From nobody Sat Feb 7 08:43:31 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEC6913AA3F for ; Wed, 27 Nov 2024 04:47:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732682867; cv=none; b=KsKmdursKxY8OKT5zHAHMgw2WUk9de41GbZyXGlPjGZIQIjB9dkSeIlJ3AyNfIrSSWkhV23H4Dh3odj7j51LpmmFJ3gGrNRiiM+1lDug1/rLWSJtHqnXLdfGP0PfYPyJYT8ex9ch5UCT9nx+v/hQsSxD2BIEkW/Cvs1hF5dzAH8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732682867; c=relaxed/simple; bh=Z8mLV1I0i65fQMKFNNuFW+i16/5RGdQifigv/kT1a0s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nQcFdIkHduoNCU9zWNEEXIHa1Cb1poyRGHzAJHPDQWnnEAddUuadTksPrLxOcHr991wcyuxWjgz2kjw5K5it8tSe0pz3yn/l0jBKnnyn9EjqUF9tdOUZB8V0VfMgAmkte6DFJ969PJ3o3ioODbzUODeEaf7aPu52BqSCYHzJ0AU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uPilOLCU; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uPilOLCU" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 32CEAC4CED2; Wed, 27 Nov 2024 04:47:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732682866; bh=Z8mLV1I0i65fQMKFNNuFW+i16/5RGdQifigv/kT1a0s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uPilOLCUp1s842UPNiJlXTBRjr+FzyRxgyrFXrp9Mt7luwWR4mViZ14mILwrbY16v aESyuRe6eqDtNYKV0BJKbmhdVEG8RyjqBLEiV987aRBLGB6EOYJ4qcDD1a9UlIdUyQ fFEFDUFYLrt4lBbgpX1Dh2AfME6PF2pKmkWgrO9trKTD0sOGMtIvsI81ROGfWxz5Be 2fEZBhmxh17dOeB0vsArLZxYDyNkwATzfTKdAzRQENKOVphbx5mMWRo7pSHmMwPVMx nhS/8nGDzgLk+EpbSwL+ufK8HKH9R0cSmnumMD5FatmIgrgir9DH/6Pq/ZSXSYe32F Q2s4PSrewYVOw== From: Josh Poimboeuf To: Valentin Schneider Cc: linux-kernel@vger.kernel.org, Peter Zijlstra Subject: [PATCH v2 1/3] jump_label: Add annotations for validating noinstr usage Date: Tue, 26 Nov 2024 20:47:40 -0800 Message-ID: X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Deferring a code patching IPI is unsafe if the patched code is in a noinstr region. In that case the text poke code must trigger an immediate IPI to all CPUs, which can rudely interrupt an isolated NO_HZ CPU running in userspace. Some noinstr static branches may really need to be patched at runtime, despite the resulting disruption. Add DEFINE_STATIC_KEY_*_NOINSTR() variants for those. They don't do anything special yet; that will come later. Signed-off-by: Josh Poimboeuf --- include/linux/jump_label.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h index f5a2727ca4a9..88bb6e32fdcb 100644 --- a/include/linux/jump_label.h +++ b/include/linux/jump_label.h @@ -385,6 +385,23 @@ struct static_key_false { #define DEFINE_STATIC_KEY_FALSE_RO(name) \ struct static_key_false name __ro_after_init =3D STATIC_KEY_FALSE_INIT =20 +/* + * The _NOINSTR variants are used to tell objtool the static key is allowe= d to + * be used in noinstr code. + * + * They should almost never be used, as they prevent code patching IPIs fr= om + * being deferred, which can be problematic for isolated NOHZ_FULL CPUs ru= nning + * in pure userspace. + * + * If using one of these _NOINSTR variants, please add a comment above the + * definition with the rationale. + */ +#define DEFINE_STATIC_KEY_TRUE_NOINSTR(name) \ + DEFINE_STATIC_KEY_TRUE(name) + +#define DEFINE_STATIC_KEY_FALSE_NOINSTR(name) \ + DEFINE_STATIC_KEY_FALSE(name) + #define DECLARE_STATIC_KEY_FALSE(name) \ extern struct static_key_false name =20 --=20 2.47.0 From nobody Sat Feb 7 08:43:31 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AE7A13C9D9 for ; Wed, 27 Nov 2024 04:47:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732682867; cv=none; b=nuRHMjrJzoFUWeSzm5tMiXpr/JeLaBbTMEYQDM1t472fWxryoIR3frEFNBR9Gz/AcdmLZxfLQHemMCEQL2U9obwGrHwCUxCI8t7w4Tc+frn0ZhzbnkCvf94H/bdlw6h+usW88yhFC1k9W0yXZs96lkrR7hFdT9EFEyAw/OuoZe4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732682867; c=relaxed/simple; bh=V7BtTSq2q3ni0D0tak7aDYXcHjl/SVb7F9S3WE0i7cY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fTX9liDpQ4qFZ+azBC+RBiB1qn5dAjxifWAGpr2QK/Epk77Urbvr7Nl6Z9qJSt+ysK2dFTv5kOLQDf4yBJNuTHGt+u6yq5/InUYXM5ouzrwdYUWfjDZXt1GyBxvpULoQoiQsQedxOq3X3H/98zWYONldRznOyNRbdXW+TYg9Xxo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kQDVY0fI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kQDVY0fI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7C38FC4CED9; Wed, 27 Nov 2024 04:47:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732682866; bh=V7BtTSq2q3ni0D0tak7aDYXcHjl/SVb7F9S3WE0i7cY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kQDVY0fILkQWq0WHZTP8NHvLmV7vAjohbjhsqAdIb7v+ZYWR+dQs2HaVClFVU1uuH epT2Asm0km+777OVb/pTUtwfX8nRruLtu3OyoN+E1gtgzgwMGSpKEfBS7TQB41cFzL 0gRzUoWv+FN5uyEYFH/ZhzVaPTn2VywGmTWar8TwZrAtgK0W41gcoWneKeBmMXgF/L LjOySdCv6mMtP4rN5zaATQVmmR6suhCAZmwraTRJedwAIMpPFfr/LPSxPL7cHtUGKM Z98UUsZdlyzTY7Y6O24wE96ja4AcdCRGYqevYNW1gbQWHIv1bW3++l5Jl3KTdTAeMf PXOvnGFsMtWwA== From: Josh Poimboeuf To: Valentin Schneider Cc: linux-kernel@vger.kernel.org, Peter Zijlstra Subject: [PATCH v2 2/3] static_call: Add read-only-after-init static calls Date: Tue, 26 Nov 2024 20:47:41 -0800 Message-ID: <069be22d3643046173edbbe110218a9fd28a2e55.1732682344.git.jpoimboe@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Deferring a code patching IPI is unsafe if the patched code is in a noinstr region. In that case the text poke code must trigger an immediate IPI to all CPUs, which can rudely interrupt an isolated NO_HZ CPU running in userspace. If a noinstr static call only needs to be patched during boot, its key can be made ro-after-init to ensure it will never be patched at runtime. Signed-off-by: Josh Poimboeuf --- include/linux/static_call.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/linux/static_call.h b/include/linux/static_call.h index 141e6b176a1b..34970e178fdf 100644 --- a/include/linux/static_call.h +++ b/include/linux/static_call.h @@ -190,6 +190,14 @@ extern long __static_call_return0(void); }; \ ARCH_DEFINE_STATIC_CALL_TRAMP(name, _func) =20 +#define DEFINE_STATIC_CALL_RO(name, _func) \ + DECLARE_STATIC_CALL(name, _func); \ + struct static_call_key __ro_after_init STATIC_CALL_KEY(name) =3D {\ + .func =3D _func, \ + .type =3D 1, \ + }; \ + ARCH_DEFINE_STATIC_CALL_TRAMP(name, _func) + #define DEFINE_STATIC_CALL_NULL(name, _func) \ DECLARE_STATIC_CALL(name, _func); \ struct static_call_key STATIC_CALL_KEY(name) =3D { \ @@ -198,6 +206,14 @@ extern long __static_call_return0(void); }; \ ARCH_DEFINE_STATIC_CALL_NULL_TRAMP(name) =20 +#define DEFINE_STATIC_CALL_NULL_RO(name, _func) \ + DECLARE_STATIC_CALL(name, _func); \ + struct static_call_key __ro_after_init STATIC_CALL_KEY(name) =3D {\ + .func =3D NULL, \ + .type =3D 1, \ + }; \ + ARCH_DEFINE_STATIC_CALL_NULL_TRAMP(name) + #define DEFINE_STATIC_CALL_RET0(name, _func) \ DECLARE_STATIC_CALL(name, _func); \ struct static_call_key STATIC_CALL_KEY(name) =3D { \ --=20 2.47.0 From nobody Sat Feb 7 08:43:31 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8181213D297 for ; Wed, 27 Nov 2024 04:47:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732682867; cv=none; b=K9V2FttdRYIUAa70uXvRRD9l2VNedpDH3ps8t20crLwXTtHaxh/xDAj8ufLrKxTgcIbOKUYtMGENpiMuKKhuq5InUsAXTMtswkirMYayrRHFeJEH/sgjeBKVuv9fCZnuUeMSGo5jWDqN3eV09C08+H+xU6U0NpjR1u9axZ0BMW4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732682867; c=relaxed/simple; bh=yHO+LvqBfQa0j4lpq+yDJzOZX3QJUF0wbbv2X+/SgkE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=M9qbE+0dz7nGtOJ37IZ2dr+sjaNscRF3Onqnm21D2FG7fz5bePxiInrbRg9Tx+dUlqC883BgfwqxGoop09bFQwByflkSwFtxXsRotq0w6XMVkU/2bLhCkWnSWeeC7n2g25SKhnd8c0m7sXbDsIMCZagVml0Fjh+xtnATCO9mumo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dLgM7iXT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dLgM7iXT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8435C4CECC; Wed, 27 Nov 2024 04:47:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732682867; bh=yHO+LvqBfQa0j4lpq+yDJzOZX3QJUF0wbbv2X+/SgkE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dLgM7iXT4urkZ1tDahoySNu3qV54W+9hsnFwhZIvqOB9ekf2ZnpdleqmP0LU5M+Dr n8fx4WFWfbIjNwzrXFYhgHve8edyT9sJA6bEWfsncvCv914WMF0b+EeVGupGEBFNSi ixUF4nzH9zrp5j1pKqvGAP+rMuGGhYfjO9nDxfE4wql/i28NFHdHqH9JWdQVnI1v8f 2YDSY1MosCkNavvjFfPCYQuY3WUg3p4T8MpvyP4VpMq7/2bmQ5lR6+KcVTLk57pFin wSMietmq07KStXNWAuEZ2HQ0Zg5+3f5NamIm73TP/1+LktZgZI95zXoazso0zy1Jhp mf+iXZBThVIQQ== From: Josh Poimboeuf To: Valentin Schneider Cc: linux-kernel@vger.kernel.org, Peter Zijlstra Subject: [PATCH v2 3/3] objtool: Add noinstr validation for static branches/calls Date: Tue, 26 Nov 2024 20:47:42 -0800 Message-ID: <51fd13276df848dcb320bf7ff423f73364b06266.1732682344.git.jpoimboe@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Warn about static branches/calls in noinstr regions, unless the corresponding key is RO-after-init or has been manually whitelisted with DEFINE_STATIC_KEY_*_NOINSTR((). Signed-off-by: Josh Poimboeuf --- include/linux/jump_label.h | 17 +++-- include/linux/objtool.h | 7 ++ include/linux/static_call.h | 3 + tools/objtool/Documentation/objtool.txt | 34 +++++++++ tools/objtool/check.c | 92 ++++++++++++++++++++++--- tools/objtool/include/objtool/check.h | 1 + tools/objtool/include/objtool/elf.h | 1 + tools/objtool/include/objtool/special.h | 1 + tools/objtool/special.c | 18 ++++- 9 files changed, 156 insertions(+), 18 deletions(-) diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h index 88bb6e32fdcb..dc8a82a62c10 100644 --- a/include/linux/jump_label.h +++ b/include/linux/jump_label.h @@ -75,6 +75,7 @@ =20 #include #include +#include =20 extern bool static_key_initialized; =20 @@ -373,8 +374,9 @@ struct static_key_false { #define DEFINE_STATIC_KEY_TRUE(name) \ struct static_key_true name =3D STATIC_KEY_TRUE_INIT =20 -#define DEFINE_STATIC_KEY_TRUE_RO(name) \ - struct static_key_true name __ro_after_init =3D STATIC_KEY_TRUE_INIT +#define DEFINE_STATIC_KEY_TRUE_RO(name) \ + struct static_key_true name __ro_after_init =3D STATIC_KEY_TRUE_INIT; \ + ANNOTATE_NOINSTR_ALLOWED(name) =20 #define DECLARE_STATIC_KEY_TRUE(name) \ extern struct static_key_true name @@ -382,8 +384,9 @@ struct static_key_false { #define DEFINE_STATIC_KEY_FALSE(name) \ struct static_key_false name =3D STATIC_KEY_FALSE_INIT =20 -#define DEFINE_STATIC_KEY_FALSE_RO(name) \ - struct static_key_false name __ro_after_init =3D STATIC_KEY_FALSE_INIT +#define DEFINE_STATIC_KEY_FALSE_RO(name) \ + struct static_key_false name __ro_after_init =3D STATIC_KEY_FALSE_INIT; \ + ANNOTATE_NOINSTR_ALLOWED(name) =20 /* * The _NOINSTR variants are used to tell objtool the static key is allowe= d to @@ -397,10 +400,12 @@ struct static_key_false { * definition with the rationale. */ #define DEFINE_STATIC_KEY_TRUE_NOINSTR(name) \ - DEFINE_STATIC_KEY_TRUE(name) + DEFINE_STATIC_KEY_TRUE(name); \ + ANNOTATE_NOINSTR_ALLOWED(name) =20 #define DEFINE_STATIC_KEY_FALSE_NOINSTR(name) \ - DEFINE_STATIC_KEY_FALSE(name) + DEFINE_STATIC_KEY_FALSE(name); \ + ANNOTATE_NOINSTR_ALLOWED(name) =20 #define DECLARE_STATIC_KEY_FALSE(name) \ extern struct static_key_false name diff --git a/include/linux/objtool.h b/include/linux/objtool.h index b3b8d3dab52d..1a7389f27306 100644 --- a/include/linux/objtool.h +++ b/include/linux/objtool.h @@ -34,6 +34,12 @@ static void __used __section(".discard.func_stack_frame_non_standard") \ *__func_stack_frame_non_standard_##func =3D func =20 +#define __ANNOTATE_NOINSTR_ALLOWED(key) \ + static void __used __section(".discard.noinstr_allowed") \ + *__annotate_noinstr_allowed_##key =3D &key + +#define ANNOTATE_NOINSTR_ALLOWED(key) __ANNOTATE_NOINSTR_ALLOWED(key) + /* * STACK_FRAME_NON_STANDARD_FP() is a frame-pointer-specific function igno= re * for the case where a function is intentionally missing frame pointer se= tup, @@ -157,6 +163,7 @@ #define STACK_FRAME_NON_STANDARD_FP(func) #define ANNOTATE_NOENDBR #define ASM_REACHABLE +#define ANNOTATE_NOINSTR_ALLOWED(key) #else #define ANNOTATE_INTRA_FUNCTION_CALL .macro UNWIND_HINT type:req sp_reg=3D0 sp_offset=3D0 signal=3D0 diff --git a/include/linux/static_call.h b/include/linux/static_call.h index 34970e178fdf..c7648ed72361 100644 --- a/include/linux/static_call.h +++ b/include/linux/static_call.h @@ -133,6 +133,7 @@ =20 #include #include +#include #include =20 #ifdef CONFIG_HAVE_STATIC_CALL @@ -196,6 +197,7 @@ extern long __static_call_return0(void); .func =3D _func, \ .type =3D 1, \ }; \ + ANNOTATE_NOINSTR_ALLOWED(STATIC_CALL_TRAMP(name)); \ ARCH_DEFINE_STATIC_CALL_TRAMP(name, _func) =20 #define DEFINE_STATIC_CALL_NULL(name, _func) \ @@ -212,6 +214,7 @@ extern long __static_call_return0(void); .func =3D NULL, \ .type =3D 1, \ }; \ + ANNOTATE_NOINSTR_ALLOWED(STATIC_CALL_TRAMP(name)); \ ARCH_DEFINE_STATIC_CALL_NULL_TRAMP(name) =20 #define DEFINE_STATIC_CALL_RET0(name, _func) \ diff --git a/tools/objtool/Documentation/objtool.txt b/tools/objtool/Docume= ntation/objtool.txt index 7c3ee959b63c..922d3b41541d 100644 --- a/tools/objtool/Documentation/objtool.txt +++ b/tools/objtool/Documentation/objtool.txt @@ -447,6 +447,40 @@ the objtool maintainers. names and does not use module_init() / module_exit() macros to create them. =20 +13. file.o: warning: func()+0x2a: key: non-RO static key usage in noinstr = code + file.o: warning: func()+0x2a: key: non-RO static call usage in noinstr= code + + This means that noinstr function func() uses a static key or + static call named 'key' which can be modified at runtime. This is + discouraged because it prevents code patching IPIs from being + deferred. + + You have the following options: + + 1) Check whether the static key/call in question is only modified + during init. If so, define it as read-only-after-init with + DEFINE_STATIC_KEY_*_RO() or DEFINE_STATIC_CALL_RO(). + + 2) Avoid the runtime patching. For static keys this can be done by + using static_key_enabled() or by getting rid of the static key + altogether if performance is not a concern. + + For static calls, something like the following could be done: + + target =3D static_call_query(foo); + if (target =3D=3D func1) + func1(); + else if (target =3D=3D func2) + func2(); + ... + + 3) Silence the warning by defining the static key/call with + DEFINE_STATIC_*_NOINSTR(). This decision should not + be taken lightly as it may result in code patching IPIs getting + sent to isolated NOHZ_FULL CPUs running in pure userspace. A + comment should be added above the definition explaining the + rationale for the decision. + =20 If the error doesn't seem to make sense, it could be a bug in objtool. Feel free to ask the objtool maintainer for help. diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 7fc96c30b79c..2c986f9bbd63 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1068,6 +1068,45 @@ static int create_direct_call_sections(struct objtoo= l_file *file) return 0; } =20 +static int read_noinstr_allowed(struct objtool_file *file) +{ + struct section *rsec; + struct symbol *sym; + struct reloc *reloc; + + rsec =3D find_section_by_name(file->elf, ".rela.discard.noinstr_allowed"); + if (!rsec) + return 0; + + for_each_reloc(rsec, reloc) { + switch (reloc->sym->type) { + case STT_OBJECT: + case STT_FUNC: + sym =3D reloc->sym; + break; + + case STT_SECTION: + sym =3D find_symbol_by_offset(reloc->sym->sec, + reloc_addend(reloc)); + if (!sym) { + WARN_FUNC("can't find static key/call symbol", + reloc->sym->sec, reloc_addend(reloc)); + return -1; + } + break; + + default: + WARN("unexpected relocation symbol type in %s: %d", + rsec->name, reloc->sym->type); + return -1; + } + + sym->noinstr_allowed =3D 1; + } + + return 0; +} + /* * Warnings shouldn't be reported for ignored functions. */ @@ -1955,6 +1994,8 @@ static int handle_jump_alt(struct objtool_file *file, return -1; } =20 + orig_insn->key =3D special_alt->key; + if (opts.hack_jump_label && special_alt->key_addend & 2) { struct reloc *reloc =3D insn_reloc(file, orig_insn); =20 @@ -2731,6 +2772,10 @@ static int decode_sections(struct objtool_file *file) if (ret) return ret; =20 + ret =3D read_noinstr_allowed(file); + if (ret) + return ret; + return 0; } =20 @@ -3494,9 +3539,9 @@ static bool pv_call_dest(struct objtool_file *file, s= truct instruction *insn) return file->pv_ops[idx].clean; } =20 -static inline bool noinstr_call_dest(struct objtool_file *file, - struct instruction *insn, - struct symbol *func) +static inline bool noinstr_call_allowed(struct objtool_file *file, + struct instruction *insn, + struct symbol *func) { /* * We can't deal with indirect function calls at present; @@ -3516,10 +3561,10 @@ static inline bool noinstr_call_dest(struct objtool= _file *file, return true; =20 /* - * If the symbol is a static_call trampoline, we can't tell. + * Only DEFINE_STATIC_CALL_*_RO allowed. */ if (func->static_call_tramp) - return true; + return func->noinstr_allowed; =20 /* * The __ubsan_handle_*() calls are like WARN(), they only happen when @@ -3532,14 +3577,29 @@ static inline bool noinstr_call_dest(struct objtool= _file *file, return false; } =20 +static char *static_call_name(struct symbol *func) +{ + return func->name + strlen("__SCT__"); +} + static int validate_call(struct objtool_file *file, struct instruction *insn, struct insn_state *state) { - if (state->noinstr && state->instr <=3D 0 && - !noinstr_call_dest(file, insn, insn_call_dest(insn))) { - WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_n= ame(insn)); - return 1; + if (state->noinstr && state->instr <=3D 0) { + struct symbol *dest =3D insn_call_dest(insn); + + if (dest->static_call_tramp) { + if (!dest->noinstr_allowed) { + WARN_INSN(insn, "%s: non-RO static call usage in noinstr", + static_call_name(dest)); + } + + } else if (!noinstr_call_allowed(file, insn, dest)) { + WARN_INSN(insn, "call to %s() leaves .noinstr.text section", + call_dest_name(insn)); + return 1; + } } =20 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { @@ -3602,6 +3662,17 @@ static int validate_return(struct symbol *func, stru= ct instruction *insn, struct return 0; } =20 +static int validate_static_key(struct instruction *insn, struct insn_state= *state) +{ + if (state->noinstr && state->instr <=3D 0 && !insn->key->noinstr_allowed)= { + WARN_INSN(insn, "%s: non-RO static key usage in noinstr", + insn->key->name); + return 1; + } + + return 0; +} + static struct instruction *next_insn_to_validate(struct objtool_file *file, struct instruction *insn) { @@ -3763,6 +3834,9 @@ static int validate_branch(struct objtool_file *file,= struct symbol *func, if (handle_insn_ops(insn, next_insn, &state)) return 1; =20 + if (insn->key) + validate_static_key(insn, &state); + switch (insn->type) { =20 case INSN_RETURN: diff --git a/tools/objtool/include/objtool/check.h b/tools/objtool/include/= objtool/check.h index daa46f1f0965..c0da7246eac7 100644 --- a/tools/objtool/include/objtool/check.h +++ b/tools/objtool/include/objtool/check.h @@ -77,6 +77,7 @@ struct instruction { struct symbol *sym; struct stack_op *stack_ops; struct cfi_state *cfi; + struct symbol *key; }; =20 static inline struct symbol *insn_func(struct instruction *insn) diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/ob= jtool/elf.h index d7e815c2fd15..0cb79931262b 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -69,6 +69,7 @@ struct symbol { u8 embedded_insn : 1; u8 local_label : 1; u8 frame_pointer : 1; + u8 noinstr_allowed : 1; struct list_head pv_target; struct reloc *relocs; }; diff --git a/tools/objtool/include/objtool/special.h b/tools/objtool/includ= e/objtool/special.h index 86d4af9c5aa9..ce4759358ec4 100644 --- a/tools/objtool/include/objtool/special.h +++ b/tools/objtool/include/objtool/special.h @@ -20,6 +20,7 @@ struct special_alt { bool skip_alt; bool jump_or_nop; u8 key_addend; + struct symbol *key; =20 struct section *orig_sec; unsigned long orig_off; diff --git a/tools/objtool/special.c b/tools/objtool/special.c index 097a69db82a0..982d5cb55e1b 100644 --- a/tools/objtool/special.c +++ b/tools/objtool/special.c @@ -119,14 +119,26 @@ static int get_alt_entry(struct elf *elf, const struc= t special_entry *entry, =20 if (entry->key) { struct reloc *key_reloc; + struct symbol *key; + s64 key_addend; =20 key_reloc =3D find_reloc_by_dest(elf, sec, offset + entry->key); if (!key_reloc) { - WARN_FUNC("can't find key reloc", - sec, offset + entry->key); + WARN_FUNC("can't find key reloc", sec, offset + entry->key); return -1; } - alt->key_addend =3D reloc_addend(key_reloc); + + key =3D key_reloc->sym; + key_addend =3D reloc_addend(key_reloc); + + if (key->type =3D=3D STT_SECTION) + key =3D find_symbol_by_offset(key->sec, key_addend & ~3); + + /* embedded keys not supported */ + if (key) { + alt->key =3D key; + alt->key_addend =3D key_addend; + } } =20 return 0; --=20 2.47.0