Hi,
This series enables objtool to start doing stack validation on arm64
kernel builds.
The work for objtool has been stopped for a while. Julien and
Raphael worked for this [1] but it seems now nobody is carrying it
on.
To re-bring it to people's vision, this v3 update just makes some
simply changes including rebasing to mainline, code cleanning and
one bug fix.
Previous patch had finished the decoder part of objtool. It passed
my building test with allyesconfig and only few of objfile report
error. Julien had some unorganized commits in his repo [2], mainly
about changes to arm64 code to eliminate some of these errors.
While fixing these problems in next version, I'm also planning to
implement the orc unwinder for arm64, then we can completely test
everything on arm64.
[1] https://lkml.org/lkml/2021/3/3/1135
[2] https://github.com/julien-thierry/linux.git
---
Changs v2 -> v3:
- [04] rebase Julien's version to mainstream and solve conflicts.
- [05, 06, 08] Merge dumplicate "*type = INSN_OTHER".
- [08, 09, 10] When meeting unrecognized instructions such as datas
in .text code or 0x0 padding insns, last version used
"loc->ignorable" to mark and remove them from objtool insn list.
However there are two problems to do so:
1. when meeting insns can't be decoded or excluded, objtool will
just stop.
2. deleting every insn can cause problems in fellow procedure.
So I changed "record_invalid_insn" that we can delete one insn or
just set it ignored. Now check will throw an error and going on when
meeting undecodable instructions. Also, to prevent the confusion
between "loc->ignorable" and "insn->ignore" I changed "ignore" to
"delete".
Changs v1 -> v2:
- Drop gcc plugin in favor of -fno-jump-tables
- miscelaneous fixes and cleanups
--->
Julien Thierry (12):
tools: Add some generic functions and headers
tools: arm64: Make aarch64 instruction decoder available to tools
tools: bug: Remove duplicate definition
objtool: arm64: Add base definition for arm64 backend
objtool: arm64: Decode add/sub instructions
objtool: arm64: Decode jump and call related instructions
objtool: arm64: Decode other system instructions
objtool: arm64: Decode load/store instructions
objtool: arm64: Decode LDR instructions
objtool: arm64: Accept non-instruction data in code sections
objtool: arm64: Handle supported relocations in alternatives
objtool: arm64: Ignore replacement section for alternative callback
Raphael Gault (1):
objtool: arm64: Enable stack validation for arm64
arch/arm64/Kconfig | 1 +
arch/arm64/Makefile | 4 +
tools/arch/arm64/include/asm/insn.h | 565 +++++++
tools/arch/arm64/lib/insn.c | 1464 +++++++++++++++++
tools/include/asm-generic/bitops/__ffs.h | 11 +
tools/include/linux/bug.h | 6 +-
tools/include/linux/kernel.h | 21 +
tools/include/linux/printk.h | 40 +
tools/objtool/Makefile | 5 +
tools/objtool/arch/arm64/Build | 8 +
tools/objtool/arch/arm64/decode.c | 500 ++++++
.../arch/arm64/include/arch/cfi_regs.h | 14 +
tools/objtool/arch/arm64/include/arch/elf.h | 8 +
.../arch/arm64/include/arch/endianness.h | 9 +
.../objtool/arch/arm64/include/arch/special.h | 22 +
tools/objtool/arch/arm64/special.c | 36 +
tools/objtool/arch/x86/decode.c | 5 +
tools/objtool/check.c | 6 +
tools/objtool/include/objtool/arch.h | 3 +
tools/objtool/sync-check.sh | 5 +
20 files changed, 2728 insertions(+), 5 deletions(-)
create mode 100644 tools/arch/arm64/include/asm/insn.h
create mode 100644 tools/arch/arm64/lib/insn.c
create mode 100644 tools/include/linux/printk.h
create mode 100644 tools/objtool/arch/arm64/Build
create mode 100644 tools/objtool/arch/arm64/decode.c
create mode 100644 tools/objtool/arch/arm64/include/arch/cfi_regs.h
create mode 100644 tools/objtool/arch/arm64/include/arch/elf.h
create mode 100644 tools/objtool/arch/arm64/include/arch/endianness.h
create mode 100644 tools/objtool/arch/arm64/include/arch/special.h
create mode 100644 tools/objtool/arch/arm64/special.c
--
2.17.1
From: Julien Thierry <[email protected]>
Under tools, bug.h only defines BUILD_BUG_ON_ZERO() which is already
defined in build_bug.h. This prevents a file to include both headers at
the same time.
Have bug.h include build_bug.h instead.
Signed-off-by: Julien Thierry <[email protected]>
---
tools/include/linux/bug.h | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/tools/include/linux/bug.h b/tools/include/linux/bug.h
index 85f80258a15f..548be7cffa8e 100644
--- a/tools/include/linux/bug.h
+++ b/tools/include/linux/bug.h
@@ -2,10 +2,6 @@
#ifndef _TOOLS_PERF_LINUX_BUG_H
#define _TOOLS_PERF_LINUX_BUG_H
-/* Force a compilation error if condition is true, but also produce a
- result (of value 0 and type size_t), so the expression can be used
- e.g. in a structure initializer (or where-ever else comma expressions
- aren't permitted). */
-#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
+#include <linux/build_bug.h>
#endif /* _TOOLS_PERF_LINUX_BUG_H */
--
2.17.1
From: Raphael Gault <[email protected]>
Add build option to run stack validation at compile time.
When requiring stack validation, jump tables are disabled as it
simplifies objtool analysis (without having to introduce unreliable
artifacs). In local testing, this does not appear to significaly
affect final binary size nor system performance.
Signed-off-by: Raphael Gault <[email protected]>
Signed-off-by: Julien Thierry <[email protected]>
---
arch/arm64/Kconfig | 1 +
arch/arm64/Makefile | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 23048be0333b..119cfce4117f 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -201,6 +201,7 @@ config ARM64
select MMU_GATHER_RCU_TABLE_FREE
select HAVE_RSEQ
select HAVE_STACKPROTECTOR
+ select HAVE_STACK_VALIDATION
select HAVE_SYSCALL_TRACEPOINTS
select HAVE_KPROBES
select HAVE_KRETPROBES
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 2f1de88651e6..ad2f4a5e8f6c 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -133,6 +133,10 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y)
CC_FLAGS_FTRACE := -fpatchable-function-entry=2
endif
+ifeq ($(CONFIG_STACK_VALIDATION),y)
+KBUILD_CFLAGS += -fno-jump-tables
+endif
+
# Default value
head-y := arch/arm64/kernel/head.o
--
2.17.1
From: Julien Thierry <[email protected]>
ARM64_CB_PATCH doesn't have static replacement instructions. Skip
trying to validate the alternative section.
Signed-off-by: Julien Thierry <[email protected]>
---
tools/objtool/arch/arm64/special.c | 11 +++++++++++
tools/objtool/check.c | 3 +++
2 files changed, 14 insertions(+)
diff --git a/tools/objtool/arch/arm64/special.c b/tools/objtool/arch/arm64/special.c
index a70b91e8bd7d..8bb1ebd2132a 100644
--- a/tools/objtool/arch/arm64/special.c
+++ b/tools/objtool/arch/arm64/special.c
@@ -4,6 +4,17 @@
void arch_handle_alternative(unsigned short feature, struct special_alt *alt)
{
+ /*
+ * ARM64_CB_PATCH has no alternative instruction.
+ * a callback is called at alternative replacement time
+ * to dynamically change the original instructions.
+ *
+ * ARM64_CB_PATCH is the last ARM64 feature, it's value changes
+ * every time a new feature is added. So the orig/alt region
+ * length are used to detect those alternatives
+ */
+ if (alt->orig_len && !alt->new_len)
+ alt->skip_alt = true;
}
bool arch_support_alt_relocation(struct special_alt *special_alt,
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index b2135da41f48..596974030382 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -1647,6 +1647,9 @@ static int add_special_section_alts(struct objtool_file *file)
continue;
}
+ if (special_alt->skip_alt && !special_alt->new_len)
+ continue;
+
ret = handle_group_alt(file, special_alt, orig_insn,
&new_insn);
if (ret)
--
2.17.1