From: David Laight <david.laight.linux@gmail.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org, hpa@zystor.com,
samitolvanen@google.com, kees@kernel.org, nathan@kernel.org,
scott.d.constable@intel.com
Subject: Re: [PATCH] x86/kcfi: Optimize call sequence
Date: Wed, 17 Jun 2026 13:36:37 +0100 [thread overview]
Message-ID: <20260617133637.676366e6@pumpkin> (raw)
In-Reply-To: <20260617111207.GJ49951@noisy.programming.kicks-ass.net>
On Wed, 17 Jun 2026 13:12:07 +0200
Peter Zijlstra <peterz@infradead.org> wrote:
> On Wed, Jun 17, 2026 at 10:26:43AM +0100, David Laight wrote:
>
> > > > I think it would also be better it the code doing the patching checked
> > > > what it was overwriting.
> > >
> > > Ye of little faith :-)
> >
> > I wouldn't want to have to debug the consequences of getting it wrong.
> > (The same goes for patching into function preamble.)
>
> Been there, done that etc. :-) I'm the weirdo that's written all this
> code.
And I'm one of the weirdos who knows enough asm (various) to understand
what it is all doing :-)
...
> The thing is, objtool validates the retpolines are preceded by UD2 as
> marker for kCFI and complains when this is not so (there must not be
> unannotated indirect calls). And the code that is patching is already
> checking there is that mov into %r10d at the expected offset.
>
> The update poke happens when both those are true; (leading mov and
> trailing UD2), verifying things again has very little added value.
Ok, there is a check a bit earlier but not in this bit.
I'm just wary that just believing an address in some table could easily
lead to problems.
...
> > > Also, objtool
> > > typically avoids actually modifying code and generally prefers to just
> > > ship additional sections such that the kernel can modify itself. There
> > > is an exception to this, but there was definite grumbling about that.
> >
> > At least this one is an optimisation.
> > The advantage of getting objtool to do the change is that objdump will
> > then show the code that is being executed.
>
> Given the amount of self modifying code, that's a dream. Also, on
> anything half recent from Intel, it'll all be rewritten to FineIBT,
> which is wildly different from what objdump will be showing you.
>
> The only way to truly see what's running is to disassemble the live
> image -- either through /proc/kcore or some virtual machine gdb server.
I did have a local change that generated different nop*3 so I could tell
what was lfence, stac, clac (etc).
Trying to check the compiler output was hard when there were blocks of
6 nop.
David
next prev parent reply other threads:[~2026-06-17 12:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 7:15 [PATCH] x86/kcfi: Optimize call sequence Peter Zijlstra
2026-06-16 18:55 ` Borislav Petkov
2026-06-16 20:47 ` David Laight
2026-06-17 7:08 ` Peter Zijlstra
2026-06-17 9:26 ` David Laight
2026-06-17 11:12 ` Peter Zijlstra
2026-06-17 12:36 ` David Laight [this message]
2026-06-17 12:47 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260617133637.676366e6@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=hpa@zystor.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=peterz@infradead.org \
--cc=samitolvanen@google.com \
--cc=scott.d.constable@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.