All of lore.kernel.org
 help / color / mirror / Atom feed
From: tip-bot for Josh Poimboeuf <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: brgerst@gmail.com, tglx@linutronix.de, bp@alien8.de,
	torvalds@linux-foundation.org, jpoimboe@redhat.com,
	luto@kernel.org, arjan@linux.intel.com, fengguang.wu@intel.com,
	peterz@infradead.org, mingo@kernel.org, hpa@zytor.com,
	dvlasenk@redhat.com, linux-kernel@vger.kernel.org
Subject: [tip:x86/pti] objtool: Fix segfault in ignore_unreachable_insn()
Date: Tue, 13 Feb 2018 03:29:46 -0800	[thread overview]
Message-ID: <tip-59d13cd6789e8feb4615bb999d46bbd439a9a396@git.kernel.org> (raw)
In-Reply-To: <bace77a60d5af9b45eddb8f8fb9c776c8de657ef.1518130694.git.jpoimboe@redhat.com>

Commit-ID:  59d13cd6789e8feb4615bb999d46bbd439a9a396
Gitweb:     https://git.kernel.org/tip/59d13cd6789e8feb4615bb999d46bbd439a9a396
Author:     Josh Poimboeuf <jpoimboe@redhat.com>
AuthorDate: Thu, 8 Feb 2018 17:09:25 -0600
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Tue, 13 Feb 2018 11:46:59 +0100

objtool: Fix segfault in ignore_unreachable_insn()

Peter Zijlstra's patch for converting WARN() to use UD2 triggered a
bunch of false "unreachable instruction" warnings, which then triggered
a seg fault in ignore_unreachable_insn().

The seg fault happened when it tried to dereference a NULL 'insn->func'
pointer.  Thanks to static_cpu_has(), some functions can jump to a
non-function area in the .altinstr_aux section.  That breaks
ignore_unreachable_insn()'s assumption that it's always inside the
original function.

Make sure ignore_unreachable_insn() only follows jumps within the
current function.

Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kbuild test robot <fengguang.wu@intel.com>
Link: http://lkml.kernel.org/r/bace77a60d5af9b45eddb8f8fb9c776c8de657ef.1518130694.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 tools/objtool/check.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 2e458eb..c7fb5c2 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -1935,13 +1935,19 @@ static bool ignore_unreachable_insn(struct instruction *insn)
 		if (is_kasan_insn(insn) || is_ubsan_insn(insn))
 			return true;
 
-		if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest) {
-			insn = insn->jump_dest;
-			continue;
+		if (insn->type == INSN_JUMP_UNCONDITIONAL) {
+			if (insn->jump_dest &&
+			    insn->jump_dest->func == insn->func) {
+				insn = insn->jump_dest;
+				continue;
+			}
+
+			break;
 		}
 
 		if (insn->offset + insn->len >= insn->func->offset + insn->func->len)
 			break;
+
 		insn = list_next_entry(insn, list);
 	}
 

  reply	other threads:[~2018-02-13 11:41 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-07 11:44 [linus:master] BUILD REGRESSION a2e5790d841658485d642196dbb0927303d6c22f kbuild test robot
2018-02-07 18:13 ` Linus Torvalds
2018-02-07 18:35   ` Borislav Petkov
2018-02-07 18:49     ` Peter Zijlstra
2018-02-07 19:03       ` Linus Torvalds
2018-02-07 19:14         ` Peter Zijlstra
2018-02-07 19:28           ` Borislav Petkov
2018-02-07 19:43             ` Linus Torvalds
2018-02-07 20:24               ` Borislav Petkov
2018-02-08  9:13               ` Peter Zijlstra
2018-02-08  9:35                 ` Peter Zijlstra
2018-02-08  9:46                 ` Borislav Petkov
2018-02-08  9:47                 ` David Laight
2018-02-08 10:13                   ` Peter Zijlstra
2018-02-08 17:27                 ` Linus Torvalds
2018-02-08 18:03                   ` Peter Zijlstra
2018-02-08 18:15                     ` Linus Torvalds
2018-02-08 19:44                       ` Peter Zijlstra
2018-02-08 20:02                         ` Linus Torvalds
2018-02-08 20:31                         ` Borislav Petkov
2018-02-08 23:09                           ` [PATCH 0/2] objtool fixes on top of Peter's WARN UD2 patch Josh Poimboeuf
2018-02-08 23:09                             ` [PATCH 1/2] objtool: Fix seg fault in ignore_unreachable_insn() Josh Poimboeuf
2018-02-13 11:29                               ` tip-bot for Josh Poimboeuf [this message]
2018-02-15  0:26                               ` [tip:x86/pti] objtool: Fix segfault " tip-bot for Josh Poimboeuf
2018-02-08 23:09                             ` [PATCH 2/2] x86: Annotate WARN-related UD2 as reachable Josh Poimboeuf
2018-02-13 11:30                               ` [tip:x86/pti] x86/debug, objtool: Annotate WARN()-related " tip-bot for Josh Poimboeuf
2018-02-15  0:26                               ` tip-bot for Josh Poimboeuf
2018-02-09  8:13                             ` [PATCH 0/2] objtool fixes on top of Peter's WARN UD2 patch Peter Zijlstra
2018-02-09  8:12                           ` [linus:master] BUILD REGRESSION a2e5790d841658485d642196dbb0927303d6c22f Peter Zijlstra
2018-02-13 11:30                         ` [tip:x86/pti] x86/debug: Use UD2 for WARN() tip-bot for Peter Zijlstra
2018-02-15  0:27                         ` tip-bot for Peter Zijlstra
2018-02-07 18:38   ` [linus:master] BUILD REGRESSION a2e5790d841658485d642196dbb0927303d6c22f Randy Dunlap
2018-02-07 19:01     ` Linus Torvalds
2018-02-07 19:06       ` Peter Zijlstra
2018-02-07 19:10         ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-59d13cd6789e8feb4615bb999d46bbd439a9a396@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=arjan@linux.intel.com \
    --cc=bp@alien8.de \
    --cc=brgerst@gmail.com \
    --cc=dvlasenk@redhat.com \
    --cc=fengguang.wu@intel.com \
    --cc=hpa@zytor.com \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.