On 05.03.2025 16:39, Roger Pau Monné wrote:
> On Wed, Mar 05, 2025 at 04:02:51PM +0100, Jan Beulich wrote:
>> On 05.03.2025 15:48, Roger Pau Monné wrote:
>>> On Tue, Feb 25, 2025 at 12:37:00PM +0100, Jan Beulich wrote:
>>>> __init{const,data}_cf_clobber can have an effect only for pointers
>>>> actually populated in the respective tables. While not the case for SVM
>>>> right now, VMX installs a number of pointers only under certain
>>>> conditions. Hence the respective functions would have their ENDBR purged
>>>> only when those conditions are met. Invoke "pruning" functions after
>>>> having copied the respective tables, for them to install any "missing"
>>>> pointers.
>>>>
>>>> Signed-off-by: Jan Beulich <jbeul...@suse.com>
>>>
>>> Acked-by: Roger Pau Monné <roger....@citrix.com>
>>
>> Thanks.
>>
>>> However I find this filling slightly ugly, and prone to be forgotten
>>> when further hooks are added.
>>
>> Indeed. Luckily, while undesirable, that wouldn't be an outright bug.
>>
>>> Would it make sense to delay enabling of IBT until after alternatives
>>> have been applied, and thus simply not use the cf_clobber attribute on
>>> functions that are patched to not be indirectly called?Hmm, wait - how would that work? cf_clobber is used on function pointer tables; any function indirectly callable prior to patching still needs marking with cf_check, for build-time analysis to not throw errors (with the specially patched gcc that Andrew prepared with a patch of H.J.'s). >>> We could still enable IBT before starting the APs. >> >> I'd prefer if Andrew answered this. It looks like it might be an option, >> but it also feels as if this would (if only a little) complicate logic >> overall. > > It would indeed move the enabling a bit later, but overall (if > possible) it would IMO seem simpler than all this patching and filling > of tables. As per above, I think the patching is going to be needed anyway. And hence I fear the table filling will continue to be needed, too. Jan
