Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3379503ybb;
        Mon, 6 Apr 2020 07:52:59 -0700 (PDT)
X-Google-Smtp-Source: APiQypKsLULIii50+UH9LkttpSXo7osk0RI+pze+ZTyLhL7cCSN1aEA6BdJLa4KUu26lil+ncgfK
X-Received: by 2002:aca:b854:: with SMTP id i81mr12613237oif.22.1586184778870;
        Mon, 06 Apr 2020 07:52:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1586184778; cv=none;
        d=google.com; s=arc-20160816;
        b=NHL0rPO/njxvCe6J4Z0qOuM2OjLk/hWC1WeQR3UBUkUG0tP5eQom6SD4iZPmt2SRWM
         uZXNxQRhBM8rBmeppRlROgiU8s58S5SbGLtx8TGRpjCEAExy9L0GASWstN58sbBMfZcx
         0fp8H31ygRom+MjvFgpanzIW64yE8zB5QjvIs5X4dAY+nrdGWQ6SRKjWCAbmEy2JsW48
         ICnSkBhWrm4EaN4xtG/auRoFk58V5ah5UrnJhvfJHCuHtb7aUFJfgtZu8ySCfWjOkB6x
         Fd9abQK/8ZFPb0Z0jkoyc0f3dDPvx8+VhsKJL9mfOMcVMuHF0xi/qjXinVIih9cA7YQB
         Ynug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:references:cc:to:from:subject:dkim-signature;
        bh=TSq08w3zBJ3WXbaxngAG7bWBdNx8iSe5Zcj/t0FI1rw=;
        b=TaQsHGUgpyvOq+gY1q5Az+ye9g6CdaydrFyh2yvIUinXomQRkfccOl/ljY9S86htL3
         Qg0C8eDVGJYO+PrieHwhUQzYsczUFMozqTKRrmlc6dm+OTKJdgB695P2KOgcsESIT2Pi
         9dQA1mgyTpk11QGD28G86iRcQhUOc0fM6ZNAIDrDqZA6YYCqERZR6lBP+DWr05RL+9lx
         zAeZMhf8IF1mBiwSou2pXutLIO5tWIw635SKt0+MYP6GsOedlGeklfYwpMyZfz0gDBzQ
         JZ5aOfFCoKYOPPO660JuHxVGpU8jF6g8Zyh85j3dQsBNa3AkLUkFVaFDqq3tzJTA0dBm
         J76g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=Ri0l9h8p;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r6si7308981oij.49.2020.04.06.07.52.36;
        Mon, 06 Apr 2020 07:52:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=Ri0l9h8p;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728781AbgDFOvo (ORCPT <rfc822;sunnyliangjy@gmail.com>
        + 99 others); Mon, 6 Apr 2020 10:51:44 -0400
Received: from userp2120.oracle.com ([156.151.31.85]:34624 "EHLO
        userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728776AbgDFOvo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Apr 2020 10:51:44 -0400
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1])
        by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 036EmsmR135008;
        Mon, 6 Apr 2020 14:51:29 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to :
 cc : references : message-id : date : mime-version : in-reply-to :
 content-type : content-transfer-encoding; s=corp-2020-01-29;
 bh=TSq08w3zBJ3WXbaxngAG7bWBdNx8iSe5Zcj/t0FI1rw=;
 b=Ri0l9h8ptsXQDNmrdV0oqlk3PhIRtpT+VA3DLBFX1F3ehnf8e2VpCGQ/3OJbFrQQ+3lM
 oZ6RuOzs06z/VuyoWfJWZifIbj4OH5tfzLnYxxbd4eBuWgEvL+lTXkEj0i1D7YoHH0PL
 Br3BDVsun96eWccBnYX2kuQB1UR4MB1ri8cMKWmdudOwV4mshQM1kZuSq3mp+pMs7hru
 sXffiZevQIyatQWu18WKnaSbQGyEX2EKs45/As/oeHD0MqoazoMTw0fo+I17IbNsUiD0
 w71ktjB+SGvoi10WBOh9OlBi46u37S9k7RZwD2EuxQQZfLWaheodP/VZwK5wJeUtr/mv gQ== 
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80])
        by userp2120.oracle.com with ESMTP id 306jvmy8su-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Mon, 06 Apr 2020 14:51:29 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1])
        by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 036ElDtv100043;
        Mon, 6 Apr 2020 14:51:29 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
        by userp3030.oracle.com with ESMTP id 3073qd9kvb-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Mon, 06 Apr 2020 14:51:28 +0000
Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13])
        by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 036EpRta018224;
        Mon, 6 Apr 2020 14:51:27 GMT
Received: from linux-1.home (/92.157.90.160)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Mon, 06 Apr 2020 07:51:27 -0700
Subject: Re: [PATCH 4/7] objtool: Add support for return trampoline call
From:   Alexandre Chartre <alexandre.chartre@oracle.com>
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     x86@kernel.org, linux-kernel@vger.kernel.org, jpoimboe@redhat.com,
        jthierry@redhat.com, tglx@linutronix.de
References: <20200402082220.808-1-alexandre.chartre@oracle.com>
 <20200402082220.808-5-alexandre.chartre@oracle.com>
 <20200402152717.GE20730@hirez.programming.kicks-ass.net>
 <94272807-23c0-3eae-8312-9488607186ca@oracle.com>
Message-ID: <8a33ffae-1926-9c0c-35b2-8276c49cfe5a@oracle.com>
Date:   Mon, 6 Apr 2020 16:55:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.0
MIME-Version: 1.0
In-Reply-To: <94272807-23c0-3eae-8312-9488607186ca@oracle.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9582 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxscore=0 mlxlogscore=999
 spamscore=0 bulkscore=0 adultscore=0 malwarescore=0 suspectscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000
 definitions=main-2004060123
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9582 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 suspectscore=0
 mlxlogscore=999 mlxscore=0 bulkscore=0 adultscore=0 priorityscore=1501
 lowpriorityscore=0 clxscore=1015 malwarescore=0 impostorscore=0
 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2003020000 definitions=main-2004060123
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 4/6/20 4:34 PM, Alexandre Chartre wrote:
> 
> On 4/2/20 5:27 PM, Peter Zijlstra wrote:
>> On Thu, Apr 02, 2020 at 10:22:17AM +0200, Alexandre Chartre wrote:
>>> With retpoline, the return instruction is used to branch to an address
>>> stored on the stack. So, unlike a regular return instruction, when a
>>> retpoline return instruction is reached the stack has been modified
>>> compared to what we have when the function was entered.
>>>
>>> Provide the mechanism to explicitly call-out such return instruction
>>> so that objtool can correctly handle them.
>>
>> https://lkml.kernel.org/r/20200331222703.GH2452@worktop.programming.kicks-ass.net
>>
>> And also, the split out version:
>>
>>    https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/commit/?h=core/objtool&id=ec9d9549901dfd2ff411676dfc624e50219e4d5a
>>
> 
> HINT_RET_OFFSET works fine when an immediate value is pushed on the
> stack. However if the value is pushed from a callee-saved register
> (%rbp, %rbx, %r12-%r15) then we still have a "return with modified
> stack frame" warning. That's because objtool checks callee-saved
> registers pushed/popped on the stack, and we have retpoline functions
> built for each register (see arch/x86/lib/retpoline.S)
> 
> So that's why I also added a bool to has_modified_stack_frame() to
> no check registers:
> 
> @@ -1432,7 +1478,8 @@ static bool is_fentry_call(struct instruction *insn)
>       return false;
>   }
> 
> -static bool has_modified_stack_frame(struct insn_state *state)
> +static bool has_modified_stack_frame(struct insn_state *state,
> +                     bool check_registers)
>   {
>       int i;
> 
> @@ -1442,6 +1489,9 @@ static bool has_modified_stack_frame(struct insn_state *state)
>           state->drap)
>           return true;
> 
> +    if (!check_registers)
> +        return false;
> +
>       for (i = 0; i < CFI_NUM_REGS; i++)
>           if (state->regs[i].base != initial_func_cfi.regs[i].base ||
>               state->regs[i].offset != initial_func_cfi.regs[i].offset)
> 
> 

Here is a simple change on top of the UNWIND_HINT_RET_OFFSET patch to prevent
this problem:

diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index dbb2b2187037..97db8f49e06f 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -1390,6 +1390,14 @@ static bool has_modified_stack_frame(struct instruction *insn,
         if (state->stack_size != initial_func_cfi.cfa.offset + ret_offset)
                 return true;
  
+       /*
+        * If there is a ret offset hint then don't check registers
+        * because a callee-saved register might have been pushed on
+        * the stack.
+        */
+       if (ret_offset)
+               return false;
+
         for (i = 0; i < CFI_NUM_REGS; i++) {
                 if (state->regs[i].base != initial_func_cfi.regs[i].base ||
                     state->regs[i].offset != initial_func_cfi.regs[i].offset)


alex.