From: Miroslav Benes <mbenes@suse.cz>
To: Peter Zijlstra <peterz@infradead.org>
Cc: x86@kernel.org, joao@overdrivepizza.com, hjl.tools@gmail.com,
jpoimboe@redhat.com, andrew.cooper3@citrix.com,
linux-kernel@vger.kernel.org, ndesaulniers@google.com,
keescook@chromium.org, samitolvanen@google.com,
mark.rutland@arm.com, alyssa.milburn@intel.com,
rostedt@goodmis.org, mhiramat@kernel.org,
alexei.starovoitov@gmail.com
Subject: Re: [PATCH v2 33/39] objtool: Add IBT/ENDBR decoding
Date: Thu, 3 Mar 2022 11:53:44 +0100 (CET) [thread overview]
Message-ID: <alpine.LSU.2.21.2203031138040.704@pobox.suse.cz> (raw)
In-Reply-To: <20220224151323.959862564@infradead.org>
Hi,
On Thu, 24 Feb 2022, Peter Zijlstra wrote:
> Decode ENDBR instructions and WARN about NOTRACK prefixes.
I guess it has been already mentioned somewhere, but could you explain
NOTRACK prefix here, please? If I understand it right, it disables IBT for
the indirect branch instruction meaning that its target does not have to
start with ENDBR?
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
> tools/objtool/arch/x86/decode.c | 34 +++++++++++++++++++++++++++++-----
> tools/objtool/include/objtool/arch.h | 1 +
> 2 files changed, 30 insertions(+), 5 deletions(-)
>
> --- a/tools/objtool/arch/x86/decode.c
> +++ b/tools/objtool/arch/x86/decode.c
> @@ -103,6 +103,18 @@ unsigned long arch_jump_destination(stru
> #define rm_is_mem(reg) (mod_is_mem() && !is_RIP() && rm_is(reg))
> #define rm_is_reg(reg) (mod_is_reg() && modrm_rm == (reg))
>
> +static bool has_notrack_prefix(struct insn *insn)
> +{
> + int i;
> +
> + for (i = 0; i < insn->prefixes.nbytes; i++) {
> + if (insn->prefixes.bytes[i] == 0x3e)
> + return true;
> + }
> +
> + return false;
> +}
> +
...
> @@ -636,20 +656,24 @@ int arch_decode_instruction(struct objto
> break;
>
> case 0xff:
> - if (modrm_reg == 2 || modrm_reg == 3)
> + if (modrm_reg == 2 || modrm_reg == 3) {
>
> *type = INSN_CALL_DYNAMIC;
> + if (has_notrack_prefix(&insn))
> + WARN("notrack prefix found at %s:0x%lx", sec->name, offset);
>
> - else if (modrm_reg == 4)
> + } else if (modrm_reg == 4) {
>
> *type = INSN_JUMP_DYNAMIC;
> + if (has_notrack_prefix(&insn))
> + WARN("notrack prefix found at %s:0x%lx", sec->name, offset);
And we want to warn about it here so that we can have it all in the kernel
control?
Miroslav
next prev parent reply other threads:[~2022-03-03 10:53 UTC|newest]
Thread overview: 183+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-24 14:51 [PATCH v2 00/39] x86: Kernel IBT Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 01/39] kbuild: Fix clang build Peter Zijlstra
2022-02-25 0:11 ` Kees Cook
2022-03-01 21:16 ` Nick Desaulniers
2022-03-02 0:47 ` Kees Cook
2022-03-02 0:53 ` Fangrui Song
2022-03-02 16:37 ` Nathan Chancellor
2022-03-02 18:40 ` Kees Cook
2022-03-02 19:18 ` Nick Desaulniers
2022-03-02 21:15 ` Nathan Chancellor
2022-03-02 22:07 ` Nick Desaulniers
2022-03-02 23:00 ` Kees Cook
2022-03-02 23:10 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 02/39] static_call: Avoid building empty .static_call_sites Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 03/39] x86/module: Fix the paravirt vs alternative order Peter Zijlstra
2022-03-01 14:37 ` Miroslav Benes
2022-02-24 14:51 ` [PATCH v2 04/39] objtool: Add --dry-run Peter Zijlstra
2022-02-25 0:27 ` Kees Cook
2022-03-01 14:37 ` Miroslav Benes
2022-02-24 14:51 ` [PATCH v2 05/39] x86: Base IBT bits Peter Zijlstra
2022-02-25 0:35 ` Kees Cook
2022-02-25 0:46 ` Nathan Chancellor
2022-02-25 22:08 ` Nathan Chancellor
2022-02-26 0:29 ` Joao Moreira
2022-02-26 4:58 ` Kees Cook
2022-02-26 4:59 ` Fāng-ruì Sòng
2022-02-26 5:04 ` Kees Cook
2022-02-25 13:41 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 06/39] x86/ibt: Add ANNOTATE_NOENDBR Peter Zijlstra
2022-02-25 0:36 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust Peter Zijlstra
2022-02-24 22:37 ` Josh Poimboeuf
2022-02-25 0:42 ` Kees Cook
2022-02-25 9:22 ` Andrew Cooper
2022-02-24 14:51 ` [PATCH v2 08/39] x86/linkage: Add ENDBR to SYM_FUNC_START*() Peter Zijlstra
2022-02-25 0:45 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 09/39] x86/ibt,paravirt: Sprinkle ENDBR Peter Zijlstra
2022-02-25 0:47 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 10/39] x86/ibt,crypto: Add ENDBR for the jump-table entries Peter Zijlstra
2022-02-24 22:41 ` Josh Poimboeuf
2022-02-25 0:50 ` Kees Cook
2022-02-25 10:22 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 11/39] x86/ibt,kvm: Add ENDBR to fastops Peter Zijlstra
2022-02-25 0:54 ` Kees Cook
2022-02-25 10:24 ` Peter Zijlstra
2022-02-25 13:09 ` David Laight
2022-02-24 14:51 ` [PATCH v2 12/39] x86/ibt,ftrace: Search for __fentry__ location Peter Zijlstra
2022-02-24 15:55 ` Masami Hiramatsu
2022-02-24 15:58 ` Steven Rostedt
2022-02-24 15:59 ` Steven Rostedt
2022-02-24 16:01 ` Steven Rostedt
2022-02-24 22:46 ` Josh Poimboeuf
2022-02-24 22:51 ` Steven Rostedt
2022-02-25 1:34 ` Masami Hiramatsu
2022-02-25 2:19 ` Steven Rostedt
2022-02-25 10:20 ` Masami Hiramatsu
2022-02-25 13:36 ` Steven Rostedt
2022-03-01 18:57 ` Naveen N. Rao
2022-03-01 19:20 ` Steven Rostedt
2022-03-02 13:20 ` Peter Zijlstra
2022-03-02 16:01 ` Steven Rostedt
2022-03-02 19:47 ` Steven Rostedt
2022-03-02 20:48 ` Steven Rostedt
2022-03-02 20:51 ` Peter Zijlstra
2022-03-03 9:45 ` Naveen N. Rao
2022-03-03 13:04 ` Peter Zijlstra
2022-03-03 14:34 ` Steven Rostedt
2022-03-03 15:59 ` Peter Zijlstra
2022-03-06 3:48 ` Masami Hiramatsu
2022-03-09 11:47 ` Naveen N. Rao
2022-03-03 14:39 ` Naveen N. Rao
2022-02-25 0:55 ` Kees Cook
2022-03-02 16:25 ` Naveen N. Rao
2022-02-24 14:51 ` [PATCH v2 13/39] x86/livepatch: Validate " Peter Zijlstra
2022-02-24 23:02 ` Josh Poimboeuf
2022-02-24 14:51 ` [PATCH v2 14/39] x86/ibt,ftrace: Make function-graph play nice Peter Zijlstra
2022-02-24 15:36 ` Peter Zijlstra
2022-02-24 15:42 ` Steven Rostedt
2022-02-24 23:09 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 15/39] x86/ibt,kprobes: Fix more +0 assumptions Peter Zijlstra
2022-02-25 0:58 ` Kees Cook
2022-02-25 1:32 ` Masami Hiramatsu
2022-02-25 10:46 ` Peter Zijlstra
2022-02-25 13:42 ` Masami Hiramatsu
2022-02-25 15:41 ` Peter Zijlstra
2022-02-26 2:10 ` Masami Hiramatsu
2022-02-26 11:48 ` Peter Zijlstra
2022-02-25 14:14 ` Steven Rostedt
2022-02-26 7:09 ` Masami Hiramatsu
2022-02-28 6:07 ` Masami Hiramatsu
2022-02-28 23:25 ` Peter Zijlstra
2022-03-01 2:49 ` Masami Hiramatsu
2022-03-01 8:28 ` Peter Zijlstra
2022-03-01 17:19 ` Naveen N. Rao
2022-03-01 19:12 ` Peter Zijlstra
2022-03-01 20:05 ` Peter Zijlstra
2022-03-02 15:59 ` Naveen N. Rao
2022-03-02 16:38 ` Peter Zijlstra
2022-03-02 16:17 ` Naveen N. Rao
2022-03-02 19:32 ` Peter Zijlstra
2022-03-02 19:39 ` Peter Zijlstra
2022-03-03 12:11 ` Naveen N. Rao
2022-03-03 1:54 ` Masami Hiramatsu
2022-03-02 0:11 ` Masami Hiramatsu
2022-03-02 10:25 ` Peter Zijlstra
2022-03-01 17:03 ` Naveen N. Rao
2022-02-24 14:51 ` [PATCH v2 16/39] x86/bpf: Add ENDBR instructions to prologue and trampoline Peter Zijlstra
2022-02-24 23:37 ` Josh Poimboeuf
2022-02-25 0:59 ` Kees Cook
2022-02-25 11:20 ` Peter Zijlstra
2022-02-25 12:24 ` Peter Zijlstra
2022-02-25 22:46 ` Josh Poimboeuf
2022-02-24 14:51 ` [PATCH v2 17/39] x86/ibt,ftrace: Add ENDBR to samples/ftrace Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 18/39] x86/ibt: Add IBT feature, MSR and #CP handling Peter Zijlstra
2022-02-24 23:55 ` Josh Poimboeuf
2022-02-25 10:51 ` Peter Zijlstra
2022-02-25 11:10 ` Peter Zijlstra
2022-02-25 23:51 ` Josh Poimboeuf
2022-02-26 11:55 ` Peter Zijlstra
2022-02-25 1:09 ` Kees Cook
2022-02-25 19:59 ` Edgecombe, Rick P
2022-03-01 15:14 ` Peter Zijlstra
2022-03-01 21:02 ` Peter Zijlstra
2022-03-01 23:13 ` Josh Poimboeuf
2022-03-02 1:59 ` Edgecombe, Rick P
2022-03-02 13:49 ` Peter Zijlstra
2022-03-02 18:38 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 19/39] x86: Disable IBT around firmware Peter Zijlstra
2022-02-25 1:10 ` Kees Cook
2022-02-24 14:51 ` [PATCH v2 20/39] x86/bugs: Disable Retpoline when IBT Peter Zijlstra
2022-02-25 1:11 ` Kees Cook
2022-02-25 2:22 ` Josh Poimboeuf
2022-02-25 10:55 ` Peter Zijlstra
2022-02-24 14:51 ` [PATCH v2 21/39] x86/ibt: Annotate text references Peter Zijlstra
2022-02-25 0:47 ` Josh Poimboeuf
2022-02-25 12:57 ` Peter Zijlstra
2022-02-25 13:04 ` Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 22/39] x86/ibt,ftrace: Annotate ftrace code patching Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 23/39] x86/ibt,sev: Annotations Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 24/39] x86/text-patching: Make text_gen_insn() IBT aware Peter Zijlstra
2022-02-25 0:49 ` Josh Poimboeuf
2022-02-24 14:52 ` [PATCH v2 25/39] x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 26/39] x86/entry: Cleanup PARAVIRT Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 27/39] x86/entry,xen: Early rewrite of restore_regs_and_return_to_kernel() Peter Zijlstra
2022-02-24 17:51 ` Andrew Cooper
2022-02-24 14:52 ` [PATCH v2 28/39] x86/ibt,xen: Sprinkle the ENDBR Peter Zijlstra
2022-02-25 0:54 ` Josh Poimboeuf
2022-02-25 13:16 ` Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 29/39] objtool: Rename --duplicate to --lto Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 30/39] Kbuild: Allow whole module objtool runs Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 31/39] objtool: Read the NOENDBR annotation Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 32/39] x86/ibt: Dont generate ENDBR in .discard.text Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 33/39] objtool: Add IBT/ENDBR decoding Peter Zijlstra
2022-03-03 10:53 ` Miroslav Benes [this message]
2022-03-03 11:06 ` Andrew Cooper
2022-03-03 12:33 ` Miroslav Benes
2022-03-03 14:13 ` Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 34/39] objtool: Validate IBT assumptions Peter Zijlstra
2022-02-27 3:13 ` Josh Poimboeuf
2022-02-27 17:00 ` Peter Zijlstra
2022-02-27 22:20 ` Josh Poimboeuf
2022-02-28 9:47 ` Peter Zijlstra
2022-02-28 18:36 ` Josh Poimboeuf
2022-02-28 20:10 ` Peter Zijlstra
2022-02-28 9:26 ` Peter Zijlstra
2022-02-28 18:39 ` Josh Poimboeuf
2022-02-24 14:52 ` [PATCH v2 35/39] objtool: IBT fix direct JMP/CALL Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 36/39] objtool: Find unused ENDBR instructions Peter Zijlstra
2022-02-27 3:46 ` Josh Poimboeuf
2022-02-28 12:41 ` Peter Zijlstra
2022-02-28 17:36 ` Josh Poimboeuf
2022-02-24 14:52 ` [PATCH v2 37/39] x86/ibt: Finish --ibt-fix-direct on module loading Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 38/39] x86/ibt: Ensure module init/exit points have references Peter Zijlstra
2022-02-24 14:52 ` [PATCH v2 39/39] x86/alternative: Use .ibt_endbr_sites to seal indirect calls Peter Zijlstra
2022-02-24 20:26 ` [PATCH v2 00/39] x86: Kernel IBT Josh Poimboeuf
2022-02-25 15:28 ` Peter Zijlstra
2022-02-25 15:43 ` Peter Zijlstra
2022-02-25 17:26 ` Josh Poimboeuf
2022-02-25 17:32 ` Steven Rostedt
2022-02-25 19:53 ` Peter Zijlstra
2022-02-25 20:15 ` Josh Poimboeuf
2022-03-01 23:10 ` Josh Poimboeuf
2022-03-02 10:20 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LSU.2.21.2203031138040.704@pobox.suse.cz \
--to=mbenes@suse.cz \
--cc=alexei.starovoitov@gmail.com \
--cc=alyssa.milburn@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=hjl.tools@gmail.com \
--cc=joao@overdrivepizza.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mhiramat@kernel.org \
--cc=ndesaulniers@google.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).