lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <cover.1649891421.git.jpoimboe@redhat.com>
Date:   Wed, 13 Apr 2022 16:19:35 -0700
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     x86@...nel.org
Cc:     Peter Zijlstra <peterz@...radead.org>,
        linux-kernel@...r.kernel.org, Miroslav Benes <mbenes@...e.cz>
Subject: [PATCH 00/18] objtool: Interface overhaul

Objtool's interface has some issues:

- Several features are done unconditionally, without any way to turn
  them off.  Some of them might be surprising.  This makes objtool
  tricky to use, and prevents porting individual features to other
  arches.

- The config dependencies are too coarse-grained.  Objtool enablement is
  tied to CONFIG_STACK_VALIDATION, but it has several other features
  independent of that.

- The objtool subcmds ("check" and "orc") are clumsy: "check" is really
  a subset of "orc", so it has all the same options.  The subcmd model
  has never really worked for objtool, as it only has a single purpose:
  "do some combination of things on an object file".

- The '--lto' and '--vmlinux' options are nonsensical and have
  surprising behavior.


Overhaul the interface:

- get rid of subcmds

- make all features individually selectable

- remove and/or clarify confusing/obsolete options

- update the documentation

- fix some bugs found along the way


TODO: rename files...


$ tools/objtool/objtool --help

 Usage: objtool <actions> [<options>] file.o

Actions:
    -h, --hacks           patch some toolchain bugs/limitations
    -i, --ibt             validate and annotate IBT
    -m, --mcount          annotate mcount/fentry calls for ftrace
    -n, --noinstr         validate noinstr rules
    -o, --orc             generate ORC metadata
    -r, --retpoline       validate and annotate retpoline usage
    -S, --sls             validate straight-line-speculation mitigations
    -s, --stackval        validate frame pointer rules
    -t, --static-call     annotate static calls
    -u, --uaccess         validate uaccess rules for SMAP
        --dump <orc>      dump object data

Options:
        --backtrace       unwind on error
        --backup          create .orig files before modification
        --dry-run         don't write modifications
        --module          object is part of a kernel module
        --no-unreachable  skip 'unreachable instruction' warnings
        --stats           print statistics



Josh Poimboeuf (18):
  objtool: Enable unreachable warnings for CLANG LTO
  objtool: Support data symbol printing
  objtool: Add sec+offset to warnings
  objtool: Print data address for "!ENDBR" data warnings
  objtool: Use offstr() to print address of missing ENDBR
  libsubcmd: Fix OPTION_GROUP sorting
  objtool: Reorganize cmdline options
  objtool: Ditch subcommands
  objtool: Add stack validation cmdline option
  objtool: Extricate ibt from stack validation
  objtool: Add CONFIG_OBJTOOL
  objtool: Make stack validation frame-pointer-specific
  objtool: Add static call cmdline option
  objtool: Add toolchain hacks cmdline option
  objtool: Rename "VMLINUX_VALIDATION" -> "NOINSTR_VALIDATION"
  objtool: Add HAVE_NOINSTR_VALIDATION
  objtool: Remove --lto and --vmlinux
  objtool: Update documentation

 Makefile                                      |   2 +-
 arch/Kconfig                                  |  15 +-
 arch/x86/Kconfig                              |  20 +-
 arch/x86/Kconfig.debug                        |   2 +-
 arch/x86/include/asm/jump_label.h             |   6 +-
 arch/x86/kernel/alternative.c                 |   6 +-
 include/linux/compiler.h                      |   6 +-
 include/linux/instrumentation.h               |   6 +-
 include/linux/objtool.h                       |   6 +-
 kernel/trace/Kconfig                          |   1 +
 lib/Kconfig.debug                             |  22 +-
 lib/Kconfig.kcsan                             |   3 +-
 lib/Kconfig.ubsan                             |   2 +-
 scripts/Makefile.build                        |  20 +-
 scripts/link-vmlinux.sh                       |  62 +--
 scripts/package/builddeb                      |   2 +-
 tools/include/linux/objtool.h                 |   6 +-
 tools/lib/subcmd/parse-options.c              |  17 +-
 tools/objtool/Build                           |  12 +-
 .../{stack-validation.txt => objtool.txt}     | 122 +++++-
 tools/objtool/Makefile                        |   8 +-
 tools/objtool/arch/x86/decode.c               |   2 +-
 tools/objtool/arch/x86/special.c              |   2 +-
 tools/objtool/builtin-check.c                 | 123 ++++--
 tools/objtool/builtin-orc.c                   |  73 ----
 tools/objtool/check.c                         | 391 +++++++++---------
 tools/objtool/elf.c                           |  11 +-
 tools/objtool/include/objtool/builtin.h       |  36 +-
 tools/objtool/include/objtool/elf.h           |   8 +-
 tools/objtool/include/objtool/warn.h          |  52 +--
 tools/objtool/objtool.c                       | 103 +----
 tools/objtool/weak.c                          |   9 +-
 32 files changed, 594 insertions(+), 562 deletions(-)
 rename tools/objtool/Documentation/{stack-validation.txt => objtool.txt} (80%)
 delete mode 100644 tools/objtool/builtin-orc.c

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ