www.infradead.org Git - users/dwmw2/linux.git/commit

author	David Woodhouse <dwmw@amazon.co.uk>
	Thu, 9 Jan 2025 14:04:18 +0000 (14:04 +0000)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Tue, 14 Jan 2025 12:02:40 +0000 (13:02 +0100)
commit	2114796ca041f0d3e79e5dd165219b940b23c540
tree	7895b729c1430a2299e2fea85efdf2428021d517	tree
parent	eeed9150411a63dd0611490cf31fdae681427918	commit \| diff

x86/kexec: Mark machine_kexec() with __nocfi

A recent commit caused the relocate_kernel() function to be invoked through
a function pointer, but it does not have CFI information. The resulting trap
occurs after the IDT and GDT have been invalidated, leading to a triple-fault
if CONFIG_CFI_CLANG is enabled.

Using SYM_TYPED_FUNC_START() to provide the CFI information looks like it will
require a prolonged battle with objtool. And is fairly pointless anyway, as
the actual signature comes from a __kcfi_typeid_… symbol emitted from the
C code based on the function prototype it thinks that relocate_kernel has,
rendering the check somewhat tautological.

The simple fix is just to mark machine_kexec() with __nocfi.

Fixes: eeebbde57113 ("x86/kexec: Invoke copy of relocate_kernel() instead of the original")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Suggested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20250109140757.2841269-7-dwmw2@infradead.org