Re: [RFC PATCH v3 13/13] objtool: arm64: Enable stack validation for arm64
From: Peter Zijlstra
Date: Thu Apr 07 2022 - 08:19:44 EST
On Thu, Apr 07, 2022 at 08:01:41PM +0800, Chen Zhongjin wrote:
> From: Raphael Gault <raphael.gault@xxxxxxx>
>
> Add build option to run stack validation at compile time.
>
> When requiring stack validation, jump tables are disabled as it
> simplifies objtool analysis (without having to introduce unreliable
> artifacs). In local testing, this does not appear to significaly
> affect final binary size nor system performance.
>
> Signed-off-by: Raphael Gault <raphael.gault@xxxxxxx>
> Signed-off-by: Julien Thierry <jthierry@xxxxxxxxxx>
> ---
> arch/arm64/Kconfig | 1 +
> arch/arm64/Makefile | 4 ++++
> 2 files changed, 5 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 23048be0333b..119cfce4117f 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -201,6 +201,7 @@ config ARM64
> select MMU_GATHER_RCU_TABLE_FREE
> select HAVE_RSEQ
> select HAVE_STACKPROTECTOR
> + select HAVE_STACK_VALIDATION
> select HAVE_SYSCALL_TRACEPOINTS
> select HAVE_KPROBES
> select HAVE_KRETPROBES
> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> index 2f1de88651e6..ad2f4a5e8f6c 100644
> --- a/arch/arm64/Makefile
> +++ b/arch/arm64/Makefile
> @@ -133,6 +133,10 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE_WITH_REGS),y)
> CC_FLAGS_FTRACE := -fpatchable-function-entry=2
> endif
>
> +ifeq ($(CONFIG_STACK_VALIDATION),y)
> +KBUILD_CFLAGS += -fno-jump-tables
> +endif
IIRC this is a sore spot for the whole endeavour..