Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4093963pxb; Mon, 8 Feb 2021 07:49:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJwpisNRv8vf7vJbLStvPFfqHp2XpktWzlgkRCQvImsyLgqJzUGHxeeNOp/vROlE01XtDwfA X-Received: by 2002:a50:f382:: with SMTP id g2mr10931388edm.273.1612799348745; Mon, 08 Feb 2021 07:49:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612799348; cv=none; d=google.com; s=arc-20160816; b=FXN2moJFFG+rWmmsgiiAKu0IpN3kpUkBmpydzqYMpsYCBH1Y1Zde186EIdDuLIzmpc 53FYnzyeOShKjFR9s8FQrZlyx+R0TwheA9aw7PQElEcaaEVxA2Oz3FJ3JwAls7Fwcn5k 3befL17ovxt3NPPIbAUbMB4TEmpJ2yGSFDcKZpPVpR9NXnISA62lVEOU2Il0v2nVcMKw u25gvevcpusfMk3kCjeSXUl4YGlvwkD5fgo5fhyIOmzsXasEdOEeSUBh4fHHOPnE8s0w vOnFxiltXeVhcEcv8bNCeUpjlWIdu023Tb8puMs5/pdKYV6C4waU2gLYswhAddlin06l 8wSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=m1De8uTrkxAF+PBfYhDKlQpKQlq0Wb5zMqWNhrTBrpc=; b=ivwjgqEVCKtcZ3qUbQMxpM89DHTYpWqHEXmjtDRf1VF2iv39ydCkpaj2A3w8PADpiI y6w7zz6tNmK/at36m5TK1JBaf5SEV8G5NxurQdsSHTUTeOsrKWp0SYflsta0jYt8gXMI bx4LLNlyzNRoyxjWnt/4W3cNB0mCBcpPc/2qcmvT3QfNIsfSK0iisjMDk7cEb1eJvMCm /c48/yK8h4NayJa850f4E4KlY1T+CunWFVSexLzQJj5AIKEqi1lnV3B/uRMUC7dIItLP UV+vu69Ra9IluNZhQAmsn9RnHT2gO4Q4U4ojEviHWaAnS7hjT1zoijJ9/8J8nGaHDerT zivw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=E7ReQxA9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hp6si10893954ejc.532.2021.02.08.07.48.41; Mon, 08 Feb 2021 07:49:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=E7ReQxA9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232729AbhBHPr1 (ORCPT + 99 others); Mon, 8 Feb 2021 10:47:27 -0500 Received: from mail.kernel.org ([198.145.29.99]:52452 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233082AbhBHPGv (ORCPT ); Mon, 8 Feb 2021 10:06:51 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 249C164EBE; Mon, 8 Feb 2021 15:05:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1612796711; bh=cAtUfQ2deIWTOa9F+bv1peJGC0CcBX/K7eepwU7rZeA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=E7ReQxA9LV8cvz8kAiuyIpqXvXyFOqRPo19h740VMCqdW5VDNHfr7LPbN2aODvfCR EMnyUZr1YTqTZmqrZbp4gxVL1f4lj1b5hFUQZdCr8iUShX0vfNJh/B8fJ9UGQJb311 Nceo86UoIjE8+ir8+uOd/rphAM4l9hZI4Iuer2FY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nikolay Borisov , Josh Poimboeuf , Borislav Petkov , Seth Forshee , Masahiro Yamada Subject: [PATCH 4.9 38/43] x86/build: Disable CET instrumentation in the kernel Date: Mon, 8 Feb 2021 16:01:04 +0100 Message-Id: <20210208145807.853978433@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210208145806.281758651@linuxfoundation.org> References: <20210208145806.281758651@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Poimboeuf commit 20bf2b378729c4a0366a53e2018a0b70ace94bcd upstream. With retpolines disabled, some configurations of GCC, and specifically the GCC versions 9 and 10 in Ubuntu will add Intel CET instrumentation to the kernel by default. That breaks certain tracing scenarios by adding a superfluous ENDBR64 instruction before the fentry call, for functions which can be called indirectly. CET instrumentation isn't currently necessary in the kernel, as CET is only supported in user space. Disable it unconditionally and move it into the x86's Makefile as CET/CFI... enablement should be a per-arch decision anyway. [ bp: Massage and extend commit message. ] Fixes: 29be86d7f9cb ("kbuild: add -fcf-protection=none when using retpoline flags") Reported-by: Nikolay Borisov Signed-off-by: Josh Poimboeuf Signed-off-by: Borislav Petkov Reviewed-by: Nikolay Borisov Tested-by: Nikolay Borisov Cc: Cc: Seth Forshee Cc: Masahiro Yamada Link: https://lkml.kernel.org/r/20210128215219.6kct3h2eiustncws@treble Signed-off-by: Greg Kroah-Hartman --- Makefile | 6 ------ arch/x86/Makefile | 3 +++ 2 files changed, 3 insertions(+), 6 deletions(-) --- a/Makefile +++ b/Makefile @@ -841,12 +841,6 @@ KBUILD_CFLAGS += $(call cc-option,-Wer # change __FILE__ to the relative path from the srctree KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) -# ensure -fcf-protection is disabled when using retpoline as it is -# incompatible with -mindirect-branch=thunk-extern -ifdef CONFIG_RETPOLINE -KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) -endif - # use the deterministic mode of AR if available KBUILD_ARFLAGS := $(call ar-option,D) --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -137,6 +137,9 @@ else KBUILD_CFLAGS += -mno-red-zone KBUILD_CFLAGS += -mcmodel=kernel + # Intel CET isn't enabled in the kernel + KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) + # -funit-at-a-time shrinks the kernel .text considerably # unfortunately it makes reading oopses harder. KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time)