From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: x86@kernel.org, joao@overdrivepizza.com, hjl.tools@gmail.com,
andrew.cooper3@citrix.com, linux-kernel@vger.kernel.org,
ndesaulniers@google.com, keescook@chromium.org,
samitolvanen@google.com, mark.rutland@arm.com,
alyssa.milburn@intel.com, mbenes@suse.cz, rostedt@goodmis.org,
mhiramat@kernel.org, alexei.starovoitov@gmail.com
Subject: Re: [PATCH v2 36/39] objtool: Find unused ENDBR instructions
Date: Sat, 26 Feb 2022 19:46:13 -0800 [thread overview]
Message-ID: <20220227034613.a5ejjey5agxlympd@treble> (raw)
In-Reply-To: <20220224151324.137868984@infradead.org>
On Thu, Feb 24, 2022 at 03:52:14PM +0100, Peter Zijlstra wrote:
> +#ifdef CONFIG_X86_KERNEL_IBT
> + . = ALIGN(8);
> + .ibt_endbr_sites : AT(ADDR(.ibt_endbr_sites) - LOAD_OFFSET) {
> + __ibt_endbr_sites = .;
> + *(.ibt_endbr_sites)
> + __ibt_endbr_sites_end = .;
> + }
> +#endif
".ibt_endbr_superfluous" maybe? It's not *all* the endbr sites.
> +
> /*
> * struct alt_inst entries. From the header (alternative.h):
> * "Alternative instructions for different CPU types or capabilities"
> --- a/tools/objtool/builtin-check.c
> +++ b/tools/objtool/builtin-check.c
> @@ -21,7 +21,7 @@
>
> bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats,
> lto, vmlinux, mcount, noinstr, backup, sls, dryrun,
> - ibt, ibt_fix_direct;
> + ibt, ibt_fix_direct, ibt_seal;
>
> static const char * const check_usage[] = {
> "objtool check [<options>] file.o",
> @@ -50,6 +50,7 @@ const struct option check_options[] = {
> OPT_BOOLEAN(0, "dry-run", &dryrun, "don't write the modifications"),
> OPT_BOOLEAN(0, "ibt", &ibt, "validate ENDBR placement"),
> OPT_BOOLEAN(0, "ibt-fix-direct", &ibt_fix_direct, "fixup direct jmp/call to ENDBR"),
> + OPT_BOOLEAN(0, "ibt-seal", &ibt_seal, "list superfluous ENDBR instructions"),
s/list/annotate/ ?
Not sure "ibt-seal" is the appropriate name since the "seal" is done at
boot time.
Do we really need a separate option anyway? To get the full benefits of
IBT you might as well enable it... And always enabling it helps flush
out bugs quicker.
--
Josh
next prev parent reply other threads:[~2022-02-27 3:46 UTC|newest]
Thread overview: 183+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-24 14:51 [PATCH v2 00/39] x86: Kernel IBT Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 01/39] kbuild: Fix clang build Peter Zijlstra
2022-02-25 0:11 ` Kees Cook
2022-03-01 21:16 ` Nick Desaulniers
2022-03-02 0:47 ` Kees Cook
2022-03-02 0:53 ` Fangrui Song
2022-03-02 16:37 ` Nathan Chancellor
2022-03-02 18:40 ` Kees Cook
2022-03-02 19:18 ` Nick Desaulniers
2022-03-02 21:15 ` Nathan Chancellor
2022-03-02 22:07 ` Nick Desaulniers
2022-03-02 23:00 ` Kees Cook
2022-03-02 23:10 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 02/39] static_call: Avoid building empty .static_call_sites Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 03/39] x86/module: Fix the paravirt vs alternative order Peter Zijlstra
2022-03-01 14:37 ` Miroslav Benes
2022-02-24 14:51 ` [PATCH v2 04/39] objtool: Add --dry-run Peter Zijlstra
2022-02-25 0:27 ` Kees Cook
2022-03-01 14:37 ` Miroslav Benes
2022-02-24 14:51 ` [PATCH v2 05/39] x86: Base IBT bits Peter Zijlstra
2022-02-25 0:35 ` Kees Cook
2022-02-25 0:46 ` Nathan Chancellor
2022-02-25 22:08 ` Nathan Chancellor
2022-02-26 0:29 ` Joao Moreira
2022-02-26 4:58 ` Kees Cook
2022-02-26 4:59 ` Fāng-ruì Sòng
2022-02-26 5:04 ` Kees Cook
2022-02-25 13:41 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 06/39] x86/ibt: Add ANNOTATE_NOENDBR Peter Zijlstra
2022-02-25 0:36 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust Peter Zijlstra
2022-02-24 22:37 ` Josh Poimboeuf
2022-02-25 0:42 ` Kees Cook
2022-02-25 9:22 ` Andrew Cooper
2022-02-24 14:51 ` [PATCH v2 08/39] x86/linkage: Add ENDBR to SYM_FUNC_START*() Peter Zijlstra
2022-02-25 0:45 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 09/39] x86/ibt,paravirt: Sprinkle ENDBR Peter Zijlstra
2022-02-25 0:47 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 10/39] x86/ibt,crypto: Add ENDBR for the jump-table entries Peter Zijlstra
2022-02-24 22:41 ` Josh Poimboeuf
2022-02-25 0:50 ` Kees Cook
2022-02-25 10:22 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 11/39] x86/ibt,kvm: Add ENDBR to fastops Peter Zijlstra
2022-02-25 0:54 ` Kees Cook
2022-02-25 10:24 ` Peter Zijlstra
2022-02-25 13:09 ` David Laight
2022-02-24 14:51 ` [PATCH v2 12/39] x86/ibt,ftrace: Search for __fentry__ location Peter Zijlstra
2022-02-24 15:55 ` Masami Hiramatsu
2022-02-24 15:58 ` Steven Rostedt
2022-02-24 15:59 ` Steven Rostedt
2022-02-24 16:01 ` Steven Rostedt
2022-02-24 22:46 ` Josh Poimboeuf
2022-02-24 22:51 ` Steven Rostedt
2022-02-25 1:34 ` Masami Hiramatsu
2022-02-25 2:19 ` Steven Rostedt
2022-02-25 10:20 ` Masami Hiramatsu
2022-02-25 13:36 ` Steven Rostedt
2022-03-01 18:57 ` Naveen N. Rao
2022-03-01 19:20 ` Steven Rostedt
2022-03-02 13:20 ` Peter Zijlstra
2022-03-02 16:01 ` Steven Rostedt
2022-03-02 19:47 ` Steven Rostedt
2022-03-02 20:48 ` Steven Rostedt
2022-03-02 20:51 ` Peter Zijlstra
2022-03-03 9:45 ` Naveen N. Rao
2022-03-03 13:04 ` Peter Zijlstra
2022-03-03 14:34 ` Steven Rostedt
2022-03-03 15:59 ` Peter Zijlstra
2022-03-06 3:48 ` Masami Hiramatsu
2022-03-09 11:47 ` Naveen N. Rao
2022-03-03 14:39 ` Naveen N. Rao
2022-02-25 0:55 ` Kees Cook
2022-03-02 16:25 ` Naveen N. Rao
2022-02-24 14:51 ` [PATCH v2 13/39] x86/livepatch: Validate " Peter Zijlstra
2022-02-24 23:02 ` Josh Poimboeuf
2022-02-24 14:51 ` [PATCH v2 14/39] x86/ibt,ftrace: Make function-graph play nice Peter Zijlstra
2022-02-24 15:36 ` Peter Zijlstra
2022-02-24 15:42 ` Steven Rostedt
2022-02-24 23:09 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 15/39] x86/ibt,kprobes: Fix more +0 assumptions Peter Zijlstra
2022-02-25 0:58 ` Kees Cook
2022-02-25 1:32 ` Masami Hiramatsu
2022-02-25 10:46 ` Peter Zijlstra
2022-02-25 13:42 ` Masami Hiramatsu
2022-02-25 15:41 ` Peter Zijlstra
2022-02-26 2:10 ` Masami Hiramatsu
2022-02-26 11:48 ` Peter Zijlstra
2022-02-25 14:14 ` Steven Rostedt
2022-02-26 7:09 ` Masami Hiramatsu
2022-02-28 6:07 ` Masami Hiramatsu
2022-02-28 23:25 ` Peter Zijlstra
2022-03-01 2:49 ` Masami Hiramatsu
2022-03-01 8:28 ` Peter Zijlstra
2022-03-01 17:19 ` Naveen N. Rao
2022-03-01 19:12 ` Peter Zijlstra
2022-03-01 20:05 ` Peter Zijlstra
2022-03-02 15:59 ` Naveen N. Rao
2022-03-02 16:38 ` Peter Zijlstra
2022-03-02 16:17 ` Naveen N. Rao
2022-03-02 19:32 ` Peter Zijlstra
2022-03-02 19:39 ` Peter Zijlstra
2022-03-03 12:11 ` Naveen N. Rao
2022-03-03 1:54 ` Masami Hiramatsu
2022-03-02 0:11 ` Masami Hiramatsu
2022-03-02 10:25 ` Peter Zijlstra
2022-03-01 17:03 ` Naveen N. Rao
2022-02-24 14:51 ` [PATCH v2 16/39] x86/bpf: Add ENDBR instructions to prologue and trampoline Peter Zijlstra
2022-02-24 23:37 ` Josh Poimboeuf
2022-02-25 0:59 ` Kees Cook
2022-02-25 11:20 ` Peter Zijlstra
2022-02-25 12:24 ` Peter Zijlstra
2022-02-25 22:46 ` Josh Poimboeuf
2022-02-24 14:51 ` [PATCH v2 17/39] x86/ibt,ftrace: Add ENDBR to samples/ftrace Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 18/39] x86/ibt: Add IBT feature, MSR and #CP handling Peter Zijlstra
2022-02-24 23:55 ` Josh Poimboeuf
2022-02-25 10:51 ` Peter Zijlstra
2022-02-25 11:10 ` Peter Zijlstra
2022-02-25 23:51 ` Josh Poimboeuf
2022-02-26 11:55 ` Peter Zijlstra
2022-02-25 1:09 ` Kees Cook
2022-02-25 19:59 ` Edgecombe, Rick P
2022-03-01 15:14 ` Peter Zijlstra
2022-03-01 21:02 ` Peter Zijlstra
2022-03-01 23:13 ` Josh Poimboeuf
2022-03-02 1:59 ` Edgecombe, Rick P
2022-03-02 13:49 ` Peter Zijlstra
2022-03-02 18:38 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 19/39] x86: Disable IBT around firmware Peter Zijlstra
2022-02-25 1:10 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 20/39] x86/bugs: Disable Retpoline when IBT Peter Zijlstra
2022-02-25 1:11 ` Kees Cook
2022-02-25 2:22 ` Josh Poimboeuf
2022-02-25 10:55 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 21/39] x86/ibt: Annotate text references Peter Zijlstra
2022-02-25 0:47 ` Josh Poimboeuf
2022-02-25 12:57 ` Peter Zijlstra
2022-02-25 13:04 ` Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 22/39] x86/ibt,ftrace: Annotate ftrace code patching Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 23/39] x86/ibt,sev: Annotations Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 24/39] x86/text-patching: Make text_gen_insn() IBT aware Peter Zijlstra
2022-02-25 0:49 ` Josh Poimboeuf
2022-02-24 14:52 ` [PATCH v2 25/39] x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 26/39] x86/entry: Cleanup PARAVIRT Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 27/39] x86/entry,xen: Early rewrite of restore_regs_and_return_to_kernel() Peter Zijlstra
2022-02-24 17:51 ` Andrew Cooper
2022-02-24 14:52 ` [PATCH v2 28/39] x86/ibt,xen: Sprinkle the ENDBR Peter Zijlstra
2022-02-25 0:54 ` Josh Poimboeuf
2022-02-25 13:16 ` Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 29/39] objtool: Rename --duplicate to --lto Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 30/39] Kbuild: Allow whole module objtool runs Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 31/39] objtool: Read the NOENDBR annotation Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 32/39] x86/ibt: Dont generate ENDBR in .discard.text Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 33/39] objtool: Add IBT/ENDBR decoding Peter Zijlstra
2022-03-03 10:53 ` Miroslav Benes
2022-03-03 11:06 ` Andrew Cooper
2022-03-03 12:33 ` Miroslav Benes
2022-03-03 14:13 ` Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 34/39] objtool: Validate IBT assumptions Peter Zijlstra
2022-02-27 3:13 ` Josh Poimboeuf
2022-02-27 17:00 ` Peter Zijlstra
2022-02-27 22:20 ` Josh Poimboeuf
2022-02-28 9:47 ` Peter Zijlstra
2022-02-28 18:36 ` Josh Poimboeuf
2022-02-28 20:10 ` Peter Zijlstra
2022-02-28 9:26 ` Peter Zijlstra
2022-02-28 18:39 ` Josh Poimboeuf
2022-02-24 14:52 ` [PATCH v2 35/39] objtool: IBT fix direct JMP/CALL Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 36/39] objtool: Find unused ENDBR instructions Peter Zijlstra
2022-02-27 3:46 ` Josh Poimboeuf [this message]
2022-02-28 12:41 ` Peter Zijlstra
2022-02-28 17:36 ` Josh Poimboeuf
2022-02-24 14:52 ` [PATCH v2 37/39] x86/ibt: Finish --ibt-fix-direct on module loading Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 38/39] x86/ibt: Ensure module init/exit points have references Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 39/39] x86/alternative: Use .ibt_endbr_sites to seal indirect calls Peter Zijlstra
2022-02-24 20:26 ` [PATCH v2 00/39] x86: Kernel IBT Josh Poimboeuf
2022-02-25 15:28 ` Peter Zijlstra
2022-02-25 15:43 ` Peter Zijlstra
2022-02-25 17:26 ` Josh Poimboeuf
2022-02-25 17:32 ` Steven Rostedt
2022-02-25 19:53 ` Peter Zijlstra
2022-02-25 20:15 ` Josh Poimboeuf
2022-03-01 23:10 ` Josh Poimboeuf
2022-03-02 10:20 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220227034613.a5ejjey5agxlympd@treble \
--to=jpoimboe@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=alyssa.milburn@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=hjl.tools@gmail.com \
--cc=joao@overdrivepizza.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mbenes@suse.cz \
--cc=mhiramat@kernel.org \
--cc=ndesaulniers@google.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).