- Linux-stable-mirror - lists.linaro.org

Patch "objtool: Fix 32-bit build" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Fix 32-bit build to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-fix-32-bit-build.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 63474dc4ac7ed3848a4786b9592dd061901f606d Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf <jpoimboe(a)redhat.com> Date: Tue, 6 Mar 2018 17:58:15 -0600 Subject: objtool: Fix 32-bit build From: Josh Poimboeuf <jpoimboe(a)redhat.com> commit 63474dc4ac7ed3848a4786b9592dd061901f606d upstream. Fix the objtool build when cross-compiling a 64-bit kernel on a 32-bit host. This also simplifies read_retpoline_hints() a bit and makes its implementation similar to most of the other annotation reading functions. Reported-by: Sven Joachim <svenjoac(a)gmx.de> Signed-off-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: b5bc2231b8ad ("objtool: Add retpoline validation") Link: http://lkml.kernel.org/r/2ca46c636c23aa9c9d57d53c75de4ee3ddf7a7df.152038069… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/objtool/check.c | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1115,42 +1115,29 @@ static int read_unwind_hints(struct objt static int read_retpoline_hints(struct objtool_file *file) { - struct section *sec, *relasec; + struct section *sec; struct instruction *insn; struct rela *rela; - int i; - sec = find_section_by_name(file->elf, ".discard.retpoline_safe"); + sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); if (!sec) return 0; - relasec = sec->rela; - if (!relasec) { - WARN("missing .rela.discard.retpoline_safe section"); - return -1; - } - - if (sec->len % sizeof(unsigned long)) { - WARN("retpoline_safe size mismatch: %d %ld", sec->len, sizeof(unsigned long)); - return -1; - } - - for (i = 0; i < sec->len / sizeof(unsigned long); i++) { - rela = find_rela_by_dest(sec, i * sizeof(unsigned long)); - if (!rela) { - WARN("can't find rela for retpoline_safe[%d]", i); + list_for_each_entry(rela, &sec->rela_list, list) { + if (rela->sym->type != STT_SECTION) { + WARN("unexpected relocation symbol type in %s", sec->name); return -1; } insn = find_insn(file, rela->sym->sec, rela->addend); if (!insn) { - WARN("can't find insn for retpoline_safe[%d]", i); + WARN("bad .discard.retpoline_safe entry"); return -1; } if (insn->type != INSN_JUMP_DYNAMIC && insn->type != INSN_CALL_DYNAMIC) { - WARN_FUNC("retpoline_safe hint not a indirect jump/call", + WARN_FUNC("retpoline_safe hint not an indirect jump/call", insn->sec, insn->offset); return -1; } Patches currently in stable-queue which might be from jpoimboe(a)redhat.com are queue-4.15/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.15/objtool-fix-32-bit-build.patch queue-4.15/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.15/objtool-add-module-specific-retpoline-rules.patch queue-4.15/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.15/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.15/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.15/nospec-include-asm-barrier.h-dependency.patch queue-4.15/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.15/objtool-add-retpoline-validation.patch queue-4.15/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.15/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.15/x86-64-realmode-add-instruction-suffix.patch queue-4.15/objtool-fix-another-switch-table-detection-issue.patch queue-4.15/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.15/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.15/objtool-use-existing-global-variables-for-options.patch queue-4.15/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.15/nospec-kill-array_index_nospec_mask_check.patch queue-4.15/x86-io-apic-avoid-warning-in-32-bit-builds.patch

7 years, 7 months

1
0
0 0

Patch "objtool: Add retpoline validation" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Add retpoline validation to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-add-retpoline-validation.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b5bc2231b8ad4387c9641f235ca0ad8cd300b6df Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 16 Jan 2018 10:24:06 +0100 Subject: objtool: Add retpoline validation From: Peter Zijlstra <peterz(a)infradead.org> commit b5bc2231b8ad4387c9641f235ca0ad8cd300b6df upstream. David requested a objtool validation pass for CONFIG_RETPOLINE=y enabled builds, where it validates no unannotated indirect jumps or calls are left. Add an additional .discard.retpoline_safe section to allow annotating the few indirect sites that are required and safe. Requested-by: David Woodhouse <dwmw2(a)infradead.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- scripts/Makefile.build | 4 + tools/objtool/builtin-check.c | 3 - tools/objtool/builtin.h | 2 tools/objtool/check.c | 86 +++++++++++++++++++++++++++++++++++++++++- tools/objtool/check.h | 1 5 files changed, 93 insertions(+), 3 deletions(-) --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -264,6 +264,10 @@ objtool_args += --no-unreachable else objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) endif +ifdef CONFIG_RETPOLINE + objtool_args += --retpoline +endif + ifdef CONFIG_MODVERSIONS objtool_o = $(@D)/.tmp_$(@F) --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -29,7 +29,7 @@ #include "builtin.h" #include "check.h" -bool no_fp, no_unreachable; +bool no_fp, no_unreachable, retpoline; static const char * const check_usage[] = { "objtool check [<options>] file.o", @@ -39,6 +39,7 @@ static const char * const check_usage[] const struct option check_options[] = { OPT_BOOLEAN('f', "no-fp", &no_fp, "Skip frame pointer validation"), OPT_BOOLEAN('u', "no-unreachable", &no_unreachable, "Skip 'unreachable instruction' warnings"), + OPT_BOOLEAN('r', "retpoline", &retpoline, "Validate retpoline assumptions"), OPT_END(), }; --- a/tools/objtool/builtin.h +++ b/tools/objtool/builtin.h @@ -20,7 +20,7 @@ #include <subcmd/parse-options.h> extern const struct option check_options[]; -extern bool no_fp, no_unreachable; +extern bool no_fp, no_unreachable, retpoline; extern int cmd_check(int argc, const char **argv); extern int cmd_orc(int argc, const char **argv); --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -496,6 +496,7 @@ static int add_jump_destinations(struct * disguise, so convert them accordingly. */ insn->type = INSN_JUMP_DYNAMIC; + insn->retpoline_safe = true; continue; } else { /* sibling call */ @@ -547,7 +548,8 @@ static int add_call_destinations(struct if (!insn->call_dest && !insn->ignore) { WARN_FUNC("unsupported intra-function call", insn->sec, insn->offset); - WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); + if (retpoline) + WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); return -1; } @@ -1107,6 +1109,54 @@ static int read_unwind_hints(struct objt return 0; } +static int read_retpoline_hints(struct objtool_file *file) +{ + struct section *sec, *relasec; + struct instruction *insn; + struct rela *rela; + int i; + + sec = find_section_by_name(file->elf, ".discard.retpoline_safe"); + if (!sec) + return 0; + + relasec = sec->rela; + if (!relasec) { + WARN("missing .rela.discard.retpoline_safe section"); + return -1; + } + + if (sec->len % sizeof(unsigned long)) { + WARN("retpoline_safe size mismatch: %d %ld", sec->len, sizeof(unsigned long)); + return -1; + } + + for (i = 0; i < sec->len / sizeof(unsigned long); i++) { + rela = find_rela_by_dest(sec, i * sizeof(unsigned long)); + if (!rela) { + WARN("can't find rela for retpoline_safe[%d]", i); + return -1; + } + + insn = find_insn(file, rela->sym->sec, rela->addend); + if (!insn) { + WARN("can't find insn for retpoline_safe[%d]", i); + return -1; + } + + if (insn->type != INSN_JUMP_DYNAMIC && + insn->type != INSN_CALL_DYNAMIC) { + WARN_FUNC("retpoline_safe hint not a indirect jump/call", + insn->sec, insn->offset); + return -1; + } + + insn->retpoline_safe = true; + } + + return 0; +} + static int decode_sections(struct objtool_file *file) { int ret; @@ -1145,6 +1195,10 @@ static int decode_sections(struct objtoo if (ret) return ret; + ret = read_retpoline_hints(file); + if (ret) + return ret; + return 0; } @@ -1890,6 +1944,29 @@ static int validate_unwind_hints(struct return warnings; } +static int validate_retpoline(struct objtool_file *file) +{ + struct instruction *insn; + int warnings = 0; + + for_each_insn(file, insn) { + if (insn->type != INSN_JUMP_DYNAMIC && + insn->type != INSN_CALL_DYNAMIC) + continue; + + if (insn->retpoline_safe) + continue; + + WARN_FUNC("indirect %s found in RETPOLINE build", + insn->sec, insn->offset, + insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); + + warnings++; + } + + return warnings; +} + static bool is_kasan_insn(struct instruction *insn) { return (insn->type == INSN_CALL && @@ -2050,6 +2127,13 @@ int check(const char *_objname, bool orc if (list_empty(&file.insn_list)) goto out; + if (retpoline) { + ret = validate_retpoline(&file); + if (ret < 0) + return ret; + warnings += ret; + } + ret = validate_functions(&file); if (ret < 0) goto out; --- a/tools/objtool/check.h +++ b/tools/objtool/check.h @@ -45,6 +45,7 @@ struct instruction { unsigned char type; unsigned long immediate; bool alt_group, visited, dead_end, ignore, hint, save, restore, ignore_alts; + bool retpoline_safe; struct symbol *call_dest; struct instruction *jump_dest; struct instruction *first_jump_src; Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.15/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.15/objtool-fix-32-bit-build.patch queue-4.15/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.15/objtool-add-module-specific-retpoline-rules.patch queue-4.15/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.15/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.15/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.15/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.15/bug-use-pb-in-bug-and-stack-protector-failure.patch queue-4.15/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.15/nospec-include-asm-barrier.h-dependency.patch queue-4.15/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.15/objtool-add-retpoline-validation.patch queue-4.15/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.15/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.15/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.15/x86-64-realmode-add-instruction-suffix.patch queue-4.15/objtool-fix-another-switch-table-detection-issue.patch queue-4.15/x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch queue-4.15/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.15/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.15/objtool-use-existing-global-variables-for-options.patch queue-4.15/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.15/nospec-kill-array_index_nospec_mask_check.patch queue-4.15/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch queue-4.15/x86-io-apic-avoid-warning-in-32-bit-builds.patch

7 years, 7 months

1
0
0 0

Patch "objtool: Add module specific retpoline rules" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Add module specific retpoline rules to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-add-module-specific-retpoline-rules.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ca41b97ed9124fd62323a162de5852f6e28f94b8 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Wed, 31 Jan 2018 10:18:28 +0100 Subject: objtool: Add module specific retpoline rules From: Peter Zijlstra <peterz(a)infradead.org> commit ca41b97ed9124fd62323a162de5852f6e28f94b8 upstream. David allowed retpolines in .init.text, except for modules, which will trip up objtool retpoline validation, fix that. Requested-by: David Woodhouse <dwmw2(a)infradead.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- scripts/Makefile.build | 2 ++ tools/objtool/builtin-check.c | 3 ++- tools/objtool/builtin.h | 2 +- tools/objtool/check.c | 9 +++++++++ 4 files changed, 14 insertions(+), 2 deletions(-) --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -256,6 +256,8 @@ __objtool_obj := $(objtree)/tools/objtoo objtool_args = $(if $(CONFIG_UNWINDER_ORC),orc generate,check) +objtool_args += $(if $(part-of-module), --module,) + ifndef CONFIG_FRAME_POINTER objtool_args += --no-fp endif --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -29,7 +29,7 @@ #include "builtin.h" #include "check.h" -bool no_fp, no_unreachable, retpoline; +bool no_fp, no_unreachable, retpoline, module; static const char * const check_usage[] = { "objtool check [<options>] file.o", @@ -40,6 +40,7 @@ const struct option check_options[] = { OPT_BOOLEAN('f', "no-fp", &no_fp, "Skip frame pointer validation"), OPT_BOOLEAN('u', "no-unreachable", &no_unreachable, "Skip 'unreachable instruction' warnings"), OPT_BOOLEAN('r', "retpoline", &retpoline, "Validate retpoline assumptions"), + OPT_BOOLEAN('m', "module", &module, "Indicates the object will be part of a kernel module"), OPT_END(), }; --- a/tools/objtool/builtin.h +++ b/tools/objtool/builtin.h @@ -20,7 +20,7 @@ #include <subcmd/parse-options.h> extern const struct option check_options[]; -extern bool no_fp, no_unreachable, retpoline; +extern bool no_fp, no_unreachable, retpoline, module; extern int cmd_check(int argc, const char **argv); extern int cmd_orc(int argc, const char **argv); --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1957,6 +1957,15 @@ static int validate_retpoline(struct obj if (insn->retpoline_safe) continue; + /* + * .init.text code is ran before userspace and thus doesn't + * strictly need retpolines, except for modules which are + * loaded late, they very much do need retpoline in their + * .init.text + */ + if (!strcmp(insn->sec->name, ".init.text") && !module) + continue; + WARN_FUNC("indirect %s found in RETPOLINE build", insn->sec, insn->offset, insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.15/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.15/objtool-fix-32-bit-build.patch queue-4.15/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.15/objtool-add-module-specific-retpoline-rules.patch queue-4.15/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.15/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.15/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.15/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.15/bug-use-pb-in-bug-and-stack-protector-failure.patch queue-4.15/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.15/nospec-include-asm-barrier.h-dependency.patch queue-4.15/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.15/objtool-add-retpoline-validation.patch queue-4.15/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.15/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.15/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.15/x86-64-realmode-add-instruction-suffix.patch queue-4.15/objtool-fix-another-switch-table-detection-issue.patch queue-4.15/x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch queue-4.15/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.15/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.15/objtool-use-existing-global-variables-for-options.patch queue-4.15/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.15/nospec-kill-array_index_nospec_mask_check.patch queue-4.15/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch queue-4.15/x86-io-apic-avoid-warning-in-32-bit-builds.patch

7 years, 7 months

1
0
0 0

Patch "x86/kprobes: Fix kernel crash when probing .entry_trampoline code" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/kprobes: Fix kernel crash when probing .entry_trampoline code to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c07a8f8b08ba683ea24f3ac9159f37ae94daf47f Mon Sep 17 00:00:00 2001 From: Francis Deslauriers <francis.deslauriers(a)efficios.com> Date: Thu, 8 Mar 2018 22:18:12 -0500 Subject: x86/kprobes: Fix kernel crash when probing .entry_trampoline code From: Francis Deslauriers <francis.deslauriers(a)efficios.com> commit c07a8f8b08ba683ea24f3ac9159f37ae94daf47f upstream. Disable the kprobe probing of the entry trampoline: .entry_trampoline is a code area that is used to ensure page table isolation between userspace and kernelspace. At the beginning of the execution of the trampoline, we load the kernel's CR3 register. This has the effect of enabling the translation of the kernel virtual addresses to physical addresses. Before this happens most kernel addresses can not be translated because the running process' CR3 is still used. If a kprobe is placed on the trampoline code before that change of the CR3 register happens the kernel crashes because int3 handling pages are not accessible. To fix this, add the .entry_trampoline section to the kprobe blacklist to prohibit the probing of code before all the kernel pages are accessible. Signed-off-by: Francis Deslauriers <francis.deslauriers(a)efficios.com> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: mathieu.desnoyers(a)efficios.com Cc: mhiramat(a)kernel.org Link: http://lkml.kernel.org/r/1520565492-4637-2-git-send-email-francis.deslaurie… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/sections.h | 1 + arch/x86/kernel/kprobes/core.c | 10 +++++++++- arch/x86/kernel/vmlinux.lds.S | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) --- a/arch/x86/include/asm/sections.h +++ b/arch/x86/include/asm/sections.h @@ -10,6 +10,7 @@ extern struct exception_table_entry __st #if defined(CONFIG_X86_64) extern char __end_rodata_hpage_align[]; +extern char __entry_trampoline_start[], __entry_trampoline_end[]; #endif #endif /* _ASM_X86_SECTIONS_H */ --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -1149,10 +1149,18 @@ NOKPROBE_SYMBOL(longjmp_break_handler); bool arch_within_kprobe_blacklist(unsigned long addr) { + bool is_in_entry_trampoline_section = false; + +#ifdef CONFIG_X86_64 + is_in_entry_trampoline_section = + (addr >= (unsigned long)__entry_trampoline_start && + addr < (unsigned long)__entry_trampoline_end); +#endif return (addr >= (unsigned long)__kprobes_text_start && addr < (unsigned long)__kprobes_text_end) || (addr >= (unsigned long)__entry_text_start && - addr < (unsigned long)__entry_text_end); + addr < (unsigned long)__entry_text_end) || + is_in_entry_trampoline_section; } int __init arch_init_kprobes(void) --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -118,9 +118,11 @@ SECTIONS #ifdef CONFIG_X86_64 . = ALIGN(PAGE_SIZE); + VMLINUX_SYMBOL(__entry_trampoline_start) = .; _entry_trampoline = .; *(.entry_trampoline) . = ALIGN(PAGE_SIZE); + VMLINUX_SYMBOL(__entry_trampoline_end) = .; ASSERT(. - _entry_trampoline == PAGE_SIZE, "entry trampoline is too big"); #endif Patches currently in stable-queue which might be from francis.deslauriers(a)efficios.com are queue-4.14/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch

7 years, 7 months

1
0
0 0

Patch "objtool: Use existing global variables for options" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Use existing global variables for options to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-use-existing-global-variables-for-options.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 43a4525f80534530077683f6472d8971646b0ace Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 16 Jan 2018 17:16:32 +0100 Subject: objtool: Use existing global variables for options From: Peter Zijlstra <peterz(a)infradead.org> commit 43a4525f80534530077683f6472d8971646b0ace upstream. Use the existing global variables instead of passing them around and creating duplicate global variables. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/objtool/builtin-check.c | 2 +- tools/objtool/builtin-orc.c | 6 +----- tools/objtool/builtin.h | 5 +++++ tools/objtool/check.c | 5 ++--- tools/objtool/check.h | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -53,5 +53,5 @@ int cmd_check(int argc, const char **arg objname = argv[0]; - return check(objname, no_fp, no_unreachable, false); + return check(objname, false); } --- a/tools/objtool/builtin-orc.c +++ b/tools/objtool/builtin-orc.c @@ -25,7 +25,6 @@ */ #include <string.h> -#include <subcmd/parse-options.h> #include "builtin.h" #include "check.h" @@ -36,9 +35,6 @@ static const char *orc_usage[] = { NULL, }; -extern const struct option check_options[]; -extern bool no_fp, no_unreachable; - int cmd_orc(int argc, const char **argv) { const char *objname; @@ -54,7 +50,7 @@ int cmd_orc(int argc, const char **argv) objname = argv[0]; - return check(objname, no_fp, no_unreachable, true); + return check(objname, true); } if (!strcmp(argv[0], "dump")) { --- a/tools/objtool/builtin.h +++ b/tools/objtool/builtin.h @@ -17,6 +17,11 @@ #ifndef _BUILTIN_H #define _BUILTIN_H +#include <subcmd/parse-options.h> + +extern const struct option check_options[]; +extern bool no_fp, no_unreachable; + extern int cmd_check(int argc, const char **argv); extern int cmd_orc(int argc, const char **argv); --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -18,6 +18,7 @@ #include <string.h> #include <stdlib.h> +#include "builtin.h" #include "check.h" #include "elf.h" #include "special.h" @@ -33,7 +34,6 @@ struct alternative { }; const char *objname; -static bool no_fp; struct cfi_state initial_func_cfi; struct instruction *find_insn(struct objtool_file *file, @@ -2021,13 +2021,12 @@ static void cleanup(struct objtool_file elf_close(file->elf); } -int check(const char *_objname, bool _no_fp, bool no_unreachable, bool orc) +int check(const char *_objname, bool orc) { struct objtool_file file; int ret, warnings = 0; objname = _objname; - no_fp = _no_fp; file.elf = elf_open(objname, orc ? O_RDWR : O_RDONLY); if (!file.elf) --- a/tools/objtool/check.h +++ b/tools/objtool/check.h @@ -63,7 +63,7 @@ struct objtool_file { bool ignore_unreachables, c_file, hints; }; -int check(const char *objname, bool no_fp, bool no_unreachable, bool orc); +int check(const char *objname, bool orc); struct instruction *find_insn(struct objtool_file *file, struct section *sec, unsigned long offset); Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.14/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.14/objtool-fix-32-bit-build.patch queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/objtool-add-module-specific-retpoline-rules.patch queue-4.14/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.14/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/objtool-add-retpoline-validation.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/objtool-fix-another-switch-table-detection-issue.patch queue-4.14/x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/objtool-use-existing-global-variables-for-options.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch queue-4.14/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch

7 years, 7 months

1
0
0 0

Patch "objtool: Fix another switch table detection issue" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Fix another switch table detection issue to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-fix-another-switch-table-detection-issue.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1402fd8ed7e5bda1b3e7613b70780b0db392d1e6 Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf <jpoimboe(a)redhat.com> Date: Wed, 28 Feb 2018 07:19:21 -0600 Subject: objtool: Fix another switch table detection issue From: Josh Poimboeuf <jpoimboe(a)redhat.com> commit 1402fd8ed7e5bda1b3e7613b70780b0db392d1e6 upstream. Continue the switch table detection whack-a-mole. Add a check to distinguish KASAN data reads from switch data reads. The switch jump tables in .rodata have relocations associated with them. This fixes the following warning: crypto/asymmetric_keys/x509_cert_parser.o: warning: objtool: x509_note_pkey_algo()+0xa4: sibling call from callable instruction with modified stack frame Reported-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Arnd Bergmann <arnd(a)arndb.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Link: https://lkml.kernel.org/r/d7c8853022ad47d158cb81e953a40469fc08a95e.15197843… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/objtool/check.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -924,7 +924,11 @@ static struct rela *find_switch_table(st if (find_symbol_containing(file->rodata, text_rela->addend)) continue; - return find_rela_by_dest(file->rodata, text_rela->addend); + rodata_rela = find_rela_by_dest(file->rodata, text_rela->addend); + if (!rodata_rela) + continue; + + return rodata_rela; } return NULL; Patches currently in stable-queue which might be from jpoimboe(a)redhat.com are queue-4.14/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.14/objtool-fix-32-bit-build.patch queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/objtool-add-module-specific-retpoline-rules.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/objtool-add-retpoline-validation.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/objtool-fix-another-switch-table-detection-issue.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/objtool-use-existing-global-variables-for-options.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch

7 years, 7 months

1
0
0 0

Patch "objtool, retpolines: Integrate objtool with retpoline support more closely" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool, retpolines: Integrate objtool with retpoline support more closely to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d5028ba8ee5a18c9d0bb926d883c28b370f89009 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 6 Feb 2018 09:46:13 +0100 Subject: objtool, retpolines: Integrate objtool with retpoline support more closely From: Peter Zijlstra <peterz(a)infradead.org> commit d5028ba8ee5a18c9d0bb926d883c28b370f89009 upstream. Disable retpoline validation in objtool if your compiler sucks, and otherwise select the validation stuff for CONFIG_RETPOLINE=y (most builds would already have it set due to ORC). Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Makefile | 5 +++++ arch/x86/Kconfig | 1 + arch/x86/Makefile | 10 +++------- scripts/Makefile.build | 2 ++ 4 files changed, 11 insertions(+), 7 deletions(-) --- a/Makefile +++ b/Makefile @@ -494,6 +494,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) endif +RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +export RETPOLINE_CFLAGS + ifeq ($(config-targets),1) # =========================================================================== # *config targets only - make sure prerequisites are updated, and descend --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -431,6 +431,7 @@ config GOLDFISH config RETPOLINE bool "Avoid speculative indirect branches in kernel" default y + select STACK_VALIDATION if HAVE_STACK_VALIDATION help Compile kernel with the retpoline compiler options to guard against kernel-to-user data leaks by avoiding speculative indirect --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -232,13 +232,9 @@ KBUILD_CFLAGS += -fno-asynchronous-unwin # Avoid indirect branches in kernel to deal with Spectre ifdef CONFIG_RETPOLINE - RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register - RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk - - RETPOLINE_CFLAGS += $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) - ifneq ($(RETPOLINE_CFLAGS),) - KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE - endif +ifneq ($(RETPOLINE_CFLAGS),) + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE +endif endif archscripts: scripts_basic --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -272,8 +272,10 @@ else objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) endif ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_CFLAGS),) objtool_args += --retpoline endif +endif ifdef CONFIG_MODVERSIONS Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.14/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.14/objtool-fix-32-bit-build.patch queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/objtool-add-module-specific-retpoline-rules.patch queue-4.14/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.14/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/objtool-add-retpoline-validation.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/objtool-fix-another-switch-table-detection-issue.patch queue-4.14/x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/objtool-use-existing-global-variables-for-options.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch queue-4.14/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch

7 years, 7 months

1
0
0 0

Patch "objtool: Fix 32-bit build" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Fix 32-bit build to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-fix-32-bit-build.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 63474dc4ac7ed3848a4786b9592dd061901f606d Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf <jpoimboe(a)redhat.com> Date: Tue, 6 Mar 2018 17:58:15 -0600 Subject: objtool: Fix 32-bit build From: Josh Poimboeuf <jpoimboe(a)redhat.com> commit 63474dc4ac7ed3848a4786b9592dd061901f606d upstream. Fix the objtool build when cross-compiling a 64-bit kernel on a 32-bit host. This also simplifies read_retpoline_hints() a bit and makes its implementation similar to most of the other annotation reading functions. Reported-by: Sven Joachim <svenjoac(a)gmx.de> Signed-off-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: b5bc2231b8ad ("objtool: Add retpoline validation") Link: http://lkml.kernel.org/r/2ca46c636c23aa9c9d57d53c75de4ee3ddf7a7df.152038069… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/objtool/check.c | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1115,42 +1115,29 @@ static int read_unwind_hints(struct objt static int read_retpoline_hints(struct objtool_file *file) { - struct section *sec, *relasec; + struct section *sec; struct instruction *insn; struct rela *rela; - int i; - sec = find_section_by_name(file->elf, ".discard.retpoline_safe"); + sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); if (!sec) return 0; - relasec = sec->rela; - if (!relasec) { - WARN("missing .rela.discard.retpoline_safe section"); - return -1; - } - - if (sec->len % sizeof(unsigned long)) { - WARN("retpoline_safe size mismatch: %d %ld", sec->len, sizeof(unsigned long)); - return -1; - } - - for (i = 0; i < sec->len / sizeof(unsigned long); i++) { - rela = find_rela_by_dest(sec, i * sizeof(unsigned long)); - if (!rela) { - WARN("can't find rela for retpoline_safe[%d]", i); + list_for_each_entry(rela, &sec->rela_list, list) { + if (rela->sym->type != STT_SECTION) { + WARN("unexpected relocation symbol type in %s", sec->name); return -1; } insn = find_insn(file, rela->sym->sec, rela->addend); if (!insn) { - WARN("can't find insn for retpoline_safe[%d]", i); + WARN("bad .discard.retpoline_safe entry"); return -1; } if (insn->type != INSN_JUMP_DYNAMIC && insn->type != INSN_CALL_DYNAMIC) { - WARN_FUNC("retpoline_safe hint not a indirect jump/call", + WARN_FUNC("retpoline_safe hint not an indirect jump/call", insn->sec, insn->offset); return -1; } Patches currently in stable-queue which might be from jpoimboe(a)redhat.com are queue-4.14/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.14/objtool-fix-32-bit-build.patch queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/objtool-add-module-specific-retpoline-rules.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/objtool-add-retpoline-validation.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/objtool-fix-another-switch-table-detection-issue.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/objtool-use-existing-global-variables-for-options.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch

7 years, 7 months

1
0
0 0

Patch "objtool: Add retpoline validation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Add retpoline validation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-add-retpoline-validation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b5bc2231b8ad4387c9641f235ca0ad8cd300b6df Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Tue, 16 Jan 2018 10:24:06 +0100 Subject: objtool: Add retpoline validation From: Peter Zijlstra <peterz(a)infradead.org> commit b5bc2231b8ad4387c9641f235ca0ad8cd300b6df upstream. David requested a objtool validation pass for CONFIG_RETPOLINE=y enabled builds, where it validates no unannotated indirect jumps or calls are left. Add an additional .discard.retpoline_safe section to allow annotating the few indirect sites that are required and safe. Requested-by: David Woodhouse <dwmw2(a)infradead.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- scripts/Makefile.build | 4 + tools/objtool/builtin-check.c | 3 - tools/objtool/builtin.h | 2 tools/objtool/check.c | 86 +++++++++++++++++++++++++++++++++++++++++- tools/objtool/check.h | 1 5 files changed, 93 insertions(+), 3 deletions(-) --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -269,6 +269,10 @@ objtool_args += --no-unreachable else objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) endif +ifdef CONFIG_RETPOLINE + objtool_args += --retpoline +endif + ifdef CONFIG_MODVERSIONS objtool_o = $(@D)/.tmp_$(@F) --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -29,7 +29,7 @@ #include "builtin.h" #include "check.h" -bool no_fp, no_unreachable; +bool no_fp, no_unreachable, retpoline; static const char * const check_usage[] = { "objtool check [<options>] file.o", @@ -39,6 +39,7 @@ static const char * const check_usage[] const struct option check_options[] = { OPT_BOOLEAN('f', "no-fp", &no_fp, "Skip frame pointer validation"), OPT_BOOLEAN('u', "no-unreachable", &no_unreachable, "Skip 'unreachable instruction' warnings"), + OPT_BOOLEAN('r', "retpoline", &retpoline, "Validate retpoline assumptions"), OPT_END(), }; --- a/tools/objtool/builtin.h +++ b/tools/objtool/builtin.h @@ -20,7 +20,7 @@ #include <subcmd/parse-options.h> extern const struct option check_options[]; -extern bool no_fp, no_unreachable; +extern bool no_fp, no_unreachable, retpoline; extern int cmd_check(int argc, const char **argv); extern int cmd_orc(int argc, const char **argv); --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -496,6 +496,7 @@ static int add_jump_destinations(struct * disguise, so convert them accordingly. */ insn->type = INSN_JUMP_DYNAMIC; + insn->retpoline_safe = true; continue; } else { /* sibling call */ @@ -547,7 +548,8 @@ static int add_call_destinations(struct if (!insn->call_dest && !insn->ignore) { WARN_FUNC("unsupported intra-function call", insn->sec, insn->offset); - WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); + if (retpoline) + WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); return -1; } @@ -1107,6 +1109,54 @@ static int read_unwind_hints(struct objt return 0; } +static int read_retpoline_hints(struct objtool_file *file) +{ + struct section *sec, *relasec; + struct instruction *insn; + struct rela *rela; + int i; + + sec = find_section_by_name(file->elf, ".discard.retpoline_safe"); + if (!sec) + return 0; + + relasec = sec->rela; + if (!relasec) { + WARN("missing .rela.discard.retpoline_safe section"); + return -1; + } + + if (sec->len % sizeof(unsigned long)) { + WARN("retpoline_safe size mismatch: %d %ld", sec->len, sizeof(unsigned long)); + return -1; + } + + for (i = 0; i < sec->len / sizeof(unsigned long); i++) { + rela = find_rela_by_dest(sec, i * sizeof(unsigned long)); + if (!rela) { + WARN("can't find rela for retpoline_safe[%d]", i); + return -1; + } + + insn = find_insn(file, rela->sym->sec, rela->addend); + if (!insn) { + WARN("can't find insn for retpoline_safe[%d]", i); + return -1; + } + + if (insn->type != INSN_JUMP_DYNAMIC && + insn->type != INSN_CALL_DYNAMIC) { + WARN_FUNC("retpoline_safe hint not a indirect jump/call", + insn->sec, insn->offset); + return -1; + } + + insn->retpoline_safe = true; + } + + return 0; +} + static int decode_sections(struct objtool_file *file) { int ret; @@ -1145,6 +1195,10 @@ static int decode_sections(struct objtoo if (ret) return ret; + ret = read_retpoline_hints(file); + if (ret) + return ret; + return 0; } @@ -1890,6 +1944,29 @@ static int validate_unwind_hints(struct return warnings; } +static int validate_retpoline(struct objtool_file *file) +{ + struct instruction *insn; + int warnings = 0; + + for_each_insn(file, insn) { + if (insn->type != INSN_JUMP_DYNAMIC && + insn->type != INSN_CALL_DYNAMIC) + continue; + + if (insn->retpoline_safe) + continue; + + WARN_FUNC("indirect %s found in RETPOLINE build", + insn->sec, insn->offset, + insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); + + warnings++; + } + + return warnings; +} + static bool is_kasan_insn(struct instruction *insn) { return (insn->type == INSN_CALL && @@ -2050,6 +2127,13 @@ int check(const char *_objname, bool orc if (list_empty(&file.insn_list)) goto out; + if (retpoline) { + ret = validate_retpoline(&file); + if (ret < 0) + return ret; + warnings += ret; + } + ret = validate_functions(&file); if (ret < 0) goto out; --- a/tools/objtool/check.h +++ b/tools/objtool/check.h @@ -45,6 +45,7 @@ struct instruction { unsigned char type; unsigned long immediate; bool alt_group, visited, dead_end, ignore, hint, save, restore, ignore_alts; + bool retpoline_safe; struct symbol *call_dest; struct instruction *jump_dest; struct instruction *first_jump_src; Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.14/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.14/objtool-fix-32-bit-build.patch queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/objtool-add-module-specific-retpoline-rules.patch queue-4.14/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.14/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/objtool-add-retpoline-validation.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/objtool-fix-another-switch-table-detection-issue.patch queue-4.14/x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/objtool-use-existing-global-variables-for-options.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch queue-4.14/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch

7 years, 7 months

1
0
0 0

Patch "objtool: Add module specific retpoline rules" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled objtool: Add module specific retpoline rules to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: objtool-add-module-specific-retpoline-rules.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ca41b97ed9124fd62323a162de5852f6e28f94b8 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz(a)infradead.org> Date: Wed, 31 Jan 2018 10:18:28 +0100 Subject: objtool: Add module specific retpoline rules From: Peter Zijlstra <peterz(a)infradead.org> commit ca41b97ed9124fd62323a162de5852f6e28f94b8 upstream. David allowed retpolines in .init.text, except for modules, which will trip up objtool retpoline validation, fix that. Requested-by: David Woodhouse <dwmw2(a)infradead.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arjan van de Ven <arjan(a)linux.intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- scripts/Makefile.build | 2 ++ tools/objtool/builtin-check.c | 3 ++- tools/objtool/builtin.h | 2 +- tools/objtool/check.c | 9 +++++++++ 4 files changed, 14 insertions(+), 2 deletions(-) --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -261,6 +261,8 @@ __objtool_obj := $(objtree)/tools/objtoo objtool_args = $(if $(CONFIG_UNWINDER_ORC),orc generate,check) +objtool_args += $(if $(part-of-module), --module,) + ifndef CONFIG_FRAME_POINTER objtool_args += --no-fp endif --- a/tools/objtool/builtin-check.c +++ b/tools/objtool/builtin-check.c @@ -29,7 +29,7 @@ #include "builtin.h" #include "check.h" -bool no_fp, no_unreachable, retpoline; +bool no_fp, no_unreachable, retpoline, module; static const char * const check_usage[] = { "objtool check [<options>] file.o", @@ -40,6 +40,7 @@ const struct option check_options[] = { OPT_BOOLEAN('f', "no-fp", &no_fp, "Skip frame pointer validation"), OPT_BOOLEAN('u', "no-unreachable", &no_unreachable, "Skip 'unreachable instruction' warnings"), OPT_BOOLEAN('r', "retpoline", &retpoline, "Validate retpoline assumptions"), + OPT_BOOLEAN('m', "module", &module, "Indicates the object will be part of a kernel module"), OPT_END(), }; --- a/tools/objtool/builtin.h +++ b/tools/objtool/builtin.h @@ -20,7 +20,7 @@ #include <subcmd/parse-options.h> extern const struct option check_options[]; -extern bool no_fp, no_unreachable, retpoline; +extern bool no_fp, no_unreachable, retpoline, module; extern int cmd_check(int argc, const char **argv); extern int cmd_orc(int argc, const char **argv); --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1957,6 +1957,15 @@ static int validate_retpoline(struct obj if (insn->retpoline_safe) continue; + /* + * .init.text code is ran before userspace and thus doesn't + * strictly need retpolines, except for modules which are + * loaded late, they very much do need retpoline in their + * .init.text + */ + if (!strcmp(insn->sec->name, ".init.text") && !module) + continue; + WARN_FUNC("indirect %s found in RETPOLINE build", insn->sec, insn->offset, insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.14/x86-kprobes-fix-kernel-crash-when-probing-.entry_trampoline-code.patch queue-4.14/objtool-fix-32-bit-build.patch queue-4.14/x86-boot-objtool-annotate-indirect-jump-in-secondary_startup_64.patch queue-4.14/objtool-add-module-specific-retpoline-rules.patch queue-4.14/x86-retpoline-support-retpoline-builds-with-clang.patch queue-4.14/x86-ldt-avoid-warning-in-32-bit-builds-with-older-gcc.patch queue-4.14/x86-entry-reduce-the-code-footprint-of-the-idtentry-macro.patch queue-4.14/objtool-retpolines-integrate-objtool-with-retpoline-support-more-closely.patch queue-4.14/revert-x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.14/nospec-include-asm-barrier.h-dependency.patch queue-4.14/x86-mm-remove-stale-comment-about-kmemcheck.patch queue-4.14/objtool-add-retpoline-validation.patch queue-4.14/x86-mm-sme-objtool-annotate-indirect-call-in-sme_encrypt_execute.patch queue-4.14/x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch queue-4.14/x86-asm-improve-how-gen_-_suffixed_rmwcc-specify-clobbers.patch queue-4.14/x86-64-realmode-add-instruction-suffix.patch queue-4.14/objtool-fix-another-switch-table-detection-issue.patch queue-4.14/x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch queue-4.14/x86-speculation-objtool-annotate-indirect-calls-jumps-for-objtool.patch queue-4.14/x86-paravirt-objtool-annotate-indirect-calls.patch queue-4.14/objtool-use-existing-global-variables-for-options.patch queue-4.14/x86-entry-64-use-xorl-for-faster-register-clearing.patch queue-4.14/nospec-kill-array_index_nospec_mask_check.patch queue-4.14/lib-bug.c-exclude-non-bug-warn-exceptions-from-report_bug.patch

7 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror