[PATCH] D140035: [X86] Prevent -mibt-seal to work together with -flto=thin
Joao Moreira via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Dec 14 12:48:53 PST 2022
joaomoreira added a comment.
>> Weirdly enough, I double-tested the behavior for -flto=thin + -mibt-seal; the kernel did boot fine on my setup, but when dumped/grep'ed for ENDBRs, it had ~500 less ENDBRs throughout the binary
>
> Did you confirm the issue with the reproducer in the CBL bug? It would be interesting to find out why you couldn't reproduce this in the kernel.
Yes, the reproducer from CBL highlights the issue. I tested it long ago and forgot to add the detail here, yet it should by itself suffice as a motivation for this fix. Thanks for bringing that up.
Regarding not being able to reproduce this in kernel -- never mind... I was misled by setup issues while running IBT kernels in QEMU. I managed to fix the setup and confirm that kernel won't boot. Thanks for pushing this bit too.
Also, FWIIW, objtool alerts about a bunch of relocations pointing to !endbr instructions when compiling with -flto=thin. When compiling with -flto+-mibt-seal, the only alert is for a data relocation to !non-endbr towards x86_64_start_kernel, which doesn't seem to be a concern since (already under the fixed setup) the kernel still doesn't trip.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D140035/new/
https://reviews.llvm.org/D140035
More information about the cfe-commits
mailing list