| Message ID | 20220407120141.43801-14-chenzhongjin@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | objtool: add base support for arm64 | expand |
On Thu, Apr 07, 2022 at 08:01:41PM +0800, Chen Zhongjin wrote: > From: Raphael Gault <raphael.gault@arm.com> > > Add build option to run stack validation at compile time. > > When requiring stack validation, jump tables are disabled as it > simplifies objtool analysis (without having to introduce unreliable > artifacs). In local testing, this does not appear to significaly > affect final binary size nor system performance. > > Signed-off-by: Raphael Gault <raphael.gault@arm.com> > Signed-off-by: Julien Thierry <jthierry@redhat.com> > --- > arch/arm64/Kconfig | 1 + > arch/arm64/Makefile | 4 ++++ > 2 files changed, 5 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 23048be0333b..119cfce4117f 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -201,6 +201,7 @@ config ARM64 > select MMU_GATHER_RCU_TABLE_FREE > select HAVE_RSEQ > select HAVE_STACKPROTECTOR > + select HAVE_STACK_VALIDATION > select HAVE_SYSCALL_TRACEPOINTS > select HAVE_KPROBES > select HAVE_KRETPROBES > diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile > index 2f1de88651e6..ad2f4a5e8f6c 100644 > --- a/arch/arm64/Makefile > +++ b/arch/arm64/Makefile > @@ -133,6 +133,10 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y) > CC_FLAGS_FTRACE := -fpatchable-function-entry=2 > endif > > +ifeq ($(CONFIG_STACK_VALIDATION),y) > +KBUILD_CFLAGS += -fno-jump-tables > +endif IIRC this is a sore spot for the whole endeavour..
Hi Peter,
You are right that Julien had tried to use gcc plugin to fix this but
refused by Ard.
With jump tables objtool will give some sibling call errors because we
can't detect
jump table correctly on arm64. Then in the v2 patch they gave a
conclusion that
it is acceptable to close jump table.
Now we still have some problems on arm64. The todo list includes:
- BRK insns are decoded as INSN_BUG and then marked as dead_end, which
makes objtool
stop checking and cause unreachable error.
- Some functions need to be annotated by UNWIND micro or marked as noreturn.
- arm64 and x86 share the code for check.c and it can make some problem.
Now I found some errors about __ex_table which is related to alternative
entry
search code for x86 in special.c.
- Some *.S file still contain data inside text section which cannot be
excluded or
decoded such as head.S. Also, we have a assembly file kuser32.S which
reporting
undecodable error.
Now I'm trying to fix these problems with minimum change on arm64
architecture
and objtool code. To be honest, objtool check grows to a huge x86 wool
ball now and
make migration a bit difficult. Josh mentions there will be a
refectoring for objtool
features and maybe we can separatedly support features on different
arches which will
make things easier.
Also, Madhaven has commited a new patch for stack validation. It's seems
an available
approch that using DWARF to make stack validation so that we don't need
to adapt to
different architectures. I'm checking the code and planning to help to
test it.
Anyway, besides stack validation I think it's still valuable to migrate
objtool on arm64.
So let things going on and if you have any advise or help I'll be vary
appriciate for that.
Thanks for your time!
On 2022/4/7 20:19, Peter Zijlstra wrote:
> IIRC this is a sore spot for the whole endeavour..
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 23048be0333b..119cfce4117f 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -201,6 +201,7 @@ config ARM64 select MMU_GATHER_RCU_TABLE_FREE select HAVE_RSEQ select HAVE_STACKPROTECTOR + select HAVE_STACK_VALIDATION select HAVE_SYSCALL_TRACEPOINTS select HAVE_KPROBES select HAVE_KRETPROBES diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 2f1de88651e6..ad2f4a5e8f6c 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -133,6 +133,10 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y) CC_FLAGS_FTRACE := -fpatchable-function-entry=2 endif +ifeq ($(CONFIG_STACK_VALIDATION),y) +KBUILD_CFLAGS += -fno-jump-tables +endif + # Default value head-y := arch/arm64/kernel/head.o