On Thu, Apr 23, 2026 at 04:30:47PM -0700, Josh Poimboeuf wrote: > On Thu, Apr 23, 2026 at 09:23:12AM -0700, Josh Poimboeuf wrote: > > On Thu, Apr 23, 2026 at 05:19:25PM +0200, Peter Zijlstra wrote: > > > On Thu, Apr 23, 2026 at 08:16:08AM -0700, Josh Poimboeuf wrote: > > > > On Thu, Apr 23, 2026 at 10:47:58AM +0200, Peter Zijlstra wrote: > > > > > On Wed, Apr 22, 2026 at 09:04:13PM -0700, Josh Poimboeuf wrote: > > > > > > PREFIX_SYMBOLS has a !CFI dependency because the compiler already > > > > > > generates __cfi_ prefix symbols for kCFI builds, so > > > > > > objtool-generated > > > > > > __pfx_ symbols were considered redundant. > > > > > > > > > > > > However, the __cfi_ symbols only cover the 5-byte kCFI type hash. > > > > > > With > > > > > > FUNCTION_CALL_PADDING, there are also 11 bytes of NOP padding > > > > > > between > > > > > > the hash and the function entry which have no symbol to claim them. > > > > > > > > > > If you force the function alignment to 64 bytes, the prefix will also > > > > > be > > > > > 64bytes, rather than the normal 16. > > > > > > > > Sorry, how do you get 64 here? > > > > > > DEBUG_FORCE_FUNCTION_ALIGNMENT_64B=y > > > > Ok, so in that case it would be 5-byte cfi symbol and 59-byte NOP gap. > > Or a 64-byte pfx for the !CFI case. > > > > > > > > The NOPs can be rewritten with call depth tracking thunks at > > > > > > runtime. > > > > > > Without a symbol, unwinders and other tools that symbolize code > > > > > > locations misattribute those bytes. > > > > > > > > > > > > Remove the !CFI guard so objtool creates __pfx_ symbols for all > > > > > > CALL_PADDING configs, covering the full padding area regardless of > > > > > > whether there's also a __cfi_ symbol. > > > > > > > > > > Egads, that a ton of symbols :/ Does it not make sense to 'fix' up the > > > > > __cfi_ symbols to cover the whole prefix? > > > > > > > > Yeah, I suppose that would be better, via objtool I presume. > > > > > > Yup.
I discovered it's not just FineIBT, it's basically any CALL_PADDING+CFI, like so: From: Josh Poimboeuf <[email protected]> Subject: [PATCH] objtool: Grow __cfi_* symbols for all kCFI+CALL_PADDING For all CONFIG_CFI+CONFIG_CALL_PADDING configs, the __cfi_ symbols only cover the 5-byte kCFI type hash. After that there also N bytes of NOP padding between the hash and the function entry which aren't associated with any symbol. The NOPs can be replaced with actual code at runtime. Without a symbol, unwinders and tooling have no way of knowing where those bytes belong. Grow the existing __cfi_* symbols to fill that gap. Also, CONFIG_PREFIX_SYMBOLS has no reason to exist: CONFIG_CALL_PADDING is what causes the compiler to emit NOP padding before function entry (via -fpatchable-function-entry), so it's the right condition for creating prefix symbols. Remove CONFIG_PREFIX_SYMBOLS, as it's no longer needed. Simplify the LONGEST_SYM_KUNIT_TEST dependency accordingly. Update the --cfi and --prefix usage strings to reflect their current scope. Signed-off-by: Josh Poimboeuf <[email protected]> --- arch/x86/Kconfig | 4 ---- lib/Kconfig.debug | 2 +- scripts/Makefile.lib | 5 ++++- tools/objtool/builtin-check.c | 9 +++++++-- tools/objtool/check.c | 13 ++++++++++++- tools/objtool/elf.c | 20 ++++++++++++++++++++ tools/objtool/include/objtool/elf.h | 1 + 7 files changed, 45 insertions(+), 9 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index f3f7cb01d69d..3eb3c48d764a 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2437,10 +2437,6 @@ config CALL_THUNKS def_bool n select CALL_PADDING -config PREFIX_SYMBOLS - def_bool y - depends on CALL_PADDING && !CFI - menuconfig CPU_MITIGATIONS bool "Mitigations for CPU vulnerabilities" default y diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 77c3774c1c49..8b41720069b3 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -3059,7 +3059,7 @@ config FORTIFY_KUNIT_TEST config LONGEST_SYM_KUNIT_TEST tristate "Test the longest symbol possible" if !KUNIT_ALL_TESTS depends on KUNIT && KPROBES - depends on !PREFIX_SYMBOLS && !CFI && !GCOV_KERNEL + depends on !CALL_PADDING && !GCOV_KERNEL default KUNIT_ALL_TESTS help Tests the longest symbol possible diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 0718e39cedda..562d89f051f0 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -187,7 +187,10 @@ objtool-args-$(CONFIG_HAVE_JUMP_LABEL_HACK) += --hacks=jump_label objtool-args-$(CONFIG_HAVE_NOINSTR_HACK) += --hacks=noinstr objtool-args-$(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) += --hacks=skylake objtool-args-$(CONFIG_X86_KERNEL_IBT) += --ibt -objtool-args-$(CONFIG_FINEIBT) += --cfi +objtool-args-$(CONFIG_CALL_PADDING) += --prefix=$(CONFIG_FUNCTION_PADDING_BYTES) +ifdef CONFIG_CFI +objtool-args-$(CONFIG_CALL_PADDING) += --cfi +endif objtool-args-$(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL) += --mcount ifdef CONFIG_FTRACE_MCOUNT_USE_OBJTOOL objtool-args-$(CONFIG_HAVE_OBJTOOL_NOP_MCOUNT) += --mnop diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c index ec7f10a5ef19..254ceb6b0e2c 100644 --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -73,7 +73,6 @@ static int parse_hacks(const struct option *opt, const char *str, int unset) static const struct option check_options[] = { OPT_GROUP("Actions:"), - OPT_BOOLEAN(0, "cfi", &opts.cfi, "annotate kernel control flow integrity (kCFI) function preambles"), OPT_STRING_OPTARG('d', "disas", &opts.disas, "function-pattern", "disassemble functions", "*"), OPT_CALLBACK_OPTARG('h', "hacks", NULL, NULL, "jump_label,noinstr,skylake", "patch toolchain bugs/limitations", parse_hacks), OPT_BOOLEAN('i', "ibt", &opts.ibt, "validate and annotate IBT"), @@ -84,7 +83,7 @@ static const struct option check_options[] = { OPT_BOOLEAN('r', "retpoline", &opts.retpoline, "validate and annotate retpoline usage"), OPT_BOOLEAN(0, "rethunk", &opts.rethunk, "validate and annotate rethunk usage"), OPT_BOOLEAN(0, "unret", &opts.unret, "validate entry unret placement"), - OPT_INTEGER(0, "prefix", &opts.prefix, "generate prefix symbols"), + OPT_INTEGER(0, "prefix", &opts.prefix, "generate or grow prefix symbols for N-byte function padding"), OPT_BOOLEAN('l', "sls", &opts.sls, "validate straight-line-speculation mitigations"), OPT_BOOLEAN('s', "stackval", &opts.stackval, "validate frame pointer rules"), OPT_BOOLEAN('t', "static-call", &opts.static_call, "annotate static calls"), @@ -92,6 +91,7 @@ static const struct option check_options[] = { OPT_CALLBACK_OPTARG(0, "dump", NULL, NULL, "orc", "dump metadata", parse_dump), OPT_GROUP("Options:"), + OPT_BOOLEAN(0, "cfi", &opts.cfi, "annotate and grow kCFI preamble symbols (use with --prefix)"), OPT_BOOLEAN(0, "backtrace", &opts.backtrace, "unwind on error"), OPT_BOOLEAN(0, "backup", &opts.backup, "create backup (.orig) file on warning/error"), OPT_BOOLEAN(0, "dry-run", &opts.dryrun, "don't write modifications"), @@ -163,6 +163,11 @@ static bool opts_valid(void) return false; } + if (opts.cfi && !opts.prefix) { + ERROR("--cfi requires --prefix"); + return false; + } + if (opts.disas || opts.hack_jump_label || opts.hack_noinstr || diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 410061aeed26..fb24fd284e09 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -923,6 +923,17 @@ static int create_cfi_sections(struct objtool_file *file) return -1; idx++; + + /* + * Grow the __cfi_ symbol to fill the NOP gap between the + * 'mov <hash>, %rax' and the start of the function. + */ + if (sym->len == 5) { + sym->len += opts.prefix; + sym->sym.st_size = sym->len; + if (elf_write_symbol(file->elf, sym)) + return -1; + } } return 0; @@ -4927,7 +4938,7 @@ int check(struct objtool_file *file) goto out; } - if (opts.prefix) { + if (opts.prefix && !opts.cfi) { ret = create_prefix_symbols(file); if (ret) goto out; diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c index 2ca1151de815..ede87dd9644c 100644 --- a/tools/objtool/elf.c +++ b/tools/objtool/elf.c @@ -983,6 +983,26 @@ struct symbol *elf_create_symbol(struct elf *elf, const char *name, return sym; } +int elf_write_symbol(struct elf *elf, struct symbol *sym) +{ + struct section *symtab, *symtab_shndx; + + symtab = find_section_by_name(elf, ".symtab"); + if (!symtab) { + ERROR("no .symtab"); + return -1; + } + + symtab_shndx = find_section_by_name(elf, ".symtab_shndx"); + + if (elf_update_symbol(elf, symtab, symtab_shndx, sym)) + return -1; + + mark_sec_changed(elf, symtab, true); + + return 0; +} + struct symbol *elf_create_section_symbol(struct elf *elf, struct section *sec) { struct symbol *sym = calloc(1, sizeof(*sym)); diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h index 0fd1a9b563e9..4c8a67a68063 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -199,6 +199,7 @@ struct reloc *elf_init_reloc_data_sym(struct elf *elf, struct section *sec, struct symbol *sym, s64 addend); +int elf_write_symbol(struct elf *elf, struct symbol *sym); int elf_write_insn(struct elf *elf, struct section *sec, unsigned long offset, unsigned int len, const char *insn); -- 2.53.0
