[Bug runtime/30716] New: On x86_64 get objtool warnings: call to __get_user_nocheck_1() with UACCESS enabled

[Bug runtime/30716] New: On x86_64 get objtool warnings: call to __get_user_nocheck_1() with UACCESS enabled

[wcohen at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30716

            Bug ID: 30716
           Summary: On x86_64 get objtool warnings:  call to
                    __get_user_nocheck_1() with UACCESS enabled
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: runtime
          Assignee: systemtap at sourceware dot org
          Reporter: wcohen at redhat dot com
  Target Milestone: ---

With linux 6.x kernels the current git checkout of systemtap gets warnings like
the following on x86_64 machines:

../install/bin/stap --example -p4 stap_time.stp
/tmp/stapaDfnF3/stap_d27d31c04f7b6439f67d919b5ec15337_6499.o: warning: objtool:
probe_54014+0xd4f: call to __get_user_nocheck_1() with UACCESS enabled
/home/wcohen/.systemtap/cache/d2/stap_d27d31c04f7b6439f67d919b5ec15337_6499.ko

This is introduced by systemtap git commit a9337abbb213e8.  If that particular
commit is removed the warning goes away.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/30716] On x86_64 get objtool warnings: call to __get_user_nocheck_1() with UACCESS enabled

[wcohen at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30716

William Cohen <wcohen at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from William Cohen <wcohen at redhat dot com> ---
objtool is reporting a call to a function with STAC (user-space access
set) and the target of the call is not on the whitelist.  Below is a
link to the current linux 6.4.7 white list:

https://elixir.bootlin.com/linux/v6.4.7/source/tools/objtool/check.c#L1120

The __get_user_nocheck_* function used by the x86_64 are not on that
list.  However, the implementations of the functions in
arch/x86/lib/getuser.S do have surrounding ASM_STAC/ASM_CLAC instructions:

https://elixir.bootlin.com/linux/v6.4.7/source/arch/x86/lib/getuser.S#L100

If these funcions were inlined, objtools would claim "recursive UACESS
enabled" and "redundant UACCESS disable":

https://elixir.bootlin.com/linux/v6.4.7/source/tools/objtool/check.c#L3737

The course of action is to have the systemtap code do the calls to
these architecture specific functions without the additional STAC/CLAC
from user_access_begin/user_access_end.  One concern is how the user
space accesses are implemented on other architectures and making sure
that the fix works across all architectures.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/30716] On x86_64 get objtool warnings: call to __get_user_nocheck_1() with UACCESS enabled

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30716

Frank Ch. Eigler <fche at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED
                 CC|                            |fche at redhat dot com

--- Comment #2 from Frank Ch. Eigler <fche at redhat dot com> ---
commit 38b711be77e09cbce1aec0857af311dae7be7aad
Author: Frank Ch. Eigler <fche@redhat.com>
Date:   Wed Aug 23 08:51:08 2023 -0400

    PR30716: work around objtool stac/clac warning

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug runtime/30716] On x86_64 get objtool warnings: call to __get_user_nocheck_1() with UACCESS enabled

[wcohen at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=30716

William Cohen <wcohen at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |---
             Status|RESOLVED                    |REOPENED

--- Comment #3 from William Cohen <wcohen at redhat dot com> ---
The x86_64 RHEL9 5.14.0 is a bit different than the newer 6.x kernels in
Fedora.  The CONFIG_HAVE_UACCESS_VALIDATION was added by kernel git commit
5f3da8c08508df828235 around april 2022 and doesn't exist in the older 5.14
RHEL9 kernel.  Thus, the current systemtap patch for this PR doesn't turn off
the objtool --uaccess analysis/warning in RHEL9.  I looked for alternative. 
The CONFIG_OBJTOOL was added to the kernel about the same time as the
CONFIG_HAVE_UACESS_VALIDATION, april 2022. For the 5.14 kernels the use of
--uaccess option for objtool is control by  CONFIG_X86_SMAP,
https://elixir.bootlin.com/linux/v5.14/source/arch/x86/Kconfig#L1806.  However,
it is likely that turning this off is going to cause problems for the Intel
processors that have actually have that feature enabled like the Intel IBT
support.

https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/servers/platforms/intel-pentium-silver-and-intel-celeron-processors-datasheet-volume-1-of-2/005/intel-supervisor-mode-access-protection-smap/

-- 
You are receiving this mail because:
You are the assignee for the bug.