diff options
author | Peter Zijlstra <peterz@infradead.org> | 2019-02-25 14:50:09 +0300 |
---|---|---|
committer | Ingo Molnar <mingo@kernel.org> | 2019-04-03 12:02:24 +0300 |
commit | ea24213d8088f9da73e1b6aadf7abd2435b70397 (patch) | |
tree | fba1e181531f8f20ff04ed6a57e10b8bd2805343 /scripts/Makefile.build | |
parent | 54262aa2830151f89699fa8a6c5aa05f0992e672 (diff) | |
download | linux-ea24213d8088f9da73e1b6aadf7abd2435b70397.tar.xz |
objtool: Add UACCESS validation
It is important that UACCESS regions are as small as possible;
furthermore the UACCESS state is not scheduled, so doing anything that
might directly call into the scheduler will cause random code to be
ran with UACCESS enabled.
Teach objtool too track UACCESS state and warn about any CALL made
while UACCESS is enabled. This very much includes the __fentry__()
and __preempt_schedule() calls.
Note that exceptions _do_ save/restore the UACCESS state, and therefore
they can drive preemption. This also means that all exception handlers
must have an otherwise redundant UACCESS disable instruction;
therefore ignore this warning for !STT_FUNC code (exception handlers
are not normal functions).
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'scripts/Makefile.build')
-rw-r--r-- | scripts/Makefile.build | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 76ca30cc4791..0c5969fa795f 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -222,6 +222,9 @@ endif ifdef CONFIG_RETPOLINE objtool_args += --retpoline endif +ifdef CONFIG_X86_SMAP + objtool_args += --uaccess +endif # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file |