diff mbox series

[RFC,08/11] x86/ibt: Add CET_TEST module for IBT testing

Message ID 20220420004241.2093-9-joao@overdrivepizza.com (mailing list archive)
State Changes Requested
Headers show
Series Kernel FineIBT Support | expand

Commit Message

Joao Moreira April 20, 2022, 12:42 a.m. UTC 
From: Joao Moreira <joao@overdrivepizza.com>

Add a kernel module that violates IBT policy on load, triggering a
control protection fault and makes the enforcement visible.

Signed-off-by: Joao Moreira <joao@overdrivepizza.com>
Tinkered-from-work-by: Alyssa Milburn <alyssa.milburn@linux.intel.com>
---
 arch/x86/Kconfig.debug     |  5 +++++
 arch/x86/kernel/Makefile   |  1 +
 arch/x86/kernel/cet_test.c | 30 ++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 arch/x86/kernel/cet_test.c
diff mbox series

Patch

diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index d3a6f74a94bd..d2463dd912c1 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -279,3 +279,8 @@  endchoice
 config FRAME_POINTER
 	depends on !UNWINDER_ORC && !UNWINDER_GUESS
 	bool
+
+config X86_CET_TEST
+	depends on m
+	depends on X86_KERNEL_IBT
+	tristate "in-kernel CET testing module"
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index cb947569e9d8..a82bcd14bd40 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -149,6 +149,7 @@  obj-$(CONFIG_UNWINDER_GUESS)		+= unwind_guess.o
 
 obj-$(CONFIG_AMD_MEM_ENCRYPT)		+= sev.o
 obj-$(CONFIG_X86_KERNEL_FINEIBT)	+= fineibt.o
+obj-$(CONFIG_X86_CET_TEST)		+= cet_test.o
 
 ###
 # 64 bit specific files
diff --git a/arch/x86/kernel/cet_test.c b/arch/x86/kernel/cet_test.c
new file mode 100644
index 000000000000..c48be8cbd0b5
--- /dev/null
+++ b/arch/x86/kernel/cet_test.c
@@ -0,0 +1,30 @@ 
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <linux/module.h>
+
+static int cet_test_init(void)
+{
+	pr_info("CET test, expect faults\n");
+
+	// FIXME: use register_die_notifier
+
+	asm volatile(
+		"lea 1f(%%rip), %%rax\n"
+		"jmp *%%rax\n"
+		"nop\n"
+		"1:\n"
+		/* no endbranch */
+		"nop\n"
+		:::"rax"
+		    );
+	return 0;
+}
+
+static void cet_test_exit(void)
+{
+}
+
+module_init(cet_test_init);
+module_exit(cet_test_exit);
+
+MODULE_LICENSE("GPL v2");