Re: [PATCH] objtool,x86: Verify poke_int3_handler() is self contained
From: Ingo Molnar
Date: Mon Jul 27 2020 - 09:11:19 EST
* peterz@xxxxxxxxxxxxx <peterz@xxxxxxxxxxxxx> wrote:
> On Mon, Jul 27, 2020 at 01:21:44PM +0200, Ingo Molnar wrote:
> >
> > * peterz@xxxxxxxxxxxxx <peterz@xxxxxxxxxxxxx> wrote:
> >
> > >
> > > Abuse the SMAP rules to ensure poke_int3_handler() doesn't call out to
> > > anything.
> > >
> > > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> > > ---
> > > tools/objtool/check.c | 8 ++++++++
> > > 1 file changed, 8 insertions(+)
> > >
> > > --- a/tools/objtool/check.c
> > > +++ b/tools/objtool/check.c
> > > @@ -551,6 +551,14 @@ static const char *uaccess_safe_builtin[
> > > "__memcpy_mcsafe",
> > > "mcsafe_handle_tail",
> > > "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */
> > > + /*
> > > + * Abuse alert!
> > > + *
> > > + * poke_int3_handler() is not in fact related to uaccess at all, we
> > > + * abuse the uaccess rules to ensure poke_int3_handler() is self
> > > + * contained and doesn't CALL out to other code.
> > > + */
> > > + "poke_int3_handler",
> >
> > So ->uaccess_safe makes sure that we don't CALL into non-uaccess-safe
> > functions, but it still allows CALLs into *other* uaccess-safe
> > functions, right?
> >
> > So unless I missed something in the logic, the comment should say
> > something like "doesn't CALL out to other non-uaccess safe code" or
> > so? Which is, arguably, like 99% of all functions - but still, a whole
> > bunch are allowed, such as low level instrumentation and other utility
> > functions.
>
> Right, so poke_int3_handler() is also noinstr and by that isn't allowed
> to call out into !noinstr code. The intersection should be small.
>
> But yeah, perhaps this is a bad idea and I should add another annotation
> for this,.. dunno.
'nocall' ? :-)
Ingo