Re: [PATCH v2 3/6] x86/cpu: Remove CONFIG_X86_SMAP and "nosmap"
From: Kees Cook
Date: Tue Feb 08 2022 - 22:10:30 EST
On Tue, Feb 08, 2022 at 10:01:05PM +0100, Borislav Petkov wrote:
> On Tue, Feb 08, 2022 at 04:06:52PM +0100, Borislav Petkov wrote:
> > Hmm, I think you're right.
> >
> > Mr. Z?
>
> He says yes.
>
> Ok, that was a good catch, thanks!
>
> This chunk looks now like this - I'll send a new version later.
>
> ---
> diff --git a/scripts/Makefile.build b/scripts/Makefile.build
> index a4b89b757287..404ea669ecca 100644
> --- a/scripts/Makefile.build
> +++ b/scripts/Makefile.build
> @@ -233,7 +233,7 @@ objtool_args = \
> $(if $(CONFIG_FRAME_POINTER),, --no-fp) \
> $(if $(CONFIG_GCOV_KERNEL)$(CONFIG_LTO_CLANG), --no-unreachable)\
> $(if $(CONFIG_RETPOLINE), --retpoline) \
> - $(if $(CONFIG_X86_SMAP), --uaccess) \
> + --uaccess \
> $(if $(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL), --mcount) \
> $(if $(CONFIG_SLS), --sls)
>
> diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
> index 666f7bbc13eb..0fcba46fc10f 100755
> --- a/scripts/link-vmlinux.sh
> +++ b/scripts/link-vmlinux.sh
> @@ -106,7 +106,7 @@ modpost_link()
> objtool_link()
> {
> local objtoolcmd;
> - local objtoolopt;
> + local objtoolopt="--uaccess"
>
> if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then
> # Don't perform vmlinux validation unless explicitly requested,
> @@ -140,9 +140,6 @@ objtool_link()
> if is_enabled CONFIG_RETPOLINE; then
> objtoolopt="${objtoolopt} --retpoline"
> fi
> - if is_enabled CONFIG_X86_SMAP; then
> - objtoolopt="${objtoolopt} --uaccess"
> - fi
> if is_enabled CONFIG_SLS; then
> objtoolopt="${objtoolopt} --sls"
> fi
Cool; yeah, that's kind of what I was expecting. I have a knee-jerk "I
don't want to touch this again later" reaction to seeing it always
applied instead of gated by CONFIG_X86 or something, but then, I doubt
that'll be hard to change when/if objtool becomes multi-architecture.
Consider the update as:
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
--
Kees Cook