From: Josh Poimboeuf <jpoimboe@kernel.org>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, live-patching@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Joe Lawrence <joe.lawrence@redhat.com>,
Song Liu <song@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
Mark Rutland <mark.rutland@arm.com>,
Miroslav Benes <mbenes@suse.cz>, Petr Mladek <pmladek@suse.com>
Subject: [PATCH v3 14/21] objtool: Prevent kCFI hashes from being decoded as instructions
Date: Tue, 12 May 2026 20:33:48 -0700 [thread overview]
Message-ID: <b1d50c9fc9e6b9bca43833cc4ccbd88a31fed84b.1778642120.git.jpoimboe@kernel.org> (raw)
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
On arm64 with CONFIG_CFI=y, Clang places a 4-byte kCFI type hash
immediately before each address-taken function entry. Since these
hashes are in the text section, objtool tries to decode them, leading to
unpredictable results (e.g., "unannotated intra-function call").
arm64 uses mapping symbols to annotate where code ends and data begins
(and vice versa). Use those to just mark such "instructions" as NOP so
objtool will ignore them.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/check.c | 15 +++++++++++++++
tools/objtool/include/objtool/elf.h | 3 +++
2 files changed, 18 insertions(+)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index e05dc7a93dc1e..2b03a2d6fc952 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -25,6 +25,7 @@
#include <linux/kernel.h>
#include <linux/static_call_types.h>
#include <linux/string.h>
+#include <linux/kconfig.h>
static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache;
@@ -428,6 +429,8 @@ static int decode_instructions(struct objtool_file *file)
for_each_sec(file->elf, sec) {
struct instruction *insns = NULL;
+ struct symbol *map_sym;
+ bool is_data = false;
u8 prev_len = 0;
u8 idx = 0;
@@ -454,6 +457,8 @@ static int decode_instructions(struct objtool_file *file)
if (!strcmp(sec->name, ".init.text") && !opts.module)
sec->init = true;
+ map_sym = list_first_entry(&sec->symbol_list, struct symbol, list);
+
for (offset = 0; offset < sec_size(sec); offset += insn->len) {
if (!insns || idx == INSN_CHUNK_MAX) {
insns = calloc(INSN_CHUNK_SIZE, sizeof(*insn));
@@ -478,6 +483,16 @@ static int decode_instructions(struct objtool_file *file)
prev_len = insn->len;
+ /* Use mapping symbols to skip data in text sections */
+ sec_for_each_sym_from(sec, map_sym) {
+ if (map_sym->offset > offset)
+ break;
+ if (is_mapping_sym(map_sym))
+ is_data = is_data_mapping_sym(map_sym);
+ }
+ if (is_data)
+ insn->type = INSN_NOP;
+
/*
* By default, "ud2" is a dead end unless otherwise
* annotated, because GCC 7 inserts it for certain
diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h
index d895023674673..9d36b14f420e2 100644
--- a/tools/objtool/include/objtool/elf.h
+++ b/tools/objtool/include/objtool/elf.h
@@ -507,6 +507,9 @@ static inline void set_sym_next_reloc(struct reloc *reloc, struct reloc *next)
#define sec_for_each_sym(sec, sym) \
list_for_each_entry(sym, &sec->symbol_list, list)
+#define sec_for_each_sym_from(sec, sym) \
+ list_for_each_entry_from(sym, &sec->symbol_list, list)
+
#define sec_prev_sym(sym) \
sym->sec && sym->list.prev != &sym->sec->symbol_list ? \
list_prev_entry(sym, list) : NULL
--
2.53.0
WARNING: multiple messages have this Message-ID (diff)
From: Josh Poimboeuf <jpoimboe@kernel.org>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, live-patching@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Joe Lawrence <joe.lawrence@redhat.com>,
Song Liu <song@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
Mark Rutland <mark.rutland@arm.com>,
Miroslav Benes <mbenes@suse.cz>, Petr Mladek <pmladek@suse.com>
Subject: [PATCH v3 14/21] objtool: Prevent kCFI hashes from being decoded as instructions
Date: Tue, 12 May 2026 20:34:10 -0700 [thread overview]
Message-ID: <b1d50c9fc9e6b9bca43833cc4ccbd88a31fed84b.1778642120.git.jpoimboe@kernel.org> (raw)
Message-ID: <20260513033410.kIjTilwQ-yN7wsi9BrSDBxGtTXii_WvjElCFnJb8AOY@z> (raw)
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
On arm64 with CONFIG_CFI=y, Clang places a 4-byte kCFI type hash
immediately before each address-taken function entry. Since these
hashes are in the text section, objtool tries to decode them, leading to
unpredictable results (e.g., "unannotated intra-function call").
arm64 uses mapping symbols to annotate where code ends and data begins
(and vice versa). Use those to just mark such "instructions" as NOP so
objtool will ignore them.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/check.c | 15 +++++++++++++++
tools/objtool/include/objtool/elf.h | 3 +++
2 files changed, 18 insertions(+)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index e05dc7a93dc1e..2b03a2d6fc952 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -25,6 +25,7 @@
#include <linux/kernel.h>
#include <linux/static_call_types.h>
#include <linux/string.h>
+#include <linux/kconfig.h>
static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache;
@@ -428,6 +429,8 @@ static int decode_instructions(struct objtool_file *file)
for_each_sec(file->elf, sec) {
struct instruction *insns = NULL;
+ struct symbol *map_sym;
+ bool is_data = false;
u8 prev_len = 0;
u8 idx = 0;
@@ -454,6 +457,8 @@ static int decode_instructions(struct objtool_file *file)
if (!strcmp(sec->name, ".init.text") && !opts.module)
sec->init = true;
+ map_sym = list_first_entry(&sec->symbol_list, struct symbol, list);
+
for (offset = 0; offset < sec_size(sec); offset += insn->len) {
if (!insns || idx == INSN_CHUNK_MAX) {
insns = calloc(INSN_CHUNK_SIZE, sizeof(*insn));
@@ -478,6 +483,16 @@ static int decode_instructions(struct objtool_file *file)
prev_len = insn->len;
+ /* Use mapping symbols to skip data in text sections */
+ sec_for_each_sym_from(sec, map_sym) {
+ if (map_sym->offset > offset)
+ break;
+ if (is_mapping_sym(map_sym))
+ is_data = is_data_mapping_sym(map_sym);
+ }
+ if (is_data)
+ insn->type = INSN_NOP;
+
/*
* By default, "ud2" is a dead end unless otherwise
* annotated, because GCC 7 inserts it for certain
diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h
index d895023674673..9d36b14f420e2 100644
--- a/tools/objtool/include/objtool/elf.h
+++ b/tools/objtool/include/objtool/elf.h
@@ -507,6 +507,9 @@ static inline void set_sym_next_reloc(struct reloc *reloc, struct reloc *next)
#define sec_for_each_sym(sec, sym) \
list_for_each_entry(sym, &sec->symbol_list, list)
+#define sec_for_each_sym_from(sec, sym) \
+ list_for_each_entry_from(sym, &sec->symbol_list, list)
+
#define sec_prev_sym(sym) \
sym->sec && sym->list.prev != &sym->sec->symbol_list ? \
list_prev_entry(sym, list) : NULL
--
2.53.0
next prev parent reply other threads:[~2026-05-13 3:34 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 3:33 [PATCH v3 00/21] objtool/arm64: Port klp-build to arm64 Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 01/21] klp-build: Reject patches to init/*.c Josh Poimboeuf
2026-05-13 3:33 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 03/21] arm64: Fix EFI linking with -fdata-sections Josh Poimboeuf
2026-05-13 3:33 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 05/21] arm64: vdso: Discard .discard.* sections Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 06/21] arm64: Annotate special section entries Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 07/21] crypto: arm64: Move data to .rodata Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 08/21] objtool: Allow setting --mnop without --mcount Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 09/21] kbuild: Only run objtool if there is at least one command Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 12/21] objtool: Refactor elf_add_data() to use a growable data buffer Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 13/21] objtool: Reuse string references Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` Josh Poimboeuf [this message]
2026-05-13 3:34 ` [PATCH v3 14/21] objtool: Prevent kCFI hashes from being decoded as instructions Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 15/21] objtool/klp: Add arm64 support for prefix/PFE detection Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 16/21] objtool/klp: Filter arm64 mapping symbols in find_symbol_by_offset() Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 17/21] objtool/klp: Don't correlate arm64 mapping symbols Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 18/21] objtool/klp: Clone inline alternative replacements Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 19/21] objtool/klp: Introduce objtool for arm64 Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 20/21] klp-build: Support cross-compilation Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 21/21] klp-build: Add arm64 syscall patching macro Josh Poimboeuf
2026-05-13 3:34 ` Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 00/21] objtool/arm64: Port klp-build to arm64 Josh Poimboeuf
2026-05-13 3:33 ` [PATCH v3 02/21] arm64: Annotate intra-function calls Josh Poimboeuf
2026-05-13 3:33 ` Josh Poimboeuf
2026-05-13 3:34 ` [PATCH v3 04/21] arm64: Rename TRAMP_VALIAS -> TRAMP_VALIAS_ASM in asm-offsets Josh Poimboeuf
2026-05-13 3:33 ` Josh Poimboeuf
2026-05-13 3:34 ` [PATCH v3 10/21] objtool: Ignore jumps to the end of the function for checksum runs Josh Poimboeuf
2026-05-13 3:33 ` Josh Poimboeuf
2026-05-13 7:36 ` Peter Zijlstra
2026-05-13 3:34 ` [PATCH v3 11/21] objtool: Allow empty alternatives Josh Poimboeuf
2026-05-13 3:33 ` Josh Poimboeuf
2026-05-13 7:37 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b1d50c9fc9e6b9bca43833cc4ccbd88a31fed84b.1778642120.git.jpoimboe@kernel.org \
--to=jpoimboe@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=joe.lawrence@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mbenes@suse.cz \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=song@kernel.org \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox