Re: [RFC PATCH v3 06/24] x86/cet: Control protection exception handler
From: Yu-cheng Yu <hidden>
Date: 2018-08-31 16:24:37
Also in:
linux-api, linux-arch, linux-doc, lkml
On Fri, 2018-08-31 at 17:01 +0200, Jann Horn wrote:
Is there a reason why all the code in this patch isn't #ifdef'ed away on builds that don't support CET? It looks like the CET handler is hooked up to the IDT conditionally, but the handler code is always built?
Yes, in idt.c, it should have been: #ifdef CONFIG_X86_64 INTG(X86_TRAP_CP, control_protection), #endif I will fix it.
quoted
+dotraplinkage void +do_control_protection(struct pt_regs *regs, long error_code) +{ +A A A A A A A struct task_struct *tsk; + +A A A A A A A RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU"); +A A A A A A A if (notify_die(DIE_TRAP, "control protection fault", regs, +A A A A A A A A A A A A A A A A A A A A A A error_code, X86_TRAP_CP, SIGSEGV) == NOTIFY_STOP) +A A A A A A A A A A A A A A A return; +A A A A A A A cond_local_irq_enable(regs); + +A A A A A A A if (!user_mode(regs)) +A A A A A A A A A A A A A A A die("kernel control protection fault", regs, error_code); + +A A A A A A A if (!static_cpu_has(X86_FEATURE_SHSTK) && +A A A A A A A A A A A !static_cpu_has(X86_FEATURE_IBT)) +A A A A A A A A A A A A A A A WARN_ONCE(1, "CET is disabled but got control " +A A A A A A A A A A A A A A A A A A A A A A A A A "protection fault\n"); + +A A A A A A A tsk = current; +A A A A A A A tsk->thread.error_code = error_code; +A A A A A A A tsk->thread.trap_nr = X86_TRAP_CP; + +A A A A A A A if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) && +A A A A A A A A A A A printk_ratelimit()) { +A A A A A A A A A A A A A A A unsigned int max_err; + +A A A A A A A A A A A A A A A max_err = ARRAY_SIZE(control_protection_err) - 1; +A A A A A A A A A A A A A A A if ((error_code < 0) || (error_code > max_err)) +A A A A A A A A A A A A A A A A A A A A A A A error_code = 0; +A A A A A A A A A A A A A A A pr_info("%s[%d] control protection ip:%lx sp:%lx error:%lx(%s)", +A A A A A A A A A A A A A A A A A A A A A A A tsk->comm, task_pid_nr(tsk), +A A A A A A A A A A A A A A A A A A A A A A A regs->ip, regs->sp, error_code, +A A A A A A A A A A A A A A A A A A A A A A A control_protection_err[error_code]); +A A A A A A A A A A A A A A A print_vma_addr(" in ", regs->ip);Shouldn't this be using KERN_CONT, like other callers of print_vma_addr(), to get the desired output?
I will change it.