git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Peter Zijlstra <peterz@infradead.org>
	Sat, 12 Apr 2025 11:56:01 +0000 (13:56 +0200)
committer	Peter Zijlstra <peterz@infradead.org>
	Mon, 18 Aug 2025 12:23:09 +0000 (14:23 +0200)
commit	894af4a1cde61c3401f237184fb770f72ff12df8
tree	6b00452a8bbc9e38b6d4578cf5990c19911724a0	tree \| snapshot
parent	28d11e4548b75d0960429344f12d5f6cc9cee25b	commit \| diff

objtool: Validate kCFI calls

Validate that all indirect calls adhere to kCFI rules. Notably doing
nocfi indirect call to a cfi function is broken.

Apparently some Rust 'core' code violates this and explodes when ran
with FineIBT.

All the ANNOTATE_NOCFI_SYM sites are prime targets for attackers.

- runtime EFI is especially henous because it also needs to disable
IBT. Basically calling unknown code without CFI protection at
runtime is a massice security issue.

- Kexec image handover; if you can exploit this, you get to keep it :-)

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Acked-by: Sean Christopherson <seanjc@google.com>
Link: https://lkml.kernel.org/r/20250714103441.496787279@infradead.org

arch/x86/kernel/machine_kexec_64.c		diff \| blob \| blame \| history
arch/x86/kvm/vmx/vmenter.S		diff \| blob \| blame \| history
arch/x86/platform/efi/efi_stub_64.S		diff \| blob \| blame \| history
drivers/misc/lkdtm/perms.c		diff \| blob \| blame \| history
include/linux/objtool.h		diff \| blob \| blame \| history
include/linux/objtool_types.h		diff \| blob \| blame \| history
tools/include/linux/objtool_types.h		diff \| blob \| blame \| history
tools/objtool/check.c		diff \| blob \| blame \| history
tools/objtool/include/objtool/elf.h		diff \| blob \| blame \| history