lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220219093900.GH23216@worktop.programming.kicks-ass.net>
Date:   Sat, 19 Feb 2022 10:39:00 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     x86@...nel.org, joao@...rdrivepizza.com, hjl.tools@...il.com,
        andrew.cooper3@...rix.com, linux-kernel@...r.kernel.org,
        ndesaulniers@...gle.com, keescook@...omium.org,
        samitolvanen@...gle.com, mark.rutland@....com,
        alyssa.milburn@...el.com
Subject: Re: [PATCH 17/29] x86/ibt: Annotate text references

On Fri, Feb 18, 2022 at 09:22:16PM -0800, Josh Poimboeuf wrote:
> On Fri, Feb 18, 2022 at 05:49:19PM +0100, Peter Zijlstra wrote:
> > Annotate away some of the generic code references. This is things
> > where we take the address of a symbol for exception handling or return
> > addresses (eg. context switch).
> > 
> > Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
> 
> The vast majority of these annotations can go away if objtool only
> requires ENDBR for referenced *STT_FUNC* symbols.
> 
> Anything still needing ANNOTATE_NOENDBR after that, might arguably not
> belong as STT_FUNC anyway and it might make sense to convert it to
> non-function code (e.g. SYM_CODE{START,END}.

I really rather prefer objtool to err to the side of caution for now.
Missing ENDBR typically bricks a box hard, normal consoles don't get
around to showing anything. My force_early_printk patches saved the day
a number of times.

Given that the only hardware I have with this on is a NUC without
serial, this is a massive pain in the arse to debug. That box has been
 >< close to total destruction a number of times. I never want to do that
ever again, life's too short to have to work with a NUC.

> > @@ -564,12 +565,16 @@ SYM_CODE_END(\asmsym)
> >  	.align 16
> >  	.globl __irqentry_text_start
> >  __irqentry_text_start:
> > +	ANNOTATE_NOENDBR // unwinders
> > +	ud2;
> >  
> >  #include <asm/idtentry.h>
> >  
> >  	.align 16
> >  	.globl __irqentry_text_end
> >  __irqentry_text_end:
> > +	ANNOTATE_NOENDBR
> > +	ud2;
> 
> Why ud2?  If no ud2 then the annotation shouldn't be needed since the
> first idt entry has ENDBR.

paranoia :-) just to make absolutely sure nobody ever tries to call
__irqentry_text_end, but yes, removed it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ