lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241213-objtool-strict-v1-2-fd388f9d971f@google.com>
Date: Fri, 13 Dec 2024 11:31:31 +0000
From: Brendan Jackman <jackmanb@...gle.com>
To: Josh Poimboeuf <jpoimboe@...nel.org>, Peter Zijlstra <peterz@...radead.org>, 
	Andrew Morton <akpm@...ux-foundation.org>, Masahiro Yamada <masahiroy@...nel.org>, 
	Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>
Cc: linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org, 
	Brendan Jackman <jackmanb@...gle.com>
Subject: [PATCH 2/2] kbuild: Add option to fail build on vmlinux objtool issues

NOINSTR_VALIDATION is pretty helpful for detecting bugs, I would like
my build to fail when those bugs arise.

If we wanted to we could enable this for individual warnings, it seems
unlikely there's a use-case for that though. So for now I've just added
a global setting for vmlinux.

Signed-off-by: Brendan Jackman <jackmanb@...gle.com>
---
 lib/Kconfig.debug          | 11 +++++++++++
 scripts/Makefile.vmlinux_o |  1 +
 2 files changed, 12 insertions(+)

diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index f3d72370587936fa373129cc9b246f15dac907be..b1f0f8c83b050d4112428e0d8dece059ebf8dcd2 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -563,6 +563,17 @@ config NOINSTR_VALIDATION
 	select OBJTOOL
 	default y
 
+config VMLINUX_OBJTOOL_STRICT
+	bool "Strict objtool on vmlinux"
+	default n
+	# Conditions when we run objtool on vmlinux
+	depends on NOINSTR_VALIDATION || LTO_CLANG || X86_KERNEL_IBT
+	help
+	  Fail the build when objtool produces warnings on vmlinux.
+
+	  By default, objtool just prints warnings to the terminal without
+	  causing a build failure. This config changes that for vmlinux.
+
 config VMLINUX_MAP
 	bool "Generate vmlinux.map file when linking"
 	depends on EXPERT
diff --git a/scripts/Makefile.vmlinux_o b/scripts/Makefile.vmlinux_o
index 0b6e2ebf60dc1bb69d9651d5b7858ccd296e92dd..97b6b262d482e0bac1a4d74f9a2e7b1867b6ee00 100644
--- a/scripts/Makefile.vmlinux_o
+++ b/scripts/Makefile.vmlinux_o
@@ -39,6 +39,7 @@ vmlinux-objtool-args-$(delay-objtool)			+= $(objtool-args-y)
 vmlinux-objtool-args-$(CONFIG_GCOV_KERNEL)		+= --no-unreachable
 vmlinux-objtool-args-$(CONFIG_NOINSTR_VALIDATION)	+= --noinstr \
 							   $(if $(or $(CONFIG_MITIGATION_UNRET_ENTRY),$(CONFIG_MITIGATION_SRSO)), --unret)
+vmlinux-objtool-args-$(CONFIG_VMLINUX_OBJTOOL_STRICT)	+= --fail-on-warn
 
 objtool-args = $(vmlinux-objtool-args-y) --link
 

-- 
2.47.1.613.gc27f4b7a9f-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ