1. Patchew
  2. linux
  3. View series

[PATCH v2 00/25] objtool: Interface overhaul

Josh Poimboeuf posted 25 patches 4 years ago 
Makefile                                      |   2 +-
arch/Kconfig                                  |  18 +-
arch/x86/Kconfig                              |  21 +-
arch/x86/Kconfig.debug                        |   2 +-
arch/x86/include/asm/jump_label.h             |   6 +-
arch/x86/include/asm/static_call.h            |   1 +
arch/x86/kernel/alternative.c                 |   6 +-
arch/x86/lib/putuser.S                        |   4 +
arch/x86/lib/retpoline.S                      |   2 +-
arch/x86/xen/xen-head.S                       |   1 +
include/linux/compiler.h                      |   6 +-
include/linux/instrumentation.h               |   6 +-
include/linux/objtool.h                       |   6 +-
kernel/trace/Kconfig                          |   1 +
lib/Kconfig.debug                             |  22 +-
lib/Kconfig.kcsan                             |   4 +-
lib/Kconfig.ubsan                             |   2 +-
scripts/Makefile.build                        |  23 +-
scripts/link-vmlinux.sh                       |  66 ++-
scripts/objdump-func                          |  18 +
scripts/package/builddeb                      |   2 +-
tools/include/linux/objtool.h                 |   6 +-
tools/lib/subcmd/parse-options.c              |  17 +-
tools/objtool/Build                           |  12 +-
.../{stack-validation.txt => objtool.txt}     | 122 ++++-
tools/objtool/Makefile                        |   8 +-
tools/objtool/arch/x86/decode.c               |   2 +-
tools/objtool/arch/x86/special.c              |   2 +-
tools/objtool/builtin-check.c                 | 156 ++++--
tools/objtool/builtin-orc.c                   |  73 ---
tools/objtool/check.c                         | 456 ++++++++++--------
tools/objtool/elf.c                           |  11 +-
tools/objtool/include/objtool/builtin.h       |  34 +-
tools/objtool/include/objtool/elf.h           |  12 +-
tools/objtool/include/objtool/warn.h          |  35 +-
tools/objtool/objtool.c                       | 103 +---
tools/objtool/weak.c                          |   9 +-
37 files changed, 719 insertions(+), 558 deletions(-)
create mode 100755 scripts/objdump-func
rename tools/objtool/Documentation/{stack-validation.txt => objtool.txt} (80%)
delete mode 100644 tools/objtool/builtin-orc.c
[PATCH v2 00/25] objtool: Interface overhaul
Posted by Josh Poimboeuf 4 years ago 
v2:
- extricate sls
- fix ibt regressions in v1
- fix issues found by improved ibt logic
- split '--hacks' into two
- add objdump-func script
- remove "()" in function address strings
- add '--sec-address' option
- add '--link'


Objtool's interface has some issues:

- Several features are done unconditionally, without any way to turn
  them off.  Some of them might be surprising.  This makes objtool
  tricky to use, and prevents porting individual features to other
  arches.

- The config dependencies are too coarse-grained.  Objtool enablement is
  tied to CONFIG_STACK_VALIDATION, but it has several other features
  independent of that.

- The objtool subcmds ("check" and "orc") are clumsy: "check" is really
  a subset of "orc", so it has all the same options.  The subcmd model
  has never really worked for objtool, as it only has a single purpose:
  "do some combination of things on an object file".

- The '--lto' and '--vmlinux' options are nonsensical and have
  surprising behavior.


Overhaul the interface:

- get rid of subcmds

- make all features individually selectable

- remove and/or clarify confusing/obsolete options

- update the documentation

- fix some bugs found along the way


TODO: rename files...


$ tools/objtool/objtool --help

 Usage: objtool <actions> [<options>] file.o

Actions:
    -h, --hacks[=<jump_label,noinstr>]
                          patch toolchain bugs/limitations
    -i, --ibt             validate and annotate IBT
    -l, --sls             validate straight-line-speculation mitigations
    -m, --mcount          annotate mcount/fentry calls for ftrace
    -n, --noinstr         validate noinstr rules
    -o, --orc             generate ORC metadata
    -r, --retpoline       validate and annotate retpoline usage
    -s, --stackval        validate frame pointer rules
    -t, --static-call     annotate static calls
    -u, --uaccess         validate uaccess rules for SMAP
        --dump[=<orc>]    dump metadata

Options:
        --backtrace       unwind on error
        --backup          create .orig files before modification
        --dry-run         don't write modifications
        --link            object is a linked object
        --module          object is part of a kernel module
        --no-unreachable  skip 'unreachable instruction' warnings
        --sec-address     print section addresses in warnings
        --stats           print statistics



Josh Poimboeuf (25):
  objtool: Enable unreachable warnings for CLANG LTO
  libsubcmd: Fix OPTION_GROUP sorting
  x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline
  x86/retpoline: Add ANNOTATE_ENDBR for retpolines
  x86/uaccess: Add ENDBR to __put_user_nocheck*()
  x86/xen: Add ANNOTATE_ENDBR to startup_xen()
  objtool: Reorganize cmdline options
  objtool: Ditch subcommands
  objtool: Don't print parentheses in function addresses
  objtool: Print data address for "!ENDBR" data warnings
  objtool: Use offstr() to print address of missing ENDBR
  objtool: Add option to print section addresses
  scripts: Create objdump-func helper script
  objtool: Make stack validation optional
  objtool: Rework ibt and extricate from stack validation
  objtool: Extricate sls from stack validation
  objtool: Add CONFIG_OBJTOOL
  objtool: Make stack validation frame-pointer-specific
  objtool: Make static call annotation optional
  objtool: Make jump label hack optional
  objtool: Make noinstr hacks optional
  objtool: Rename "VMLINUX_VALIDATION" -> "NOINSTR_VALIDATION"
  objtool: Add HAVE_NOINSTR_VALIDATION
  objtool: Remove --lto and --vmlinux in favor of --link
  objtool: Update documentation

 Makefile                                      |   2 +-
 arch/Kconfig                                  |  18 +-
 arch/x86/Kconfig                              |  21 +-
 arch/x86/Kconfig.debug                        |   2 +-
 arch/x86/include/asm/jump_label.h             |   6 +-
 arch/x86/include/asm/static_call.h            |   1 +
 arch/x86/kernel/alternative.c                 |   6 +-
 arch/x86/lib/putuser.S                        |   4 +
 arch/x86/lib/retpoline.S                      |   2 +-
 arch/x86/xen/xen-head.S                       |   1 +
 include/linux/compiler.h                      |   6 +-
 include/linux/instrumentation.h               |   6 +-
 include/linux/objtool.h                       |   6 +-
 kernel/trace/Kconfig                          |   1 +
 lib/Kconfig.debug                             |  22 +-
 lib/Kconfig.kcsan                             |   4 +-
 lib/Kconfig.ubsan                             |   2 +-
 scripts/Makefile.build                        |  23 +-
 scripts/link-vmlinux.sh                       |  66 ++-
 scripts/objdump-func                          |  18 +
 scripts/package/builddeb                      |   2 +-
 tools/include/linux/objtool.h                 |   6 +-
 tools/lib/subcmd/parse-options.c              |  17 +-
 tools/objtool/Build                           |  12 +-
 .../{stack-validation.txt => objtool.txt}     | 122 ++++-
 tools/objtool/Makefile                        |   8 +-
 tools/objtool/arch/x86/decode.c               |   2 +-
 tools/objtool/arch/x86/special.c              |   2 +-
 tools/objtool/builtin-check.c                 | 156 ++++--
 tools/objtool/builtin-orc.c                   |  73 ---
 tools/objtool/check.c                         | 456 ++++++++++--------
 tools/objtool/elf.c                           |  11 +-
 tools/objtool/include/objtool/builtin.h       |  34 +-
 tools/objtool/include/objtool/elf.h           |  12 +-
 tools/objtool/include/objtool/warn.h          |  35 +-
 tools/objtool/objtool.c                       | 103 +---
 tools/objtool/weak.c                          |   9 +-
 37 files changed, 719 insertions(+), 558 deletions(-)
 create mode 100755 scripts/objdump-func
 rename tools/objtool/Documentation/{stack-validation.txt => objtool.txt} (80%)
 delete mode 100644 tools/objtool/builtin-orc.c

-- 
2.34.1
Re: [PATCH v2 00/25] objtool: Interface overhaul
Posted by Miroslav Benes 4 years ago 
> $ tools/objtool/objtool --help
> 
>  Usage: objtool <actions> [<options>] file.o
> 
> Actions:
>     -h, --hacks[=<jump_label,noinstr>]
>                           patch toolchain bugs/limitations
>     -i, --ibt             validate and annotate IBT
>     -l, --sls             validate straight-line-speculation mitigations
>     -m, --mcount          annotate mcount/fentry calls for ftrace
>     -n, --noinstr         validate noinstr rules
>     -o, --orc             generate ORC metadata
>     -r, --retpoline       validate and annotate retpoline usage
>     -s, --stackval        validate frame pointer rules
>     -t, --static-call     annotate static calls
>     -u, --uaccess         validate uaccess rules for SMAP
>         --dump[=<orc>]    dump metadata
> 
> Options:
>         --backtrace       unwind on error
>         --backup          create .orig files before modification
>         --dry-run         don't write modifications
>         --link            object is a linked object
>         --module          object is part of a kernel module
>         --no-unreachable  skip 'unreachable instruction' warnings
>         --sec-address     print section addresses in warnings
>         --stats           print statistics

Nice job! The outcome is much clearer now.

Reviewed-by: Miroslav Benes <mbenes@suse.cz>

M
Re: [PATCH v2 00/25] objtool: Interface overhaul
Posted by Peter Zijlstra 4 years ago 
On Mon, Apr 18, 2022 at 09:50:19AM -0700, Josh Poimboeuf wrote:

> Josh Poimboeuf (25):
>   objtool: Enable unreachable warnings for CLANG LTO
>   libsubcmd: Fix OPTION_GROUP sorting
>   x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline
>   x86/retpoline: Add ANNOTATE_ENDBR for retpolines
>   x86/uaccess: Add ENDBR to __put_user_nocheck*()
>   x86/xen: Add ANNOTATE_ENDBR to startup_xen()
>   objtool: Reorganize cmdline options
>   objtool: Ditch subcommands
>   objtool: Don't print parentheses in function addresses
>   objtool: Print data address for "!ENDBR" data warnings
>   objtool: Use offstr() to print address of missing ENDBR
>   objtool: Add option to print section addresses
>   scripts: Create objdump-func helper script
>   objtool: Make stack validation optional
>   objtool: Rework ibt and extricate from stack validation
>   objtool: Extricate sls from stack validation
>   objtool: Add CONFIG_OBJTOOL
>   objtool: Make stack validation frame-pointer-specific
>   objtool: Make static call annotation optional
>   objtool: Make jump label hack optional
>   objtool: Make noinstr hacks optional
>   objtool: Rename "VMLINUX_VALIDATION" -> "NOINSTR_VALIDATION"
>   objtool: Add HAVE_NOINSTR_VALIDATION
>   objtool: Remove --lto and --vmlinux in favor of --link
>   objtool: Update documentation

I've taken the liberty of reordering it slightly:

   objtool: Enable unreachable warnings for CLANG LTO
   x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline
   x86/retpoline: Add ANNOTATE_ENDBR for retpolines
   x86/uaccess: Add ENDBR to __put_user_nocheck*()
   x86/xen: Add ANNOTATE_ENDBR to startup_xen()
   objtool: Print data address for "!ENDBR" data warnings
   objtool: Use offstr() to print address of missing ENDBR

Go into x86/urgent, and I've added Fixes: tags with various patches from
the IBT series, and then the rest goes into objtool/core.

As already indicated, there's going to be a few merge conflicts against
x86/core, but alas. Resolved as per the below.

---
diff --cc arch/x86/Kconfig
index 20c1dacd2baa,c8f560802bf2..000000000000
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
diff --cc scripts/Makefile.build
index 7e7aa1d030a6,ac8167227bc0..000000000000
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@@ -227,15 -227,19 +227,19 @@@ ifdef CONFIG_OBJTOO
  objtool := $(objtree)/tools/objtool/objtool
  
  objtool_args =								\
- 	$(if $(CONFIG_UNWINDER_ORC),orc generate,check)			\
- 	$(if $(part-of-module), --module)				\
- 	$(if $(CONFIG_X86_KERNEL_IBT), --lto --ibt)			\
- 	$(if $(CONFIG_FRAME_POINTER),, --no-fp)				\
- 	$(if $(CONFIG_GCOV_KERNEL)$(CONFIG_LTO_CLANG), --no-unreachable)\
+ 	$(if $(CONFIG_HAVE_JUMP_LABEL_HACK), --hacks=jump_label)	\
+ 	$(if $(CONFIG_HAVE_NOINSTR_HACK), --hacks=noinstr)		\
+ 	$(if $(CONFIG_X86_KERNEL_IBT), --ibt)				\
+ 	$(if $(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL), --mcount)		\
+ 	$(if $(CONFIG_UNWINDER_ORC), --orc)				\
  	$(if $(CONFIG_RETPOLINE), --retpoline)				\
+ 	$(if $(CONFIG_SLS), --sls)					\
+ 	$(if $(CONFIG_STACK_VALIDATION), --stackval)			\
+ 	$(if $(CONFIG_HAVE_STATIC_CALL_INLINE), --static-call)		\
 -	$(if $(CONFIG_X86_SMAP), --uaccess)				\
 +	--uaccess							\
- 	$(if $(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL), --mcount)		\
- 	$(if $(CONFIG_SLS), --sls)
+ 	$(if $(linked-object), --link)					\
+ 	$(if $(part-of-module), --module)				\
+ 	$(if $(CONFIG_GCOV_KERNEL), --no-unreachable)
  
  cmd_objtool = $(if $(objtool-enabled), ; $(objtool) $(objtool_args) $@)
  cmd_gen_objtooldep = $(if $(objtool-enabled), { echo ; echo '$@: $$(wildcard $(objtool))' ; } >> $(dot-target).cmd)
diff --cc scripts/link-vmlinux.sh
index 3a2fffdf49d4,eb9324f07f3d..000000000000
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@@ -126,34 -132,46 +132,44 @@@ objtool_link(
  		if is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL; then
  			objtoolopt="${objtoolopt} --mcount"
  		fi
- 	fi
  
- 	if is_enabled CONFIG_VMLINUX_VALIDATION; then
- 		objtoolopt="${objtoolopt} --noinstr"
- 	fi
+ 		if is_enabled CONFIG_UNWINDER_ORC; then
+ 			objtoolopt="${objtoolopt} --orc"
+ 		fi
  
- 	if [ -n "${objtoolopt}" ]; then
- 		if [ -z "${objtoolcmd}" ]; then
- 			objtoolcmd="check"
+ 		if is_enabled CONFIG_RETPOLINE; then
+ 			objtoolopt="${objtoolopt} --retpoline"
  		fi
- 		objtoolopt="${objtoolopt} --vmlinux"
- 		if ! is_enabled CONFIG_FRAME_POINTER; then
- 			objtoolopt="${objtoolopt} --no-fp"
+ 
+ 		if is_enabled CONFIG_SLS; then
+ 			objtoolopt="${objtoolopt} --sls"
  		fi
- 		if is_enabled CONFIG_GCOV_KERNEL || is_enabled CONFIG_LTO_CLANG; then
- 			objtoolopt="${objtoolopt} --no-unreachable"
+ 
+ 		if is_enabled CONFIG_STACK_VALIDATION; then
+ 			objtoolopt="${objtoolopt} --stackval"
  		fi
- 		if is_enabled CONFIG_RETPOLINE; then
- 			objtoolopt="${objtoolopt} --retpoline"
+ 
+ 		if is_enabled CONFIG_HAVE_STATIC_CALL_INLINE; then
+ 			objtoolopt="${objtoolopt} --static-call"
  		fi
  
 -		if is_enabled CONFIG_X86_SMAP; then
 -			objtoolopt="${objtoolopt} --uaccess"
 -		fi
 +		objtoolopt="${objtoolopt} --uaccess"
+ 	fi
  
- 		if is_enabled CONFIG_SLS; then
- 			objtoolopt="${objtoolopt} --sls"
+ 	if is_enabled CONFIG_NOINSTR_VALIDATION; then
+ 		objtoolopt="${objtoolopt} --noinstr"
+ 	fi
+ 
+ 	if [ -n "${objtoolopt}" ]; then
+ 
+ 		if is_enabled CONFIG_GCOV_KERNEL; then
+ 			objtoolopt="${objtoolopt} --no-unreachable"
  		fi
+ 
+ 		objtoolopt="${objtoolopt} --link"
+ 
  		info OBJTOOL ${1}
- 		tools/objtool/objtool ${objtoolcmd} ${objtoolopt} ${1}
+ 		tools/objtool/objtool ${objtoolopt} ${1}
  	fi
  }
Re: [PATCH v2 00/25] objtool: Interface overhaul
Posted by Josh Poimboeuf 4 years ago 
On Tue, Apr 19, 2022 at 01:51:30PM +0200, Peter Zijlstra wrote:
> I've taken the liberty of reordering it slightly:
> 
>    objtool: Enable unreachable warnings for CLANG LTO
>    x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline
>    x86/retpoline: Add ANNOTATE_ENDBR for retpolines
>    x86/uaccess: Add ENDBR to __put_user_nocheck*()
>    x86/xen: Add ANNOTATE_ENDBR to startup_xen()
>    objtool: Print data address for "!ENDBR" data warnings
>    objtool: Use offstr() to print address of missing ENDBR
> 
> Go into x86/urgent, and I've added Fixes: tags with various patches from
> the IBT series, and then the rest goes into objtool/core.
> 
> As already indicated, there's going to be a few merge conflicts against
> x86/core, but alas. Resolved as per the below.

Thanks!  I guess tip bot is broken?

>  -	$(if $(CONFIG_X86_SMAP), --uaccess)				\
>  +	--uaccess							\

Here we'll need HAVE_UACCESS_VALIDATION.  I'll work up a new patch for
that once your objtool/core changes go live (don't see them yet).

-- 
Josh
Re: [PATCH v2 00/25] objtool: Interface overhaul
Posted by Peter Zijlstra 4 years ago 
On Tue, Apr 19, 2022 at 08:36:22AM -0700, Josh Poimboeuf wrote:
> On Tue, Apr 19, 2022 at 01:51:30PM +0200, Peter Zijlstra wrote:
> > I've taken the liberty of reordering it slightly:
> > 
> >    objtool: Enable unreachable warnings for CLANG LTO
> >    x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline
> >    x86/retpoline: Add ANNOTATE_ENDBR for retpolines
> >    x86/uaccess: Add ENDBR to __put_user_nocheck*()
> >    x86/xen: Add ANNOTATE_ENDBR to startup_xen()
> >    objtool: Print data address for "!ENDBR" data warnings
> >    objtool: Use offstr() to print address of missing ENDBR
> > 
> > Go into x86/urgent, and I've added Fixes: tags with various patches from
> > the IBT series, and then the rest goes into objtool/core.
> > 
> > As already indicated, there's going to be a few merge conflicts against
> > x86/core, but alas. Resolved as per the below.
> 
> Thanks!  I guess tip bot is broken?

Not pushed out yet, still in queue.git. Hopefully a little later today.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.