mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 17:08:10 +00:00
fb799447ae
Mark reported that the ORC unwinder incorrectly marks an unwind as
reliable when the unwind terminates prematurely in the dark corners of
return_to_handler() due to lack of information about the next frame.
The problem is UNWIND_HINT_EMPTY is used in two different situations:
1) The end of the kernel stack unwind before hitting user entry, boot
code, or fork entry
2) A blind spot in ORC coverage where the unwinder has to bail due to
lack of information about the next frame
The ORC unwinder has no way to tell the difference between the two.
When it encounters an undefined stack state with 'end=1', it blindly
marks the stack reliable, which can break the livepatch consistency
model.
Fix it by splitting UNWIND_HINT_EMPTY into UNWIND_HINT_UNDEFINED and
UNWIND_HINT_END_OF_STACK.
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/fd6212c8b450d3564b855e1cb48404d6277b4d9f.1677683419.git.jpoimboe@kernel.org
173 lines
4.9 KiB
C
173 lines
4.9 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_OBJTOOL_H
|
|
#define _LINUX_OBJTOOL_H
|
|
|
|
#include <linux/objtool_types.h>
|
|
|
|
#ifdef CONFIG_OBJTOOL
|
|
|
|
#include <asm/asm.h>
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
#define UNWIND_HINT(type, sp_reg, sp_offset, signal) \
|
|
"987: \n\t" \
|
|
".pushsection .discard.unwind_hints\n\t" \
|
|
/* struct unwind_hint */ \
|
|
".long 987b - .\n\t" \
|
|
".short " __stringify(sp_offset) "\n\t" \
|
|
".byte " __stringify(sp_reg) "\n\t" \
|
|
".byte " __stringify(type) "\n\t" \
|
|
".byte " __stringify(signal) "\n\t" \
|
|
".balign 4 \n\t" \
|
|
".popsection\n\t"
|
|
|
|
/*
|
|
* This macro marks the given function's stack frame as "non-standard", which
|
|
* tells objtool to ignore the function when doing stack metadata validation.
|
|
* It should only be used in special cases where you're 100% sure it won't
|
|
* affect the reliability of frame pointers and kernel stack traces.
|
|
*
|
|
* For more information, see tools/objtool/Documentation/objtool.txt.
|
|
*/
|
|
#define STACK_FRAME_NON_STANDARD(func) \
|
|
static void __used __section(".discard.func_stack_frame_non_standard") \
|
|
*__func_stack_frame_non_standard_##func = func
|
|
|
|
/*
|
|
* STACK_FRAME_NON_STANDARD_FP() is a frame-pointer-specific function ignore
|
|
* for the case where a function is intentionally missing frame pointer setup,
|
|
* but otherwise needs objtool/ORC coverage when frame pointers are disabled.
|
|
*/
|
|
#ifdef CONFIG_FRAME_POINTER
|
|
#define STACK_FRAME_NON_STANDARD_FP(func) STACK_FRAME_NON_STANDARD(func)
|
|
#else
|
|
#define STACK_FRAME_NON_STANDARD_FP(func)
|
|
#endif
|
|
|
|
#define ANNOTATE_NOENDBR \
|
|
"986: \n\t" \
|
|
".pushsection .discard.noendbr\n\t" \
|
|
".long 986b - .\n\t" \
|
|
".popsection\n\t"
|
|
|
|
#define ASM_REACHABLE \
|
|
"998:\n\t" \
|
|
".pushsection .discard.reachable\n\t" \
|
|
".long 998b - .\n\t" \
|
|
".popsection\n\t"
|
|
|
|
#else /* __ASSEMBLY__ */
|
|
|
|
/*
|
|
* This macro indicates that the following intra-function call is valid.
|
|
* Any non-annotated intra-function call will cause objtool to issue a warning.
|
|
*/
|
|
#define ANNOTATE_INTRA_FUNCTION_CALL \
|
|
999: \
|
|
.pushsection .discard.intra_function_calls; \
|
|
.long 999b - .; \
|
|
.popsection;
|
|
|
|
/*
|
|
* In asm, there are two kinds of code: normal C-type callable functions and
|
|
* the rest. The normal callable functions can be called by other code, and
|
|
* don't do anything unusual with the stack. Such normal callable functions
|
|
* are annotated with the ENTRY/ENDPROC macros. Most asm code falls in this
|
|
* category. In this case, no special debugging annotations are needed because
|
|
* objtool can automatically generate the ORC data for the ORC unwinder to read
|
|
* at runtime.
|
|
*
|
|
* Anything which doesn't fall into the above category, such as syscall and
|
|
* interrupt handlers, tends to not be called directly by other functions, and
|
|
* often does unusual non-C-function-type things with the stack pointer. Such
|
|
* code needs to be annotated such that objtool can understand it. The
|
|
* following CFI hint macros are for this type of code.
|
|
*
|
|
* These macros provide hints to objtool about the state of the stack at each
|
|
* instruction. Objtool starts from the hints and follows the code flow,
|
|
* making automatic CFI adjustments when it sees pushes and pops, filling out
|
|
* the debuginfo as necessary. It will also warn if it sees any
|
|
* inconsistencies.
|
|
*/
|
|
.macro UNWIND_HINT type:req sp_reg=0 sp_offset=0 signal=0
|
|
.Lhere_\@:
|
|
.pushsection .discard.unwind_hints
|
|
/* struct unwind_hint */
|
|
.long .Lhere_\@ - .
|
|
.short \sp_offset
|
|
.byte \sp_reg
|
|
.byte \type
|
|
.byte \signal
|
|
.balign 4
|
|
.popsection
|
|
.endm
|
|
|
|
.macro STACK_FRAME_NON_STANDARD func:req
|
|
.pushsection .discard.func_stack_frame_non_standard, "aw"
|
|
.long \func - .
|
|
.popsection
|
|
.endm
|
|
|
|
.macro STACK_FRAME_NON_STANDARD_FP func:req
|
|
#ifdef CONFIG_FRAME_POINTER
|
|
STACK_FRAME_NON_STANDARD \func
|
|
#endif
|
|
.endm
|
|
|
|
.macro ANNOTATE_NOENDBR
|
|
.Lhere_\@:
|
|
.pushsection .discard.noendbr
|
|
.long .Lhere_\@ - .
|
|
.popsection
|
|
.endm
|
|
|
|
/*
|
|
* Use objtool to validate the entry requirement that all code paths do
|
|
* VALIDATE_UNRET_END before RET.
|
|
*
|
|
* NOTE: The macro must be used at the beginning of a global symbol, otherwise
|
|
* it will be ignored.
|
|
*/
|
|
.macro VALIDATE_UNRET_BEGIN
|
|
#if defined(CONFIG_NOINSTR_VALIDATION) && defined(CONFIG_CPU_UNRET_ENTRY)
|
|
.Lhere_\@:
|
|
.pushsection .discard.validate_unret
|
|
.long .Lhere_\@ - .
|
|
.popsection
|
|
#endif
|
|
.endm
|
|
|
|
.macro REACHABLE
|
|
.Lhere_\@:
|
|
.pushsection .discard.reachable
|
|
.long .Lhere_\@ - .
|
|
.popsection
|
|
.endm
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
#else /* !CONFIG_OBJTOOL */
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
#define UNWIND_HINT(type, sp_reg, sp_offset, signal) "\n\t"
|
|
#define STACK_FRAME_NON_STANDARD(func)
|
|
#define STACK_FRAME_NON_STANDARD_FP(func)
|
|
#define ANNOTATE_NOENDBR
|
|
#define ASM_REACHABLE
|
|
#else
|
|
#define ANNOTATE_INTRA_FUNCTION_CALL
|
|
.macro UNWIND_HINT type:req sp_reg=0 sp_offset=0 signal=0
|
|
.endm
|
|
.macro STACK_FRAME_NON_STANDARD func:req
|
|
.endm
|
|
.macro ANNOTATE_NOENDBR
|
|
.endm
|
|
.macro REACHABLE
|
|
.endm
|
|
#endif
|
|
|
|
#endif /* CONFIG_OBJTOOL */
|
|
|
|
#endif /* _LINUX_OBJTOOL_H */
|