From: Kees Cook <kees@kernel.org>
To: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@kernel.org>, Miroslav Benes <mbenes@suse.cz>,
Brendan Jackman <jackmanb@google.com>,
Nathan Chancellor <nathan@kernel.org>,
kernel test robot <lkp@intel.com>
Subject: Re: [PATCH 22/22] lkdtm: Obfuscate do_nothing() pointer
Date: Tue, 25 Mar 2025 12:39:00 -0700 [thread overview]
Message-ID: <202503251238.EE695D3@keescook> (raw)
In-Reply-To: <30b9abffbddeb43c4f6320b1270fa9b4d74c54ed.1742852847.git.jpoimboe@kernel.org>
On Mon, Mar 24, 2025 at 02:56:12PM -0700, Josh Poimboeuf wrote:
> If execute_location()'s memcpy of do_nothing() gets inlined and unrolled
> by the compiler, it copies one word at a time:
>
> mov 0x0(%rip),%rax R_X86_64_PC32 .text+0x1374
> mov %rax,0x38(%rbx)
> mov 0x0(%rip),%rax R_X86_64_PC32 .text+0x136c
> mov %rax,0x30(%rbx)
> ...
>
> Those .text references point to the middle of the function, causing
> objtool to complain about their lack of ENDBR.
>
> Prevent that by resolving the function pointer at runtime rather than
> build time. This fixes the following warning:
>
> drivers/misc/lkdtm/lkdtm.o: warning: objtool: execute_location+0x23: relocation to !ENDBR: .text+0x1378
>
> Cc: Kees Cook <kees@kernel.org>
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202503191453.uFfxQy5R-lkp@intel.com/
> Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Thanks!
Reviewed-by: Kees Cook <kees@kernel.org>
--
Kees Cook
next prev parent reply other threads:[~2025-03-25 19:39 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-24 21:55 [PATCH 00/22] objtool: CONFIG_OBJTOOL_WERROR fixes and cleanups Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 01/22] objtool: Fix detection of consecutive jump tables Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] objtool: Fix detection of consecutive jump tables on Clang 20 tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 02/22] objtool: Warn when disabling unreachable warnings Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 03/22] objtool: Ignore entire functions rather than instructions Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 04/22] objtool: Fix X86_FEATURE_SMAP alternative handling Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 05/22] objtool: Fix CONFIG_OBJTOOL_WERROR for vmlinux.o Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 06/22] objtool: Fix init_module() handling Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 07/22] objtool: Silence more KCOV warnings Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 08/22] objtool: Properly disable uaccess validation Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:55 ` [PATCH 09/22] objtool: Improve error handling Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 10/22] objtool: Reduce CONFIG_OBJTOOL_WERROR verbosity Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 11/22] objtool: Fix up some outdated references to ENTRY/ENDPROC Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 12/22] objtool: Remove --no-unreachable for noinstr-only vmlinux.o runs Josh Poimboeuf
2025-03-25 8:35 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 13/22] objtool: Remove redundant opts.noinstr dependency Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] " tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 14/22] spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, " tip-bot2 for Josh Poimboeuf
2025-03-25 13:13 ` Mark Brown
2025-03-25 22:10 ` tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 15/22] nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, " tip-bot2 for Josh Poimboeuf
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-25 22:20 ` Chaitanya Kulkarni
2025-03-24 21:56 ` [PATCH 16/22] media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, " tip-bot2 for Josh Poimboeuf
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-25 22:42 ` Mauro Carvalho Chehab
2025-03-26 1:46 ` Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 17/22] panic: Disable SMAP in __stack_chk_fail() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, " tip-bot2 for Josh Poimboeuf
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 18/22] Input: cyapa - remove undefined behavior in cyapa_update_fw_store() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, Input: cyapa - Remove " tip-bot2 for Josh Poimboeuf
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 19/22] ASoC: codecs: wcd934x: Remove undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, ASoC: codecs: wcd934x: Remove potential " tip-bot2 for Josh Poimboeuf
2025-03-25 11:32 ` Mark Brown
2025-03-25 11:36 ` Ingo Molnar
2025-03-25 13:12 ` Mark Brown
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 20/22] regulator: rk808: Remove undefined behavior in rk806_set_mode_dcdc() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, regulator: rk808: Remove potential " tip-bot2 for Josh Poimboeuf
2025-03-25 13:17 ` Mark Brown
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 21/22] pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, pwm: mediatek: Prevent theoretical " tip-bot2 for Josh Poimboeuf
2025-03-26 10:35 ` Uwe Kleine-König
2025-03-26 11:11 ` Peter Zijlstra
2025-03-27 5:44 ` Josh Poimboeuf
2025-03-27 8:27 ` Uwe Kleine-König
[not found] ` <m7pgkp3ueo7iqgqf74upjrihr3mpmb3sqhwegnjxxwsrgx2jsw@dnec5iqiyobh>
[not found] ` <Z-Uv60sD_S2xYVB1@gmail.com>
2025-03-27 18:14 ` Uwe Kleine-König
2025-03-27 21:21 ` Ingo Molnar
2025-03-28 10:24 ` Uwe Kleine-König
2025-03-28 13:45 ` Ingo Molnar
2025-03-28 18:19 ` Uwe Kleine-König
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-27 11:06 ` tip-bot2 for Josh Poimboeuf
2025-03-24 21:56 ` [PATCH 22/22] lkdtm: Obfuscate do_nothing() pointer Josh Poimboeuf
2025-03-25 8:34 ` [tip: objtool/urgent] objtool, lkdtm: Obfuscate the " tip-bot2 for Josh Poimboeuf
2025-03-25 19:39 ` Kees Cook [this message]
2025-03-25 22:09 ` tip-bot2 for Josh Poimboeuf
2025-03-27 11:06 ` tip-bot2 for Josh Poimboeuf
2025-03-28 13:48 ` tip-bot2 for Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202503251238.EE695D3@keescook \
--to=kees@kernel.org \
--cc=jackmanb@google.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=mbenes@suse.cz \
--cc=mingo@kernel.org \
--cc=nathan@kernel.org \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.