On 19/04/2022 14:10, Peter Zijlstra wrote:
> On Tue, Apr 19, 2022 at 01:12:14PM +0100, Andrew Cooper wrote:
>
>>> Subject: x86/xen: Add ANNOTATE_ENDBR to startup_xen()
>>> From: Josh Poimboeuf <jpoim...@redhat.com>
>>> Date: Mon, 18 Apr 2022 09:50:25 -0700
>>>
>>> From: Josh Poimboeuf <jpoim...@redhat.com>
>>>
>>> The startup_xen() kernel entry point is referenced by the ".note.Xen"
>>> section, and is the real entry point of the VM. It *will* be
>>> indirectly branched to, *however* currently Xen doesn't support PV VM
>>> with CET active.
>> Technically it's always IRET'd to, but the point is that it's never
>> "branched to" by the execution context of the VM.
>>
>> So it would be better to say that it's never indirectly branched to.
>> That's what the IBT checks care about.
> Right, so I was thinking the IRET could set the NEED_ENDBR bit, but
> yeah, that might be stretching the definition of an indirect-branch a
> wee bit.
>
> How about so then?
>
> ---
> Subject: x86/xen: Add ANNOTATE_NOENDBR to startup_xen()
> From: Josh Poimboeuf <jpoim...@redhat.com>
> Date: Mon, 18 Apr 2022 09:50:25 -0700
>
> From: Josh Poimboeuf <jpoim...@redhat.com>
>
> The startup_xen() kernel entry point is referenced by the ".note.Xen"
> section, and is the real entry point of the VM. Control transfer is
> through IRET, which *could* set NEED_ENDBR, however Xen currently does
> no such thing.
>
> Add ANNOTATE_NOENDBR to silence future objtool warnings.
>
> Fixes: ed53a0d97192 ("x86/alternative: Use .ibt_endbr_seal to seal indirect
> calls")
> Signed-off-by: Josh Poimboeuf <jpoim...@redhat.com>
> Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org>
> Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
> Link:
> https://lkml.kernel.org/r/a87bd48b06d11ec4b98122a429e71e489b4e48c3.1650300597.git.jpoim...@redhat.com
LGTM.
~Andrew
