• Peter Zijlstra's avatar
    objtool: Add entry UNRET validation · a09a6e23
    Peter Zijlstra authored
    Since entry asm is tricky, add a validation pass that ensures the
    retbleed mitigation has been done before the first actual RET
    instruction.
    
    Entry points are those that either have UNWIND_HINT_ENTRY, which acts
    as UNWIND_HINT_EMPTY but marks the instruction as an entry point, or
    those that have UWIND_HINT_IRET_REGS at +0.
    
    This is basically a variant of validate_branch() that is
    intra-function and it will simply follow all branches from marked
    entry points and ensures that all paths lead to ANNOTATE_UNRET_END.
    
    If a path hits RET or an indirection the path is a fail and will be
    reported.
    
    There are 3 ANNOTATE_UNRET_END instances:
    
     - UNTRAIN_RET itself
     - exception from-kernel; this path doesn't need UNTRAIN_RET
     - all early exceptions; these also don't need UNTRAIN_RET
    Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    a09a6e23
check.c 98.5 KB