From: Alexandre Chartre <alexandre.chartre@oracle.com>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, jpoimboe@redhat.com,
peterz@infradead.org, jthierry@redhat.com, tglx@linutronix.de,
alexandre.chartre@oracle.com
Subject: [PATCH V3 0/9] objtool changes to check retpoline code
Date: Tue, 14 Apr 2020 12:36:09 +0200 [thread overview]
Message-ID: <20200414103618.12657-1-alexandre.chartre@oracle.com> (raw)
Hi,
This is version 3 of the patchset previously named "objtool changes to
remove all ANNOTATE_NOSPEC_ALTERNATIVE". This patchset proposes two
main changes:
1. Add intra-function call support to objtool. This allows objtool
to check code like retpoline and RSB stuffing. Such code is present
in alternative and it is not currently checked because of
ANNOTATE_NOSPEC_ALTERNATIVE directives.
2. Add alternative code validation in objtool. For stack unwinding to
work, Peter and Josh have clearly explained that alternative code
should have the same stack change sequence as the original code.
This patchset adds this capability to objtool.
After changes 1, we could remove the ANNOTATE_SPEC_ALTERNATIVE directives
from retpoline/RSB alternatives, and alternatives would be correclty checked
by objtool. But, because of changes 2, objtool would now report inconsistency
in alternatives, like this:
AS arch/x86/lib/retpoline.o
arch/x86/lib/retpoline.o: warning: objtool: __x86_indirect_thunk_rax()+0x0: error in alternative
arch/x86/lib/retpoline.o: warning: objtool: .altinstr_replacement+0x0: in alternative 1
arch/x86/lib/retpoline.o: warning: objtool: .altinstr_replacement+0x5: misaligned alternative state change
arch/x86/lib/retpoline.o: warning: objtool: .altinstr_replacement+0x11: in alternative 2
arch/x86/lib/retpoline.o: warning: objtool: .altinstr_replacement+0x14: misaligned alternative state change
So this pachset doesn't remove ANNOTATE_NOSPEC_ALTERNATIVE directives
(unlike v1 and v2). But it makes objtool able to detect inconsistent
alternatives. Then such alternative will need to be refactored to
have stack unwinding information compatible with the original code.
For example, here is Peter suggestion for retpoline code:
https://lkml.org/lkml/2020/4/8/905
Changes:
v2->v3:
- rebase on v5.7-rc1
- add alternative code validation in objtool
- add return address unwind hints
- track return address to correctly handle ret with intra-function call
- remove inclusion of PeterZ UNWIND_HINT_RET_OFFSET patch
- move alt_group changes to appropriate patch
- move stack changes for calls to INSN_CALL decode
v1->v2:
- replace RETPOLINE_RET with PeterZ UNWIND_HINT_RET_OFFSET
- make objtool intra-function call action architecture dependent
- objtool now automatically detects and validates all intra-function
calls but it issues a warning if the call was not explicitly tagged
- change __FILL_RETURN_BUFFER to work with objtool
- add generic ANNOTATE_INTRA_FUNCTION_CALL macro
- remove all ANNOTATE_SPEC_ALTERNATIVE (even for __FILL_RETURN_BUFFER)
Thanks,
alex.
-----
Alexandre Chartre (9):
objtool: is_fentry_call() crashes if call has no destination
objtool: Allow branches within the same alternative.
objtool: Add support for intra-function calls
objtool: Handle return instruction with intra-function call
objtool: Add return address unwind hints
objtool: Report inconsistent stack changes in alternative
x86/speculation: Change __FILL_RETURN_BUFFER to work with objtool
x86/speculation: Add return address unwind hints to retpoline and RSB
stuffing
x86/speculation: Annotate intra-function calls
arch/x86/include/asm/nospec-branch.h | 42 +-
arch/x86/include/asm/orc_types.h | 2 +
arch/x86/include/asm/unwind_hints.h | 23 +
include/linux/frame.h | 11 +
tools/arch/x86/include/asm/orc_types.h | 2 +
.../Documentation/stack-validation.txt | 8 +
tools/objtool/arch/x86/decode.c | 13 +
tools/objtool/check.c | 480 ++++++++++++++++--
tools/objtool/check.h | 8 +-
9 files changed, 545 insertions(+), 44 deletions(-)
--
2.18.2
next reply other threads:[~2020-04-14 10:56 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-14 10:36 Alexandre Chartre [this message]
2020-04-14 10:36 ` [PATCH V3 1/9] objtool: is_fentry_call() crashes if call has no destination Alexandre Chartre
2020-05-01 18:22 ` [tip: objtool/core] " tip-bot2 for Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 2/9] objtool: Allow branches within the same alternative Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 3/9] objtool: Add support for intra-function calls Alexandre Chartre
2020-04-14 12:07 ` Julien Thierry
2020-04-16 12:12 ` Miroslav Benes
2020-05-01 18:22 ` [tip: objtool/core] " tip-bot2 for Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 4/9] objtool: Handle return instruction with intra-function call Alexandre Chartre
2020-04-14 13:44 ` Julien Thierry
2020-04-14 10:36 ` [PATCH V3 5/9] objtool: Add return address unwind hints Alexandre Chartre
2020-04-14 16:16 ` Peter Zijlstra
2020-04-14 16:40 ` Alexandre Chartre
2020-04-14 17:56 ` Peter Zijlstra
2020-04-14 18:31 ` Alexandre Chartre
2020-04-14 18:42 ` Peter Zijlstra
2020-04-14 19:27 ` Alexandre Chartre
2020-04-14 19:48 ` Peter Zijlstra
2020-04-14 10:36 ` [PATCH V3 6/9] objtool: Report inconsistent stack changes in alternative Alexandre Chartre
2020-04-14 15:35 ` Julien Thierry
2020-04-14 22:41 ` kbuild test robot
2020-04-14 22:41 ` kbuild test robot
2020-04-14 23:09 ` kbuild test robot
2020-04-14 23:09 ` kbuild test robot
2020-04-16 14:18 ` Peter Zijlstra
2020-04-16 14:43 ` Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 7/9] x86/speculation: Change __FILL_RETURN_BUFFER to work with objtool Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 8/9] x86/speculation: Add return address unwind hints to retpoline and RSB stuffing Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 9/9] x86/speculation: Annotate intra-function calls Alexandre Chartre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200414103618.12657-1-alexandre.chartre@oracle.com \
--to=alexandre.chartre@oracle.com \
--cc=jpoimboe@redhat.com \
--cc=jthierry@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.