* Re: [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely [not found] <tip-b4879c9b99a43e6c580d563f292a569a016af2a4@git.kernel.org> @ 2018-02-21 10:59 ` David Woodhouse 2018-02-21 12:53 ` Peter Zijlstra 0 siblings, 1 reply; 4+ messages in thread From: David Woodhouse @ 2018-02-21 10:59 UTC (permalink / raw) To: peterz, hpa, luto, arjan, tglx, dan.j.williams, torvalds, gregkh, mingo, bp, linux-kernel, dave.hansen, jpoimboe, linux-tip-commits [-- Attachment #1: Type: text/plain, Size: 473 bytes --] On Wed, 2018-02-21 at 02:34 -0800, tip-bot for Peter Zijlstra wrote: > > --- a/Makefile > +++ b/Makefile > @@ -489,6 +489,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) > KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) > endif > > +ifneq ($(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register),) > + CC_HAS_RETPOLINE := 1 > +endif > +export CC_HAS_RETPOLINE > + That isn't the same as the check in arch/x86/Makefile. [-- Attachment #2: smime.p7s --] [-- Type: application/x-pkcs7-signature, Size: 5213 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely 2018-02-21 10:59 ` [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely David Woodhouse @ 2018-02-21 12:53 ` Peter Zijlstra 2018-02-21 13:12 ` Peter Zijlstra 0 siblings, 1 reply; 4+ messages in thread From: Peter Zijlstra @ 2018-02-21 12:53 UTC (permalink / raw) To: David Woodhouse Cc: hpa, luto, arjan, tglx, dan.j.williams, torvalds, gregkh, mingo, bp, linux-kernel, dave.hansen, jpoimboe, linux-tip-commits On Wed, Feb 21, 2018 at 10:59:14AM +0000, David Woodhouse wrote: > On Wed, 2018-02-21 at 02:34 -0800, tip-bot for Peter Zijlstra wrote: > > > > --- a/Makefile > > +++ b/Makefile > > @@ -489,6 +489,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) > > KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) > > endif > > > > +ifneq ($(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register),) > > + CC_HAS_RETPOLINE := 1 > > +endif > > +export CC_HAS_RETPOLINE > > + > > That isn't the same as the check in arch/x86/Makefile. That's because this crossed with the llvm cruft, right? I'll have a look. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely 2018-02-21 12:53 ` Peter Zijlstra @ 2018-02-21 13:12 ` Peter Zijlstra 2018-02-21 15:55 ` [PATCH v2] " Ingo Molnar 0 siblings, 1 reply; 4+ messages in thread From: Peter Zijlstra @ 2018-02-21 13:12 UTC (permalink / raw) To: David Woodhouse Cc: hpa, luto, arjan, tglx, dan.j.williams, torvalds, gregkh, mingo, bp, linux-kernel, dave.hansen, jpoimboe, linux-tip-commits On Wed, Feb 21, 2018 at 01:53:57PM +0100, Peter Zijlstra wrote: > That's because this crossed with the llvm cruft, right? I'll have a > look. Best I could come up with that seems to work is something like the below. Ingo, can you backmerge or stuff on top as appropriate? --- Makefile | 8 ++++---- arch/x86/Makefile | 10 +++------- scripts/Makefile.build | 2 +- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index e1a155a50fdc..3aa0a115eafb 100644 --- a/Makefile +++ b/Makefile @@ -489,10 +489,10 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) endif -ifneq ($(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register),) - CC_HAS_RETPOLINE := 1 -endif -export CC_HAS_RETPOLINE +RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +export RETPOLINE_CFLAGS ifeq ($(config-targets),1) # =========================================================================== diff --git a/arch/x86/Makefile b/arch/x86/Makefile index dbc7d0ed2eaa..498c1b812300 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -232,13 +232,9 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables # Avoid indirect branches in kernel to deal with Spectre ifdef CONFIG_RETPOLINE - RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register - RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk - - RETPOLINE_CFLAGS += $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) - ifneq ($(RETPOLINE_CFLAGS),) - KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE - endif +ifneq ($(RETPOLINE_CFLAGS),) + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE +endif endif archscripts: scripts_basic diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 07e5802e324b..4f2b25d43ec9 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -267,7 +267,7 @@ else objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) endif ifdef CONFIG_RETPOLINE -ifdef CC_HAS_RETPOLINE +ifneq ($(RETPOLINE_CFLAGS),) objtool_args += --retpoline endif endif ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2] objtool, retpolines: Integrate objtool with retpoline support more closely 2018-02-21 13:12 ` Peter Zijlstra @ 2018-02-21 15:55 ` Ingo Molnar 0 siblings, 0 replies; 4+ messages in thread From: Ingo Molnar @ 2018-02-21 15:55 UTC (permalink / raw) To: Peter Zijlstra Cc: David Woodhouse, hpa, luto, arjan, tglx, dan.j.williams, torvalds, gregkh, bp, linux-kernel, dave.hansen, jpoimboe, linux-tip-commits * Peter Zijlstra <peterz@infradead.org> wrote: > On Wed, Feb 21, 2018 at 01:53:57PM +0100, Peter Zijlstra wrote: > > That's because this crossed with the llvm cruft, right? I'll have a > > look. > > Best I could come up with that seems to work is something like the > below. Ingo, can you backmerge or stuff on top as appropriate? I backmerged/reordered and made the v2 patch below out of it. Does this look good to everyone? Thanks, Ingo =======================> >From d5028ba8ee5a18c9d0bb926d883c28b370f89009 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz@infradead.org> Date: Tue, 6 Feb 2018 09:46:13 +0100 Subject: [PATCH] objtool, retpolines: Integrate objtool with retpoline support more closely Disable retpoline validation in objtool if your compiler sucks, and otherwise select the validation stuff for CONFIG_RETPOLINE=y (most builds would already have it set due to ORC). Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> --- Makefile | 5 +++++ arch/x86/Kconfig | 1 + arch/x86/Makefile | 10 +++------- scripts/Makefile.build | 2 ++ 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 79ad2bfa24b6..3dfce4d2f25d 100644 --- a/Makefile +++ b/Makefile @@ -489,6 +489,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) endif +RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +export RETPOLINE_CFLAGS + ifeq ($(config-targets),1) # =========================================================================== # *config targets only - make sure prerequisites are updated, and descend diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 63bf349b2b24..c1aed6c0e413 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -436,6 +436,7 @@ config GOLDFISH config RETPOLINE bool "Avoid speculative indirect branches in kernel" default y + select STACK_VALIDATION if HAVE_STACK_VALIDATION help Compile kernel with the retpoline compiler options to guard against kernel-to-user data leaks by avoiding speculative indirect diff --git a/arch/x86/Makefile b/arch/x86/Makefile index dbc7d0ed2eaa..498c1b812300 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -232,13 +232,9 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables # Avoid indirect branches in kernel to deal with Spectre ifdef CONFIG_RETPOLINE - RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register - RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk - - RETPOLINE_CFLAGS += $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) - ifneq ($(RETPOLINE_CFLAGS),) - KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE - endif +ifneq ($(RETPOLINE_CFLAGS),) + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE +endif endif archscripts: scripts_basic diff --git a/scripts/Makefile.build b/scripts/Makefile.build index ce0fc4dd68c6..4f2b25d43ec9 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -267,8 +267,10 @@ else objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) endif ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_CFLAGS),) objtool_args += --retpoline endif +endif ifdef CONFIG_MODVERSIONS ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-02-21 15:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <tip-b4879c9b99a43e6c580d563f292a569a016af2a4@git.kernel.org>
2018-02-21 10:59 ` [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely David Woodhouse
2018-02-21 12:53 ` Peter Zijlstra
2018-02-21 13:12 ` Peter Zijlstra
2018-02-21 15:55 ` [PATCH v2] " Ingo Molnar
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).