| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Feb 2022 09:36:06 -0800
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: x86@...nel.org, joao@...rdrivepizza.com, hjl.tools@...il.com,
andrew.cooper3@...rix.com, linux-kernel@...r.kernel.org,
ndesaulniers@...gle.com, keescook@...omium.org,
samitolvanen@...gle.com, mark.rutland@....com,
alyssa.milburn@...el.com, mbenes@...e.cz, rostedt@...dmis.org,
mhiramat@...nel.org, alexei.starovoitov@...il.com
Subject: Re: [PATCH v2 36/39] objtool: Find unused ENDBR instructions
On Mon, Feb 28, 2022 at 01:41:13PM +0100, Peter Zijlstra wrote:
> On Sat, Feb 26, 2022 at 07:46:13PM -0800, Josh Poimboeuf wrote:
> > On Thu, Feb 24, 2022 at 03:52:14PM +0100, Peter Zijlstra wrote:
> > > +#ifdef CONFIG_X86_KERNEL_IBT
> > > + . = ALIGN(8);
> > > + .ibt_endbr_sites : AT(ADDR(.ibt_endbr_sites) - LOAD_OFFSET) {
> > > + __ibt_endbr_sites = .;
> > > + *(.ibt_endbr_sites)
> > > + __ibt_endbr_sites_end = .;
> > > + }
> > > +#endif
> >
> > ".ibt_endbr_superfluous" maybe? It's not *all* the endbr sites.
>
> Since I like seals, I'll make it .ibt_endbr_seal :-) Also goes well with
> the option at hand.
Sounds good.
>
> > > +
> > > /*
> > > * struct alt_inst entries. From the header (alternative.h):
> > > * "Alternative instructions for different CPU types or capabilities"
> > > --- a/tools/objtool/builtin-check.c
> > > +++ b/tools/objtool/builtin-check.c
> > > @@ -21,7 +21,7 @@
> > >
> > > bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats,
> > > lto, vmlinux, mcount, noinstr, backup, sls, dryrun,
> > > - ibt, ibt_fix_direct;
> > > + ibt, ibt_fix_direct, ibt_seal;
> > >
> > > static const char * const check_usage[] = {
> > > "objtool check [<options>] file.o",
> > > @@ -50,6 +50,7 @@ const struct option check_options[] = {
> > > OPT_BOOLEAN(0, "dry-run", &dryrun, "don't write the modifications"),
> > > OPT_BOOLEAN(0, "ibt", &ibt, "validate ENDBR placement"),
> > > OPT_BOOLEAN(0, "ibt-fix-direct", &ibt_fix_direct, "fixup direct jmp/call to ENDBR"),
> > > + OPT_BOOLEAN(0, "ibt-seal", &ibt_seal, "list superfluous ENDBR instructions"),
> >
> > s/list/annotate/ ?
>
> Done :-)
>
> > Not sure "ibt-seal" is the appropriate name since the "seal" is done at
> > boot time.
>
> It allows sealing; it finds the locations to seal, whatever :-)
Fair enough :-)
> > Do we really need a separate option anyway? To get the full benefits of
> > IBT you might as well enable it... And always enabling it helps flush
> > out bugs quicker.
>
> Are you asking about --ibt and --ibt-seal or about the existence of
> X86_KERNEL_IBT_SEAL here?
Both.
> The Makefiles will only ever use --ibt and --ibt-seal together for the
> reason you state. The reason they're two separate objtool arguments is
> because it's stictly speaking two different things being done. Also
> --ibt as such is invariant, while --ibt-seal causes modifications to the
> object file (which can be discarded using the new --dry-run I suppose).
Ok, but I wanted to avoid option sprawl. I don't see a reason to
separate them.
> The reason X86_KERNEL_IBT_SEAL exists is because that requires objtool
> while X86_KERNEL_IBT does not -- you seemed to favour not hard relying
> on having objtool present.
Hm, either you misunderstood, I misspoke, or I have short term memory
loss. Objtool is already hopelessly intertwined with x86. I'd rather
not have the extra option.
--
Josh
Powered by blists - more mailing lists