Re: [PATCH v2 08/39] x86/linkage: Add ENDBR to SYM_FUNC_START*()
From: Kees Cook
Date: Thu Feb 24 2022 - 19:45:12 EST
On Thu, Feb 24, 2022 at 03:51:46PM +0100, Peter Zijlstra wrote:
> Ensure the ASM functions have ENDBR on for IBT builds, this follows
> the ARM64 example. Unlike ARM64, we'll likely end up overwriting them
> with poison.
>
> Suggested-by: Mark Rutland <mark.rutland@xxxxxxx>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> ---
> arch/x86/include/asm/linkage.h | 39 +++++++++++++++++++++++++++++++++++++++
> 1 file changed, 39 insertions(+)
>
> --- a/arch/x86/include/asm/linkage.h
> +++ b/arch/x86/include/asm/linkage.h
> @@ -3,6 +3,7 @@
> #define _ASM_X86_LINKAGE_H
>
> #include <linux/stringify.h>
> +#include <asm/ibt.h>
>
> #undef notrace
> #define notrace __attribute__((no_instrument_function))
> @@ -34,5 +35,43 @@
>
> #endif /* __ASSEMBLY__ */
>
> +/*
> + * compressed and purgatory define this to disable EXPORT,
> + * hijack this same to also not emit ENDBR.
> + */
> +#ifndef __DISABLE_EXPORTS
It's certainly cleaner to avoid increasing boot stub image size, but
there's no _harm_ in including them, yes?
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
--
Kees Cook