lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 3 Feb 2022 17:14:11 -0800
From:   Linus Torvalds <>
To:     Kees Cook <>
Cc:     Alexander Popov <>,
        Peter Zijlstra <>,
        Thomas Gleixner <>,
        Josh Poimboeuf <>,
        Borislav Petkov <>,
        Linux Kernel Mailing List <>,
Subject: Re: [PATCH v2] gcc-plugins/stackleak: Use noinstr in favor of notrace

On Thu, Feb 3, 2022 at 12:18 PM Kees Cook <> wrote:
> While the stackleak plugin was already using notrace, objtool is now a
> bit more picky. Update the notrace uses to noinstr. Silences the
> following objtool warnings when building with:

Thanks, applied.

There are still a few objtool warnings about other issues, all look
somehow related to mce:

  mce_start()+0x5c: call to __kasan_check_write() leaves .noinstr.text section
  mce_gather_info()+0x5f: call to v8086_mode.constprop.0() leaves
.noinstr.text section
  mce_read_aux()+0x8a: call to mca_msr_reg() leaves .noinstr.text section
  do_machine_check()+0x197: call to mce_no_way_out() leaves
.noinstr.text section
  mce_severity_amd.constprop.0()+0xca: call to mce_severity_amd_smca()
leaves .noinstr.textp section

and from a quick look at least some of them look like real bugs.

For example, mce_read_aux() is marked 'noinstr', but it calls
mca_msr_reg() which is not. That's iffy.

The others might be compiler-generated (the 'constprop' thing has
caused section issues before so I didn't bother looking closer). Or
related to kasan. But at least one of them seems to be a valid warning
about bad behavior.


Powered by blists - more mailing lists