1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 #include <inttypes.h> 9 #include <sys/mman.h> 10 11 #include <objtool/builtin.h> 12 #include <objtool/cfi.h> 13 #include <objtool/arch.h> 14 #include <objtool/check.h> 15 #include <objtool/special.h> 16 #include <objtool/warn.h> 17 #include <objtool/endianness.h> 18 19 #include <linux/objtool_types.h> 20 #include <linux/hashtable.h> 21 #include <linux/kernel.h> 22 #include <linux/static_call_types.h> 23 #include <linux/string.h> 24 25 struct alternative { 26 struct alternative *next; 27 struct instruction *insn; 28 bool skip_orig; 29 }; 30 31 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 32 33 static struct cfi_init_state initial_func_cfi; 34 static struct cfi_state init_cfi; 35 static struct cfi_state func_cfi; 36 static struct cfi_state force_undefined_cfi; 37 38 struct instruction *find_insn(struct objtool_file *file, 39 struct section *sec, unsigned long offset) 40 { 41 struct instruction *insn; 42 43 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 44 if (insn->sec == sec && insn->offset == offset) 45 return insn; 46 } 47 48 return NULL; 49 } 50 51 struct instruction *next_insn_same_sec(struct objtool_file *file, 52 struct instruction *insn) 53 { 54 if (insn->idx == INSN_CHUNK_MAX) 55 return find_insn(file, insn->sec, insn->offset + insn->len); 56 57 insn++; 58 if (!insn->len) 59 return NULL; 60 61 return insn; 62 } 63 64 static struct instruction *next_insn_same_func(struct objtool_file *file, 65 struct instruction *insn) 66 { 67 struct instruction *next = next_insn_same_sec(file, insn); 68 struct symbol *func = insn_func(insn); 69 70 if (!func) 71 return NULL; 72 73 if (next && insn_func(next) == func) 74 return next; 75 76 /* Check if we're already in the subfunction: */ 77 if (func == func->cfunc) 78 return NULL; 79 80 /* Move to the subfunction: */ 81 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 82 } 83 84 static struct instruction *prev_insn_same_sec(struct objtool_file *file, 85 struct instruction *insn) 86 { 87 if (insn->idx == 0) { 88 if (insn->prev_len) 89 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 90 return NULL; 91 } 92 93 return insn - 1; 94 } 95 96 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 97 struct instruction *insn) 98 { 99 struct instruction *prev = prev_insn_same_sec(file, insn); 100 101 if (prev && insn_func(prev) == insn_func(insn)) 102 return prev; 103 104 return NULL; 105 } 106 107 #define for_each_insn(file, insn) \ 108 for (struct section *__sec, *__fake = (struct section *)1; \ 109 __fake; __fake = NULL) \ 110 for_each_sec(file, __sec) \ 111 sec_for_each_insn(file, __sec, insn) 112 113 #define func_for_each_insn(file, func, insn) \ 114 for (insn = find_insn(file, func->sec, func->offset); \ 115 insn; \ 116 insn = next_insn_same_func(file, insn)) 117 118 #define sym_for_each_insn(file, sym, insn) \ 119 for (insn = find_insn(file, sym->sec, sym->offset); \ 120 insn && insn->offset < sym->offset + sym->len; \ 121 insn = next_insn_same_sec(file, insn)) 122 123 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 124 for (insn = prev_insn_same_sec(file, insn); \ 125 insn && insn->offset >= sym->offset; \ 126 insn = prev_insn_same_sec(file, insn)) 127 128 #define sec_for_each_insn_from(file, insn) \ 129 for (; insn; insn = next_insn_same_sec(file, insn)) 130 131 #define sec_for_each_insn_continue(file, insn) \ 132 for (insn = next_insn_same_sec(file, insn); insn; \ 133 insn = next_insn_same_sec(file, insn)) 134 135 static inline struct symbol *insn_call_dest(struct instruction *insn) 136 { 137 if (insn->type == INSN_JUMP_DYNAMIC || 138 insn->type == INSN_CALL_DYNAMIC) 139 return NULL; 140 141 return insn->_call_dest; 142 } 143 144 static inline struct reloc *insn_jump_table(struct instruction *insn) 145 { 146 if (insn->type == INSN_JUMP_DYNAMIC || 147 insn->type == INSN_CALL_DYNAMIC) 148 return insn->_jump_table; 149 150 return NULL; 151 } 152 153 static inline unsigned long insn_jump_table_size(struct instruction *insn) 154 { 155 if (insn->type == INSN_JUMP_DYNAMIC || 156 insn->type == INSN_CALL_DYNAMIC) 157 return insn->_jump_table_size; 158 159 return 0; 160 } 161 162 static bool is_jump_table_jump(struct instruction *insn) 163 { 164 struct alt_group *alt_group = insn->alt_group; 165 166 if (insn_jump_table(insn)) 167 return true; 168 169 /* Retpoline alternative for a jump table? */ 170 return alt_group && alt_group->orig_group && 171 insn_jump_table(alt_group->orig_group->first_insn); 172 } 173 174 static bool is_sibling_call(struct instruction *insn) 175 { 176 /* 177 * Assume only STT_FUNC calls have jump-tables. 178 */ 179 if (insn_func(insn)) { 180 /* An indirect jump is either a sibling call or a jump to a table. */ 181 if (insn->type == INSN_JUMP_DYNAMIC) 182 return !is_jump_table_jump(insn); 183 } 184 185 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 186 return (is_static_jump(insn) && insn_call_dest(insn)); 187 } 188 189 /* 190 * Checks if a string ends with another. 191 */ 192 static bool str_ends_with(const char *s, const char *sub) 193 { 194 const int slen = strlen(s); 195 const int sublen = strlen(sub); 196 197 if (sublen > slen) 198 return 0; 199 200 return !memcmp(s + slen - sublen, sub, sublen); 201 } 202 203 /* 204 * Checks if a function is a Rust "noreturn" one. 205 */ 206 static bool is_rust_noreturn(const struct symbol *func) 207 { 208 /* 209 * If it does not start with "_R", then it is not a Rust symbol. 210 */ 211 if (strncmp(func->name, "_R", 2)) 212 return false; 213 214 /* 215 * These are just heuristics -- we do not control the precise symbol 216 * name, due to the crate disambiguators (which depend on the compiler) 217 * as well as changes to the source code itself between versions (since 218 * these come from the Rust standard library). 219 */ 220 return str_ends_with(func->name, "_4core5sliceSp15copy_from_slice17len_mismatch_fail") || 221 str_ends_with(func->name, "_4core6option13unwrap_failed") || 222 str_ends_with(func->name, "_4core6result13unwrap_failed") || 223 str_ends_with(func->name, "_4core9panicking5panic") || 224 str_ends_with(func->name, "_4core9panicking9panic_fmt") || 225 str_ends_with(func->name, "_4core9panicking14panic_explicit") || 226 str_ends_with(func->name, "_4core9panicking14panic_nounwind") || 227 str_ends_with(func->name, "_4core9panicking18panic_bounds_check") || 228 str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || 229 str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || 230 strstr(func->name, "_4core9panicking13assert_failed") || 231 strstr(func->name, "_4core9panicking11panic_const24panic_const_") || 232 (strstr(func->name, "_4core5slice5index24slice_") && 233 str_ends_with(func->name, "_fail")); 234 } 235 236 /* 237 * This checks to see if the given function is a "noreturn" function. 238 * 239 * For global functions which are outside the scope of this object file, we 240 * have to keep a manual list of them. 241 * 242 * For local functions, we have to detect them manually by simply looking for 243 * the lack of a return instruction. 244 */ 245 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 246 int recursion) 247 { 248 int i; 249 struct instruction *insn; 250 bool empty = true; 251 252 #define NORETURN(func) __stringify(func), 253 static const char * const global_noreturns[] = { 254 #include "noreturns.h" 255 }; 256 #undef NORETURN 257 258 if (!func) 259 return false; 260 261 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) { 262 if (is_rust_noreturn(func)) 263 return true; 264 265 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 266 if (!strcmp(func->name, global_noreturns[i])) 267 return true; 268 } 269 270 if (func->bind == STB_WEAK) 271 return false; 272 273 if (!func->len) 274 return false; 275 276 insn = find_insn(file, func->sec, func->offset); 277 if (!insn || !insn_func(insn)) 278 return false; 279 280 func_for_each_insn(file, func, insn) { 281 empty = false; 282 283 if (insn->type == INSN_RETURN) 284 return false; 285 } 286 287 if (empty) 288 return false; 289 290 /* 291 * A function can have a sibling call instead of a return. In that 292 * case, the function's dead-end status depends on whether the target 293 * of the sibling call returns. 294 */ 295 func_for_each_insn(file, func, insn) { 296 if (is_sibling_call(insn)) { 297 struct instruction *dest = insn->jump_dest; 298 299 if (!dest) 300 /* sibling call to another file */ 301 return false; 302 303 /* local sibling call */ 304 if (recursion == 5) { 305 /* 306 * Infinite recursion: two functions have 307 * sibling calls to each other. This is a very 308 * rare case. It means they aren't dead ends. 309 */ 310 return false; 311 } 312 313 return __dead_end_function(file, insn_func(dest), recursion+1); 314 } 315 } 316 317 return true; 318 } 319 320 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 321 { 322 return __dead_end_function(file, func, 0); 323 } 324 325 static void init_cfi_state(struct cfi_state *cfi) 326 { 327 int i; 328 329 for (i = 0; i < CFI_NUM_REGS; i++) { 330 cfi->regs[i].base = CFI_UNDEFINED; 331 cfi->vals[i].base = CFI_UNDEFINED; 332 } 333 cfi->cfa.base = CFI_UNDEFINED; 334 cfi->drap_reg = CFI_UNDEFINED; 335 cfi->drap_offset = -1; 336 } 337 338 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 339 struct section *sec) 340 { 341 memset(state, 0, sizeof(*state)); 342 init_cfi_state(&state->cfi); 343 344 /* 345 * We need the full vmlinux for noinstr validation, otherwise we can 346 * not correctly determine insn_call_dest(insn)->sec (external symbols 347 * do not have a section). 348 */ 349 if (opts.link && opts.noinstr && sec) 350 state->noinstr = sec->noinstr; 351 } 352 353 static struct cfi_state *cfi_alloc(void) 354 { 355 struct cfi_state *cfi = calloc(1, sizeof(struct cfi_state)); 356 if (!cfi) { 357 WARN("calloc failed"); 358 exit(1); 359 } 360 nr_cfi++; 361 return cfi; 362 } 363 364 static int cfi_bits; 365 static struct hlist_head *cfi_hash; 366 367 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 368 { 369 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 370 (void *)cfi2 + sizeof(cfi2->hash), 371 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 372 } 373 374 static inline u32 cfi_key(struct cfi_state *cfi) 375 { 376 return jhash((void *)cfi + sizeof(cfi->hash), 377 sizeof(*cfi) - sizeof(cfi->hash), 0); 378 } 379 380 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 381 { 382 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 383 struct cfi_state *obj; 384 385 hlist_for_each_entry(obj, head, hash) { 386 if (!cficmp(cfi, obj)) { 387 nr_cfi_cache++; 388 return obj; 389 } 390 } 391 392 obj = cfi_alloc(); 393 *obj = *cfi; 394 hlist_add_head(&obj->hash, head); 395 396 return obj; 397 } 398 399 static void cfi_hash_add(struct cfi_state *cfi) 400 { 401 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 402 403 hlist_add_head(&cfi->hash, head); 404 } 405 406 static void *cfi_hash_alloc(unsigned long size) 407 { 408 cfi_bits = max(10, ilog2(size)); 409 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 410 PROT_READ|PROT_WRITE, 411 MAP_PRIVATE|MAP_ANON, -1, 0); 412 if (cfi_hash == (void *)-1L) { 413 WARN("mmap fail cfi_hash"); 414 cfi_hash = NULL; 415 } else if (opts.stats) { 416 printf("cfi_bits: %d\n", cfi_bits); 417 } 418 419 return cfi_hash; 420 } 421 422 static unsigned long nr_insns; 423 static unsigned long nr_insns_visited; 424 425 /* 426 * Call the arch-specific instruction decoder for all the instructions and add 427 * them to the global instruction list. 428 */ 429 static int decode_instructions(struct objtool_file *file) 430 { 431 struct section *sec; 432 struct symbol *func; 433 unsigned long offset; 434 struct instruction *insn; 435 int ret; 436 437 for_each_sec(file, sec) { 438 struct instruction *insns = NULL; 439 u8 prev_len = 0; 440 u8 idx = 0; 441 442 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 443 continue; 444 445 if (strcmp(sec->name, ".altinstr_replacement") && 446 strcmp(sec->name, ".altinstr_aux") && 447 strncmp(sec->name, ".discard.", 9)) 448 sec->text = true; 449 450 if (!strcmp(sec->name, ".noinstr.text") || 451 !strcmp(sec->name, ".entry.text") || 452 !strcmp(sec->name, ".cpuidle.text") || 453 !strncmp(sec->name, ".text..__x86.", 13)) 454 sec->noinstr = true; 455 456 /* 457 * .init.text code is ran before userspace and thus doesn't 458 * strictly need retpolines, except for modules which are 459 * loaded late, they very much do need retpoline in their 460 * .init.text 461 */ 462 if (!strcmp(sec->name, ".init.text") && !opts.module) 463 sec->init = true; 464 465 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 466 if (!insns || idx == INSN_CHUNK_MAX) { 467 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE); 468 if (!insns) { 469 WARN("malloc failed"); 470 return -1; 471 } 472 idx = 0; 473 } else { 474 idx++; 475 } 476 insn = &insns[idx]; 477 insn->idx = idx; 478 479 INIT_LIST_HEAD(&insn->call_node); 480 insn->sec = sec; 481 insn->offset = offset; 482 insn->prev_len = prev_len; 483 484 ret = arch_decode_instruction(file, sec, offset, 485 sec->sh.sh_size - offset, 486 insn); 487 if (ret) 488 return ret; 489 490 prev_len = insn->len; 491 492 /* 493 * By default, "ud2" is a dead end unless otherwise 494 * annotated, because GCC 7 inserts it for certain 495 * divide-by-zero cases. 496 */ 497 if (insn->type == INSN_BUG) 498 insn->dead_end = true; 499 500 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 501 nr_insns++; 502 } 503 504 // printf("%s: last chunk used: %d\n", sec->name, (int)idx); 505 506 sec_for_each_sym(sec, func) { 507 if (func->type != STT_NOTYPE && func->type != STT_FUNC) 508 continue; 509 510 if (func->offset == sec->sh.sh_size) { 511 /* Heuristic: likely an "end" symbol */ 512 if (func->type == STT_NOTYPE) 513 continue; 514 WARN("%s(): STT_FUNC at end of section", 515 func->name); 516 return -1; 517 } 518 519 if (func->embedded_insn || func->alias != func) 520 continue; 521 522 if (!find_insn(file, sec, func->offset)) { 523 WARN("%s(): can't find starting instruction", 524 func->name); 525 return -1; 526 } 527 528 sym_for_each_insn(file, func, insn) { 529 insn->sym = func; 530 if (func->type == STT_FUNC && 531 insn->type == INSN_ENDBR && 532 list_empty(&insn->call_node)) { 533 if (insn->offset == func->offset) { 534 list_add_tail(&insn->call_node, &file->endbr_list); 535 file->nr_endbr++; 536 } else { 537 file->nr_endbr_int++; 538 } 539 } 540 } 541 } 542 } 543 544 if (opts.stats) 545 printf("nr_insns: %lu\n", nr_insns); 546 547 return 0; 548 } 549 550 /* 551 * Read the pv_ops[] .data table to find the static initialized values. 552 */ 553 static int add_pv_ops(struct objtool_file *file, const char *symname) 554 { 555 struct symbol *sym, *func; 556 unsigned long off, end; 557 struct reloc *reloc; 558 int idx; 559 560 sym = find_symbol_by_name(file->elf, symname); 561 if (!sym) 562 return 0; 563 564 off = sym->offset; 565 end = off + sym->len; 566 for (;;) { 567 reloc = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 568 if (!reloc) 569 break; 570 571 func = reloc->sym; 572 if (func->type == STT_SECTION) 573 func = find_symbol_by_offset(reloc->sym->sec, 574 reloc_addend(reloc)); 575 576 idx = (reloc_offset(reloc) - sym->offset) / sizeof(unsigned long); 577 578 objtool_pv_add(file, idx, func); 579 580 off = reloc_offset(reloc) + 1; 581 if (off > end) 582 break; 583 } 584 585 return 0; 586 } 587 588 /* 589 * Allocate and initialize file->pv_ops[]. 590 */ 591 static int init_pv_ops(struct objtool_file *file) 592 { 593 static const char *pv_ops_tables[] = { 594 "pv_ops", 595 "xen_cpu_ops", 596 "xen_irq_ops", 597 "xen_mmu_ops", 598 NULL, 599 }; 600 const char *pv_ops; 601 struct symbol *sym; 602 int idx, nr; 603 604 if (!opts.noinstr) 605 return 0; 606 607 file->pv_ops = NULL; 608 609 sym = find_symbol_by_name(file->elf, "pv_ops"); 610 if (!sym) 611 return 0; 612 613 nr = sym->len / sizeof(unsigned long); 614 file->pv_ops = calloc(sizeof(struct pv_state), nr); 615 if (!file->pv_ops) 616 return -1; 617 618 for (idx = 0; idx < nr; idx++) 619 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 620 621 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) 622 add_pv_ops(file, pv_ops); 623 624 return 0; 625 } 626 627 static int create_static_call_sections(struct objtool_file *file) 628 { 629 struct static_call_site *site; 630 struct section *sec; 631 struct instruction *insn; 632 struct symbol *key_sym; 633 char *key_name, *tmp; 634 int idx; 635 636 sec = find_section_by_name(file->elf, ".static_call_sites"); 637 if (sec) { 638 INIT_LIST_HEAD(&file->static_call_list); 639 WARN("file already has .static_call_sites section, skipping"); 640 return 0; 641 } 642 643 if (list_empty(&file->static_call_list)) 644 return 0; 645 646 idx = 0; 647 list_for_each_entry(insn, &file->static_call_list, call_node) 648 idx++; 649 650 sec = elf_create_section_pair(file->elf, ".static_call_sites", 651 sizeof(*site), idx, idx * 2); 652 if (!sec) 653 return -1; 654 655 /* Allow modules to modify the low bits of static_call_site::key */ 656 sec->sh.sh_flags |= SHF_WRITE; 657 658 idx = 0; 659 list_for_each_entry(insn, &file->static_call_list, call_node) { 660 661 /* populate reloc for 'addr' */ 662 if (!elf_init_reloc_text_sym(file->elf, sec, 663 idx * sizeof(*site), idx * 2, 664 insn->sec, insn->offset)) 665 return -1; 666 667 /* find key symbol */ 668 key_name = strdup(insn_call_dest(insn)->name); 669 if (!key_name) { 670 perror("strdup"); 671 return -1; 672 } 673 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 674 STATIC_CALL_TRAMP_PREFIX_LEN)) { 675 WARN("static_call: trampoline name malformed: %s", key_name); 676 free(key_name); 677 return -1; 678 } 679 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 680 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 681 682 key_sym = find_symbol_by_name(file->elf, tmp); 683 if (!key_sym) { 684 if (!opts.module) { 685 WARN("static_call: can't find static_call_key symbol: %s", tmp); 686 free(key_name); 687 return -1; 688 } 689 690 /* 691 * For modules(), the key might not be exported, which 692 * means the module can make static calls but isn't 693 * allowed to change them. 694 * 695 * In that case we temporarily set the key to be the 696 * trampoline address. This is fixed up in 697 * static_call_add_module(). 698 */ 699 key_sym = insn_call_dest(insn); 700 } 701 free(key_name); 702 703 /* populate reloc for 'key' */ 704 if (!elf_init_reloc_data_sym(file->elf, sec, 705 idx * sizeof(*site) + 4, 706 (idx * 2) + 1, key_sym, 707 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 708 return -1; 709 710 idx++; 711 } 712 713 return 0; 714 } 715 716 static int create_retpoline_sites_sections(struct objtool_file *file) 717 { 718 struct instruction *insn; 719 struct section *sec; 720 int idx; 721 722 sec = find_section_by_name(file->elf, ".retpoline_sites"); 723 if (sec) { 724 WARN("file already has .retpoline_sites, skipping"); 725 return 0; 726 } 727 728 idx = 0; 729 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 730 idx++; 731 732 if (!idx) 733 return 0; 734 735 sec = elf_create_section_pair(file->elf, ".retpoline_sites", 736 sizeof(int), idx, idx); 737 if (!sec) 738 return -1; 739 740 idx = 0; 741 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 742 743 if (!elf_init_reloc_text_sym(file->elf, sec, 744 idx * sizeof(int), idx, 745 insn->sec, insn->offset)) 746 return -1; 747 748 idx++; 749 } 750 751 return 0; 752 } 753 754 static int create_return_sites_sections(struct objtool_file *file) 755 { 756 struct instruction *insn; 757 struct section *sec; 758 int idx; 759 760 sec = find_section_by_name(file->elf, ".return_sites"); 761 if (sec) { 762 WARN("file already has .return_sites, skipping"); 763 return 0; 764 } 765 766 idx = 0; 767 list_for_each_entry(insn, &file->return_thunk_list, call_node) 768 idx++; 769 770 if (!idx) 771 return 0; 772 773 sec = elf_create_section_pair(file->elf, ".return_sites", 774 sizeof(int), idx, idx); 775 if (!sec) 776 return -1; 777 778 idx = 0; 779 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 780 781 if (!elf_init_reloc_text_sym(file->elf, sec, 782 idx * sizeof(int), idx, 783 insn->sec, insn->offset)) 784 return -1; 785 786 idx++; 787 } 788 789 return 0; 790 } 791 792 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 793 { 794 struct instruction *insn; 795 struct section *sec; 796 int idx; 797 798 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 799 if (sec) { 800 WARN("file already has .ibt_endbr_seal, skipping"); 801 return 0; 802 } 803 804 idx = 0; 805 list_for_each_entry(insn, &file->endbr_list, call_node) 806 idx++; 807 808 if (opts.stats) { 809 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 810 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 811 printf("ibt: superfluous ENDBR: %d\n", idx); 812 } 813 814 if (!idx) 815 return 0; 816 817 sec = elf_create_section_pair(file->elf, ".ibt_endbr_seal", 818 sizeof(int), idx, idx); 819 if (!sec) 820 return -1; 821 822 idx = 0; 823 list_for_each_entry(insn, &file->endbr_list, call_node) { 824 825 int *site = (int *)sec->data->d_buf + idx; 826 struct symbol *sym = insn->sym; 827 *site = 0; 828 829 if (opts.module && sym && sym->type == STT_FUNC && 830 insn->offset == sym->offset && 831 (!strcmp(sym->name, "init_module") || 832 !strcmp(sym->name, "cleanup_module"))) 833 WARN("%s(): not an indirect call target", sym->name); 834 835 if (!elf_init_reloc_text_sym(file->elf, sec, 836 idx * sizeof(int), idx, 837 insn->sec, insn->offset)) 838 return -1; 839 840 idx++; 841 } 842 843 return 0; 844 } 845 846 static int create_cfi_sections(struct objtool_file *file) 847 { 848 struct section *sec; 849 struct symbol *sym; 850 int idx; 851 852 sec = find_section_by_name(file->elf, ".cfi_sites"); 853 if (sec) { 854 INIT_LIST_HEAD(&file->call_list); 855 WARN("file already has .cfi_sites section, skipping"); 856 return 0; 857 } 858 859 idx = 0; 860 for_each_sym(file, sym) { 861 if (sym->type != STT_FUNC) 862 continue; 863 864 if (strncmp(sym->name, "__cfi_", 6)) 865 continue; 866 867 idx++; 868 } 869 870 sec = elf_create_section_pair(file->elf, ".cfi_sites", 871 sizeof(unsigned int), idx, idx); 872 if (!sec) 873 return -1; 874 875 idx = 0; 876 for_each_sym(file, sym) { 877 if (sym->type != STT_FUNC) 878 continue; 879 880 if (strncmp(sym->name, "__cfi_", 6)) 881 continue; 882 883 if (!elf_init_reloc_text_sym(file->elf, sec, 884 idx * sizeof(unsigned int), idx, 885 sym->sec, sym->offset)) 886 return -1; 887 888 idx++; 889 } 890 891 return 0; 892 } 893 894 static int create_mcount_loc_sections(struct objtool_file *file) 895 { 896 size_t addr_size = elf_addr_size(file->elf); 897 struct instruction *insn; 898 struct section *sec; 899 int idx; 900 901 sec = find_section_by_name(file->elf, "__mcount_loc"); 902 if (sec) { 903 INIT_LIST_HEAD(&file->mcount_loc_list); 904 WARN("file already has __mcount_loc section, skipping"); 905 return 0; 906 } 907 908 if (list_empty(&file->mcount_loc_list)) 909 return 0; 910 911 idx = 0; 912 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 913 idx++; 914 915 sec = elf_create_section_pair(file->elf, "__mcount_loc", addr_size, 916 idx, idx); 917 if (!sec) 918 return -1; 919 920 sec->sh.sh_addralign = addr_size; 921 922 idx = 0; 923 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 924 925 struct reloc *reloc; 926 927 reloc = elf_init_reloc_text_sym(file->elf, sec, idx * addr_size, idx, 928 insn->sec, insn->offset); 929 if (!reloc) 930 return -1; 931 932 set_reloc_type(file->elf, reloc, addr_size == 8 ? R_ABS64 : R_ABS32); 933 934 idx++; 935 } 936 937 return 0; 938 } 939 940 static int create_direct_call_sections(struct objtool_file *file) 941 { 942 struct instruction *insn; 943 struct section *sec; 944 int idx; 945 946 sec = find_section_by_name(file->elf, ".call_sites"); 947 if (sec) { 948 INIT_LIST_HEAD(&file->call_list); 949 WARN("file already has .call_sites section, skipping"); 950 return 0; 951 } 952 953 if (list_empty(&file->call_list)) 954 return 0; 955 956 idx = 0; 957 list_for_each_entry(insn, &file->call_list, call_node) 958 idx++; 959 960 sec = elf_create_section_pair(file->elf, ".call_sites", 961 sizeof(unsigned int), idx, idx); 962 if (!sec) 963 return -1; 964 965 idx = 0; 966 list_for_each_entry(insn, &file->call_list, call_node) { 967 968 if (!elf_init_reloc_text_sym(file->elf, sec, 969 idx * sizeof(unsigned int), idx, 970 insn->sec, insn->offset)) 971 return -1; 972 973 idx++; 974 } 975 976 return 0; 977 } 978 979 /* 980 * Warnings shouldn't be reported for ignored functions. 981 */ 982 static void add_ignores(struct objtool_file *file) 983 { 984 struct instruction *insn; 985 struct section *rsec; 986 struct symbol *func; 987 struct reloc *reloc; 988 989 rsec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 990 if (!rsec) 991 return; 992 993 for_each_reloc(rsec, reloc) { 994 switch (reloc->sym->type) { 995 case STT_FUNC: 996 func = reloc->sym; 997 break; 998 999 case STT_SECTION: 1000 func = find_func_by_offset(reloc->sym->sec, reloc_addend(reloc)); 1001 if (!func) 1002 continue; 1003 break; 1004 1005 default: 1006 WARN("unexpected relocation symbol type in %s: %d", 1007 rsec->name, reloc->sym->type); 1008 continue; 1009 } 1010 1011 func_for_each_insn(file, func, insn) 1012 insn->ignore = true; 1013 } 1014 } 1015 1016 /* 1017 * This is a whitelist of functions that is allowed to be called with AC set. 1018 * The list is meant to be minimal and only contains compiler instrumentation 1019 * ABI and a few functions used to implement *_{to,from}_user() functions. 1020 * 1021 * These functions must not directly change AC, but may PUSHF/POPF. 1022 */ 1023 static const char *uaccess_safe_builtin[] = { 1024 /* KASAN */ 1025 "kasan_report", 1026 "kasan_check_range", 1027 /* KASAN out-of-line */ 1028 "__asan_loadN_noabort", 1029 "__asan_load1_noabort", 1030 "__asan_load2_noabort", 1031 "__asan_load4_noabort", 1032 "__asan_load8_noabort", 1033 "__asan_load16_noabort", 1034 "__asan_storeN_noabort", 1035 "__asan_store1_noabort", 1036 "__asan_store2_noabort", 1037 "__asan_store4_noabort", 1038 "__asan_store8_noabort", 1039 "__asan_store16_noabort", 1040 "__kasan_check_read", 1041 "__kasan_check_write", 1042 /* KASAN in-line */ 1043 "__asan_report_load_n_noabort", 1044 "__asan_report_load1_noabort", 1045 "__asan_report_load2_noabort", 1046 "__asan_report_load4_noabort", 1047 "__asan_report_load8_noabort", 1048 "__asan_report_load16_noabort", 1049 "__asan_report_store_n_noabort", 1050 "__asan_report_store1_noabort", 1051 "__asan_report_store2_noabort", 1052 "__asan_report_store4_noabort", 1053 "__asan_report_store8_noabort", 1054 "__asan_report_store16_noabort", 1055 /* KCSAN */ 1056 "__kcsan_check_access", 1057 "__kcsan_mb", 1058 "__kcsan_wmb", 1059 "__kcsan_rmb", 1060 "__kcsan_release", 1061 "kcsan_found_watchpoint", 1062 "kcsan_setup_watchpoint", 1063 "kcsan_check_scoped_accesses", 1064 "kcsan_disable_current", 1065 "kcsan_enable_current_nowarn", 1066 /* KCSAN/TSAN */ 1067 "__tsan_func_entry", 1068 "__tsan_func_exit", 1069 "__tsan_read_range", 1070 "__tsan_write_range", 1071 "__tsan_read1", 1072 "__tsan_read2", 1073 "__tsan_read4", 1074 "__tsan_read8", 1075 "__tsan_read16", 1076 "__tsan_write1", 1077 "__tsan_write2", 1078 "__tsan_write4", 1079 "__tsan_write8", 1080 "__tsan_write16", 1081 "__tsan_read_write1", 1082 "__tsan_read_write2", 1083 "__tsan_read_write4", 1084 "__tsan_read_write8", 1085 "__tsan_read_write16", 1086 "__tsan_volatile_read1", 1087 "__tsan_volatile_read2", 1088 "__tsan_volatile_read4", 1089 "__tsan_volatile_read8", 1090 "__tsan_volatile_read16", 1091 "__tsan_volatile_write1", 1092 "__tsan_volatile_write2", 1093 "__tsan_volatile_write4", 1094 "__tsan_volatile_write8", 1095 "__tsan_volatile_write16", 1096 "__tsan_atomic8_load", 1097 "__tsan_atomic16_load", 1098 "__tsan_atomic32_load", 1099 "__tsan_atomic64_load", 1100 "__tsan_atomic8_store", 1101 "__tsan_atomic16_store", 1102 "__tsan_atomic32_store", 1103 "__tsan_atomic64_store", 1104 "__tsan_atomic8_exchange", 1105 "__tsan_atomic16_exchange", 1106 "__tsan_atomic32_exchange", 1107 "__tsan_atomic64_exchange", 1108 "__tsan_atomic8_fetch_add", 1109 "__tsan_atomic16_fetch_add", 1110 "__tsan_atomic32_fetch_add", 1111 "__tsan_atomic64_fetch_add", 1112 "__tsan_atomic8_fetch_sub", 1113 "__tsan_atomic16_fetch_sub", 1114 "__tsan_atomic32_fetch_sub", 1115 "__tsan_atomic64_fetch_sub", 1116 "__tsan_atomic8_fetch_and", 1117 "__tsan_atomic16_fetch_and", 1118 "__tsan_atomic32_fetch_and", 1119 "__tsan_atomic64_fetch_and", 1120 "__tsan_atomic8_fetch_or", 1121 "__tsan_atomic16_fetch_or", 1122 "__tsan_atomic32_fetch_or", 1123 "__tsan_atomic64_fetch_or", 1124 "__tsan_atomic8_fetch_xor", 1125 "__tsan_atomic16_fetch_xor", 1126 "__tsan_atomic32_fetch_xor", 1127 "__tsan_atomic64_fetch_xor", 1128 "__tsan_atomic8_fetch_nand", 1129 "__tsan_atomic16_fetch_nand", 1130 "__tsan_atomic32_fetch_nand", 1131 "__tsan_atomic64_fetch_nand", 1132 "__tsan_atomic8_compare_exchange_strong", 1133 "__tsan_atomic16_compare_exchange_strong", 1134 "__tsan_atomic32_compare_exchange_strong", 1135 "__tsan_atomic64_compare_exchange_strong", 1136 "__tsan_atomic8_compare_exchange_weak", 1137 "__tsan_atomic16_compare_exchange_weak", 1138 "__tsan_atomic32_compare_exchange_weak", 1139 "__tsan_atomic64_compare_exchange_weak", 1140 "__tsan_atomic8_compare_exchange_val", 1141 "__tsan_atomic16_compare_exchange_val", 1142 "__tsan_atomic32_compare_exchange_val", 1143 "__tsan_atomic64_compare_exchange_val", 1144 "__tsan_atomic_thread_fence", 1145 "__tsan_atomic_signal_fence", 1146 "__tsan_unaligned_read16", 1147 "__tsan_unaligned_write16", 1148 /* KCOV */ 1149 "write_comp_data", 1150 "check_kcov_mode", 1151 "__sanitizer_cov_trace_pc", 1152 "__sanitizer_cov_trace_const_cmp1", 1153 "__sanitizer_cov_trace_const_cmp2", 1154 "__sanitizer_cov_trace_const_cmp4", 1155 "__sanitizer_cov_trace_const_cmp8", 1156 "__sanitizer_cov_trace_cmp1", 1157 "__sanitizer_cov_trace_cmp2", 1158 "__sanitizer_cov_trace_cmp4", 1159 "__sanitizer_cov_trace_cmp8", 1160 "__sanitizer_cov_trace_switch", 1161 /* KMSAN */ 1162 "kmsan_copy_to_user", 1163 "kmsan_disable_current", 1164 "kmsan_enable_current", 1165 "kmsan_report", 1166 "kmsan_unpoison_entry_regs", 1167 "kmsan_unpoison_memory", 1168 "__msan_chain_origin", 1169 "__msan_get_context_state", 1170 "__msan_instrument_asm_store", 1171 "__msan_metadata_ptr_for_load_1", 1172 "__msan_metadata_ptr_for_load_2", 1173 "__msan_metadata_ptr_for_load_4", 1174 "__msan_metadata_ptr_for_load_8", 1175 "__msan_metadata_ptr_for_load_n", 1176 "__msan_metadata_ptr_for_store_1", 1177 "__msan_metadata_ptr_for_store_2", 1178 "__msan_metadata_ptr_for_store_4", 1179 "__msan_metadata_ptr_for_store_8", 1180 "__msan_metadata_ptr_for_store_n", 1181 "__msan_poison_alloca", 1182 "__msan_warning", 1183 /* UBSAN */ 1184 "ubsan_type_mismatch_common", 1185 "__ubsan_handle_type_mismatch", 1186 "__ubsan_handle_type_mismatch_v1", 1187 "__ubsan_handle_shift_out_of_bounds", 1188 "__ubsan_handle_load_invalid_value", 1189 /* STACKLEAK */ 1190 "stackleak_track_stack", 1191 /* misc */ 1192 "csum_partial_copy_generic", 1193 "copy_mc_fragile", 1194 "copy_mc_fragile_handle_tail", 1195 "copy_mc_enhanced_fast_string", 1196 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 1197 "rep_stos_alternative", 1198 "rep_movs_alternative", 1199 "__copy_user_nocache", 1200 NULL 1201 }; 1202 1203 static void add_uaccess_safe(struct objtool_file *file) 1204 { 1205 struct symbol *func; 1206 const char **name; 1207 1208 if (!opts.uaccess) 1209 return; 1210 1211 for (name = uaccess_safe_builtin; *name; name++) { 1212 func = find_symbol_by_name(file->elf, *name); 1213 if (!func) 1214 continue; 1215 1216 func->uaccess_safe = true; 1217 } 1218 } 1219 1220 /* 1221 * Symbols that replace INSN_CALL_DYNAMIC, every (tail) call to such a symbol 1222 * will be added to the .retpoline_sites section. 1223 */ 1224 __weak bool arch_is_retpoline(struct symbol *sym) 1225 { 1226 return false; 1227 } 1228 1229 /* 1230 * Symbols that replace INSN_RETURN, every (tail) call to such a symbol 1231 * will be added to the .return_sites section. 1232 */ 1233 __weak bool arch_is_rethunk(struct symbol *sym) 1234 { 1235 return false; 1236 } 1237 1238 /* 1239 * Symbols that are embedded inside other instructions, because sometimes crazy 1240 * code exists. These are mostly ignored for validation purposes. 1241 */ 1242 __weak bool arch_is_embedded_insn(struct symbol *sym) 1243 { 1244 return false; 1245 } 1246 1247 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1248 { 1249 struct reloc *reloc; 1250 1251 if (insn->no_reloc) 1252 return NULL; 1253 1254 if (!file) 1255 return NULL; 1256 1257 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1258 insn->offset, insn->len); 1259 if (!reloc) { 1260 insn->no_reloc = 1; 1261 return NULL; 1262 } 1263 1264 return reloc; 1265 } 1266 1267 static void remove_insn_ops(struct instruction *insn) 1268 { 1269 struct stack_op *op, *next; 1270 1271 for (op = insn->stack_ops; op; op = next) { 1272 next = op->next; 1273 free(op); 1274 } 1275 insn->stack_ops = NULL; 1276 } 1277 1278 static void annotate_call_site(struct objtool_file *file, 1279 struct instruction *insn, bool sibling) 1280 { 1281 struct reloc *reloc = insn_reloc(file, insn); 1282 struct symbol *sym = insn_call_dest(insn); 1283 1284 if (!sym) 1285 sym = reloc->sym; 1286 1287 /* 1288 * Alternative replacement code is just template code which is 1289 * sometimes copied to the original instruction. For now, don't 1290 * annotate it. (In the future we might consider annotating the 1291 * original instruction if/when it ever makes sense to do so.) 1292 */ 1293 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 1294 return; 1295 1296 if (sym->static_call_tramp) { 1297 list_add_tail(&insn->call_node, &file->static_call_list); 1298 return; 1299 } 1300 1301 if (sym->retpoline_thunk) { 1302 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1303 return; 1304 } 1305 1306 /* 1307 * Many compilers cannot disable KCOV or sanitizer calls with a function 1308 * attribute so they need a little help, NOP out any such calls from 1309 * noinstr text. 1310 */ 1311 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1312 if (reloc) 1313 set_reloc_type(file->elf, reloc, R_NONE); 1314 1315 elf_write_insn(file->elf, insn->sec, 1316 insn->offset, insn->len, 1317 sibling ? arch_ret_insn(insn->len) 1318 : arch_nop_insn(insn->len)); 1319 1320 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1321 1322 if (sibling) { 1323 /* 1324 * We've replaced the tail-call JMP insn by two new 1325 * insn: RET; INT3, except we only have a single struct 1326 * insn here. Mark it retpoline_safe to avoid the SLS 1327 * warning, instead of adding another insn. 1328 */ 1329 insn->retpoline_safe = true; 1330 } 1331 1332 return; 1333 } 1334 1335 if (opts.mcount && sym->fentry) { 1336 if (sibling) 1337 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1338 if (opts.mnop) { 1339 if (reloc) 1340 set_reloc_type(file->elf, reloc, R_NONE); 1341 1342 elf_write_insn(file->elf, insn->sec, 1343 insn->offset, insn->len, 1344 arch_nop_insn(insn->len)); 1345 1346 insn->type = INSN_NOP; 1347 } 1348 1349 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1350 return; 1351 } 1352 1353 if (insn->type == INSN_CALL && !insn->sec->init) 1354 list_add_tail(&insn->call_node, &file->call_list); 1355 1356 if (!sibling && dead_end_function(file, sym)) 1357 insn->dead_end = true; 1358 } 1359 1360 static void add_call_dest(struct objtool_file *file, struct instruction *insn, 1361 struct symbol *dest, bool sibling) 1362 { 1363 insn->_call_dest = dest; 1364 if (!dest) 1365 return; 1366 1367 /* 1368 * Whatever stack impact regular CALLs have, should be undone 1369 * by the RETURN of the called function. 1370 * 1371 * Annotated intra-function calls retain the stack_ops but 1372 * are converted to JUMP, see read_intra_function_calls(). 1373 */ 1374 remove_insn_ops(insn); 1375 1376 annotate_call_site(file, insn, sibling); 1377 } 1378 1379 static void add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1380 { 1381 /* 1382 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1383 * so convert them accordingly. 1384 */ 1385 switch (insn->type) { 1386 case INSN_CALL: 1387 insn->type = INSN_CALL_DYNAMIC; 1388 break; 1389 case INSN_JUMP_UNCONDITIONAL: 1390 insn->type = INSN_JUMP_DYNAMIC; 1391 break; 1392 case INSN_JUMP_CONDITIONAL: 1393 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1394 break; 1395 default: 1396 return; 1397 } 1398 1399 insn->retpoline_safe = true; 1400 1401 /* 1402 * Whatever stack impact regular CALLs have, should be undone 1403 * by the RETURN of the called function. 1404 * 1405 * Annotated intra-function calls retain the stack_ops but 1406 * are converted to JUMP, see read_intra_function_calls(). 1407 */ 1408 remove_insn_ops(insn); 1409 1410 annotate_call_site(file, insn, false); 1411 } 1412 1413 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1414 { 1415 /* 1416 * Return thunk tail calls are really just returns in disguise, 1417 * so convert them accordingly. 1418 */ 1419 insn->type = INSN_RETURN; 1420 insn->retpoline_safe = true; 1421 1422 if (add) 1423 list_add_tail(&insn->call_node, &file->return_thunk_list); 1424 } 1425 1426 static bool is_first_func_insn(struct objtool_file *file, 1427 struct instruction *insn, struct symbol *sym) 1428 { 1429 if (insn->offset == sym->offset) 1430 return true; 1431 1432 /* Allow direct CALL/JMP past ENDBR */ 1433 if (opts.ibt) { 1434 struct instruction *prev = prev_insn_same_sym(file, insn); 1435 1436 if (prev && prev->type == INSN_ENDBR && 1437 insn->offset == sym->offset + prev->len) 1438 return true; 1439 } 1440 1441 return false; 1442 } 1443 1444 /* 1445 * A sibling call is a tail-call to another symbol -- to differentiate from a 1446 * recursive tail-call which is to the same symbol. 1447 */ 1448 static bool jump_is_sibling_call(struct objtool_file *file, 1449 struct instruction *from, struct instruction *to) 1450 { 1451 struct symbol *fs = from->sym; 1452 struct symbol *ts = to->sym; 1453 1454 /* Not a sibling call if from/to a symbol hole */ 1455 if (!fs || !ts) 1456 return false; 1457 1458 /* Not a sibling call if not targeting the start of a symbol. */ 1459 if (!is_first_func_insn(file, to, ts)) 1460 return false; 1461 1462 /* Disallow sibling calls into STT_NOTYPE */ 1463 if (ts->type == STT_NOTYPE) 1464 return false; 1465 1466 /* Must not be self to be a sibling */ 1467 return fs->pfunc != ts->pfunc; 1468 } 1469 1470 /* 1471 * Find the destination instructions for all jumps. 1472 */ 1473 static int add_jump_destinations(struct objtool_file *file) 1474 { 1475 struct instruction *insn, *jump_dest; 1476 struct reloc *reloc; 1477 struct section *dest_sec; 1478 unsigned long dest_off; 1479 1480 for_each_insn(file, insn) { 1481 if (insn->jump_dest) { 1482 /* 1483 * handle_group_alt() may have previously set 1484 * 'jump_dest' for some alternatives. 1485 */ 1486 continue; 1487 } 1488 if (!is_static_jump(insn)) 1489 continue; 1490 1491 reloc = insn_reloc(file, insn); 1492 if (!reloc) { 1493 dest_sec = insn->sec; 1494 dest_off = arch_jump_destination(insn); 1495 } else if (reloc->sym->type == STT_SECTION) { 1496 dest_sec = reloc->sym->sec; 1497 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1498 } else if (reloc->sym->retpoline_thunk) { 1499 add_retpoline_call(file, insn); 1500 continue; 1501 } else if (reloc->sym->return_thunk) { 1502 add_return_call(file, insn, true); 1503 continue; 1504 } else if (insn_func(insn)) { 1505 /* 1506 * External sibling call or internal sibling call with 1507 * STT_FUNC reloc. 1508 */ 1509 add_call_dest(file, insn, reloc->sym, true); 1510 continue; 1511 } else if (reloc->sym->sec->idx) { 1512 dest_sec = reloc->sym->sec; 1513 dest_off = reloc->sym->sym.st_value + 1514 arch_dest_reloc_offset(reloc_addend(reloc)); 1515 } else { 1516 /* non-func asm code jumping to another file */ 1517 continue; 1518 } 1519 1520 jump_dest = find_insn(file, dest_sec, dest_off); 1521 if (!jump_dest) { 1522 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1523 1524 /* 1525 * This is a special case for retbleed_untrain_ret(). 1526 * It jumps to __x86_return_thunk(), but objtool 1527 * can't find the thunk's starting RET 1528 * instruction, because the RET is also in the 1529 * middle of another instruction. Objtool only 1530 * knows about the outer instruction. 1531 */ 1532 if (sym && sym->embedded_insn) { 1533 add_return_call(file, insn, false); 1534 continue; 1535 } 1536 1537 WARN_INSN(insn, "can't find jump dest instruction at %s+0x%lx", 1538 dest_sec->name, dest_off); 1539 return -1; 1540 } 1541 1542 /* 1543 * An intra-TU jump in retpoline.o might not have a relocation 1544 * for its jump dest, in which case the above 1545 * add_{retpoline,return}_call() didn't happen. 1546 */ 1547 if (jump_dest->sym && jump_dest->offset == jump_dest->sym->offset) { 1548 if (jump_dest->sym->retpoline_thunk) { 1549 add_retpoline_call(file, insn); 1550 continue; 1551 } 1552 if (jump_dest->sym->return_thunk) { 1553 add_return_call(file, insn, true); 1554 continue; 1555 } 1556 } 1557 1558 /* 1559 * Cross-function jump. 1560 */ 1561 if (insn_func(insn) && insn_func(jump_dest) && 1562 insn_func(insn) != insn_func(jump_dest)) { 1563 1564 /* 1565 * For GCC 8+, create parent/child links for any cold 1566 * subfunctions. This is _mostly_ redundant with a 1567 * similar initialization in read_symbols(). 1568 * 1569 * If a function has aliases, we want the *first* such 1570 * function in the symbol table to be the subfunction's 1571 * parent. In that case we overwrite the 1572 * initialization done in read_symbols(). 1573 * 1574 * However this code can't completely replace the 1575 * read_symbols() code because this doesn't detect the 1576 * case where the parent function's only reference to a 1577 * subfunction is through a jump table. 1578 */ 1579 if (!strstr(insn_func(insn)->name, ".cold") && 1580 strstr(insn_func(jump_dest)->name, ".cold")) { 1581 insn_func(insn)->cfunc = insn_func(jump_dest); 1582 insn_func(jump_dest)->pfunc = insn_func(insn); 1583 } 1584 } 1585 1586 if (jump_is_sibling_call(file, insn, jump_dest)) { 1587 /* 1588 * Internal sibling call without reloc or with 1589 * STT_SECTION reloc. 1590 */ 1591 add_call_dest(file, insn, insn_func(jump_dest), true); 1592 continue; 1593 } 1594 1595 insn->jump_dest = jump_dest; 1596 } 1597 1598 return 0; 1599 } 1600 1601 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1602 { 1603 struct symbol *call_dest; 1604 1605 call_dest = find_func_by_offset(sec, offset); 1606 if (!call_dest) 1607 call_dest = find_symbol_by_offset(sec, offset); 1608 1609 return call_dest; 1610 } 1611 1612 /* 1613 * Find the destination instructions for all calls. 1614 */ 1615 static int add_call_destinations(struct objtool_file *file) 1616 { 1617 struct instruction *insn; 1618 unsigned long dest_off; 1619 struct symbol *dest; 1620 struct reloc *reloc; 1621 1622 for_each_insn(file, insn) { 1623 if (insn->type != INSN_CALL) 1624 continue; 1625 1626 reloc = insn_reloc(file, insn); 1627 if (!reloc) { 1628 dest_off = arch_jump_destination(insn); 1629 dest = find_call_destination(insn->sec, dest_off); 1630 1631 add_call_dest(file, insn, dest, false); 1632 1633 if (insn->ignore) 1634 continue; 1635 1636 if (!insn_call_dest(insn)) { 1637 WARN_INSN(insn, "unannotated intra-function call"); 1638 return -1; 1639 } 1640 1641 if (insn_func(insn) && insn_call_dest(insn)->type != STT_FUNC) { 1642 WARN_INSN(insn, "unsupported call to non-function"); 1643 return -1; 1644 } 1645 1646 } else if (reloc->sym->type == STT_SECTION) { 1647 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1648 dest = find_call_destination(reloc->sym->sec, dest_off); 1649 if (!dest) { 1650 WARN_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1651 reloc->sym->sec->name, dest_off); 1652 return -1; 1653 } 1654 1655 add_call_dest(file, insn, dest, false); 1656 1657 } else if (reloc->sym->retpoline_thunk) { 1658 add_retpoline_call(file, insn); 1659 1660 } else 1661 add_call_dest(file, insn, reloc->sym, false); 1662 } 1663 1664 return 0; 1665 } 1666 1667 /* 1668 * The .alternatives section requires some extra special care over and above 1669 * other special sections because alternatives are patched in place. 1670 */ 1671 static int handle_group_alt(struct objtool_file *file, 1672 struct special_alt *special_alt, 1673 struct instruction *orig_insn, 1674 struct instruction **new_insn) 1675 { 1676 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1677 struct alt_group *orig_alt_group, *new_alt_group; 1678 unsigned long dest_off; 1679 1680 orig_alt_group = orig_insn->alt_group; 1681 if (!orig_alt_group) { 1682 struct instruction *last_orig_insn = NULL; 1683 1684 orig_alt_group = malloc(sizeof(*orig_alt_group)); 1685 if (!orig_alt_group) { 1686 WARN("malloc failed"); 1687 return -1; 1688 } 1689 orig_alt_group->cfi = calloc(special_alt->orig_len, 1690 sizeof(struct cfi_state *)); 1691 if (!orig_alt_group->cfi) { 1692 WARN("calloc failed"); 1693 return -1; 1694 } 1695 1696 insn = orig_insn; 1697 sec_for_each_insn_from(file, insn) { 1698 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1699 break; 1700 1701 insn->alt_group = orig_alt_group; 1702 last_orig_insn = insn; 1703 } 1704 orig_alt_group->orig_group = NULL; 1705 orig_alt_group->first_insn = orig_insn; 1706 orig_alt_group->last_insn = last_orig_insn; 1707 orig_alt_group->nop = NULL; 1708 } else { 1709 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1710 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1711 WARN_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1712 orig_alt_group->last_insn->offset + 1713 orig_alt_group->last_insn->len - 1714 orig_alt_group->first_insn->offset, 1715 special_alt->orig_len); 1716 return -1; 1717 } 1718 } 1719 1720 new_alt_group = malloc(sizeof(*new_alt_group)); 1721 if (!new_alt_group) { 1722 WARN("malloc failed"); 1723 return -1; 1724 } 1725 1726 if (special_alt->new_len < special_alt->orig_len) { 1727 /* 1728 * Insert a fake nop at the end to make the replacement 1729 * alt_group the same size as the original. This is needed to 1730 * allow propagate_alt_cfi() to do its magic. When the last 1731 * instruction affects the stack, the instruction after it (the 1732 * nop) will propagate the new state to the shared CFI array. 1733 */ 1734 nop = malloc(sizeof(*nop)); 1735 if (!nop) { 1736 WARN("malloc failed"); 1737 return -1; 1738 } 1739 memset(nop, 0, sizeof(*nop)); 1740 1741 nop->sec = special_alt->new_sec; 1742 nop->offset = special_alt->new_off + special_alt->new_len; 1743 nop->len = special_alt->orig_len - special_alt->new_len; 1744 nop->type = INSN_NOP; 1745 nop->sym = orig_insn->sym; 1746 nop->alt_group = new_alt_group; 1747 nop->ignore = orig_insn->ignore_alts; 1748 } 1749 1750 if (!special_alt->new_len) { 1751 *new_insn = nop; 1752 goto end; 1753 } 1754 1755 insn = *new_insn; 1756 sec_for_each_insn_from(file, insn) { 1757 struct reloc *alt_reloc; 1758 1759 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1760 break; 1761 1762 last_new_insn = insn; 1763 1764 insn->ignore = orig_insn->ignore_alts; 1765 insn->sym = orig_insn->sym; 1766 insn->alt_group = new_alt_group; 1767 1768 /* 1769 * Since alternative replacement code is copy/pasted by the 1770 * kernel after applying relocations, generally such code can't 1771 * have relative-address relocation references to outside the 1772 * .altinstr_replacement section, unless the arch's 1773 * alternatives code can adjust the relative offsets 1774 * accordingly. 1775 */ 1776 alt_reloc = insn_reloc(file, insn); 1777 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1778 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1779 1780 WARN_INSN(insn, "unsupported relocation in alternatives section"); 1781 return -1; 1782 } 1783 1784 if (!is_static_jump(insn)) 1785 continue; 1786 1787 if (!insn->immediate) 1788 continue; 1789 1790 dest_off = arch_jump_destination(insn); 1791 if (dest_off == special_alt->new_off + special_alt->new_len) { 1792 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1793 if (!insn->jump_dest) { 1794 WARN_INSN(insn, "can't find alternative jump destination"); 1795 return -1; 1796 } 1797 } 1798 } 1799 1800 if (!last_new_insn) { 1801 WARN_FUNC("can't find last new alternative instruction", 1802 special_alt->new_sec, special_alt->new_off); 1803 return -1; 1804 } 1805 1806 end: 1807 new_alt_group->orig_group = orig_alt_group; 1808 new_alt_group->first_insn = *new_insn; 1809 new_alt_group->last_insn = last_new_insn; 1810 new_alt_group->nop = nop; 1811 new_alt_group->cfi = orig_alt_group->cfi; 1812 return 0; 1813 } 1814 1815 /* 1816 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1817 * If the original instruction is a jump, make the alt entry an effective nop 1818 * by just skipping the original instruction. 1819 */ 1820 static int handle_jump_alt(struct objtool_file *file, 1821 struct special_alt *special_alt, 1822 struct instruction *orig_insn, 1823 struct instruction **new_insn) 1824 { 1825 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1826 orig_insn->type != INSN_NOP) { 1827 1828 WARN_INSN(orig_insn, "unsupported instruction at jump label"); 1829 return -1; 1830 } 1831 1832 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1833 struct reloc *reloc = insn_reloc(file, orig_insn); 1834 1835 if (reloc) 1836 set_reloc_type(file->elf, reloc, R_NONE); 1837 elf_write_insn(file->elf, orig_insn->sec, 1838 orig_insn->offset, orig_insn->len, 1839 arch_nop_insn(orig_insn->len)); 1840 orig_insn->type = INSN_NOP; 1841 } 1842 1843 if (orig_insn->type == INSN_NOP) { 1844 if (orig_insn->len == 2) 1845 file->jl_nop_short++; 1846 else 1847 file->jl_nop_long++; 1848 1849 return 0; 1850 } 1851 1852 if (orig_insn->len == 2) 1853 file->jl_short++; 1854 else 1855 file->jl_long++; 1856 1857 *new_insn = next_insn_same_sec(file, orig_insn); 1858 return 0; 1859 } 1860 1861 /* 1862 * Read all the special sections which have alternate instructions which can be 1863 * patched in or redirected to at runtime. Each instruction having alternate 1864 * instruction(s) has them added to its insn->alts list, which will be 1865 * traversed in validate_branch(). 1866 */ 1867 static int add_special_section_alts(struct objtool_file *file) 1868 { 1869 struct list_head special_alts; 1870 struct instruction *orig_insn, *new_insn; 1871 struct special_alt *special_alt, *tmp; 1872 struct alternative *alt; 1873 int ret; 1874 1875 ret = special_get_alts(file->elf, &special_alts); 1876 if (ret) 1877 return ret; 1878 1879 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1880 1881 orig_insn = find_insn(file, special_alt->orig_sec, 1882 special_alt->orig_off); 1883 if (!orig_insn) { 1884 WARN_FUNC("special: can't find orig instruction", 1885 special_alt->orig_sec, special_alt->orig_off); 1886 ret = -1; 1887 goto out; 1888 } 1889 1890 new_insn = NULL; 1891 if (!special_alt->group || special_alt->new_len) { 1892 new_insn = find_insn(file, special_alt->new_sec, 1893 special_alt->new_off); 1894 if (!new_insn) { 1895 WARN_FUNC("special: can't find new instruction", 1896 special_alt->new_sec, 1897 special_alt->new_off); 1898 ret = -1; 1899 goto out; 1900 } 1901 } 1902 1903 if (special_alt->group) { 1904 if (!special_alt->orig_len) { 1905 WARN_INSN(orig_insn, "empty alternative entry"); 1906 continue; 1907 } 1908 1909 ret = handle_group_alt(file, special_alt, orig_insn, 1910 &new_insn); 1911 if (ret) 1912 goto out; 1913 } else if (special_alt->jump_or_nop) { 1914 ret = handle_jump_alt(file, special_alt, orig_insn, 1915 &new_insn); 1916 if (ret) 1917 goto out; 1918 } 1919 1920 alt = malloc(sizeof(*alt)); 1921 if (!alt) { 1922 WARN("malloc failed"); 1923 ret = -1; 1924 goto out; 1925 } 1926 1927 alt->insn = new_insn; 1928 alt->skip_orig = special_alt->skip_orig; 1929 orig_insn->ignore_alts |= special_alt->skip_alt; 1930 alt->next = orig_insn->alts; 1931 orig_insn->alts = alt; 1932 1933 list_del(&special_alt->list); 1934 free(special_alt); 1935 } 1936 1937 if (opts.stats) { 1938 printf("jl\\\tNOP\tJMP\n"); 1939 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 1940 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 1941 } 1942 1943 out: 1944 return ret; 1945 } 1946 1947 static int add_jump_table(struct objtool_file *file, struct instruction *insn, 1948 struct reloc *next_table) 1949 { 1950 unsigned long table_size = insn_jump_table_size(insn); 1951 struct symbol *pfunc = insn_func(insn)->pfunc; 1952 struct reloc *table = insn_jump_table(insn); 1953 struct instruction *dest_insn; 1954 unsigned int prev_offset = 0; 1955 struct reloc *reloc = table; 1956 struct alternative *alt; 1957 1958 /* 1959 * Each @reloc is a switch table relocation which points to the target 1960 * instruction. 1961 */ 1962 for_each_reloc_from(table->sec, reloc) { 1963 1964 /* Check for the end of the table: */ 1965 if (table_size && reloc_offset(reloc) - reloc_offset(table) >= table_size) 1966 break; 1967 if (reloc != table && reloc == next_table) 1968 break; 1969 1970 /* Make sure the table entries are consecutive: */ 1971 if (prev_offset && reloc_offset(reloc) != prev_offset + 8) 1972 break; 1973 1974 /* Detect function pointers from contiguous objects: */ 1975 if (reloc->sym->sec == pfunc->sec && 1976 reloc_addend(reloc) == pfunc->offset) 1977 break; 1978 1979 /* 1980 * Clang sometimes leaves dangling unused jump table entries 1981 * which point to the end of the function. Ignore them. 1982 */ 1983 if (reloc->sym->sec == pfunc->sec && 1984 reloc_addend(reloc) == pfunc->offset + pfunc->len) 1985 goto next; 1986 1987 dest_insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 1988 if (!dest_insn) 1989 break; 1990 1991 /* Make sure the destination is in the same function: */ 1992 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 1993 break; 1994 1995 alt = malloc(sizeof(*alt)); 1996 if (!alt) { 1997 WARN("malloc failed"); 1998 return -1; 1999 } 2000 2001 alt->insn = dest_insn; 2002 alt->next = insn->alts; 2003 insn->alts = alt; 2004 next: 2005 prev_offset = reloc_offset(reloc); 2006 } 2007 2008 if (!prev_offset) { 2009 WARN_INSN(insn, "can't find switch jump table"); 2010 return -1; 2011 } 2012 2013 return 0; 2014 } 2015 2016 /* 2017 * find_jump_table() - Given a dynamic jump, find the switch jump table 2018 * associated with it. 2019 */ 2020 static void find_jump_table(struct objtool_file *file, struct symbol *func, 2021 struct instruction *insn) 2022 { 2023 struct reloc *table_reloc; 2024 struct instruction *dest_insn, *orig_insn = insn; 2025 unsigned long table_size; 2026 2027 /* 2028 * Backward search using the @first_jump_src links, these help avoid 2029 * much of the 'in between' code. Which avoids us getting confused by 2030 * it. 2031 */ 2032 for (; 2033 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2034 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2035 2036 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2037 break; 2038 2039 /* allow small jumps within the range */ 2040 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2041 insn->jump_dest && 2042 (insn->jump_dest->offset <= insn->offset || 2043 insn->jump_dest->offset > orig_insn->offset)) 2044 break; 2045 2046 table_reloc = arch_find_switch_table(file, insn, &table_size); 2047 if (!table_reloc) 2048 continue; 2049 dest_insn = find_insn(file, table_reloc->sym->sec, reloc_addend(table_reloc)); 2050 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2051 continue; 2052 2053 orig_insn->_jump_table = table_reloc; 2054 orig_insn->_jump_table_size = table_size; 2055 break; 2056 } 2057 } 2058 2059 /* 2060 * First pass: Mark the head of each jump table so that in the next pass, 2061 * we know when a given jump table ends and the next one starts. 2062 */ 2063 static void mark_func_jump_tables(struct objtool_file *file, 2064 struct symbol *func) 2065 { 2066 struct instruction *insn, *last = NULL; 2067 2068 func_for_each_insn(file, func, insn) { 2069 if (!last) 2070 last = insn; 2071 2072 /* 2073 * Store back-pointers for unconditional forward jumps such 2074 * that find_jump_table() can back-track using those and 2075 * avoid some potentially confusing code. 2076 */ 2077 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2078 insn->offset > last->offset && 2079 insn->jump_dest->offset > insn->offset && 2080 !insn->jump_dest->first_jump_src) { 2081 2082 insn->jump_dest->first_jump_src = insn; 2083 last = insn->jump_dest; 2084 } 2085 2086 if (insn->type != INSN_JUMP_DYNAMIC) 2087 continue; 2088 2089 find_jump_table(file, func, insn); 2090 } 2091 } 2092 2093 static int add_func_jump_tables(struct objtool_file *file, 2094 struct symbol *func) 2095 { 2096 struct instruction *insn, *insn_t1 = NULL, *insn_t2; 2097 int ret = 0; 2098 2099 func_for_each_insn(file, func, insn) { 2100 if (!insn_jump_table(insn)) 2101 continue; 2102 2103 if (!insn_t1) { 2104 insn_t1 = insn; 2105 continue; 2106 } 2107 2108 insn_t2 = insn; 2109 2110 ret = add_jump_table(file, insn_t1, insn_jump_table(insn_t2)); 2111 if (ret) 2112 return ret; 2113 2114 insn_t1 = insn_t2; 2115 } 2116 2117 if (insn_t1) 2118 ret = add_jump_table(file, insn_t1, NULL); 2119 2120 return ret; 2121 } 2122 2123 /* 2124 * For some switch statements, gcc generates a jump table in the .rodata 2125 * section which contains a list of addresses within the function to jump to. 2126 * This finds these jump tables and adds them to the insn->alts lists. 2127 */ 2128 static int add_jump_table_alts(struct objtool_file *file) 2129 { 2130 struct symbol *func; 2131 int ret; 2132 2133 if (!file->rodata) 2134 return 0; 2135 2136 for_each_sym(file, func) { 2137 if (func->type != STT_FUNC) 2138 continue; 2139 2140 mark_func_jump_tables(file, func); 2141 ret = add_func_jump_tables(file, func); 2142 if (ret) 2143 return ret; 2144 } 2145 2146 return 0; 2147 } 2148 2149 static void set_func_state(struct cfi_state *state) 2150 { 2151 state->cfa = initial_func_cfi.cfa; 2152 memcpy(&state->regs, &initial_func_cfi.regs, 2153 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2154 state->stack_size = initial_func_cfi.cfa.offset; 2155 state->type = UNWIND_HINT_TYPE_CALL; 2156 } 2157 2158 static int read_unwind_hints(struct objtool_file *file) 2159 { 2160 struct cfi_state cfi = init_cfi; 2161 struct section *sec; 2162 struct unwind_hint *hint; 2163 struct instruction *insn; 2164 struct reloc *reloc; 2165 unsigned long offset; 2166 int i; 2167 2168 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2169 if (!sec) 2170 return 0; 2171 2172 if (!sec->rsec) { 2173 WARN("missing .rela.discard.unwind_hints section"); 2174 return -1; 2175 } 2176 2177 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2178 WARN("struct unwind_hint size mismatch"); 2179 return -1; 2180 } 2181 2182 file->hints = true; 2183 2184 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2185 hint = (struct unwind_hint *)sec->data->d_buf + i; 2186 2187 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2188 if (!reloc) { 2189 WARN("can't find reloc for unwind_hints[%d]", i); 2190 return -1; 2191 } 2192 2193 if (reloc->sym->type == STT_SECTION) { 2194 offset = reloc_addend(reloc); 2195 } else if (reloc->sym->local_label) { 2196 offset = reloc->sym->offset; 2197 } else { 2198 WARN("unexpected relocation symbol type in %s", sec->rsec->name); 2199 return -1; 2200 } 2201 2202 insn = find_insn(file, reloc->sym->sec, offset); 2203 if (!insn) { 2204 WARN("can't find insn for unwind_hints[%d]", i); 2205 return -1; 2206 } 2207 2208 insn->hint = true; 2209 2210 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) { 2211 insn->cfi = &force_undefined_cfi; 2212 continue; 2213 } 2214 2215 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2216 insn->hint = false; 2217 insn->save = true; 2218 continue; 2219 } 2220 2221 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2222 insn->restore = true; 2223 continue; 2224 } 2225 2226 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2227 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2228 2229 if (sym && sym->bind == STB_GLOBAL) { 2230 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2231 WARN_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2232 } 2233 } 2234 } 2235 2236 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2237 insn->cfi = &func_cfi; 2238 continue; 2239 } 2240 2241 if (insn->cfi) 2242 cfi = *(insn->cfi); 2243 2244 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2245 WARN_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2246 return -1; 2247 } 2248 2249 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2250 cfi.type = hint->type; 2251 cfi.signal = hint->signal; 2252 2253 insn->cfi = cfi_hash_find_or_add(&cfi); 2254 } 2255 2256 return 0; 2257 } 2258 2259 static int read_annotate(struct objtool_file *file, 2260 int (*func)(struct objtool_file *file, int type, struct instruction *insn)) 2261 { 2262 struct section *sec; 2263 struct instruction *insn; 2264 struct reloc *reloc; 2265 uint64_t offset; 2266 int type, ret; 2267 2268 sec = find_section_by_name(file->elf, ".discard.annotate_insn"); 2269 if (!sec) 2270 return 0; 2271 2272 if (!sec->rsec) 2273 return 0; 2274 2275 if (sec->sh.sh_entsize != 8) { 2276 static bool warned = false; 2277 if (!warned && opts.verbose) { 2278 WARN("%s: dodgy linker, sh_entsize != 8", sec->name); 2279 warned = true; 2280 } 2281 sec->sh.sh_entsize = 8; 2282 } 2283 2284 for_each_reloc(sec->rsec, reloc) { 2285 type = *(u32 *)(sec->data->d_buf + (reloc_idx(reloc) * sec->sh.sh_entsize) + 4); 2286 2287 offset = reloc->sym->offset + reloc_addend(reloc); 2288 insn = find_insn(file, reloc->sym->sec, offset); 2289 2290 if (!insn) { 2291 WARN("bad .discard.annotate_insn entry: %d of type %d", reloc_idx(reloc), type); 2292 return -1; 2293 } 2294 2295 ret = func(file, type, insn); 2296 if (ret < 0) 2297 return ret; 2298 } 2299 2300 return 0; 2301 } 2302 2303 static int __annotate_early(struct objtool_file *file, int type, struct instruction *insn) 2304 { 2305 switch (type) { 2306 case ANNOTYPE_IGNORE_ALTS: 2307 insn->ignore_alts = true; 2308 break; 2309 2310 /* 2311 * Must be before read_unwind_hints() since that needs insn->noendbr. 2312 */ 2313 case ANNOTYPE_NOENDBR: 2314 insn->noendbr = 1; 2315 break; 2316 2317 default: 2318 break; 2319 } 2320 2321 return 0; 2322 } 2323 2324 static int __annotate_ifc(struct objtool_file *file, int type, struct instruction *insn) 2325 { 2326 unsigned long dest_off; 2327 2328 if (type != ANNOTYPE_INTRA_FUNCTION_CALL) 2329 return 0; 2330 2331 if (insn->type != INSN_CALL) { 2332 WARN_INSN(insn, "intra_function_call not a direct call"); 2333 return -1; 2334 } 2335 2336 /* 2337 * Treat intra-function CALLs as JMPs, but with a stack_op. 2338 * See add_call_destinations(), which strips stack_ops from 2339 * normal CALLs. 2340 */ 2341 insn->type = INSN_JUMP_UNCONDITIONAL; 2342 2343 dest_off = arch_jump_destination(insn); 2344 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2345 if (!insn->jump_dest) { 2346 WARN_INSN(insn, "can't find call dest at %s+0x%lx", 2347 insn->sec->name, dest_off); 2348 return -1; 2349 } 2350 2351 return 0; 2352 } 2353 2354 static int __annotate_late(struct objtool_file *file, int type, struct instruction *insn) 2355 { 2356 switch (type) { 2357 case ANNOTYPE_NOENDBR: 2358 /* early */ 2359 break; 2360 2361 case ANNOTYPE_RETPOLINE_SAFE: 2362 if (insn->type != INSN_JUMP_DYNAMIC && 2363 insn->type != INSN_CALL_DYNAMIC && 2364 insn->type != INSN_RETURN && 2365 insn->type != INSN_NOP) { 2366 WARN_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2367 return -1; 2368 } 2369 2370 insn->retpoline_safe = true; 2371 break; 2372 2373 case ANNOTYPE_INSTR_BEGIN: 2374 insn->instr++; 2375 break; 2376 2377 case ANNOTYPE_INSTR_END: 2378 insn->instr--; 2379 break; 2380 2381 case ANNOTYPE_UNRET_BEGIN: 2382 insn->unret = 1; 2383 break; 2384 2385 case ANNOTYPE_IGNORE_ALTS: 2386 /* early */ 2387 break; 2388 2389 case ANNOTYPE_INTRA_FUNCTION_CALL: 2390 /* ifc */ 2391 break; 2392 2393 case ANNOTYPE_REACHABLE: 2394 insn->dead_end = false; 2395 break; 2396 2397 default: 2398 WARN_INSN(insn, "Unknown annotation type: %d", type); 2399 break; 2400 } 2401 2402 return 0; 2403 } 2404 2405 /* 2406 * Return true if name matches an instrumentation function, where calls to that 2407 * function from noinstr code can safely be removed, but compilers won't do so. 2408 */ 2409 static bool is_profiling_func(const char *name) 2410 { 2411 /* 2412 * Many compilers cannot disable KCOV with a function attribute. 2413 */ 2414 if (!strncmp(name, "__sanitizer_cov_", 16)) 2415 return true; 2416 2417 /* 2418 * Some compilers currently do not remove __tsan_func_entry/exit nor 2419 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2420 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2421 * minimum Clang version is 14.0, this can be removed. 2422 */ 2423 if (!strncmp(name, "__tsan_func_", 12) || 2424 !strcmp(name, "__tsan_atomic_signal_fence")) 2425 return true; 2426 2427 return false; 2428 } 2429 2430 static int classify_symbols(struct objtool_file *file) 2431 { 2432 struct symbol *func; 2433 2434 for_each_sym(file, func) { 2435 if (func->type == STT_NOTYPE && strstarts(func->name, ".L")) 2436 func->local_label = true; 2437 2438 if (func->bind != STB_GLOBAL) 2439 continue; 2440 2441 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2442 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2443 func->static_call_tramp = true; 2444 2445 if (arch_is_retpoline(func)) 2446 func->retpoline_thunk = true; 2447 2448 if (arch_is_rethunk(func)) 2449 func->return_thunk = true; 2450 2451 if (arch_is_embedded_insn(func)) 2452 func->embedded_insn = true; 2453 2454 if (arch_ftrace_match(func->name)) 2455 func->fentry = true; 2456 2457 if (is_profiling_func(func->name)) 2458 func->profiling_func = true; 2459 } 2460 2461 return 0; 2462 } 2463 2464 static void mark_rodata(struct objtool_file *file) 2465 { 2466 struct section *sec; 2467 bool found = false; 2468 2469 /* 2470 * Search for the following rodata sections, each of which can 2471 * potentially contain jump tables: 2472 * 2473 * - .rodata: can contain GCC switch tables 2474 * - .rodata.<func>: same, if -fdata-sections is being used 2475 * - .rodata..c_jump_table: contains C annotated jump tables 2476 * 2477 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2478 */ 2479 for_each_sec(file, sec) { 2480 if (!strncmp(sec->name, ".rodata", 7) && 2481 !strstr(sec->name, ".str1.")) { 2482 sec->rodata = true; 2483 found = true; 2484 } 2485 } 2486 2487 file->rodata = found; 2488 } 2489 2490 static int decode_sections(struct objtool_file *file) 2491 { 2492 int ret; 2493 2494 mark_rodata(file); 2495 2496 ret = init_pv_ops(file); 2497 if (ret) 2498 return ret; 2499 2500 /* 2501 * Must be before add_{jump_call}_destination. 2502 */ 2503 ret = classify_symbols(file); 2504 if (ret) 2505 return ret; 2506 2507 ret = decode_instructions(file); 2508 if (ret) 2509 return ret; 2510 2511 add_ignores(file); 2512 add_uaccess_safe(file); 2513 2514 ret = read_annotate(file, __annotate_early); 2515 if (ret) 2516 return ret; 2517 2518 /* 2519 * Must be before add_jump_destinations(), which depends on 'func' 2520 * being set for alternatives, to enable proper sibling call detection. 2521 */ 2522 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) { 2523 ret = add_special_section_alts(file); 2524 if (ret) 2525 return ret; 2526 } 2527 2528 ret = add_jump_destinations(file); 2529 if (ret) 2530 return ret; 2531 2532 /* 2533 * Must be before add_call_destination(); it changes INSN_CALL to 2534 * INSN_JUMP. 2535 */ 2536 ret = read_annotate(file, __annotate_ifc); 2537 if (ret) 2538 return ret; 2539 2540 ret = add_call_destinations(file); 2541 if (ret) 2542 return ret; 2543 2544 ret = add_jump_table_alts(file); 2545 if (ret) 2546 return ret; 2547 2548 ret = read_unwind_hints(file); 2549 if (ret) 2550 return ret; 2551 2552 /* 2553 * Must be after add_call_destinations() such that it can override 2554 * dead_end_function() marks. 2555 */ 2556 ret = read_annotate(file, __annotate_late); 2557 if (ret) 2558 return ret; 2559 2560 return 0; 2561 } 2562 2563 static bool is_special_call(struct instruction *insn) 2564 { 2565 if (insn->type == INSN_CALL) { 2566 struct symbol *dest = insn_call_dest(insn); 2567 2568 if (!dest) 2569 return false; 2570 2571 if (dest->fentry || dest->embedded_insn) 2572 return true; 2573 } 2574 2575 return false; 2576 } 2577 2578 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2579 { 2580 struct cfi_state *cfi = &state->cfi; 2581 int i; 2582 2583 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2584 return true; 2585 2586 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2587 return true; 2588 2589 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2590 return true; 2591 2592 for (i = 0; i < CFI_NUM_REGS; i++) { 2593 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2594 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2595 return true; 2596 } 2597 2598 return false; 2599 } 2600 2601 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2602 int expected_offset) 2603 { 2604 return reg->base == CFI_CFA && 2605 reg->offset == expected_offset; 2606 } 2607 2608 static bool has_valid_stack_frame(struct insn_state *state) 2609 { 2610 struct cfi_state *cfi = &state->cfi; 2611 2612 if (cfi->cfa.base == CFI_BP && 2613 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2614 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2615 return true; 2616 2617 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2618 return true; 2619 2620 return false; 2621 } 2622 2623 static int update_cfi_state_regs(struct instruction *insn, 2624 struct cfi_state *cfi, 2625 struct stack_op *op) 2626 { 2627 struct cfi_reg *cfa = &cfi->cfa; 2628 2629 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2630 return 0; 2631 2632 /* push */ 2633 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2634 cfa->offset += 8; 2635 2636 /* pop */ 2637 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2638 cfa->offset -= 8; 2639 2640 /* add immediate to sp */ 2641 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2642 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2643 cfa->offset -= op->src.offset; 2644 2645 return 0; 2646 } 2647 2648 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2649 { 2650 if (arch_callee_saved_reg(reg) && 2651 cfi->regs[reg].base == CFI_UNDEFINED) { 2652 cfi->regs[reg].base = base; 2653 cfi->regs[reg].offset = offset; 2654 } 2655 } 2656 2657 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2658 { 2659 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2660 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2661 } 2662 2663 /* 2664 * A note about DRAP stack alignment: 2665 * 2666 * GCC has the concept of a DRAP register, which is used to help keep track of 2667 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2668 * register. The typical DRAP pattern is: 2669 * 2670 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2671 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2672 * 41 ff 72 f8 pushq -0x8(%r10) 2673 * 55 push %rbp 2674 * 48 89 e5 mov %rsp,%rbp 2675 * (more pushes) 2676 * 41 52 push %r10 2677 * ... 2678 * 41 5a pop %r10 2679 * (more pops) 2680 * 5d pop %rbp 2681 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2682 * c3 retq 2683 * 2684 * There are some variations in the epilogues, like: 2685 * 2686 * 5b pop %rbx 2687 * 41 5a pop %r10 2688 * 41 5c pop %r12 2689 * 41 5d pop %r13 2690 * 41 5e pop %r14 2691 * c9 leaveq 2692 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2693 * c3 retq 2694 * 2695 * and: 2696 * 2697 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2698 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2699 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2700 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2701 * c9 leaveq 2702 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2703 * c3 retq 2704 * 2705 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2706 * restored beforehand: 2707 * 2708 * 41 55 push %r13 2709 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2710 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2711 * ... 2712 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2713 * 41 5d pop %r13 2714 * c3 retq 2715 */ 2716 static int update_cfi_state(struct instruction *insn, 2717 struct instruction *next_insn, 2718 struct cfi_state *cfi, struct stack_op *op) 2719 { 2720 struct cfi_reg *cfa = &cfi->cfa; 2721 struct cfi_reg *regs = cfi->regs; 2722 2723 /* ignore UNWIND_HINT_UNDEFINED regions */ 2724 if (cfi->force_undefined) 2725 return 0; 2726 2727 /* stack operations don't make sense with an undefined CFA */ 2728 if (cfa->base == CFI_UNDEFINED) { 2729 if (insn_func(insn)) { 2730 WARN_INSN(insn, "undefined stack state"); 2731 return -1; 2732 } 2733 return 0; 2734 } 2735 2736 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2737 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2738 return update_cfi_state_regs(insn, cfi, op); 2739 2740 switch (op->dest.type) { 2741 2742 case OP_DEST_REG: 2743 switch (op->src.type) { 2744 2745 case OP_SRC_REG: 2746 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2747 cfa->base == CFI_SP && 2748 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2749 2750 /* mov %rsp, %rbp */ 2751 cfa->base = op->dest.reg; 2752 cfi->bp_scratch = false; 2753 } 2754 2755 else if (op->src.reg == CFI_SP && 2756 op->dest.reg == CFI_BP && cfi->drap) { 2757 2758 /* drap: mov %rsp, %rbp */ 2759 regs[CFI_BP].base = CFI_BP; 2760 regs[CFI_BP].offset = -cfi->stack_size; 2761 cfi->bp_scratch = false; 2762 } 2763 2764 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2765 2766 /* 2767 * mov %rsp, %reg 2768 * 2769 * This is needed for the rare case where GCC 2770 * does: 2771 * 2772 * mov %rsp, %rax 2773 * ... 2774 * mov %rax, %rsp 2775 */ 2776 cfi->vals[op->dest.reg].base = CFI_CFA; 2777 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2778 } 2779 2780 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2781 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2782 2783 /* 2784 * mov %rbp, %rsp 2785 * 2786 * Restore the original stack pointer (Clang). 2787 */ 2788 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2789 } 2790 2791 else if (op->dest.reg == cfa->base) { 2792 2793 /* mov %reg, %rsp */ 2794 if (cfa->base == CFI_SP && 2795 cfi->vals[op->src.reg].base == CFI_CFA) { 2796 2797 /* 2798 * This is needed for the rare case 2799 * where GCC does something dumb like: 2800 * 2801 * lea 0x8(%rsp), %rcx 2802 * ... 2803 * mov %rcx, %rsp 2804 */ 2805 cfa->offset = -cfi->vals[op->src.reg].offset; 2806 cfi->stack_size = cfa->offset; 2807 2808 } else if (cfa->base == CFI_SP && 2809 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2810 cfi->vals[op->src.reg].offset == cfa->offset) { 2811 2812 /* 2813 * Stack swizzle: 2814 * 2815 * 1: mov %rsp, (%[tos]) 2816 * 2: mov %[tos], %rsp 2817 * ... 2818 * 3: pop %rsp 2819 * 2820 * Where: 2821 * 2822 * 1 - places a pointer to the previous 2823 * stack at the Top-of-Stack of the 2824 * new stack. 2825 * 2826 * 2 - switches to the new stack. 2827 * 2828 * 3 - pops the Top-of-Stack to restore 2829 * the original stack. 2830 * 2831 * Note: we set base to SP_INDIRECT 2832 * here and preserve offset. Therefore 2833 * when the unwinder reaches ToS it 2834 * will dereference SP and then add the 2835 * offset to find the next frame, IOW: 2836 * (%rsp) + offset. 2837 */ 2838 cfa->base = CFI_SP_INDIRECT; 2839 2840 } else { 2841 cfa->base = CFI_UNDEFINED; 2842 cfa->offset = 0; 2843 } 2844 } 2845 2846 else if (op->dest.reg == CFI_SP && 2847 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2848 cfi->vals[op->src.reg].offset == cfa->offset) { 2849 2850 /* 2851 * The same stack swizzle case 2) as above. But 2852 * because we can't change cfa->base, case 3) 2853 * will become a regular POP. Pretend we're a 2854 * PUSH so things don't go unbalanced. 2855 */ 2856 cfi->stack_size += 8; 2857 } 2858 2859 2860 break; 2861 2862 case OP_SRC_ADD: 2863 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2864 2865 /* add imm, %rsp */ 2866 cfi->stack_size -= op->src.offset; 2867 if (cfa->base == CFI_SP) 2868 cfa->offset -= op->src.offset; 2869 break; 2870 } 2871 2872 if (op->dest.reg == CFI_BP && op->src.reg == CFI_SP && 2873 insn->sym->frame_pointer) { 2874 /* addi.d fp,sp,imm on LoongArch */ 2875 if (cfa->base == CFI_SP && cfa->offset == op->src.offset) { 2876 cfa->base = CFI_BP; 2877 cfa->offset = 0; 2878 } 2879 break; 2880 } 2881 2882 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2883 /* addi.d sp,fp,imm on LoongArch */ 2884 if (cfa->base == CFI_BP && cfa->offset == 0) { 2885 if (insn->sym->frame_pointer) { 2886 cfa->base = CFI_SP; 2887 cfa->offset = -op->src.offset; 2888 } 2889 } else { 2890 /* lea disp(%rbp), %rsp */ 2891 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2892 } 2893 break; 2894 } 2895 2896 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2897 2898 /* drap: lea disp(%rsp), %drap */ 2899 cfi->drap_reg = op->dest.reg; 2900 2901 /* 2902 * lea disp(%rsp), %reg 2903 * 2904 * This is needed for the rare case where GCC 2905 * does something dumb like: 2906 * 2907 * lea 0x8(%rsp), %rcx 2908 * ... 2909 * mov %rcx, %rsp 2910 */ 2911 cfi->vals[op->dest.reg].base = CFI_CFA; 2912 cfi->vals[op->dest.reg].offset = \ 2913 -cfi->stack_size + op->src.offset; 2914 2915 break; 2916 } 2917 2918 if (cfi->drap && op->dest.reg == CFI_SP && 2919 op->src.reg == cfi->drap_reg) { 2920 2921 /* drap: lea disp(%drap), %rsp */ 2922 cfa->base = CFI_SP; 2923 cfa->offset = cfi->stack_size = -op->src.offset; 2924 cfi->drap_reg = CFI_UNDEFINED; 2925 cfi->drap = false; 2926 break; 2927 } 2928 2929 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 2930 WARN_INSN(insn, "unsupported stack register modification"); 2931 return -1; 2932 } 2933 2934 break; 2935 2936 case OP_SRC_AND: 2937 if (op->dest.reg != CFI_SP || 2938 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 2939 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 2940 WARN_INSN(insn, "unsupported stack pointer realignment"); 2941 return -1; 2942 } 2943 2944 if (cfi->drap_reg != CFI_UNDEFINED) { 2945 /* drap: and imm, %rsp */ 2946 cfa->base = cfi->drap_reg; 2947 cfa->offset = cfi->stack_size = 0; 2948 cfi->drap = true; 2949 } 2950 2951 /* 2952 * Older versions of GCC (4.8ish) realign the stack 2953 * without DRAP, with a frame pointer. 2954 */ 2955 2956 break; 2957 2958 case OP_SRC_POP: 2959 case OP_SRC_POPF: 2960 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 2961 2962 /* pop %rsp; # restore from a stack swizzle */ 2963 cfa->base = CFI_SP; 2964 break; 2965 } 2966 2967 if (!cfi->drap && op->dest.reg == cfa->base) { 2968 2969 /* pop %rbp */ 2970 cfa->base = CFI_SP; 2971 } 2972 2973 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 2974 op->dest.reg == cfi->drap_reg && 2975 cfi->drap_offset == -cfi->stack_size) { 2976 2977 /* drap: pop %drap */ 2978 cfa->base = cfi->drap_reg; 2979 cfa->offset = 0; 2980 cfi->drap_offset = -1; 2981 2982 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 2983 2984 /* pop %reg */ 2985 restore_reg(cfi, op->dest.reg); 2986 } 2987 2988 cfi->stack_size -= 8; 2989 if (cfa->base == CFI_SP) 2990 cfa->offset -= 8; 2991 2992 break; 2993 2994 case OP_SRC_REG_INDIRECT: 2995 if (!cfi->drap && op->dest.reg == cfa->base && 2996 op->dest.reg == CFI_BP) { 2997 2998 /* mov disp(%rsp), %rbp */ 2999 cfa->base = CFI_SP; 3000 cfa->offset = cfi->stack_size; 3001 } 3002 3003 if (cfi->drap && op->src.reg == CFI_BP && 3004 op->src.offset == cfi->drap_offset) { 3005 3006 /* drap: mov disp(%rbp), %drap */ 3007 cfa->base = cfi->drap_reg; 3008 cfa->offset = 0; 3009 cfi->drap_offset = -1; 3010 } 3011 3012 if (cfi->drap && op->src.reg == CFI_BP && 3013 op->src.offset == regs[op->dest.reg].offset) { 3014 3015 /* drap: mov disp(%rbp), %reg */ 3016 restore_reg(cfi, op->dest.reg); 3017 3018 } else if (op->src.reg == cfa->base && 3019 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3020 3021 /* mov disp(%rbp), %reg */ 3022 /* mov disp(%rsp), %reg */ 3023 restore_reg(cfi, op->dest.reg); 3024 3025 } else if (op->src.reg == CFI_SP && 3026 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3027 3028 /* mov disp(%rsp), %reg */ 3029 restore_reg(cfi, op->dest.reg); 3030 } 3031 3032 break; 3033 3034 default: 3035 WARN_INSN(insn, "unknown stack-related instruction"); 3036 return -1; 3037 } 3038 3039 break; 3040 3041 case OP_DEST_PUSH: 3042 case OP_DEST_PUSHF: 3043 cfi->stack_size += 8; 3044 if (cfa->base == CFI_SP) 3045 cfa->offset += 8; 3046 3047 if (op->src.type != OP_SRC_REG) 3048 break; 3049 3050 if (cfi->drap) { 3051 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3052 3053 /* drap: push %drap */ 3054 cfa->base = CFI_BP_INDIRECT; 3055 cfa->offset = -cfi->stack_size; 3056 3057 /* save drap so we know when to restore it */ 3058 cfi->drap_offset = -cfi->stack_size; 3059 3060 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3061 3062 /* drap: push %rbp */ 3063 cfi->stack_size = 0; 3064 3065 } else { 3066 3067 /* drap: push %reg */ 3068 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3069 } 3070 3071 } else { 3072 3073 /* push %reg */ 3074 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3075 } 3076 3077 /* detect when asm code uses rbp as a scratch register */ 3078 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3079 cfa->base != CFI_BP) 3080 cfi->bp_scratch = true; 3081 break; 3082 3083 case OP_DEST_REG_INDIRECT: 3084 3085 if (cfi->drap) { 3086 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3087 3088 /* drap: mov %drap, disp(%rbp) */ 3089 cfa->base = CFI_BP_INDIRECT; 3090 cfa->offset = op->dest.offset; 3091 3092 /* save drap offset so we know when to restore it */ 3093 cfi->drap_offset = op->dest.offset; 3094 } else { 3095 3096 /* drap: mov reg, disp(%rbp) */ 3097 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3098 } 3099 3100 } else if (op->dest.reg == cfa->base) { 3101 3102 /* mov reg, disp(%rbp) */ 3103 /* mov reg, disp(%rsp) */ 3104 save_reg(cfi, op->src.reg, CFI_CFA, 3105 op->dest.offset - cfi->cfa.offset); 3106 3107 } else if (op->dest.reg == CFI_SP) { 3108 3109 /* mov reg, disp(%rsp) */ 3110 save_reg(cfi, op->src.reg, CFI_CFA, 3111 op->dest.offset - cfi->stack_size); 3112 3113 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3114 3115 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3116 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3117 cfi->vals[op->dest.reg].offset = cfa->offset; 3118 } 3119 3120 break; 3121 3122 case OP_DEST_MEM: 3123 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3124 WARN_INSN(insn, "unknown stack-related memory operation"); 3125 return -1; 3126 } 3127 3128 /* pop mem */ 3129 cfi->stack_size -= 8; 3130 if (cfa->base == CFI_SP) 3131 cfa->offset -= 8; 3132 3133 break; 3134 3135 default: 3136 WARN_INSN(insn, "unknown stack-related instruction"); 3137 return -1; 3138 } 3139 3140 return 0; 3141 } 3142 3143 /* 3144 * The stack layouts of alternatives instructions can sometimes diverge when 3145 * they have stack modifications. That's fine as long as the potential stack 3146 * layouts don't conflict at any given potential instruction boundary. 3147 * 3148 * Flatten the CFIs of the different alternative code streams (both original 3149 * and replacement) into a single shared CFI array which can be used to detect 3150 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3151 */ 3152 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3153 { 3154 struct cfi_state **alt_cfi; 3155 int group_off; 3156 3157 if (!insn->alt_group) 3158 return 0; 3159 3160 if (!insn->cfi) { 3161 WARN("CFI missing"); 3162 return -1; 3163 } 3164 3165 alt_cfi = insn->alt_group->cfi; 3166 group_off = insn->offset - insn->alt_group->first_insn->offset; 3167 3168 if (!alt_cfi[group_off]) { 3169 alt_cfi[group_off] = insn->cfi; 3170 } else { 3171 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3172 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3173 struct instruction *orig = orig_group->first_insn; 3174 char *where = offstr(insn->sec, insn->offset); 3175 WARN_INSN(orig, "stack layout conflict in alternatives: %s", where); 3176 free(where); 3177 return -1; 3178 } 3179 } 3180 3181 return 0; 3182 } 3183 3184 static int handle_insn_ops(struct instruction *insn, 3185 struct instruction *next_insn, 3186 struct insn_state *state) 3187 { 3188 struct stack_op *op; 3189 3190 for (op = insn->stack_ops; op; op = op->next) { 3191 3192 if (update_cfi_state(insn, next_insn, &state->cfi, op)) 3193 return 1; 3194 3195 if (!insn->alt_group) 3196 continue; 3197 3198 if (op->dest.type == OP_DEST_PUSHF) { 3199 if (!state->uaccess_stack) { 3200 state->uaccess_stack = 1; 3201 } else if (state->uaccess_stack >> 31) { 3202 WARN_INSN(insn, "PUSHF stack exhausted"); 3203 return 1; 3204 } 3205 state->uaccess_stack <<= 1; 3206 state->uaccess_stack |= state->uaccess; 3207 } 3208 3209 if (op->src.type == OP_SRC_POPF) { 3210 if (state->uaccess_stack) { 3211 state->uaccess = state->uaccess_stack & 1; 3212 state->uaccess_stack >>= 1; 3213 if (state->uaccess_stack == 1) 3214 state->uaccess_stack = 0; 3215 } 3216 } 3217 } 3218 3219 return 0; 3220 } 3221 3222 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3223 { 3224 struct cfi_state *cfi1 = insn->cfi; 3225 int i; 3226 3227 if (!cfi1) { 3228 WARN("CFI missing"); 3229 return false; 3230 } 3231 3232 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3233 3234 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3235 cfi1->cfa.base, cfi1->cfa.offset, 3236 cfi2->cfa.base, cfi2->cfa.offset); 3237 3238 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3239 for (i = 0; i < CFI_NUM_REGS; i++) { 3240 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], 3241 sizeof(struct cfi_reg))) 3242 continue; 3243 3244 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3245 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3246 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3247 break; 3248 } 3249 3250 } else if (cfi1->type != cfi2->type) { 3251 3252 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3253 cfi1->type, cfi2->type); 3254 3255 } else if (cfi1->drap != cfi2->drap || 3256 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3257 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3258 3259 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3260 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3261 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3262 3263 } else 3264 return true; 3265 3266 return false; 3267 } 3268 3269 static inline bool func_uaccess_safe(struct symbol *func) 3270 { 3271 if (func) 3272 return func->uaccess_safe; 3273 3274 return false; 3275 } 3276 3277 static inline const char *call_dest_name(struct instruction *insn) 3278 { 3279 static char pvname[19]; 3280 struct reloc *reloc; 3281 int idx; 3282 3283 if (insn_call_dest(insn)) 3284 return insn_call_dest(insn)->name; 3285 3286 reloc = insn_reloc(NULL, insn); 3287 if (reloc && !strcmp(reloc->sym->name, "pv_ops")) { 3288 idx = (reloc_addend(reloc) / sizeof(void *)); 3289 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3290 return pvname; 3291 } 3292 3293 return "{dynamic}"; 3294 } 3295 3296 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3297 { 3298 struct symbol *target; 3299 struct reloc *reloc; 3300 int idx; 3301 3302 reloc = insn_reloc(file, insn); 3303 if (!reloc || strcmp(reloc->sym->name, "pv_ops")) 3304 return false; 3305 3306 idx = (arch_dest_reloc_offset(reloc_addend(reloc)) / sizeof(void *)); 3307 3308 if (file->pv_ops[idx].clean) 3309 return true; 3310 3311 file->pv_ops[idx].clean = true; 3312 3313 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3314 if (!target->sec->noinstr) { 3315 WARN("pv_ops[%d]: %s", idx, target->name); 3316 file->pv_ops[idx].clean = false; 3317 } 3318 } 3319 3320 return file->pv_ops[idx].clean; 3321 } 3322 3323 static inline bool noinstr_call_dest(struct objtool_file *file, 3324 struct instruction *insn, 3325 struct symbol *func) 3326 { 3327 /* 3328 * We can't deal with indirect function calls at present; 3329 * assume they're instrumented. 3330 */ 3331 if (!func) { 3332 if (file->pv_ops) 3333 return pv_call_dest(file, insn); 3334 3335 return false; 3336 } 3337 3338 /* 3339 * If the symbol is from a noinstr section; we good. 3340 */ 3341 if (func->sec->noinstr) 3342 return true; 3343 3344 /* 3345 * If the symbol is a static_call trampoline, we can't tell. 3346 */ 3347 if (func->static_call_tramp) 3348 return true; 3349 3350 /* 3351 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3352 * something 'BAD' happened. At the risk of taking the machine down, 3353 * let them proceed to get the message out. 3354 */ 3355 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3356 return true; 3357 3358 return false; 3359 } 3360 3361 static int validate_call(struct objtool_file *file, 3362 struct instruction *insn, 3363 struct insn_state *state) 3364 { 3365 if (state->noinstr && state->instr <= 0 && 3366 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3367 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3368 return 1; 3369 } 3370 3371 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3372 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3373 return 1; 3374 } 3375 3376 if (state->df) { 3377 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3378 return 1; 3379 } 3380 3381 return 0; 3382 } 3383 3384 static int validate_sibling_call(struct objtool_file *file, 3385 struct instruction *insn, 3386 struct insn_state *state) 3387 { 3388 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3389 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3390 return 1; 3391 } 3392 3393 return validate_call(file, insn, state); 3394 } 3395 3396 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3397 { 3398 if (state->noinstr && state->instr > 0) { 3399 WARN_INSN(insn, "return with instrumentation enabled"); 3400 return 1; 3401 } 3402 3403 if (state->uaccess && !func_uaccess_safe(func)) { 3404 WARN_INSN(insn, "return with UACCESS enabled"); 3405 return 1; 3406 } 3407 3408 if (!state->uaccess && func_uaccess_safe(func)) { 3409 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3410 return 1; 3411 } 3412 3413 if (state->df) { 3414 WARN_INSN(insn, "return with DF set"); 3415 return 1; 3416 } 3417 3418 if (func && has_modified_stack_frame(insn, state)) { 3419 WARN_INSN(insn, "return with modified stack frame"); 3420 return 1; 3421 } 3422 3423 if (state->cfi.bp_scratch) { 3424 WARN_INSN(insn, "BP used as a scratch register"); 3425 return 1; 3426 } 3427 3428 return 0; 3429 } 3430 3431 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3432 struct instruction *insn) 3433 { 3434 struct alt_group *alt_group = insn->alt_group; 3435 3436 /* 3437 * Simulate the fact that alternatives are patched in-place. When the 3438 * end of a replacement alt_group is reached, redirect objtool flow to 3439 * the end of the original alt_group. 3440 * 3441 * insn->alts->insn -> alt_group->first_insn 3442 * ... 3443 * alt_group->last_insn 3444 * [alt_group->nop] -> next(orig_group->last_insn) 3445 */ 3446 if (alt_group) { 3447 if (alt_group->nop) { 3448 /* ->nop implies ->orig_group */ 3449 if (insn == alt_group->last_insn) 3450 return alt_group->nop; 3451 if (insn == alt_group->nop) 3452 goto next_orig; 3453 } 3454 if (insn == alt_group->last_insn && alt_group->orig_group) 3455 goto next_orig; 3456 } 3457 3458 return next_insn_same_sec(file, insn); 3459 3460 next_orig: 3461 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3462 } 3463 3464 /* 3465 * Follow the branch starting at the given instruction, and recursively follow 3466 * any other branches (jumps). Meanwhile, track the frame pointer state at 3467 * each instruction and validate all the rules described in 3468 * tools/objtool/Documentation/objtool.txt. 3469 */ 3470 static int validate_branch(struct objtool_file *file, struct symbol *func, 3471 struct instruction *insn, struct insn_state state) 3472 { 3473 struct alternative *alt; 3474 struct instruction *next_insn, *prev_insn = NULL; 3475 struct section *sec; 3476 u8 visited; 3477 int ret; 3478 3479 sec = insn->sec; 3480 3481 while (1) { 3482 next_insn = next_insn_to_validate(file, insn); 3483 3484 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3485 /* Ignore KCFI type preambles, which always fall through */ 3486 if (!strncmp(func->name, "__cfi_", 6) || 3487 !strncmp(func->name, "__pfx_", 6)) 3488 return 0; 3489 3490 WARN("%s() falls through to next function %s()", 3491 func->name, insn_func(insn)->name); 3492 return 1; 3493 } 3494 3495 if (func && insn->ignore) { 3496 WARN_INSN(insn, "BUG: why am I validating an ignored function?"); 3497 return 1; 3498 } 3499 3500 visited = VISITED_BRANCH << state.uaccess; 3501 if (insn->visited & VISITED_BRANCH_MASK) { 3502 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3503 return 1; 3504 3505 if (insn->visited & visited) 3506 return 0; 3507 } else { 3508 nr_insns_visited++; 3509 } 3510 3511 if (state.noinstr) 3512 state.instr += insn->instr; 3513 3514 if (insn->hint) { 3515 if (insn->restore) { 3516 struct instruction *save_insn, *i; 3517 3518 i = insn; 3519 save_insn = NULL; 3520 3521 sym_for_each_insn_continue_reverse(file, func, i) { 3522 if (i->save) { 3523 save_insn = i; 3524 break; 3525 } 3526 } 3527 3528 if (!save_insn) { 3529 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3530 return 1; 3531 } 3532 3533 if (!save_insn->visited) { 3534 /* 3535 * If the restore hint insn is at the 3536 * beginning of a basic block and was 3537 * branched to from elsewhere, and the 3538 * save insn hasn't been visited yet, 3539 * defer following this branch for now. 3540 * It will be seen later via the 3541 * straight-line path. 3542 */ 3543 if (!prev_insn) 3544 return 0; 3545 3546 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3547 return 1; 3548 } 3549 3550 insn->cfi = save_insn->cfi; 3551 nr_cfi_reused++; 3552 } 3553 3554 state.cfi = *insn->cfi; 3555 } else { 3556 /* XXX track if we actually changed state.cfi */ 3557 3558 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3559 insn->cfi = prev_insn->cfi; 3560 nr_cfi_reused++; 3561 } else { 3562 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3563 } 3564 } 3565 3566 insn->visited |= visited; 3567 3568 if (propagate_alt_cfi(file, insn)) 3569 return 1; 3570 3571 if (!insn->ignore_alts && insn->alts) { 3572 bool skip_orig = false; 3573 3574 for (alt = insn->alts; alt; alt = alt->next) { 3575 if (alt->skip_orig) 3576 skip_orig = true; 3577 3578 ret = validate_branch(file, func, alt->insn, state); 3579 if (ret) { 3580 BT_INSN(insn, "(alt)"); 3581 return ret; 3582 } 3583 } 3584 3585 if (skip_orig) 3586 return 0; 3587 } 3588 3589 if (handle_insn_ops(insn, next_insn, &state)) 3590 return 1; 3591 3592 switch (insn->type) { 3593 3594 case INSN_RETURN: 3595 return validate_return(func, insn, &state); 3596 3597 case INSN_CALL: 3598 case INSN_CALL_DYNAMIC: 3599 ret = validate_call(file, insn, &state); 3600 if (ret) 3601 return ret; 3602 3603 if (opts.stackval && func && !is_special_call(insn) && 3604 !has_valid_stack_frame(&state)) { 3605 WARN_INSN(insn, "call without frame pointer save/setup"); 3606 return 1; 3607 } 3608 3609 if (insn->dead_end) 3610 return 0; 3611 3612 break; 3613 3614 case INSN_JUMP_CONDITIONAL: 3615 case INSN_JUMP_UNCONDITIONAL: 3616 if (is_sibling_call(insn)) { 3617 ret = validate_sibling_call(file, insn, &state); 3618 if (ret) 3619 return ret; 3620 3621 } else if (insn->jump_dest) { 3622 ret = validate_branch(file, func, 3623 insn->jump_dest, state); 3624 if (ret) { 3625 BT_INSN(insn, "(branch)"); 3626 return ret; 3627 } 3628 } 3629 3630 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3631 return 0; 3632 3633 break; 3634 3635 case INSN_JUMP_DYNAMIC: 3636 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3637 if (is_sibling_call(insn)) { 3638 ret = validate_sibling_call(file, insn, &state); 3639 if (ret) 3640 return ret; 3641 } 3642 3643 if (insn->type == INSN_JUMP_DYNAMIC) 3644 return 0; 3645 3646 break; 3647 3648 case INSN_CONTEXT_SWITCH: 3649 if (func) { 3650 if (!next_insn || !next_insn->hint) { 3651 WARN_INSN(insn, "unsupported instruction in callable function"); 3652 return 1; 3653 } 3654 break; 3655 } 3656 return 0; 3657 3658 case INSN_STAC: 3659 if (state.uaccess) { 3660 WARN_INSN(insn, "recursive UACCESS enable"); 3661 return 1; 3662 } 3663 3664 state.uaccess = true; 3665 break; 3666 3667 case INSN_CLAC: 3668 if (!state.uaccess && func) { 3669 WARN_INSN(insn, "redundant UACCESS disable"); 3670 return 1; 3671 } 3672 3673 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3674 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3675 return 1; 3676 } 3677 3678 state.uaccess = false; 3679 break; 3680 3681 case INSN_STD: 3682 if (state.df) { 3683 WARN_INSN(insn, "recursive STD"); 3684 return 1; 3685 } 3686 3687 state.df = true; 3688 break; 3689 3690 case INSN_CLD: 3691 if (!state.df && func) { 3692 WARN_INSN(insn, "redundant CLD"); 3693 return 1; 3694 } 3695 3696 state.df = false; 3697 break; 3698 3699 default: 3700 break; 3701 } 3702 3703 if (insn->dead_end) 3704 return 0; 3705 3706 if (!next_insn) { 3707 if (state.cfi.cfa.base == CFI_UNDEFINED) 3708 return 0; 3709 WARN("%s: unexpected end of section", sec->name); 3710 return 1; 3711 } 3712 3713 prev_insn = insn; 3714 insn = next_insn; 3715 } 3716 3717 return 0; 3718 } 3719 3720 static int validate_unwind_hint(struct objtool_file *file, 3721 struct instruction *insn, 3722 struct insn_state *state) 3723 { 3724 if (insn->hint && !insn->visited && !insn->ignore) { 3725 int ret = validate_branch(file, insn_func(insn), insn, *state); 3726 if (ret) 3727 BT_INSN(insn, "<=== (hint)"); 3728 return ret; 3729 } 3730 3731 return 0; 3732 } 3733 3734 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3735 { 3736 struct instruction *insn; 3737 struct insn_state state; 3738 int warnings = 0; 3739 3740 if (!file->hints) 3741 return 0; 3742 3743 init_insn_state(file, &state, sec); 3744 3745 if (sec) { 3746 sec_for_each_insn(file, sec, insn) 3747 warnings += validate_unwind_hint(file, insn, &state); 3748 } else { 3749 for_each_insn(file, insn) 3750 warnings += validate_unwind_hint(file, insn, &state); 3751 } 3752 3753 return warnings; 3754 } 3755 3756 /* 3757 * Validate rethunk entry constraint: must untrain RET before the first RET. 3758 * 3759 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 3760 * before an actual RET instruction. 3761 */ 3762 static int validate_unret(struct objtool_file *file, struct instruction *insn) 3763 { 3764 struct instruction *next, *dest; 3765 int ret; 3766 3767 for (;;) { 3768 next = next_insn_to_validate(file, insn); 3769 3770 if (insn->visited & VISITED_UNRET) 3771 return 0; 3772 3773 insn->visited |= VISITED_UNRET; 3774 3775 if (!insn->ignore_alts && insn->alts) { 3776 struct alternative *alt; 3777 bool skip_orig = false; 3778 3779 for (alt = insn->alts; alt; alt = alt->next) { 3780 if (alt->skip_orig) 3781 skip_orig = true; 3782 3783 ret = validate_unret(file, alt->insn); 3784 if (ret) { 3785 BT_INSN(insn, "(alt)"); 3786 return ret; 3787 } 3788 } 3789 3790 if (skip_orig) 3791 return 0; 3792 } 3793 3794 switch (insn->type) { 3795 3796 case INSN_CALL_DYNAMIC: 3797 case INSN_JUMP_DYNAMIC: 3798 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3799 WARN_INSN(insn, "early indirect call"); 3800 return 1; 3801 3802 case INSN_JUMP_UNCONDITIONAL: 3803 case INSN_JUMP_CONDITIONAL: 3804 if (!is_sibling_call(insn)) { 3805 if (!insn->jump_dest) { 3806 WARN_INSN(insn, "unresolved jump target after linking?!?"); 3807 return -1; 3808 } 3809 ret = validate_unret(file, insn->jump_dest); 3810 if (ret) { 3811 BT_INSN(insn, "(branch%s)", 3812 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3813 return ret; 3814 } 3815 3816 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3817 return 0; 3818 3819 break; 3820 } 3821 3822 /* fallthrough */ 3823 case INSN_CALL: 3824 dest = find_insn(file, insn_call_dest(insn)->sec, 3825 insn_call_dest(insn)->offset); 3826 if (!dest) { 3827 WARN("Unresolved function after linking!?: %s", 3828 insn_call_dest(insn)->name); 3829 return -1; 3830 } 3831 3832 ret = validate_unret(file, dest); 3833 if (ret) { 3834 BT_INSN(insn, "(call)"); 3835 return ret; 3836 } 3837 /* 3838 * If a call returns without error, it must have seen UNTRAIN_RET. 3839 * Therefore any non-error return is a success. 3840 */ 3841 return 0; 3842 3843 case INSN_RETURN: 3844 WARN_INSN(insn, "RET before UNTRAIN"); 3845 return 1; 3846 3847 case INSN_NOP: 3848 if (insn->retpoline_safe) 3849 return 0; 3850 break; 3851 3852 default: 3853 break; 3854 } 3855 3856 if (!next) { 3857 WARN_INSN(insn, "teh end!"); 3858 return -1; 3859 } 3860 insn = next; 3861 } 3862 3863 return 0; 3864 } 3865 3866 /* 3867 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 3868 * VALIDATE_UNRET_END before RET. 3869 */ 3870 static int validate_unrets(struct objtool_file *file) 3871 { 3872 struct instruction *insn; 3873 int ret, warnings = 0; 3874 3875 for_each_insn(file, insn) { 3876 if (!insn->unret) 3877 continue; 3878 3879 ret = validate_unret(file, insn); 3880 if (ret < 0) { 3881 WARN_INSN(insn, "Failed UNRET validation"); 3882 return ret; 3883 } 3884 warnings += ret; 3885 } 3886 3887 return warnings; 3888 } 3889 3890 static int validate_retpoline(struct objtool_file *file) 3891 { 3892 struct instruction *insn; 3893 int warnings = 0; 3894 3895 for_each_insn(file, insn) { 3896 if (insn->type != INSN_JUMP_DYNAMIC && 3897 insn->type != INSN_CALL_DYNAMIC && 3898 insn->type != INSN_RETURN) 3899 continue; 3900 3901 if (insn->retpoline_safe) 3902 continue; 3903 3904 if (insn->sec->init) 3905 continue; 3906 3907 if (insn->type == INSN_RETURN) { 3908 if (opts.rethunk) { 3909 WARN_INSN(insn, "'naked' return found in MITIGATION_RETHUNK build"); 3910 } else 3911 continue; 3912 } else { 3913 WARN_INSN(insn, "indirect %s found in MITIGATION_RETPOLINE build", 3914 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3915 } 3916 3917 warnings++; 3918 } 3919 3920 return warnings; 3921 } 3922 3923 static bool is_kasan_insn(struct instruction *insn) 3924 { 3925 return (insn->type == INSN_CALL && 3926 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 3927 } 3928 3929 static bool is_ubsan_insn(struct instruction *insn) 3930 { 3931 return (insn->type == INSN_CALL && 3932 !strcmp(insn_call_dest(insn)->name, 3933 "__ubsan_handle_builtin_unreachable")); 3934 } 3935 3936 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 3937 { 3938 int i; 3939 struct instruction *prev_insn; 3940 3941 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) 3942 return true; 3943 3944 /* 3945 * Ignore alternative replacement instructions. This can happen 3946 * when a whitelisted function uses one of the ALTERNATIVE macros. 3947 */ 3948 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 3949 !strcmp(insn->sec->name, ".altinstr_aux")) 3950 return true; 3951 3952 /* 3953 * Whole archive runs might encounter dead code from weak symbols. 3954 * This is where the linker will have dropped the weak symbol in 3955 * favour of a regular symbol, but leaves the code in place. 3956 * 3957 * In this case we'll find a piece of code (whole function) that is not 3958 * covered by a !section symbol. Ignore them. 3959 */ 3960 if (opts.link && !insn_func(insn)) { 3961 int size = find_symbol_hole_containing(insn->sec, insn->offset); 3962 unsigned long end = insn->offset + size; 3963 3964 if (!size) /* not a hole */ 3965 return false; 3966 3967 if (size < 0) /* hole until the end */ 3968 return true; 3969 3970 sec_for_each_insn_continue(file, insn) { 3971 /* 3972 * If we reach a visited instruction at or before the 3973 * end of the hole, ignore the unreachable. 3974 */ 3975 if (insn->visited) 3976 return true; 3977 3978 if (insn->offset >= end) 3979 break; 3980 3981 /* 3982 * If this hole jumps to a .cold function, mark it ignore too. 3983 */ 3984 if (insn->jump_dest && insn_func(insn->jump_dest) && 3985 strstr(insn_func(insn->jump_dest)->name, ".cold")) { 3986 struct instruction *dest = insn->jump_dest; 3987 func_for_each_insn(file, insn_func(dest), dest) 3988 dest->ignore = true; 3989 } 3990 } 3991 3992 return false; 3993 } 3994 3995 if (!insn_func(insn)) 3996 return false; 3997 3998 if (insn_func(insn)->static_call_tramp) 3999 return true; 4000 4001 /* 4002 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4003 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4004 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4005 * (or occasionally a JMP to UD2). 4006 * 4007 * It may also insert a UD2 after calling a __noreturn function. 4008 */ 4009 prev_insn = prev_insn_same_sec(file, insn); 4010 if (prev_insn->dead_end && 4011 (insn->type == INSN_BUG || 4012 (insn->type == INSN_JUMP_UNCONDITIONAL && 4013 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4014 return true; 4015 4016 /* 4017 * Check if this (or a subsequent) instruction is related to 4018 * CONFIG_UBSAN or CONFIG_KASAN. 4019 * 4020 * End the search at 5 instructions to avoid going into the weeds. 4021 */ 4022 for (i = 0; i < 5; i++) { 4023 4024 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4025 return true; 4026 4027 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4028 if (insn->jump_dest && 4029 insn_func(insn->jump_dest) == insn_func(insn)) { 4030 insn = insn->jump_dest; 4031 continue; 4032 } 4033 4034 break; 4035 } 4036 4037 if (insn->offset + insn->len >= insn_func(insn)->offset + insn_func(insn)->len) 4038 break; 4039 4040 insn = next_insn_same_sec(file, insn); 4041 } 4042 4043 return false; 4044 } 4045 4046 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func) 4047 { 4048 struct instruction *insn, *prev; 4049 struct cfi_state *cfi; 4050 4051 insn = find_insn(file, func->sec, func->offset); 4052 if (!insn) 4053 return -1; 4054 4055 for (prev = prev_insn_same_sec(file, insn); 4056 prev; 4057 prev = prev_insn_same_sec(file, prev)) { 4058 u64 offset; 4059 4060 if (prev->type != INSN_NOP) 4061 return -1; 4062 4063 offset = func->offset - prev->offset; 4064 4065 if (offset > opts.prefix) 4066 return -1; 4067 4068 if (offset < opts.prefix) 4069 continue; 4070 4071 elf_create_prefix_symbol(file->elf, func, opts.prefix); 4072 break; 4073 } 4074 4075 if (!prev) 4076 return -1; 4077 4078 if (!insn->cfi) { 4079 /* 4080 * This can happen if stack validation isn't enabled or the 4081 * function is annotated with STACK_FRAME_NON_STANDARD. 4082 */ 4083 return 0; 4084 } 4085 4086 /* Propagate insn->cfi to the prefix code */ 4087 cfi = cfi_hash_find_or_add(insn->cfi); 4088 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4089 prev->cfi = cfi; 4090 4091 return 0; 4092 } 4093 4094 static int add_prefix_symbols(struct objtool_file *file) 4095 { 4096 struct section *sec; 4097 struct symbol *func; 4098 4099 for_each_sec(file, sec) { 4100 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4101 continue; 4102 4103 sec_for_each_sym(sec, func) { 4104 if (func->type != STT_FUNC) 4105 continue; 4106 4107 add_prefix_symbol(file, func); 4108 } 4109 } 4110 4111 return 0; 4112 } 4113 4114 static int validate_symbol(struct objtool_file *file, struct section *sec, 4115 struct symbol *sym, struct insn_state *state) 4116 { 4117 struct instruction *insn; 4118 int ret; 4119 4120 if (!sym->len) { 4121 WARN("%s() is missing an ELF size annotation", sym->name); 4122 return 1; 4123 } 4124 4125 if (sym->pfunc != sym || sym->alias != sym) 4126 return 0; 4127 4128 insn = find_insn(file, sec, sym->offset); 4129 if (!insn || insn->ignore || insn->visited) 4130 return 0; 4131 4132 state->uaccess = sym->uaccess_safe; 4133 4134 ret = validate_branch(file, insn_func(insn), insn, *state); 4135 if (ret) 4136 BT_INSN(insn, "<=== (sym)"); 4137 return ret; 4138 } 4139 4140 static int validate_section(struct objtool_file *file, struct section *sec) 4141 { 4142 struct insn_state state; 4143 struct symbol *func; 4144 int warnings = 0; 4145 4146 sec_for_each_sym(sec, func) { 4147 if (func->type != STT_FUNC) 4148 continue; 4149 4150 init_insn_state(file, &state, sec); 4151 set_func_state(&state.cfi); 4152 4153 warnings += validate_symbol(file, sec, func, &state); 4154 } 4155 4156 return warnings; 4157 } 4158 4159 static int validate_noinstr_sections(struct objtool_file *file) 4160 { 4161 struct section *sec; 4162 int warnings = 0; 4163 4164 sec = find_section_by_name(file->elf, ".noinstr.text"); 4165 if (sec) { 4166 warnings += validate_section(file, sec); 4167 warnings += validate_unwind_hints(file, sec); 4168 } 4169 4170 sec = find_section_by_name(file->elf, ".entry.text"); 4171 if (sec) { 4172 warnings += validate_section(file, sec); 4173 warnings += validate_unwind_hints(file, sec); 4174 } 4175 4176 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4177 if (sec) { 4178 warnings += validate_section(file, sec); 4179 warnings += validate_unwind_hints(file, sec); 4180 } 4181 4182 return warnings; 4183 } 4184 4185 static int validate_functions(struct objtool_file *file) 4186 { 4187 struct section *sec; 4188 int warnings = 0; 4189 4190 for_each_sec(file, sec) { 4191 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4192 continue; 4193 4194 warnings += validate_section(file, sec); 4195 } 4196 4197 return warnings; 4198 } 4199 4200 static void mark_endbr_used(struct instruction *insn) 4201 { 4202 if (!list_empty(&insn->call_node)) 4203 list_del_init(&insn->call_node); 4204 } 4205 4206 static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4207 { 4208 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4209 struct instruction *first; 4210 4211 if (!sym) 4212 return false; 4213 4214 first = find_insn(file, sym->sec, sym->offset); 4215 if (!first) 4216 return false; 4217 4218 if (first->type != INSN_ENDBR && !first->noendbr) 4219 return false; 4220 4221 return insn->offset == sym->offset + sym->len; 4222 } 4223 4224 static int __validate_ibt_insn(struct objtool_file *file, struct instruction *insn, 4225 struct instruction *dest) 4226 { 4227 if (dest->type == INSN_ENDBR) { 4228 mark_endbr_used(dest); 4229 return 0; 4230 } 4231 4232 if (insn_func(dest) && insn_func(insn) && 4233 insn_func(dest)->pfunc == insn_func(insn)->pfunc) { 4234 /* 4235 * Anything from->to self is either _THIS_IP_ or 4236 * IRET-to-self. 4237 * 4238 * There is no sane way to annotate _THIS_IP_ since the 4239 * compiler treats the relocation as a constant and is 4240 * happy to fold in offsets, skewing any annotation we 4241 * do, leading to vast amounts of false-positives. 4242 * 4243 * There's also compiler generated _THIS_IP_ through 4244 * KCOV and such which we have no hope of annotating. 4245 * 4246 * As such, blanket accept self-references without 4247 * issue. 4248 */ 4249 return 0; 4250 } 4251 4252 /* 4253 * Accept anything ANNOTATE_NOENDBR. 4254 */ 4255 if (dest->noendbr) 4256 return 0; 4257 4258 /* 4259 * Accept if this is the instruction after a symbol 4260 * that is (no)endbr -- typical code-range usage. 4261 */ 4262 if (noendbr_range(file, dest)) 4263 return 0; 4264 4265 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4266 return 1; 4267 } 4268 4269 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4270 { 4271 struct instruction *dest; 4272 struct reloc *reloc; 4273 unsigned long off; 4274 int warnings = 0; 4275 4276 /* 4277 * Looking for function pointer load relocations. Ignore 4278 * direct/indirect branches: 4279 */ 4280 switch (insn->type) { 4281 4282 case INSN_CALL: 4283 case INSN_CALL_DYNAMIC: 4284 case INSN_JUMP_CONDITIONAL: 4285 case INSN_JUMP_UNCONDITIONAL: 4286 case INSN_JUMP_DYNAMIC: 4287 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4288 case INSN_RETURN: 4289 case INSN_NOP: 4290 return 0; 4291 4292 case INSN_LEA_RIP: 4293 if (!insn_reloc(file, insn)) { 4294 /* local function pointer reference without reloc */ 4295 4296 off = arch_jump_destination(insn); 4297 4298 dest = find_insn(file, insn->sec, off); 4299 if (!dest) { 4300 WARN_INSN(insn, "corrupt function pointer reference"); 4301 return 1; 4302 } 4303 4304 return __validate_ibt_insn(file, insn, dest); 4305 } 4306 break; 4307 4308 default: 4309 break; 4310 } 4311 4312 for (reloc = insn_reloc(file, insn); 4313 reloc; 4314 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4315 reloc_offset(reloc) + 1, 4316 (insn->offset + insn->len) - (reloc_offset(reloc) + 1))) { 4317 4318 off = reloc->sym->offset; 4319 if (reloc_type(reloc) == R_X86_64_PC32 || 4320 reloc_type(reloc) == R_X86_64_PLT32) 4321 off += arch_dest_reloc_offset(reloc_addend(reloc)); 4322 else 4323 off += reloc_addend(reloc); 4324 4325 dest = find_insn(file, reloc->sym->sec, off); 4326 if (!dest) 4327 continue; 4328 4329 warnings += __validate_ibt_insn(file, insn, dest); 4330 } 4331 4332 return warnings; 4333 } 4334 4335 static int validate_ibt_data_reloc(struct objtool_file *file, 4336 struct reloc *reloc) 4337 { 4338 struct instruction *dest; 4339 4340 dest = find_insn(file, reloc->sym->sec, 4341 reloc->sym->offset + reloc_addend(reloc)); 4342 if (!dest) 4343 return 0; 4344 4345 if (dest->type == INSN_ENDBR) { 4346 mark_endbr_used(dest); 4347 return 0; 4348 } 4349 4350 if (dest->noendbr) 4351 return 0; 4352 4353 WARN_FUNC("data relocation to !ENDBR: %s", 4354 reloc->sec->base, reloc_offset(reloc), 4355 offstr(dest->sec, dest->offset)); 4356 4357 return 1; 4358 } 4359 4360 /* 4361 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4362 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4363 * NOPs) later, in create_ibt_endbr_seal_sections(). 4364 */ 4365 static int validate_ibt(struct objtool_file *file) 4366 { 4367 struct section *sec; 4368 struct reloc *reloc; 4369 struct instruction *insn; 4370 int warnings = 0; 4371 4372 for_each_insn(file, insn) 4373 warnings += validate_ibt_insn(file, insn); 4374 4375 for_each_sec(file, sec) { 4376 4377 /* Already done by validate_ibt_insn() */ 4378 if (sec->sh.sh_flags & SHF_EXECINSTR) 4379 continue; 4380 4381 if (!sec->rsec) 4382 continue; 4383 4384 /* 4385 * These sections can reference text addresses, but not with 4386 * the intent to indirect branch to them. 4387 */ 4388 if ((!strncmp(sec->name, ".discard", 8) && 4389 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4390 !strncmp(sec->name, ".debug", 6) || 4391 !strcmp(sec->name, ".altinstructions") || 4392 !strcmp(sec->name, ".ibt_endbr_seal") || 4393 !strcmp(sec->name, ".orc_unwind_ip") || 4394 !strcmp(sec->name, ".parainstructions") || 4395 !strcmp(sec->name, ".retpoline_sites") || 4396 !strcmp(sec->name, ".smp_locks") || 4397 !strcmp(sec->name, ".static_call_sites") || 4398 !strcmp(sec->name, "_error_injection_whitelist") || 4399 !strcmp(sec->name, "_kprobe_blacklist") || 4400 !strcmp(sec->name, "__bug_table") || 4401 !strcmp(sec->name, "__ex_table") || 4402 !strcmp(sec->name, "__jump_table") || 4403 !strcmp(sec->name, "__mcount_loc") || 4404 !strcmp(sec->name, ".kcfi_traps") || 4405 !strcmp(sec->name, ".llvm.call-graph-profile") || 4406 !strcmp(sec->name, ".llvm_bb_addr_map") || 4407 !strcmp(sec->name, "__tracepoints") || 4408 strstr(sec->name, "__patchable_function_entries")) 4409 continue; 4410 4411 for_each_reloc(sec->rsec, reloc) 4412 warnings += validate_ibt_data_reloc(file, reloc); 4413 } 4414 4415 return warnings; 4416 } 4417 4418 static int validate_sls(struct objtool_file *file) 4419 { 4420 struct instruction *insn, *next_insn; 4421 int warnings = 0; 4422 4423 for_each_insn(file, insn) { 4424 next_insn = next_insn_same_sec(file, insn); 4425 4426 if (insn->retpoline_safe) 4427 continue; 4428 4429 switch (insn->type) { 4430 case INSN_RETURN: 4431 if (!next_insn || next_insn->type != INSN_TRAP) { 4432 WARN_INSN(insn, "missing int3 after ret"); 4433 warnings++; 4434 } 4435 4436 break; 4437 case INSN_JUMP_DYNAMIC: 4438 if (!next_insn || next_insn->type != INSN_TRAP) { 4439 WARN_INSN(insn, "missing int3 after indirect jump"); 4440 warnings++; 4441 } 4442 break; 4443 default: 4444 break; 4445 } 4446 } 4447 4448 return warnings; 4449 } 4450 4451 static bool ignore_noreturn_call(struct instruction *insn) 4452 { 4453 struct symbol *call_dest = insn_call_dest(insn); 4454 4455 /* 4456 * FIXME: hack, we need a real noreturn solution 4457 * 4458 * Problem is, exc_double_fault() may or may not return, depending on 4459 * whether CONFIG_X86_ESPFIX64 is set. But objtool has no visibility 4460 * to the kernel config. 4461 * 4462 * Other potential ways to fix it: 4463 * 4464 * - have compiler communicate __noreturn functions somehow 4465 * - remove CONFIG_X86_ESPFIX64 4466 * - read the .config file 4467 * - add a cmdline option 4468 * - create a generic objtool annotation format (vs a bunch of custom 4469 * formats) and annotate it 4470 */ 4471 if (!strcmp(call_dest->name, "exc_double_fault")) { 4472 /* prevent further unreachable warnings for the caller */ 4473 insn->sym->warned = 1; 4474 return true; 4475 } 4476 4477 return false; 4478 } 4479 4480 static int validate_reachable_instructions(struct objtool_file *file) 4481 { 4482 struct instruction *insn, *prev_insn; 4483 struct symbol *call_dest; 4484 int warnings = 0; 4485 4486 if (file->ignore_unreachables) 4487 return 0; 4488 4489 for_each_insn(file, insn) { 4490 if (insn->visited || ignore_unreachable_insn(file, insn)) 4491 continue; 4492 4493 prev_insn = prev_insn_same_sec(file, insn); 4494 if (prev_insn && prev_insn->dead_end) { 4495 call_dest = insn_call_dest(prev_insn); 4496 if (call_dest && !ignore_noreturn_call(prev_insn)) { 4497 WARN_INSN(insn, "%s() is missing a __noreturn annotation", 4498 call_dest->name); 4499 warnings++; 4500 continue; 4501 } 4502 } 4503 4504 WARN_INSN(insn, "unreachable instruction"); 4505 warnings++; 4506 } 4507 4508 return warnings; 4509 } 4510 4511 /* 'funcs' is a space-separated list of function names */ 4512 static int disas_funcs(const char *funcs) 4513 { 4514 const char *objdump_str, *cross_compile; 4515 int size, ret; 4516 char *cmd; 4517 4518 cross_compile = getenv("CROSS_COMPILE"); 4519 4520 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '" 4521 "BEGIN { split(_funcs, funcs); }" 4522 "/^$/ { func_match = 0; }" 4523 "/<.*>:/ { " 4524 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);" 4525 "for (i in funcs) {" 4526 "if (funcs[i] == f) {" 4527 "func_match = 1;" 4528 "base = strtonum(\"0x\" $1);" 4529 "break;" 4530 "}" 4531 "}" 4532 "}" 4533 "{" 4534 "if (func_match) {" 4535 "addr = strtonum(\"0x\" $1);" 4536 "printf(\"%%04x \", addr - base);" 4537 "print;" 4538 "}" 4539 "}' 1>&2"; 4540 4541 /* fake snprintf() to calculate the size */ 4542 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1; 4543 if (size <= 0) { 4544 WARN("objdump string size calculation failed"); 4545 return -1; 4546 } 4547 4548 cmd = malloc(size); 4549 4550 /* real snprintf() */ 4551 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs); 4552 ret = system(cmd); 4553 if (ret) { 4554 WARN("disassembly failed: %d", ret); 4555 return -1; 4556 } 4557 4558 return 0; 4559 } 4560 4561 static int disas_warned_funcs(struct objtool_file *file) 4562 { 4563 struct symbol *sym; 4564 char *funcs = NULL, *tmp; 4565 4566 for_each_sym(file, sym) { 4567 if (sym->warned) { 4568 if (!funcs) { 4569 funcs = malloc(strlen(sym->name) + 1); 4570 strcpy(funcs, sym->name); 4571 } else { 4572 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2); 4573 sprintf(tmp, "%s %s", funcs, sym->name); 4574 free(funcs); 4575 funcs = tmp; 4576 } 4577 } 4578 } 4579 4580 if (funcs) 4581 disas_funcs(funcs); 4582 4583 return 0; 4584 } 4585 4586 struct insn_chunk { 4587 void *addr; 4588 struct insn_chunk *next; 4589 }; 4590 4591 /* 4592 * Reduce peak RSS usage by freeing insns memory before writing the ELF file, 4593 * which can trigger more allocations for .debug_* sections whose data hasn't 4594 * been read yet. 4595 */ 4596 static void free_insns(struct objtool_file *file) 4597 { 4598 struct instruction *insn; 4599 struct insn_chunk *chunks = NULL, *chunk; 4600 4601 for_each_insn(file, insn) { 4602 if (!insn->idx) { 4603 chunk = malloc(sizeof(*chunk)); 4604 chunk->addr = insn; 4605 chunk->next = chunks; 4606 chunks = chunk; 4607 } 4608 } 4609 4610 for (chunk = chunks; chunk; chunk = chunk->next) 4611 free(chunk->addr); 4612 } 4613 4614 int check(struct objtool_file *file) 4615 { 4616 int ret, warnings = 0; 4617 4618 arch_initial_func_cfi_state(&initial_func_cfi); 4619 init_cfi_state(&init_cfi); 4620 init_cfi_state(&func_cfi); 4621 set_func_state(&func_cfi); 4622 init_cfi_state(&force_undefined_cfi); 4623 force_undefined_cfi.force_undefined = true; 4624 4625 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) 4626 goto out; 4627 4628 cfi_hash_add(&init_cfi); 4629 cfi_hash_add(&func_cfi); 4630 4631 ret = decode_sections(file); 4632 if (ret < 0) 4633 goto out; 4634 4635 warnings += ret; 4636 4637 if (!nr_insns) 4638 goto out; 4639 4640 if (opts.retpoline) { 4641 ret = validate_retpoline(file); 4642 if (ret < 0) 4643 return ret; 4644 warnings += ret; 4645 } 4646 4647 if (opts.stackval || opts.orc || opts.uaccess) { 4648 ret = validate_functions(file); 4649 if (ret < 0) 4650 goto out; 4651 warnings += ret; 4652 4653 ret = validate_unwind_hints(file, NULL); 4654 if (ret < 0) 4655 goto out; 4656 warnings += ret; 4657 4658 if (!warnings) { 4659 ret = validate_reachable_instructions(file); 4660 if (ret < 0) 4661 goto out; 4662 warnings += ret; 4663 } 4664 4665 } else if (opts.noinstr) { 4666 ret = validate_noinstr_sections(file); 4667 if (ret < 0) 4668 goto out; 4669 warnings += ret; 4670 } 4671 4672 if (opts.unret) { 4673 /* 4674 * Must be after validate_branch() and friends, it plays 4675 * further games with insn->visited. 4676 */ 4677 ret = validate_unrets(file); 4678 if (ret < 0) 4679 return ret; 4680 warnings += ret; 4681 } 4682 4683 if (opts.ibt) { 4684 ret = validate_ibt(file); 4685 if (ret < 0) 4686 goto out; 4687 warnings += ret; 4688 } 4689 4690 if (opts.sls) { 4691 ret = validate_sls(file); 4692 if (ret < 0) 4693 goto out; 4694 warnings += ret; 4695 } 4696 4697 if (opts.static_call) { 4698 ret = create_static_call_sections(file); 4699 if (ret < 0) 4700 goto out; 4701 warnings += ret; 4702 } 4703 4704 if (opts.retpoline) { 4705 ret = create_retpoline_sites_sections(file); 4706 if (ret < 0) 4707 goto out; 4708 warnings += ret; 4709 } 4710 4711 if (opts.cfi) { 4712 ret = create_cfi_sections(file); 4713 if (ret < 0) 4714 goto out; 4715 warnings += ret; 4716 } 4717 4718 if (opts.rethunk) { 4719 ret = create_return_sites_sections(file); 4720 if (ret < 0) 4721 goto out; 4722 warnings += ret; 4723 4724 if (opts.hack_skylake) { 4725 ret = create_direct_call_sections(file); 4726 if (ret < 0) 4727 goto out; 4728 warnings += ret; 4729 } 4730 } 4731 4732 if (opts.mcount) { 4733 ret = create_mcount_loc_sections(file); 4734 if (ret < 0) 4735 goto out; 4736 warnings += ret; 4737 } 4738 4739 if (opts.prefix) { 4740 ret = add_prefix_symbols(file); 4741 if (ret < 0) 4742 return ret; 4743 warnings += ret; 4744 } 4745 4746 if (opts.ibt) { 4747 ret = create_ibt_endbr_seal_sections(file); 4748 if (ret < 0) 4749 goto out; 4750 warnings += ret; 4751 } 4752 4753 if (opts.orc && nr_insns) { 4754 ret = orc_create(file); 4755 if (ret < 0) 4756 goto out; 4757 warnings += ret; 4758 } 4759 4760 free_insns(file); 4761 4762 if (opts.verbose) 4763 disas_warned_funcs(file); 4764 4765 if (opts.stats) { 4766 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4767 printf("nr_cfi: %ld\n", nr_cfi); 4768 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4769 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4770 } 4771 4772 out: 4773 /* 4774 * For now, don't fail the kernel build on fatal warnings. These 4775 * errors are still fairly common due to the growing matrix of 4776 * supported toolchains and their recent pace of change. 4777 */ 4778 return 0; 4779 } 4780