From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org
Cc: linux-kernel@vger.kernel.org, live-patching@vger.kernel.org,
Michal Marek <mmarek@suse.cz>,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andi Kleen <andi@firstfloor.org>, Pedro Alves <palves@redhat.com>,
Namhyung Kim <namhyung@gmail.com>,
Bernd Petrovitsch <bernd@petrovitsch.priv.at>,
Chris J Arges <chris.j.arges@canonical.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jiri Slaby <jslaby@suse.cz>,
Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: [PATCH v19 00/10] Compile-time stack metadata validation
Date: Sun, 28 Feb 2016 22:22:33 -0600 [thread overview]
Message-ID: <cover.1456719558.git.jpoimboe@redhat.com> (raw)
This is v19 of the compile-time stack metadata validation patch set.
It's based on tip:core/objtool.
v18 can be found here:
https://lkml.kernel.org/r/cover.1456440439.git.jpoimboe@redhat.com
For more information about the motivation behind this patch set, and
more details about what it does, see the patch 8 changelog and
tools/objtool/Documentation/stack-validation.txt.
Patches 1-7 mark various directories, files, and functions as
"non-standard" in preparation for objtool.
Patches 8-10 add objtool and integrate it into the kernel build.
v19:
- add support for CONFIG_GCOV_KERNEL, CONFIG_KASAN, CONFIG_UBSAN
- always inline context_switch() to prevent gcov inline changes
- add main() return value in objtool.c
- change warning output format to mimic gcc warnings
v18:
- include/linux/objtool.h -> include/linux/frame.h
- __objtool_ignore_func -> __func_stack_frame_non_standard
- reword commit messages and comments a bit
- reorder patches
v17:
- __ex_table fix
- rename stacktool -> objtool
- STACKTOOL_IGNORE_FUNCTION -> STACK_FRAME_NON_STANDARD
- 'STACKTOOL := n' -> 'OBJECT_FILES_NON_STANDARD := y'
- updated global_noreturns list
v16:
- fix all allyesconfig warnings, except for staging
- get rid of STACKTOOL_IGNORE_INSN which is no longer needed
- remove several whitelists in favor of automatically whitelisting any
function with a special instruction like ljmp, lret, or vmrun
- split up stacktool patch into 3 parts as suggested by Ingo
- update the global noreturn function list
- detect noreturn function fallthroughs
- skip weak functions in noreturn call detection logic
- add empty function check to noreturn logic
- allow non-section rela symbols for __ex_table sections
- support rare switch table case with jmpq *[addr](%rip)
- don't warn on frame pointer restore without save
- rearrange patch order a bit
v15:
- restructure code for a new cmdline interface "stacktool check" using
the new subcommand framework in tools/lib/subcmd
- fix 32 bit build fail (put __sp at end) in paravirt_types.h patch 10
which was reported by 0day
v14:
- make tools/include/linux/list.h self-sufficient
- create FRAME_OFFSET to allow 32-bit code to be able to access function
arguments on the stack
- add FRAME_OFFSET usage in crypto patch 14/24: "Create stack frames in
aesni-intel_asm.S"
- rename "index" -> "idx" to fix build with some compilers
v13:
- LDFLAGS order fix from Chris J Arges
- new warning fix patches from Chris J Arges
- "--frame-pointer" -> "--check-frame-pointer"
v12:
- rename "stackvalidate" -> "stacktool"
- move from scripts/ to tools/:
- makefile rework
- make a copy of the x86 insn code (and warn if the code diverges)
- use tools/include/linux/list.h
- move warning macros to a new warn.h file
- change wording: "stack validation" -> "stack metadata validation"
v11:
- attempt to answer the "why" question better in the documentation and
commit message
- s/FP_SAVE/FRAME_BEGIN/ in documentation
v10:
- add scripts/mod to directory ignores
- remove circular dependencies for ignored objects which are built
before stackvalidate
- fix CONFIG_MODVERSIONS incompatibility
v9:
- rename FRAME/ENDFRAME -> FRAME_BEGIN/FRAME_END
- fix jump table issue for when the original instruction is a jump
- drop paravirt thunk alignment patch
- add maintainers to CC for proposed warning fixes
v8:
- add proposed fixes for warnings
- fix all memory leaks
- process ignores earlier and add more ignore checks
- always assume POPCNT alternative is enabled
- drop hweight inline asm fix
- drop __schedule() ignore patch
- change .Ltemp_\@ to .Lstackvalidate_ignore_\@ in asm macro
- fix CONFIG_* checks in asm macros
- add C versions of ignore macros and frame macros
- change ";" to "\n" in C macros
- add ifdef CONFIG_STACK_VALIDATION checks in C ignore macros
- use numbered label in C ignore macro
- add missing break in switch case statement in arch-x86.c
v7:
- sibling call support
- document proposed solution for inline asm() frame pointer issues
- say "kernel entry/exit" instead of "context switch"
- clarify the checking of switch statement jump tables
- discard __stackvalidate_ignore_* sections in linker script
- use .Ltemp_\@ to get a unique label instead of static 3-digit number
- change STACKVALIDATE_IGNORE_FUNC variable to a static
- move STACKVALIDATE_IGNORE_INSN to arch-specific .h file
v6:
- rename asmvalidate -> stackvalidate (again)
- gcc-generated object file support
- recursive branch state analysis
- external jump support
- fixup/exception table support
- jump label support
- switch statement jump table support
- added documentation
- detection of "noreturn" dead end functions
- added a Kbuild mechanism for skipping files and dirs
- moved frame pointer macros to arch/x86/include/asm/frame.h
- moved ignore macros to include/linux/stackvalidate.h
v5:
- stackvalidate -> asmvalidate
- frame pointers only required for non-leaf functions
- check for the use of the FP_SAVE/RESTORE macros instead of manually
analyzing code to detect frame pointer usage
- additional checks to ensure each function doesn't leave its boundaries
- make the macros simpler and more flexible
- support for analyzing ALTERNATIVE macros
- simplified the arch interfaces in scripts/asmvalidate/arch.h
- fixed some asmvalidate warnings
- rebased onto latest tip asm cleanups
- many more small changes
v4:
- Changed the default to CONFIG_STACK_VALIDATION=n, until all the asm
code can get cleaned up.
- Fixed a stackvalidate error path exit code issue found by Michal
Marek.
v3:
- Added a patch to make the push/pop CFI macros arch-independent, as
suggested by H. Peter Anvin
v2:
- Fixed memory leaks reported by Petr Mladek
Cc: linux-kernel@vger.kernel.org
Cc: live-patching@vger.kernel.org
Cc: Michal Marek <mmarek@suse.cz>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Pedro Alves <palves@redhat.com>
Cc: Namhyung Kim <namhyung@gmail.com>
Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
Cc: Chris J Arges <chris.j.arges@canonical.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Josh Poimboeuf (10):
objtool: Mark non-standard files and directories
objtool: Add STACK_FRAME_NON_STANDARD macro
x86/xen: Mark xen_cpuid() stack frame as non-standard
bpf: Mark __bpf_prog_run() stack frame as non-standard
sched: Mark __schedule() stack frame as non-standard
sched: always inline context_switch()
x86/kprobes: Mark kretprobe_trampoline() stack frame as non-standard
objtool: Compile-time stack metadata validation
objtool: Add CONFIG_STACK_VALIDATION option
objtool: Enable stack metadata validation on x86_64
MAINTAINERS | 5 +
Makefile | 5 +-
arch/Kconfig | 6 +
arch/x86/Kconfig | 1 +
arch/x86/boot/Makefile | 3 +-
arch/x86/boot/compressed/Makefile | 3 +-
arch/x86/entry/Makefile | 4 +
arch/x86/entry/vdso/Makefile | 6 +-
arch/x86/kernel/Makefile | 11 +-
arch/x86/kernel/kprobes/core.c | 2 +
arch/x86/kernel/vmlinux.lds.S | 5 +-
arch/x86/platform/efi/Makefile | 2 +
arch/x86/purgatory/Makefile | 2 +
arch/x86/realmode/Makefile | 4 +-
arch/x86/realmode/rm/Makefile | 3 +-
arch/x86/xen/enlighten.c | 3 +-
drivers/firmware/efi/libstub/Makefile | 1 +
include/linux/frame.h | 23 +
kernel/bpf/core.c | 2 +
kernel/sched/core.c | 4 +-
lib/Kconfig.debug | 12 +
scripts/Makefile.build | 39 +-
scripts/mod/Makefile | 2 +
tools/Makefile | 14 +-
tools/objtool/.gitignore | 2 +
tools/objtool/Build | 13 +
tools/objtool/Documentation/stack-validation.txt | 342 +++++++
tools/objtool/Makefile | 60 ++
tools/objtool/arch.h | 44 +
tools/objtool/arch/x86/Build | 12 +
tools/objtool/arch/x86/decode.c | 172 ++++
tools/objtool/arch/x86/insn/gen-insn-attr-x86.awk | 387 ++++++++
tools/objtool/arch/x86/insn/inat.c | 97 ++
tools/objtool/arch/x86/insn/inat.h | 221 +++++
tools/objtool/arch/x86/insn/inat_types.h | 29 +
tools/objtool/arch/x86/insn/insn.c | 594 ++++++++++++
tools/objtool/arch/x86/insn/insn.h | 201 ++++
tools/objtool/arch/x86/insn/x86-opcode-map.txt | 984 +++++++++++++++++++
tools/objtool/builtin-check.c | 1072 +++++++++++++++++++++
tools/objtool/builtin.h | 22 +
tools/objtool/elf.c | 403 ++++++++
tools/objtool/elf.h | 79 ++
tools/objtool/objtool.c | 136 +++
tools/objtool/special.c | 193 ++++
tools/objtool/special.h | 42 +
tools/objtool/warn.h | 60 ++
46 files changed, 5304 insertions(+), 23 deletions(-)
create mode 100644 include/linux/frame.h
create mode 100644 tools/objtool/.gitignore
create mode 100644 tools/objtool/Build
create mode 100644 tools/objtool/Documentation/stack-validation.txt
create mode 100644 tools/objtool/Makefile
create mode 100644 tools/objtool/arch.h
create mode 100644 tools/objtool/arch/x86/Build
create mode 100644 tools/objtool/arch/x86/decode.c
create mode 100644 tools/objtool/arch/x86/insn/gen-insn-attr-x86.awk
create mode 100644 tools/objtool/arch/x86/insn/inat.c
create mode 100644 tools/objtool/arch/x86/insn/inat.h
create mode 100644 tools/objtool/arch/x86/insn/inat_types.h
create mode 100644 tools/objtool/arch/x86/insn/insn.c
create mode 100644 tools/objtool/arch/x86/insn/insn.h
create mode 100644 tools/objtool/arch/x86/insn/x86-opcode-map.txt
create mode 100644 tools/objtool/builtin-check.c
create mode 100644 tools/objtool/builtin.h
create mode 100644 tools/objtool/elf.c
create mode 100644 tools/objtool/elf.h
create mode 100644 tools/objtool/objtool.c
create mode 100644 tools/objtool/special.c
create mode 100644 tools/objtool/special.h
create mode 100644 tools/objtool/warn.h
--
2.4.3
next reply other threads:[~2016-02-29 4:24 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 4:22 Josh Poimboeuf [this message]
2016-02-29 4:22 ` [PATCH v19 01/10] objtool: Mark non-standard files and directories Josh Poimboeuf
2016-02-29 10:58 ` [tip:core/objtool] objtool: Mark non-standard object " tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 02/10] objtool: Add STACK_FRAME_NON_STANDARD macro Josh Poimboeuf
2016-02-29 10:58 ` [tip:core/objtool] objtool: Add STACK_FRAME_NON_STANDARD() macro tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 03/10] x86/xen: Mark xen_cpuid() stack frame as non-standard Josh Poimboeuf
2016-02-29 10:59 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 04/10] bpf: Mark __bpf_prog_run() " Josh Poimboeuf
2016-02-29 10:59 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 05/10] sched: Mark __schedule() " Josh Poimboeuf
2016-02-29 10:59 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 06/10] sched: always inline context_switch() Josh Poimboeuf
2016-02-29 11:00 ` [tip:core/objtool] sched: Always " tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 07/10] x86/kprobes: Mark kretprobe_trampoline() stack frame as non-standard Josh Poimboeuf
2016-02-29 11:00 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 08/10] objtool: Compile-time stack metadata validation Josh Poimboeuf
2016-02-29 11:01 ` [tip:core/objtool] objtool: Add tool to perform compile-time " tip-bot for Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 09/10] objtool: Add CONFIG_STACK_VALIDATION option Josh Poimboeuf
2016-02-29 11:01 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-03 14:12 ` Sebastian Andrzej Siewior
2016-03-03 14:56 ` Josh Poimboeuf
2016-02-29 4:22 ` [PATCH v19 10/10] objtool: Enable stack metadata validation on x86_64 Josh Poimboeuf
2016-02-29 11:01 ` [tip:core/objtool] objtool: Enable stack metadata validation on 64-bit x86 tip-bot for Josh Poimboeuf
2016-03-08 10:37 ` [PATCH v19 00/10] Compile-time stack metadata validation Ingo Molnar
2016-03-08 12:29 ` Josh Poimboeuf
2016-03-08 13:44 ` Ingo Molnar
2016-03-08 14:21 ` Josh Poimboeuf
2016-03-08 15:15 ` Ingo Molnar
2016-03-08 15:49 ` Ingo Molnar
2016-03-09 6:06 ` [PATCH 00/11] Various objtool fixes Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 01/11] objtool: Prevent infinite recursion in noreturn detection Josh Poimboeuf
2016-03-09 11:42 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 02/11] objtool: Detect infinite recursion Josh Poimboeuf
2016-03-09 11:43 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 03/11] objtool: Compile with debugging symbols Josh Poimboeuf
2016-03-09 11:43 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 04/11] objtool: Fix false positive warnings related to sibling calls Josh Poimboeuf
2016-03-09 11:43 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 05/11] objtool: Add helper macros for traversing instructions Josh Poimboeuf
2016-03-09 11:44 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 06/11] objtool: Remove superflous INIT_LIST_HEAD Josh Poimboeuf
2016-03-09 11:44 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 07/11] objtool: Rename some variables and functions Josh Poimboeuf
2016-03-09 11:45 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 08/11] objtool: Fix false positive warnings for functions with multiple switch statements Josh Poimboeuf
2016-03-09 11:45 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:06 ` [PATCH 09/11] tools/objtool: Copy hashtable.h into tools directory Josh Poimboeuf
2016-03-09 9:47 ` Ingo Molnar
2016-03-09 16:09 ` Josh Poimboeuf
2016-03-09 18:39 ` Ingo Molnar
2016-03-09 11:45 ` [tip:core/objtool] tools: " tip-bot for Josh Poimboeuf
2016-03-09 6:07 ` [PATCH 10/11] objtool: Add several performance improvements Josh Poimboeuf
2016-03-09 11:46 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
2016-03-09 6:07 ` [PATCH 11/11] objtool: Only print one warning per function Josh Poimboeuf
2016-03-09 11:46 ` [tip:core/objtool] " tip-bot for Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1456719558.git.jpoimboe@redhat.com \
--to=jpoimboe@redhat.com \
--cc=acme@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=bernd@petrovitsch.priv.at \
--cc=bp@alien8.de \
--cc=chris.j.arges@canonical.com \
--cc=hpa@zytor.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=mmarek@suse.cz \
--cc=namhyung@gmail.com \
--cc=palves@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.