* Re: [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely
[not found] <tip-b4879c9b99a43e6c580d563f292a569a016af2a4@git.kernel.org>
@ 2018-02-21 10:59 ` David Woodhouse
2018-02-21 12:53 ` Peter Zijlstra
0 siblings, 1 reply; 4+ messages in thread
From: David Woodhouse @ 2018-02-21 10:59 UTC (permalink / raw)
To: peterz, hpa, luto, arjan, tglx, dan.j.williams, torvalds, gregkh,
mingo, bp, linux-kernel, dave.hansen, jpoimboe,
linux-tip-commits
[-- Attachment #1: Type: text/plain, Size: 473 bytes --]
On Wed, 2018-02-21 at 02:34 -0800, tip-bot for Peter Zijlstra wrote:
>
> --- a/Makefile
> +++ b/Makefile
> @@ -489,6 +489,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
> KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
> endif
>
> +ifneq ($(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register),)
> + CC_HAS_RETPOLINE := 1
> +endif
> +export CC_HAS_RETPOLINE
> +
That isn't the same as the check in arch/x86/Makefile.
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5213 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely
2018-02-21 10:59 ` [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely David Woodhouse
@ 2018-02-21 12:53 ` Peter Zijlstra
2018-02-21 13:12 ` Peter Zijlstra
0 siblings, 1 reply; 4+ messages in thread
From: Peter Zijlstra @ 2018-02-21 12:53 UTC (permalink / raw)
To: David Woodhouse
Cc: hpa, luto, arjan, tglx, dan.j.williams, torvalds, gregkh, mingo,
bp, linux-kernel, dave.hansen, jpoimboe, linux-tip-commits
On Wed, Feb 21, 2018 at 10:59:14AM +0000, David Woodhouse wrote:
> On Wed, 2018-02-21 at 02:34 -0800, tip-bot for Peter Zijlstra wrote:
> >
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -489,6 +489,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
> > KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
> > endif
> >
> > +ifneq ($(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register),)
> > + CC_HAS_RETPOLINE := 1
> > +endif
> > +export CC_HAS_RETPOLINE
> > +
>
> That isn't the same as the check in arch/x86/Makefile.
That's because this crossed with the llvm cruft, right? I'll have a
look.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely
2018-02-21 12:53 ` Peter Zijlstra
@ 2018-02-21 13:12 ` Peter Zijlstra
2018-02-21 15:55 ` [PATCH v2] " Ingo Molnar
0 siblings, 1 reply; 4+ messages in thread
From: Peter Zijlstra @ 2018-02-21 13:12 UTC (permalink / raw)
To: David Woodhouse
Cc: hpa, luto, arjan, tglx, dan.j.williams, torvalds, gregkh, mingo,
bp, linux-kernel, dave.hansen, jpoimboe, linux-tip-commits
On Wed, Feb 21, 2018 at 01:53:57PM +0100, Peter Zijlstra wrote:
> That's because this crossed with the llvm cruft, right? I'll have a
> look.
Best I could come up with that seems to work is something like the
below. Ingo, can you backmerge or stuff on top as appropriate?
---
Makefile | 8 ++++----
arch/x86/Makefile | 10 +++-------
scripts/Makefile.build | 2 +-
3 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/Makefile b/Makefile
index e1a155a50fdc..3aa0a115eafb 100644
--- a/Makefile
+++ b/Makefile
@@ -489,10 +489,10 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
endif
-ifneq ($(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register),)
- CC_HAS_RETPOLINE := 1
-endif
-export CC_HAS_RETPOLINE
+RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
+RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
+RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
+export RETPOLINE_CFLAGS
ifeq ($(config-targets),1)
# ===========================================================================
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index dbc7d0ed2eaa..498c1b812300 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -232,13 +232,9 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
# Avoid indirect branches in kernel to deal with Spectre
ifdef CONFIG_RETPOLINE
- RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
- RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
-
- RETPOLINE_CFLAGS += $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
- ifneq ($(RETPOLINE_CFLAGS),)
- KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
- endif
+ifneq ($(RETPOLINE_CFLAGS),)
+ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
+endif
endif
archscripts: scripts_basic
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 07e5802e324b..4f2b25d43ec9 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -267,7 +267,7 @@ else
objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable)
endif
ifdef CONFIG_RETPOLINE
-ifdef CC_HAS_RETPOLINE
+ifneq ($(RETPOLINE_CFLAGS),)
objtool_args += --retpoline
endif
endif
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2] objtool, retpolines: Integrate objtool with retpoline support more closely
2018-02-21 13:12 ` Peter Zijlstra
@ 2018-02-21 15:55 ` Ingo Molnar
0 siblings, 0 replies; 4+ messages in thread
From: Ingo Molnar @ 2018-02-21 15:55 UTC (permalink / raw)
To: Peter Zijlstra
Cc: David Woodhouse, hpa, luto, arjan, tglx, dan.j.williams,
torvalds, gregkh, bp, linux-kernel, dave.hansen, jpoimboe,
linux-tip-commits
* Peter Zijlstra <peterz@infradead.org> wrote:
> On Wed, Feb 21, 2018 at 01:53:57PM +0100, Peter Zijlstra wrote:
> > That's because this crossed with the llvm cruft, right? I'll have a
> > look.
>
> Best I could come up with that seems to work is something like the
> below. Ingo, can you backmerge or stuff on top as appropriate?
I backmerged/reordered and made the v2 patch below out of it.
Does this look good to everyone?
Thanks,
Ingo
=======================>
>From d5028ba8ee5a18c9d0bb926d883c28b370f89009 Mon Sep 17 00:00:00 2001
From: Peter Zijlstra <peterz@infradead.org>
Date: Tue, 6 Feb 2018 09:46:13 +0100
Subject: [PATCH] objtool, retpolines: Integrate objtool with retpoline support more closely
Disable retpoline validation in objtool if your compiler sucks, and otherwise
select the validation stuff for CONFIG_RETPOLINE=y (most builds would already
have it set due to ORC).
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
Makefile | 5 +++++
arch/x86/Kconfig | 1 +
arch/x86/Makefile | 10 +++-------
scripts/Makefile.build | 2 ++
4 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/Makefile b/Makefile
index 79ad2bfa24b6..3dfce4d2f25d 100644
--- a/Makefile
+++ b/Makefile
@@ -489,6 +489,11 @@ KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC)
endif
+RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
+RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
+RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
+export RETPOLINE_CFLAGS
+
ifeq ($(config-targets),1)
# ===========================================================================
# *config targets only - make sure prerequisites are updated, and descend
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 63bf349b2b24..c1aed6c0e413 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -436,6 +436,7 @@ config GOLDFISH
config RETPOLINE
bool "Avoid speculative indirect branches in kernel"
default y
+ select STACK_VALIDATION if HAVE_STACK_VALIDATION
help
Compile kernel with the retpoline compiler options to guard against
kernel-to-user data leaks by avoiding speculative indirect
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index dbc7d0ed2eaa..498c1b812300 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -232,13 +232,9 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
# Avoid indirect branches in kernel to deal with Spectre
ifdef CONFIG_RETPOLINE
- RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
- RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
-
- RETPOLINE_CFLAGS += $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
- ifneq ($(RETPOLINE_CFLAGS),)
- KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
- endif
+ifneq ($(RETPOLINE_CFLAGS),)
+ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
+endif
endif
archscripts: scripts_basic
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index ce0fc4dd68c6..4f2b25d43ec9 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -267,8 +267,10 @@ else
objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable)
endif
ifdef CONFIG_RETPOLINE
+ifneq ($(RETPOLINE_CFLAGS),)
objtool_args += --retpoline
endif
+endif
ifdef CONFIG_MODVERSIONS
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-02-21 15:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <tip-b4879c9b99a43e6c580d563f292a569a016af2a4@git.kernel.org>
2018-02-21 10:59 ` [tip:x86/pti] objtool, retpolines: Integrate objtool with retpoline support more closely David Woodhouse
2018-02-21 12:53 ` Peter Zijlstra
2018-02-21 13:12 ` Peter Zijlstra
2018-02-21 15:55 ` [PATCH v2] " Ingo Molnar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).