On Tue, 2018-01-23 at 16:25 +0100, Peter Zijlstra wrote:
> Implement a jump_label assertion that asserts that the code location
> is indeed only reachable through a static_branch. Because if GCC is
> absolutely retaded it could generate code like:
> 
>         xor rax,rax
>         NOP/JMP 1f
>         mov $1, rax
> 1:
>         test rax,rax
>         jz 2f
>         
> 2:
> 
> instead of the sensible:
> 
>         NOP/JMP 1f
>         
> 1:
> 
> This implements objtool infrastructure for ensuring the code ends up
> sane, since we'll rely on that for correctness and security.
> 
> We tag the instructions after the static branch with static_jump_dest=true;
> that is the instruction after the NOP and the instruction at the
> JMP+disp site.
> 
> Then, when we read the .discard.jump_assert section, we assert that
> each entry points to an instruction that has static_jump_dest set.
> 
> With this we can assert that the code emitted for the if statement
> ends up at the static jump location and nothing untowards happened.
> 
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> 
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>

Thank you for pandering to my paranoia. I suspect that misspelling the
word 'retarded' isn't going to be sufficient to stop people from
objecting to the use of that word, but other than that,

Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>