Re: [PATCH] x86: Allow for exclusions in checking RETHUNK
From: Josh Poimboeuf
Date: Thu Jul 14 2022 - 23:23:48 EST
On Thu, Jul 14, 2022 at 11:56:07AM -0700, Josh Poimboeuf wrote:
> On Thu, Jul 14, 2022 at 11:50:08AM -0700, Josh Poimboeuf wrote:
> > On Thu, Jul 14, 2022 at 09:18:12AM +0200, Peter Zijlstra wrote:
> > > On Wed, Jul 13, 2022 at 04:55:56PM -0700, Josh Poimboeuf wrote:
> > > > Here's the ANNOTATE_UNSAFE_RET idea.
> > >
> > > Right, I suppose that strictly speaking the compiler can do whatever and
> > > there's no actual guarantee the annotation hits the RET instruction, in
> > > practise it should work, esp. since noinstr.
> >
> > Hm, KASAN is introducing a weird function, resulting in a naked return
> > warning since we have RETHUNK_CFLAGS removed on that file.
> >
> > 0000000000000000 <_sub_I_00099_0>:
> > 0: e8 00 00 00 00 call 5 <_sub_I_00099_0+0x5> 1: R_X86_64_PLT32 __tsan_init-0x4
> > 5: c3 ret
> >
> >
> > Looks like the "KASAN_SANITIZE_rodata.o := n" isn't working somehow?
>
> Oh never mind, I got KASAN/KCSCAN mixed up. Needs both disabled :-/
Well, my ANNOTATE_UNSAFE_RET trick didn't quite work either, as it
results in .discard.retpoline_safe pointing to .rodata when IBT is
enabled.
Instead I'll just do OBJECT_FILES_NON_STANDARD_rodata.o. That shouldn't
break LTO/IBT because the linked code lives in .rodata anyway.
Will have patches tomorrow, if they pass bot testing.
--
Josh