Re: [PATCH 6/6] objtool: Validate kCFI calls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Subject: Re: [PATCH 6/6] objtool: Validate kCFI calls
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Date: Tue, 29 Apr 2025 18:18:11 +0200
Cc: x86@xxxxxxxxxx, kys@xxxxxxxxxxxxx, haiyangz@xxxxxxxxxxxxx, wei.liu@xxxxxxxxxx, decui@xxxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, mingo@xxxxxxxxxx, bp@xxxxxxxxx, dave.hansen@xxxxxxxxxxxxxxx, hpa@xxxxxxxxx, pawan.kumar.gupta@xxxxxxxxxxxxxxx, seanjc@xxxxxxxxxx, pbonzini@xxxxxxxxxx, ardb@xxxxxxxxxx, kees@xxxxxxxxxx, Arnd Bergmann <arnd@xxxxxxxx>, gregkh@xxxxxxxxxxxxxxxxxxx, linux-hyperv@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, samitolvanen@xxxxxxxxxx, ojeda@xxxxxxxxxx
In-reply-to: <jsbau7iaqetgf6sa7pooebbbhkhnnidi24f2g7nieozeu63qes@flunkdj5eykb>
References: <20250414111140.586315004@infradead.org> <20250414113754.540779611@infradead.org> <jsbau7iaqetgf6sa7pooebbbhkhnnidi24f2g7nieozeu63qes@flunkdj5eykb>

On Mon, Apr 14, 2025 at 04:43:26PM -0700, Josh Poimboeuf wrote:
> Can we call this ANNOTATE_NOCFI_SAFE or something?

I'm hesitant to do so, because some of these sites really are not safe.
EFI and VMX interrupt crud really are a security issue.

EFI really is unfixable but not less brokene, because the EFI code is
out of our control, the VMX thing might be fixable, not sure I
understand KVM well enough.

References:
- [PATCH 0/6] objtool: Detect and warn about indirect calls in __nocfi functions
  - From: Peter Zijlstra
- [PATCH 6/6] objtool: Validate kCFI calls
  - From: Peter Zijlstra
- Re: [PATCH 6/6] objtool: Validate kCFI calls
  - From: Josh Poimboeuf

Prev by Date: Re: [PATCH v5 00/25] context_tracking,x86: Defer some IPIs until a user->kernel transition
Next by Date: Re: [PATCH 4/5] KVM: RISC-V: reset VCPU state when becoming runnable
Previous by thread: Re: [PATCH 6/6] objtool: Validate kCFI calls
Next by thread: [PATCH 1/6] x86/nospec: JMP_NOSPEC
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]