xref: /linux/tools/objtool/arch/x86/special.c (revision 7fc2cd2e4b398c57c9cf961cfea05eadbf34c05c) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 #include <string.h>
3 
4 #include <objtool/special.h>
5 #include <objtool/builtin.h>
6 #include <objtool/warn.h>
7 #include <asm/cpufeatures.h>
8 
9 /* cpu feature name array generated from cpufeatures.h */
10 #include "cpu-feature-names.c"
11 
12 void arch_handle_alternative(struct special_alt *alt)
13 {
14 	static struct special_alt *group, *prev;
15 
16 	/*
17 	 * Recompute orig_len for nested ALTERNATIVE()s.
18 	 */
19 	if (group && group->orig_sec == alt->orig_sec &&
20 	             group->orig_off == alt->orig_off) {
21 
22 		struct special_alt *iter = group;
23 		for (;;) {
24 			unsigned int len = max(iter->orig_len, alt->orig_len);
25 			iter->orig_len = alt->orig_len = len;
26 
27 			if (iter == prev)
28 				break;
29 
30 			iter = list_next_entry(iter, list);
31 		}
32 
33 	} else group = alt;
34 
35 	prev = alt;
36 }
37 
38 bool arch_support_alt_relocation(struct special_alt *special_alt,
39 				 struct instruction *insn,
40 				 struct reloc *reloc)
41 {
42 	return true;
43 }
44 
45 /*
46  * There are 3 basic jump table patterns:
47  *
48  * 1. jmpq *[rodata addr](,%reg,8)
49  *
50  *    This is the most common case by far.  It jumps to an address in a simple
51  *    jump table which is stored in .rodata.
52  *
53  * 2. jmpq *[rodata addr](%rip)
54  *
55  *    This is caused by a rare GCC quirk, currently only seen in three driver
56  *    functions in the kernel, only with certain obscure non-distro configs.
57  *
58  *    As part of an optimization, GCC makes a copy of an existing switch jump
59  *    table, modifies it, and then hard-codes the jump (albeit with an indirect
60  *    jump) to use a single entry in the table.  The rest of the jump table and
61  *    some of its jump targets remain as dead code.
62  *
63  *    In such a case we can just crudely ignore all unreachable instruction
64  *    warnings for the entire object file.  Ideally we would just ignore them
65  *    for the function, but that would require redesigning the code quite a
66  *    bit.  And honestly that's just not worth doing: unreachable instruction
67  *    warnings are of questionable value anyway, and this is such a rare issue.
68  *
69  * 3. mov [rodata addr],%reg1
70  *    ... some instructions ...
71  *    jmpq *(%reg1,%reg2,8)
72  *
73  *    This is a fairly uncommon pattern which is new for GCC 6.  As of this
74  *    writing, there are 11 occurrences of it in the allmodconfig kernel.
75  *
76  *    As of GCC 7 there are quite a few more of these and the 'in between' code
77  *    is significant. Esp. with KASAN enabled some of the code between the mov
78  *    and jmpq uses .rodata itself, which can confuse things.
79  *
80  *    TODO: Once we have DWARF CFI and smarter instruction decoding logic,
81  *    ensure the same register is used in the mov and jump instructions.
82  *
83  *    NOTE: MITIGATION_RETPOLINE made it harder still to decode dynamic jumps.
84  */
85 struct reloc *arch_find_switch_table(struct objtool_file *file,
86 				     struct instruction *insn,
87 				     unsigned long *table_size)
88 {
89 	struct reloc  *text_reloc, *rodata_reloc;
90 	struct section *table_sec;
91 	unsigned long table_offset;
92 
93 	/* look for a relocation which references .rodata */
94 	text_reloc = find_reloc_by_dest_range(file->elf, insn->sec,
95 					      insn->offset, insn->len);
96 	if (!text_reloc || !is_sec_sym(text_reloc->sym) ||
97 	    !text_reloc->sym->sec->rodata)
98 		return NULL;
99 
100 	table_offset = reloc_addend(text_reloc);
101 	table_sec = text_reloc->sym->sec;
102 
103 	if (reloc_type(text_reloc) == R_X86_64_PC32)
104 		table_offset += 4;
105 
106 	/*
107 	 * Make sure the .rodata address isn't associated with a
108 	 * symbol.  GCC jump tables are anonymous data.
109 	 *
110 	 * Also support C jump tables which are in the same format as
111 	 * switch jump tables.  For objtool to recognize them, they
112 	 * need to be placed in the C_JUMP_TABLE_SECTION section.  They
113 	 * have symbols associated with them.
114 	 */
115 	if (find_symbol_containing(table_sec, table_offset) &&
116 	    strcmp(table_sec->name, C_JUMP_TABLE_SECTION))
117 		return NULL;
118 
119 	/*
120 	 * Each table entry has a rela associated with it.  The rela
121 	 * should reference text in the same function as the original
122 	 * instruction.
123 	 */
124 	rodata_reloc = find_reloc_by_dest(file->elf, table_sec, table_offset);
125 	if (!rodata_reloc)
126 		return NULL;
127 
128 	/*
129 	 * Use of RIP-relative switch jumps is quite rare, and
130 	 * indicates a rare GCC quirk/bug which can leave dead
131 	 * code behind.
132 	 */
133 	if (!file->ignore_unreachables && reloc_type(text_reloc) == R_X86_64_PC32) {
134 		WARN_INSN(insn, "ignoring unreachables due to jump table quirk");
135 		file->ignore_unreachables = true;
136 	}
137 
138 	*table_size = 0;
139 	return rodata_reloc;
140 }
141 
142 const char *arch_cpu_feature_name(int feature_number)
143 {
144 	return (feature_number < ARRAY_SIZE(cpu_feature_names)) ?
145 		cpu_feature_names[feature_number] : NULL;
146 }
147