lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160323211541.ksg62htze4nakuo2@treble.redhat.com>
Date:	Wed, 23 Mar 2016 16:15:41 -0500
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	kbuild test robot <fengguang.wu@...el.com>
Cc:	kbuild-all@...org, linux-kernel@...r.kernel.org,
	Ingo Molnar <mingo@...nel.org>
Subject: Re: drivers/target/iscsi/iscsi_target.o: warning: objtool:
 iscsit_handle_task_mgt_cmd()+0xbcb: function has unreachable instruction

On Wed, Mar 23, 2016 at 04:11:04PM -0500, Josh Poimboeuf wrote:
> On Wed, Mar 23, 2016 at 07:15:08PM +0800, kbuild test robot wrote:
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > head:   a24e3d414e59ac76566dedcad1ed1d319a93ec14
> > commit: d4883d5d6b146fd65f762c462b2c6d4a327c7d50 objtool: Enable stack metadata validation on 64-bit x86
> > date:   3 weeks ago
> > config: x86_64-randconfig-x014-03231738 (attached as .config)
> > reproduce:
> >         git checkout d4883d5d6b146fd65f762c462b2c6d4a327c7d50
> >         # save the attached .config to linux build tree
> >         make ARCH=x86_64 
> > 
> > All warnings (new ones prefixed by >>):
> > 
> > >> drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0xbcb: function has unreachable instruction
> 
> Ingo,
> 
> FYI, I'm aware of this issue but I'm not yet sure about the best way to
> fix it.  I'll be on vacation next week but will try to get to it in a
> couple of weeks.
> 
> It only seems to manifest itself in certain randconfigs which include
> CONFIG_PROFILE_ALL_BRANCHES=y.
> 
> more details:
> 
> The issue is caused by a sloppy gcc optimization.  It looks like gcc
> created a jump table for a switch statement, but then decided not to use
> it, and failed to clean up its mess.  So it
> 
>    10094:       ff 25 00 00 00 00       jmpq   *0x0(%rip)        # 1009a <iscsit_handle_task_mgt_cmd+0x36a>
>                            10096: R_X86_64_PC32    .rodata+0x3c
> 
> 
> There's no

Grrr, accidentally hit send too soon, sorry!

The gist is that when gcc does this optimization, it doesn't cleanup the
unused switch table and it can also leave around one or more
instructions which can't be executed.

It's a very rare issue (this is the only known occurrence).  It's almost
certainly triggered by the complexity of the
iscsit_handle_task_mgt_cmd() function.

I'm not sure if the best way to fix it is to simplify the function,
whitelist it, or make objtool smarter somehow.  I'll try to figure it
out in a couple of weeks after my vacation.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ