• Peter Zijlstra's avatar
    x86,static_call: Use alternative RET encoding · ee88d363
    Peter Zijlstra authored
    In addition to teaching static_call about the new way to spell 'RET',
    there is an added complication in that static_call() is allowed to
    rewrite text before it is known which particular spelling is required.
    
    In order to deal with this; have a static_call specific fixup in the
    apply_return() 'alternative' patching routine that will rewrite the
    static_call trampoline to match the definite sequence.
    
    This in turn creates the problem of uniquely identifying static call
    trampolines. Currently trampolines are 8 bytes, the first 5 being the
    jmp.d32/ret sequence and the final 3 a byte sequence that spells out
    'SCT'.
    
    This sequence is used in __static_call_validate() to ensure it is
    patching a trampoline and not a random other jmp.d32. That is,
    false-positives shouldn't be plenty, but aren't a big concern.
    
    OTOH the new __static_call_fixup() must not have false-positives, and
    'SCT' decodes to the somewhat weird but semi plausible sequence:
    
      push %rbx
      rex.XB push %r12
    
    Additionally, there are SLS concerns with immediate jumps. Combined it
    seems like a good moment to change the signature to a single 3 byte
    trap instruction that is unique to this usage and will not ever get
    generated by accident.
    
    As such, change the signature to: '0x0f, 0xb9, 0xcc', which decodes
    to:
    
      ud1 %esp, %ecx
    Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    ee88d363
alternative.c 41.6 KB