| Message ID | 20241213-objtool-strict-v1-2-fd388f9d971f@google.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | objtool: Add option to fail build on vmlinux warnings | expand |
On Fri, Dec 13, 2024 at 11:31:31AM +0000, Brendan Jackman wrote: > NOINSTR_VALIDATION is pretty helpful for detecting bugs, I would like > my build to fail when those bugs arise. > > If we wanted to we could enable this for individual warnings, it seems > unlikely there's a use-case for that though. So for now I've just added > a global setting for vmlinux. > > Signed-off-by: Brendan Jackman <jackmanb@google.com> Note that *any* objtool warning has a good change of being a major bug in the kernel or compiler which could result in crashing the kernel or breaking the livepatch consistency model. So the option shouldn't be restricted to noinstr builds only. In which case it should be called CONFIG_OBJTOOL_WERROR, analagous to CONFIG_WERROR. We definitely need this, though it will likely break a lot of robot builds, so it wouldn't be a good idea to merge it until after the holidays. Though once the patches are ready I could throw it on a git branch to see how bad the robot breakage is.
On Sat, 14 Dec 2024 at 01:52, Josh Poimboeuf <jpoimboe@kernel.org> wrote: > Note that *any* objtool warning has a good change of being a major bug > in the kernel or compiler which could result in crashing the kernel or > breaking the livepatch consistency model. So the option shouldn't be > restricted to noinstr builds only. In which case it should be called > CONFIG_OBJTOOL_WERROR, analagous to CONFIG_WERROR. Sure, sounds good too. Just to make sure I'm on the same page - are you saying I should add the flag to $(objtool-args-y) instead of $(vmlinux-objtool-args-y)?
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index f3d72370587936fa373129cc9b246f15dac907be..b1f0f8c83b050d4112428e0d8dece059ebf8dcd2 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -563,6 +563,17 @@ config NOINSTR_VALIDATION select OBJTOOL default y +config VMLINUX_OBJTOOL_STRICT + bool "Strict objtool on vmlinux" + default n + # Conditions when we run objtool on vmlinux + depends on NOINSTR_VALIDATION || LTO_CLANG || X86_KERNEL_IBT + help + Fail the build when objtool produces warnings on vmlinux. + + By default, objtool just prints warnings to the terminal without + causing a build failure. This config changes that for vmlinux. + config VMLINUX_MAP bool "Generate vmlinux.map file when linking" depends on EXPERT diff --git a/scripts/Makefile.vmlinux_o b/scripts/Makefile.vmlinux_o index 0b6e2ebf60dc1bb69d9651d5b7858ccd296e92dd..97b6b262d482e0bac1a4d74f9a2e7b1867b6ee00 100644 --- a/scripts/Makefile.vmlinux_o +++ b/scripts/Makefile.vmlinux_o @@ -39,6 +39,7 @@ vmlinux-objtool-args-$(delay-objtool) += $(objtool-args-y) vmlinux-objtool-args-$(CONFIG_GCOV_KERNEL) += --no-unreachable vmlinux-objtool-args-$(CONFIG_NOINSTR_VALIDATION) += --noinstr \ $(if $(or $(CONFIG_MITIGATION_UNRET_ENTRY),$(CONFIG_MITIGATION_SRSO)), --unret) +vmlinux-objtool-args-$(CONFIG_VMLINUX_OBJTOOL_STRICT) += --fail-on-warn objtool-args = $(vmlinux-objtool-args-y) --link
NOINSTR_VALIDATION is pretty helpful for detecting bugs, I would like my build to fail when those bugs arise. If we wanted to we could enable this for individual warnings, it seems unlikely there's a use-case for that though. So for now I've just added a global setting for vmlinux. Signed-off-by: Brendan Jackman <jackmanb@google.com> --- lib/Kconfig.debug | 11 +++++++++++ scripts/Makefile.vmlinux_o | 1 + 2 files changed, 12 insertions(+)