| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jun 2022 23:48:59 +0800
From: Chen Zhongjin <chenzhongjin@...wei.com>
To: <linux-kernel@...r.kernel.org>, <linux-arch@...r.kernel.org>,
<linuxppc-dev@...ts.ozlabs.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-kbuild@...r.kernel.org>, <live-patching@...r.kernel.org>
CC: <jpoimboe@...nel.org>, <peterz@...radead.org>,
<catalin.marinas@....com>, <will@...nel.org>,
<masahiroy@...nel.org>, <michal.lkml@...kovi.net>,
<ndesaulniers@...gle.com>, <mark.rutland@....com>,
<pasha.tatashin@...een.com>, <broonie@...nel.org>,
<chenzhongjin@...wei.com>, <rmk+kernel@...linux.org.uk>,
<madvenka@...ux.microsoft.com>, <christophe.leroy@...roup.eu>
Subject: [PATCH v5 12/33] objtool: arm64: Enable stack validation for arm64
Add build option to run stack validation at compile time.
When requiring stack validation, jump tables are disabled as it
simplifies objtool analysis (without having to introduce unreliable
artifacs). In local testing, this does not appear to significaly
affect final binary size nor system performance.
Signed-off-by: Raphael Gault <raphael.gault@....com>
Signed-off-by: Julien Thierry <jthierry@...hat.com>
Signed-off-by: Chen Zhongjin <chenzhongjin@...wei.com>
---
arch/arm64/Kconfig | 2 ++
arch/arm64/Kconfig.debug | 21 +++++++++++++++++++++
arch/arm64/Makefile | 4 ++++
3 files changed, 27 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 57c4c995965f..30d3d549160f 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -201,6 +201,8 @@ config ARM64
select MMU_GATHER_RCU_TABLE_FREE
select HAVE_RSEQ
select HAVE_STACKPROTECTOR
+ select HAVE_OBJTOOL
+ select HAVE_STACK_VALIDATION
select HAVE_SYSCALL_TRACEPOINTS
select HAVE_KPROBES
select HAVE_KRETPROBES
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
index 265c4461031f..c2c68c6f7557 100644
--- a/arch/arm64/Kconfig.debug
+++ b/arch/arm64/Kconfig.debug
@@ -20,4 +20,25 @@ config ARM64_RELOC_TEST
depends on m
tristate "Relocation testing module"
+choice
+ prompt "Choose kernel unwinder"
+ default UNWINDER_FRAME_POINTER
+ help
+ This determines which method will be used for unwinding kernel stack
+ traces for panics, oopses, bugs, warnings, perf, /proc/<pid>/stack,
+ livepatch, lockdep, and more.
+
+config UNWINDER_FRAME_POINTER
+ bool "Frame pointer unwinder"
+ select FRAME_POINTER
+ help
+ This option enables the frame pointer unwinder for unwinding kernel
+ stack traces.
+
+ The unwinder itself is fast and it uses less RAM than the ORC
+ unwinder, but the kernel text size will grow by ~3% and the kernel's
+ overall performance will degrade by roughly 5-10%.
+
+endchoice
+
source "drivers/hwtracing/coresight/Kconfig"
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 2f1de88651e6..ad2f4a5e8f6c 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -133,6 +133,10 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y)
CC_FLAGS_FTRACE := -fpatchable-function-entry=2
endif
+ifeq ($(CONFIG_STACK_VALIDATION),y)
+KBUILD_CFLAGS += -fno-jump-tables
+endif
+
# Default value
head-y := arch/arm64/kernel/head.o
--
2.17.1
Powered by blists - more mailing lists