* David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > On Thu, 2025-03-13 at 19:58 +0000, David Woodhouse wrote: > > > > Reproduced that by going back to x86-64 defconfig. > > Turns out the unret check doesn't even run unless CONFIG_DEBUG_ENTRY is > enabled (which enables CONFIG_NOINSTR_VALIDATION and thus runs objtool > on vmlinux.o). Which is why I didn't see it. > > > vmlinux.o: warning: objtool: exc_handler+0xe: early indirect call > > With Peter's help (thanks), this is fixed by adding VALIDATE_UNRET_END. > I'll squash this into the next posting: > > --- a/arch/x86/kernel/relocate_kernel_64.S > +++ b/arch/x86/kernel/relocate_kernel_64.S > @@ -481,6 +481,9 @@ SYM_CODE_START_NOALIGN(kexec_debug_exc_vectors) > SYM_CODE_END(kexec_debug_exc_vectors) > > SYM_CODE_START_LOCAL_NOALIGN(exc_handler) > + /* No need for ret mitigations during kexec */ > + VALIDATE_UNRET_END > + > pushq %rax > pushq %rbx > pushq %rcx Great! I've applied patch #1 back to tip:x86/boot. I've skipped the -v7 versions of patch #2 and #3 because AFAICS you've changed exc_handler already, so a backmerge of this annotation fix wouldn't be enough. Thanks, Ingo
