From: Kees Cook <keescook@chromium.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Peter Zijlstra <peterz@infradead.org>, X86 ML <x86@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Lai Jiangshan <jiangshanlai@gmail.com>
Subject: Re: [PATCH v2 3/6] x86/cpu: Remove CONFIG_X86_SMAP and "nosmap"
Date: Tue, 8 Feb 2022 18:56:40 -0800 [thread overview]
Message-ID: <202202081854.90ABA52F@keescook> (raw)
In-Reply-To: <YgLaERuGcefANHNi@zn.tnic>
On Tue, Feb 08, 2022 at 10:01:05PM +0100, Borislav Petkov wrote:
> On Tue, Feb 08, 2022 at 04:06:52PM +0100, Borislav Petkov wrote:
> > Hmm, I think you're right.
> >
> > Mr. Z?
>
> He says yes.
>
> Ok, that was a good catch, thanks!
>
> This chunk looks now like this - I'll send a new version later.
>
> ---
> diff --git a/scripts/Makefile.build b/scripts/Makefile.build
> index a4b89b757287..404ea669ecca 100644
> --- a/scripts/Makefile.build
> +++ b/scripts/Makefile.build
> @@ -233,7 +233,7 @@ objtool_args = \
> $(if $(CONFIG_FRAME_POINTER),, --no-fp) \
> $(if $(CONFIG_GCOV_KERNEL)$(CONFIG_LTO_CLANG), --no-unreachable)\
> $(if $(CONFIG_RETPOLINE), --retpoline) \
> - $(if $(CONFIG_X86_SMAP), --uaccess) \
> + --uaccess \
> $(if $(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL), --mcount) \
> $(if $(CONFIG_SLS), --sls)
>
> diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
> index 666f7bbc13eb..0fcba46fc10f 100755
> --- a/scripts/link-vmlinux.sh
> +++ b/scripts/link-vmlinux.sh
> @@ -106,7 +106,7 @@ modpost_link()
> objtool_link()
> {
> local objtoolcmd;
> - local objtoolopt;
> + local objtoolopt="--uaccess"
>
> if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then
> # Don't perform vmlinux validation unless explicitly requested,
> @@ -140,9 +140,6 @@ objtool_link()
> if is_enabled CONFIG_RETPOLINE; then
> objtoolopt="${objtoolopt} --retpoline"
> fi
> - if is_enabled CONFIG_X86_SMAP; then
> - objtoolopt="${objtoolopt} --uaccess"
> - fi
> if is_enabled CONFIG_SLS; then
> objtoolopt="${objtoolopt} --sls"
> fi
Cool; yeah, that's kind of what I was expecting. I have a knee-jerk "I
don't want to touch this again later" reaction to seeing it always
applied instead of gated by CONFIG_X86 or something, but then, I doubt
that'll be hard to change when/if objtool becomes multi-architecture.
Consider the update as:
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
next prev parent reply other threads:[~2022-02-09 3:08 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-27 11:56 [PATCH v2 0/6] x86/cpu: Do some janitorial work Borislav Petkov
2022-01-27 11:56 ` [PATCH v2 1/6] x86/cpu: Allow feature bit names from /proc/cpuinfo in clearcpuid= Borislav Petkov
2022-02-07 22:04 ` Kees Cook
2022-02-08 11:54 ` Borislav Petkov
2022-04-04 18:22 ` [tip: x86/cpu] " tip-bot2 for Borislav Petkov
2022-01-27 11:56 ` [PATCH v2 2/6] x86/cpu: Remove "nosep" Borislav Petkov
2022-02-07 21:58 ` Kees Cook
2022-04-04 18:22 ` [tip: x86/cpu] " tip-bot2 for Borislav Petkov
2022-01-27 11:56 ` [PATCH v2 3/6] x86/cpu: Remove CONFIG_X86_SMAP and "nosmap" Borislav Petkov
2022-02-07 22:07 ` Kees Cook
2022-02-08 15:06 ` Borislav Petkov
2022-02-08 21:01 ` Borislav Petkov
2022-02-09 2:56 ` Kees Cook [this message]
2022-02-09 11:53 ` Borislav Petkov
2022-04-04 18:22 ` [tip: x86/cpu] " tip-bot2 for Borislav Petkov
2022-01-27 11:56 ` [PATCH v2 4/6] x86/cpu: Remove "nosmep" Borislav Petkov
2022-02-07 22:07 ` Kees Cook
2022-04-04 18:22 ` [tip: x86/cpu] " tip-bot2 for Borislav Petkov
2022-01-27 11:56 ` [PATCH v2 5/6] x86/cpu: Remove "noexec" Borislav Petkov
2022-02-07 22:25 ` Kees Cook
2022-02-08 17:40 ` Sean Christopherson
2022-02-08 19:56 ` Borislav Petkov
2022-04-04 18:22 ` [tip: x86/cpu] " tip-bot2 for Borislav Petkov
2022-01-27 11:56 ` [PATCH v2 6/6] x86/cpu: Remove "noclflush" Borislav Petkov
2022-02-07 22:08 ` Kees Cook
2022-04-04 18:22 ` [tip: x86/cpu] " tip-bot2 for Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202202081854.90ABA52F@keescook \
--to=keescook@chromium.org \
--cc=bp@alien8.de \
--cc=jiangshanlai@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.