Commit 03f16cd0 authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Peter Zijlstra
Browse files

objtool: Add CONFIG_OBJTOOL 



Now that stack validation is an optional feature of objtool, add
CONFIG_OBJTOOL and replace most usages of CONFIG_STACK_VALIDATION with
it.

CONFIG_STACK_VALIDATION can now be considered to be frame-pointer
specific.  CONFIG_UNWINDER_ORC is already inherently valid for live
patching, so no need to "validate" it.

Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: default avatarMiroslav Benes <mbenes@suse.cz>
Link: https://lkml.kernel.org/r/939bf3d85604b2a126412bf11af6e3bd3b872bcb.1650300597.git.jpoimboe@redhat.com
parent c2bdd61c

Makefile

+1 −1
Original line number Diff line number Diff line
@@ -1302,7 +1302,7 @@ install: sub_make_done := 
# ---------------------------------------------------------------------------

# Tools



ifdef CONFIG_STACK_VALIDATION

ifdef CONFIG_OBJTOOL

prepare: tools/objtool

endif

arch/Kconfig

+6 −2
Original line number Diff line number Diff line
@@ -1028,11 +1028,14 @@ config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT 
	depends on MMU

	select ARCH_HAS_ELF_RANDOMIZE



config HAVE_OBJTOOL

	bool



config HAVE_STACK_VALIDATION

	bool

	help

	  Architecture supports the 'objtool check' host tool command, which

	  performs compile-time stack metadata validation.

	  Architecture supports objtool compile-time frame pointer rule

	  validation.



config HAVE_RELIABLE_STACKTRACE

	bool
@@ -1302,6 +1305,7 @@ config HAVE_STATIC_CALL 
config HAVE_STATIC_CALL_INLINE

	bool

	depends on HAVE_STATIC_CALL

	select OBJTOOL



config HAVE_PREEMPT_DYNAMIC

	bool

arch/x86/Kconfig

+11 −7
Original line number Diff line number Diff line
@@ -188,7 +188,7 @@ config X86 
	select HAVE_CONTEXT_TRACKING		if X86_64

	select HAVE_CONTEXT_TRACKING_OFFSTACK	if HAVE_CONTEXT_TRACKING

	select HAVE_C_RECORDMCOUNT

	select HAVE_OBJTOOL_MCOUNT		if STACK_VALIDATION

	select HAVE_OBJTOOL_MCOUNT		if HAVE_OBJTOOL

	select HAVE_BUILDTIME_MCOUNT_SORT

	select HAVE_DEBUG_KMEMLEAK

	select HAVE_DMA_CONTIGUOUS
@@ -231,6 +231,7 @@ config X86 
	select HAVE_MOVE_PMD

	select HAVE_MOVE_PUD

	select HAVE_NMI

	select HAVE_OBJTOOL			if X86_64

	select HAVE_OPTPROBES

	select HAVE_PCSPKR_PLATFORM

	select HAVE_PERF_EVENTS
@@ -242,14 +243,14 @@ config X86 
	select MMU_GATHER_RCU_TABLE_FREE	if PARAVIRT

	select HAVE_POSIX_CPU_TIMERS_TASK_WORK

	select HAVE_REGS_AND_STACK_ACCESS_API

	select HAVE_RELIABLE_STACKTRACE		if X86_64 && (UNWINDER_FRAME_POINTER || UNWINDER_ORC) && STACK_VALIDATION

	select HAVE_RELIABLE_STACKTRACE		if UNWINDER_ORC || STACK_VALIDATION

	select HAVE_FUNCTION_ARG_ACCESS_API

	select HAVE_SETUP_PER_CPU_AREA

	select HAVE_SOFTIRQ_ON_OWN_STACK

	select HAVE_STACKPROTECTOR		if CC_HAS_SANE_STACKPROTECTOR

	select HAVE_STACK_VALIDATION		if X86_64

	select HAVE_STACK_VALIDATION		if HAVE_OBJTOOL

	select HAVE_STATIC_CALL

	select HAVE_STATIC_CALL_INLINE		if HAVE_STACK_VALIDATION

	select HAVE_STATIC_CALL_INLINE		if HAVE_OBJTOOL

	select HAVE_PREEMPT_DYNAMIC_CALL

	select HAVE_RSEQ

	select HAVE_SYSCALL_TRACEPOINTS
@@ -268,7 +269,6 @@ config X86 
	select RTC_MC146818_LIB

	select SPARSE_IRQ

	select SRCU

	select STACK_VALIDATION			if HAVE_STACK_VALIDATION && (HAVE_STATIC_CALL_INLINE || RETPOLINE)

	select SYSCTL_EXCEPTION_TRACE

	select THREAD_INFO_IN_TASK

	select TRACE_IRQFLAGS_SUPPORT
@@ -459,6 +459,7 @@ config GOLDFISH 


config RETPOLINE

	bool "Avoid speculative indirect branches in kernel"

	select OBJTOOL if HAVE_OBJTOOL

	default y

	help

	  Compile kernel with the retpoline compiler options to guard against
@@ -472,6 +473,7 @@ config CC_HAS_SLS 
config SLS

	bool "Mitigate Straight-Line-Speculation"

	depends on CC_HAS_SLS && X86_64

	select OBJTOOL if HAVE_OBJTOOL

	default n

	help

	  Compile the kernel with straight-line-speculation options to guard
@@ -1819,6 +1821,7 @@ config ARCH_RANDOM 
config X86_SMAP

	def_bool y

	prompt "Supervisor Mode Access Prevention" if EXPERT

	select OBJTOOL if HAVE_OBJTOOL

	help

	  Supervisor Mode Access Prevention (SMAP) is a security

	  feature in newer Intel processors.  There is a small
@@ -1855,9 +1858,10 @@ config CC_HAS_IBT 
config X86_KERNEL_IBT

	prompt "Indirect Branch Tracking"

	bool

	depends on X86_64 && CC_HAS_IBT && STACK_VALIDATION

	depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL

	# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f

	depends on !LD_IS_LLD || LLD_VERSION >= 140000

	select OBJTOOL

	help

	  Build the kernel with support for Indirect Branch Tracking, a

	  hardware support course-grain forward-edge Control Flow Integrity

arch/x86/Kconfig.debug

+1 −1
Original line number Diff line number Diff line
@@ -237,7 +237,7 @@ choice 
config UNWINDER_ORC

	bool "ORC unwinder"

	depends on X86_64

	select STACK_VALIDATION

	select OBJTOOL

	help

	  This option enables the ORC (Oops Rewind Capability) unwinder for

	  unwinding kernel stack traces.  It uses a custom data format which is

arch/x86/include/asm/jump_label.h

+3 −3
Original line number Diff line number Diff line
@@ -20,7 +20,7 @@ 
	_ASM_PTR "%c0 + %c1 - .\n\t"			\

	".popsection \n\t"



#ifdef CONFIG_STACK_VALIDATION

#ifdef CONFIG_OBJTOOL



static __always_inline bool arch_static_branch(struct static_key *key, bool branch)

{
@@ -34,7 +34,7 @@ static __always_inline bool arch_static_branch(struct static_key *key, bool bran 
	return true;

}



#else

#else /* !CONFIG_OBJTOOL */



static __always_inline bool arch_static_branch(struct static_key * const key, const bool branch)

{
@@ -48,7 +48,7 @@ static __always_inline bool arch_static_branch(struct static_key * const key, co 
	return true;

}



#endif /* STACK_VALIDATION */

#endif /* CONFIG_OBJTOOL */



static __always_inline bool arch_static_branch_jump(struct static_key * const key, const bool branch)

{