diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2025-08-28 12:22:22 +0200 |
|---|---|---|
| committer | Borislav Petkov (AMD) <bp@alien8.de> | 2025-09-03 18:00:01 +0200 |
| commit | 7b38dec3c5af54665a4b29483aa02bd1c1e71cf1 (patch) | |
| tree | a20980b779d5b840910a0baeeed65601acf2c334 /tools/objtool | |
| parent | 749627c3980e4421b709857e979e8aa16a4c7147 (diff) | |
x86/boot: Create a confined code area for startup code
In order to be able to have tight control over which code may execute
from the early 1:1 mapping of memory, but still link vmlinux as a single
executable, prefix all symbol references in startup code with __pi_, and
invoke it from outside using the __pi_ prefix.
Use objtool to check that no absolute symbol references are present in
the startup code, as these cannot be used from code running from the 1:1
mapping.
Note that this also requires disabling the latent-entropy GCC plugin, as
the global symbol references that it injects would require explicit
exports, and given that the startup code rarely executes more than once,
it is not a useful source of entropy anyway.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828102202.1849035-43-ardb+git@google.com
Diffstat (limited to 'tools/objtool')
| -rw-r--r-- | tools/objtool/check.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/objtool/check.c b/tools/objtool/check.c index fb47327075fb..d0d20666e872 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -3564,7 +3564,8 @@ static int validate_branch(struct objtool_file *file, struct symbol *func, if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { /* Ignore KCFI type preambles, which always fall through */ if (!strncmp(func->name, "__cfi_", 6) || - !strncmp(func->name, "__pfx_", 6)) + !strncmp(func->name, "__pfx_", 6) || + !strncmp(func->name, "__pi___pfx_", 11)) return 0; if (file->ignore_unreachables) |