linux-dev/tools/objtool/arch, branch masterLinux kernel development work - see feature brancheshttps://git.zx2c4.com/linux-dev/atom/tools/objtool/arch?h=master2022-09-15T14:13:55Zobjtool,x86: Teach decode about LOOP* instructions2022-09-15T14:13:55ZPeter Zijlstrapeterz@infradead.org2022-09-07T09:01:20Zurn:sha1:7a7621dfa417aa3715d2a3bd1bdd6cf5018274d0
When 'discussing' control flow Masami mentioned the LOOP* instructions
and I realized objtool doesn't decode them properly.
As it turns out, these instructions are somewhat inefficient and as
such unlikely to be emitted by the compiler (a few vmlinux.o checks
can't find a single one) so this isn't critical, but still, best to
decode them properly.
Reported-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/Yxhd4EMKyoFoH9y4@hirez.programming.kicks-ass.net
x86,objtool: Create .return_sites2022-06-27T08:33:58ZPeter Zijlstrapeterz@infradead.org2022-06-14T21:15:38Zurn:sha1:d9e9d2300681d68a775c28de6aa6e5290ae17796
Find all the return-thunk sites and record them in a .return_sites
section such that the kernel can undo this.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
objtool: Reorganize cmdline options2022-04-22T10:32:01ZJosh Poimboeufjpoimboe@redhat.com2022-04-18T16:50:26Zurn:sha1:2daf7faba7ded8703e4b4ebc8b161f22272fc91a
Split the existing options into two groups: actions, which actually do
something; and options, which modify the actions in some way.
Also there's no need to have short flags for all the non-action options.
Reserve short flags for the more important actions.
While at it:
- change a few of the short flags to be more intuitive
- make option descriptions more consistently descriptive
- sort options in the source like they are when printed
- move options to a global struct
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Link: https://lkml.kernel.org/r/9dcaa752f83aca24b1b21f0b0eeb28a0c181c0b0.1650300597.git.jpoimboe@redhat.com
objtool: Add IBT/ENDBR decoding2022-03-15T09:32:46ZPeter Zijlstrapeterz@infradead.org2022-03-08T15:30:53Zurn:sha1:7d209d13e7c3a3d60dc262f11a8ae4e6b4454d30
Intel IBT requires the target of any indirect CALL or JMP instruction
to be the ENDBR instruction; optionally it allows those two
instructions to have a NOTRACK prefix in order to avoid this
requirement.
The kernel will not enable the use of NOTRACK, as such any occurence
of it in compiler generated code should be flagged.
Teach objtool to Decode ENDBR instructions and WARN about NOTRACK
prefixes.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/20220308154319.645963517@infradead.org
tools/objtool: Check for use of the ENQCMD instruction in the kernel2022-03-15T09:32:30ZFenghua Yufenghua.yu@intel.com2022-02-07T23:02:53Zurn:sha1:227a06553fe6c785f23d76eece3bb10e2db5059c
The ENQCMD instruction implicitly accesses the PASID_MSR to fill in the
pasid field of the descriptor being submitted to an accelerator. But
there is no precise (and stable across kernel changes) point at which
the PASID_MSR is updated from the value for one task to the next.
Kernel code that uses accelerators must always use the ENQCMDS instruction
which does not access the PASID_MSR.
Check for use of the ENQCMD instruction in the kernel and warn on its
usage.
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/20220207230254.3342514-11-fenghua.yu@intel.com
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
objtool: Add straight-line-speculation validation2021-12-08T18:26:50ZPeter Zijlstrapeterz@infradead.org2021-12-04T13:43:42Zurn:sha1:1cc1e4c8aab4213bd4e6353dec2620476a233d6d
Teach objtool to validate the straight-line-speculation constraints:
- speculation trap after indirect calls
- speculation trap after RET
Notable: when an instruction is annotated RETPOLINE_SAFE, indicating
speculation isn't a problem, also don't care about sls for that
instruction.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211204134908.023037659@infradead.org
objtool,x86: Replace alternatives with .retpoline_sites2021-10-28T21:25:25ZPeter Zijlstrapeterz@infradead.org2021-10-26T12:01:36Zurn:sha1:134ab5bd1883312d7a4b3033b05c6b5a1bb8889b
Instead of writing complete alternatives, simply provide a list of all
the retpoline thunk calls. Then the kernel is free to do with them as
it pleases. Simpler code all-round.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/r/20211026120309.850007165@infradead.org
Merge branch 'objtool/urgent'2021-10-06T22:40:17ZPeter Zijlstrapeterz@infradead.org2021-10-06T22:40:17Zurn:sha1:b08cadbd3b8721db738d9a00ef3ce3ed667e6d9c
Fixup conflicts.
# Conflicts:
# tools/objtool/check.c
objtool: Make .altinstructions section entry size consistent2021-10-05T19:03:20ZJoe Lawrencejoe.lawrence@redhat.com2021-08-22T22:50:36Zurn:sha1:dc02368164bd0ec603e3f5b3dd8252744a667b8a
Commit e31694e0a7a7 ("objtool: Don't make .altinstructions writable")
aligned objtool-created and kernel-created .altinstructions section
flags, but there remains a minor discrepency in their use of a section
entry size: objtool sets one while the kernel build does not.
While sh_entsize of sizeof(struct alt_instr) seems intuitive, this small
deviation can cause failures with external tooling (kpatch-build).
Fix this by creating new .altinstructions sections with sh_entsize of 0
and then later updating sec->sh_size as alternatives are added to the
section. An added benefit is avoiding the data descriptor and buffer
created by elf_create_section(), but previously unused by
elf_add_alternative().
Fixes: 9bc0bb50727c ("objtool/x86: Rewrite retpoline thunk calls")
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/20210822225037.54620-2-joe.lawrence@redhat.com
Cc: Andy Lavr <andy.lavr@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
objtool: Support pv_opsindirect calls for noinstr2021-09-17T11:20:26ZPeter Zijlstrapeterz@infradead.org2021-06-24T09:41:23Zurn:sha1:db2b0c5d7b6f19b3c2cab08c531b65342eb5252b
Normally objtool will now follow indirect calls; there is no need.
However, this becomes a problem with noinstr validation; if there's an
indirect call from noinstr code, we very much need to know it is to
another noinstr function. Luckily there aren't many indirect calls in
entry code with the obvious exception of paravirt. As such, noinstr
validation didn't work with paravirt kernels.
In order to track pv_ops[] call targets, objtool reads the static
pv_ops[] tables as well as direct assignments to the pv_ops[] array,
provided the compiler makes them a single instruction like:
bf87: 48 c7 05 00 00 00 00 00 00 00 00 movq $0x0,0x0(%rip)
bf92 <xen_init_spinlocks+0x5f>
bf8a: R_X86_64_PC32 pv_ops+0x268
There are, as of yet, no warnings for when this goes wrong :/
Using the functions found with the above means, all pv_ops[] calls are
now subject to noinstr validation.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20210624095149.118815755@infradead.org