Re: [PATCH v3 00/39] x86: Kernel IBT

From: Josh Poimboeuf
Date: Fri Mar 04 2022 - 14:10:11 EST


On Thu, Mar 03, 2022 at 12:23:21PM +0100, Peter Zijlstra wrote:
> Hi, another week, another series.
>
> Since last time:
>
> - fixed and tested kexec (redgecomb)
> - s/4*HAS_KERNEL_IBT/ENDBR_INSN_SIZE/ (jpoimboe)
> - re-arranged Xen patches to avoid churn (andyhpp)
> - folded IBT_SEAL Kconfig and objtool options (jpoimboe)
> - dropped direct call/jmp rewrite from objtool (jpoimboe)
> - dropped UD1 poison (jpoimboe)
> - fixed kprobe selftests (masami,naveen)
> - fixed ftrace selftests (rostedt)
> - simplified CET/INT3 selftests (jpoimboe)
> - boot time msg on IBT (kees)
> - objtool WARN_FUNC sym+off fallback (jpoimboe)
> - picked up tags for unchanged patches
> - probably more
>
> Supposedly clang-14-rc2 will work on this series, I'll validate the moment the
> Debian package gets updated.
>
> Patches go on top of tip/master + arm64/for-next/linkage. Also available here:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/wip.ibt

I'm getting some warnings with CONFIG_X86_KERNEL_IBT=n:

arch/x86/entry/entry_64.o: warning: objtool: irq_entries_start()+0x7: unreachable instruction
arch/x86/kernel/ftrace_64.o: warning: objtool: return_to_handler()+0x2a: unreachable instruction

And a warning with CONFIG_X86_KERNEL_IBT=y:

vmlinux.o: warning: objtool: .text+0xaf0: unreachable instruction

And if I remove the per-file limiting on "unreachable instruction"
warnings, I get a boat-load more warnings for vmlinux.o.

The last two patches (IBT sealing) aren't going to be viable until all
the "unreachable instruction" warnings get cleaned up, because that
means we have missing coverage.

--
Josh