gcc's jump table handling makes use of 'notrack' indirect jumps, causing spurious #CP(3) exceptions. Enable 'notrack' handling for the IBT tests instead of disabling jump tables as we may want to make use of 'notrack' ourselves in future tests. This will allow using report() in IBT tests, as gcc likes to generate a small jump table for exception_mnemonic(): 000000000040707c : 40707c: endbr64 407080: cmp $0x1e,%edi 407083: ja 407117 407089: mov %edi,%edi 40708b: notrack jmp *0x4107e0(,%rdi,8) :: 4070b1: mov $0x411c7c,%eax # <-- #CP(3) here Link: https://lore.kernel.org/all/fc886a22-49f3-4627-8ba6-933099e7640d@grsecurity.net Signed-off-by: Mathias Krause Signed-off-by: Sean Christopherson --- x86/cet.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/x86/cet.c b/x86/cet.c index 26cd1c9b..74d3f701 100644 --- a/x86/cet.c +++ b/x86/cet.c @@ -82,8 +82,9 @@ static uint64_t cet_ibt_func(void) #define CP_ERR_SETSSBSY 0x0005 #define CP_ERR_ENCL BIT(15) -#define ENABLE_SHSTK_BIT 0x1 -#define ENABLE_IBT_BIT 0x4 +#define CET_ENABLE_SHSTK BIT(0) +#define CET_ENABLE_IBT BIT(2) +#define CET_ENABLE_NOTRACK BIT(4) static void test_shstk(void) { @@ -112,7 +113,7 @@ static void test_shstk(void) install_pte(current_page_table(), 1, shstk_virt, pte, 0); /* Enable shadow-stack protection */ - wrmsr(MSR_IA32_U_CET, ENABLE_SHSTK_BIT); + wrmsr(MSR_IA32_U_CET, CET_ENABLE_SHSTK); /* Store shadow-stack pointer. */ wrmsr(MSR_IA32_PL3_SSP, (u64)(shstk_virt + 0x1000)); @@ -140,8 +141,8 @@ static void test_ibt(void) return; } - /* Enable indirect-branch tracking */ - wrmsr(MSR_IA32_U_CET, ENABLE_IBT_BIT); + /* Enable indirect-branch tracking (notrack handling for jump tables) */ + wrmsr(MSR_IA32_U_CET, CET_ENABLE_IBT | CET_ENABLE_NOTRACK); run_in_user(cet_ibt_func, CP_VECTOR, 0, 0, 0, 0, &rvc); report(rvc && exception_error_code() == CP_ERR_ENDBR, -- 2.52.0.rc1.455.g30608eb744-goog