lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 16 May 2019 11:36:39 +0100
From:   Raphael Gault <>
        Raphael Gault <>
Subject: [RFC V2 00/16] objtool: Add support for Arm64

As of now, objtool only supports the x86_64 architecture but the
groundwork has already been done in order to add support for other
architectures without too much effort.

This series of patches adds support for the arm64 architecture
based on the Armv8.5 Architecture Reference Manual.

Objtool will be a valuable tool to progress and provide more guarentees
on live patching which is a work in progress for arm64.

Once we have the base of objtool working the next steps will be to
port Peter Z's uaccess validation for arm64.

RFC: In order to differentiate the different uses of the `brk`
instruction on arm64 I intended to use the
`include/generated/asm-offsets.h` header file (copying it to
tools/include/generated/asm-offsets.h). However since in is
generated later than objtool in the build process I wasn't able to do
it. I wanted to use it to have access to the info about the
`struct alt_instr` and `struct bug_entry`.

Noteworthy points:
* I still haven't figured out how to detect switch-tables on arm64. I
have a better understanding of them but still haven't implemented checks
as it doesn't look trivial at all.
* I still use the `arch_is_sibling_call` function to differentiate the
use cases of the `br` instruction on arm64. Even though I updated the
checks, it is still based on going back in the instruction stream, which
as Peter Z. pointed out is not safe. I shall work on an alternative

Changes from V2:
* Rebase on the -tip tree (which contains the latest objtool features)
* Split into more precise patches in order to highlight the changes
that were made.
* Correct patches coding style to comply with linux's style.
* Refactor some code to avoid generating a fake instruction when
decoding load/store of pairs of registers.
* Make more elegant checks for arch-dependent features (switch-tables,
special sections)
* Include some patches to add exceptions in the kernel to prevent
objtool from checking/warning in particular cases.
* Introduce a new instruction type (INSN_UNKNOWN) to handle the cases
when some data is stored inside a section marked as containing
executable instructions.

Raphael Gault (16):
  objtool: Add abstraction for computation of symbols offsets
  objtool: orc: Refactor ORC API for other architectures to implement.
  objtool: Move registers and control flow to arch-dependent code
  objtool: arm64: Add required implementation for supporting the aarch64
    architecture in objtool.
  objtool: arm64: Handle hypercalls as nops
  arm64: alternative: Mark .altinstr_replacement as containing
    executable instructions
  objtool: special: Adapt special section handling
  objtool: arm64: Adapt the stack frame checks for arm architecture
  arm64: assembler: Add macro to annotate asm function having non
    standard stack-frame.
  arm64: sleep: Prevent stack frame warnings from objtool
  objtool: arm64: Enable stack validation for arm64
  arm64: kvm: Annotate non-standard stack frame functions
  arm64: kernel: Add exception on kuser32 to prevent stack analysis
  arm64: crypto: Add exceptions for crypto object to prevent stack
  objtool: Introduce INSN_UNKNOWN type
  arm64: kernel: Annotate non-standard stack frame functions

 arch/arm64/Kconfig                            |    1 +
 arch/arm64/crypto/Makefile                    |    3 +
 arch/arm64/include/asm/alternative.h          |    2 +-
 arch/arm64/include/asm/assembler.h            |   13 +
 arch/arm64/kernel/Makefile                    |    3 +
 arch/arm64/kernel/hyp-stub.S                  |    2 +
 arch/arm64/kernel/sleep.S                     |    4 +
 arch/arm64/kvm/hyp-init.S                     |    2 +
 arch/arm64/kvm/hyp/entry.S                    |    2 +
 tools/objtool/Build                           |    2 -
 tools/objtool/arch.h                          |   21 +-
 tools/objtool/arch/arm64/Build                |    8 +
 tools/objtool/arch/arm64/bit_operations.c     |   67 +
 tools/objtool/arch/arm64/decode.c             | 2809 +++++++++++++++++
 .../objtool/arch/arm64/include/arch_special.h |   42 +
 .../arch/arm64/include/asm/orc_types.h        |   96 +
 .../arch/arm64/include/bit_operations.h       |   24 +
 tools/objtool/arch/arm64/include/cfi.h        |   74 +
 .../objtool/arch/arm64/include/insn_decode.h  |  211 ++
 tools/objtool/arch/arm64/orc_dump.c           |   26 +
 tools/objtool/arch/arm64/orc_gen.c            |   40 +
 tools/objtool/arch/x86/Build                  |    3 +
 tools/objtool/arch/x86/decode.c               |   16 +
 tools/objtool/arch/x86/include/arch_special.h |   45 +
 tools/objtool/{ => arch/x86/include}/cfi.h    |    0
 tools/objtool/{ => arch/x86}/orc_dump.c       |    4 +-
 tools/objtool/{ => arch/x86}/orc_gen.c        |  104 +-
 tools/objtool/check.c                         |  239 +-
 tools/objtool/check.h                         |    1 +
 tools/objtool/elf.c                           |    3 +-
 tools/objtool/orc.h                           |    4 +-
 tools/objtool/special.c                       |   28 +-
 tools/objtool/special.h                       |    3 +
 33 files changed, 3753 insertions(+), 149 deletions(-)
 create mode 100644 tools/objtool/arch/arm64/Build
 create mode 100644 tools/objtool/arch/arm64/bit_operations.c
 create mode 100644 tools/objtool/arch/arm64/decode.c
 create mode 100644 tools/objtool/arch/arm64/include/arch_special.h
 create mode 100644 tools/objtool/arch/arm64/include/asm/orc_types.h
 create mode 100644 tools/objtool/arch/arm64/include/bit_operations.h
 create mode 100644 tools/objtool/arch/arm64/include/cfi.h
 create mode 100644 tools/objtool/arch/arm64/include/insn_decode.h
 create mode 100644 tools/objtool/arch/arm64/orc_dump.c
 create mode 100644 tools/objtool/arch/arm64/orc_gen.c
 create mode 100644 tools/objtool/arch/x86/include/arch_special.h
 rename tools/objtool/{ => arch/x86/include}/cfi.h (100%)
 rename tools/objtool/{ => arch/x86}/orc_dump.c (98%)
 rename tools/objtool/{ => arch/x86}/orc_gen.c (69%)


Powered by blists - more mailing lists