From: Peter Zijlstra <peterz@infradead.org>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Michal Marek <mmarek@suse.cz>, Andy Lutomirski <luto@kernel.org>,
Borislav Petkov <bp@alien8.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andi Kleen <andi@firstfloor.org>, Pedro Alves <palves@redhat.com>,
x86@kernel.org, live-patching@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v7 2/4] x86/stackvalidate: Compile-time stack validation
Date: Tue, 14 Jul 2015 23:08:58 +0200 [thread overview]
Message-ID: <20150714210858.GP19282@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <c6ce1f45365e13dad73d4a04e100921b79794690.1436893563.git.jpoimboe@redhat.com>
On Tue, Jul 14, 2015 at 12:14:08PM -0500, Josh Poimboeuf wrote:
> This adds a CONFIG_STACK_VALIDATION option which enables a host tool
> named stackvalidate which runs at compile time. It analyzes every .o
> file and ensures the validity of its stack metadata. It enforces a set
> of rules on asm code and C inline assembly code so that stack traces can
> be reliable.
>
> Currently it checks frame pointer usage. I plan to add DWARF CFI
> validation as well.
>
> For each function, it recursively follows all possible code paths and
> validates the correct frame pointer state at each instruction.
>
> It also follows code paths involving special sections, like
> .altinstructions, __jump_table, and __ex_table, which can add
> alternative execution paths to a given instruction (or set of
> instructions). Similarly, it knows how to follow switch statements, for
> which gcc sometimes uses jump tables.
>
> To achieve the validation, stackvalidate enforces the following rules:
>
> 1. Each callable function must be annotated as such with the ELF
> function type. In asm code, this is typically done using the
> ENTRY/ENDPROC macros. If stackvalidate finds a return instruction
> outside of a function, it flags an error since that usually indicates
> callable code which should be annotated accordingly.
>
> 2. Conversely, each section of code which is *not* callable should *not*
> be annotated as an ELF function. The ENDPROC macro shouldn't be used
> in this case.
>
> 3. Each callable function which calls another function must have the
> correct frame pointer logic, if required by CONFIG_FRAME_POINTER or
> the architecture's back chain rules. This can by done in asm code
> with the FRAME/ENDFRAME macros.
>
> 4. Dynamic jumps and jumps to undefined symbols are only allowed if:
>
> a) the jump is part of a switch statement; or
>
> b) the jump matches sibling call semantics and the frame pointer has
> the same value it had on function entry.
>
> 5. A callable function may not execute kernel entry/exit instructions.
> The only code which needs such instructions is kernel entry code,
> which shouldn't be in callable functions anyway.
How (if it does at all) deal with function-trace / -pg -fprofile-arcs
things? Does it silently ignore the __mcount calls and assumes ftrace
knows wtf its doing? ;-)
next prev parent reply other threads:[~2015-07-14 21:09 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-14 17:14 [PATCH v7 0/4] Compile-time stack validation Josh Poimboeuf
2015-07-14 17:14 ` [PATCH v7 1/4] x86/asm: Frame pointer macro cleanup Josh Poimboeuf
2015-07-14 17:14 ` [PATCH v7 2/4] x86/stackvalidate: Compile-time stack validation Josh Poimboeuf
2015-07-14 20:57 ` Peter Zijlstra
2015-07-14 21:11 ` Josh Poimboeuf
2015-07-14 21:08 ` Peter Zijlstra [this message]
2015-07-14 21:30 ` Josh Poimboeuf
2015-07-14 21:56 ` Peter Zijlstra
2015-07-14 22:32 ` Josh Poimboeuf
2015-07-20 16:53 ` Namhyung Kim
2015-07-20 17:50 ` Josh Poimboeuf
2015-07-21 8:02 ` Ingo Molnar
2015-07-21 12:04 ` Josh Poimboeuf
2015-07-21 8:42 ` Bernd Petrovitsch
2015-07-21 12:06 ` Josh Poimboeuf
2015-07-14 17:14 ` [PATCH v7 3/4] x86/stackvalidate: Add file and directory ignores Josh Poimboeuf
2015-07-14 17:14 ` [PATCH v7 4/4] x86/stackvalidate: Add ignore macros Josh Poimboeuf
2015-07-14 17:25 ` [PATCH v7 0/4] Compile-time stack validation Josh Poimboeuf
2015-07-15 10:16 ` Ingo Molnar
2015-07-15 16:05 ` Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 00/21] x86: Proposed fixes for stackvalidate warnings Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 01/21] stackvalidate: Process ignores earlier and add more ignore checks Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 02/21] stackvalidate: Add C version of STACKVALIDATE_IGNORE_INSN Josh Poimboeuf
2015-07-18 14:56 ` Borislav Petkov
2015-07-18 16:00 ` Josh Poimboeuf
[not found] ` <CA+55aFyoO75n-mQBrB_YBLx9yNpAjisFAqkO8+YsphD-xmgY+w@mail.gmail.com>
2015-07-18 16:40 ` Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 03/21] x86/asm: Add C versions of FRAME and ENDFRAME macros Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 04/21] x86/hweight: Add stack frame dependency for __arch_hweight*() Josh Poimboeuf
2015-07-17 17:17 ` Borislav Petkov
2015-07-17 17:32 ` Josh Poimboeuf
2015-07-18 5:05 ` Borislav Petkov
2015-07-18 13:44 ` Josh Poimboeuf
2015-07-18 14:56 ` Borislav Petkov
2015-07-18 15:57 ` Josh Poimboeuf
2015-07-19 4:12 ` Borislav Petkov
2015-07-22 0:13 ` Andy Lutomirski
2015-07-22 4:25 ` Borislav Petkov
2015-07-22 4:39 ` Andy Lutomirski
2015-07-22 4:45 ` Borislav Petkov
2015-07-17 16:47 ` [RFC PATCH 05/21] x86/xen: Add stack frame dependency to hypercall inline asm calls Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 06/21] x86/paravirt: Add stack frame dependency to PVOP " Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 07/21] x86/paravirt: Fix frame pointer usage in PV_CALLEE_SAVE_REGS_THUNK Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 08/21] x86/paravirt: Align paravirt thunk functions at 16-byte boundaries Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 09/21] x86/amd: Set ELF function type for vide() Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 10/21] x86/reboot: Add ljmp instructions to stackvalidate whitelist Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 11/21] x86/xen: Add xen_cpuid() and xen_setup_gdt() to stackvalidate whitelists Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 12/21] sched: Add __schedule() to stackvalidate whitelist Josh Poimboeuf
2015-07-17 19:46 ` Peter Zijlstra
2015-07-17 19:58 ` Andy Lutomirski
2015-07-17 21:03 ` Peter Zijlstra
2015-07-17 21:23 ` Josh Poimboeuf
2015-07-18 3:44 ` Ingo Molnar
2015-07-17 16:47 ` [RFC PATCH 13/21] x86/asm/crypto: Fix frame pointer usage in aesni-intel_asm.S Josh Poimboeuf
2015-07-17 19:43 ` Ingo Molnar
2015-07-17 19:44 ` Andy Lutomirski
2015-07-17 20:37 ` Josh Poimboeuf
2015-07-17 20:39 ` Andy Lutomirski
2015-07-17 20:44 ` Josh Poimboeuf
2015-07-17 20:46 ` Andy Lutomirski
2015-07-17 20:59 ` Josh Poimboeuf
2015-07-17 21:01 ` Andy Lutomirski
2015-07-17 21:10 ` Josh Poimboeuf
2015-07-18 8:42 ` Borislav Petkov
2015-07-18 13:46 ` Josh Poimboeuf
2015-07-18 14:25 ` Borislav Petkov
2015-07-18 15:40 ` Josh Poimboeuf
2015-07-18 2:51 ` Ingo Molnar
2015-07-18 3:56 ` Josh Poimboeuf
2015-07-20 7:56 ` Ingo Molnar
2015-07-20 13:59 ` Josh Poimboeuf
2015-07-20 17:21 ` Ingo Molnar
2015-07-20 18:00 ` Josh Poimboeuf
2015-07-22 11:52 ` Josh Poimboeuf
2015-07-20 15:30 ` Andy Lutomirski
2015-07-20 16:36 ` Josh Poimboeuf
2015-07-20 16:52 ` Peter Zijlstra
2015-07-20 17:19 ` Josh Poimboeuf
2015-07-21 8:00 ` Ingo Molnar
2015-07-21 12:06 ` Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 14/21] x86/asm/crypto: Move .Lbswap_mask data to .rodata section Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 15/21] x86/asm/crypto: Move jump_table " Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 16/21] x86/asm/crypto: Fix frame pointer usage in clmul_ghash_mul/update() Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 17/21] x86/asm/entry: Fix frame pointer usage in thunk functions Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 18/21] x86/asm/acpi: Fix frame pointer usage in do_suspend_lowlevel() Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 19/21] x86/asm: Fix frame pointer usage in rwsem functions Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 20/21] x86/asm/efi: Fix frame pointer usage in efi_call() Josh Poimboeuf
2015-07-17 16:47 ` [RFC PATCH 21/21] x86/asm/power: Fix frame pointer usage in hibernate_asm_64.S Josh Poimboeuf
2015-07-17 18:56 ` [RFC PATCH 00/21] x86: Proposed fixes for stackvalidate warnings Andy Lutomirski
2015-07-18 3:05 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150714210858.GP19282@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=andi@firstfloor.org \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=mmarek@suse.cz \
--cc=palves@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.