1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Copyright (C) 2001 Rusty Russell. 5 * Copyright (C) 2003, 2004 Ralf Baechle (ralf@linux-mips.org) 6 * Copyright (C) 2005 Thiemo Seufer 7 */ 8 9 #undef DEBUG 10 11 #include <linux/extable.h> 12 #include <linux/moduleloader.h> 13 #include <linux/elf.h> 14 #include <linux/mm.h> 15 #include <linux/numa.h> 16 #include <linux/slab.h> 17 #include <linux/fs.h> 18 #include <linux/string.h> 19 #include <linux/kernel.h> 20 #include <linux/spinlock.h> 21 #include <linux/jump_label.h> 22 #include <asm/jump_label.h> 23 24 struct mips_hi16 { 25 struct mips_hi16 *next; 26 Elf_Addr *addr; 27 Elf_Addr value; 28 }; 29 30 static LIST_HEAD(dbe_list); 31 static DEFINE_SPINLOCK(dbe_lock); 32 33 static void apply_r_mips_32(u32 *location, u32 base, Elf_Addr v) 34 { 35 *location = base + v; 36 } 37 38 static int apply_r_mips_26(struct module *me, u32 *location, u32 base, 39 Elf_Addr v) 40 { 41 if (v % 4) { 42 pr_err("module %s: dangerous R_MIPS_26 relocation\n", 43 me->name); 44 return -ENOEXEC; 45 } 46 47 if ((v & 0xf0000000) != (((unsigned long)location + 4) & 0xf0000000)) { 48 pr_err("module %s: relocation overflow\n", 49 me->name); 50 return -ENOEXEC; 51 } 52 53 *location = (*location & ~0x03ffffff) | 54 ((base + (v >> 2)) & 0x03ffffff); 55 56 return 0; 57 } 58 59 static int apply_r_mips_hi16(struct module *me, u32 *location, Elf_Addr v, 60 bool rela) 61 { 62 struct mips_hi16 *n; 63 64 if (rela) { 65 *location = (*location & 0xffff0000) | 66 ((((long long) v + 0x8000LL) >> 16) & 0xffff); 67 return 0; 68 } 69 70 /* 71 * We cannot relocate this one now because we don't know the value of 72 * the carry we need to add. Save the information, and let LO16 do the 73 * actual relocation. 74 */ 75 n = kmalloc(sizeof *n, GFP_KERNEL); 76 if (!n) 77 return -ENOMEM; 78 79 n->addr = (Elf_Addr *)location; 80 n->value = v; 81 n->next = me->arch.r_mips_hi16_list; 82 me->arch.r_mips_hi16_list = n; 83 84 return 0; 85 } 86 87 static void free_relocation_chain(struct mips_hi16 *l) 88 { 89 struct mips_hi16 *next; 90 91 while (l) { 92 next = l->next; 93 kfree(l); 94 l = next; 95 } 96 } 97 98 static int apply_r_mips_lo16(struct module *me, u32 *location, 99 u32 base, Elf_Addr v, bool rela) 100 { 101 unsigned long insnlo = base; 102 struct mips_hi16 *l; 103 Elf_Addr val, vallo; 104 105 if (rela) { 106 *location = (*location & 0xffff0000) | (v & 0xffff); 107 return 0; 108 } 109 110 /* Sign extend the addend we extract from the lo insn. */ 111 vallo = ((insnlo & 0xffff) ^ 0x8000) - 0x8000; 112 113 if (me->arch.r_mips_hi16_list != NULL) { 114 l = me->arch.r_mips_hi16_list; 115 while (l != NULL) { 116 struct mips_hi16 *next; 117 unsigned long insn; 118 119 /* 120 * The value for the HI16 had best be the same. 121 */ 122 if (v != l->value) 123 goto out_danger; 124 125 /* 126 * Do the HI16 relocation. Note that we actually don't 127 * need to know anything about the LO16 itself, except 128 * where to find the low 16 bits of the addend needed 129 * by the LO16. 130 */ 131 insn = *l->addr; 132 val = ((insn & 0xffff) << 16) + vallo; 133 val += v; 134 135 /* 136 * Account for the sign extension that will happen in 137 * the low bits. 138 */ 139 val = ((val >> 16) + ((val & 0x8000) != 0)) & 0xffff; 140 141 insn = (insn & ~0xffff) | val; 142 *l->addr = insn; 143 144 next = l->next; 145 kfree(l); 146 l = next; 147 } 148 149 me->arch.r_mips_hi16_list = NULL; 150 } 151 152 /* 153 * Ok, we're done with the HI16 relocs. Now deal with the LO16. 154 */ 155 val = v + vallo; 156 insnlo = (insnlo & ~0xffff) | (val & 0xffff); 157 *location = insnlo; 158 159 return 0; 160 161 out_danger: 162 free_relocation_chain(l); 163 me->arch.r_mips_hi16_list = NULL; 164 165 pr_err("module %s: dangerous R_MIPS_LO16 relocation\n", me->name); 166 167 return -ENOEXEC; 168 } 169 170 static int apply_r_mips_pc(struct module *me, u32 *location, u32 base, 171 Elf_Addr v, unsigned int bits) 172 { 173 unsigned long mask = GENMASK(bits - 1, 0); 174 unsigned long se_bits; 175 long offset; 176 177 if (v % 4) { 178 pr_err("module %s: dangerous R_MIPS_PC%u relocation\n", 179 me->name, bits); 180 return -ENOEXEC; 181 } 182 183 /* retrieve & sign extend implicit addend if any */ 184 offset = base & mask; 185 offset |= (offset & BIT(bits - 1)) ? ~mask : 0; 186 187 offset += ((long)v - (long)location) >> 2; 188 189 /* check the sign bit onwards are identical - ie. we didn't overflow */ 190 se_bits = (offset & BIT(bits - 1)) ? ~0ul : 0; 191 if ((offset & ~mask) != (se_bits & ~mask)) { 192 pr_err("module %s: relocation overflow\n", me->name); 193 return -ENOEXEC; 194 } 195 196 *location = (*location & ~mask) | (offset & mask); 197 198 return 0; 199 } 200 201 static int apply_r_mips_pc16(struct module *me, u32 *location, u32 base, 202 Elf_Addr v) 203 { 204 return apply_r_mips_pc(me, location, base, v, 16); 205 } 206 207 static int apply_r_mips_pc21(struct module *me, u32 *location, u32 base, 208 Elf_Addr v) 209 { 210 return apply_r_mips_pc(me, location, base, v, 21); 211 } 212 213 static int apply_r_mips_pc26(struct module *me, u32 *location, u32 base, 214 Elf_Addr v) 215 { 216 return apply_r_mips_pc(me, location, base, v, 26); 217 } 218 219 static int apply_r_mips_64(u32 *location, Elf_Addr v, bool rela) 220 { 221 if (WARN_ON(!rela)) 222 return -EINVAL; 223 224 *(Elf_Addr *)location = v; 225 226 return 0; 227 } 228 229 static int apply_r_mips_higher(u32 *location, Elf_Addr v, bool rela) 230 { 231 if (WARN_ON(!rela)) 232 return -EINVAL; 233 234 *location = (*location & 0xffff0000) | 235 ((((long long)v + 0x80008000LL) >> 32) & 0xffff); 236 237 return 0; 238 } 239 240 static int apply_r_mips_highest(u32 *location, Elf_Addr v, bool rela) 241 { 242 if (WARN_ON(!rela)) 243 return -EINVAL; 244 245 *location = (*location & 0xffff0000) | 246 ((((long long)v + 0x800080008000LL) >> 48) & 0xffff); 247 248 return 0; 249 } 250 251 /** 252 * reloc_handler() - Apply a particular relocation to a module 253 * @type: type of the relocation to apply 254 * @me: the module to apply the reloc to 255 * @location: the address at which the reloc is to be applied 256 * @base: the existing value at location for REL-style; 0 for RELA-style 257 * @v: the value of the reloc, with addend for RELA-style 258 * @rela: indication of is this a RELA (true) or REL (false) relocation 259 * 260 * Each implemented relocation function applies a particular type of 261 * relocation to the module @me. Relocs that may be found in either REL or RELA 262 * variants can be handled by making use of the @base & @v parameters which are 263 * set to values which abstract the difference away from the particular reloc 264 * implementations. 265 * 266 * Return: 0 upon success, else -ERRNO 267 */ 268 static int reloc_handler(u32 type, struct module *me, u32 *location, u32 base, 269 Elf_Addr v, bool rela) 270 { 271 switch (type) { 272 case R_MIPS_NONE: 273 break; 274 case R_MIPS_32: 275 apply_r_mips_32(location, base, v); 276 break; 277 case R_MIPS_26: 278 return apply_r_mips_26(me, location, base, v); 279 case R_MIPS_HI16: 280 return apply_r_mips_hi16(me, location, v, rela); 281 case R_MIPS_LO16: 282 return apply_r_mips_lo16(me, location, base, v, rela); 283 case R_MIPS_PC16: 284 return apply_r_mips_pc16(me, location, base, v); 285 case R_MIPS_PC21_S2: 286 return apply_r_mips_pc21(me, location, base, v); 287 case R_MIPS_PC26_S2: 288 return apply_r_mips_pc26(me, location, base, v); 289 case R_MIPS_64: 290 return apply_r_mips_64(location, v, rela); 291 case R_MIPS_HIGHER: 292 return apply_r_mips_higher(location, v, rela); 293 case R_MIPS_HIGHEST: 294 return apply_r_mips_highest(location, v, rela); 295 default: 296 pr_err("%s: Unknown relocation type %u\n", me->name, type); 297 return -EINVAL; 298 } 299 300 return 0; 301 } 302 303 static int __apply_relocate(Elf_Shdr *sechdrs, const char *strtab, 304 unsigned int symindex, unsigned int relsec, 305 struct module *me, bool rela) 306 { 307 union { 308 Elf_Mips_Rel *rel; 309 Elf_Mips_Rela *rela; 310 } r; 311 Elf_Sym *sym; 312 u32 *location, base; 313 unsigned int i, type; 314 Elf_Addr v; 315 int err = 0; 316 size_t reloc_sz; 317 318 pr_debug("Applying relocate section %u to %u\n", relsec, 319 sechdrs[relsec].sh_info); 320 321 r.rel = (void *)sechdrs[relsec].sh_addr; 322 reloc_sz = rela ? sizeof(*r.rela) : sizeof(*r.rel); 323 me->arch.r_mips_hi16_list = NULL; 324 for (i = 0; i < sechdrs[relsec].sh_size / reloc_sz; i++) { 325 /* This is where to make the change */ 326 location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr 327 + r.rel->r_offset; 328 /* This is the symbol it is referring to */ 329 sym = (Elf_Sym *)sechdrs[symindex].sh_addr 330 + ELF_MIPS_R_SYM(*r.rel); 331 if (sym->st_value >= -MAX_ERRNO) { 332 /* Ignore unresolved weak symbol */ 333 if (ELF_ST_BIND(sym->st_info) == STB_WEAK) 334 continue; 335 pr_warn("%s: Unknown symbol %s\n", 336 me->name, strtab + sym->st_name); 337 err = -ENOENT; 338 goto out; 339 } 340 341 type = ELF_MIPS_R_TYPE(*r.rel); 342 343 if (rela) { 344 v = sym->st_value + r.rela->r_addend; 345 base = 0; 346 r.rela = &r.rela[1]; 347 } else { 348 v = sym->st_value; 349 base = *location; 350 r.rel = &r.rel[1]; 351 } 352 353 err = reloc_handler(type, me, location, base, v, rela); 354 if (err) 355 goto out; 356 } 357 358 out: 359 /* 360 * Normally the hi16 list should be deallocated at this point. A 361 * malformed binary however could contain a series of R_MIPS_HI16 362 * relocations not followed by a R_MIPS_LO16 relocation, or if we hit 363 * an error processing a reloc we might have gotten here before 364 * reaching the R_MIPS_LO16. In either case, free up the list and 365 * return an error. 366 */ 367 if (me->arch.r_mips_hi16_list) { 368 free_relocation_chain(me->arch.r_mips_hi16_list); 369 me->arch.r_mips_hi16_list = NULL; 370 err = err ?: -ENOEXEC; 371 } 372 373 return err; 374 } 375 376 int apply_relocate(Elf_Shdr *sechdrs, const char *strtab, 377 unsigned int symindex, unsigned int relsec, 378 struct module *me) 379 { 380 return __apply_relocate(sechdrs, strtab, symindex, relsec, me, false); 381 } 382 383 #ifdef CONFIG_MODULES_USE_ELF_RELA 384 int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab, 385 unsigned int symindex, unsigned int relsec, 386 struct module *me) 387 { 388 return __apply_relocate(sechdrs, strtab, symindex, relsec, me, true); 389 } 390 #endif /* CONFIG_MODULES_USE_ELF_RELA */ 391 392 /* Given an address, look for it in the module exception tables. */ 393 const struct exception_table_entry *search_module_dbetables(unsigned long addr) 394 { 395 unsigned long flags; 396 const struct exception_table_entry *e = NULL; 397 struct mod_arch_specific *dbe; 398 399 spin_lock_irqsave(&dbe_lock, flags); 400 list_for_each_entry(dbe, &dbe_list, dbe_list) { 401 e = search_extable(dbe->dbe_start, 402 dbe->dbe_end - dbe->dbe_start, addr); 403 if (e) 404 break; 405 } 406 spin_unlock_irqrestore(&dbe_lock, flags); 407 408 /* Now, if we found one, we are running inside it now, hence 409 we cannot unload the module, hence no refcnt needed. */ 410 return e; 411 } 412 413 /* Put in dbe list if necessary. */ 414 int module_finalize(const Elf_Ehdr *hdr, 415 const Elf_Shdr *sechdrs, 416 struct module *me) 417 { 418 const Elf_Shdr *s; 419 char *secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset; 420 421 if (IS_ENABLED(CONFIG_JUMP_LABEL)) 422 jump_label_apply_nops(me); 423 424 INIT_LIST_HEAD(&me->arch.dbe_list); 425 for (s = sechdrs; s < sechdrs + hdr->e_shnum; s++) { 426 if (strcmp("__dbe_table", secstrings + s->sh_name) != 0) 427 continue; 428 me->arch.dbe_start = (void *)s->sh_addr; 429 me->arch.dbe_end = (void *)s->sh_addr + s->sh_size; 430 spin_lock_irq(&dbe_lock); 431 list_add(&me->arch.dbe_list, &dbe_list); 432 spin_unlock_irq(&dbe_lock); 433 } 434 return 0; 435 } 436 437 void module_arch_cleanup(struct module *mod) 438 { 439 spin_lock_irq(&dbe_lock); 440 list_del(&mod->arch.dbe_list); 441 spin_unlock_irq(&dbe_lock); 442 } 443