Re: [PATCH 01/14] x86/cfi: Wreck things...

From: Josh Poimboeuf
Date: Mon Sep 30 2024 - 17:43:13 EST

Next message: Namhyung Kim: "Re: [PATCH v3 3/3] perf parse-events: Add "cpu" term to set the CPU an event is recorded on"
Previous message: Mark Brown: "Re: [PATCH v2] dt-bindings: spi: zynqmp-qspi: Include two 'reg' properties only for the Zynq UltraScale QSPI"
In reply to: Peter Zijlstra: "Re: [PATCH 01/14] x86/cfi: Wreck things..."
Next in thread: Peter Zijlstra: "[PATCH 14/14] x86/fineibt: Add FineIBT+BHI mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 28, 2024 at 03:31:14PM +0200, Peter Zijlstra wrote:
> On Fri, Sep 27, 2024 at 04:15:27PM -0700, Josh Poimboeuf wrote:
> > Even better, require exported+indirect-called symbols to use
> > EXPORT_SYMBOL_TYPED, otherwise they get sealed. I suppose we'd need to
> > add some module-to-vmlinux ENDBR validation to make sure modules don't
> > get broken by this.
>
> So I like this idea. but yeah, this is going to be a bit tricky to
> validate.

If Module.symvers had EXPORT_SYMBOL[_GPL][_TYPED], objtool could read
that to decide whether a given module indirect branch is allowed.

Objtool is going to be getting support for reading Module.symvers anyway
for klp-build so it should actually be pretty easy.

--
Josh

Next message: Namhyung Kim: "Re: [PATCH v3 3/3] perf parse-events: Add "cpu" term to set the CPU an event is recorded on"
Previous message: Mark Brown: "Re: [PATCH v2] dt-bindings: spi: zynqmp-qspi: Include two 'reg' properties only for the Zynq UltraScale QSPI"
In reply to: Peter Zijlstra: "Re: [PATCH 01/14] x86/cfi: Wreck things..."
Next in thread: Peter Zijlstra: "[PATCH 14/14] x86/fineibt: Add FineIBT+BHI mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]