powerpc/objtool: uaccess validation for PPC32 (v5)

[PATCH v5 12/15] objtool: Add support for more complex UACCESS control

Posted by Christophe Leroy 2 weeks, 6 days ago

On x86, UACCESS is controlled by two instructions: STAC and CLAC.
STAC instruction enables UACCESS while CLAC disables UACCESS.
This is simple enough for objtool to locate UACCESS enable and
disable.

But on powerpc it is a bit more complex, the same instruction is
used for enabling and disabling UACCESS, and the same instruction
can be used for many other things. It would be too complex to use
exclusively instruction decoding.

To help objtool, annotate such instructions, on the same principle as
reachable/unreachable instructions. And add ANNOTATE_UACCESS_BEGIN
and ANNOTATE_UACCESS_END macros to be used in inline assembly code to
annotate UACCESS enable and UACCESS disable instructions.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
v5: Use generic annotation infrastructure
---
 include/linux/objtool.h             | 3 +++
 include/linux/objtool_types.h       | 2 ++
 tools/include/linux/objtool_types.h | 2 ++
 tools/objtool/check.c               | 8 ++++++++
 4 files changed, 15 insertions(+)

diff --git a/include/linux/objtool.h b/include/linux/objtool.h
index c722a921165b..7efd731da2a2 100644
--- a/include/linux/objtool.h
+++ b/include/linux/objtool.h
@@ -183,6 +183,9 @@
  */
 #define ANNOTATE_REACHABLE(label)	__ASM_ANNOTATE(label, ANNOTYPE_REACHABLE)
 
+#define ANNOTATE_UACCESS_BEGIN		ASM_ANNOTATE(ANNOTYPE_UACCESS_BEGIN)
+#define ANNOTATE_UACCESS_END		ASM_ANNOTATE(ANNOTYPE_UACCESS_END)
+
 #else
 #define ANNOTATE_NOENDBR		ANNOTATE type=ANNOTYPE_NOENDBR
 #define ANNOTATE_RETPOLINE_SAFE		ANNOTATE type=ANNOTYPE_RETPOLINE_SAFE
diff --git a/include/linux/objtool_types.h b/include/linux/objtool_types.h
index df5d9fa84dba..28da3d989e65 100644
--- a/include/linux/objtool_types.h
+++ b/include/linux/objtool_types.h
@@ -65,5 +65,7 @@ struct unwind_hint {
 #define ANNOTYPE_IGNORE_ALTS		6
 #define ANNOTYPE_INTRA_FUNCTION_CALL	7
 #define ANNOTYPE_REACHABLE		8
+#define ANNOTYPE_UACCESS_BEGIN		9
+#define ANNOTYPE_UACCESS_END		10
 
 #endif /* _LINUX_OBJTOOL_TYPES_H */
diff --git a/tools/include/linux/objtool_types.h b/tools/include/linux/objtool_types.h
index df5d9fa84dba..28da3d989e65 100644
--- a/tools/include/linux/objtool_types.h
+++ b/tools/include/linux/objtool_types.h
@@ -65,5 +65,7 @@ struct unwind_hint {
 #define ANNOTYPE_IGNORE_ALTS		6
 #define ANNOTYPE_INTRA_FUNCTION_CALL	7
 #define ANNOTYPE_REACHABLE		8
+#define ANNOTYPE_UACCESS_BEGIN		9
+#define ANNOTYPE_UACCESS_END		10
 
 #endif /* _LINUX_OBJTOOL_TYPES_H */
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 91436f4b3622..54625f09d831 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -2422,6 +2422,14 @@ static int __annotate_late(struct objtool_file *file, int type, struct instructi
 		insn->dead_end = false;
 		break;
 
+	case ANNOTYPE_UACCESS_BEGIN:
+		insn->type = INSN_STAC;
+		break;
+
+	case ANNOTYPE_UACCESS_END:
+		insn->type = INSN_CLAC;
+		break;
+
 	default:
 		WARN_INSN(insn, "Unknown annotation type: %d", type);
 		break;
-- 
2.47.0

Re: [PATCH v5 12/15] objtool: Add support for more complex UACCESS control

Posted by Peter Zijlstra 2 weeks, 6 days ago

On Wed, Jan 15, 2025 at 11:42:52PM +0100, Christophe Leroy wrote:

> diff --git a/tools/objtool/check.c b/tools/objtool/check.c
> index 91436f4b3622..54625f09d831 100644
> --- a/tools/objtool/check.c
> +++ b/tools/objtool/check.c
> @@ -2422,6 +2422,14 @@ static int __annotate_late(struct objtool_file *file, int type, struct instructi
>  		insn->dead_end = false;
>  		break;
>  
> +	case ANNOTYPE_UACCESS_BEGIN:
> +		insn->type = INSN_STAC;
> +		break;
> +
> +	case ANNOTYPE_UACCESS_END:
> +		insn->type = INSN_CLAC;
> +		break;

I would feel better if this had something like:

	if (insn->type != INSN_OTHER)
		WARN_INSN(insn, "over-riding instruction type: %d", insn->type);

Adding these annotations to control flow instruction would be bad etc.