From e352e7e792699661422218c1dc8ad06b4bbf6652 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 18 Feb 2020 14:05:39 -0800
Subject: [PATCH] x86: Add ENDBR at function entries

Intel Control-flow Enforcement Technology (CET):

https://software.intel.com/en-us/articles/intel-sdm

contains shadow stack (SHSTK) and indirect branch tracking (IBT).
When IBT is enabled, all indirect branch targets must start with
ENDBR instruction which is a NOP on non-CET processors.

Closes: https://gitlab.freedesktop.org/mesa/mesa/issues/2538

Acked-by: Matt Turner <mattst88@gmail.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Ben Widawsky <ben.widawsky@intel.com>
Tested-by: Marge Bot <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/3865>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/3865>
---
 src/mapi/entry_x86-64_tls.h | 8 ++++++++
 src/mapi/entry_x86_tls.h    | 7 +++++++
 src/mapi/entry_x86_tsd.h    | 7 +++++++
 3 files changed, 22 insertions(+)

diff --git a/src/mapi/entry_x86-64_tls.h b/src/mapi/entry_x86-64_tls.h
index 1e29bde516c..aebe4cf4a3f 100644
--- a/src/mapi/entry_x86-64_tls.h
+++ b/src/mapi/entry_x86-64_tls.h
@@ -25,6 +25,12 @@
  *    Chia-I Wu <olv@lunarg.com>
  */
 
+#ifdef __CET__
+#define ENDBR "endbr64\n\t"
+#else
+#define ENDBR
+#endif
+
 #ifdef HAVE_FUNC_ATTRIBUTE_VISIBILITY
 #define HIDDEN __attribute__((visibility("hidden")))
 #else
@@ -44,6 +50,7 @@ __asm__(".text\n"
 #ifndef __ILP32__
 
 #define STUB_ASM_CODE(slot)                              \
+   ENDBR                                                 \
    "movq " ENTRY_CURRENT_TABLE "@GOTTPOFF(%rip), %rax\n\t"  \
    "movq %fs:(%rax), %r11\n\t"                           \
    "jmp *(8 * " slot ")(%r11)"
@@ -51,6 +58,7 @@ __asm__(".text\n"
 #else
 
 #define STUB_ASM_CODE(slot)                              \
+   ENDBR                                                 \
    "movq " ENTRY_CURRENT_TABLE "@GOTTPOFF(%rip), %rax\n\t"  \
    "movl %fs:(%rax), %r11d\n\t"                          \
    "movl 4*" slot "(%r11d), %r11d\n\t"                   \
diff --git a/src/mapi/entry_x86_tls.h b/src/mapi/entry_x86_tls.h
index 58a27cef18e..bdaa97374ba 100644
--- a/src/mapi/entry_x86_tls.h
+++ b/src/mapi/entry_x86_tls.h
@@ -27,6 +27,12 @@
 
 #include <string.h>
 
+#ifdef __CET__
+#define ENDBR "endbr32\n\t"
+#else
+#define ENDBR
+#endif
+
 #ifdef HAVE_FUNC_ATTRIBUTE_VISIBILITY
 #define HIDDEN __attribute__((visibility("hidden")))
 #else
@@ -59,6 +65,7 @@ __asm__(".balign 16\n"
    func ":"
 
 #define STUB_ASM_CODE(slot)                                 \
+   ENDBR                                                    \
    "call 1f\n"                                              \
    "1:\n\t"                                                 \
    "popl %eax\n\t"                                          \
diff --git a/src/mapi/entry_x86_tsd.h b/src/mapi/entry_x86_tsd.h
index 9526cdcef1a..1cf3ea2964e 100644
--- a/src/mapi/entry_x86_tsd.h
+++ b/src/mapi/entry_x86_tsd.h
@@ -25,6 +25,12 @@
  *    Chia-I Wu <olv@lunarg.com>
  */
 
+#ifdef __CET__
+#define ENDBR "endbr32\n\t"
+#else
+#define ENDBR
+#endif
+
 #ifdef HAVE_FUNC_ATTRIBUTE_VISIBILITY
 #define HIDDEN __attribute__((visibility("hidden")))
 #else
@@ -44,6 +50,7 @@ __asm__(".text\n"
    func ":"
 
 #define STUB_ASM_CODE(slot)         \
+   ENDBR                            \
    "call 1f\n\t"                    \
    "1:\n\t"                         \
    "popl %ecx\n\t"                  \
-- 
2.30.2