| Message ID | 20200320180032.994128577@linutronix.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/entry: Consolidation part II (syscalls) | expand |
On Fri, Mar 20, 2020 at 07:00:02PM +0100, Thomas Gleixner wrote: > Warnings, bugs and stack protection fails from noinstr sections, e.g. low > level and early entry code, are likely to be fatal. > > Mark them as "safe" to be invoked from noinstr protected code to avoid > annotating all usage sites. Getting the information out is important. > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > --- > arch/x86/include/asm/bug.h | 3 +++ > include/asm-generic/bug.h | 9 +++++++-- > kernel/panic.c | 4 +++- > 3 files changed, 13 insertions(+), 3 deletions(-) > > --- a/arch/x86/include/asm/bug.h > +++ b/arch/x86/include/asm/bug.h > @@ -70,13 +70,16 @@ do { \ > #define HAVE_ARCH_BUG > #define BUG() \ > do { \ > + instr_begin(); \ > _BUG_FLAGS(ASM_UD2, 0); \ > unreachable(); \ > } while (0) For visual symmetry at least, it seems like this wants an instr_end() before the unreachable(). Does objtool not like that? > --- a/include/asm-generic/bug.h > +++ b/include/asm-generic/bug.h > @@ -83,14 +83,19 @@ extern __printf(4, 5) > void warn_slowpath_fmt(const char *file, const int line, unsigned taint, > const char *fmt, ...); > #define __WARN() __WARN_printf(TAINT_WARN, NULL) > -#define __WARN_printf(taint, arg...) \ > - warn_slowpath_fmt(__FILE__, __LINE__, taint, arg) > +#define __WARN_printf(taint, arg...) do { \ > + instr_begin(); \ > + warn_slowpath_fmt(__FILE__, __LINE__, taint, arg); \ > + instr_end(); \ > + while (0) Missing a '}' before the 'while'?
On Thu, Apr 02, 2020 at 04:01:15PM -0500, Josh Poimboeuf wrote: > On Fri, Mar 20, 2020 at 07:00:02PM +0100, Thomas Gleixner wrote: > > Warnings, bugs and stack protection fails from noinstr sections, e.g. low > > level and early entry code, are likely to be fatal. > > > > Mark them as "safe" to be invoked from noinstr protected code to avoid > > annotating all usage sites. Getting the information out is important. > > > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > > --- > > arch/x86/include/asm/bug.h | 3 +++ > > include/asm-generic/bug.h | 9 +++++++-- > > kernel/panic.c | 4 +++- > > 3 files changed, 13 insertions(+), 3 deletions(-) > > > > --- a/arch/x86/include/asm/bug.h > > +++ b/arch/x86/include/asm/bug.h > > @@ -70,13 +70,16 @@ do { \ > > #define HAVE_ARCH_BUG > > #define BUG() \ > > do { \ > > + instr_begin(); \ > > _BUG_FLAGS(ASM_UD2, 0); \ > > unreachable(); \ > > } while (0) > > For visual symmetry at least, it seems like this wants an instr_end() > before the unreachable(). Does objtool not like that? Can't remember, but I think it's weird to put something after you know it unreachable.
On Thu, Apr 02, 2020 at 11:34:31PM +0200, Peter Zijlstra wrote: > On Thu, Apr 02, 2020 at 04:01:15PM -0500, Josh Poimboeuf wrote: > > On Fri, Mar 20, 2020 at 07:00:02PM +0100, Thomas Gleixner wrote: > > > Warnings, bugs and stack protection fails from noinstr sections, e.g. low > > > level and early entry code, are likely to be fatal. > > > > > > Mark them as "safe" to be invoked from noinstr protected code to avoid > > > annotating all usage sites. Getting the information out is important. > > > > > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > > > --- > > > arch/x86/include/asm/bug.h | 3 +++ > > > include/asm-generic/bug.h | 9 +++++++-- > > > kernel/panic.c | 4 +++- > > > 3 files changed, 13 insertions(+), 3 deletions(-) > > > > > > --- a/arch/x86/include/asm/bug.h > > > +++ b/arch/x86/include/asm/bug.h > > > @@ -70,13 +70,16 @@ do { \ > > > #define HAVE_ARCH_BUG > > > #define BUG() \ > > > do { \ > > > + instr_begin(); \ > > > _BUG_FLAGS(ASM_UD2, 0); \ > > > unreachable(); \ > > > } while (0) > > > > For visual symmetry at least, it seems like this wants an instr_end() > > before the unreachable(). Does objtool not like that? > > Can't remember, but I think it's weird to put something after you know > it unreachable. Yeah, I guess... but my lizard brain likes to see closure :-)
Josh Poimboeuf <jpoimboe@redhat.com> writes: > On Fri, Mar 20, 2020 at 07:00:02PM +0100, Thomas Gleixner wrote: >> --- a/arch/x86/include/asm/bug.h >> +++ b/arch/x86/include/asm/bug.h >> @@ -70,13 +70,16 @@ do { \ >> #define HAVE_ARCH_BUG >> #define BUG() \ >> do { \ >> + instr_begin(); \ >> _BUG_FLAGS(ASM_UD2, 0); \ >> unreachable(); \ >> } while (0) > > For visual symmetry at least, it seems like this wants an instr_end() > before the unreachable(). Does objtool not like that? There was some hickup, but can't remember. Will try to reproduce with the latest version of Peter's objtool changes. >> --- a/include/asm-generic/bug.h >> +++ b/include/asm-generic/bug.h >> @@ -83,14 +83,19 @@ extern __printf(4, 5) >> void warn_slowpath_fmt(const char *file, const int line, unsigned taint, >> const char *fmt, ...); >> #define __WARN() __WARN_printf(TAINT_WARN, NULL) >> -#define __WARN_printf(taint, arg...) \ >> - warn_slowpath_fmt(__FILE__, __LINE__, taint, arg) >> +#define __WARN_printf(taint, arg...) do { \ >> + instr_begin(); \ >> + warn_slowpath_fmt(__FILE__, __LINE__, taint, arg); \ >> + instr_end(); \ >> + while (0) > > Missing a '}' before the 'while'? Yep, fixed that locally already. Thanks, tglx
--- a/arch/x86/include/asm/bug.h +++ b/arch/x86/include/asm/bug.h @@ -70,13 +70,16 @@ do { \ #define HAVE_ARCH_BUG #define BUG() \ do { \ + instr_begin(); \ _BUG_FLAGS(ASM_UD2, 0); \ unreachable(); \ } while (0) #define __WARN_FLAGS(flags) \ do { \ + instr_begin(); \ _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags)); \ + instr_end(); \ annotate_reachable(); \ } while (0) --- a/include/asm-generic/bug.h +++ b/include/asm-generic/bug.h @@ -83,14 +83,19 @@ extern __printf(4, 5) void warn_slowpath_fmt(const char *file, const int line, unsigned taint, const char *fmt, ...); #define __WARN() __WARN_printf(TAINT_WARN, NULL) -#define __WARN_printf(taint, arg...) \ - warn_slowpath_fmt(__FILE__, __LINE__, taint, arg) +#define __WARN_printf(taint, arg...) do { \ + instr_begin(); \ + warn_slowpath_fmt(__FILE__, __LINE__, taint, arg); \ + instr_end(); \ + while (0) #else extern __printf(1, 2) void __warn_printk(const char *fmt, ...); #define __WARN() __WARN_FLAGS(BUGFLAG_TAINT(TAINT_WARN)) #define __WARN_printf(taint, arg...) do { \ + instr_begin(); \ __warn_printk(arg); \ __WARN_FLAGS(BUGFLAG_NO_CUT_HERE | BUGFLAG_TAINT(taint));\ + instr_end(); \ } while (0) #define WARN_ON_ONCE(condition) ({ \ int __ret_warn_on = !!(condition); \ --- a/kernel/panic.c +++ b/kernel/panic.c @@ -662,10 +662,12 @@ device_initcall(register_warn_debugfs); * Called when gcc's -fstack-protector feature is used, and * gcc detects corruption of the on-stack canary value */ -__visible void __stack_chk_fail(void) +__visible noinstr void __stack_chk_fail(void) { + instr_begin(); panic("stack-protector: Kernel stack is corrupted in: %pB", __builtin_return_address(0)); + instr_end(); } EXPORT_SYMBOL(__stack_chk_fail);
Warnings, bugs and stack protection fails from noinstr sections, e.g. low level and early entry code, are likely to be fatal. Mark them as "safe" to be invoked from noinstr protected code to avoid annotating all usage sites. Getting the information out is important. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> --- arch/x86/include/asm/bug.h | 3 +++ include/asm-generic/bug.h | 9 +++++++-- kernel/panic.c | 4 +++- 3 files changed, 13 insertions(+), 3 deletions(-)