Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp539170rdd; Tue, 9 Jan 2024 11:32:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IHvAUS0CvvtdMe4PU0On/ob95dWFZp2nyDhi8ov/s68azL39TeMARpffkNNYEThpL1MVYZ/ X-Received: by 2002:ae9:c209:0:b0:783:25f0:a421 with SMTP id j9-20020ae9c209000000b0078325f0a421mr1508208qkg.21.1704828720258; Tue, 09 Jan 2024 11:32:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704828720; cv=none; d=google.com; s=arc-20160816; b=EcRS3XmuUZqbnKCXdt9kd8j5LYE160TiWZXl/UWzADz8nAJLkGWTUZ7PSV3V6mNFkX dXIpwjhup3fUz46MVJI4OtRuZXEjrhS6i0x11hwfi4a6j9NitTPMH4ouBpb0WRp5vvM5 jEe666Oc5C8Nua3sWzCQ+rWDPatRgEDqWZKA9ptkTQmu8hA6DbokwCR/G6gqsVvApWAd mdKTv1XpTv+C5e7EKbZ+hIZqWV6gHuqrc5lAl+STWMGGin7r/FvkV6y7n28xmRxnNCyW bxRKwf2SGcS4onOmQdVxdUubgIHnTW1+8edJW8NFQ69m8J4F5Z6gWiT94GL3d0UWXM8D J2rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=n1QMitrhDYTGiRwpbMWjr966yx03VR6m4lrBRblMUCE=; fh=TTqq3/FhtxaSqNPejfemQN0PS+WfTlTJo0Hgz5zN8XQ=; b=OwIxMhzwu504I78+EWObYCi34LUlj/iwv9kPNfBKYoI2dPAv+aK+mNJLdQawtMFfKe m8zHnR+S2yI329sPUQA0BDYTRETSVuLggHP3CpHKOvIP8Rzuzyp18070EOfCKV9RUoOP 7rUnCsHy+TBR3CwGOeHNE/fZrgljWuXGUSDWnIx4Rbp9SUbb1RT5B7ur+IPPLdK3LV6t UIu/t5Vu5YYUuckQVDC172p9C3lRMOcyb1NRX2r6yaCpKzpVjeGMEZYV/hGQGiWMVYjN t+8aT3xm8vjKLgIcOxHBoM9p4j1UwEx31Otzp2aCvSrWfmKGuc/2PX8vXwNIr+qKOkm2 /BOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kQ+y5J++; spf=pass (google.com: domain of linux-kernel+bounces-21311-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21311-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id l4-20020a05620a210400b00781a1481946si2626420qkl.422.2024.01.09.11.32.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 11:32:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21311-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kQ+y5J++; spf=pass (google.com: domain of linux-kernel+bounces-21311-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21311-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id CAD961C24908 for ; Tue, 9 Jan 2024 19:31:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AC35E3D39A; Tue, 9 Jan 2024 19:31:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kQ+y5J++" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E07A93D386 for ; Tue, 9 Jan 2024 19:31:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 36FEDC433C7; Tue, 9 Jan 2024 19:31:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1704828713; bh=DuKYBO+7w/uc0uTUCzs21KjanFoIiR9zDfYC6/3epKk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=kQ+y5J++5lIKysrognLtCk1y9SKnX06Cu3DwizEQODrE63G8NAe2tSS/YyM3wKEEB VApxUUSgVrzygzq2WPp8MltbGWee+lViP1Y+s0M2ImFoxVRSEsYIqfx87kjm2F7qLO l8MmMpTLs/Mn2PbAkCqmEFYWkKOTvugukWXQAI5GGEKvpOa/f9DloA8AqHRXXpsBAe Fd0MpmHfmFbhCz4xtAYXQ65TwLOZj6+2C9riQPOWOrV8MC68WawfUrdAs15ytjOQ8j kEKdEbijsgITbzHaBmNtyCpAPE9w7vDjhk1YRLUoSkMDNdfq+WIZ2CcAUh/BD099Js gZy9Eb4wT+UeQ== Date: Tue, 9 Jan 2024 11:31:51 -0800 From: Josh Poimboeuf To: Dimitri John Ledkov Cc: peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 2/3] objtool: make objtool SLS validation fatal when building with CONFIG_SLS=y Message-ID: <20240109193151.nkmn5yfv24tfmodd@treble> References: <20231213134303.2302285-1-dimitri.ledkov@canonical.com> <20231213134303.2302285-3-dimitri.ledkov@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20231213134303.2302285-3-dimitri.ledkov@canonical.com> On Wed, Dec 13, 2023 at 01:43:01PM +0000, Dimitri John Ledkov wrote: > Make objtool SLS validation fatal when building with CONFIG_SLS=y, > currently it is a build.log warning only. > > This is a standalone patch, such that if regressions are identified > (with any config or toolchain configuration) it can be reverted until > relevant identified code is fixed up or otherwise > ignored/silecned/marked as safe. > > Signed-off-by: Dimitri John Ledkov > --- > tools/objtool/check.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/tools/objtool/check.c b/tools/objtool/check.c > index 15df4afae2..9709f037f1 100644 > --- a/tools/objtool/check.c > +++ b/tools/objtool/check.c > @@ -4500,7 +4500,9 @@ static int validate_sls(struct objtool_file *file) > } > } > > - return warnings; > + /* SLS is an optional security safety feature, make it fatal > + * to ensure no new code is introduced that fails SLS */ > + return -warnings; > } I'm thinking this patch (and the next one) go too far, yet not far enough :-) Too far, because there are still some outstanding randconfig warnings which need to be fixed. Not far enough, because there are other warnings which might also have disastrous effects. For example, even the "unreachable warning" could mean missing SLS or retpoline mitigations. So I'm thinking we should try to get as many of the outstanding warnings fixed as we can, and then flip the CONFIG_WERROR switch for all non-fatal warnings. -- Josh