Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

+15

arch/x86/include/asm/cpufeature.h

··· 140 140 141 141 #define setup_force_cpu_bug(bit) setup_force_cpu_cap(bit) 142 142 143 + #if defined(__clang__) && !defined(CC_HAVE_ASM_GOTO) 144 + 145 + /* 146 + * Workaround for the sake of BPF compilation which utilizes kernel 147 + * headers, but clang does not support ASM GOTO and fails the build. 148 + */ 149 + #ifndef __BPF_TRACING__ 150 + #warning "Compiler lacks ASM_GOTO support. Add -D __BPF_TRACING__ to your compiler arguments" 151 + #endif 152 + 153 + #define static_cpu_has(bit) boot_cpu_has(bit) 154 + 155 + #else 156 + 143 157 /* 144 158 * Static testing of CPU features. Used the same as boot_cpu_has(). 145 159 * These will statically patch the target code for additional ··· 209 195 boot_cpu_has(bit) : \ 210 196 _static_cpu_has(bit) \ 211 197 ) 198 + #endif 212 199 213 200 #define cpu_has_bug(c, bit) cpu_has(c, (bit)) 214 201 #define set_cpu_bug(c, bit) set_cpu_cap(c, (bit))

+18

arch/x86/include/asm/insn.h

··· 208 208 return insn_offset_displacement(insn) + insn->displacement.nbytes; 209 209 } 210 210 211 + #define POP_SS_OPCODE 0x1f 212 + #define MOV_SREG_OPCODE 0x8e 213 + 214 + /* 215 + * Intel SDM Vol.3A 6.8.3 states; 216 + * "Any single-step trap that would be delivered following the MOV to SS 217 + * instruction or POP to SS instruction (because EFLAGS.TF is 1) is 218 + * suppressed." 219 + * This function returns true if @insn is MOV SS or POP SS. On these 220 + * instructions, single stepping is suppressed. 221 + */ 222 + static inline int insn_masking_exception(struct insn *insn) 223 + { 224 + return insn->opcode.bytes[0] == POP_SS_OPCODE || 225 + (insn->opcode.bytes[0] == MOV_SREG_OPCODE && 226 + X86_MODRM_REG(insn->modrm.bytes[0]) == 2); 227 + } 228 + 211 229 #endif /* _ASM_X86_INSN_H */

+4

arch/x86/kernel/kprobes/core.c

··· 370 370 if (insn->opcode.bytes[0] == BREAKPOINT_INSTRUCTION) 371 371 return 0; 372 372 373 + /* We should not singlestep on the exception masking instructions */ 374 + if (insn_masking_exception(insn)) 375 + return 0; 376 + 373 377 #ifdef CONFIG_X86_64 374 378 /* Only x86_64 has RIP relative instructions */ 375 379 if (insn_rip_relative(insn)) {

+5 -1

arch/x86/kernel/machine_kexec_32.c

··· 57 57 static void machine_kexec_free_page_tables(struct kimage *image) 58 58 { 59 59 free_page((unsigned long)image->arch.pgd); 60 + image->arch.pgd = NULL; 60 61 #ifdef CONFIG_X86_PAE 61 62 free_page((unsigned long)image->arch.pmd0); 63 + image->arch.pmd0 = NULL; 62 64 free_page((unsigned long)image->arch.pmd1); 65 + image->arch.pmd1 = NULL; 63 66 #endif 64 67 free_page((unsigned long)image->arch.pte0); 68 + image->arch.pte0 = NULL; 65 69 free_page((unsigned long)image->arch.pte1); 70 + image->arch.pte1 = NULL; 66 71 } 67 72 68 73 static int machine_kexec_alloc_page_tables(struct kimage *image) ··· 84 79 !image->arch.pmd0 || !image->arch.pmd1 || 85 80 #endif 86 81 !image->arch.pte0 || !image->arch.pte1) { 87 - machine_kexec_free_page_tables(image); 88 82 return -ENOMEM; 89 83 } 90 84 return 0;

+4 -1

arch/x86/kernel/machine_kexec_64.c

··· 39 39 static void free_transition_pgtable(struct kimage *image) 40 40 { 41 41 free_page((unsigned long)image->arch.p4d); 42 + image->arch.p4d = NULL; 42 43 free_page((unsigned long)image->arch.pud); 44 + image->arch.pud = NULL; 43 45 free_page((unsigned long)image->arch.pmd); 46 + image->arch.pmd = NULL; 44 47 free_page((unsigned long)image->arch.pte); 48 + image->arch.pte = NULL; 45 49 } 46 50 47 51 static int init_transition_pgtable(struct kimage *image, pgd_t *pgd) ··· 95 91 set_pte(pte, pfn_pte(paddr >> PAGE_SHIFT, PAGE_KERNEL_EXEC_NOENC)); 96 92 return 0; 97 93 err: 98 - free_transition_pgtable(image); 99 94 return result; 100 95 } 101 96

+4

arch/x86/kernel/uprobes.c

··· 299 299 if (is_prefix_bad(insn)) 300 300 return -ENOTSUPP; 301 301 302 + /* We should not singlestep on the exception masking instructions */ 303 + if (insn_masking_exception(insn)) 304 + return -ENOTSUPP; 305 + 302 306 if (x86_64) 303 307 good_insns = good_insns_64; 304 308 else

+1 -1

samples/bpf/Makefile

··· 255 255 $(obj)/%.o: $(src)/%.c 256 256 $(CLANG) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(EXTRA_CFLAGS) -I$(obj) \ 257 257 -I$(srctree)/tools/testing/selftests/bpf/ \ 258 - -D__KERNEL__ -Wno-unused-value -Wno-pointer-sign \ 258 + -D__KERNEL__ -D__BPF_TRACING__ -Wno-unused-value -Wno-pointer-sign \ 259 259 -D__TARGET_ARCH_$(ARCH) -Wno-compare-distinct-pointer-types \ 260 260 -Wno-gnu-variable-sized-type-not-at-end \ 261 261 -Wno-address-of-packed-member -Wno-tautological-compare \

+18

tools/objtool/arch/x86/include/asm/insn.h

··· 208 208 return insn_offset_displacement(insn) + insn->displacement.nbytes; 209 209 } 210 210 211 + #define POP_SS_OPCODE 0x1f 212 + #define MOV_SREG_OPCODE 0x8e 213 + 214 + /* 215 + * Intel SDM Vol.3A 6.8.3 states; 216 + * "Any single-step trap that would be delivered following the MOV to SS 217 + * instruction or POP to SS instruction (because EFLAGS.TF is 1) is 218 + * suppressed." 219 + * This function returns true if @insn is MOV SS or POP SS. On these 220 + * instructions, single stepping is suppressed. 221 + */ 222 + static inline int insn_masking_exception(struct insn *insn) 223 + { 224 + return insn->opcode.bytes[0] == POP_SS_OPCODE || 225 + (insn->opcode.bytes[0] == MOV_SREG_OPCODE && 226 + X86_MODRM_REG(insn->modrm.bytes[0]) == 2); 227 + } 228 + 211 229 #endif /* _ASM_X86_INSN_H */

+95 -72

tools/objtool/check.c

··· 59 59 return next; 60 60 } 61 61 62 + static struct instruction *next_insn_same_func(struct objtool_file *file, 63 + struct instruction *insn) 64 + { 65 + struct instruction *next = list_next_entry(insn, list); 66 + struct symbol *func = insn->func; 67 + 68 + if (!func) 69 + return NULL; 70 + 71 + if (&next->list != &file->insn_list && next->func == func) 72 + return next; 73 + 74 + /* Check if we're already in the subfunction: */ 75 + if (func == func->cfunc) 76 + return NULL; 77 + 78 + /* Move to the subfunction: */ 79 + return find_insn(file, func->cfunc->sec, func->cfunc->offset); 80 + } 81 + 82 + #define func_for_each_insn_all(file, func, insn) \ 83 + for (insn = find_insn(file, func->sec, func->offset); \ 84 + insn; \ 85 + insn = next_insn_same_func(file, insn)) 86 + 62 87 #define func_for_each_insn(file, func, insn) \ 63 88 for (insn = find_insn(file, func->sec, func->offset); \ 64 89 insn && &insn->list != &file->insn_list && \ ··· 174 149 if (!strcmp(func->name, global_noreturns[i])) 175 150 return 1; 176 151 177 - if (!func->sec) 152 + if (!func->len) 178 153 return 0; 179 154 180 - func_for_each_insn(file, func, insn) { 155 + insn = find_insn(file, func->sec, func->offset); 156 + if (!insn->func) 157 + return 0; 158 + 159 + func_for_each_insn_all(file, func, insn) { 181 160 empty = false; 182 161 183 162 if (insn->type == INSN_RETURN) ··· 196 167 * case, the function's dead-end status depends on whether the target 197 168 * of the sibling call returns. 198 169 */ 199 - func_for_each_insn(file, func, insn) { 200 - if (insn->sec != func->sec || 201 - insn->offset >= func->offset + func->len) 202 - break; 203 - 170 + func_for_each_insn_all(file, func, insn) { 204 171 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 205 172 struct instruction *dest = insn->jump_dest; 206 - struct symbol *dest_func; 207 173 208 174 if (!dest) 209 175 /* sibling call to another file */ 210 176 return 0; 211 177 212 - if (dest->sec != func->sec || 213 - dest->offset < func->offset || 214 - dest->offset >= func->offset + func->len) { 215 - /* local sibling call */ 216 - dest_func = find_symbol_by_offset(dest->sec, 217 - dest->offset); 218 - if (!dest_func) 219 - continue; 178 + if (dest->func && dest->func->pfunc != insn->func->pfunc) { 220 179 180 + /* local sibling call */ 221 181 if (recursion == 5) { 222 - WARN_FUNC("infinite recursion (objtool bug!)", 223 - dest->sec, dest->offset); 224 - return -1; 182 + /* 183 + * Infinite recursion: two functions 184 + * have sibling calls to each other. 185 + * This is a very rare case. It means 186 + * they aren't dead ends. 187 + */ 188 + return 0; 225 189 } 226 190 227 - return __dead_end_function(file, dest_func, 191 + return __dead_end_function(file, dest->func, 228 192 recursion + 1); 229 193 } 230 194 } ··· 444 422 if (!ignore_func(file, func)) 445 423 continue; 446 424 447 - func_for_each_insn(file, func, insn) 425 + func_for_each_insn_all(file, func, insn) 448 426 insn->ignore = true; 449 427 } 450 428 } ··· 804 782 return ret; 805 783 } 806 784 807 - static int add_switch_table(struct objtool_file *file, struct symbol *func, 808 - struct instruction *insn, struct rela *table, 809 - struct rela *next_table) 785 + static int add_switch_table(struct objtool_file *file, struct instruction *insn, 786 + struct rela *table, struct rela *next_table) 810 787 { 811 788 struct rela *rela = table; 812 789 struct instruction *alt_insn; 813 790 struct alternative *alt; 791 + struct symbol *pfunc = insn->func->pfunc; 792 + unsigned int prev_offset = 0; 814 793 815 794 list_for_each_entry_from(rela, &file->rodata->rela->rela_list, list) { 816 795 if (rela == next_table) 817 796 break; 818 797 819 - if (rela->sym->sec != insn->sec || 820 - rela->addend <= func->offset || 821 - rela->addend >= func->offset + func->len) 798 + /* Make sure the switch table entries are consecutive: */ 799 + if (prev_offset && rela->offset != prev_offset + 8) 822 800 break; 823 801 824 - alt_insn = find_insn(file, insn->sec, rela->addend); 825 - if (!alt_insn) { 826 - WARN("%s: can't find instruction at %s+0x%x", 827 - file->rodata->rela->name, insn->sec->name, 828 - rela->addend); 829 - return -1; 830 - } 802 + /* Detect function pointers from contiguous objects: */ 803 + if (rela->sym->sec == pfunc->sec && 804 + rela->addend == pfunc->offset) 805 + break; 806 + 807 + alt_insn = find_insn(file, rela->sym->sec, rela->addend); 808 + if (!alt_insn) 809 + break; 810 + 811 + /* Make sure the jmp dest is in the function or subfunction: */ 812 + if (alt_insn->func->pfunc != pfunc) 813 + break; 831 814 832 815 alt = malloc(sizeof(*alt)); 833 816 if (!alt) { ··· 842 815 843 816 alt->insn = alt_insn; 844 817 list_add_tail(&alt->list, &insn->alts); 818 + prev_offset = rela->offset; 819 + } 820 + 821 + if (!prev_offset) { 822 + WARN_FUNC("can't find switch jump table", 823 + insn->sec, insn->offset); 824 + return -1; 845 825 } 846 826 847 827 return 0; ··· 903 869 { 904 870 struct rela *text_rela, *rodata_rela; 905 871 struct instruction *orig_insn = insn; 872 + unsigned long table_offset; 906 873 907 - text_rela = find_rela_by_dest_range(insn->sec, insn->offset, insn->len); 908 - if (text_rela && text_rela->sym == file->rodata->sym) { 909 - /* case 1 */ 910 - rodata_rela = find_rela_by_dest(file->rodata, 911 - text_rela->addend); 912 - if (rodata_rela) 913 - return rodata_rela; 914 - 915 - /* case 2 */ 916 - rodata_rela = find_rela_by_dest(file->rodata, 917 - text_rela->addend + 4); 918 - if (!rodata_rela) 919 - return NULL; 920 - 921 - file->ignore_unreachables = true; 922 - return rodata_rela; 923 - } 924 - 925 - /* case 3 */ 926 874 /* 927 875 * Backward search using the @first_jump_src links, these help avoid 928 876 * much of the 'in between' code. Which avoids us getting confused by 929 877 * it. 930 878 */ 931 - for (insn = list_prev_entry(insn, list); 932 - 879 + for (; 933 880 &insn->list != &file->insn_list && 934 881 insn->sec == func->sec && 935 882 insn->offset >= func->offset; 936 883 937 884 insn = insn->first_jump_src ?: list_prev_entry(insn, list)) { 938 885 939 - if (insn->type == INSN_JUMP_DYNAMIC) 886 + if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 940 887 break; 941 888 942 889 /* allow small jumps within the range */ ··· 933 918 if (!text_rela || text_rela->sym != file->rodata->sym) 934 919 continue; 935 920 921 + table_offset = text_rela->addend; 922 + if (text_rela->type == R_X86_64_PC32) 923 + table_offset += 4; 924 + 936 925 /* 937 926 * Make sure the .rodata address isn't associated with a 938 927 * symbol. gcc jump tables are anonymous data. 939 928 */ 940 - if (find_symbol_containing(file->rodata, text_rela->addend)) 929 + if (find_symbol_containing(file->rodata, table_offset)) 941 930 continue; 942 931 943 - rodata_rela = find_rela_by_dest(file->rodata, text_rela->addend); 944 - if (!rodata_rela) 945 - continue; 932 + rodata_rela = find_rela_by_dest(file->rodata, table_offset); 933 + if (rodata_rela) { 934 + /* 935 + * Use of RIP-relative switch jumps is quite rare, and 936 + * indicates a rare GCC quirk/bug which can leave dead 937 + * code behind. 938 + */ 939 + if (text_rela->type == R_X86_64_PC32) 940 + file->ignore_unreachables = true; 946 941 947 - return rodata_rela; 942 + return rodata_rela; 943 + } 948 944 } 949 945 950 946 return NULL; ··· 969 943 struct rela *rela, *prev_rela = NULL; 970 944 int ret; 971 945 972 - func_for_each_insn(file, func, insn) { 946 + func_for_each_insn_all(file, func, insn) { 973 947 if (!last) 974 948 last = insn; 975 949 ··· 1000 974 * the beginning of another switch table in the same function. 1001 975 */ 1002 976 if (prev_jump) { 1003 - ret = add_switch_table(file, func, prev_jump, prev_rela, 1004 - rela); 977 + ret = add_switch_table(file, prev_jump, prev_rela, rela); 1005 978 if (ret) 1006 979 return ret; 1007 980 } ··· 1010 985 } 1011 986 1012 987 if (prev_jump) { 1013 - ret = add_switch_table(file, func, prev_jump, prev_rela, NULL); 988 + ret = add_switch_table(file, prev_jump, prev_rela, NULL); 1014 989 if (ret) 1015 990 return ret; 1016 991 } ··· 1774 1749 while (1) { 1775 1750 next_insn = next_insn_same_sec(file, insn); 1776 1751 1777 - 1778 - if (file->c_file && func && insn->func && func != insn->func) { 1752 + if (file->c_file && func && insn->func && func != insn->func->pfunc) { 1779 1753 WARN("%s() falls through to next function %s()", 1780 1754 func->name, insn->func->name); 1781 1755 return 1; 1782 1756 } 1783 1757 1784 - if (insn->func) 1785 - func = insn->func; 1758 + func = insn->func ? insn->func->pfunc : NULL; 1786 1759 1787 1760 if (func && insn->ignore) { 1788 1761 WARN_FUNC("BUG: why am I validating an ignored function?", ··· 1801 1778 1802 1779 i = insn; 1803 1780 save_insn = NULL; 1804 - func_for_each_insn_continue_reverse(file, func, i) { 1781 + func_for_each_insn_continue_reverse(file, insn->func, i) { 1805 1782 if (i->save) { 1806 1783 save_insn = i; 1807 1784 break; ··· 1888 1865 case INSN_JUMP_UNCONDITIONAL: 1889 1866 if (insn->jump_dest && 1890 1867 (!func || !insn->jump_dest->func || 1891 - func == insn->jump_dest->func)) { 1868 + insn->jump_dest->func->pfunc == func)) { 1892 1869 ret = validate_branch(file, insn->jump_dest, 1893 1870 state); 1894 1871 if (ret) ··· 2083 2060 2084 2061 for_each_sec(file, sec) { 2085 2062 list_for_each_entry(func, &sec->symbol_list, list) { 2086 - if (func->type != STT_FUNC) 2063 + if (func->type != STT_FUNC || func->pfunc != func) 2087 2064 continue; 2088 2065 2089 2066 insn = find_insn(file, sec, func->offset);

+40 -2

tools/objtool/elf.c

··· 79 79 return NULL; 80 80 } 81 81 82 + struct symbol *find_symbol_by_name(struct elf *elf, const char *name) 83 + { 84 + struct section *sec; 85 + struct symbol *sym; 86 + 87 + list_for_each_entry(sec, &elf->sections, list) 88 + list_for_each_entry(sym, &sec->symbol_list, list) 89 + if (!strcmp(sym->name, name)) 90 + return sym; 91 + 92 + return NULL; 93 + } 94 + 82 95 struct symbol *find_symbol_containing(struct section *sec, unsigned long offset) 83 96 { 84 97 struct symbol *sym; ··· 216 203 217 204 static int read_symbols(struct elf *elf) 218 205 { 219 - struct section *symtab; 220 - struct symbol *sym; 206 + struct section *symtab, *sec; 207 + struct symbol *sym, *pfunc; 221 208 struct list_head *entry, *tmp; 222 209 int symbols_nr, i; 210 + char *coldstr; 223 211 224 212 symtab = find_section_by_name(elf, ".symtab"); 225 213 if (!symtab) { ··· 293 279 } 294 280 list_add(&sym->list, entry); 295 281 hash_add(sym->sec->symbol_hash, &sym->hash, sym->idx); 282 + } 283 + 284 + /* Create parent/child links for any cold subfunctions */ 285 + list_for_each_entry(sec, &elf->sections, list) { 286 + list_for_each_entry(sym, &sec->symbol_list, list) { 287 + if (sym->type != STT_FUNC) 288 + continue; 289 + sym->pfunc = sym->cfunc = sym; 290 + coldstr = strstr(sym->name, ".cold."); 291 + if (coldstr) { 292 + coldstr[0] = '\0'; 293 + pfunc = find_symbol_by_name(elf, sym->name); 294 + coldstr[0] = '.'; 295 + 296 + if (!pfunc) { 297 + WARN("%s(): can't find parent function", 298 + sym->name); 299 + goto err; 300 + } 301 + 302 + sym->pfunc = pfunc; 303 + pfunc->cfunc = sym; 304 + } 305 + } 296 306 } 297 307 298 308 return 0;

+2

tools/objtool/elf.h

··· 61 61 unsigned char bind, type; 62 62 unsigned long offset; 63 63 unsigned int len; 64 + struct symbol *pfunc, *cfunc; 64 65 }; 65 66 66 67 struct rela { ··· 87 86 struct elf *elf_open(const char *name, int flags); 88 87 struct section *find_section_by_name(struct elf *elf, const char *name); 89 88 struct symbol *find_symbol_by_offset(struct section *sec, unsigned long offset); 89 + struct symbol *find_symbol_by_name(struct elf *elf, const char *name); 90 90 struct symbol *find_symbol_containing(struct section *sec, unsigned long offset); 91 91 struct rela *find_rela_by_dest(struct section *sec, unsigned long offset); 92 92 struct rela *find_rela_by_dest_range(struct section *sec, unsigned long offset,

Configure Feed

Configure Feed