Re: lkdtm: Annotate do_nothing()
From: Kees Cook
Date: Mon Mar 03 2025 - 12:48:21 EST
On Mon, Mar 03, 2025 at 10:38:17AM +0100, Peter Zijlstra wrote:
> Hi Kees,
>
> During my FineIBT testing the other week I stumbled upon the following
> complaint:
>
> vmlinux.o: warning: objtool: execute_location+0x4f: relocation to !ENDBR: .text+0x1032008
>
> I finally got around to looking at it and realized we have means of
> annotating that since 93f16a1ab78c ("x86/boot: Mark start_secondary() with __noendbr")
> (which might still be in tip only).
Er, doesn't that mean do_nothing() will lack an ENDBR? Wait, no, that's
__noendbr. What does this annotation mean if the function _does_ have
ENDBR?
Note that these tests are explicitly using __nocfi (via the
execute_location() function) since they're testing the Execute bit in
different memory regions. But I would expect BTI to still work (and not
block execution).
-Kees
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> ---
> diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c
> index 5b861dbff27e..9600af4494d8 100644
> --- a/drivers/misc/lkdtm/perms.c
> +++ b/drivers/misc/lkdtm/perms.c
> @@ -36,6 +36,7 @@ static noinline void do_nothing(void)
> {
> return;
> }
> +ANNOTATE_NOENDBR_SYM(do_nothing);
>
> /* Must immediately follow do_nothing for size calculuations to work out. */
> static noinline void do_overwritten(void)
--
Kees Cook