From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=yaRN=IH=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,
	USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4E393C433E0
	for <linux-arm-kernel@archiver.kernel.org>; Tue,  9 Mar 2021 14:33:35 +0000 (UTC)
Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id B8E4C6520F
	for <linux-arm-kernel@archiver.kernel.org>; Tue,  9 Mar 2021 14:33:34 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B8E4C6520F
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Type:
	Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From:
	References:Cc:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=eOB4ymfxkxUQiL9p3q19zEXfOPoogOyQPa5qEjHJmjw=; b=J6e7v8P/J27wZvSVyRTYFNXeh
	3yvLrSpcJut3pA1gZltEahhuqkdOf/OtFLNVFk7Xxah+lTa8Pf3oyUNAxS1JuwGO4E7Vu9SnjckiA
	kS5X8992cziVg7quTyCv+gFVSsd2agvzEP9wHIu0+irE4b23bKHIT87BDXUHAQULcZx5f0j7AP7zZ
	GhrEWdlq9RuG1cZ9WLQldwq9Ck/eNAXzfRHND4c7bRO/4NPb5BEAjKwgZeL0qHNn6CMh3xP7Mfdlh
	31rCcnkKD4iMW2tywe8oyw+Llrg2NGDTyo3VTcyYfAn9cu99DKD5PXfDqtQhSoqHrjQi68XgE3brl
	XlKpmTEGA==;
Received: from localhost ([::1] helo=desiato.infradead.org)
	by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux))
	id 1lJdOu-004qc3-4U; Tue, 09 Mar 2021 14:31:56 +0000
Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124])
 by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux))
 id 1lJdOp-004qb6-SU
 for linux-arm-kernel@lists.infradead.org; Tue, 09 Mar 2021 14:31:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1615300310;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Wxc0JOBl2RBF1+7aJjyA1enwlsd5Pg9Cy0o76P8Xt28=;
 b=QvsjExGBKJDQDU/XeyCk9q3l+AYYPEtaR9I89pbS1aw2diG/cTjs13x5fcM46jTrTws9F/
 6CB2IjeCz7KOlU5moRv70lpQEfVRORp15F+g/qzAKT+zxNpl9VBrwO6OoEXVoIyLkzeTzl
 jNqfJAiLQiS8+hst3FI5W4soSJOrgTk=
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
 [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-101-b5Ty9CIZMGOKKzj4WmugWQ-1; Tue, 09 Mar 2021 09:31:48 -0500
X-MC-Unique: b5Ty9CIZMGOKKzj4WmugWQ-1
Received: by mail-wr1-f69.google.com with SMTP id p12so3932957wrn.18
 for <linux-arm-kernel@lists.infradead.org>;
 Tue, 09 Mar 2021 06:31:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=Wxc0JOBl2RBF1+7aJjyA1enwlsd5Pg9Cy0o76P8Xt28=;
 b=cYJIyR9AzaZBcCQKNT7+E+HRgy1n/qHwWQSovbCpVuzT1u5s4nPEq16to3JCKABStU
 xhjgguDt2hKypSNeRGsKmfGFhXNs5UvDIb6FoMiGmsZV6Ivs7c6RVMT2uUlAPiDOCmuu
 f/Cmnq3HcQ6eMIePlcYBlAYmjmY6G51mHVeDiRmKClo0A5UzuSbsrdNzzhKWKJyJSVvk
 SLQ/o24hgIU6Bxm/yqe/twW0kJQqIOzt3C02KteK0amqEhrrgh3JdoMf70J0524Eptqn
 UcpREs6d3EQel96cDrgYUqLGy0Bk++McuMEbBEA3J86ep6tr570DR1rq4s8J9hHe0hvy
 DlYw==
X-Gm-Message-State: AOAM532bg4QReTz44Yaj0pk+OOpEXzKkG+45lGo6Tbl1uD2aQP7fQ/a4
 z33Zkb0/orYyWjyMmxV76zT2aOXXtEmk8JGavslxJlXWueEYZJZH+U0pz/TOnuxfTv+Pudy6gU+
 Dw73t0mdCwu4RnvooQb33dahC8jniyOJLN5Q=
X-Received: by 2002:a7b:cd04:: with SMTP id f4mr4397628wmj.76.1615300306945;
 Tue, 09 Mar 2021 06:31:46 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwe6fPL8KgT0CCyUnW0sv7xFVyTbQ3cibYBJO95FfEYEQ6xRA737m7yzQnrL5w+cIr7adiPgw==
X-Received: by 2002:a7b:cd04:: with SMTP id f4mr4397600wmj.76.1615300306757;
 Tue, 09 Mar 2021 06:31:46 -0800 (PST)
Received: from ?IPv6:2a01:cb14:499:3d00:cd47:f651:9d80:157a?
 ([2a01:cb14:499:3d00:cd47:f651:9d80:157a])
 by smtp.gmail.com with ESMTPSA id h20sm4222703wmp.38.2021.03.09.06.31.45
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Tue, 09 Mar 2021 06:31:45 -0800 (PST)
Subject: Re: [RFC PATCH v2 13/13] objtool: arm64: Enable stack validation for
 arm64
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
 Linux ARM <linux-arm-kernel@lists.infradead.org>,
 Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>,
 Mark Rutland <mark.rutland@arm.com>, Masahiro Yamada <masahiroy@kernel.org>,
 Josh Poimboeuf <jpoimboe@redhat.com>, Peter Zijlstra <peterz@infradead.org>,
 ycote@redhat.com, Raphael Gault <raphael.gault@arm.com>
References: <20210303170932.1838634-1-jthierry@redhat.com>
 <20210303170932.1838634-14-jthierry@redhat.com>
 <CAMj1kXEt36b6oPAz8wtpig+WBNCGaWhWcKQiAAfOBC2a5O0iVA@mail.gmail.com>
From: Julien Thierry <jthierry@redhat.com>
Message-ID: <4f9979a3-7902-e642-3abc-c18c72c3e9af@redhat.com>
Date: Tue, 9 Mar 2021 15:31:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <CAMj1kXEt36b6oPAz8wtpig+WBNCGaWhWcKQiAAfOBC2a5O0iVA@mail.gmail.com>
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jthierry@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210309_143152_116092_020427DF 
X-CRM114-Status: GOOD (  25.24  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org



On 3/7/21 11:25 AM, Ard Biesheuvel wrote:
> On Wed, 3 Mar 2021 at 18:10, Julien Thierry <jthierry@redhat.com> wrote:
>>
>> From: Raphael Gault <raphael.gault@arm.com>
>>
>> Add build option to run stack validation at compile time.
>>
>> When requiring stack validation, jump tables are disabled as it
>> simplifies objtool analysis (without having to introduce unreliable
>> artifacs). In local testing, this does not appear to significaly
>> affect final binary size nor system performance.
>>
>> Signed-off-by: Raphael Gault <raphael.gault@arm.com>
>> Signed-off-by: Julien Thierry <jthierry@redhat.com>
>> ---
>>   arch/arm64/Kconfig  | 1 +
>>   arch/arm64/Makefile | 4 ++++
>>   2 files changed, 5 insertions(+)
>>
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index 1f212b47a48a..928323c03318 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -187,6 +187,7 @@ config ARM64
>>          select MMU_GATHER_RCU_TABLE_FREE
>>          select HAVE_RSEQ
>>          select HAVE_STACKPROTECTOR
>> +       select HAVE_STACK_VALIDATION
>>          select HAVE_SYSCALL_TRACEPOINTS
>>          select HAVE_KPROBES
>>          select HAVE_KRETPROBES
>> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
>> index 5b84aec31ed3..b819fb2e8eda 100644
>> --- a/arch/arm64/Makefile
>> +++ b/arch/arm64/Makefile
>> @@ -136,6 +136,10 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y)
>>     CC_FLAGS_FTRACE := -fpatchable-function-entry=2
>>   endif
>>
>> +ifeq ($(CONFIG_STACK_VALIDATION),y)
>> +KBUILD_CFLAGS  += -fno-jump-tables
>> +endif
>> +
> 
> This is a bit misleading: the Kconfig option in question is selected
> automatically in all cases, so jump tables are always disabled.
> 

So, at the moment, the arch Kconfig only advertises that arm64 has stack 
validation with objtool, but currently stack validation itself is not 
enabled by default.

> However, I think disabling jump tables make sense anyway, at least
> when building the relocatable kernel for KASLR: we currently don't use
> -fpic/fpie in that case when building the vmlinux objects (because we
> don't want/need GOT tables), and so jump tables are emitted using
> absolute addresses, which induce some space overhead in the image. (24
> bytes of RELA data per absolute address)
> 
> ... unless I am missing something, and jump tables can/will be emitted
> as relative, even when not compiling in PIC mode?
> 

Personally I don't have enough context to assess whether it's the way to 
go. But if nobody opposes I'm fine having -fno-jump-tables in the 
default arm64 CFLAGS.

Thanks,

-- 
Julien Thierry


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel