[RFC][PATCH 00/16] objtool: vmlinux.o and noinstr validation
From: Peter Zijlstra
Date: Thu Mar 12 2020 - 09:51:42 EST
Hi all,
These patches extend objtool to be able to run on vmlinux.o and validate
Thomas's proposed noinstr annotation:
https://lkml.kernel.org/r/20200310170951.87c29e9c1cfbddd93ccd92b3@xxxxxxxxxx
"That's why we want the sections and the annotation. If something calls
out of a noinstr section into a regular text section and the call is not
annotated at the call site, then objtool can complain and tell you. What
Peter and I came up with looks like this:
noinstr foo()
do_protected(); <- Safe because in the noinstr section
instr_begin(); <- Marks the begin of a safe region, ignored
by objtool
do_stuff(); <- All good
instr_end(); <- End of the safe region. objtool starts
looking again
do_other_stuff(); <- Unsafe because do_other_stuff() is
not protected
and:
noinstr do_protected()
bar(); <- objtool will complain here
"
It should be accompanied by something like the below; which you'll find in a
series by Thomas.
---
--- a/include/asm-generic/sections.h
+++ b/include/asm-generic/sections.h
@@ -53,6 +53,9 @@ extern char __ctors_start[], __ctors_end
/* Start and end of .opd section - used for function descriptors. */
extern char __start_opd[], __end_opd[];
+/* Start and end of instrumentation protected text section */
+extern char __noinstr_text_start[], __noinstr_text_end[];
+
extern __visible const void __nosave_begin, __nosave_end;
/* Function descriptor handling (if any). Override in asm/sections.h */
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -550,6 +550,10 @@
#define TEXT_TEXT \
ALIGN_FUNCTION(); \
*(.text.hot TEXT_MAIN .text.fixup .text.unlikely) \
+ ALIGN_FUNCTION(); \
+ __noinstr_text_start = .; \
+ *(.noinstr.text) \
+ __noinstr_text_end = .; \
*(.text..refcount) \
*(.ref.text) \
MEM_KEEP(init.text*) \
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -120,12 +120,37 @@ void ftrace_likely_update(struct ftrace_
/* Annotate a C jump table to allow objtool to follow the code flow */
#define __annotate_jump_table __section(.rodata..c_jump_table)
+/* Begin/end of an instrumentation safe region */
+#define instr_begin() ({ \
+ asm volatile("%c0:\n\t" \
+ ".pushsection .discard.instr_begin\n\t" \
+ ".long %c0b - .\n\t" \
+ ".popsection\n\t" : : "i" (__COUNTER__)); \
+})
+
+#define instr_end() ({ \
+ asm volatile("%c0:\n\t" \
+ ".pushsection .discard.instr_end\n\t" \
+ ".long %c0b - .\n\t" \
+ ".popsection\n\t" : : "i" (__COUNTER__)); \
+})
+
#else
#define annotate_reachable()
#define annotate_unreachable()
#define __annotate_jump_table
+#define instr_begin() do { } while(0)
+#define instr_end() do { } while(0)
#endif
+#define INSTR(expr) ({ \
+ typeof(({ expr; })) __ret; \
+ instr_begin(); \
+ __ret = ({ expr; }); \
+ instr_end(); \
+ __ret; \
+})
+
#ifndef ASM_UNREACHABLE
# define ASM_UNREACHABLE
#endif
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -118,6 +118,11 @@ struct ftrace_likely_data {
#define notrace __attribute__((__no_instrument_function__))
#endif
+/* Section for code which can't be instrumented at all */
+#define noinstr \
+ notrace __attribute((__section__(".noinstr.text")))
+
+
/*
* it doesn't make sense on ARM (currently the only user of __naked)
* to trace naked functions because then mcount is called without
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -953,7 +953,7 @@ static void check_section(const char *mo
#define DATA_SECTIONS ".data", ".data.rel"
#define TEXT_SECTIONS ".text", ".text.unlikely", ".sched.text", \
- ".kprobes.text", ".cpuidle.text"
+ ".kprobes.text", ".cpuidle.text", ".noinstr.text"
#define OTHER_TEXT_SECTIONS ".ref.text", ".head.text", ".spinlock.text", \
".fixup", ".entry.text", ".exception.text", ".text.*", \
".coldtext"