x86/ibt: Disable IBT around firmware

Assume firmware isn't IBT clean and disable it across calls. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lore.kernel.org/r/20220308154318.759989383@infradead.org
author: Peter Zijlstra <peterz@infradead.org> 2022-03-08 16:30:38 +0100
committer: Peter Zijlstra <peterz@infradead.org> 2022-03-15 10:32:40 +0100
commit: fe379fa4d199abc52d5b4a256e52cf94eff685cf (patch)
tree: 4466b0d16bc23c3b36f574ef17113bb3cbcfd497 /arch/x86/kernel/cpu/common.c
parent: 99c95c5d4f1027130d555fdb27b576520894827d (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 709acab25f3c..03bd73f16d74 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -517,6 +517,34 @@ static __init int setup_disable_pku(char *arg)
 __setup("nopku", setup_disable_pku);
 #endif /* CONFIG_X86_64 */
 
+#ifdef CONFIG_X86_KERNEL_IBT
+
+__noendbr u64 ibt_save(void)
+{
+	u64 msr = 0;
+
+	if (cpu_feature_enabled(X86_FEATURE_IBT)) {
+		rdmsrl(MSR_IA32_S_CET, msr);
+		wrmsrl(MSR_IA32_S_CET, msr & ~CET_ENDBR_EN);
+	}
+
+	return msr;
+}
+
+__noendbr void ibt_restore(u64 save)
+{
+	u64 msr;
+
+	if (cpu_feature_enabled(X86_FEATURE_IBT)) {
+		rdmsrl(MSR_IA32_S_CET, msr);
+		msr &= ~CET_ENDBR_EN;
+		msr |= (save & CET_ENDBR_EN);
+		wrmsrl(MSR_IA32_S_CET, msr);
+	}
+}
+
+#endif
+
 static __always_inline void setup_cet(struct cpuinfo_x86 *c)
 {
 	u64 msr = CET_ENDBR_EN;
author	Peter Zijlstra <peterz@infradead.org>	2022-03-08 16:30:38 +0100
committer	Peter Zijlstra <peterz@infradead.org>	2022-03-15 10:32:40 +0100
commit	fe379fa4d199abc52d5b4a256e52cf94eff685cf (patch)
tree	4466b0d16bc23c3b36f574ef17113bb3cbcfd497 /arch/x86/kernel/cpu/common.c
parent	99c95c5d4f1027130d555fdb27b576520894827d (diff)