On Thu, 2025-03-13 at 19:58 +0000, David Woodhouse wrote:
>
> Reproduced that by going back to x86-64 defconfig.
Turns out the unret check doesn't even run unless CONFIG_DEBUG_ENTRY is
enabled (which enables CONFIG_NOINSTR_VALIDATION and thus runs objtool
on vmlinux.o). Which is why I didn't see it.
> vmlinux.o: warning: objtool: exc_handler+0xe: early indirect call
With Peter's help (thanks), this is fixed by adding VALIDATE_UNRET_END.
I'll squash this into the next posting:
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -481,6 +481,9 @@ SYM_CODE_START_NOALIGN(kexec_debug_exc_vectors)
SYM_CODE_END(kexec_debug_exc_vectors)
SYM_CODE_START_LOCAL_NOALIGN(exc_handler)
+ /* No need for ret mitigations during kexec */
+ VALIDATE_UNRET_END
+
pushq %rax
pushq %rbx
pushq %rcx
<<attachment: smime.p7s>>
