xref: /linux/tools/objtool/builtin-check.c (revision 7fc2cd2e4b398c57c9cf961cfea05eadbf34c05c) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
4  */
5 
6 #include <subcmd/parse-options.h>
7 #include <string.h>
8 #include <stdlib.h>
9 #include <fcntl.h>
10 #include <unistd.h>
11 #include <errno.h>
12 #include <sys/stat.h>
13 #include <sys/sendfile.h>
14 #include <objtool/builtin.h>
15 #include <objtool/objtool.h>
16 #include <objtool/warn.h>
17 
18 #define ORIG_SUFFIX ".orig"
19 
20 int orig_argc;
21 static char **orig_argv;
22 const char *objname;
23 struct opts opts;
24 
25 static const char * const check_usage[] = {
26 	"objtool <actions> [<options>] file.o",
27 	NULL,
28 };
29 
30 static const char * const env_usage[] = {
31 	"OBJTOOL_ARGS=\"<options>\"",
32 	NULL,
33 };
34 
35 static int parse_dump(const struct option *opt, const char *str, int unset)
36 {
37 	if (!str || !strcmp(str, "orc")) {
38 		opts.dump_orc = true;
39 		return 0;
40 	}
41 
42 	return -1;
43 }
44 
45 static int parse_hacks(const struct option *opt, const char *str, int unset)
46 {
47 	bool found = false;
48 
49 	/*
50 	 * Use strstr() as a lazy method of checking for comma-separated
51 	 * options.
52 	 *
53 	 * No string provided == enable all options.
54 	 */
55 
56 	if (!str || strstr(str, "jump_label")) {
57 		opts.hack_jump_label = true;
58 		found = true;
59 	}
60 
61 	if (!str || strstr(str, "noinstr")) {
62 		opts.hack_noinstr = true;
63 		found = true;
64 	}
65 
66 	if (!str || strstr(str, "skylake")) {
67 		opts.hack_skylake = true;
68 		found = true;
69 	}
70 
71 	return found ? 0 : -1;
72 }
73 
74 static const struct option check_options[] = {
75 	OPT_GROUP("Actions:"),
76 	OPT_BOOLEAN(0,		 "checksum", &opts.checksum, "generate per-function checksums"),
77 	OPT_BOOLEAN(0,		 "cfi", &opts.cfi, "annotate kernel control flow integrity (kCFI) function preambles"),
78 	OPT_STRING_OPTARG('d',	 "disas", &opts.disas, "function-pattern", "disassemble functions", "*"),
79 	OPT_CALLBACK_OPTARG('h', "hacks", NULL, NULL, "jump_label,noinstr,skylake", "patch toolchain bugs/limitations", parse_hacks),
80 	OPT_BOOLEAN('i',	 "ibt", &opts.ibt, "validate and annotate IBT"),
81 	OPT_BOOLEAN('m',	 "mcount", &opts.mcount, "annotate mcount/fentry calls for ftrace"),
82 	OPT_BOOLEAN(0,		 "noabs", &opts.noabs, "reject absolute references in allocatable sections"),
83 	OPT_BOOLEAN('n',	 "noinstr", &opts.noinstr, "validate noinstr rules"),
84 	OPT_BOOLEAN(0,		 "orc", &opts.orc, "generate ORC metadata"),
85 	OPT_BOOLEAN('r',	 "retpoline", &opts.retpoline, "validate and annotate retpoline usage"),
86 	OPT_BOOLEAN(0,		 "rethunk", &opts.rethunk, "validate and annotate rethunk usage"),
87 	OPT_BOOLEAN(0,		 "unret", &opts.unret, "validate entry unret placement"),
88 	OPT_INTEGER(0,		 "prefix", &opts.prefix, "generate prefix symbols"),
89 	OPT_BOOLEAN('l',	 "sls", &opts.sls, "validate straight-line-speculation mitigations"),
90 	OPT_BOOLEAN('s',	 "stackval", &opts.stackval, "validate frame pointer rules"),
91 	OPT_BOOLEAN('t',	 "static-call", &opts.static_call, "annotate static calls"),
92 	OPT_BOOLEAN('u',	 "uaccess", &opts.uaccess, "validate uaccess rules for SMAP"),
93 	OPT_CALLBACK_OPTARG(0,	 "dump", NULL, NULL, "orc", "dump metadata", parse_dump),
94 
95 	OPT_GROUP("Options:"),
96 	OPT_BOOLEAN(0,		 "backtrace", &opts.backtrace, "unwind on error"),
97 	OPT_BOOLEAN(0,		 "backup", &opts.backup, "create backup (.orig) file on warning/error"),
98 	OPT_STRING(0,		 "debug-checksum", &opts.debug_checksum,  "funcs", "enable checksum debug output"),
99 	OPT_BOOLEAN(0,		 "dry-run", &opts.dryrun, "don't write modifications"),
100 	OPT_BOOLEAN(0,		 "link", &opts.link, "object is a linked object"),
101 	OPT_BOOLEAN(0,		 "module", &opts.module, "object is part of a kernel module"),
102 	OPT_BOOLEAN(0,		 "mnop", &opts.mnop, "nop out mcount call sites"),
103 	OPT_BOOLEAN(0,		 "no-unreachable", &opts.no_unreachable, "skip 'unreachable instruction' warnings"),
104 	OPT_STRING('o',		 "output", &opts.output, "file", "output file name"),
105 	OPT_BOOLEAN(0,		 "sec-address", &opts.sec_address, "print section addresses in warnings"),
106 	OPT_BOOLEAN(0,		 "stats", &opts.stats, "print statistics"),
107 	OPT_STRING(0,		 "trace", &opts.trace, "func", "trace function validation"),
108 	OPT_BOOLEAN('v',	 "verbose", &opts.verbose, "verbose warnings"),
109 	OPT_BOOLEAN(0,		 "werror", &opts.werror, "return error on warnings"),
110 	OPT_BOOLEAN(0,		 "wide", &opts.wide, "wide output"),
111 
112 	OPT_END(),
113 };
114 
115 int cmd_parse_options(int argc, const char **argv, const char * const usage[])
116 {
117 	const char *envv[16] = { };
118 	char *env;
119 	int envc;
120 
121 	env = getenv("OBJTOOL_ARGS");
122 	if (env) {
123 		envv[0] = "OBJTOOL_ARGS";
124 		for (envc = 1; envc < ARRAY_SIZE(envv); ) {
125 			envv[envc++] = env;
126 			env = strchr(env, ' ');
127 			if (!env)
128 				break;
129 			*env = '\0';
130 			env++;
131 		}
132 
133 		parse_options(envc, envv, check_options, env_usage, 0);
134 	}
135 
136 	env = getenv("OBJTOOL_VERBOSE");
137 	if (env && !strcmp(env, "1"))
138 		opts.verbose = true;
139 
140 	argc = parse_options(argc, argv, check_options, usage, 0);
141 	if (argc != 1)
142 		usage_with_options(usage, check_options);
143 	return argc;
144 }
145 
146 static bool opts_valid(void)
147 {
148 	if (opts.mnop && !opts.mcount) {
149 		ERROR("--mnop requires --mcount");
150 		return false;
151 	}
152 
153 	if (opts.noinstr && !opts.link) {
154 		ERROR("--noinstr requires --link");
155 		return false;
156 	}
157 
158 	if (opts.ibt && !opts.link) {
159 		ERROR("--ibt requires --link");
160 		return false;
161 	}
162 
163 	if (opts.unret && !opts.link) {
164 		ERROR("--unret requires --link");
165 		return false;
166 	}
167 
168 #ifndef BUILD_KLP
169 	if (opts.checksum) {
170 		ERROR("--checksum not supported; install xxhash-devel/libxxhash-dev (version >= 0.8) and recompile");
171 		return false;
172 	}
173 #endif
174 
175 	if (opts.debug_checksum && !opts.checksum) {
176 		ERROR("--debug-checksum requires --checksum");
177 		return false;
178 	}
179 
180 	if (opts.checksum		||
181 	    opts.disas			||
182 	    opts.hack_jump_label	||
183 	    opts.hack_noinstr		||
184 	    opts.ibt			||
185 	    opts.mcount			||
186 	    opts.noabs			||
187 	    opts.noinstr		||
188 	    opts.orc			||
189 	    opts.retpoline		||
190 	    opts.rethunk		||
191 	    opts.sls			||
192 	    opts.stackval		||
193 	    opts.static_call		||
194 	    opts.uaccess) {
195 		if (opts.dump_orc) {
196 			ERROR("--dump can't be combined with other actions");
197 			return false;
198 		}
199 
200 		return true;
201 	}
202 
203 	if (opts.dump_orc)
204 		return true;
205 
206 	ERROR("At least one action required");
207 	return false;
208 }
209 
210 static int copy_file(const char *src, const char *dst)
211 {
212 	size_t to_copy, copied;
213 	int dst_fd, src_fd;
214 	struct stat stat;
215 	off_t offset = 0;
216 
217 	src_fd = open(src, O_RDONLY);
218 	if (src_fd == -1) {
219 		ERROR("can't open %s for reading: %s", src, strerror(errno));
220 		return 1;
221 	}
222 
223 	dst_fd = open(dst, O_WRONLY | O_CREAT | O_TRUNC, 0400);
224 	if (dst_fd == -1) {
225 		ERROR("can't open %s for writing: %s", dst, strerror(errno));
226 		return 1;
227 	}
228 
229 	if (fstat(src_fd, &stat) == -1) {
230 		ERROR_GLIBC("fstat");
231 		return 1;
232 	}
233 
234 	if (fchmod(dst_fd, stat.st_mode) == -1) {
235 		ERROR_GLIBC("fchmod");
236 		return 1;
237 	}
238 
239 	for (to_copy = stat.st_size; to_copy > 0; to_copy -= copied) {
240 		copied = sendfile(dst_fd, src_fd, &offset, to_copy);
241 		if (copied == -1) {
242 			ERROR_GLIBC("sendfile");
243 			return 1;
244 		}
245 	}
246 
247 	close(dst_fd);
248 	close(src_fd);
249 	return 0;
250 }
251 
252 static void save_argv(int argc, const char **argv)
253 {
254 	orig_argv = calloc(argc, sizeof(char *));
255 	if (!orig_argv) {
256 		ERROR_GLIBC("calloc");
257 		exit(1);
258 	}
259 
260 	for (int i = 0; i < argc; i++) {
261 		orig_argv[i] = strdup(argv[i]);
262 		if (!orig_argv[i]) {
263 			ERROR_GLIBC("strdup(%s)", argv[i]);
264 			exit(1);
265 		}
266 	}
267 }
268 
269 int make_backup(void)
270 {
271 	char *backup;
272 
273 	/*
274 	 * Make a backup before kbuild deletes the file so the error
275 	 * can be recreated without recompiling or relinking.
276 	 */
277 	backup = malloc(strlen(objname) + strlen(ORIG_SUFFIX) + 1);
278 	if (!backup) {
279 		ERROR_GLIBC("malloc");
280 		return 1;
281 	}
282 
283 	strcpy(backup, objname);
284 	strcat(backup, ORIG_SUFFIX);
285 	if (copy_file(objname, backup))
286 		return 1;
287 
288 	/*
289 	 * Print the cmdline args to make it easier to recreate.
290 	 */
291 
292 	fprintf(stderr, "%s", orig_argv[0]);
293 
294 	for (int i = 1; i < orig_argc; i++) {
295 		char *arg = orig_argv[i];
296 
297 		/* Modify the printed args to use the backup */
298 		if (!opts.output && !strcmp(arg, objname))
299 			fprintf(stderr, " %s -o %s", backup, objname);
300 		else
301 			fprintf(stderr, " %s", arg);
302 	}
303 
304 	fprintf(stderr, "\n");
305 	return 0;
306 }
307 
308 int objtool_run(int argc, const char **argv)
309 {
310 	struct objtool_file *file;
311 	int ret = 0;
312 
313 	orig_argc = argc;
314 	save_argv(argc, argv);
315 
316 	cmd_parse_options(argc, argv, check_usage);
317 
318 	if (!opts_valid())
319 		return 1;
320 
321 	objname = argv[0];
322 
323 	if (opts.dump_orc)
324 		return orc_dump(objname);
325 
326 	if (!opts.dryrun && opts.output) {
327 		/* copy original .o file to output file */
328 		if (copy_file(objname, opts.output))
329 			return 1;
330 
331 		/* from here on, work directly on the output file */
332 		objname = opts.output;
333 	}
334 
335 	file = objtool_open_read(objname);
336 	if (!file)
337 		return 1;
338 
339 	if (!opts.link && has_multiple_files(file->elf)) {
340 		ERROR("Linked object requires --link");
341 		return 1;
342 	}
343 
344 	ret = check(file);
345 	if (ret)
346 		return ret;
347 
348 	if (!opts.dryrun && file->elf->changed && elf_write(file->elf))
349 		return 1;
350 
351 	return elf_close(file->elf);
352 }
353