On Mon, Mar 18, 2019 at 04:38:40PM +0100, Peter Zijlstra wrote: > Teach objtool to validate the UACCESS (SMAP, PAN) rules which are currently > unenforced and (therefore obviously) violated. > > UACCESS sections should be small; we want to limit the amount of code that can > touch userspace. Furthermore, UACCESS state isn't scheduled, this means that > anything that directly calls into the scheduler will result in random code > running with UACCESS enabled and possibly getting back into the UACCESS region > with UACCESS disabled and causing faults. > > Forbid any CALL/RET while UACCESS is enabled; but provide a few exceptions. > > This builds x86_64-allmodconfig and lots of x86_64-randconfig clean. > > Changes since -v3: > > - removed a bunch of functions from the UACCESS-safe list > due to the removal of CONFIG_KASAN_EXTRA=y. > > - hopefully addressed all the feedback from Josh > > - realized objtool doesn't cover x86_32 > > - some added additional annotations/fixes: kcov, signal > > - retains the DF check for now, Linus, do you (still) think it is worth doing > that DF check?
I'm still not crazy about the DF thing, but otherwise everything looks great. For the objtool bits: Acked-by: Josh Poimboeuf <jpoim...@redhat.com> -- Josh
