Make stack validation an explicit cmdline option so that individual
objtool features can be enabled individually by other arches.
Signed-off-by: Josh Poimboeuf <[email protected]>
---
scripts/Makefile.build | 1 +
scripts/link-vmlinux.sh | 4 ++++
tools/objtool/builtin-check.c | 2 ++
tools/objtool/check.c | 28 +++++++++++++------------
tools/objtool/include/objtool/builtin.h | 1 +
5 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 116c7272b41c..d5e15ae29156 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -232,6 +232,7 @@ objtool_args = \
$(if $(CONFIG_UNWINDER_ORC), --orc) \
$(if $(CONFIG_RETPOLINE), --retpoline) \
$(if $(CONFIG_SLS), --sls) \
+ $(if $(CONFIG_STACK_VALIDATION), --stackval) \
$(if $(CONFIG_X86_SMAP), --uaccess) \
$(if $(part-of-module), --module) \
$(if $(CONFIG_FRAME_POINTER),, --no-fp) \
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index f6db79b11573..0140bfa32c0c 100755
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -126,6 +126,10 @@ objtool_link()
objtoolopt="${objtoolopt} --orc"
fi
+ if is_enabled CONFIG_STACK_VALIDATION; then
+ objtoolopt="${objtoolopt} --stackval"
+ fi
+
objtoolopt="${objtoolopt} --lto"
fi
diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
index 3df46e9b4b03..a6a86e2d0598 100644
--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -44,6 +44,7 @@ const struct option check_options[] = {
OPT_BOOLEAN('o', "orc", &opts.orc, "generate ORC metadata"),
OPT_BOOLEAN('r', "retpoline", &opts.retpoline, "validate and annotate retpoline usage"),
OPT_BOOLEAN('S', "sls", &opts.sls, "validate straight-line-speculation mitigations"),
+ OPT_BOOLEAN('s', "stackval", &opts.stackval, "validate stack unwinding rules"),
OPT_BOOLEAN('u', "uaccess", &opts.uaccess, "validate uaccess rules for SMAP"),
OPT_CALLBACK(0, "dump", NULL, "orc", "dump object data", parse_dumpstr),
@@ -96,6 +97,7 @@ static bool opts_valid(void)
opts.orc ||
opts.retpoline ||
opts.sls ||
+ opts.stackval ||
opts.uaccess) {
if (opts.dump) {
fprintf(stderr, "--dump can't be combined with other options\n");
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 490ed3560d99..bb25937b2d1c 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -3900,25 +3900,27 @@ int check(struct objtool_file *file)
warnings += ret;
}
- ret = validate_functions(file);
- if (ret < 0)
- goto out;
- warnings += ret;
-
- ret = validate_unwind_hints(file, NULL);
- if (ret < 0)
- goto out;
- warnings += ret;
+ if (opts.stackval || opts.orc || opts.uaccess) {
+ ret = validate_functions(file);
+ if (ret < 0)
+ goto out;
+ warnings += ret;
- if (opts.ibt) {
- ret = validate_ibt(file);
+ ret = validate_unwind_hints(file, NULL);
if (ret < 0)
goto out;
warnings += ret;
+
+ if (!warnings) {
+ ret = validate_reachable_instructions(file);
+ if (ret < 0)
+ goto out;
+ warnings += ret;
+ }
}
- if (!warnings) {
- ret = validate_reachable_instructions(file);
+ if (opts.ibt) {
+ ret = validate_ibt(file);
if (ret < 0)
goto out;
warnings += ret;
diff --git a/tools/objtool/include/objtool/builtin.h b/tools/objtool/include/objtool/builtin.h
index 0cac9bd6a97f..edb0f550727b 100644
--- a/tools/objtool/include/objtool/builtin.h
+++ b/tools/objtool/include/objtool/builtin.h
@@ -23,6 +23,7 @@ struct opts {
bool orc;
bool retpoline;
bool sls;
+ bool stackval;
bool uaccess;
/* options: */
--
2.34.1
On Wed, Apr 13, 2022 at 04:19:44PM -0700, Josh Poimboeuf wrote:
> + if (opts.stackval || opts.orc || opts.uaccess) {
> + ret = validate_functions(file);
> + if (ret < 0)
> + goto out;
> + warnings += ret;
>
> + ret = validate_unwind_hints(file, NULL);
> if (ret < 0)
> goto out;
> warnings += ret;
> +
> + if (!warnings) {
> + ret = validate_reachable_instructions(file);
> + if (ret < 0)
> + goto out;
> + warnings += ret;
> + }
> }
Doesn't SLS also depend on validate_functions() ?
On Thu, Apr 14, 2022 at 10:43:25AM +0200, Peter Zijlstra wrote:
> On Wed, Apr 13, 2022 at 04:19:44PM -0700, Josh Poimboeuf wrote:
> > + if (opts.stackval || opts.orc || opts.uaccess) {
> > + ret = validate_functions(file);
> > + if (ret < 0)
> > + goto out;
> > + warnings += ret;
> >
> > + ret = validate_unwind_hints(file, NULL);
> > if (ret < 0)
> > goto out;
> > warnings += ret;
> > +
> > + if (!warnings) {
> > + ret = validate_reachable_instructions(file);
> > + if (ret < 0)
> > + goto out;
> > + warnings += ret;
> > + }
> > }
>
> Doesn't SLS also depend on validate_functions() ?
Doh, I had the intention of splitting that out from validate_branch()
like I did for ibt.
--
Josh