lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YhzC6RmRZs6U4wvG@hirez.programming.kicks-ass.net>
Date:   Mon, 28 Feb 2022 13:41:13 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     x86@...nel.org, joao@...rdrivepizza.com, hjl.tools@...il.com,
        andrew.cooper3@...rix.com, linux-kernel@...r.kernel.org,
        ndesaulniers@...gle.com, keescook@...omium.org,
        samitolvanen@...gle.com, mark.rutland@....com,
        alyssa.milburn@...el.com, mbenes@...e.cz, rostedt@...dmis.org,
        mhiramat@...nel.org, alexei.starovoitov@...il.com
Subject: Re: [PATCH v2 36/39] objtool: Find unused ENDBR instructions

On Sat, Feb 26, 2022 at 07:46:13PM -0800, Josh Poimboeuf wrote:
> On Thu, Feb 24, 2022 at 03:52:14PM +0100, Peter Zijlstra wrote:
> > +#ifdef CONFIG_X86_KERNEL_IBT
> > +	. = ALIGN(8);
> > +	.ibt_endbr_sites : AT(ADDR(.ibt_endbr_sites) - LOAD_OFFSET) {
> > +		__ibt_endbr_sites = .;
> > +		*(.ibt_endbr_sites)
> > +		__ibt_endbr_sites_end = .;
> > +	}
> > +#endif
> 
> ".ibt_endbr_superfluous" maybe?  It's not *all* the endbr sites.

Since I like seals, I'll make it .ibt_endbr_seal :-) Also goes well with
the option at hand.

> > +
> >  	/*
> >  	 * struct alt_inst entries. From the header (alternative.h):
> >  	 * "Alternative instructions for different CPU types or capabilities"
> > --- a/tools/objtool/builtin-check.c
> > +++ b/tools/objtool/builtin-check.c
> > @@ -21,7 +21,7 @@
> >  
> >  bool no_fp, no_unreachable, retpoline, module, backtrace, uaccess, stats,
> >       lto, vmlinux, mcount, noinstr, backup, sls, dryrun,
> > -     ibt, ibt_fix_direct;
> > +     ibt, ibt_fix_direct, ibt_seal;
> >  
> >  static const char * const check_usage[] = {
> >  	"objtool check [<options>] file.o",
> > @@ -50,6 +50,7 @@ const struct option check_options[] = {
> >  	OPT_BOOLEAN(0, "dry-run", &dryrun, "don't write the modifications"),
> >  	OPT_BOOLEAN(0, "ibt", &ibt, "validate ENDBR placement"),
> >  	OPT_BOOLEAN(0, "ibt-fix-direct", &ibt_fix_direct, "fixup direct jmp/call to ENDBR"),
> > +	OPT_BOOLEAN(0, "ibt-seal", &ibt_seal, "list superfluous ENDBR instructions"),
> 
> s/list/annotate/ ?

Done :-)

> Not sure "ibt-seal" is the appropriate name since the "seal" is done at
> boot time.

It allows sealing; it finds the locations to seal, whatever :-)

> Do we really need a separate option anyway?  To get the full benefits of
> IBT you might as well enable it...  And always enabling it helps flush
> out bugs quicker.

Are you asking about --ibt and --ibt-seal or about the existence of
X86_KERNEL_IBT_SEAL here?

The Makefiles will only ever use --ibt and --ibt-seal together for the
reason you state. The reason they're two separate objtool arguments is
because it's stictly speaking two different things being done. Also
--ibt as such is invariant, while --ibt-seal causes modifications to the
object file (which can be discarded using the new --dry-run I suppose).

The reason X86_KERNEL_IBT_SEAL exists is because that requires objtool
while X86_KERNEL_IBT does not -- you seemed to favour not hard relying
on having objtool present.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ