x86/kexec: Move relocate_kernel code to .data.relocate_kernel section

The kernel's linker script already places the executable relocate_kernel
code into the data section, where it's copied into the kexec control page
and never executed in place.

Nevertheless, objtool still keeps having *opinions* about it, despite the
fact that we just don't care about all the unguarded bare 'ret's, indirect
function calls and lack of ORC unwinding data.

So move it into the non-executable .data..relocate_kernel section even in
its original object file, and remove the annotations that were littered
throughout to make objtool cope.

Suggested-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>

diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
index 576b7bbdd55eb1b1fb0b15571e5f9610b97af94e..e889bdcf93430387d7843e8db001a11f7c3567b9 100644 (file)
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -24,12 +24,13 @@
 #define PAGE_ATTR (_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED | _PAGE_DIRTY)
 
 /*
- * The .text..relocate_kernel and .data..relocate_kernel sections are copied
- * into the control page, and the remainder of the page is used as the stack.
+ * The .data..relocate_kernel section (which includes the code which gets
+ * executed) is copied into the control page, and the remainder of the page
+ * is used as the stack.
  */
-
        .section .data..relocate_kernel,"a";
-/* Minimal CPU state */
+
+       /* Minimal CPU state */
 SYM_DATA_LOCAL(saved_rsp, .quad 0)
 SYM_DATA_LOCAL(saved_cr0, .quad 0)
 SYM_DATA_LOCAL(saved_cr3, .quad 0)
@@ -58,11 +59,16 @@ SYM_DATA_START(kexec_debug_idt)
        .skip 0x100, 0x00
 SYM_DATA_END(kexec_debug_idt)
 
-       .section .text..relocate_kernel,"ax";
+/*
+ * This code is linked into the data section of the kernel image, is copied
+ * into the kexec control page and never invoked in place. When it runs, all
+ * other CPUs are shut down for kexec. So this code is free to use indirect
+ * branch and bare returns, and doesn't need ORC unwinding data. Keep it in
+ * a data section even of the object file, to prevent objtool from having
+ * opinions about it.
+ */
        .code64
 SYM_CODE_START_NOALIGN(relocate_kernel)
-       UNWIND_HINT_END_OF_STACK
-       ANNOTATE_NOENDBR
        /*
         * %rdi indirection_page
         * %rsi pa_control_page
@@ -121,12 +127,10 @@ SYM_CODE_START_NOALIGN(relocate_kernel)
        /* jump to identity mapped page */
 0:     addq    $identity_mapped - 0b, %rsi
        subq    $__relocate_kernel_start - 0b, %rsi
-       ANNOTATE_RETPOLINE_SAFE
        jmp     *%rsi
 SYM_CODE_END(relocate_kernel)
 
 SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
-       UNWIND_HINT_END_OF_STACK
        /*
         * %rdi indirection page
         * %rdx start address
@@ -240,7 +244,6 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
        xorl    %r14d, %r14d
        xorl    %r15d, %r15d
 
-       ANNOTATE_UNRET_SAFE
        ret
        int3
 
@@ -254,7 +257,6 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
        /* push the existing entry point onto the callee's stack */
        pushq   %rdx
 
-       ANNOTATE_RETPOLINE_SAFE
        call    *%rdx
 
        /* get the re-entry point of the peer system */
@@ -266,7 +268,6 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
 
        /* Find start (and end) of this physical mapping of control page */
        leaq    (%rip), %r8
-       ANNOTATE_NOENDBR
        andq    $PAGE_MASK, %r8
        lea     PAGE_SIZE(%r8), %rsp
        movl    $1, %r11d       /* Ensure preserve_context flag is set */
@@ -275,14 +276,11 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped)
 0:     addq    $virtual_mapped - 0b, %rax
        subq    $__relocate_kernel_start - 0b, %rax
        pushq   %rax
-       ANNOTATE_UNRET_SAFE
        ret
        int3
 SYM_CODE_END(identity_mapped)
 
 SYM_CODE_START_LOCAL_NOALIGN(virtual_mapped)
-       UNWIND_HINT_END_OF_STACK
-       ANNOTATE_NOENDBR // RET target, above
        movq    saved_rsp(%rip), %rsp
        movq    saved_cr4(%rip), %rax
        movq    %rax, %cr4
@@ -307,14 +305,12 @@ SYM_CODE_START_LOCAL_NOALIGN(virtual_mapped)
        popq    %r12
        popq    %rbp
        popq    %rbx
-       ANNOTATE_UNRET_SAFE
        ret
        int3
 SYM_CODE_END(virtual_mapped)
 
        /* Do the copies */
 SYM_CODE_START_LOCAL_NOALIGN(swap_pages)
-       UNWIND_HINT_END_OF_STACK
        /*
         * %rdi indirection page
         * %r11 preserve_context
@@ -377,7 +373,6 @@ SYM_CODE_START_LOCAL_NOALIGN(swap_pages)
        lea     PAGE_SIZE(%rax), %rsi
        jmp     .Lloop
 .Ldone:
-       ANNOTATE_UNRET_SAFE
        ret
        int3
 SYM_CODE_END(swap_pages)
@@ -393,8 +388,6 @@ SYM_CODE_END(swap_pages)
 #define LSR             5       /*  Line Status               */
 
 SYM_CODE_START_LOCAL_NOALIGN(pr_char_8250)
-       UNWIND_HINT_FUNC
-       ANNOTATE_NOENDBR
        addw    $LSR, %dx
        xchg    %al, %ah
 .Lxmtrdy_loop:
@@ -409,15 +402,11 @@ SYM_CODE_START_LOCAL_NOALIGN(pr_char_8250)
        xchg    %al, %ah
        outb    %al, %dx
 pr_char_null:
-       ANNOTATE_NOENDBR
 
-       ANNOTATE_UNRET_SAFE
        ret
 SYM_CODE_END(pr_char_8250)
 
 SYM_CODE_START_LOCAL_NOALIGN(pr_char_8250_mmio32)
-       UNWIND_HINT_FUNC
-       ANNOTATE_NOENDBR
 .Lxmtrdy_loop_mmio:
        movb    (LSR*4)(%rdx), %ah
        testb   $XMTRDY, %ah
@@ -427,7 +416,6 @@ SYM_CODE_START_LOCAL_NOALIGN(pr_char_8250_mmio32)
 
 .Lready_mmio:
        movb    %al, (%rdx)
-       ANNOTATE_UNRET_SAFE
        ret
 SYM_CODE_END(pr_char_8250_mmio32)
 
@@ -452,7 +440,6 @@ SYM_CODE_END(pr_char_8250_mmio32)
 
 /* Print the nybble in %bl, clobber %rax */
 SYM_CODE_START_LOCAL_NOALIGN(pr_nybble)
-       UNWIND_HINT_FUNC
        movb    %bl, %al
        nop
        andb    $0x0f, %al
@@ -460,33 +447,26 @@ SYM_CODE_START_LOCAL_NOALIGN(pr_nybble)
        cmpb    $0x3a, %al
        jb      1f
        addb    $('a' - '0' - 10), %al
-       ANNOTATE_RETPOLINE_SAFE
 1:     jmp     *%rsi
 SYM_CODE_END(pr_nybble)
 
 SYM_CODE_START_LOCAL_NOALIGN(pr_qword)
-       UNWIND_HINT_FUNC
        movq    $16, %rcx
 1:     rolq    $4, %rbx
        call    pr_nybble
        loop    1b
        movb    $'\n', %al
-       ANNOTATE_RETPOLINE_SAFE
        jmp     *%rsi
 SYM_CODE_END(pr_qword)
 
 .macro print_reg a, b, c, d, r
        movb    $\a, %al
-       ANNOTATE_RETPOLINE_SAFE
        call    *%rsi
        movb    $\b, %al
-       ANNOTATE_RETPOLINE_SAFE
        call    *%rsi
        movb    $\c, %al
-       ANNOTATE_RETPOLINE_SAFE
        call    *%rsi
        movb    $\d, %al
-       ANNOTATE_RETPOLINE_SAFE
        call    *%rsi
        movq    \r, %rbx
        call    pr_qword
@@ -495,7 +475,6 @@ SYM_CODE_END(pr_qword)
 SYM_CODE_START_NOALIGN(kexec_debug_exc_vectors)
        /* Each of these is 6 bytes. */
 .macro vec_err exc
-       UNWIND_HINT_ENTRY
        . = kexec_debug_exc_vectors + (\exc * KEXEC_DEBUG_EXC_HANDLER_SIZE)
        nop
        nop
@@ -504,14 +483,12 @@ SYM_CODE_START_NOALIGN(kexec_debug_exc_vectors)
 .endm
 
 .macro vec_noerr exc
-       UNWIND_HINT_ENTRY
        . = kexec_debug_exc_vectors + (\exc * KEXEC_DEBUG_EXC_HANDLER_SIZE)
        pushq   $0
        pushq   $\exc
        jmp     exc_handler
 .endm
 
-       ANNOTATE_NOENDBR
        vec_noerr 0 // #DE
        vec_noerr 1 // #DB
        vec_noerr 2 // #NMI
@@ -532,7 +509,6 @@ SYM_CODE_END(kexec_debug_exc_vectors)
 
 SYM_CODE_START_LOCAL_NOALIGN(exc_handler)
        /* No need for ret mitigations during kexec */
-       VALIDATE_UNRET_END
 
        pushq   %rax
        pushq   %rbx

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0deb4887d6e96ac0462695a92b0c6a875d3f1a4b..2a8c73718d2dd85fb2a7e7c91d4137fb7833d048 100644 (file)
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -100,7 +100,6 @@ const_pcpu_hot = pcpu_hot;
 #define KEXEC_RELOCATE_KERNEL                                  \
        . = ALIGN(0x100);                                       \
        __relocate_kernel_start = .;                            \
-       *(.text..relocate_kernel);                              \
        *(.data..relocate_kernel);                              \
        __relocate_kernel_end = .;