From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F43CC433DB for ; Sun, 7 Mar 2021 10:27:12 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AC02A6516D for ; Sun, 7 Mar 2021 10:27:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AC02A6516D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ANyIw9+Dvu9cQkO1/6KmyMB+Uyk1vjAAmLRfm9xvao8=; b=qsupvPqBMpjzs3mRoY9GIIQwN kzk6nM5p9CCabesYaXxM1BGf+zaiJe6TfhEb10GWvZcLQ9RJNTGl4I0nqgnlthoXUxPvNKDCFGxmI js2CmpVMvoWN0f3pyfmoje9mNk2m3LFow7L4z/2kId5yThGfIhcH1FUm49/V9K8z1WEUEDeZ3BjG8 S8fPai+VdIsCLahsiXBffnKG3uYgiKXtsWYDCSNJ7z2CK+v4dsewGyI34x/bryTbtGGRkEKC/3qWt 8inqDhl8QYGCMPrBJdZXqkNSmLritMmaap1JkCWQUt/1a4ZPPIE7NbDxpA5mOE+rwxbjhV3qTzLD9 Sr0R0GvZQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIqba-009eRF-1T; Sun, 07 Mar 2021 10:25:46 +0000 Received: from mail.kernel.org ([198.145.29.99]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lIqbS-009eOj-As for linux-arm-kernel@lists.infradead.org; Sun, 07 Mar 2021 10:25:42 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id B375D65165 for ; Sun, 7 Mar 2021 10:25:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615112734; bh=5argcPxIQ145L+A9+bYHb1SXgS8fgArICXY045nS7+Q=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=NRQzOJXMDza1bEKhuY3iC98my8yPJcwG1iD7wEXrJGzR1DidHZRTev0La0ienOy6B g+dNciyDv4XFnZiJOJyQtaRq8d6yjZb9BM0txrY1HnQBgGX6hzew1MbW0RDDWWE86G gzF/EWgGVHZzFh7jrO3BBY77bm+7IRZuQ7KNJ0dV7nG7UvZin4TggXWM6klFU0TQnI /7iaqLg0hCNQLC1UZp8n6DedEFDwAu++v46LGuQQKldHRiXPGkYeL+yKibKr9FknKQ BqNb4ZX4GrI/P1fs1/DJZGZXQKpfgLWqHFawFISHpf3ggQleP+vVuOgMI782hZ4ad/ j4w4vAJYuKIHw== Received: by mail-ot1-f45.google.com with SMTP id 97so6312043otf.13 for ; Sun, 07 Mar 2021 02:25:34 -0800 (PST) X-Gm-Message-State: AOAM533ZWEZgaBXXrDZEqB3k5Lmr0SY73luno7LdcfxRF1B7cUUFAqWy XOzygQ14aU3DW1glTVsQpw0JMAaSDsI0LmptOZ8= X-Google-Smtp-Source: ABdhPJwGHt2AIg8h4ogt+UzuGvMzmeLzjoDNtPF/3XtiaKmHPPlsJ0bDC5mtDjHRfTGE2tLnGjfoLEH9FYCY3W33YsA= X-Received: by 2002:a9d:503:: with SMTP id 3mr5936406otw.77.1615112734063; Sun, 07 Mar 2021 02:25:34 -0800 (PST) MIME-Version: 1.0 References: <20210303170932.1838634-1-jthierry@redhat.com> <20210303170932.1838634-14-jthierry@redhat.com> In-Reply-To: <20210303170932.1838634-14-jthierry@redhat.com> From: Ard Biesheuvel Date: Sun, 7 Mar 2021 11:25:23 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2 13/13] objtool: arm64: Enable stack validation for arm64 To: Julien Thierry Cc: Linux Kernel Mailing List , Linux ARM , Catalin Marinas , Will Deacon , Mark Rutland , Masahiro Yamada , Josh Poimboeuf , Peter Zijlstra , ycote@redhat.com, Raphael Gault X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210307_102538_908164_E0B0B02D X-CRM114-Status: GOOD ( 20.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, 3 Mar 2021 at 18:10, Julien Thierry wrote: > > From: Raphael Gault > > Add build option to run stack validation at compile time. > > When requiring stack validation, jump tables are disabled as it > simplifies objtool analysis (without having to introduce unreliable > artifacs). In local testing, this does not appear to significaly > affect final binary size nor system performance. > > Signed-off-by: Raphael Gault > Signed-off-by: Julien Thierry > --- > arch/arm64/Kconfig | 1 + > arch/arm64/Makefile | 4 ++++ > 2 files changed, 5 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 1f212b47a48a..928323c03318 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -187,6 +187,7 @@ config ARM64 > select MMU_GATHER_RCU_TABLE_FREE > select HAVE_RSEQ > select HAVE_STACKPROTECTOR > + select HAVE_STACK_VALIDATION > select HAVE_SYSCALL_TRACEPOINTS > select HAVE_KPROBES > select HAVE_KRETPROBES > diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile > index 5b84aec31ed3..b819fb2e8eda 100644 > --- a/arch/arm64/Makefile > +++ b/arch/arm64/Makefile > @@ -136,6 +136,10 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y) > CC_FLAGS_FTRACE := -fpatchable-function-entry=2 > endif > > +ifeq ($(CONFIG_STACK_VALIDATION),y) > +KBUILD_CFLAGS += -fno-jump-tables > +endif > + This is a bit misleading: the Kconfig option in question is selected automatically in all cases, so jump tables are always disabled. However, I think disabling jump tables make sense anyway, at least when building the relocatable kernel for KASLR: we currently don't use -fpic/fpie in that case when building the vmlinux objects (because we don't want/need GOT tables), and so jump tables are emitted using absolute addresses, which induce some space overhead in the image. (24 bytes of RELA data per absolute address) ... unless I am missing something, and jump tables can/will be emitted as relative, even when not compiling in PIC mode? > # Default value > head-y := arch/arm64/kernel/head.o > > -- > 2.25.4 > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel