On Tue, 2018-01-23 at 16:25 +0100, Peter Zijlstra wrote: > Implement a jump_label assertion that asserts that the code location > is indeed only reachable through a static_branch. Because if GCC is > absolutely retaded it could generate code like: > > xor rax,rax > NOP/JMP 1f > mov $1, rax > 1: > test rax,rax > jz 2f > > 2: > > instead of the sensible: > > NOP/JMP 1f > > 1: > > This implements objtool infrastructure for ensuring the code ends up > sane, since we'll rely on that for correctness and security. > > We tag the instructions after the static branch with static_jump_dest=true; > that is the instruction after the NOP and the instruction at the > JMP+disp site. > > Then, when we read the .discard.jump_assert section, we assert that > each entry points to an instruction that has static_jump_dest set. > > With this we can assert that the code emitted for the if statement > ends up at the static jump location and nothing untowards happened. > > Cc: Thomas Gleixner <t...@linutronix.de> > Cc: Borislav Petkov <b...@alien8.de> > Cc: Josh Poimboeuf <jpoim...@redhat.com> > > Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org>
Thank you for pandering to my paranoia. I suspect that misspelling the word 'retarded' isn't going to be sufficient to stop people from objecting to the use of that word, but other than that, Reviewed-by: David Woodhouse <d...@amazon.co.uk>
smime.p7s
Description: S/MIME cryptographic signature
