objtool: Add CONFIG_STACK_VALIDATION option
Add a CONFIG_STACK_VALIDATION option which will run "objtool check" for each .o file to ensure the validity of its stack metadata. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at> Cc: Borislav Petkov <bp@alien8.de> Cc: Chris J Arges <chris.j.arges@canonical.com> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Namhyung Kim <namhyung@gmail.com> Cc: Pedro Alves <palves@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: live-patching@vger.kernel.org Link: http://lkml.kernel.org/r/92baab69a6bf9bc7043af0bfca9fb964a1d45546.1456719558.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
parent
442f04c34a
commit
b9ab5ebb14
4 changed files with 57 additions and 5 deletions
5
Makefile
5
Makefile
|
@ -993,7 +993,10 @@ prepare0: archprepare FORCE
|
|||
$(Q)$(MAKE) $(build)=.
|
||||
|
||||
# All the preparing..
|
||||
prepare: prepare0
|
||||
prepare: prepare0 prepare-objtool
|
||||
|
||||
PHONY += prepare-objtool
|
||||
prepare-objtool: $(if $(CONFIG_STACK_VALIDATION), tools/objtool FORCE)
|
||||
|
||||
# Generate some files
|
||||
# ---------------------------------------------------------------------------
|
||||
|
|
|
@ -583,6 +583,12 @@ config HAVE_COPY_THREAD_TLS
|
|||
normal C parameter passing, rather than extracting the syscall
|
||||
argument from pt_regs.
|
||||
|
||||
config HAVE_STACK_VALIDATION
|
||||
bool
|
||||
help
|
||||
Architecture supports the 'objtool check' host tool command, which
|
||||
performs compile-time stack metadata validation.
|
||||
|
||||
#
|
||||
# ABI hall of shame
|
||||
#
|
||||
|
|
|
@ -342,6 +342,18 @@ config FRAME_POINTER
|
|||
larger and slower, but it gives very useful debugging information
|
||||
in case of kernel bugs. (precise oopses/stacktraces/warnings)
|
||||
|
||||
config STACK_VALIDATION
|
||||
bool "Compile-time stack metadata validation"
|
||||
depends on HAVE_STACK_VALIDATION
|
||||
default n
|
||||
help
|
||||
Add compile-time checks to validate stack metadata, including frame
|
||||
pointers (if CONFIG_FRAME_POINTER is enabled). This helps ensure
|
||||
that runtime stack traces are more reliable.
|
||||
|
||||
For more information, see
|
||||
tools/objtool/Documentation/stack-validation.txt.
|
||||
|
||||
config DEBUG_FORCE_WEAK_PER_CPU
|
||||
bool "Force weak per-cpu definitions"
|
||||
depends on DEBUG_KERNEL
|
||||
|
|
|
@ -241,10 +241,32 @@ cmd_record_mcount = \
|
|||
fi;
|
||||
endif
|
||||
|
||||
ifdef CONFIG_STACK_VALIDATION
|
||||
|
||||
__objtool_obj := $(objtree)/tools/objtool/objtool
|
||||
|
||||
objtool_args = check
|
||||
ifndef CONFIG_FRAME_POINTER
|
||||
objtool_args += --no-fp
|
||||
endif
|
||||
|
||||
# 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory
|
||||
# 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file
|
||||
# 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file
|
||||
cmd_objtool = $(if $(patsubst y%,, \
|
||||
$(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \
|
||||
$(__objtool_obj) $(objtool_args) "$(@)";)
|
||||
objtool_obj = $(if $(patsubst y%,, \
|
||||
$(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \
|
||||
$(__objtool_obj))
|
||||
|
||||
endif # CONFIG_STACK_VALIDATION
|
||||
|
||||
define rule_cc_o_c
|
||||
$(call echo-cmd,checksrc) $(cmd_checksrc) \
|
||||
$(call echo-cmd,cc_o_c) $(cmd_cc_o_c); \
|
||||
$(cmd_modversions) \
|
||||
$(cmd_objtool) \
|
||||
$(call echo-cmd,record_mcount) \
|
||||
$(cmd_record_mcount) \
|
||||
scripts/basic/fixdep $(depfile) $@ '$(call make-cmd,cc_o_c)' > \
|
||||
|
@ -253,14 +275,23 @@ define rule_cc_o_c
|
|||
mv -f $(dot-target).tmp $(dot-target).cmd
|
||||
endef
|
||||
|
||||
define rule_as_o_S
|
||||
$(call echo-cmd,as_o_S) $(cmd_as_o_S); \
|
||||
$(cmd_objtool) \
|
||||
scripts/basic/fixdep $(depfile) $@ '$(call make-cmd,as_o_S)' > \
|
||||
$(dot-target).tmp; \
|
||||
rm -f $(depfile); \
|
||||
mv -f $(dot-target).tmp $(dot-target).cmd
|
||||
endef
|
||||
|
||||
# Built-in and composite module parts
|
||||
$(obj)/%.o: $(src)/%.c $(recordmcount_source) FORCE
|
||||
$(obj)/%.o: $(src)/%.c $(recordmcount_source) $(objtool_obj) FORCE
|
||||
$(call cmd,force_checksrc)
|
||||
$(call if_changed_rule,cc_o_c)
|
||||
|
||||
# Single-part modules are special since we need to mark them in $(MODVERDIR)
|
||||
|
||||
$(single-used-m): $(obj)/%.o: $(src)/%.c $(recordmcount_source) FORCE
|
||||
$(single-used-m): $(obj)/%.o: $(src)/%.c $(recordmcount_source) $(objtool_obj) FORCE
|
||||
$(call cmd,force_checksrc)
|
||||
$(call if_changed_rule,cc_o_c)
|
||||
@{ echo $(@:.o=.ko); echo $@; } > $(MODVERDIR)/$(@F:.o=.mod)
|
||||
|
@ -290,8 +321,8 @@ $(obj)/%.s: $(src)/%.S FORCE
|
|||
quiet_cmd_as_o_S = AS $(quiet_modtag) $@
|
||||
cmd_as_o_S = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
$(obj)/%.o: $(src)/%.S FORCE
|
||||
$(call if_changed_dep,as_o_S)
|
||||
$(obj)/%.o: $(src)/%.S $(objtool_obj) FORCE
|
||||
$(call if_changed_rule,as_o_S)
|
||||
|
||||
targets += $(real-objs-y) $(real-objs-m) $(lib-y)
|
||||
targets += $(extra-y) $(MAKECMDGOALS) $(always)
|
||||
|
|
Loading…
Reference in a new issue