On Wed, Mar 05, 2025 at 05:23:05PM +0100, Jan Beulich wrote:
> On 05.03.2025 16:39, Roger Pau Monné wrote:
> > On Wed, Mar 05, 2025 at 04:02:51PM +0100, Jan Beulich wrote:
> >> On 05.03.2025 15:48, Roger Pau Monné wrote:
> >>> On Tue, Feb 25, 2025 at 12:37:00PM +0100, Jan Beulich wrote:
> >>>> __init{const,data}_cf_clobber can have an effect only for pointers
> >>>> actually populated in the respective tables. While not the case for SVM
> >>>> right now, VMX installs a number of pointers only under certain
> >>>> conditions. Hence the respective functions would have their ENDBR purged
> >>>> only when those conditions are met. Invoke "pruning" functions after
> >>>> having copied the respective tables, for them to install any "missing"
> >>>> pointers.
> >>>>
> >>>> Signed-off-by: Jan Beulich <jbeul...@suse.com>
> >>>
> >>> Acked-by: Roger Pau Monné <roger....@citrix.com>
> >>
> >> Thanks.
> >>
> >>> However I find this filling slightly ugly, and prone to be forgotten
> >>> when further hooks are added.
> >>
> >> Indeed. Luckily, while undesirable, that wouldn't be an outright bug.
> >>
> >>> Would it make sense to delay enabling of IBT until after alternatives
> >>> have been applied, and thus simply not use the cf_clobber attribute on
> >>> functions that are patched to not be indirectly called?
>
> Hmm, wait - how would that work? cf_clobber is used on function pointer
> tables; any function indirectly callable prior to patching still needs
> marking with cf_check, for build-time analysis to not throw errors (with
> the specially patched gcc that Andrew prepared with a patch of H.J.'s).
Yeah, we would need something there?
Maybe disable such detection around alternative_{,v}call() usages if
possible?
I assume the build-time detection is done based on call sites? We
would need to figure out whether the detection can be disabled for
chunks of code.
Thanks, Roger.
