| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200414103618.12657-6-alexandre.chartre@oracle.com>
Date: Tue, 14 Apr 2020 12:36:14 +0200
From: Alexandre Chartre <alexandre.chartre@...cle.com>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org, jpoimboe@...hat.com,
peterz@...radead.org, jthierry@...hat.com, tglx@...utronix.de,
alexandre.chartre@...cle.com
Subject: [PATCH V3 5/9] objtool: Add return address unwind hints
Add the UNWIND_HINT_RADDR_DELETE and UNWIND_HINT_RADDR_ALTER unwind
hint macros to flag instructions which remove or modify return
addresses.
Signed-off-by: Alexandre Chartre <alexandre.chartre@...cle.com>
---
arch/x86/include/asm/orc_types.h | 2 +
arch/x86/include/asm/unwind_hints.h | 23 +++++++++
tools/arch/x86/include/asm/orc_types.h | 2 +
tools/objtool/check.c | 67 ++++++++++++++++++++++++++
4 files changed, 94 insertions(+)
diff --git a/arch/x86/include/asm/orc_types.h b/arch/x86/include/asm/orc_types.h
index 6e060907c163..5c1141175d51 100644
--- a/arch/x86/include/asm/orc_types.h
+++ b/arch/x86/include/asm/orc_types.h
@@ -60,6 +60,8 @@
#define ORC_TYPE_REGS_IRET 2
#define UNWIND_HINT_TYPE_SAVE 3
#define UNWIND_HINT_TYPE_RESTORE 4
+#define UNWIND_HINT_TYPE_RADDR_ALTER 6
+#define UNWIND_HINT_TYPE_RADDR_DELETE 7
#ifndef __ASSEMBLY__
/*
diff --git a/arch/x86/include/asm/unwind_hints.h b/arch/x86/include/asm/unwind_hints.h
index f5e2eb12cb71..5211d2c5b7a2 100644
--- a/arch/x86/include/asm/unwind_hints.h
+++ b/arch/x86/include/asm/unwind_hints.h
@@ -94,6 +94,23 @@
UNWIND_HINT type=UNWIND_HINT_TYPE_RESTORE
.endm
+/*
+ * RADDR_DELETE: Used on instructions (other than ret instruction)
+ * which remove a return address from the stack. count is the number
+ * of return address which are removed.
+ */
+.macro UNWIND_HINT_RADDR_DELETE count=1
+ UNWIND_HINT type=UNWIND_HINT_TYPE_RADDR_DELETE sp_offset=\count
+.endm
+
+/*
+ * RADDR_ALTER: Used on instructions which change a return address on
+ * the stack. count is the number of return address which are changed.
+ */
+.macro UNWIND_HINT_RADDR_ALTER count=1
+ UNWIND_HINT type=UNWIND_HINT_TYPE_RADDR_ALTER sp_offset=\count
+.endm
+
#else /* !__ASSEMBLY__ */
#define UNWIND_HINT(sp_reg, sp_offset, type, end) \
@@ -112,6 +129,12 @@
#define UNWIND_HINT_RESTORE UNWIND_HINT(0, 0, UNWIND_HINT_TYPE_RESTORE, 0)
+#define UNWIND_HINT_RADDR_ALTER(count) \
+ UNWIND_HINT(0, count, UNWIND_HINT_TYPE_RADDR_ALTER, 0)
+
+#define UNWIND_HINT_RADDR_DELETE(count) \
+ UNWIND_HINT(0, count, UNWIND_HINT_TYPE_RADDR_DELETE, 0)
+
#endif /* __ASSEMBLY__ */
#endif /* _ASM_X86_UNWIND_HINTS_H */
diff --git a/tools/arch/x86/include/asm/orc_types.h b/tools/arch/x86/include/asm/orc_types.h
index 6e060907c163..5c1141175d51 100644
--- a/tools/arch/x86/include/asm/orc_types.h
+++ b/tools/arch/x86/include/asm/orc_types.h
@@ -60,6 +60,8 @@
#define ORC_TYPE_REGS_IRET 2
#define UNWIND_HINT_TYPE_SAVE 3
#define UNWIND_HINT_TYPE_RESTORE 4
+#define UNWIND_HINT_TYPE_RADDR_ALTER 6
+#define UNWIND_HINT_TYPE_RADDR_DELETE 7
#ifndef __ASSEMBLY__
/*
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 8b1df659cd68..0574ce8e232d 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -66,6 +66,28 @@ static bool raddr_pop(struct instruction **insn)
return true;
}
+static bool raddr_delete(int count)
+{
+ if (raddr_count < count)
+ return false;
+
+ raddr_count -= count;
+ return true;
+}
+
+static bool raddr_alter(int count)
+{
+ int i;
+
+ if (raddr_count < count)
+ false;
+
+ for (i = 0; i < count; i++)
+ raddr_list[raddr_count - 1 - i] = RADDR_ALTERED;
+
+ return true;
+}
+
static int validate_branch(struct objtool_file *file, struct symbol *func,
struct instruction *from,
struct instruction *first, struct insn_state state);
@@ -1314,6 +1336,14 @@ static int read_unwind_hints(struct objtool_file *file)
insn->restore = true;
insn->hint = true;
continue;
+
+ } else if (hint->type == UNWIND_HINT_TYPE_RADDR_DELETE) {
+ insn->raddr_delete = hint->sp_offset;
+ continue;
+
+ } else if (hint->type == UNWIND_HINT_TYPE_RADDR_ALTER) {
+ insn->raddr_alter = hint->sp_offset;
+ continue;
}
insn->hint = true;
@@ -1526,6 +1556,13 @@ static bool has_modified_stack_frame(struct insn_state *state)
state->drap)
return true;
+ /*
+ * If the stack was altered then don't check registers because
+ * a callee-saved registers might have been pushed on the stack.
+ */
+ if (state->stack_altered)
+ return false;
+
for (i = 0; i < CFI_NUM_REGS; i++)
if (state->regs[i].base != initial_func_cfi.regs[i].base ||
state->regs[i].offset != initial_func_cfi.regs[i].offset)
@@ -2103,6 +2140,15 @@ static int validate_return_address(struct objtool_file *file,
if (!raddr_insn)
break;
+ /*
+ * If this is a dynamic branch then we expect this
+ * branch to return or not, depending on the defined
+ * list of RA we have, so just continue the processing
+ * of the RA list.
+ */
+ if (raddr_insn == RADDR_ALTERED)
+ continue;
+
/*
* If we are branching to a defined address then
* just do an unconditional jump there.
@@ -2287,6 +2333,27 @@ static int validate_branch(struct objtool_file *file, struct symbol *func,
return 0;
}
+ if (insn->raddr_delete) {
+ /* delete return address */
+ if (!raddr_delete(insn->raddr_delete)) {
+ WARN_FUNC("fail to delete %d return address",
+ insn->sec, insn->offset,
+ insn->raddr_delete);
+ return 1;
+ }
+ state.stack_altered = true;
+
+ } else if (insn->raddr_alter) {
+ /* alter return address */
+ if (!raddr_alter(insn->raddr_alter)) {
+ WARN_FUNC("fail to alter %d return address",
+ insn->sec, insn->offset,
+ insn->raddr_alter);
+ return 1;
+ }
+ state.stack_altered = true;
+ }
+
switch (insn->type) {
case INSN_RETURN:
--
2.18.2
Powered by blists - more mailing lists