From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x2269i7mIac5TRv1xbvtVHU2QLNMOxl0vIoctcSIbriqTh+soIxWBjnHyAKBb3pNUJMPblojE ARC-Seal: i=1; a=rsa-sha256; t=1516722165; cv=none; d=google.com; s=arc-20160816; b=TcT8X825/K9LPwKvbPz2KmecFabrVC5rbkNJPrT3iMsPkuxRrU1hy2nIAgs5fiFT0R 6KevsERolenhF4QUVd3NUOnQ0VLBAFM/sFG4M5gy5NKlfyxaYD9NG9yitP8hAU99eV/u Pz3appdB5NJW1fIXkI2QnGFNlc9Og8lBYHmWU3y1Sta/ZNgqUWQ0jvcFM7Zs9LG+K8K1 hCLjTtuehWR2Tk8tjNOub0lW1bh/dFz+ybsaT2hzXy2OOYwzdHRllK0lQbpqp3GUlKIa 3HNqEFL8b1+8w/umBWphgnje2i3x6QymWegdYZui9EaSZld+aFinIVAo2MVaNBSeo5Yh 4bNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=zh1Y5QmmY0Y9X4AI6HjPbOE6YM32oyK7Tf4pbYnQads=; b=t26nGfPLyaRYdbrTkDuhNGJzQZoe73grN/1XMcrK1TvyXAetBsRypvIAACq/GT4nzl 8/ybPMWVdwAWoP5bia/yit1j6ejZOfb6l3cAluCsWEckChUHb2mdZ+BE07SKteCF+reM xxt3l/L7ZAeds+6agDMhFYPAoT19CLmBJeavIP9ekn9nxKz9Fp1gN+odChIvUB22nP6U wY26L+PTmrHCglkZMZ5PFPqx9JOTr0QmaU0+y/vLkuVdo/Tio8Rv3rbgTF2VeIjB/9sC gtj4KHHeOeq2TUjbUIg68on9lP5tgqiDQ99grazzifRWDUX4M+7DM/B1V196b9C6IKgb gogw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=LqH4z9Iy; spf=pass (google.com: best guess record for domain of peterz@infradead.org designates 205.233.59.134 as permitted sender) smtp.mailfrom=peterz@infradead.org Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=LqH4z9Iy; spf=pass (google.com: best guess record for domain of peterz@infradead.org designates 205.233.59.134 as permitted sender) smtp.mailfrom=peterz@infradead.org Date: Tue, 23 Jan 2018 16:42:36 +0100 From: Peter Zijlstra To: David Woodhouse , Thomas Gleixner , Josh Poimboeuf Cc: linux-kernel@vger.kernel.org, Dave Hansen , Ashok Raj , Tim Chen , Andy Lutomirski , Linus Torvalds , Greg KH , Andrea Arcangeli , Andi Kleen , Arjan Van De Ven , Dan Williams , Paolo Bonzini , Jun Nakajima , Asit Mallick , Jason Baron Subject: Re: [PATCH 00/24] objtool: retpoline and asm-goto validation Message-ID: <20180123154236.GJ2228@hirez.programming.kicks-ass.net> References: <20180123152539.374360046@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180123152539.374360046@infradead.org> User-Agent: Mutt/1.9.2 (2017-12-15) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590397843204218938?= X-GMAIL-MSGID: =?utf-8?q?1590398461545948476?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On Tue, Jan 23, 2018 at 04:25:39PM +0100, Peter Zijlstra wrote: > This series adds two features to objtool: > > - retpoline validation; it verifies no indirect jumps/calls are left in > CONFIG_RETPOLINE=y builds. > > includes fixups for kvm and others > > - asm-goto validation; allows asserting that a block of code is not reachable > through a dynamic branch. > > After this it forces an asm-goto capable compiler to build arch/x86 and removes > the fallback code for static_cpu_has(). After which we can use static_cpu_has() > to guarantee a lack of dynamic branches, which is a requested feature for > various spectre related things. x86_64-allmodconfig -KCOV -KASAN +patch gives: drivers/infiniband/hw/bnxt_re/.tmp_qplib_fp.o: warning: objtool: bnxt_qplib_poll_cq()+0xf8: sibling call from callable instruction with modified stack frame drivers/watchdog/.tmp_hpwdt.o: warning: objtool: .text+0x24: indirect call found in RETPOLINE build --- Subject: jump_label: Add static assertion to every static_branch From: Peter Zijlstra Date: Tue Jan 16 15:27:36 CET 2018 For testing only.. can't use in general because people do: static_branch() || more-cond which confuses the living daylight out of objtool validation and really isn't fixable. DO NOT MERGE Not-signed-off-by: Peter Zijlstra (Intel) --- arch/x86/include/asm/jump_label.h | 1 + include/linux/cgroup.h | 2 +- include/linux/jump_label.h | 15 +++++++++++++-- 3 files changed, 15 insertions(+), 3 deletions(-) --- a/arch/x86/include/asm/jump_label.h +++ b/arch/x86/include/asm/jump_label.h @@ -76,6 +76,7 @@ static __always_inline bool arch_static_ * * Also works with static_cpu_has(). */ +#define arch_static_assert arch_static_assert static __always_inline void arch_static_assert(void) { asm volatile ("1:\n\t" --- a/include/linux/cgroup.h +++ b/include/linux/cgroup.h @@ -88,7 +88,7 @@ extern struct css_set init_css_set; * @ss: subsystem in question */ #define cgroup_subsys_on_dfl(ss) \ - static_branch_likely(&ss ## _on_dfl_key) + __static_branch_likely(&ss ## _on_dfl_key) bool css_has_online_children(struct cgroup_subsys_state *css); struct cgroup_subsys_state *css_from_id(int id, struct cgroup_subsys *ss); --- a/include/linux/jump_label.h +++ b/include/linux/jump_label.h @@ -323,6 +323,10 @@ extern bool ____wrong_branch_error(void) #ifdef HAVE_JUMP_LABEL +#ifndef arch_static_assert +#define arch_static_assert (void) +#endif + /* * Combine the right initial value (type) with the right branch order * to generate the desired result. @@ -379,7 +383,7 @@ extern bool ____wrong_branch_error(void) * See jump_label_type() / jump_label_init_type(). */ -#define static_branch_likely(x) \ +#define __static_branch_likely(x) \ ({ \ bool branch; \ if (__builtin_types_compatible_p(typeof(*x), struct static_key_true)) \ @@ -391,7 +395,9 @@ extern bool ____wrong_branch_error(void) likely(branch); \ }) -#define static_branch_unlikely(x) \ +#define static_branch_likely(x) (__static_branch_likely(x) && (arch_static_assert(), true)) + +#define __static_branch_unlikely(x) \ ({ \ bool branch; \ if (__builtin_types_compatible_p(typeof(*x), struct static_key_true)) \ @@ -403,11 +409,16 @@ extern bool ____wrong_branch_error(void) unlikely(branch); \ }) +#define static_branch_unlikely(x) (__static_branch_unlikely(x) && (arch_static_assert(), true)) + #else /* !HAVE_JUMP_LABEL */ #define static_branch_likely(x) likely(static_key_enabled(&(x)->key)) #define static_branch_unlikely(x) unlikely(static_key_enabled(&(x)->key)) +#define __static_branch_likely(x) likely(static_key_enabled(&(x)->key)) +#define __static_branch_unlikely(x) unlikely(static_key_enabled(&(x)->key)) + #endif /* HAVE_JUMP_LABEL */ /*