From: Peter Zijlstra <peterz@infradead.org>
To: x86@kernel.org
Cc: kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org,
decui@microsoft.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
seanjc@google.com, pbonzini@redhat.com, ardb@kernel.org,
kees@kernel.org, Arnd Bergmann <arnd@arndb.de>,
gregkh@linuxfoundation.org, jpoimboe@kernel.org,
linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, linux-efi@vger.kernel.org,
samitolvanen@google.com, ojeda@kernel.org
Subject: Re: [PATCH v3 16/16] objtool: Validate kCFI calls
Date: Mon, 14 Jul 2025 12:49:19 +0200 [thread overview]
Message-ID: <20250714104919.GR905792@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20250714103441.496787279@infradead.org>
On Mon, Jul 14, 2025 at 12:20:27PM +0200, Peter Zijlstra wrote:
> --- a/arch/x86/platform/efi/efi_stub_64.S
> +++ b/arch/x86/platform/efi/efi_stub_64.S
> @@ -11,6 +11,10 @@
> #include <asm/nospec-branch.h>
>
> SYM_FUNC_START(__efi_call)
> + /*
> + * The EFI code doesn't have any CFI, annotate away the CFI violation.
> + */
> + ANNOTATE_NOCFI_SYM
> pushq %rbp
> movq %rsp, %rbp
> and $~0xf, %rsp
FWIW, we should probably do something like this as well.
---
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -562,6 +562,13 @@ __noendbr u64 ibt_save(bool disable)
{
u64 msr = 0;
+ /*
+ * Firmware code will not provide the same level of
+ * control-flow-integriry. Taint the kernel to let the user know.
+ */
+ if (disable || (IS_ENABLED(CONFIG_CFI_CLANG) && cfi_mode != CFI_OFF))
+ add_taint(TAINT_CFI, LOCKDEP_STILL_OK);
+
if (cpu_feature_enabled(X86_FEATURE_IBT)) {
rdmsrq(MSR_IA32_S_CET, msr);
if (disable)
--- a/include/linux/panic.h
+++ b/include/linux/panic.h
@@ -73,7 +73,8 @@ static inline void set_arch_panic_timeou
#define TAINT_RANDSTRUCT 17
#define TAINT_TEST 18
#define TAINT_FWCTL 19
-#define TAINT_FLAGS_COUNT 20
+#define TAINT_CFI 20
+#define TAINT_FLAGS_COUNT 21
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
struct taint_flag {
next prev parent reply other threads:[~2025-07-14 10:49 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-14 10:20 [PATCH v3 00/16] objtool: Detect and warn about indirect calls in __nocfi functions Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 01/16] x86/kvm/emulate: Implement test_cc() in C Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 02/16] x86/kvm/emulate: Introduce EM_ASM_1 Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 03/16] x86/kvm/emulate: Introduce EM_ASM_2 Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 04/16] x86/kvm/emulate: Introduce EM_ASM_2R Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 05/16] x86/kvm/emulate: Introduce EM_ASM_2W Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 06/16] x86/kvm/emulate: Introduce EM_ASM_2CL Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 07/16] x86/kvm/emulate: Introduce EM_ASM_1SRC2 Peter Zijlstra
2025-07-24 0:16 ` Sean Christopherson
2025-08-18 10:37 ` Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 08/16] x86/kvm/emulate: Introduce EM_ASM_3WCL Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 09/16] x86/kvm/emulate: Convert em_salc() to C Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 10/16] x86/kvm/emulate: Remove fastops Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] KVM: x86: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 11/16] x86,hyperv: Clean up hv_do_hypercall() Peter Zijlstra
2025-07-15 4:54 ` Wei Liu
2025-07-15 14:51 ` Michael Kelley
2025-08-20 9:39 ` [tip: x86/core] x86/hyperv: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 12/16] x86_64,hyperv: Use direct call to hypercall-page Peter Zijlstra
2025-07-15 4:58 ` Wei Liu
2025-07-15 14:52 ` Michael Kelley
2025-08-18 10:46 ` Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] x86/hyperv: " tip-bot2 for Peter Zijlstra
2025-07-14 10:20 ` [PATCH v3 13/16] x86/fred: Install system vector handlers even if FRED isnt fully enabled Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] x86/fred: Install system vector handlers even if FRED isn't " tip-bot2 for Sean Christopherson
2025-07-14 10:20 ` [PATCH v3 14/16] x86/fred: Play nice with invoking asm_fred_entry_from_kvm() on non-FRED hardware Peter Zijlstra
2025-07-26 4:54 ` Xin Li
2025-08-18 12:09 ` Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] " tip-bot2 for Josh Poimboeuf
2025-07-14 10:20 ` [PATCH v3 15/16] x86/fred: KVM: VMX: Always use FRED for IRQs when CONFIG_X86_FRED=y Peter Zijlstra
2025-08-20 9:39 ` [tip: x86/core] " tip-bot2 for Sean Christopherson
2025-07-14 10:20 ` [PATCH v3 16/16] objtool: Validate kCFI calls Peter Zijlstra
2025-07-14 10:49 ` Peter Zijlstra [this message]
2025-07-14 11:21 ` Peter Zijlstra
2025-07-14 16:30 ` Miguel Ojeda
2025-07-15 8:38 ` Peter Zijlstra
2025-07-16 21:03 ` Josh Poimboeuf
2025-07-24 20:37 ` Sean Christopherson
2025-07-25 17:57 ` Xin Li
2025-07-25 19:56 ` Sean Christopherson
2025-07-26 0:33 ` Xin Li
2025-08-20 9:39 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-07-24 20:31 ` [PATCH v3 00/16] objtool: Detect and warn about indirect calls in __nocfi functions Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250714104919.GR905792@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=gregkh@linuxfoundation.org \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=kees@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=ojeda@kernel.org \
--cc=pbonzini@redhat.com \
--cc=samitolvanen@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.