Commit c207aee4 authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Ingo Molnar

objtool, x86: Add several functions and files to the objtool whitelist

In preparation for an objtool rewrite which will have broader checks,
whitelist functions and files which cause problems because they do
unusual things with the stack.

These whitelists serve as a TODO list for which functions and files
don't yet have undwarf unwinder coverage.  Eventually most of the
whitelists can be removed in favor of manual CFI hint annotations or
objtool improvements.
Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: live-patching@vger.kernel.org
Link: http://lkml.kernel.org/r/7f934a5d707a574bda33ea282e9478e627fb1829.1498659915.git.jpoimboe@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent dcc914f4
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
# Arch-specific CryptoAPI modules. # Arch-specific CryptoAPI modules.
# #
OBJECT_FILES_NON_STANDARD := y
avx_supported := $(call as-instr,vpxor %xmm0$(comma)%xmm0$(comma)%xmm0,yes,no) avx_supported := $(call as-instr,vpxor %xmm0$(comma)%xmm0$(comma)%xmm0,yes,no)
avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\ avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
$(comma)4)$(comma)%ymm2,yes,no) $(comma)4)$(comma)%ymm2,yes,no)
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
# Arch-specific CryptoAPI modules. # Arch-specific CryptoAPI modules.
# #
OBJECT_FILES_NON_STANDARD := y
avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\ avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
$(comma)4)$(comma)%ymm2,yes,no) $(comma)4)$(comma)%ymm2,yes,no)
ifeq ($(avx2_supported),yes) ifeq ($(avx2_supported),yes)
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
# Arch-specific CryptoAPI modules. # Arch-specific CryptoAPI modules.
# #
OBJECT_FILES_NON_STANDARD := y
avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\ avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
$(comma)4)$(comma)%ymm2,yes,no) $(comma)4)$(comma)%ymm2,yes,no)
ifeq ($(avx2_supported),yes) ifeq ($(avx2_supported),yes)
......
...@@ -29,6 +29,7 @@ OBJECT_FILES_NON_STANDARD_head_$(BITS).o := y ...@@ -29,6 +29,7 @@ OBJECT_FILES_NON_STANDARD_head_$(BITS).o := y
OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o := y
OBJECT_FILES_NON_STANDARD_ftrace_$(BITS).o := y OBJECT_FILES_NON_STANDARD_ftrace_$(BITS).o := y
OBJECT_FILES_NON_STANDARD_test_nx.o := y OBJECT_FILES_NON_STANDARD_test_nx.o := y
OBJECT_FILES_NON_STANDARD_paravirt_patch_$(BITS).o := y
# If instrumentation of this dir is enabled, boot hangs during first second. # If instrumentation of this dir is enabled, boot hangs during first second.
# Probably could be more selective here, but note that files related to irqs, # Probably could be more selective here, but note that files related to irqs,
......
OBJECT_FILES_NON_STANDARD_wakeup_$(BITS).o := y
obj-$(CONFIG_ACPI) += boot.o obj-$(CONFIG_ACPI) += boot.o
obj-$(CONFIG_ACPI_SLEEP) += sleep.o wakeup_$(BITS).o obj-$(CONFIG_ACPI_SLEEP) += sleep.o wakeup_$(BITS).o
obj-$(CONFIG_ACPI_APEI) += apei.o obj-$(CONFIG_ACPI_APEI) += apei.o
......
...@@ -28,6 +28,7 @@ ...@@ -28,6 +28,7 @@
#include <linux/kdebug.h> #include <linux/kdebug.h>
#include <linux/kallsyms.h> #include <linux/kallsyms.h>
#include <linux/ftrace.h> #include <linux/ftrace.h>
#include <linux/frame.h>
#include <asm/text-patching.h> #include <asm/text-patching.h>
#include <asm/cacheflush.h> #include <asm/cacheflush.h>
...@@ -94,6 +95,7 @@ static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val) ...@@ -94,6 +95,7 @@ static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
} }
asm ( asm (
"optprobe_template_func:\n"
".global optprobe_template_entry\n" ".global optprobe_template_entry\n"
"optprobe_template_entry:\n" "optprobe_template_entry:\n"
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
...@@ -131,7 +133,12 @@ asm ( ...@@ -131,7 +133,12 @@ asm (
" popf\n" " popf\n"
#endif #endif
".global optprobe_template_end\n" ".global optprobe_template_end\n"
"optprobe_template_end:\n"); "optprobe_template_end:\n"
".type optprobe_template_func, @function\n"
".size optprobe_template_func, .-optprobe_template_func\n");
void optprobe_template_func(void);
STACK_FRAME_NON_STANDARD(optprobe_template_func);
#define TMPL_MOVE_IDX \ #define TMPL_MOVE_IDX \
((long)&optprobe_template_val - (long)&optprobe_template_entry) ((long)&optprobe_template_val - (long)&optprobe_template_entry)
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/tboot.h> #include <linux/tboot.h>
#include <linux/delay.h> #include <linux/delay.h>
#include <linux/frame.h>
#include <acpi/reboot.h> #include <acpi/reboot.h>
#include <asm/io.h> #include <asm/io.h>
#include <asm/apic.h> #include <asm/apic.h>
...@@ -123,6 +124,7 @@ void __noreturn machine_real_restart(unsigned int type) ...@@ -123,6 +124,7 @@ void __noreturn machine_real_restart(unsigned int type)
#ifdef CONFIG_APM_MODULE #ifdef CONFIG_APM_MODULE
EXPORT_SYMBOL(machine_real_restart); EXPORT_SYMBOL(machine_real_restart);
#endif #endif
STACK_FRAME_NON_STANDARD(machine_real_restart);
/* /*
* Some Apple MacBook and MacBookPro's needs reboot=p to be able to reboot * Some Apple MacBook and MacBookPro's needs reboot=p to be able to reboot
......
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/amd-iommu.h> #include <linux/amd-iommu.h>
#include <linux/hashtable.h> #include <linux/hashtable.h>
#include <linux/frame.h>
#include <asm/apic.h> #include <asm/apic.h>
#include <asm/perf_event.h> #include <asm/perf_event.h>
...@@ -4906,6 +4907,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) ...@@ -4906,6 +4907,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
mark_all_clean(svm->vmcb); mark_all_clean(svm->vmcb);
} }
STACK_FRAME_NON_STANDARD(svm_vcpu_run);
static void svm_set_cr3(struct kvm_vcpu *vcpu, unsigned long root) static void svm_set_cr3(struct kvm_vcpu *vcpu, unsigned long root)
{ {
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/tboot.h> #include <linux/tboot.h>
#include <linux/hrtimer.h> #include <linux/hrtimer.h>
#include <linux/frame.h>
#include "kvm_cache_regs.h" #include "kvm_cache_regs.h"
#include "x86.h" #include "x86.h"
...@@ -8652,6 +8653,7 @@ static void vmx_handle_external_intr(struct kvm_vcpu *vcpu) ...@@ -8652,6 +8653,7 @@ static void vmx_handle_external_intr(struct kvm_vcpu *vcpu)
); );
} }
} }
STACK_FRAME_NON_STANDARD(vmx_handle_external_intr);
static bool vmx_has_high_real_mode_segbase(void) static bool vmx_has_high_real_mode_segbase(void)
{ {
...@@ -9028,6 +9030,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) ...@@ -9028,6 +9030,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
vmx_recover_nmi_blocking(vmx); vmx_recover_nmi_blocking(vmx);
vmx_complete_interrupts(vmx); vmx_complete_interrupts(vmx);
} }
STACK_FRAME_NON_STANDARD(vmx_vcpu_run);
static void vmx_switch_vmcs(struct kvm_vcpu *vcpu, struct loaded_vmcs *vmcs) static void vmx_switch_vmcs(struct kvm_vcpu *vcpu, struct loaded_vmcs *vmcs)
{ {
......
...@@ -13,14 +13,14 @@ ...@@ -13,14 +13,14 @@
.macro op_safe_regs op .macro op_safe_regs op
ENTRY(\op\()_safe_regs) ENTRY(\op\()_safe_regs)
pushq %rbx pushq %rbx
pushq %rbp pushq %r12
movq %rdi, %r10 /* Save pointer */ movq %rdi, %r10 /* Save pointer */
xorl %r11d, %r11d /* Return value */ xorl %r11d, %r11d /* Return value */
movl (%rdi), %eax movl (%rdi), %eax
movl 4(%rdi), %ecx movl 4(%rdi), %ecx
movl 8(%rdi), %edx movl 8(%rdi), %edx
movl 12(%rdi), %ebx movl 12(%rdi), %ebx
movl 20(%rdi), %ebp movl 20(%rdi), %r12d
movl 24(%rdi), %esi movl 24(%rdi), %esi
movl 28(%rdi), %edi movl 28(%rdi), %edi
1: \op 1: \op
...@@ -29,10 +29,10 @@ ENTRY(\op\()_safe_regs) ...@@ -29,10 +29,10 @@ ENTRY(\op\()_safe_regs)
movl %ecx, 4(%r10) movl %ecx, 4(%r10)
movl %edx, 8(%r10) movl %edx, 8(%r10)
movl %ebx, 12(%r10) movl %ebx, 12(%r10)
movl %ebp, 20(%r10) movl %r12d, 20(%r10)
movl %esi, 24(%r10) movl %esi, 24(%r10)
movl %edi, 28(%r10) movl %edi, 28(%r10)
popq %rbp popq %r12
popq %rbx popq %rbx
ret ret
3: 3:
......
# #
# Arch-specific network modules # Arch-specific network modules
# #
OBJECT_FILES_NON_STANDARD_bpf_jit.o += y
obj-$(CONFIG_BPF_JIT) += bpf_jit.o bpf_jit_comp.o obj-$(CONFIG_BPF_JIT) += bpf_jit.o bpf_jit_comp.o
OBJECT_FILES_NON_STANDARD_efi_thunk_$(BITS).o := y OBJECT_FILES_NON_STANDARD_efi_thunk_$(BITS).o := y
OBJECT_FILES_NON_STANDARD_efi_stub_$(BITS).o := y
obj-$(CONFIG_EFI) += quirks.o efi.o efi_$(BITS).o efi_stub_$(BITS).o obj-$(CONFIG_EFI) += quirks.o efi.o efi_$(BITS).o efi_stub_$(BITS).o
obj-$(CONFIG_EARLY_PRINTK_EFI) += early_printk.o obj-$(CONFIG_EARLY_PRINTK_EFI) += early_printk.o
......
OBJECT_FILES_NON_STANDARD_hibernate_asm_$(BITS).o := y
# __restore_processor_state() restores %gs after S3 resume and so should not # __restore_processor_state() restores %gs after S3 resume and so should not
# itself be stack-protected # itself be stack-protected
nostackp := $(call cc-option, -fno-stack-protector) nostackp := $(call cc-option, -fno-stack-protector)
......
OBJECT_FILES_NON_STANDARD_xen-asm_$(BITS).o := y
OBJECT_FILES_NON_STANDARD_xen-pvh.o := y
ifdef CONFIG_FUNCTION_TRACER ifdef CONFIG_FUNCTION_TRACER
# Do not profile debug and lowlevel utilities # Do not profile debug and lowlevel utilities
CFLAGS_REMOVE_spinlock.o = -pg CFLAGS_REMOVE_spinlock.o = -pg
......
...@@ -38,6 +38,7 @@ ...@@ -38,6 +38,7 @@
#include <linux/syscore_ops.h> #include <linux/syscore_ops.h>
#include <linux/compiler.h> #include <linux/compiler.h>
#include <linux/hugetlb.h> #include <linux/hugetlb.h>
#include <linux/frame.h>
#include <asm/page.h> #include <asm/page.h>
#include <asm/sections.h> #include <asm/sections.h>
...@@ -874,7 +875,7 @@ int kexec_load_disabled; ...@@ -874,7 +875,7 @@ int kexec_load_disabled;
* only when panic_cpu holds the current CPU number; this is the only CPU * only when panic_cpu holds the current CPU number; this is the only CPU
* which processes crash_kexec routines. * which processes crash_kexec routines.
*/ */
void __crash_kexec(struct pt_regs *regs) void __noclone __crash_kexec(struct pt_regs *regs)
{ {
/* Take the kexec_mutex here to prevent sys_kexec_load /* Take the kexec_mutex here to prevent sys_kexec_load
* running on one cpu from replacing the crash kernel * running on one cpu from replacing the crash kernel
...@@ -896,6 +897,7 @@ void __crash_kexec(struct pt_regs *regs) ...@@ -896,6 +897,7 @@ void __crash_kexec(struct pt_regs *regs)
mutex_unlock(&kexec_mutex); mutex_unlock(&kexec_mutex);
} }
} }
STACK_FRAME_NON_STANDARD(__crash_kexec);
void crash_kexec(struct pt_regs *regs) void crash_kexec(struct pt_regs *regs)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment