptions.
>>
>> ENDBR is a noop when IBT is unsupported or disabled.  Most ENDBR
>> instructions are inserted automatically by the compiler, but branch
>> targets written in assembly must have ENDBR added manually.
>>
>> Add ENDBR to __vdso_sgx_enter_enclave() branch targets.
>>
>> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
>> Cc: Andy Lutomirski <luto@kernel.org>
>> Cc: Borislav Petkov <bp@alien8.de>
>> Cc: Dave Hansen <dave.hansen@linux.intel.com>
>> Cc: Jarkko Sakkinen <jarkko@kernel.org>
>> Cc: Peter Zijlstra <peterz@infradead.org>
>> ---
>>   arch/x86/entry/vdso/vsgx.S | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/arch/x86/entry/vdso/vsgx.S b/arch/x86/entry/vdso/vsgx.S
>> index 86a0e94f68df..1baa9b49053e 100644
>> --- a/arch/x86/entry/vdso/vsgx.S
>> +++ b/arch/x86/entry/vdso/vsgx.S
>> @@ -6,6 +6,7 @@
>>   #include <asm/enclu.h>
>>   
>>   #include "extable.h"
>> +#include "../calling.h"
>>   
>>   /* Relative to %rbp. */
>>   #define SGX_ENCLAVE_OFFSET_OF_RUN		16
>> @@ -27,6 +28,7 @@
>>   SYM_FUNC_START(__vdso_sgx_enter_enclave)
>>   	/* Prolog */
>>   	.cfi_startproc
>> +	ENDBR
>>   	push	%rbp
>>   	.cfi_adjust_cfa_offset	8
>>   	.cfi_rel_offset		%rbp, 0
>> @@ -62,6 +64,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave)
>>   .Lasync_exit_pointer:
>>   .Lenclu_eenter_eresume:
>>   	enclu
>> +	ENDBR
>>   
>>   	/* EEXIT jumps here unless the enclave is doing something fancy. */
>>   	mov	SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx
>> @@ -91,6 +94,7 @@ SYM_FUNC_START(__vdso_sgx_enter_enclave)
>>   	jmp	.Lout
>>   
>>   .Lhandle_exception:
>> +	ENDBR
>>   	mov	SGX_ENCLAVE_OFFSET_OF_RUN(%rbp), %rbx
>>   
>>   	/* Set the exception info. */
>> -- 
>> 2.21.0
>>
>>
> 
> Looks good to me.
> 
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

Thanks for reviewing.  In response to Dave's and Boris' comments, I will 
replace ENDBR macro with _CET_ENDBR that comes from the compiler.  Can I 
still keep the Reviewed-by?

> 
> /Jarkko
>