projects / lttng-modules.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dfdb34f) | patch
Fix: Disable IBT around indirect function calls
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Mon, 8 Jan 2024 18:31:04 +0000 (13:31 -0500)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 9 Jan 2024 16:25:14 +0000 (11:25 -0500)
commit92e2c5feecb39cdd4796da89f2b684e395403040
treeeecd7c006b8b64dca4e9fbe04c95d58d2c57b68btree | snapshot
parentdfdb34fd8576fba33510491aef5cd5f6f67b56b8commit | diff
Fix: Disable IBT around indirect function calls

When the Intel IBT feature is enabled, a CPU supporting this feature
validates that all indirect jumps/calls land on an ENDBR64 instruction.

The kernel seals functions which are not meant to be called indirectly,
which means that calling functions indirectly from their address fetched
using kallsyms or kprobes trigger a crash.

Use the MSR_IA32_S_CET CET_ENDBR_EN MSR bit to temporarily disable ENDBR
validation around indirect calls to kernel functions. Considering that
the main purpose of this feature is to prevent ROP-style attacks,
disabling the ENDBR validation temporarily around the call from a kernel
module does not affect the ROP protection.

Fixes #1408
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I97f5d8efce093c1e956cede1f44de2fcebf30227
include/wrapper/ibt.h [new file with mode: 0644] blob
include/wrapper/kallsyms.h diff | blob | blame | history
src/lttng-context-callstack-legacy-impl.h diff | blob | blame | history
src/lttng-context-callstack-stackwalk-impl.h diff | blob | blame | history
src/wrapper/irqdesc.c diff | blob | blame | history
src/wrapper/kallsyms.c diff | blob | blame | history
src/wrapper/page_alloc.c diff | blob | blame | history
LTTng 2.0/0.x modules
This page took 0.027711 seconds and 4 git commands to generate.