From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Josh Poimboeuf <jpoimboe@redhat.com>,
Andy Lutomirski <luto@kernel.org>, Jiri Slaby <jslaby@suse.cz>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
live-patching@vger.kernel.org, Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.9 26/29] objtool, x86: Add several functions and files to the objtool whitelist
Date: Mon, 4 Jun 2018 08:58:22 +0200 [thread overview]
Message-ID: <20180604065803.204648624@linuxfoundation.org> (raw)
In-Reply-To: <20180604065802.157744637@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josh Poimboeuf <jpoimboe@redhat.com>
commit c207aee48037abca71c669cbec407b9891965c34 upstream.
In preparation for an objtool rewrite which will have broader checks,
whitelist functions and files which cause problems because they do
unusual things with the stack.
These whitelists serve as a TODO list for which functions and files
don't yet have undwarf unwinder coverage. Eventually most of the
whitelists can be removed in favor of manual CFI hint annotations or
objtool improvements.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: live-patching@vger.kernel.org
Link: http://lkml.kernel.org/r/7f934a5d707a574bda33ea282e9478e627fb1829.1498659915.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/crypto/Makefile | 2 ++
arch/x86/crypto/sha1-mb/Makefile | 2 ++
arch/x86/crypto/sha256-mb/Makefile | 2 ++
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/acpi/Makefile | 2 ++
arch/x86/kernel/kprobes/opt.c | 9 ++++++++-
arch/x86/kernel/reboot.c | 2 ++
arch/x86/kvm/svm.c | 2 ++
arch/x86/kvm/vmx.c | 3 +++
arch/x86/lib/msr-reg.S | 8 ++++----
arch/x86/net/Makefile | 2 ++
arch/x86/platform/efi/Makefile | 1 +
arch/x86/power/Makefile | 2 ++
arch/x86/xen/Makefile | 3 +++
kernel/kexec_core.c | 4 +++-
15 files changed, 39 insertions(+), 6 deletions(-)
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -2,6 +2,8 @@
# Arch-specific CryptoAPI modules.
#
+OBJECT_FILES_NON_STANDARD := y
+
avx_supported := $(call as-instr,vpxor %xmm0$(comma)%xmm0$(comma)%xmm0,yes,no)
avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
$(comma)4)$(comma)%ymm2,yes,no)
--- a/arch/x86/crypto/sha1-mb/Makefile
+++ b/arch/x86/crypto/sha1-mb/Makefile
@@ -2,6 +2,8 @@
# Arch-specific CryptoAPI modules.
#
+OBJECT_FILES_NON_STANDARD := y
+
avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
$(comma)4)$(comma)%ymm2,yes,no)
ifeq ($(avx2_supported),yes)
--- a/arch/x86/crypto/sha256-mb/Makefile
+++ b/arch/x86/crypto/sha256-mb/Makefile
@@ -2,6 +2,8 @@
# Arch-specific CryptoAPI modules.
#
+OBJECT_FILES_NON_STANDARD := y
+
avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
$(comma)4)$(comma)%ymm2,yes,no)
ifeq ($(avx2_supported),yes)
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -29,6 +29,7 @@ OBJECT_FILES_NON_STANDARD_head_$(BITS).o
OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y
OBJECT_FILES_NON_STANDARD_mcount_$(BITS).o := y
OBJECT_FILES_NON_STANDARD_test_nx.o := y
+OBJECT_FILES_NON_STANDARD_paravirt_patch_$(BITS).o := y
# If instrumentation of this dir is enabled, boot hangs during first second.
# Probably could be more selective here, but note that files related to irqs,
--- a/arch/x86/kernel/acpi/Makefile
+++ b/arch/x86/kernel/acpi/Makefile
@@ -1,3 +1,5 @@
+OBJECT_FILES_NON_STANDARD_wakeup_$(BITS).o := y
+
obj-$(CONFIG_ACPI) += boot.o
obj-$(CONFIG_ACPI_SLEEP) += sleep.o wakeup_$(BITS).o
obj-$(CONFIG_ACPI_APEI) += apei.o
--- a/arch/x86/kernel/kprobes/opt.c
+++ b/arch/x86/kernel/kprobes/opt.c
@@ -28,6 +28,7 @@
#include <linux/kdebug.h>
#include <linux/kallsyms.h>
#include <linux/ftrace.h>
+#include <linux/frame.h>
#include <asm/text-patching.h>
#include <asm/cacheflush.h>
@@ -91,6 +92,7 @@ static void synthesize_set_arg1(kprobe_o
}
asm (
+ "optprobe_template_func:\n"
".global optprobe_template_entry\n"
"optprobe_template_entry:\n"
#ifdef CONFIG_X86_64
@@ -128,7 +130,12 @@ asm (
" popf\n"
#endif
".global optprobe_template_end\n"
- "optprobe_template_end:\n");
+ "optprobe_template_end:\n"
+ ".type optprobe_template_func, @function\n"
+ ".size optprobe_template_func, .-optprobe_template_func\n");
+
+void optprobe_template_func(void);
+STACK_FRAME_NON_STANDARD(optprobe_template_func);
#define TMPL_MOVE_IDX \
((long)&optprobe_template_val - (long)&optprobe_template_entry)
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -9,6 +9,7 @@
#include <linux/sched.h>
#include <linux/tboot.h>
#include <linux/delay.h>
+#include <linux/frame.h>
#include <acpi/reboot.h>
#include <asm/io.h>
#include <asm/apic.h>
@@ -127,6 +128,7 @@ void __noreturn machine_real_restart(uns
#ifdef CONFIG_APM_MODULE
EXPORT_SYMBOL(machine_real_restart);
#endif
+STACK_FRAME_NON_STANDARD(machine_real_restart);
/*
* Some Apple MacBook and MacBookPro's needs reboot=p to be able to reboot
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -36,6 +36,7 @@
#include <linux/slab.h>
#include <linux/amd-iommu.h>
#include <linux/hashtable.h>
+#include <linux/frame.h>
#include <asm/apic.h>
#include <asm/perf_event.h>
@@ -5111,6 +5112,7 @@ static void svm_vcpu_run(struct kvm_vcpu
mark_all_clean(svm->vmcb);
}
+STACK_FRAME_NON_STANDARD(svm_vcpu_run);
static void svm_set_cr3(struct kvm_vcpu *vcpu, unsigned long root)
{
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -33,6 +33,7 @@
#include <linux/slab.h>
#include <linux/tboot.h>
#include <linux/hrtimer.h>
+#include <linux/frame.h>
#include <linux/nospec.h>
#include "kvm_cache_regs.h"
#include "x86.h"
@@ -8698,6 +8699,7 @@ static void vmx_handle_external_intr(str
);
}
}
+STACK_FRAME_NON_STANDARD(vmx_handle_external_intr);
static bool vmx_has_emulated_msr(int index)
{
@@ -9138,6 +9140,7 @@ static void __noclone vmx_vcpu_run(struc
vmx_recover_nmi_blocking(vmx);
vmx_complete_interrupts(vmx);
}
+STACK_FRAME_NON_STANDARD(vmx_vcpu_run);
static void vmx_load_vmcs01(struct kvm_vcpu *vcpu)
{
--- a/arch/x86/lib/msr-reg.S
+++ b/arch/x86/lib/msr-reg.S
@@ -13,14 +13,14 @@
.macro op_safe_regs op
ENTRY(\op\()_safe_regs)
pushq %rbx
- pushq %rbp
+ pushq %r12
movq %rdi, %r10 /* Save pointer */
xorl %r11d, %r11d /* Return value */
movl (%rdi), %eax
movl 4(%rdi), %ecx
movl 8(%rdi), %edx
movl 12(%rdi), %ebx
- movl 20(%rdi), %ebp
+ movl 20(%rdi), %r12d
movl 24(%rdi), %esi
movl 28(%rdi), %edi
1: \op
@@ -29,10 +29,10 @@ ENTRY(\op\()_safe_regs)
movl %ecx, 4(%r10)
movl %edx, 8(%r10)
movl %ebx, 12(%r10)
- movl %ebp, 20(%r10)
+ movl %r12d, 20(%r10)
movl %esi, 24(%r10)
movl %edi, 28(%r10)
- popq %rbp
+ popq %r12
popq %rbx
ret
3:
--- a/arch/x86/net/Makefile
+++ b/arch/x86/net/Makefile
@@ -1,4 +1,6 @@
#
# Arch-specific network modules
#
+OBJECT_FILES_NON_STANDARD_bpf_jit.o += y
+
obj-$(CONFIG_BPF_JIT) += bpf_jit.o bpf_jit_comp.o
--- a/arch/x86/platform/efi/Makefile
+++ b/arch/x86/platform/efi/Makefile
@@ -1,4 +1,5 @@
OBJECT_FILES_NON_STANDARD_efi_thunk_$(BITS).o := y
+OBJECT_FILES_NON_STANDARD_efi_stub_$(BITS).o := y
obj-$(CONFIG_EFI) += quirks.o efi.o efi_$(BITS).o efi_stub_$(BITS).o
obj-$(CONFIG_ACPI_BGRT) += efi-bgrt.o
--- a/arch/x86/power/Makefile
+++ b/arch/x86/power/Makefile
@@ -1,3 +1,5 @@
+OBJECT_FILES_NON_STANDARD_hibernate_asm_$(BITS).o := y
+
# __restore_processor_state() restores %gs after S3 resume and so should not
# itself be stack-protected
nostackp := $(call cc-option, -fno-stack-protector)
--- a/arch/x86/xen/Makefile
+++ b/arch/x86/xen/Makefile
@@ -1,3 +1,6 @@
+OBJECT_FILES_NON_STANDARD_xen-asm_$(BITS).o := y
+OBJECT_FILES_NON_STANDARD_xen-pvh.o := y
+
ifdef CONFIG_FUNCTION_TRACER
# Do not profile debug and lowlevel utilities
CFLAGS_REMOVE_spinlock.o = -pg
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -38,6 +38,7 @@
#include <linux/syscore_ops.h>
#include <linux/compiler.h>
#include <linux/hugetlb.h>
+#include <linux/frame.h>
#include <asm/page.h>
#include <asm/sections.h>
@@ -878,7 +879,7 @@ int kexec_load_disabled;
* only when panic_cpu holds the current CPU number; this is the only CPU
* which processes crash_kexec routines.
*/
-void __crash_kexec(struct pt_regs *regs)
+void __noclone __crash_kexec(struct pt_regs *regs)
{
/* Take the kexec_mutex here to prevent sys_kexec_load
* running on one cpu from replacing the crash kernel
@@ -900,6 +901,7 @@ void __crash_kexec(struct pt_regs *regs)
mutex_unlock(&kexec_mutex);
}
}
+STACK_FRAME_NON_STANDARD(__crash_kexec);
void crash_kexec(struct pt_regs *regs)
{
next prev parent reply other threads:[~2018-06-04 7:00 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-04 6:57 [PATCH 4.9 00/29] 4.9.106-stable review Greg Kroah-Hartman
2018-06-04 6:57 ` [PATCH 4.9 01/29] objtool: Improve detection of BUG() and other dead ends Greg Kroah-Hartman
2018-06-04 6:57 ` [PATCH 4.9 02/29] objtool: Move checking code to check.c Greg Kroah-Hartman
2018-06-04 6:57 ` [PATCH 4.9 03/29] tools lib: Add for_each_clear_bit macro Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 04/29] tools: add more bitmap functions Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 05/29] tools: enable endian checks for all sparse builds Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 06/29] tools include: Introduce linux/compiler-gcc.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 07/29] radix tree test suite: Remove types.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 08/29] tools include: Adopt __compiletime_error Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 09/29] tools include: Introduce atomic_cmpxchg_{relaxed,release}() Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 10/29] tools include: Add UINT_MAX def to kernel.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 11/29] tools include: Adopt kernels refcount.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 12/29] perf tools: Force fixdep compilation at the start of the build Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 13/29] perf tools: Move headers check into bash script Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 14/29] tools include uapi: Grab copies of stat.h and fcntl.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 15/29] tools include: Introduce linux/bug.h, from the kernel sources Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 16/29] tools include: Adopt __same_type() and __must_be_array() from the kernel Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 17/29] tools include: Move ARRAY_SIZE() to linux/kernel.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 18/29] tools include: Drop ARRAY_SIZE() definition from linux/hashtable.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 19/29] tools include: Include missing headers for fls() and types in linux/log2.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 20/29] objtool: sync up with the 4.14.47 version of objtool Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 21/29] objtool: Support GCC 8s cold subfunctions Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 22/29] objtool: Support GCC 8 switch tables Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 23/29] objtool: Detect RIP-relative switch table references Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 24/29] objtool: Detect RIP-relative switch table references, part 2 Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 25/29] objtool: Fix "noreturn" detection for recursive sibling calls Greg Kroah-Hartman
2018-06-04 6:58 ` Greg Kroah-Hartman [this message]
2018-06-04 6:58 ` [PATCH 4.9 27/29] perf/tools: header file sync up Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 28/29] objtool: header file sync-up Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 29/29] x86/xen: Add unwind hint annotations to xen_setup_gdt Greg Kroah-Hartman
2018-06-04 10:15 ` [PATCH 4.9 00/29] 4.9.106-stable review Guenter Roeck
2018-06-04 11:27 ` Greg Kroah-Hartman
2018-06-04 12:21 ` Greg Kroah-Hartman
2018-06-04 16:16 ` Guenter Roeck
2018-06-04 16:54 ` Guenter Roeck
2018-06-04 16:57 ` Greg Kroah-Hartman
2018-06-04 17:04 ` Guenter Roeck
2018-06-04 16:58 ` Greg Kroah-Hartman
2018-06-04 19:46 ` Shuah Khan
2018-06-05 6:14 ` Naresh Kamboju
[not found] ` <5b152b7c.1c69fb81.3f04a.096f@mx.google.com>
[not found] ` <7hr2lmjgcd.fsf@baylibre.com>
2018-06-05 10:51 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180604065803.204648624@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jpoimboe@redhat.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).