Commit ba08abca authored by Peter Zijlstra's avatar Peter Zijlstra

objtool,x86: Fix uaccess PUSHF/POPF validation

Commit ab234a26 ("x86/pv: Rework arch_local_irq_restore() to not
use popf") replaced "push %reg; popf" with something like: "test
$0x200, %reg; jz 1f; sti; 1:", which breaks the pushf/popf symmetry
that commit ea24213d ("objtool: Add UACCESS validation") relies
on.

The result is:

  drivers/gpu/drm/amd/amdgpu/si.o: warning: objtool: si_common_hw_init()+0xf36: PUSHF stack exhausted

Meanwhile, commit c9c324dc ("objtool: Support stack layout changes
in alternatives") makes that we can actually use stack-ops in
alternatives, which means we can revert 1ff865e3 ("x86,smap: Fix
smap_{save,restore}() alternatives").

That in turn means we can limit the PUSHF/POPF handling of
ea24213d to those instructions that are in alternatives.

Fixes: ab234a26 ("x86/pv: Rework arch_local_irq_restore() to not use popf")
Reported-by: default avatarBorislav Petkov <bp@alien8.de>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/YEY4rIbQYa5fnnEp@hirez.programming.kicks-ass.net
parent a38fd874
...@@ -58,9 +58,8 @@ static __always_inline unsigned long smap_save(void) ...@@ -58,9 +58,8 @@ static __always_inline unsigned long smap_save(void)
unsigned long flags; unsigned long flags;
asm volatile ("# smap_save\n\t" asm volatile ("# smap_save\n\t"
ALTERNATIVE("jmp 1f", "", X86_FEATURE_SMAP) ALTERNATIVE("", "pushf; pop %0; " __ASM_CLAC "\n\t",
"pushf; pop %0; " __ASM_CLAC "\n\t" X86_FEATURE_SMAP)
"1:"
: "=rm" (flags) : : "memory", "cc"); : "=rm" (flags) : : "memory", "cc");
return flags; return flags;
...@@ -69,9 +68,8 @@ static __always_inline unsigned long smap_save(void) ...@@ -69,9 +68,8 @@ static __always_inline unsigned long smap_save(void)
static __always_inline void smap_restore(unsigned long flags) static __always_inline void smap_restore(unsigned long flags)
{ {
asm volatile ("# smap_restore\n\t" asm volatile ("# smap_restore\n\t"
ALTERNATIVE("jmp 1f", "", X86_FEATURE_SMAP) ALTERNATIVE("", "push %0; popf\n\t",
"push %0; popf\n\t" X86_FEATURE_SMAP)
"1:"
: : "g" (flags) : "memory", "cc"); : : "g" (flags) : "memory", "cc");
} }
......
...@@ -2442,6 +2442,9 @@ static int handle_insn_ops(struct instruction *insn, struct insn_state *state) ...@@ -2442,6 +2442,9 @@ static int handle_insn_ops(struct instruction *insn, struct insn_state *state)
if (update_cfi_state(insn, &state->cfi, op)) if (update_cfi_state(insn, &state->cfi, op))
return 1; return 1;
if (!insn->alt_group)
continue;
if (op->dest.type == OP_DEST_PUSHF) { if (op->dest.type == OP_DEST_PUSHF) {
if (!state->uaccess_stack) { if (!state->uaccess_stack) {
state->uaccess_stack = 1; state->uaccess_stack = 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment