Hi, another week, another series.
Since last time:
- fixed and tested kexec (redgecomb)
- s/4*HAS_KERNEL_IBT/ENDBR_INSN_SIZE/ (jpoimboe)
- re-arranged Xen patches to avoid churn (andyhpp)
- folded IBT_SEAL Kconfig and objtool options (jpoimboe)
- dropped direct call/jmp rewrite from objtool (jpoimboe)
- dropped UD1 poison (jpoimboe)
- fixed kprobe selftests (masami,naveen)
- fixed ftrace selftests (rostedt)
- simplified CET/INT3 selftests (jpoimboe)
- boot time msg on IBT (kees)
- objtool WARN_FUNC sym+off fallback (jpoimboe)
- picked up tags for unchanged patches
- probably more
Supposedly clang-14-rc2 will work on this series, I'll validate the moment the
Debian package gets updated.
Patches go on top of tip/master + arm64/for-next/linkage. Also available here:
git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/wip.ibt
Enjoy!
---
arch/powerpc/include/asm/livepatch.h | 10 -
arch/powerpc/kernel/kprobes.c | 34 +--
arch/um/kernel/um_arch.c | 4 +
arch/x86/Kconfig | 27 +++
arch/x86/Makefile | 7 +-
arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +
arch/x86/entry/entry_64.S | 27 ++-
arch/x86/entry/entry_64_compat.S | 5 +
arch/x86/include/asm/alternative.h | 1 +
arch/x86/include/asm/cpu.h | 4 +
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/efi.h | 9 +-
arch/x86/include/asm/ibt.h | 92 ++++++++
arch/x86/include/asm/idtentry.h | 25 +-
arch/x86/include/asm/irqflags.h | 5 -
arch/x86/include/asm/linkage.h | 39 ++++
arch/x86/include/asm/msr-index.h | 20 +-
arch/x86/include/asm/paravirt.h | 1 +
arch/x86/include/asm/paravirt_types.h | 1 -
arch/x86/include/asm/qspinlock_paravirt.h | 3 +
arch/x86/include/asm/segment.h | 5 +-
arch/x86/include/asm/setup.h | 3 +-
arch/x86/include/asm/text-patching.h | 30 ++-
arch/x86/include/asm/traps.h | 2 +
arch/x86/include/uapi/asm/processor-flags.h | 2 +
arch/x86/kernel/alternative.c | 57 ++++-
arch/x86/kernel/apm_32.c | 7 +
arch/x86/kernel/cpu/bugs.c | 13 ++
arch/x86/kernel/cpu/common.c | 59 ++++-
arch/x86/kernel/ftrace.c | 9 +-
arch/x86/kernel/ftrace_64.S | 23 +-
arch/x86/kernel/head_64.S | 14 +-
arch/x86/kernel/idt.c | 9 +-
arch/x86/kernel/kprobes/core.c | 29 ++-
arch/x86/kernel/kvm.c | 3 +-
arch/x86/kernel/machine_kexec_64.c | 2 +
arch/x86/kernel/module.c | 21 +-
arch/x86/kernel/paravirt.c | 29 +--
arch/x86/kernel/relocate_kernel_64.S | 10 +
arch/x86/kernel/traps.c | 61 +++++
arch/x86/kernel/vmlinux.lds.S | 9 +
arch/x86/kvm/emulate.c | 6 +-
arch/x86/lib/error-inject.c | 2 +
arch/x86/lib/retpoline.S | 1 +
arch/x86/net/bpf_jit_comp.c | 16 +-
arch/x86/xen/enlighten_pv.c | 10 +-
arch/x86/xen/xen-asm.S | 10 +
arch/x86/xen/xen-head.S | 8 +-
include/asm-generic/vmlinux.lds.h | 4 +
include/linux/cfi.h | 11 +-
include/linux/kprobes.h | 3 +-
include/linux/objtool.h | 16 ++
kernel/bpf/trampoline.c | 20 +-
kernel/kprobes.c | 66 ++++--
kernel/livepatch/patch.c | 19 +-
kernel/trace/ftrace.c | 34 ++-
samples/ftrace/ftrace-direct-modify.c | 5 +
samples/ftrace/ftrace-direct-multi-modify.c | 10 +-
samples/ftrace/ftrace-direct-multi.c | 5 +-
samples/ftrace/ftrace-direct-too.c | 3 +
samples/ftrace/ftrace-direct.c | 3 +
scripts/Makefile.build | 44 +---
scripts/Makefile.lib | 56 +++++
scripts/Makefile.modfinal | 1 +
scripts/link-vmlinux.sh | 12 +-
tools/objtool/arch/x86/decode.c | 34 ++-
tools/objtool/builtin-check.c | 8 +-
tools/objtool/check.c | 346 +++++++++++++++++++++++++++-
tools/objtool/elf.c | 3 +
tools/objtool/include/objtool/arch.h | 1 +
tools/objtool/include/objtool/builtin.h | 3 +-
tools/objtool/include/objtool/check.h | 14 +-
tools/objtool/include/objtool/objtool.h | 4 +
tools/objtool/include/objtool/warn.h | 2 +
tools/objtool/objtool.c | 1 +
75 files changed, 1254 insertions(+), 242 deletions(-)
On Fri, Mar 04, 2022 at 11:09:58AM -0800, Josh Poimboeuf wrote:
> I'm getting some warnings with CONFIG_X86_KERNEL_IBT=n:
>
> arch/x86/entry/entry_64.o: warning: objtool: irq_entries_start()+0x7: unreachable instruction
> arch/x86/kernel/ftrace_64.o: warning: objtool: return_to_handler()+0x2a: unreachable instruction
Urgh, lemme go chase that.
> And a warning with CONFIG_X86_KERNEL_IBT=y:
>
> vmlinux.o: warning: objtool: .text+0xaf0: unreachable instruction
This is that weak symbol issue :/ We talked about it on IRC, but i've
not yet come around to fixing it.
This is mostly a pre-existing issue, only uncovered because we run on
vmlinux more..
On Thu, Mar 03, 2022 at 12:23:21PM +0100, Peter Zijlstra wrote:
> Hi, another week, another series.
>
> Since last time:
>
> - fixed and tested kexec (redgecomb)
> - s/4*HAS_KERNEL_IBT/ENDBR_INSN_SIZE/ (jpoimboe)
> - re-arranged Xen patches to avoid churn (andyhpp)
> - folded IBT_SEAL Kconfig and objtool options (jpoimboe)
> - dropped direct call/jmp rewrite from objtool (jpoimboe)
> - dropped UD1 poison (jpoimboe)
> - fixed kprobe selftests (masami,naveen)
> - fixed ftrace selftests (rostedt)
> - simplified CET/INT3 selftests (jpoimboe)
> - boot time msg on IBT (kees)
> - objtool WARN_FUNC sym+off fallback (jpoimboe)
> - picked up tags for unchanged patches
> - probably more
>
> Supposedly clang-14-rc2 will work on this series, I'll validate the moment the
> Debian package gets updated.
>
> Patches go on top of tip/master + arm64/for-next/linkage. Also available here:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/wip.ibt
I'm getting some warnings with CONFIG_X86_KERNEL_IBT=n:
arch/x86/entry/entry_64.o: warning: objtool: irq_entries_start()+0x7: unreachable instruction
arch/x86/kernel/ftrace_64.o: warning: objtool: return_to_handler()+0x2a: unreachable instruction
And a warning with CONFIG_X86_KERNEL_IBT=y:
vmlinux.o: warning: objtool: .text+0xaf0: unreachable instruction
And if I remove the per-file limiting on "unreachable instruction"
warnings, I get a boat-load more warnings for vmlinux.o.
The last two patches (IBT sealing) aren't going to be viable until all
the "unreachable instruction" warnings get cleaned up, because that
means we have missing coverage.
--
Josh
On Fri, Mar 04, 2022 at 11:09:58AM -0800, Josh Poimboeuf wrote:
> On Thu, Mar 03, 2022 at 12:23:21PM +0100, Peter Zijlstra wrote:
> > Hi, another week, another series.
> >
> > Since last time:
> >
> > - fixed and tested kexec (redgecomb)
> > - s/4*HAS_KERNEL_IBT/ENDBR_INSN_SIZE/ (jpoimboe)
> > - re-arranged Xen patches to avoid churn (andyhpp)
> > - folded IBT_SEAL Kconfig and objtool options (jpoimboe)
> > - dropped direct call/jmp rewrite from objtool (jpoimboe)
> > - dropped UD1 poison (jpoimboe)
> > - fixed kprobe selftests (masami,naveen)
> > - fixed ftrace selftests (rostedt)
> > - simplified CET/INT3 selftests (jpoimboe)
> > - boot time msg on IBT (kees)
> > - objtool WARN_FUNC sym+off fallback (jpoimboe)
> > - picked up tags for unchanged patches
> > - probably more
> >
> > Supposedly clang-14-rc2 will work on this series, I'll validate the moment the
> > Debian package gets updated.
> >
> > Patches go on top of tip/master + arm64/for-next/linkage. Also available here:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/wip.ibt
>
> I'm getting some warnings with CONFIG_X86_KERNEL_IBT=n:
>
> arch/x86/entry/entry_64.o: warning: objtool: irq_entries_start()+0x7: unreachable instruction
> arch/x86/kernel/ftrace_64.o: warning: objtool: return_to_handler()+0x2a: unreachable instruction
Blergh, those are INT3 instructions, the first is the LDT stub padding
while the second is that INT3 you asked about earlier.
I can mark then all using SLS style rules, but that then triggers:
arch/x86/kernel/reboot.o: warning: objtool: native_machine_emergency_restart()+0x8f: BUG: why am I validating an ignored function?
which does horrible things on purpose to tickle a tripple fault in order
to reboot the machine.
Perhaps we should ignore INT3 by default, just like NOP ?