Re: [tip:x86/core 16/17] vmlinux.o: warning: objtool: do_jit+0x276: relocation to !ENDBR: .noinstr.text+0x6a60
From: Kees Cook
Date: Mon Mar 03 2025 - 14:10:35 EST
On Mon, Mar 03, 2025 at 07:57:48PM +0100, Peter Zijlstra wrote:
> On Mon, Mar 03, 2025 at 09:11:54AM -0800, Kees Cook wrote:
> > On Mon, Mar 03, 2025 at 10:24:59AM +0100, Peter Zijlstra wrote:
>
> > > > >> vmlinux.o: warning: objtool: do_jit+0x276: relocation to !ENDBR: .noinstr.text+0x6a60
>
> > Just for my own curiosity, how did you track this down? (The
> > relationship between cfi_bhi and do_jit is not immediately obvious to
> > me. Or rather, what was needing DCE?)
>
> If you build dfebe7362f6f461d771cdb9ac2c5172a4721f064 (tip/x86/core^2 so
> as to not have the fix) and build a FINEIBT=y kernel with clang-19 (so
> as not to have support for kcfi-ariry) then:
>
> $ ./scripts/objdump-func tmp-build/vmlinux.o do_jit
> ...
> 0267 6a2a7: 48 c1 e9 20 shr $0x20,%rcx
> 026b 6a2ab: 0f 85 16 39 00 00 jne 6dbc7 <do_jit+0x3b87>
> 0271 6a2b1: 48 8b 44 24 20 mov 0x20(%rsp),%rax
> 0276 6a2b6: 48 c7 c1 00 00 00 00 mov $0x0,%rcx 6a2b9: R_X86_64_32S __bhi_args+0x20
> 027d 6a2bd: c6 43 0b e8 movb $0xe8,0xb(%rbx)
> 0281 6a2c1: 48 83 c0 10 add $0x10,%rax
> 0285 6a2c5: 29 c1 sub %eax,%ecx
> 0287 6a2c7: 89 4b 0c mov %ecx,0xc(%rbx)
> ...
>
>
> So the reference is to __bhi_args[1], this is the result of
> emit_fineibt(.arity=1).
>
> Anyway, the point is that for FINEIBT_BHI=n the __bhi_args[]
> array is 'empty' and the +0x20 thing points into random.
>
> What needs DCE is the whole if (cfi_bhi) branch in emit_fineibt(),
> making that whole __bhi_args[] reference go away.
AH! Yes, that does stand out. :) Thanks!
--
Kees Cook