Re: [PATCH v7 0/8] x86/kexec: Add exception handling for relocate_kernel
From: Ingo Molnar
Date: Fri Mar 14 2025 - 06:22:04 EST
* David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
> On Thu, 2025-03-13 at 19:58 +0000, David Woodhouse wrote:
> >
> > Reproduced that by going back to x86-64 defconfig.
>
> Turns out the unret check doesn't even run unless CONFIG_DEBUG_ENTRY is
> enabled (which enables CONFIG_NOINSTR_VALIDATION and thus runs objtool
> on vmlinux.o). Which is why I didn't see it.
>
> > vmlinux.o: warning: objtool: exc_handler+0xe: early indirect call
>
> With Peter's help (thanks), this is fixed by adding VALIDATE_UNRET_END.
> I'll squash this into the next posting:
>
> --- a/arch/x86/kernel/relocate_kernel_64.S
> +++ b/arch/x86/kernel/relocate_kernel_64.S
> @@ -481,6 +481,9 @@ SYM_CODE_START_NOALIGN(kexec_debug_exc_vectors)
> SYM_CODE_END(kexec_debug_exc_vectors)
>
> SYM_CODE_START_LOCAL_NOALIGN(exc_handler)
> + /* No need for ret mitigations during kexec */
> + VALIDATE_UNRET_END
> +
> pushq %rax
> pushq %rbx
> pushq %rcx
Great!
I've applied patch #1 back to tip:x86/boot.
I've skipped the -v7 versions of patch #2 and #3 because AFAICS you've
changed exc_handler already, so a backmerge of this annotation fix
wouldn't be enough.
Thanks,
Ingo