Re: [PATCH v2 09/39] x86/ibt,paravirt: Sprinkle ENDBR

From: Kees Cook
Date: Thu Feb 24 2022 - 19:47:41 EST

Next message: kernel test robot: "[tip:x86/cc] BUILD SUCCESS 1e8c5971c249893ac33ca983c32bafcf5d50c727"
Previous message: Florian Fainelli: "Re: [PATCH 2/2] ARM: dts: NSP: MX6X: correct LED function types"
In reply to: Peter Zijlstra: "[PATCH v2 09/39] x86/ibt,paravirt: Sprinkle ENDBR"
Next in thread: Peter Zijlstra: "[PATCH v2 35/39] objtool: IBT fix direct JMP/CALL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 24, 2022 at 03:51:47PM +0100, Peter Zijlstra wrote:
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> ---
> arch/x86/entry/entry_64.S | 1 +
> arch/x86/include/asm/paravirt.h | 1 +
> arch/x86/include/asm/qspinlock_paravirt.h | 3 +++
> arch/x86/kernel/kvm.c | 3 ++-
> arch/x86/kernel/paravirt.c | 2 ++
> 5 files changed, 9 insertions(+), 1 deletion(-)
>
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -635,6 +635,7 @@ SYM_INNER_LABEL(restore_regs_and_return_
>
> SYM_INNER_LABEL_ALIGN(native_iret, SYM_L_GLOBAL)
> UNWIND_HINT_IRET_REGS
> + ENDBR // paravirt_iret

If this is also setting the stage for finer grain CFI schemes, should
these macros instead be something more generically named? Like,
INDIRECT_ENTRY, or so? I imagine that'd avoid future churn, but maybe
I'm pre-optimizing... Regardless:

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: kernel test robot: "[tip:x86/cc] BUILD SUCCESS 1e8c5971c249893ac33ca983c32bafcf5d50c727"
Previous message: Florian Fainelli: "Re: [PATCH 2/2] ARM: dts: NSP: MX6X: correct LED function types"
In reply to: Peter Zijlstra: "[PATCH v2 09/39] x86/ibt,paravirt: Sprinkle ENDBR"
Next in thread: Peter Zijlstra: "[PATCH v2 35/39] objtool: IBT fix direct JMP/CALL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]