Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4178218pxb; Mon, 8 Feb 2021 09:42:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJzbLGY+H4wvYNsr51T7tKknYTudpPiWwDXYkN2ysmpF3eqPrHhZgmQcgQaKeeRrxh47sWDZ X-Received: by 2002:a17:907:9483:: with SMTP id dm3mr17833196ejc.120.1612806170586; Mon, 08 Feb 2021 09:42:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612806170; cv=none; d=google.com; s=arc-20160816; b=sg3dAzDy/wpBqWE2vCSFIodeDiX2i1QrUvoXRHKSyVdHUXuFVIq9M157U4lZ2d/d9r XbWohiIGE7hEUNaHJmg1tntKcZd3C01doRL2/1QeJN2sJ7pSXIOzL5IpNxjw4HBGZXqS m5T/ForqOaESnE1DEebNu1d7HmH2yFJxQi738S8P46Q0YKf84/yoZKLc+Q2ng8/4p5IR zUrOcySFtEoNQ9a3hjQrn83+aF1MEf/ByTvcxOLBO1TkDbvbyt+78SBEy0aP0VpoQbsB umq5yS1/d8FAZGma69Ffy11MMB5NeeZhfjnDriL10cLzjnBVHY4u6N7fdiNLYiXXy5FW amcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/sI8GVNdqjyp/HTOFWx72rWIMGPYvvOw78Bn0DahMTg=; b=un3CoF5WHnupJ8g+mc1xO5KpX0fAIbiuhDYaDRnApaUorWuYDCvnH5EcHafJmsWN4u k7wvczCbcaer+6KxhiWLN7dFeR95YkRIlb9/iKtvaO51PlZBYGXhCmz0NlccObE134he HopGD/NGMJdA6hghtA7n389wfFYaExShyieARppgx9Ite/5BrJTdxZqg0J/0H+vuO468 Qv5q4BVoFGKe/ABzi0sOeKeoApPX0kJt9ERyQknkX9SvYVRV1tmEu2+TiHqkmQjDUYEq ZcT6KOXn6q5Ho/1BZidevvmeivE+tYqCh9LrRd4+1R2OwD47UrBn1tEMGOdM2ZdmvUEj ZITQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=NfNq658v; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g26si11880745edy.55.2021.02.08.09.42.24; Mon, 08 Feb 2021 09:42:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=NfNq658v; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230447AbhBHRjl (ORCPT + 99 others); Mon, 8 Feb 2021 12:39:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:38018 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233799AbhBHPaa (ORCPT ); Mon, 8 Feb 2021 10:30:30 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 71CB864ECB; Mon, 8 Feb 2021 15:17:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1612797425; bh=kkTDqg8lH95434hgag5hZj6EpSzITDdApzwt04Mq/dA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NfNq658v/FoIKLgbDnTqGQDySNZbuTBLeRR52J48IsP1IFR3pJMHqcfEC2cugIQjd og7HKY0yGqNmGruR+9QBeubIquj9c4l8AgYU7hxWJ+UB04sqeQ6fF9tSGPrMwuElkZ DlFc4DjvJcxJjatR+9/pEMVkX7sM8xMoDkIZuYJw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nikolay Borisov , Josh Poimboeuf , Borislav Petkov , Seth Forshee , Masahiro Yamada Subject: [PATCH 5.10 106/120] x86/build: Disable CET instrumentation in the kernel Date: Mon, 8 Feb 2021 16:01:33 +0100 Message-Id: <20210208145822.613119170@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210208145818.395353822@linuxfoundation.org> References: <20210208145818.395353822@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Poimboeuf commit 20bf2b378729c4a0366a53e2018a0b70ace94bcd upstream. With retpolines disabled, some configurations of GCC, and specifically the GCC versions 9 and 10 in Ubuntu will add Intel CET instrumentation to the kernel by default. That breaks certain tracing scenarios by adding a superfluous ENDBR64 instruction before the fentry call, for functions which can be called indirectly. CET instrumentation isn't currently necessary in the kernel, as CET is only supported in user space. Disable it unconditionally and move it into the x86's Makefile as CET/CFI... enablement should be a per-arch decision anyway. [ bp: Massage and extend commit message. ] Fixes: 29be86d7f9cb ("kbuild: add -fcf-protection=none when using retpoline flags") Reported-by: Nikolay Borisov Signed-off-by: Josh Poimboeuf Signed-off-by: Borislav Petkov Reviewed-by: Nikolay Borisov Tested-by: Nikolay Borisov Cc: Cc: Seth Forshee Cc: Masahiro Yamada Link: https://lkml.kernel.org/r/20210128215219.6kct3h2eiustncws@treble Signed-off-by: Greg Kroah-Hartman --- Makefile | 6 ------ arch/x86/Makefile | 3 +++ 2 files changed, 3 insertions(+), 6 deletions(-) --- a/Makefile +++ b/Makefile @@ -950,12 +950,6 @@ KBUILD_CFLAGS += $(call cc-option,-Wer # change __FILE__ to the relative path from the srctree KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) -# ensure -fcf-protection is disabled when using retpoline as it is -# incompatible with -mindirect-branch=thunk-extern -ifdef CONFIG_RETPOLINE -KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) -endif - # include additional Makefiles when needed include-y := scripts/Makefile.extrawarn include-$(CONFIG_KASAN) += scripts/Makefile.kasan --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -127,6 +127,9 @@ else KBUILD_CFLAGS += -mno-red-zone KBUILD_CFLAGS += -mcmodel=kernel + + # Intel CET isn't enabled in the kernel + KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) endif ifdef CONFIG_X86_X32