Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Date:   Wed, 20 Jul 2022 15:58:09 -0700
From:   Josh Poimboeuf <jpoimboe@kernel.org>
To:     Kees Cook <keescook@chromium.org>
Cc:     Steven Rostedt <rostedt@goodmis.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>, x86@kernel.org,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Andrew Cooper <Andrew.Cooper3@citrix.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Johannes Wikner <kwikner@ethz.ch>,
        Alyssa Milburn <alyssa.milburn@linux.intel.com>,
        Jann Horn <jannh@google.com>, "H.J. Lu" <hjl.tools@gmail.com>,
        Joao Moreira <joao.moreira@intel.com>,
        Joseph Nuzman <joseph.nuzman@intel.com>,
        Juergen Gross <jgross@suse.com>,
        "Peter Zijlstra (Intel)" <peterz@infradead.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>
Subject: Re: [PATCH] lkdtm: Keep the rodata test from causing retbleed
 WARNINGS
Message-ID: <20220720225809.wtnlgvof6wi4owkq@treble>
References: <20220720155507.4f904a58@gandalf.local.home>
 <202207201311.775CB068@keescook>
 <20220720225615.lrt7xnxv3trmiyc7@treble>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20220720225615.lrt7xnxv3trmiyc7@treble>
Precedence: bulk

On Wed, Jul 20, 2022 at 03:56:18PM -0700, Josh Poimboeuf wrote:
> On Wed, Jul 20, 2022 at 01:13:05PM -0700, Kees Cook wrote:
> > On Wed, Jul 20, 2022 at 03:55:07PM -0400, Steven Rostedt wrote:
> > > From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
> > > 
> > > The rodata test checks if executable code in the .rodata section will not
> > > execute. But this also means that fix ups that the return hook code does
> > > will not be able to change this code at boot up, and this causes a
> > > warning.
> > > 
> > > By removing the RETHOOK_CFLAGS from the compilation of the rodata function
> > > makes it hidden from objtool and it will not add its return hook into the
> > > .returns section. This keeps the fix up code from trying and failing on
> > > modifying the rodata return call.
> > > 
> > > Link: https://lore.kernel.org/all/20220720125736.48164a14@gandalf.local.home/
> > > 
> > > Fixes: ee88d363d1561 ("x86,static_call: Use alternative RET encoding")
> > > Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
> > 
> > Yeah, this matches a portion of what was suggested:
> > https://lore.kernel.org/lkml/20220713213133.455599-1-keescook@chromium.org/
> > 
> > But it still needed objtool fixes:
> > https://lore.kernel.org/lkml/20220715032333.neywlazczbb35w3b@treble/
> > 
> > Perhaps objtool has already had patches landed for this? (Otherwise the
> > patch you suggested would fail to build on x86 with rethunk support.)
> 
> I send this patch out a few days ago, nobody picked it up yet:
> 
> https://lkml.kernel.org/lkml/8ec0039712f252693049c70ed3891d39a2357112.1658155446.git.jpoimboe@kernel.org

Actually Peter said he grabbed it and is planning to push it to -tip
tomorrow.

-- 
Josh