Patch "objtool: Allow alternatives to be ignored" has been added to the 4.9-stable tree

Patch "objtool: Allow alternatives to be ignored" has been added to the 4.9-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    objtool: Allow alternatives to be ignored

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     objtool-allow-alternatives-to-be-ignored.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 258c76059cece01bebae098e81bacb1af2edad17 Mon Sep 17 00:00:00 2001
From: Josh Poimboeuf <jpoimboe@redhat.com>
Date: Thu, 11 Jan 2018 21:46:24 +0000
Subject: objtool: Allow alternatives to be ignored

From: Josh Poimboeuf <jpoimboe@redhat.com>

commit 258c76059cece01bebae098e81bacb1af2edad17 upstream.

Getting objtool to understand retpolines is going to be a bit of a
challenge.  For now, take advantage of the fact that retpolines are
patched in with alternatives.  Just read the original (sane)
non-alternative instruction, and ignore the patched-in retpoline.

This allows objtool to understand the control flow *around* the
retpoline, even if it can't yet follow what's inside.  This means the
ORC unwinder will fail to unwind from inside a retpoline, but will work
fine otherwise.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-3-git-send-email-dwmw@amazon.co.uk
[dwmw2: Applies to tools/objtool/builtin-check.c not check.[ch]]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/objtool/builtin-check.c |   64 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 57 insertions(+), 7 deletions(-)

--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -51,7 +51,7 @@ struct instruction {
 	unsigned int len, state;
 	unsigned char type;
 	unsigned long immediate;
-	bool alt_group, visited;
+	bool alt_group, visited, ignore_alts;
 	struct symbol *call_dest;
 	struct instruction *jump_dest;
 	struct list_head alts;
@@ -353,6 +353,40 @@ static void add_ignores(struct objtool_f
 }
 
 /*
+ * FIXME: For now, just ignore any alternatives which add retpolines.  This is
+ * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline.
+ * But it at least allows objtool to understand the control flow *around* the
+ * retpoline.
+ */
+static int add_nospec_ignores(struct objtool_file *file)
+{
+	struct section *sec;
+	struct rela *rela;
+	struct instruction *insn;
+
+	sec = find_section_by_name(file->elf, ".rela.discard.nospec");
+	if (!sec)
+		return 0;
+
+	list_for_each_entry(rela, &sec->rela_list, list) {
+		if (rela->sym->type != STT_SECTION) {
+			WARN("unexpected relocation symbol type in %s", sec->name);
+			return -1;
+		}
+
+		insn = find_insn(file, rela->sym->sec, rela->addend);
+		if (!insn) {
+			WARN("bad .discard.nospec entry");
+			return -1;
+		}
+
+		insn->ignore_alts = true;
+	}
+
+	return 0;
+}
+
+/*
  * Find the destination instructions for all jumps.
  */
 static int add_jump_destinations(struct objtool_file *file)
@@ -435,11 +469,18 @@ static int add_call_destinations(struct
 			dest_off = insn->offset + insn->len + insn->immediate;
 			insn->call_dest = find_symbol_by_offset(insn->sec,
 								dest_off);
+			/*
+			 * FIXME: Thanks to retpolines, it's now considered
+			 * normal for a function to call within itself.  So
+			 * disable this warning for now.
+			 */
+#if 0
 			if (!insn->call_dest) {
 				WARN_FUNC("can't find call dest symbol at offset 0x%lx",
 					  insn->sec, insn->offset, dest_off);
 				return -1;
 			}
+#endif
 		} else if (rela->sym->type == STT_SECTION) {
 			insn->call_dest = find_symbol_by_offset(rela->sym->sec,
 								rela->addend+4);
@@ -601,12 +642,6 @@ static int add_special_section_alts(stru
 		return ret;
 
 	list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
-		alt = malloc(sizeof(*alt));
-		if (!alt) {
-			WARN("malloc failed");
-			ret = -1;
-			goto out;
-		}
 
 		orig_insn = find_insn(file, special_alt->orig_sec,
 				      special_alt->orig_off);
@@ -617,6 +652,10 @@ static int add_special_section_alts(stru
 			goto out;
 		}
 
+		/* Ignore retpoline alternatives. */
+		if (orig_insn->ignore_alts)
+			continue;
+
 		new_insn = NULL;
 		if (!special_alt->group || special_alt->new_len) {
 			new_insn = find_insn(file, special_alt->new_sec,
@@ -642,6 +681,13 @@ static int add_special_section_alts(stru
 				goto out;
 		}
 
+		alt = malloc(sizeof(*alt));
+		if (!alt) {
+			WARN("malloc failed");
+			ret = -1;
+			goto out;
+		}
+
 		alt->insn = new_insn;
 		list_add_tail(&alt->list, &orig_insn->alts);
 
@@ -861,6 +907,10 @@ static int decode_sections(struct objtoo
 
 	add_ignores(file);
 
+	ret = add_nospec_ignores(file);
+	if (ret)
+		return ret;
+
 	ret = add_jump_destinations(file);
 	if (ret)
 		return ret;


Patches currently in stable-queue which might be from jpoimboe@redhat.com are

queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch
queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch
queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch
queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch
queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch
queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch
queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch
queue-4.9/objtool-modules-discard-objtool-annotation-sections-for-modules.patch
queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch
queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch
queue-4.9/objtool-allow-alternatives-to-be-ignored.patch
queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch
queue-4.9/selftests-x86-add-test_vsyscall.patch
queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch
queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch
queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch
queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch
queue-4.9/x86-retpoline-remove-compile-time-warning.patch
queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

Re: Patch "objtool: Allow alternatives to be ignored" has been added to the 4.9-stable tree

[David Woodhouse]

[-- Attachment #1: Type: text/plain, Size: 690 bytes --]

On Mon, 2018-01-15 at 10:06 +0100, gregkh@linuxfoundation.org wrote:
> This is a note to let you know that I've just added the patch titled
> 
>     objtool: Allow alternatives to be ignored
> 
> to the 4.9-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      objtool-allow-alternatives-to-be-ignored.patch
> and it can be found in the queue-4.9 subdirectory.

Hm... they aren't being ignored entirely.

arch/x86/crypto/camellia-aesni-avx2-asm_64.o: warning: objtool: .altinstr_replacement+0xf: return instruction outside of a callable function

Josh?

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5213 bytes --]

Re: Patch "objtool: Allow alternatives to be ignored" has been added to the 4.9-stable tree

[Josh Poimboeuf]

On Mon, Jan 15, 2018 at 12:55:11PM +0100, David Woodhouse wrote:
> On Mon, 2018-01-15 at 10:06 +0100, gregkh@linuxfoundation.org wrote:
> > This is a note to let you know that I've just added the patch titled
> > 
> >     objtool: Allow alternatives to be ignored
> > 
> > to the 4.9-stable tree which can be found at:
> >     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> > 
> > The filename of the patch is:
> >      objtool-allow-alternatives-to-be-ignored.patch
> > and it can be found in the queue-4.9 subdirectory.
> 
> Hm... they aren't being ignored entirely.
> 
> arch/x86/crypto/camellia-aesni-avx2-asm_64.o: warning: objtool: .altinstr_replacement+0xf: return instruction outside of a callable function
> 
> Josh?

This should fix it (to be applied on top):

----

From: Josh Poimboeuf <jpoimboe@redhat.com>
Subject: [PATCH] objtool: Fix retpoline support for pre-ORC objtool

Objtool 1.0 (pre-ORC) produces the following warning when it encounters
a retpoline:

  arch/x86/crypto/camellia-aesni-avx2-asm_64.o: warning: objtool: .altinstr_replacement+0xf: return instruction outside of a callable function

That warning is meant to catch GCC bugs and missing ENTRY/ENDPROC
annotations, neither of which are applicable to alternatives.  Silence
the warning for alternative instructions, just like objtool 2.0 already
does.

Reported-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
 tools/objtool/builtin-check.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
index f789621cbdba..a688a857a7ae 100644
--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -1230,6 +1230,14 @@ static int validate_uncallable_instructions(struct objtool_file *file)
 
 	for_each_insn(file, insn) {
 		if (!insn->visited && insn->type == INSN_RETURN) {
+
+			/*
+			 * Don't warn about call instructions in unvisited
+			 * retpoline alternatives.
+			 */
+			if (!strcmp(insn->sec->name, ".altinstr_replacement"))
+				continue;
+
 			WARN_FUNC("return instruction outside of a callable function",
 				  insn->sec, insn->offset);
 			warnings++;
-- 
2.14.3

Patch "objtool: Fix retpoline support for pre-ORC objtool" has been added to the 4.9-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    objtool: Fix retpoline support for pre-ORC objtool

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     objtool-fix-retpoline-support-for-pre-orc-objtool.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From jpoimboe@redhat.com  Mon Jan 15 18:44:58 2018
From: Josh Poimboeuf <jpoimboe@redhat.com>
Date: Mon, 15 Jan 2018 11:00:54 -0600
Subject: objtool: Fix retpoline support for pre-ORC objtool
To: David Woodhouse <dwmw2@infradead.org>
Cc: gregkh@linuxfoundation.org, ak@linux.intel.com, dave.hansen@intel.com, gregkh@linux-foundation.org, jikos@kernel.org, keescook@google.com, luto@amacapital.net, peterz@infradead.org, pjt@google.com, riel@redhat.com, tglx@linutronix.de, tim.c.chen@linux.intel.com, torvalds@linux-foundation.org, stable@vger.kernel.org, stable-commits@vger.kernel.org
Message-ID: <20180115170054.6baepkgihtla4nub@treble>
Content-Disposition: inline

From: Josh Poimboeuf <jpoimboe@redhat.com>

Objtool 1.0 (pre-ORC) produces the following warning when it encounters
a retpoline:

  arch/x86/crypto/camellia-aesni-avx2-asm_64.o: warning: objtool: .altinstr_replacement+0xf: return instruction outside of a callable function

That warning is meant to catch GCC bugs and missing ENTRY/ENDPROC
annotations, neither of which are applicable to alternatives.  Silence
the warning for alternative instructions, just like objtool 2.0 already
does.

Reported-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/objtool/builtin-check.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -1230,6 +1230,14 @@ static int validate_uncallable_instructi
 
 	for_each_insn(file, insn) {
 		if (!insn->visited && insn->type == INSN_RETURN) {
+
+			/*
+			 * Don't warn about call instructions in unvisited
+			 * retpoline alternatives.
+			 */
+			if (!strcmp(insn->sec->name, ".altinstr_replacement"))
+				continue;
+
 			WARN_FUNC("return instruction outside of a callable function",
 				  insn->sec, insn->offset);
 			warnings++;


Patches currently in stable-queue which might be from jpoimboe@redhat.com are

queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch
queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch
queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch
queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch
queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch
queue-4.9/x86-asm-use-register-variable-to-get-stack-pointer-value.patch
queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch
queue-4.9/objtool-modules-discard-objtool-annotation-sections-for-modules.patch
queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch
queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch
queue-4.9/objtool-allow-alternatives-to-be-ignored.patch
queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch
queue-4.9/selftests-x86-add-test_vsyscall.patch
queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch
queue-4.9/x86-cpu-merge-bugs.c-and-bugs_64.c.patch
queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch
queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch
queue-4.9/x86-retpoline-remove-compile-time-warning.patch
queue-4.9/objtool-fix-retpoline-support-for-pre-orc-objtool.patch
queue-4.9/x86-retpoline-add-initial-retpoline-support.patch

Re: Patch "objtool: Allow alternatives to be ignored" has been added to the 4.9-stable tree

[Greg KH]

On Mon, Jan 15, 2018 at 11:00:54AM -0600, Josh Poimboeuf wrote:
> On Mon, Jan 15, 2018 at 12:55:11PM +0100, David Woodhouse wrote:
> > On Mon, 2018-01-15 at 10:06 +0100, gregkh@linuxfoundation.org wrote:
> > > This is a note to let you know that I've just added the patch titled
> > > 
> > > ����objtool: Allow alternatives to be ignored
> > > 
> > > to the 4.9-stable tree which can be found at:
> > > ����http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> > > 
> > > The filename of the patch is:
> > > �����objtool-allow-alternatives-to-be-ignored.patch
> > > and it can be found in the queue-4.9 subdirectory.
> > 
> > Hm... they aren't being ignored entirely.
> > 
> > arch/x86/crypto/camellia-aesni-avx2-asm_64.o: warning: objtool: .altinstr_replacement+0xf: return instruction outside of a callable function
> > 
> > Josh?
> 
> This should fix it (to be applied on top):
> 
> ----
> 
> From: Josh Poimboeuf <jpoimboe@redhat.com>
> Subject: [PATCH] objtool: Fix retpoline support for pre-ORC objtool
> 
> Objtool 1.0 (pre-ORC) produces the following warning when it encounters
> a retpoline:
> 
>   arch/x86/crypto/camellia-aesni-avx2-asm_64.o: warning: objtool: .altinstr_replacement+0xf: return instruction outside of a callable function
> 
> That warning is meant to catch GCC bugs and missing ENTRY/ENDPROC
> annotations, neither of which are applicable to alternatives.  Silence
> the warning for alternative instructions, just like objtool 2.0 already
> does.
> 
> Reported-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
> ---
>  tools/objtool/builtin-check.c | 8 ++++++++
>  1 file changed, 8 insertions(+)

Wonderful!  Thanks so much for this, it works great for me, now queued up.

greg k-h