On Fri, Feb 28, 2025 at 11:26:46AM +0100, Peter Zijlstra wrote: > On Fri, Feb 28, 2025 at 05:53:07PM +0800, Menglong Dong wrote: > > > I tested it a little by enabling CFI_CLANG and the extra 5-bytes > > padding. It works fine, as mostly CFI_CLANG use > > CONFIG_FUNCTION_PADDING_BYTES to find the tags. I'll > > do more testing on CFI_CLANG to make sure everything goes > > well. > > I don't think you understand; please read: > > arch/x86/kernel/alternative.c:__apply_fineibt() > > and all the code involved with patching FineIBT. I think you'll find it > very broken if you change anything here. > > Can you post an actual function preamble from a kernel with > CONFIG_FINEIBT=y with your changes on? > > Ex. > > $ objdump -wdr build/kernel/futex/core.o > > Disassembly of section .text: > > 0000000000000000 <__cfi_futex_hash>: > 0: b9 93 0c f9 ad mov $0xadf90c93,%ecx > > 0000000000000005 <.Ltmp0>: > 5: 90 nop > 6: 90 nop > 7: 90 nop > 8: 90 nop > 9: 90 nop > a: 90 nop > b: 90 nop > c: 90 nop > d: 90 nop > e: 90 nop > f: 90 nop > > 0000000000000010 <futex_hash>: > 10: f3 0f 1e fa endbr64 > 14: e8 00 00 00 00 call 19 <futex_hash+0x9> 15: R_X86_64_PLT32 __fentry__-0x4 > 19: 8b 47 10 mov 0x10(%rdi),%eax > > > Any change to the layout here *WILL* break the FineIBT code. > > > If you want to test, make sure your build has FINEIBT=y and boot on an > Intel CPU that has CET-IBT (alderlake and later). Oh, wait, not true, tigerlake also has IBT.
