1. 23 Jun, 2016 1 commit
  2. 25 May, 2016 1 commit
  3. 25 Apr, 2016 1 commit
  4. 29 Feb, 2016 1 commit
    • Josh Poimboeuf's avatar
      objtool: Add tool to perform compile-time stack metadata validation · 442f04c3
      Josh Poimboeuf authored
      This adds a host tool named objtool which has a "check" subcommand which
      analyzes .o files to ensure the validity of stack metadata.  It enforces
      a set of rules on asm code and C inline assembly code so that stack
      traces can be reliable.
      
      For each function, it recursively follows all possible code paths and
      validates the correct frame pointer state at each instruction.
      
      It also follows code paths involving kernel special sections, like
      .altinstructions, __jump_table, and __ex_table, which can add
      alternative execution paths to a given instruction (or set of
      instructions).  Similarly, it knows how to follow switch statements, for
      which gcc sometimes uses jump tables.
      
      Here are some of the benefits of validating stack metadata:
      
      a) More reliable stack traces for frame pointer enabled kernels
      
         Frame pointers are used for debugging purposes.  They allow runtime
         code and debug tools to be able to walk the stack to determine the
         chain of function call sites that led to the currently executing
         code.
      
         For some architectures, frame pointers are enabled by
         CONFIG_FRAME_POINTER.  For some other architectures they may be
         required by the ABI (sometimes referred to as "backchain pointers").
      
         For C code, gcc automatically generates instructions for setting up
         frame pointers when the -fno-omit-frame-pointer option is used.
      
         But for asm code, the frame setup instructions have to be written by
         hand, which most people don't do.  So the end result is that
         CONFIG_FRAME_POINTER is honored for C code but not for most asm code.
      
         For stack traces based on frame pointers to be reliable, all
         functions which call other functions must first create a stack frame
         and update the frame pointer.  If a first function doesn't properly
         create a stack frame before calling a second function, the *caller*
         of the first function will be skipped on the stack trace.
      
         For example, consider the following example backtrace with frame
         pointers enabled:
      
           [<ffffffff81812584>] dump_stack+0x4b/0x63
           [<ffffffff812d6dc2>] cmdline_proc_show+0x12/0x30
           [<ffffffff8127f568>] seq_read+0x108/0x3e0
           [<ffffffff812cce62>] proc_reg_read+0x42/0x70
           [<ffffffff81256197>] __vfs_read+0x37/0x100
           [<ffffffff81256b16>] vfs_read+0x86/0x130
           [<ffffffff81257898>] SyS_read+0x58/0xd0
           [<ffffffff8181c1f2>] entry_SYSCALL_64_fastpath+0x12/0x76
      
         It correctly shows that the caller of cmdline_proc_show() is
         seq_read().
      
         If we remove the frame pointer logic from cmdline_proc_show() by
         replacing the frame pointer related instructions with nops, here's
         what it looks like instead:
      
           [<ffffffff81812584>] dump_stack+0x4b/0x63
           [<ffffffff812d6dc2>] cmdline_proc_show+0x12/0x30
           [<ffffffff812cce62>] proc_reg_read+0x42/0x70
           [<ffffffff81256197>] __vfs_read+0x37/0x100
           [<ffffffff81256b16>] vfs_read+0x86/0x130
           [<ffffffff81257898>] SyS_read+0x58/0xd0
           [<ffffffff8181c1f2>] entry_SYSCALL_64_fastpath+0x12/0x76
      
         Notice that cmdline_proc_show()'s caller, seq_read(), has been
         skipped.  Instead the stack trace seems to show that
         cmdline_proc_show() was called by proc_reg_read().
      
         The benefit of "objtool check" here is that because it ensures that
         *all* functions honor CONFIG_FRAME_POINTER, no functions will ever[*]
         be skipped on a stack trace.
      
         [*] unless an interrupt or exception has occurred at the very
             beginning of a function before the stack frame has been created,
             or at the very end of the function after the stack frame has been
             destroyed.  This is an inherent limitation of frame pointers.
      
      b) 100% reliable stack traces for DWARF enabled kernels
      
         This is not yet implemented.  For more details about what is planned,
         see tools/objtool/Documentation/stack-validation.txt.
      
      c) Higher live patching compatibility rate
      
         This is not yet implemented.  For more details about what is planned,
         see tools/objtool/Documentation/stack-validation.txt.
      
      To achieve the validation, "objtool check" enforces the following rules:
      
      1. Each callable function must be annotated as such with the ELF
         function type.  In asm code, this is typically done using the
         ENTRY/ENDPROC macros.  If objtool finds a return instruction
         outside of a function, it flags an error since that usually indicates
         callable code which should be annotated accordingly.
      
         This rule is needed so that objtool can properly identify each
         callable function in order to analyze its stack metadata.
      
      2. Conversely, each section of code which is *not* callable should *not*
         be annotated as an ELF function.  The ENDPROC macro shouldn't be used
         in this case.
      
         This rule is needed so that objtool can ignore non-callable code.
         Such code doesn't have to follow any of the other rules.
      
      3. Each callable function which calls another function must have the
         correct frame pointer logic, if required by CONFIG_FRAME_POINTER or
         the architecture's back chain rules.  This can by done in asm code
         with the FRAME_BEGIN/FRAME_END macros.
      
         This rule ensures that frame pointer based stack traces will work as
         designed.  If function A doesn't create a stack frame before calling
         function B, the _caller_ of function A will be skipped on the stack
         trace.
      
      4. Dynamic jumps and jumps to undefined symbols are only allowed if:
      
         a) the jump is part of a switch statement; or
      
         b) the jump matches sibling call semantics and the frame pointer has
            the same value it had on function entry.
      
         This rule is needed so that objtool can reliably analyze all of a
         function's code paths.  If a function jumps to code in another file,
         and it's not a sibling call, objtool has no way to follow the jump
         because it only analyzes a single file at a time.
      
      5. A callable function may not execute kernel entry/exit instructions.
         The only code which needs such instructions is kernel entry code,
         which shouldn't be be in callable functions anyway.
      
         This rule is just a sanity check to ensure that callable functions
         return normally.
      
      It currently only supports x86_64.  I tried to make the code generic so
      that support for other architectures can hopefully be plugged in
      relatively easily.
      
      On my Lenovo laptop with a i7-4810MQ 4-core/8-thread CPU, building the
      kernel with objtool checking every .o file adds about three seconds of
      total build time.  It hasn't been optimized for performance yet, so
      there are probably some opportunities for better build performance.
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Chris J Arges <chris.j.arges@canonical.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Namhyung Kim <namhyung@gmail.com>
      Cc: Pedro Alves <palves@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: live-patching@vger.kernel.org
      Link: http://lkml.kernel.org/r/f3efb173de43bd067b060de73f856567c0fa1174.1456719558.git.jpoimboe@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      442f04c3
  5. 09 Feb, 2016 1 commit
    • Linus Walleij's avatar
      tools/gpio: create GPIO tools · 6d591c46
      Linus Walleij authored
      This creates GPIO tools under tools/gpio/* and adds a single
      example program to list the GPIOs on a system. When proper
      devices are created it provides this minimal output:
      
      Cc: Johan Hovold <johan@kernel.org>
      Cc: Michael Welling <mwelling@ieee.org>
      Cc: Markus Pargmann <mpa@pengutronix.de>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      6d591c46
  6. 12 Jan, 2016 1 commit
  7. 11 Jan, 2016 1 commit
  8. 23 Nov, 2015 1 commit
  9. 18 Nov, 2015 1 commit
  10. 12 Nov, 2015 2 commits
  11. 08 Jun, 2015 1 commit
  12. 29 Apr, 2015 2 commits
  13. 09 Apr, 2015 1 commit
  14. 08 May, 2014 1 commit
  15. 15 Feb, 2014 1 commit
  16. 15 Jan, 2014 1 commit
  17. 16 Dec, 2013 1 commit
    • Borislav Petkov's avatar
      tools/: Convert to new topic libraries · 553873e1
      Borislav Petkov authored
      Move debugfs.* to api/fs/. We have a common tools/lib/api/ place where
      the Makefile lives and then we place the headers in subdirs.
      
      For example, all the fs-related stuff goes to tools/lib/api/fs/ from
      which we get libapikfs.a (acme got almost the naming he wanted :-)) and
      we link it into the tools which need it - in this case perf and
      tools/vm/page-types.
      
      acme:
      
      "Looking at the implementation, I think some tools can even link
      directly to the .o files, avoiding the .a file altogether.
      
      But that is just an optimization/finer granularity tools/lib/
      cherrypicking that toolers can make use of."
      
      Fixup documentation cleaning target while at it.
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Acked-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Arjan van de Ven <arjan@linux.intel.com>
      Cc: David Ahern <dsahern@gmail.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Mike Galbraith <efault@gmx.de>
      Cc: Namhyung Kim <namhyung@gmail.com>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Robert Richter <rric@kernel.org>
      Cc: Stanislav Fomichev <stfomichev@yandex-team.ru>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Link: http://lkml.kernel.org/r/1386605664-24041-2-git-send-email-bp@alien8.deSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      553873e1
  18. 06 Nov, 2013 1 commit
    • Jacob Pan's avatar
      tools/thermal: Introduce tmon, a tool for thermal subsystem · 94f69966
      Jacob Pan authored
      Increasingly, Linux is running on thermally constrained devices. The simple
      thermal relationship between processor and fan has become past for modern
      computers.
      
      As hardware vendors cope with the thermal constraints on their products,
      more sensors are added, new cooling capabilities are introduced. The
      complexity of the thermal relationship can grow exponentially among cooling
      devices, zones, sensors, and trip points. They can also change dynamically.
      
      To expose such relationship to the userspace, Linux generic thermal layer
      introduced sysfs entry at /sys/class/thermal with a matrix of symbolic
      links, trip point bindings, and device instances. To traverse such
      matrix by hand is not a trivial task. Testing is also difficult in that
      thermal conditions are often exception cases that hard to reach in
      normal operations.
      
      TMON is conceived as a tool to help visualize, tune, and test the
      complex thermal subsystem.
      Signed-off-by: default avatarJacob Pan <jacob.jun.pan@linux.intel.com>
      Signed-off-by: default avatarZhang Rui <rui.zhang@intel.com>
      94f69966
  19. 21 Mar, 2013 1 commit
    • Daniel Borkmann's avatar
      filter: add minimal BPF JIT image disassembler · e306e2c1
      Daniel Borkmann authored
      This is a minimal stand-alone user space helper, that allows for debugging or
      verification of emitted BPF JIT images. This is in particular useful for
      emitted opcode debugging, since minor bugs in the JIT compiler can be fatal.
      The disassembler is architecture generic and uses libopcodes and libbfd.
      
      How to get to the disassembly, example:
      
        1) `echo 2 > /proc/sys/net/core/bpf_jit_enable`
        2) Load a BPF filter (e.g. `tcpdump -p -n -s 0 -i eth1 host 192.168.20.0/24`)
        3) Run e.g. `bpf_jit_disasm -o` to disassemble the most recent JIT code output
      
      `bpf_jit_disasm -o` will display the related opcodes to a particular instruction
      as well. Example for x86_64:
      
      $ ./bpf_jit_disasm
      94 bytes emitted from JIT compiler (pass:3, flen:9)
      ffffffffa0356000 + <x>:
         0:	push   %rbp
         1:	mov    %rsp,%rbp
         4:	sub    $0x60,%rsp
         8:	mov    %rbx,-0x8(%rbp)
         c:	mov    0x68(%rdi),%r9d
        10:	sub    0x6c(%rdi),%r9d
        14:	mov    0xe0(%rdi),%r8
        1b:	mov    $0xc,%esi
        20:	callq  0xffffffffe0d01b71
        25:	cmp    $0x86dd,%eax
        2a:	jne    0x000000000000003d
        2c:	mov    $0x14,%esi
        31:	callq  0xffffffffe0d01b8d
        36:	cmp    $0x6,%eax
      [...]
        5c:	leaveq
        5d:	retq
      
      $ ./bpf_jit_disasm -o
      94 bytes emitted from JIT compiler (pass:3, flen:9)
      ffffffffa0356000 + <x>:
         0:	push   %rbp
      	55
         1:	mov    %rsp,%rbp
      	48 89 e5
         4:	sub    $0x60,%rsp
      	48 83 ec 60
         8:	mov    %rbx,-0x8(%rbp)
      	48 89 5d f8
         c:	mov    0x68(%rdi),%r9d
      	44 8b 4f 68
        10:	sub    0x6c(%rdi),%r9d
      	44 2b 4f 6c
      [...]
        5c:	leaveq
      	c9
        5d:	retq
      	c3
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e306e2c1
  20. 15 Mar, 2013 1 commit
  21. 30 Jan, 2013 1 commit
  22. 07 Jan, 2013 1 commit
  23. 19 Nov, 2012 1 commit
  24. 14 Nov, 2012 1 commit
  25. 11 Apr, 2012 3 commits