kernel/linux.git/include/linux/objtool.h, branch v6.18.21Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.212025-08-18T12:23:09+00:00objtool: Validate kCFI calls2025-08-18T12:23:09+00:00Peter Zijlstrapeterz@infradead.org2025-04-12T11:56:01+00:00urn:sha1:894af4a1cde61c3401f237184fb770f72ff12df8
Validate that all indirect calls adhere to kCFI rules. Notably doing
nocfi indirect call to a cfi function is broken.
Apparently some Rust 'core' code violates this and explodes when ran
with FineIBT.
All the ANNOTATE_NOCFI_SYM sites are prime targets for attackers.
- runtime EFI is especially henous because it also needs to disable
IBT. Basically calling unknown code without CFI protection at
runtime is a massice security issue.
- Kexec image handover; if you can exploit this, you get to keep it :-)
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Acked-by: Sean Christopherson <seanjc@google.com>
Link: https://lkml.kernel.org/r/20250714103441.496787279@infradead.org
objtool: Fix up some outdated references to ENTRY/ENDPROC2025-03-25T08:20:27+00:00Josh Poimboeufjpoimboe@kernel.org2025-03-24T21:56:01+00:00urn:sha1:24fe172b50b5749c315349e740e4a09e3a0165d5
ENTRY and ENDPROC were deprecated years ago and replaced with
SYM_FUNC_{START,END}. Fix up a few outdated references in the objtool
documentation and comments. Also fix a few typos.
Suggested-by: Brendan Jackman <jackmanb@google.com>
Suggested-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/5eb7e06e1a0e87aaeda8d583ab060e7638a6ea8e.1742852846.git.jpoimboe@kernel.org
x86/boot: Mark start_secondary() with __noendbr2025-02-14T09:32:05+00:00Peter Zijlstrapeterz@infradead.org2025-02-07T12:15:34+00:00urn:sha1:93f16a1ab78ca56e3cd997d1ea54c214774781ac
The handoff between the boot stubs and start_secondary() are before IBT is
enabled and is definitely not subject to kCFI. As such, suppress all that for
this function.
Notably when the ENDBR poison would become fatal (ud1 instead of nop) this will
trigger a tripple fault because we haven't set up the IDT to handle #UD yet.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Link: https://lore.kernel.org/r/20250207122546.509520369@infradead.org
objtool: Fix ANNOTATE_REACHABLE to be a normal annotation2024-12-02T11:01:44+00:00Peter Zijlstrapeterz@infradead.org2024-11-28T09:39:06+00:00urn:sha1:87116ae6da034242baf06e799f9f0e2a8ee6a796
Currently REACHABLE is weird for being on the instruction after the
instruction it modifies.
Since all REACHABLE annotations have an explicit instruction, flip
them around.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20241128094312.494176035@infradead.org
objtool: Convert {.UN}REACHABLE to ANNOTATE2024-12-02T11:01:44+00:00Peter Zijlstrapeterz@infradead.org2024-11-28T09:39:05+00:00urn:sha1:e7a174fb43d24adca066e82d1cb9fdee092d48d1
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20241128094312.353431347@infradead.org
objtool: Collect more annotations in objtool.h2024-12-02T11:01:43+00:00Peter Zijlstrapeterz@infradead.org2024-11-28T09:39:00+00:00urn:sha1:bb8170067470cc7af28e4386e600b1e0a6a8956a
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20241128094311.786598147@infradead.org
objtool: Convert ANNOTATE_INTRA_FUNCTION_CALL to ANNOTATE2024-12-02T11:01:42+00:00Peter Zijlstrapeterz@infradead.org2024-11-28T09:38:58+00:00urn:sha1:112765ca1cb9353e71b4f5af4e6e6c4a69c28d99
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20241128094311.584892071@infradead.org
objtool: Convert VALIDATE_UNRET_BEGIN to ANNOTATE2024-12-02T11:01:42+00:00Peter Zijlstrapeterz@infradead.org2024-11-28T09:38:56+00:00urn:sha1:18aa6118a1689b4d73c5ebbd917ae3f20c9c0db1
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20241128094311.358508242@infradead.org
objtool: Convert instrumentation_{begin,end}() to ANNOTATE2024-12-02T11:01:41+00:00Peter Zijlstrapeterz@infradead.org2024-11-28T09:38:55+00:00urn:sha1:317f2a64618c528539d17fe6957a64106087fbd2
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20241128094311.245980207@infradead.org
objtool: Convert ANNOTATE_NOENDBR to ANNOTATE2024-12-02T11:01:41+00:00Peter Zijlstrapeterz@infradead.org2024-11-28T09:38:53+00:00urn:sha1:22c3d58079688b697f36d670616e463cbb14d058
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20241128094311.042140333@infradead.org