Re: [PATCH] x86/kvm, objtool: Avoid fastop ENDBR from being sealed
From: Peter Zijlstra
Date: Thu Aug 18 2022 - 03:28:53 EST
On Wed, Aug 17, 2022 at 06:10:45PM -0700, Josh Poimboeuf wrote:
> On Wed, Aug 17, 2022 at 12:56:15PM +0200, Peter Zijlstra wrote:
> > Add (yet another) annotation to inhibit objtool from sealing a specific
> > ENDBR instance.
>
> Nah, just add a throwaway reference to the function. Then no objtool
> change is needed:
Nice!, should I 'borrow' this and respin the patch or you want to make a
real patch out of it?
> diff --git a/arch/x86/include/asm/ibt.h b/arch/x86/include/asm/ibt.h
> index 689880eca9ba..3ae795150374 100644
> --- a/arch/x86/include/asm/ibt.h
> +++ b/arch/x86/include/asm/ibt.h
> @@ -31,6 +31,16 @@
>
> #define __noendbr __attribute__((nocf_check))
>
> +/*
> + * Create a dummy function pointer reference to prevent objtool from marking
> + * the function as needing to be "sealed" (i.e. ENDBR converted to NOP by
> + * apply_ibt_endbr()).
> + */
> +#define IBT_NOSEAL(fname) \
> + ".pushsection .discard.endbr.noseal\n\t" \
> + _ASM_PTR fname "\n\t" \
> + ".popsection\n\t"
> +
> static inline __attribute_const__ u32 gen_endbr(void)
> {
> u32 endbr;
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index f8382abe22ff..88623add0db4 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -316,7 +316,8 @@ static int fastop(struct x86_emulate_ctxt *ctxt, fastop_t fop);
> ".align " __stringify(FASTOP_SIZE) " \n\t" \
> ".type " name ", @function \n\t" \
> name ":\n\t" \
> - ASM_ENDBR
> + ASM_ENDBR \
> + IBT_NOSEAL(name)
>
> #define FOP_FUNC(name) \
> __FOP_FUNC(#name)