lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220520082604.GQ2578@worktop.programming.kicks-ass.net>
Date:   Fri, 20 May 2022 10:26:04 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Stephen Rothwell <sfr@...b.auug.org.au>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Next Mailing List <linux-next@...r.kernel.org>,
        jiangshan.ljs@...group.com, bp@...e.de
Subject: [PATCH] x86/entry: Fixup objtool/ibt validation

On Fri, May 20, 2022 at 05:49:54PM +1000, Stephen Rothwell wrote:
> Hi all,
> 
> After merging the tip tree, today's linux-next build (x86_64 allmodconfig)
> produced these warnings:
> 
> vmlinux.o: warning: objtool: vc_switch_off_ist+0x76: relocation to !ENDBR: entry_SYSCALL_64+0x15c
> vmlinux.o: warning: objtool: vc_switch_off_ist+0x8e: relocation to !ENDBR: entry_SYSCALL_compat+0xa5
> vmlinux.o: warning: objtool: vc_switch_off_ist+0x96: relocation to !ENDBR: .entry.text+0x21ca
> vmlinux.o: warning: objtool: vc_switch_off_ist+0xee: relocation to !ENDBR: .entry.text+0x162
> vmlinux.o: warning: objtool: __sev_es_ist_enter+0x5f: relocation to !ENDBR: entry_SYSCALL_64+0x15c
> vmlinux.o: warning: objtool: __sev_es_ist_enter+0x6b: relocation to !ENDBR: .entry.text+0x162
> vmlinux.o: warning: objtool: __sev_es_ist_enter+0x89: relocation to !ENDBR: entry_SYSCALL_compat+0xa5
> vmlinux.o: warning: objtool: __sev_es_ist_enter+0xc0: relocation to !ENDBR: .entry.text+0x21ca
> 
> I don't know what caused this.

It's commit 47f33de4aafb ("x86/sev: Mark the code returning to user space as syscall gap")
that added a bunch of text references.

Lai, Boris, can we please be careful with that?

---
Subject: x86/entry: Fixup objtool/ibt validation

Commit 47f33de4aafb ("x86/sev: Mark the code returning to user space as
syscall gap") added a bunch of text references without annotating them,
resulting in a spree of objtool complaints:

  vmlinux.o: warning: objtool: vc_switch_off_ist+0x77: relocation to !ENDBR: entry_SYSCALL_64+0x15c
  vmlinux.o: warning: objtool: vc_switch_off_ist+0x8f: relocation to !ENDBR: entry_SYSCALL_compat+0xa5
  vmlinux.o: warning: objtool: vc_switch_off_ist+0x97: relocation to !ENDBR: .entry.text+0x21ea
  vmlinux.o: warning: objtool: vc_switch_off_ist+0xef: relocation to !ENDBR: .entry.text+0x162
  vmlinux.o: warning: objtool: __sev_es_ist_enter+0x60: relocation to !ENDBR: entry_SYSCALL_64+0x15c
  vmlinux.o: warning: objtool: __sev_es_ist_enter+0x6c: relocation to !ENDBR: .entry.text+0x162
  vmlinux.o: warning: objtool: __sev_es_ist_enter+0x8a: relocation to !ENDBR: entry_SYSCALL_compat+0xa5
  vmlinux.o: warning: objtool: __sev_es_ist_enter+0xc1: relocation to !ENDBR: .entry.text+0x21ea

Since these text references are used to compare against IP, and are not
an indirect call target, they don't need ENDBR so annotate them away.

Fixes: 47f33de4aafb ("x86/sev: Mark the code returning to user space as syscall gap")
Reported-by: Stephen Rothwell <sfr@...b.auug.org.au>
Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
---
 arch/x86/entry/entry_64.S        | 3 +++
 arch/x86/entry/entry_64_compat.S | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 5ec42bf86a61..221f82b4abc2 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -215,9 +215,12 @@ syscall_return_via_sysret:
 	popq	%rdi
 	popq	%rsp
 SYM_INNER_LABEL(entry_SYSRETQ_unsafe_stack, SYM_L_GLOBAL)
+	ANNOTATE_NOENDBR
 	swapgs
 	sysretq
 SYM_INNER_LABEL(entry_SYSRETQ_end, SYM_L_GLOBAL)
+	ANNOTATE_NOENDBR
+	int3
 SYM_CODE_END(entry_SYSCALL_64)

 /*
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index 84ffcf504554..95d23364a131 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -245,6 +245,7 @@ sysret32_from_system_call:
          */
 	movq	RSP-ORIG_RAX(%rsp), %rsp
 SYM_INNER_LABEL(entry_SYSRETL_compat_unsafe_stack, SYM_L_GLOBAL)
+	ANNOTATE_NOENDBR

 	/*
 	 * The original userspace %rsp (RSP-ORIG_RAX(%rsp)) is stored
@@ -263,6 +264,8 @@ SYM_INNER_LABEL(entry_SYSRETL_compat_unsafe_stack, SYM_L_GLOBAL)
 	swapgs
 	sysretl
 SYM_INNER_LABEL(entry_SYSRETL_compat_end, SYM_L_GLOBAL)
+	ANNOTATE_NOENDBR
+	int3
 SYM_CODE_END(entry_SYSCALL_compat)

 /*

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ