Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1347796pxb; Thu, 28 Jan 2021 14:13:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJzBBwNudSe8AUuuMCuvuDtaW05L08gNcysdPDJqid+2WwGw/kWMMUxOt7iUdWFFKGhR+giQ X-Received: by 2002:a17:906:f6d8:: with SMTP id jo24mr1571457ejb.213.1611871984753; Thu, 28 Jan 2021 14:13:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611871984; cv=none; d=google.com; s=arc-20160816; b=qR5cVGBaLEUVomIFOAjmP2I1SqiG9kXD8oSoM+81zCtx+qvMj6Jeg17rRu1/q9zjLr VVVRWaAlmJgyz/OBL4ms5xoS2TQHleV3EEzAbHDjTCKMplS9XFcZbfBIHE8tRUOr+P0O INskmjz3V979neSgRZGmNP45AeRMu5q3S3EnfUczE/m7EAmrWrfCh6CZY3p+qqZw32ts 1xN20nsTIWjWr1m4SZn943u7HQkIanwT73tHHVik8O7aT2ObntSBkIIqCdXH3Ikp6at8 e5VN0kswTWORn9dqkbDEWfbNE3Z/LfBzJP5eDNtrbz41rpfn2DKJQvwOyYbWWG7JCxCI QWiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature:dkim-filter; bh=ZA2oSM80w+RdJ/gENbHPlEraVHFQ5GUGuDOI84otWqQ=; b=cMFJr3bpLe5sF2dJk4nUegaPGqgeV4JX4KE/H3ytoCeyuda/MNXyLVlSOqouTjU+A5 NPQC6fPMlCH2Tx+e36T4ND5orolbjiUn5Ot04pe27NrVUHau/2a3IFBRQhyIWjL0ZAU6 6RzSCWBKjf7kXsCK1uI5cMe4AfiuLr1pXbYZk3a9ddGfrs+8X5YpEHrTDVm1CwTQirQe e6w3jQYFHa4XVqzQhr6Qnr5rTt7z5FJiyW6Ei5hyfg9dHIr6RQ5HxFsqHN2A8e+ofK62 8vCjA77U6RKxokkCIwjDhaNJLq3nrgpFC8qK5D1Bpo+Kh1Is20rJA3JwaYkDquSj5lat hibg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=b1XGVIJ1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t1si3281280ejc.524.2021.01.28.14.12.39; Thu, 28 Jan 2021 14:13:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=b1XGVIJ1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231144AbhA1WLg (ORCPT + 99 others); Thu, 28 Jan 2021 17:11:36 -0500 Received: from linux.microsoft.com ([13.77.154.182]:34908 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229677AbhA1WLe (ORCPT ); Thu, 28 Jan 2021 17:11:34 -0500 Received: from [192.168.254.32] (unknown [47.187.219.45]) by linux.microsoft.com (Postfix) with ESMTPSA id 7F77920B7192; Thu, 28 Jan 2021 14:10:52 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7F77920B7192 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1611871853; bh=ZA2oSM80w+RdJ/gENbHPlEraVHFQ5GUGuDOI84otWqQ=; h=From:Subject:To:Cc:References:Date:In-Reply-To:From; b=b1XGVIJ11p8YrFEjhTOOsWPkgVJ1pwfcR9jZ+MllQtZMHIWyYefW7DKgPJatPai+7 Dz7hbE72mu7+23aHXEWklEXI7+cnEwZ1vcsBxJ9nq7MlZTar2idPNvNO9c86/AYmH4 78ogAZo3+o5tEXQX2VNOWZoF16HDXD/bYTvewRCs= From: "Madhavan T. Venkataraman" Subject: Re: [RFC PATCH 00/17] objtool: add base support for arm64 To: Mark Brown , Mark Rutland , Julien Thierry , Josh Poimboeuf Cc: Ard Biesheuvel , Michal Marek , Peter Zijlstra , Catalin Marinas , Masahiro Yamada , Linux Kernel Mailing List , linux-efi , linux-hardening@vger.kernel.org, live-patching@vger.kernel.org, Will Deacon , Linux ARM , Kees Cook References: <20210120173800.1660730-1-jthierry@redhat.com> <186bb660-6e70-6bbf-4e96-1894799c79ce@redhat.com> <20210121185452.fxoz4ehqfv75bdzq@treble> <20210122174342.GG6391@sirena.org.uk> Message-ID: Date: Thu, 28 Jan 2021 16:10:51 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I sent this suggestion to linux-arm-kernel in response to the Reliable Stacktrace RFC from Mark Brown and Mark Rutland. I am repeating it here for two reasons: - It involves objtool. - There are many more recipients in this thread that may be interested in this topic. Please let me know if this suggestion is acceptable. If it is not, please let me know why. Thanks. Also, I apologize to all of you who have received this more than once. FP and no-FP functions ===================== I have a suggestion for objtool and the unwinder for ARM64. IIUC, objtool is responsible for walking all the code paths (except unreachable and ignored ones) and making sure that every function has proper frame pointer code (prolog, epilog, etc). If a function is found to not have it, the kernel build is failed. Is this understanding correct? If so, can we take a different approach for ARM64? Instead of failing the kernel build, can we just mark the functions as: FP Functions that have proper FP code no-FP Functions that don't May be, we can add an "FP" flag in the symbol table entry for this. Then, the unwinder can check the functions it encounters in the stack trace and inform the caller if it found any no-FP functions. The caller of the unwinder can decide what he wants to do with that information. - the caller can ignore it - the caller can print the stack trace with a warning that no-FP functions were found - if the caller is livepatch, the caller can retry until the no-FP functions disappear from the stack trace. This way, we can have live patching even when some of the functions in the kernel are no-FP. Does this make any sense? Is this acceptable? What are the pitfalls? If we can do this, the unwinder could detect cases such as: - If gcc thinks that a function is a leaf function but the function contains inline assembly code that calls another function. - If a call to a function bounces through some intermediate code such as a trampoline. - etc. For specific no-FP functions, the unwinder might be able to deduce the original caller. In these cases, the stack trace would still be reliable. For all the others, the stack trace would be considered unreliable. Compiler instead of objtool =========================== If the above suggestion is acceptable, I have another suggestion. It is a lot of work for every new architecture to add frame pointer verification support in objtool. Can we get some help from the compiler? The compiler knows which C functions it generates the FP prolog and epilog for. It can mark those functions as FP. As for assembly functions, kernel developers could manually annotate functions that have proper FP code. The compiler/assembler would mark them as FP. Only a small subset of assembly functions would even have FP prolog and epilog. Is this acceptable? What are the pitfalls? This can be implemented easily for all architectures for which the compiler generates FP code. Can this be implemented using a GCC plugin? I know squat about GCC plugins. Thanks! Madhavan