x86/alternative: Use .ibt_endbr_seal to seal indirect calls
Objtool's --ibt option generates .ibt_endbr_seal which lists superfluous ENDBR instructions. That is those instructions for which the function is never indirectly called. Overwrite these ENDBR instructions with a NOP4 such that these function can never be indirect called, reducing the number of viable ENDBR targets in the kernel. Signed-off-by:Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by:
Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lore.kernel.org/r/20220308154319.822545231@infradead.org
Showing
- arch/um/kernel/um_arch.c 4 additions, 0 deletionsarch/um/kernel/um_arch.c
- arch/x86/Kconfig 8 additions, 1 deletionarch/x86/Kconfig
- arch/x86/include/asm/alternative.h 1 addition, 0 deletionsarch/x86/include/asm/alternative.h
- arch/x86/include/asm/ibt.h 12 additions, 0 deletionsarch/x86/include/asm/ibt.h
- arch/x86/kernel/alternative.c 39 additions, 0 deletionsarch/x86/kernel/alternative.c
- arch/x86/kernel/module.c 7 additions, 1 deletionarch/x86/kernel/module.c
- scripts/Makefile.build 38 additions, 9 deletionsscripts/Makefile.build
- scripts/link-vmlinux.sh 8 additions, 2 deletionsscripts/link-vmlinux.sh
Loading