| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Apr 2022 09:50:19 -0700
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: x86@...nel.org
Cc: Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org, Miroslav Benes <mbenes@...e.cz>
Subject: [PATCH v2 00/25] objtool: Interface overhaul
v2:
- extricate sls
- fix ibt regressions in v1
- fix issues found by improved ibt logic
- split '--hacks' into two
- add objdump-func script
- remove "()" in function address strings
- add '--sec-address' option
- add '--link'
Objtool's interface has some issues:
- Several features are done unconditionally, without any way to turn
them off. Some of them might be surprising. This makes objtool
tricky to use, and prevents porting individual features to other
arches.
- The config dependencies are too coarse-grained. Objtool enablement is
tied to CONFIG_STACK_VALIDATION, but it has several other features
independent of that.
- The objtool subcmds ("check" and "orc") are clumsy: "check" is really
a subset of "orc", so it has all the same options. The subcmd model
has never really worked for objtool, as it only has a single purpose:
"do some combination of things on an object file".
- The '--lto' and '--vmlinux' options are nonsensical and have
surprising behavior.
Overhaul the interface:
- get rid of subcmds
- make all features individually selectable
- remove and/or clarify confusing/obsolete options
- update the documentation
- fix some bugs found along the way
TODO: rename files...
$ tools/objtool/objtool --help
Usage: objtool <actions> [<options>] file.o
Actions:
-h, --hacks[=<jump_label,noinstr>]
patch toolchain bugs/limitations
-i, --ibt validate and annotate IBT
-l, --sls validate straight-line-speculation mitigations
-m, --mcount annotate mcount/fentry calls for ftrace
-n, --noinstr validate noinstr rules
-o, --orc generate ORC metadata
-r, --retpoline validate and annotate retpoline usage
-s, --stackval validate frame pointer rules
-t, --static-call annotate static calls
-u, --uaccess validate uaccess rules for SMAP
--dump[=<orc>] dump metadata
Options:
--backtrace unwind on error
--backup create .orig files before modification
--dry-run don't write modifications
--link object is a linked object
--module object is part of a kernel module
--no-unreachable skip 'unreachable instruction' warnings
--sec-address print section addresses in warnings
--stats print statistics
Josh Poimboeuf (25):
objtool: Enable unreachable warnings for CLANG LTO
libsubcmd: Fix OPTION_GROUP sorting
x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline
x86/retpoline: Add ANNOTATE_ENDBR for retpolines
x86/uaccess: Add ENDBR to __put_user_nocheck*()
x86/xen: Add ANNOTATE_ENDBR to startup_xen()
objtool: Reorganize cmdline options
objtool: Ditch subcommands
objtool: Don't print parentheses in function addresses
objtool: Print data address for "!ENDBR" data warnings
objtool: Use offstr() to print address of missing ENDBR
objtool: Add option to print section addresses
scripts: Create objdump-func helper script
objtool: Make stack validation optional
objtool: Rework ibt and extricate from stack validation
objtool: Extricate sls from stack validation
objtool: Add CONFIG_OBJTOOL
objtool: Make stack validation frame-pointer-specific
objtool: Make static call annotation optional
objtool: Make jump label hack optional
objtool: Make noinstr hacks optional
objtool: Rename "VMLINUX_VALIDATION" -> "NOINSTR_VALIDATION"
objtool: Add HAVE_NOINSTR_VALIDATION
objtool: Remove --lto and --vmlinux in favor of --link
objtool: Update documentation
Makefile | 2 +-
arch/Kconfig | 18 +-
arch/x86/Kconfig | 21 +-
arch/x86/Kconfig.debug | 2 +-
arch/x86/include/asm/jump_label.h | 6 +-
arch/x86/include/asm/static_call.h | 1 +
arch/x86/kernel/alternative.c | 6 +-
arch/x86/lib/putuser.S | 4 +
arch/x86/lib/retpoline.S | 2 +-
arch/x86/xen/xen-head.S | 1 +
include/linux/compiler.h | 6 +-
include/linux/instrumentation.h | 6 +-
include/linux/objtool.h | 6 +-
kernel/trace/Kconfig | 1 +
lib/Kconfig.debug | 22 +-
lib/Kconfig.kcsan | 4 +-
lib/Kconfig.ubsan | 2 +-
scripts/Makefile.build | 23 +-
scripts/link-vmlinux.sh | 66 ++-
scripts/objdump-func | 18 +
scripts/package/builddeb | 2 +-
tools/include/linux/objtool.h | 6 +-
tools/lib/subcmd/parse-options.c | 17 +-
tools/objtool/Build | 12 +-
.../{stack-validation.txt => objtool.txt} | 122 ++++-
tools/objtool/Makefile | 8 +-
tools/objtool/arch/x86/decode.c | 2 +-
tools/objtool/arch/x86/special.c | 2 +-
tools/objtool/builtin-check.c | 156 ++++--
tools/objtool/builtin-orc.c | 73 ---
tools/objtool/check.c | 456 ++++++++++--------
tools/objtool/elf.c | 11 +-
tools/objtool/include/objtool/builtin.h | 34 +-
tools/objtool/include/objtool/elf.h | 12 +-
tools/objtool/include/objtool/warn.h | 35 +-
tools/objtool/objtool.c | 103 +---
tools/objtool/weak.c | 9 +-
37 files changed, 719 insertions(+), 558 deletions(-)
create mode 100755 scripts/objdump-func
rename tools/objtool/Documentation/{stack-validation.txt => objtool.txt} (80%)
delete mode 100644 tools/objtool/builtin-orc.c
--
2.34.1
Powered by blists - more mailing lists