From patchwork Thu May 11 21:25:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Poimboeuf X-Patchwork-Id: 9723183 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 683F9601E7 for ; Thu, 11 May 2017 21:26:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5FE8128720 for ; Thu, 11 May 2017 21:26:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5293328731; Thu, 11 May 2017 21:26:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 8144B28720 for ; Thu, 11 May 2017 21:25:58 +0000 (UTC) Received: (qmail 9423 invoked by uid 550); 11 May 2017 21:25:56 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 9399 invoked from network); 11 May 2017 21:25:55 -0000 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 68A5A7FD4A Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=jpoimboe@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 68A5A7FD4A Date: Thu, 11 May 2017 16:25:38 -0500 From: Josh Poimboeuf To: Kees Cook Cc: linux-kernel@vger.kernel.org, Peter Zijlstra , PaX Team , Jann Horn , Eric Biggers , Christoph Hellwig , "axboe@kernel.dk" , James Bottomley , Elena Reshetova , Hans Liljestrand , David Windsor , "x86@kernel.org" , Ingo Molnar , Arnd Bergmann , Greg Kroah-Hartman , "David S. Miller" , Rik van Riel , linux-arch , kernel-hardening@lists.openwall.com Message-ID: <20170511212538.bjp4jbb7p4qipawo@treble> References: <1494356483-81678-1-git-send-email-keescook@chromium.org> <1494356483-81678-3-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1494356483-81678-3-git-send-email-keescook@chromium.org> User-Agent: Mutt/1.6.0.1 (2016-04-01) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 11 May 2017 21:25:44 +0000 (UTC) Subject: [kernel-hardening] Re: [PATCH v4 2/2] x86/refcount: Implement fast refcount overflow protection X-Virus-Scanned: ClamAV using ClamSMTP On Tue, May 09, 2017 at 12:01:23PM -0700, Kees Cook wrote: > +#define _REFCOUNT_EXCEPTION \ > + ".pushsection .text.unlikely\n" \ > + "111:\tmovl $0x7fffffff, %[counter]\n" \ > + "112:\t" ASM_UD0 "\n" \ > + ".popsection\n" \ > + "113:\n" \ > + _ASM_EXTABLE_REFCOUNT(112b, 113b) This resulted in some new objtool warnings because the UD0 instruction is a dead end in the .text.unlikely section, but it's not annotated as such. (As opposed to the WARN macros' use of UD0, which aren't dead ends since they resume execution immediately afterwards). The below patch creates a UNREACHABLE_ASM macro, similar to the existing unreachable() macro for C code, which you can call right after the ASM_UD0 line above to fix the warnings. Feel free to add the patch to your set. ---- From: Josh Poimboeuf Subject: [PATCH] objtool: create UNREACHABLE_ASM macro Create an UNREACHABLE_ASM macro to enable inline asm to annotate dead end code paths. This macro is analagous to the unreachable() macro for C code. Also add a couple of comments. Signed-off-by: Josh Poimboeuf --- include/linux/compiler-gcc.h | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 0efef9c..08cdf9e 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -198,13 +198,26 @@ #endif #ifdef CONFIG_STACK_VALIDATION -#define annotate_unreachable() ({ \ - asm("%c0:\t\n" \ - ".pushsection .discard.unreachable\t\n" \ - ".long %c0b - .\t\n" \ - ".popsection\t\n" : : "i" (__LINE__)); \ -}) +/* + * This label needs to be unique to prevent GCC from removing what it sees as + * duplicate inline asm statements in a function. + */ +#define UNREACHABLE_ASM_LABEL __stringify(__LINE__) + +/* + * Annotate the previous instruction as unreachable. This allows objtool to + * detect dead ends in the code flow. + */ +#define UNREACHABLE_ASM \ + UNREACHABLE_ASM_LABEL ":\n\t" \ + ".pushsection .discard.unreachable\n\t" \ + ".long " UNREACHABLE_ASM_LABEL "b - .\n\t" \ + ".popsection\n" + +#define annotate_unreachable() asm(UNREACHABLE_ASM); + #else +#define UNREACHABLE_ASM #define annotate_unreachable() #endif