| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220224223728.fqko5ex7wbm2a5xn@treble>
Date: Thu, 24 Feb 2022 14:37:28 -0800
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: x86@...nel.org, joao@...rdrivepizza.com, hjl.tools@...il.com,
andrew.cooper3@...rix.com, linux-kernel@...r.kernel.org,
ndesaulniers@...gle.com, keescook@...omium.org,
samitolvanen@...gle.com, mark.rutland@....com,
alyssa.milburn@...el.com, mbenes@...e.cz, rostedt@...dmis.org,
mhiramat@...nel.org, alexei.starovoitov@...il.com
Subject: Re: [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust
On Thu, Feb 24, 2022 at 03:51:45PM +0100, Peter Zijlstra wrote:
> Kernel entry points should be having ENDBR on for IBT configs.
>
> The SYSCALL entry points are found through taking their respective
> address in order to program them in the MSRs, while the exception
> entry points are found through UNWIND_HINT_IRET_REGS.
>
> The rule is that any UNWIND_HINT_IRET_REGS at sym+0 should have an
> ENDBR, see the later objtool ibt validation patch.
Could the "rule" be changed to only check global syms? It seems
unlikely a local symbol would need ENDBR.
Then you wouldn't need this annotation:
> SYM_CODE_START_LOCAL(early_idt_handler_common)
> + UNWIND_HINT_IRET_REGS offset=16
> + ANNOTATE_NOENDBR
> /*
> * The stack is the hardware frame, an error code or zero, and the
> * vector number.
--
Josh
Powered by blists - more mailing lists