Re: [PATCH] x86/kvm, objtool: Avoid fastop ENDBR from being sealed

From: Josh Poimboeuf
Date: Wed Aug 17 2022 - 21:10:53 EST


On Wed, Aug 17, 2022 at 12:56:15PM +0200, Peter Zijlstra wrote:
> Add (yet another) annotation to inhibit objtool from sealing a specific
> ENDBR instance.

Nah, just add a throwaway reference to the function. Then no objtool
change is needed:

diff --git a/arch/x86/include/asm/ibt.h b/arch/x86/include/asm/ibt.h
index 689880eca9ba..3ae795150374 100644
--- a/arch/x86/include/asm/ibt.h
+++ b/arch/x86/include/asm/ibt.h
@@ -31,6 +31,16 @@

#define __noendbr __attribute__((nocf_check))

+/*
+ * Create a dummy function pointer reference to prevent objtool from marking
+ * the function as needing to be "sealed" (i.e. ENDBR converted to NOP by
+ * apply_ibt_endbr()).
+ */
+#define IBT_NOSEAL(fname) \
+ ".pushsection .discard.endbr.noseal\n\t" \
+ _ASM_PTR fname "\n\t" \
+ ".popsection\n\t"
+
static inline __attribute_const__ u32 gen_endbr(void)
{
u32 endbr;
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index f8382abe22ff..88623add0db4 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -316,7 +316,8 @@ static int fastop(struct x86_emulate_ctxt *ctxt, fastop_t fop);
".align " __stringify(FASTOP_SIZE) " \n\t" \
".type " name ", @function \n\t" \
name ":\n\t" \
- ASM_ENDBR
+ ASM_ENDBR \
+ IBT_NOSEAL(name)

#define FOP_FUNC(name) \
__FOP_FUNC(#name)