1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 #include <inttypes.h> 9 #include <sys/mman.h> 10 11 #include <objtool/builtin.h> 12 #include <objtool/cfi.h> 13 #include <objtool/arch.h> 14 #include <objtool/check.h> 15 #include <objtool/special.h> 16 #include <objtool/warn.h> 17 #include <objtool/endianness.h> 18 19 #include <linux/objtool_types.h> 20 #include <linux/hashtable.h> 21 #include <linux/kernel.h> 22 #include <linux/static_call_types.h> 23 #include <linux/string.h> 24 25 struct alternative { 26 struct alternative *next; 27 struct instruction *insn; 28 }; 29 30 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 31 32 static struct cfi_init_state initial_func_cfi; 33 static struct cfi_state init_cfi; 34 static struct cfi_state func_cfi; 35 static struct cfi_state force_undefined_cfi; 36 37 struct instruction *find_insn(struct objtool_file *file, 38 struct section *sec, unsigned long offset) 39 { 40 struct instruction *insn; 41 42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 43 if (insn->sec == sec && insn->offset == offset) 44 return insn; 45 } 46 47 return NULL; 48 } 49 50 struct instruction *next_insn_same_sec(struct objtool_file *file, 51 struct instruction *insn) 52 { 53 if (insn->idx == INSN_CHUNK_MAX) 54 return find_insn(file, insn->sec, insn->offset + insn->len); 55 56 insn++; 57 if (!insn->len) 58 return NULL; 59 60 return insn; 61 } 62 63 static struct instruction *next_insn_same_func(struct objtool_file *file, 64 struct instruction *insn) 65 { 66 struct instruction *next = next_insn_same_sec(file, insn); 67 struct symbol *func = insn_func(insn); 68 69 if (!func) 70 return NULL; 71 72 if (next && insn_func(next) == func) 73 return next; 74 75 /* Check if we're already in the subfunction: */ 76 if (func == func->cfunc) 77 return NULL; 78 79 /* Move to the subfunction: */ 80 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 81 } 82 83 static struct instruction *prev_insn_same_sec(struct objtool_file *file, 84 struct instruction *insn) 85 { 86 if (insn->idx == 0) { 87 if (insn->prev_len) 88 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 89 return NULL; 90 } 91 92 return insn - 1; 93 } 94 95 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 96 struct instruction *insn) 97 { 98 struct instruction *prev = prev_insn_same_sec(file, insn); 99 100 if (prev && insn_func(prev) == insn_func(insn)) 101 return prev; 102 103 return NULL; 104 } 105 106 #define for_each_insn(file, insn) \ 107 for (struct section *__sec, *__fake = (struct section *)1; \ 108 __fake; __fake = NULL) \ 109 for_each_sec(file, __sec) \ 110 sec_for_each_insn(file, __sec, insn) 111 112 #define func_for_each_insn(file, func, insn) \ 113 for (insn = find_insn(file, func->sec, func->offset); \ 114 insn; \ 115 insn = next_insn_same_func(file, insn)) 116 117 #define sym_for_each_insn(file, sym, insn) \ 118 for (insn = find_insn(file, sym->sec, sym->offset); \ 119 insn && insn->offset < sym->offset + sym->len; \ 120 insn = next_insn_same_sec(file, insn)) 121 122 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 123 for (insn = prev_insn_same_sec(file, insn); \ 124 insn && insn->offset >= sym->offset; \ 125 insn = prev_insn_same_sec(file, insn)) 126 127 #define sec_for_each_insn_from(file, insn) \ 128 for (; insn; insn = next_insn_same_sec(file, insn)) 129 130 #define sec_for_each_insn_continue(file, insn) \ 131 for (insn = next_insn_same_sec(file, insn); insn; \ 132 insn = next_insn_same_sec(file, insn)) 133 134 static inline struct symbol *insn_call_dest(struct instruction *insn) 135 { 136 if (insn->type == INSN_JUMP_DYNAMIC || 137 insn->type == INSN_CALL_DYNAMIC) 138 return NULL; 139 140 return insn->_call_dest; 141 } 142 143 static inline struct reloc *insn_jump_table(struct instruction *insn) 144 { 145 if (insn->type == INSN_JUMP_DYNAMIC || 146 insn->type == INSN_CALL_DYNAMIC) 147 return insn->_jump_table; 148 149 return NULL; 150 } 151 152 static inline unsigned long insn_jump_table_size(struct instruction *insn) 153 { 154 if (insn->type == INSN_JUMP_DYNAMIC || 155 insn->type == INSN_CALL_DYNAMIC) 156 return insn->_jump_table_size; 157 158 return 0; 159 } 160 161 static bool is_jump_table_jump(struct instruction *insn) 162 { 163 struct alt_group *alt_group = insn->alt_group; 164 165 if (insn_jump_table(insn)) 166 return true; 167 168 /* Retpoline alternative for a jump table? */ 169 return alt_group && alt_group->orig_group && 170 insn_jump_table(alt_group->orig_group->first_insn); 171 } 172 173 static bool is_sibling_call(struct instruction *insn) 174 { 175 /* 176 * Assume only STT_FUNC calls have jump-tables. 177 */ 178 if (insn_func(insn)) { 179 /* An indirect jump is either a sibling call or a jump to a table. */ 180 if (insn->type == INSN_JUMP_DYNAMIC) 181 return !is_jump_table_jump(insn); 182 } 183 184 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 185 return (is_static_jump(insn) && insn_call_dest(insn)); 186 } 187 188 /* 189 * Checks if a string ends with another. 190 */ 191 static bool str_ends_with(const char *s, const char *sub) 192 { 193 const int slen = strlen(s); 194 const int sublen = strlen(sub); 195 196 if (sublen > slen) 197 return 0; 198 199 return !memcmp(s + slen - sublen, sub, sublen); 200 } 201 202 /* 203 * Checks if a function is a Rust "noreturn" one. 204 */ 205 static bool is_rust_noreturn(const struct symbol *func) 206 { 207 /* 208 * If it does not start with "_R", then it is not a Rust symbol. 209 */ 210 if (strncmp(func->name, "_R", 2)) 211 return false; 212 213 /* 214 * These are just heuristics -- we do not control the precise symbol 215 * name, due to the crate disambiguators (which depend on the compiler) 216 * as well as changes to the source code itself between versions (since 217 * these come from the Rust standard library). 218 */ 219 return str_ends_with(func->name, "_4core5sliceSp15copy_from_slice17len_mismatch_fail") || 220 str_ends_with(func->name, "_4core6option13unwrap_failed") || 221 str_ends_with(func->name, "_4core6result13unwrap_failed") || 222 str_ends_with(func->name, "_4core9panicking5panic") || 223 str_ends_with(func->name, "_4core9panicking9panic_fmt") || 224 str_ends_with(func->name, "_4core9panicking14panic_explicit") || 225 str_ends_with(func->name, "_4core9panicking14panic_nounwind") || 226 str_ends_with(func->name, "_4core9panicking18panic_bounds_check") || 227 str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || 228 str_ends_with(func->name, "_4core9panicking30panic_null_pointer_dereference") || 229 str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || 230 strstr(func->name, "_4core9panicking13assert_failed") || 231 strstr(func->name, "_4core9panicking11panic_const24panic_const_") || 232 (strstr(func->name, "_4core5slice5index24slice_") && 233 str_ends_with(func->name, "_fail")); 234 } 235 236 /* 237 * This checks to see if the given function is a "noreturn" function. 238 * 239 * For global functions which are outside the scope of this object file, we 240 * have to keep a manual list of them. 241 * 242 * For local functions, we have to detect them manually by simply looking for 243 * the lack of a return instruction. 244 */ 245 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 246 int recursion) 247 { 248 int i; 249 struct instruction *insn; 250 bool empty = true; 251 252 #define NORETURN(func) __stringify(func), 253 static const char * const global_noreturns[] = { 254 #include "noreturns.h" 255 }; 256 #undef NORETURN 257 258 if (!func) 259 return false; 260 261 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) { 262 if (is_rust_noreturn(func)) 263 return true; 264 265 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 266 if (!strcmp(func->name, global_noreturns[i])) 267 return true; 268 } 269 270 if (func->bind == STB_WEAK) 271 return false; 272 273 if (!func->len) 274 return false; 275 276 insn = find_insn(file, func->sec, func->offset); 277 if (!insn || !insn_func(insn)) 278 return false; 279 280 func_for_each_insn(file, func, insn) { 281 empty = false; 282 283 if (insn->type == INSN_RETURN) 284 return false; 285 } 286 287 if (empty) 288 return false; 289 290 /* 291 * A function can have a sibling call instead of a return. In that 292 * case, the function's dead-end status depends on whether the target 293 * of the sibling call returns. 294 */ 295 func_for_each_insn(file, func, insn) { 296 if (is_sibling_call(insn)) { 297 struct instruction *dest = insn->jump_dest; 298 299 if (!dest) 300 /* sibling call to another file */ 301 return false; 302 303 /* local sibling call */ 304 if (recursion == 5) { 305 /* 306 * Infinite recursion: two functions have 307 * sibling calls to each other. This is a very 308 * rare case. It means they aren't dead ends. 309 */ 310 return false; 311 } 312 313 return __dead_end_function(file, insn_func(dest), recursion+1); 314 } 315 } 316 317 return true; 318 } 319 320 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 321 { 322 return __dead_end_function(file, func, 0); 323 } 324 325 static void init_cfi_state(struct cfi_state *cfi) 326 { 327 int i; 328 329 for (i = 0; i < CFI_NUM_REGS; i++) { 330 cfi->regs[i].base = CFI_UNDEFINED; 331 cfi->vals[i].base = CFI_UNDEFINED; 332 } 333 cfi->cfa.base = CFI_UNDEFINED; 334 cfi->drap_reg = CFI_UNDEFINED; 335 cfi->drap_offset = -1; 336 } 337 338 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 339 struct section *sec) 340 { 341 memset(state, 0, sizeof(*state)); 342 init_cfi_state(&state->cfi); 343 344 if (opts.noinstr && sec) 345 state->noinstr = sec->noinstr; 346 } 347 348 static struct cfi_state *cfi_alloc(void) 349 { 350 struct cfi_state *cfi = calloc(1, sizeof(struct cfi_state)); 351 if (!cfi) { 352 ERROR_GLIBC("calloc"); 353 exit(1); 354 } 355 nr_cfi++; 356 return cfi; 357 } 358 359 static int cfi_bits; 360 static struct hlist_head *cfi_hash; 361 362 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 363 { 364 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 365 (void *)cfi2 + sizeof(cfi2->hash), 366 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 367 } 368 369 static inline u32 cfi_key(struct cfi_state *cfi) 370 { 371 return jhash((void *)cfi + sizeof(cfi->hash), 372 sizeof(*cfi) - sizeof(cfi->hash), 0); 373 } 374 375 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 376 { 377 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 378 struct cfi_state *obj; 379 380 hlist_for_each_entry(obj, head, hash) { 381 if (!cficmp(cfi, obj)) { 382 nr_cfi_cache++; 383 return obj; 384 } 385 } 386 387 obj = cfi_alloc(); 388 *obj = *cfi; 389 hlist_add_head(&obj->hash, head); 390 391 return obj; 392 } 393 394 static void cfi_hash_add(struct cfi_state *cfi) 395 { 396 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 397 398 hlist_add_head(&cfi->hash, head); 399 } 400 401 static void *cfi_hash_alloc(unsigned long size) 402 { 403 cfi_bits = max(10, ilog2(size)); 404 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 405 PROT_READ|PROT_WRITE, 406 MAP_PRIVATE|MAP_ANON, -1, 0); 407 if (cfi_hash == (void *)-1L) { 408 ERROR_GLIBC("mmap fail cfi_hash"); 409 cfi_hash = NULL; 410 } else if (opts.stats) { 411 printf("cfi_bits: %d\n", cfi_bits); 412 } 413 414 return cfi_hash; 415 } 416 417 static unsigned long nr_insns; 418 static unsigned long nr_insns_visited; 419 420 /* 421 * Call the arch-specific instruction decoder for all the instructions and add 422 * them to the global instruction list. 423 */ 424 static int decode_instructions(struct objtool_file *file) 425 { 426 struct section *sec; 427 struct symbol *func; 428 unsigned long offset; 429 struct instruction *insn; 430 int ret; 431 432 for_each_sec(file, sec) { 433 struct instruction *insns = NULL; 434 u8 prev_len = 0; 435 u8 idx = 0; 436 437 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 438 continue; 439 440 if (strcmp(sec->name, ".altinstr_replacement") && 441 strcmp(sec->name, ".altinstr_aux") && 442 strncmp(sec->name, ".discard.", 9)) 443 sec->text = true; 444 445 if (!strcmp(sec->name, ".noinstr.text") || 446 !strcmp(sec->name, ".entry.text") || 447 !strcmp(sec->name, ".cpuidle.text") || 448 !strncmp(sec->name, ".text..__x86.", 13)) 449 sec->noinstr = true; 450 451 /* 452 * .init.text code is ran before userspace and thus doesn't 453 * strictly need retpolines, except for modules which are 454 * loaded late, they very much do need retpoline in their 455 * .init.text 456 */ 457 if (!strcmp(sec->name, ".init.text") && !opts.module) 458 sec->init = true; 459 460 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 461 if (!insns || idx == INSN_CHUNK_MAX) { 462 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE); 463 if (!insns) { 464 ERROR_GLIBC("calloc"); 465 return -1; 466 } 467 idx = 0; 468 } else { 469 idx++; 470 } 471 insn = &insns[idx]; 472 insn->idx = idx; 473 474 INIT_LIST_HEAD(&insn->call_node); 475 insn->sec = sec; 476 insn->offset = offset; 477 insn->prev_len = prev_len; 478 479 ret = arch_decode_instruction(file, sec, offset, 480 sec->sh.sh_size - offset, 481 insn); 482 if (ret) 483 return ret; 484 485 prev_len = insn->len; 486 487 /* 488 * By default, "ud2" is a dead end unless otherwise 489 * annotated, because GCC 7 inserts it for certain 490 * divide-by-zero cases. 491 */ 492 if (insn->type == INSN_BUG) 493 insn->dead_end = true; 494 495 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 496 nr_insns++; 497 } 498 499 sec_for_each_sym(sec, func) { 500 if (func->type != STT_NOTYPE && func->type != STT_FUNC) 501 continue; 502 503 if (func->offset == sec->sh.sh_size) { 504 /* Heuristic: likely an "end" symbol */ 505 if (func->type == STT_NOTYPE) 506 continue; 507 ERROR("%s(): STT_FUNC at end of section", func->name); 508 return -1; 509 } 510 511 if (func->embedded_insn || func->alias != func) 512 continue; 513 514 if (!find_insn(file, sec, func->offset)) { 515 ERROR("%s(): can't find starting instruction", func->name); 516 return -1; 517 } 518 519 sym_for_each_insn(file, func, insn) { 520 insn->sym = func; 521 if (func->type == STT_FUNC && 522 insn->type == INSN_ENDBR && 523 list_empty(&insn->call_node)) { 524 if (insn->offset == func->offset) { 525 list_add_tail(&insn->call_node, &file->endbr_list); 526 file->nr_endbr++; 527 } else { 528 file->nr_endbr_int++; 529 } 530 } 531 } 532 } 533 } 534 535 if (opts.stats) 536 printf("nr_insns: %lu\n", nr_insns); 537 538 return 0; 539 } 540 541 /* 542 * Read the pv_ops[] .data table to find the static initialized values. 543 */ 544 static int add_pv_ops(struct objtool_file *file, const char *symname) 545 { 546 struct symbol *sym, *func; 547 unsigned long off, end; 548 struct reloc *reloc; 549 int idx; 550 551 sym = find_symbol_by_name(file->elf, symname); 552 if (!sym) 553 return 0; 554 555 off = sym->offset; 556 end = off + sym->len; 557 for (;;) { 558 reloc = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 559 if (!reloc) 560 break; 561 562 idx = (reloc_offset(reloc) - sym->offset) / sizeof(unsigned long); 563 564 func = reloc->sym; 565 if (func->type == STT_SECTION) 566 func = find_symbol_by_offset(reloc->sym->sec, 567 reloc_addend(reloc)); 568 if (!func) { 569 ERROR_FUNC(reloc->sym->sec, reloc_addend(reloc), 570 "can't find func at %s[%d]", symname, idx); 571 return -1; 572 } 573 574 if (objtool_pv_add(file, idx, func)) 575 return -1; 576 577 off = reloc_offset(reloc) + 1; 578 if (off > end) 579 break; 580 } 581 582 return 0; 583 } 584 585 /* 586 * Allocate and initialize file->pv_ops[]. 587 */ 588 static int init_pv_ops(struct objtool_file *file) 589 { 590 static const char *pv_ops_tables[] = { 591 "pv_ops", 592 "xen_cpu_ops", 593 "xen_irq_ops", 594 "xen_mmu_ops", 595 NULL, 596 }; 597 const char *pv_ops; 598 struct symbol *sym; 599 int idx, nr, ret; 600 601 if (!opts.noinstr) 602 return 0; 603 604 file->pv_ops = NULL; 605 606 sym = find_symbol_by_name(file->elf, "pv_ops"); 607 if (!sym) 608 return 0; 609 610 nr = sym->len / sizeof(unsigned long); 611 file->pv_ops = calloc(sizeof(struct pv_state), nr); 612 if (!file->pv_ops) { 613 ERROR_GLIBC("calloc"); 614 return -1; 615 } 616 617 for (idx = 0; idx < nr; idx++) 618 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 619 620 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) { 621 ret = add_pv_ops(file, pv_ops); 622 if (ret) 623 return ret; 624 } 625 626 return 0; 627 } 628 629 static int create_static_call_sections(struct objtool_file *file) 630 { 631 struct static_call_site *site; 632 struct section *sec; 633 struct instruction *insn; 634 struct symbol *key_sym; 635 char *key_name, *tmp; 636 int idx; 637 638 sec = find_section_by_name(file->elf, ".static_call_sites"); 639 if (sec) { 640 INIT_LIST_HEAD(&file->static_call_list); 641 WARN("file already has .static_call_sites section, skipping"); 642 return 0; 643 } 644 645 if (list_empty(&file->static_call_list)) 646 return 0; 647 648 idx = 0; 649 list_for_each_entry(insn, &file->static_call_list, call_node) 650 idx++; 651 652 sec = elf_create_section_pair(file->elf, ".static_call_sites", 653 sizeof(*site), idx, idx * 2); 654 if (!sec) 655 return -1; 656 657 /* Allow modules to modify the low bits of static_call_site::key */ 658 sec->sh.sh_flags |= SHF_WRITE; 659 660 idx = 0; 661 list_for_each_entry(insn, &file->static_call_list, call_node) { 662 663 /* populate reloc for 'addr' */ 664 if (!elf_init_reloc_text_sym(file->elf, sec, 665 idx * sizeof(*site), idx * 2, 666 insn->sec, insn->offset)) 667 return -1; 668 669 /* find key symbol */ 670 key_name = strdup(insn_call_dest(insn)->name); 671 if (!key_name) { 672 ERROR_GLIBC("strdup"); 673 return -1; 674 } 675 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 676 STATIC_CALL_TRAMP_PREFIX_LEN)) { 677 ERROR("static_call: trampoline name malformed: %s", key_name); 678 return -1; 679 } 680 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 681 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 682 683 key_sym = find_symbol_by_name(file->elf, tmp); 684 if (!key_sym) { 685 if (!opts.module) { 686 ERROR("static_call: can't find static_call_key symbol: %s", tmp); 687 return -1; 688 } 689 690 /* 691 * For modules(), the key might not be exported, which 692 * means the module can make static calls but isn't 693 * allowed to change them. 694 * 695 * In that case we temporarily set the key to be the 696 * trampoline address. This is fixed up in 697 * static_call_add_module(). 698 */ 699 key_sym = insn_call_dest(insn); 700 } 701 702 /* populate reloc for 'key' */ 703 if (!elf_init_reloc_data_sym(file->elf, sec, 704 idx * sizeof(*site) + 4, 705 (idx * 2) + 1, key_sym, 706 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 707 return -1; 708 709 idx++; 710 } 711 712 return 0; 713 } 714 715 static int create_retpoline_sites_sections(struct objtool_file *file) 716 { 717 struct instruction *insn; 718 struct section *sec; 719 int idx; 720 721 sec = find_section_by_name(file->elf, ".retpoline_sites"); 722 if (sec) { 723 WARN("file already has .retpoline_sites, skipping"); 724 return 0; 725 } 726 727 idx = 0; 728 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 729 idx++; 730 731 if (!idx) 732 return 0; 733 734 sec = elf_create_section_pair(file->elf, ".retpoline_sites", 735 sizeof(int), idx, idx); 736 if (!sec) 737 return -1; 738 739 idx = 0; 740 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 741 742 if (!elf_init_reloc_text_sym(file->elf, sec, 743 idx * sizeof(int), idx, 744 insn->sec, insn->offset)) 745 return -1; 746 747 idx++; 748 } 749 750 return 0; 751 } 752 753 static int create_return_sites_sections(struct objtool_file *file) 754 { 755 struct instruction *insn; 756 struct section *sec; 757 int idx; 758 759 sec = find_section_by_name(file->elf, ".return_sites"); 760 if (sec) { 761 WARN("file already has .return_sites, skipping"); 762 return 0; 763 } 764 765 idx = 0; 766 list_for_each_entry(insn, &file->return_thunk_list, call_node) 767 idx++; 768 769 if (!idx) 770 return 0; 771 772 sec = elf_create_section_pair(file->elf, ".return_sites", 773 sizeof(int), idx, idx); 774 if (!sec) 775 return -1; 776 777 idx = 0; 778 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 779 780 if (!elf_init_reloc_text_sym(file->elf, sec, 781 idx * sizeof(int), idx, 782 insn->sec, insn->offset)) 783 return -1; 784 785 idx++; 786 } 787 788 return 0; 789 } 790 791 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 792 { 793 struct instruction *insn; 794 struct section *sec; 795 int idx; 796 797 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 798 if (sec) { 799 WARN("file already has .ibt_endbr_seal, skipping"); 800 return 0; 801 } 802 803 idx = 0; 804 list_for_each_entry(insn, &file->endbr_list, call_node) 805 idx++; 806 807 if (opts.stats) { 808 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 809 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 810 printf("ibt: superfluous ENDBR: %d\n", idx); 811 } 812 813 if (!idx) 814 return 0; 815 816 sec = elf_create_section_pair(file->elf, ".ibt_endbr_seal", 817 sizeof(int), idx, idx); 818 if (!sec) 819 return -1; 820 821 idx = 0; 822 list_for_each_entry(insn, &file->endbr_list, call_node) { 823 824 int *site = (int *)sec->data->d_buf + idx; 825 struct symbol *sym = insn->sym; 826 *site = 0; 827 828 if (opts.module && sym && sym->type == STT_FUNC && 829 insn->offset == sym->offset && 830 (!strcmp(sym->name, "init_module") || 831 !strcmp(sym->name, "cleanup_module"))) { 832 ERROR("%s(): Magic init_module() function name is deprecated, use module_init(fn) instead", 833 sym->name); 834 return -1; 835 } 836 837 if (!elf_init_reloc_text_sym(file->elf, sec, 838 idx * sizeof(int), idx, 839 insn->sec, insn->offset)) 840 return -1; 841 842 idx++; 843 } 844 845 return 0; 846 } 847 848 static int create_cfi_sections(struct objtool_file *file) 849 { 850 struct section *sec; 851 struct symbol *sym; 852 int idx; 853 854 sec = find_section_by_name(file->elf, ".cfi_sites"); 855 if (sec) { 856 INIT_LIST_HEAD(&file->call_list); 857 WARN("file already has .cfi_sites section, skipping"); 858 return 0; 859 } 860 861 idx = 0; 862 for_each_sym(file, sym) { 863 if (sym->type != STT_FUNC) 864 continue; 865 866 if (strncmp(sym->name, "__cfi_", 6)) 867 continue; 868 869 idx++; 870 } 871 872 sec = elf_create_section_pair(file->elf, ".cfi_sites", 873 sizeof(unsigned int), idx, idx); 874 if (!sec) 875 return -1; 876 877 idx = 0; 878 for_each_sym(file, sym) { 879 if (sym->type != STT_FUNC) 880 continue; 881 882 if (strncmp(sym->name, "__cfi_", 6)) 883 continue; 884 885 if (!elf_init_reloc_text_sym(file->elf, sec, 886 idx * sizeof(unsigned int), idx, 887 sym->sec, sym->offset)) 888 return -1; 889 890 idx++; 891 } 892 893 return 0; 894 } 895 896 static int create_mcount_loc_sections(struct objtool_file *file) 897 { 898 size_t addr_size = elf_addr_size(file->elf); 899 struct instruction *insn; 900 struct section *sec; 901 int idx; 902 903 sec = find_section_by_name(file->elf, "__mcount_loc"); 904 if (sec) { 905 INIT_LIST_HEAD(&file->mcount_loc_list); 906 WARN("file already has __mcount_loc section, skipping"); 907 return 0; 908 } 909 910 if (list_empty(&file->mcount_loc_list)) 911 return 0; 912 913 idx = 0; 914 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 915 idx++; 916 917 sec = elf_create_section_pair(file->elf, "__mcount_loc", addr_size, 918 idx, idx); 919 if (!sec) 920 return -1; 921 922 sec->sh.sh_addralign = addr_size; 923 924 idx = 0; 925 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 926 927 struct reloc *reloc; 928 929 reloc = elf_init_reloc_text_sym(file->elf, sec, idx * addr_size, idx, 930 insn->sec, insn->offset); 931 if (!reloc) 932 return -1; 933 934 set_reloc_type(file->elf, reloc, addr_size == 8 ? R_ABS64 : R_ABS32); 935 936 idx++; 937 } 938 939 return 0; 940 } 941 942 static int create_direct_call_sections(struct objtool_file *file) 943 { 944 struct instruction *insn; 945 struct section *sec; 946 int idx; 947 948 sec = find_section_by_name(file->elf, ".call_sites"); 949 if (sec) { 950 INIT_LIST_HEAD(&file->call_list); 951 WARN("file already has .call_sites section, skipping"); 952 return 0; 953 } 954 955 if (list_empty(&file->call_list)) 956 return 0; 957 958 idx = 0; 959 list_for_each_entry(insn, &file->call_list, call_node) 960 idx++; 961 962 sec = elf_create_section_pair(file->elf, ".call_sites", 963 sizeof(unsigned int), idx, idx); 964 if (!sec) 965 return -1; 966 967 idx = 0; 968 list_for_each_entry(insn, &file->call_list, call_node) { 969 970 if (!elf_init_reloc_text_sym(file->elf, sec, 971 idx * sizeof(unsigned int), idx, 972 insn->sec, insn->offset)) 973 return -1; 974 975 idx++; 976 } 977 978 return 0; 979 } 980 981 /* 982 * Warnings shouldn't be reported for ignored functions. 983 */ 984 static int add_ignores(struct objtool_file *file) 985 { 986 struct section *rsec; 987 struct symbol *func; 988 struct reloc *reloc; 989 990 rsec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 991 if (!rsec) 992 return 0; 993 994 for_each_reloc(rsec, reloc) { 995 switch (reloc->sym->type) { 996 case STT_FUNC: 997 func = reloc->sym; 998 break; 999 1000 case STT_SECTION: 1001 func = find_func_by_offset(reloc->sym->sec, reloc_addend(reloc)); 1002 if (!func) 1003 continue; 1004 break; 1005 1006 default: 1007 ERROR("unexpected relocation symbol type in %s: %d", 1008 rsec->name, reloc->sym->type); 1009 return -1; 1010 } 1011 1012 func->ignore = true; 1013 if (func->cfunc) 1014 func->cfunc->ignore = true; 1015 } 1016 1017 return 0; 1018 } 1019 1020 /* 1021 * This is a whitelist of functions that is allowed to be called with AC set. 1022 * The list is meant to be minimal and only contains compiler instrumentation 1023 * ABI and a few functions used to implement *_{to,from}_user() functions. 1024 * 1025 * These functions must not directly change AC, but may PUSHF/POPF. 1026 */ 1027 static const char *uaccess_safe_builtin[] = { 1028 /* KASAN */ 1029 "kasan_report", 1030 "kasan_check_range", 1031 /* KASAN out-of-line */ 1032 "__asan_loadN_noabort", 1033 "__asan_load1_noabort", 1034 "__asan_load2_noabort", 1035 "__asan_load4_noabort", 1036 "__asan_load8_noabort", 1037 "__asan_load16_noabort", 1038 "__asan_storeN_noabort", 1039 "__asan_store1_noabort", 1040 "__asan_store2_noabort", 1041 "__asan_store4_noabort", 1042 "__asan_store8_noabort", 1043 "__asan_store16_noabort", 1044 "__kasan_check_read", 1045 "__kasan_check_write", 1046 /* KASAN in-line */ 1047 "__asan_report_load_n_noabort", 1048 "__asan_report_load1_noabort", 1049 "__asan_report_load2_noabort", 1050 "__asan_report_load4_noabort", 1051 "__asan_report_load8_noabort", 1052 "__asan_report_load16_noabort", 1053 "__asan_report_store_n_noabort", 1054 "__asan_report_store1_noabort", 1055 "__asan_report_store2_noabort", 1056 "__asan_report_store4_noabort", 1057 "__asan_report_store8_noabort", 1058 "__asan_report_store16_noabort", 1059 /* KCSAN */ 1060 "__kcsan_check_access", 1061 "__kcsan_mb", 1062 "__kcsan_wmb", 1063 "__kcsan_rmb", 1064 "__kcsan_release", 1065 "kcsan_found_watchpoint", 1066 "kcsan_setup_watchpoint", 1067 "kcsan_check_scoped_accesses", 1068 "kcsan_disable_current", 1069 "kcsan_enable_current_nowarn", 1070 /* KCSAN/TSAN */ 1071 "__tsan_func_entry", 1072 "__tsan_func_exit", 1073 "__tsan_read_range", 1074 "__tsan_write_range", 1075 "__tsan_read1", 1076 "__tsan_read2", 1077 "__tsan_read4", 1078 "__tsan_read8", 1079 "__tsan_read16", 1080 "__tsan_write1", 1081 "__tsan_write2", 1082 "__tsan_write4", 1083 "__tsan_write8", 1084 "__tsan_write16", 1085 "__tsan_read_write1", 1086 "__tsan_read_write2", 1087 "__tsan_read_write4", 1088 "__tsan_read_write8", 1089 "__tsan_read_write16", 1090 "__tsan_volatile_read1", 1091 "__tsan_volatile_read2", 1092 "__tsan_volatile_read4", 1093 "__tsan_volatile_read8", 1094 "__tsan_volatile_read16", 1095 "__tsan_volatile_write1", 1096 "__tsan_volatile_write2", 1097 "__tsan_volatile_write4", 1098 "__tsan_volatile_write8", 1099 "__tsan_volatile_write16", 1100 "__tsan_atomic8_load", 1101 "__tsan_atomic16_load", 1102 "__tsan_atomic32_load", 1103 "__tsan_atomic64_load", 1104 "__tsan_atomic8_store", 1105 "__tsan_atomic16_store", 1106 "__tsan_atomic32_store", 1107 "__tsan_atomic64_store", 1108 "__tsan_atomic8_exchange", 1109 "__tsan_atomic16_exchange", 1110 "__tsan_atomic32_exchange", 1111 "__tsan_atomic64_exchange", 1112 "__tsan_atomic8_fetch_add", 1113 "__tsan_atomic16_fetch_add", 1114 "__tsan_atomic32_fetch_add", 1115 "__tsan_atomic64_fetch_add", 1116 "__tsan_atomic8_fetch_sub", 1117 "__tsan_atomic16_fetch_sub", 1118 "__tsan_atomic32_fetch_sub", 1119 "__tsan_atomic64_fetch_sub", 1120 "__tsan_atomic8_fetch_and", 1121 "__tsan_atomic16_fetch_and", 1122 "__tsan_atomic32_fetch_and", 1123 "__tsan_atomic64_fetch_and", 1124 "__tsan_atomic8_fetch_or", 1125 "__tsan_atomic16_fetch_or", 1126 "__tsan_atomic32_fetch_or", 1127 "__tsan_atomic64_fetch_or", 1128 "__tsan_atomic8_fetch_xor", 1129 "__tsan_atomic16_fetch_xor", 1130 "__tsan_atomic32_fetch_xor", 1131 "__tsan_atomic64_fetch_xor", 1132 "__tsan_atomic8_fetch_nand", 1133 "__tsan_atomic16_fetch_nand", 1134 "__tsan_atomic32_fetch_nand", 1135 "__tsan_atomic64_fetch_nand", 1136 "__tsan_atomic8_compare_exchange_strong", 1137 "__tsan_atomic16_compare_exchange_strong", 1138 "__tsan_atomic32_compare_exchange_strong", 1139 "__tsan_atomic64_compare_exchange_strong", 1140 "__tsan_atomic8_compare_exchange_weak", 1141 "__tsan_atomic16_compare_exchange_weak", 1142 "__tsan_atomic32_compare_exchange_weak", 1143 "__tsan_atomic64_compare_exchange_weak", 1144 "__tsan_atomic8_compare_exchange_val", 1145 "__tsan_atomic16_compare_exchange_val", 1146 "__tsan_atomic32_compare_exchange_val", 1147 "__tsan_atomic64_compare_exchange_val", 1148 "__tsan_atomic_thread_fence", 1149 "__tsan_atomic_signal_fence", 1150 "__tsan_unaligned_read16", 1151 "__tsan_unaligned_write16", 1152 /* KCOV */ 1153 "write_comp_data", 1154 "check_kcov_mode", 1155 "__sanitizer_cov_trace_pc", 1156 "__sanitizer_cov_trace_const_cmp1", 1157 "__sanitizer_cov_trace_const_cmp2", 1158 "__sanitizer_cov_trace_const_cmp4", 1159 "__sanitizer_cov_trace_const_cmp8", 1160 "__sanitizer_cov_trace_cmp1", 1161 "__sanitizer_cov_trace_cmp2", 1162 "__sanitizer_cov_trace_cmp4", 1163 "__sanitizer_cov_trace_cmp8", 1164 "__sanitizer_cov_trace_switch", 1165 /* KMSAN */ 1166 "kmsan_copy_to_user", 1167 "kmsan_disable_current", 1168 "kmsan_enable_current", 1169 "kmsan_report", 1170 "kmsan_unpoison_entry_regs", 1171 "kmsan_unpoison_memory", 1172 "__msan_chain_origin", 1173 "__msan_get_context_state", 1174 "__msan_instrument_asm_store", 1175 "__msan_metadata_ptr_for_load_1", 1176 "__msan_metadata_ptr_for_load_2", 1177 "__msan_metadata_ptr_for_load_4", 1178 "__msan_metadata_ptr_for_load_8", 1179 "__msan_metadata_ptr_for_load_n", 1180 "__msan_metadata_ptr_for_store_1", 1181 "__msan_metadata_ptr_for_store_2", 1182 "__msan_metadata_ptr_for_store_4", 1183 "__msan_metadata_ptr_for_store_8", 1184 "__msan_metadata_ptr_for_store_n", 1185 "__msan_poison_alloca", 1186 "__msan_warning", 1187 /* UBSAN */ 1188 "ubsan_type_mismatch_common", 1189 "__ubsan_handle_type_mismatch", 1190 "__ubsan_handle_type_mismatch_v1", 1191 "__ubsan_handle_shift_out_of_bounds", 1192 "__ubsan_handle_load_invalid_value", 1193 /* STACKLEAK */ 1194 "stackleak_track_stack", 1195 /* TRACE_BRANCH_PROFILING */ 1196 "ftrace_likely_update", 1197 /* STACKPROTECTOR */ 1198 "__stack_chk_fail", 1199 /* misc */ 1200 "csum_partial_copy_generic", 1201 "copy_mc_fragile", 1202 "copy_mc_fragile_handle_tail", 1203 "copy_mc_enhanced_fast_string", 1204 "rep_stos_alternative", 1205 "rep_movs_alternative", 1206 "__copy_user_nocache", 1207 NULL 1208 }; 1209 1210 static void add_uaccess_safe(struct objtool_file *file) 1211 { 1212 struct symbol *func; 1213 const char **name; 1214 1215 if (!opts.uaccess) 1216 return; 1217 1218 for (name = uaccess_safe_builtin; *name; name++) { 1219 func = find_symbol_by_name(file->elf, *name); 1220 if (!func) 1221 continue; 1222 1223 func->uaccess_safe = true; 1224 } 1225 } 1226 1227 /* 1228 * Symbols that replace INSN_CALL_DYNAMIC, every (tail) call to such a symbol 1229 * will be added to the .retpoline_sites section. 1230 */ 1231 __weak bool arch_is_retpoline(struct symbol *sym) 1232 { 1233 return false; 1234 } 1235 1236 /* 1237 * Symbols that replace INSN_RETURN, every (tail) call to such a symbol 1238 * will be added to the .return_sites section. 1239 */ 1240 __weak bool arch_is_rethunk(struct symbol *sym) 1241 { 1242 return false; 1243 } 1244 1245 /* 1246 * Symbols that are embedded inside other instructions, because sometimes crazy 1247 * code exists. These are mostly ignored for validation purposes. 1248 */ 1249 __weak bool arch_is_embedded_insn(struct symbol *sym) 1250 { 1251 return false; 1252 } 1253 1254 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1255 { 1256 struct reloc *reloc; 1257 1258 if (insn->no_reloc) 1259 return NULL; 1260 1261 if (!file) 1262 return NULL; 1263 1264 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1265 insn->offset, insn->len); 1266 if (!reloc) { 1267 insn->no_reloc = 1; 1268 return NULL; 1269 } 1270 1271 return reloc; 1272 } 1273 1274 static void remove_insn_ops(struct instruction *insn) 1275 { 1276 struct stack_op *op, *next; 1277 1278 for (op = insn->stack_ops; op; op = next) { 1279 next = op->next; 1280 free(op); 1281 } 1282 insn->stack_ops = NULL; 1283 } 1284 1285 static int annotate_call_site(struct objtool_file *file, 1286 struct instruction *insn, bool sibling) 1287 { 1288 struct reloc *reloc = insn_reloc(file, insn); 1289 struct symbol *sym = insn_call_dest(insn); 1290 1291 if (!sym) 1292 sym = reloc->sym; 1293 1294 if (sym->static_call_tramp) { 1295 list_add_tail(&insn->call_node, &file->static_call_list); 1296 return 0; 1297 } 1298 1299 if (sym->retpoline_thunk) { 1300 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1301 return 0; 1302 } 1303 1304 /* 1305 * Many compilers cannot disable KCOV or sanitizer calls with a function 1306 * attribute so they need a little help, NOP out any such calls from 1307 * noinstr text. 1308 */ 1309 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1310 if (reloc) 1311 set_reloc_type(file->elf, reloc, R_NONE); 1312 1313 if (elf_write_insn(file->elf, insn->sec, 1314 insn->offset, insn->len, 1315 sibling ? arch_ret_insn(insn->len) 1316 : arch_nop_insn(insn->len))) { 1317 return -1; 1318 } 1319 1320 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1321 1322 if (sibling) { 1323 /* 1324 * We've replaced the tail-call JMP insn by two new 1325 * insn: RET; INT3, except we only have a single struct 1326 * insn here. Mark it retpoline_safe to avoid the SLS 1327 * warning, instead of adding another insn. 1328 */ 1329 insn->retpoline_safe = true; 1330 } 1331 1332 return 0; 1333 } 1334 1335 if (opts.mcount && sym->fentry) { 1336 if (sibling) 1337 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1338 if (opts.mnop) { 1339 if (reloc) 1340 set_reloc_type(file->elf, reloc, R_NONE); 1341 1342 if (elf_write_insn(file->elf, insn->sec, 1343 insn->offset, insn->len, 1344 arch_nop_insn(insn->len))) { 1345 return -1; 1346 } 1347 1348 insn->type = INSN_NOP; 1349 } 1350 1351 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1352 return 0; 1353 } 1354 1355 if (insn->type == INSN_CALL && !insn->sec->init && 1356 !insn->_call_dest->embedded_insn) 1357 list_add_tail(&insn->call_node, &file->call_list); 1358 1359 if (!sibling && dead_end_function(file, sym)) 1360 insn->dead_end = true; 1361 1362 return 0; 1363 } 1364 1365 static int add_call_dest(struct objtool_file *file, struct instruction *insn, 1366 struct symbol *dest, bool sibling) 1367 { 1368 insn->_call_dest = dest; 1369 if (!dest) 1370 return 0; 1371 1372 /* 1373 * Whatever stack impact regular CALLs have, should be undone 1374 * by the RETURN of the called function. 1375 * 1376 * Annotated intra-function calls retain the stack_ops but 1377 * are converted to JUMP, see read_intra_function_calls(). 1378 */ 1379 remove_insn_ops(insn); 1380 1381 return annotate_call_site(file, insn, sibling); 1382 } 1383 1384 static int add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1385 { 1386 /* 1387 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1388 * so convert them accordingly. 1389 */ 1390 switch (insn->type) { 1391 case INSN_CALL: 1392 insn->type = INSN_CALL_DYNAMIC; 1393 break; 1394 case INSN_JUMP_UNCONDITIONAL: 1395 insn->type = INSN_JUMP_DYNAMIC; 1396 break; 1397 case INSN_JUMP_CONDITIONAL: 1398 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1399 break; 1400 default: 1401 return 0; 1402 } 1403 1404 insn->retpoline_safe = true; 1405 1406 /* 1407 * Whatever stack impact regular CALLs have, should be undone 1408 * by the RETURN of the called function. 1409 * 1410 * Annotated intra-function calls retain the stack_ops but 1411 * are converted to JUMP, see read_intra_function_calls(). 1412 */ 1413 remove_insn_ops(insn); 1414 1415 return annotate_call_site(file, insn, false); 1416 } 1417 1418 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1419 { 1420 /* 1421 * Return thunk tail calls are really just returns in disguise, 1422 * so convert them accordingly. 1423 */ 1424 insn->type = INSN_RETURN; 1425 insn->retpoline_safe = true; 1426 1427 if (add) 1428 list_add_tail(&insn->call_node, &file->return_thunk_list); 1429 } 1430 1431 static bool is_first_func_insn(struct objtool_file *file, 1432 struct instruction *insn, struct symbol *sym) 1433 { 1434 if (insn->offset == sym->offset) 1435 return true; 1436 1437 /* Allow direct CALL/JMP past ENDBR */ 1438 if (opts.ibt) { 1439 struct instruction *prev = prev_insn_same_sym(file, insn); 1440 1441 if (prev && prev->type == INSN_ENDBR && 1442 insn->offset == sym->offset + prev->len) 1443 return true; 1444 } 1445 1446 return false; 1447 } 1448 1449 /* 1450 * A sibling call is a tail-call to another symbol -- to differentiate from a 1451 * recursive tail-call which is to the same symbol. 1452 */ 1453 static bool jump_is_sibling_call(struct objtool_file *file, 1454 struct instruction *from, struct instruction *to) 1455 { 1456 struct symbol *fs = from->sym; 1457 struct symbol *ts = to->sym; 1458 1459 /* Not a sibling call if from/to a symbol hole */ 1460 if (!fs || !ts) 1461 return false; 1462 1463 /* Not a sibling call if not targeting the start of a symbol. */ 1464 if (!is_first_func_insn(file, to, ts)) 1465 return false; 1466 1467 /* Disallow sibling calls into STT_NOTYPE */ 1468 if (ts->type == STT_NOTYPE) 1469 return false; 1470 1471 /* Must not be self to be a sibling */ 1472 return fs->pfunc != ts->pfunc; 1473 } 1474 1475 /* 1476 * Find the destination instructions for all jumps. 1477 */ 1478 static int add_jump_destinations(struct objtool_file *file) 1479 { 1480 struct instruction *insn, *jump_dest; 1481 struct reloc *reloc; 1482 struct section *dest_sec; 1483 unsigned long dest_off; 1484 int ret; 1485 1486 for_each_insn(file, insn) { 1487 struct symbol *func = insn_func(insn); 1488 1489 if (insn->jump_dest) { 1490 /* 1491 * handle_group_alt() may have previously set 1492 * 'jump_dest' for some alternatives. 1493 */ 1494 continue; 1495 } 1496 if (!is_static_jump(insn)) 1497 continue; 1498 1499 reloc = insn_reloc(file, insn); 1500 if (!reloc) { 1501 dest_sec = insn->sec; 1502 dest_off = arch_jump_destination(insn); 1503 } else if (reloc->sym->type == STT_SECTION) { 1504 dest_sec = reloc->sym->sec; 1505 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1506 } else if (reloc->sym->retpoline_thunk) { 1507 ret = add_retpoline_call(file, insn); 1508 if (ret) 1509 return ret; 1510 continue; 1511 } else if (reloc->sym->return_thunk) { 1512 add_return_call(file, insn, true); 1513 continue; 1514 } else if (func) { 1515 /* 1516 * External sibling call or internal sibling call with 1517 * STT_FUNC reloc. 1518 */ 1519 ret = add_call_dest(file, insn, reloc->sym, true); 1520 if (ret) 1521 return ret; 1522 continue; 1523 } else if (reloc->sym->sec->idx) { 1524 dest_sec = reloc->sym->sec; 1525 dest_off = reloc->sym->sym.st_value + 1526 arch_dest_reloc_offset(reloc_addend(reloc)); 1527 } else { 1528 /* non-func asm code jumping to another file */ 1529 continue; 1530 } 1531 1532 jump_dest = find_insn(file, dest_sec, dest_off); 1533 if (!jump_dest) { 1534 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1535 1536 /* 1537 * This is a special case for retbleed_untrain_ret(). 1538 * It jumps to __x86_return_thunk(), but objtool 1539 * can't find the thunk's starting RET 1540 * instruction, because the RET is also in the 1541 * middle of another instruction. Objtool only 1542 * knows about the outer instruction. 1543 */ 1544 if (sym && sym->embedded_insn) { 1545 add_return_call(file, insn, false); 1546 continue; 1547 } 1548 1549 /* 1550 * GCOV/KCOV dead code can jump to the end of the 1551 * function/section. 1552 */ 1553 if (file->ignore_unreachables && func && 1554 dest_sec == insn->sec && 1555 dest_off == func->offset + func->len) 1556 continue; 1557 1558 ERROR_INSN(insn, "can't find jump dest instruction at %s+0x%lx", 1559 dest_sec->name, dest_off); 1560 return -1; 1561 } 1562 1563 /* 1564 * An intra-TU jump in retpoline.o might not have a relocation 1565 * for its jump dest, in which case the above 1566 * add_{retpoline,return}_call() didn't happen. 1567 */ 1568 if (jump_dest->sym && jump_dest->offset == jump_dest->sym->offset) { 1569 if (jump_dest->sym->retpoline_thunk) { 1570 ret = add_retpoline_call(file, insn); 1571 if (ret) 1572 return ret; 1573 continue; 1574 } 1575 if (jump_dest->sym->return_thunk) { 1576 add_return_call(file, insn, true); 1577 continue; 1578 } 1579 } 1580 1581 /* 1582 * Cross-function jump. 1583 */ 1584 if (func && insn_func(jump_dest) && func != insn_func(jump_dest)) { 1585 1586 /* 1587 * For GCC 8+, create parent/child links for any cold 1588 * subfunctions. This is _mostly_ redundant with a 1589 * similar initialization in read_symbols(). 1590 * 1591 * If a function has aliases, we want the *first* such 1592 * function in the symbol table to be the subfunction's 1593 * parent. In that case we overwrite the 1594 * initialization done in read_symbols(). 1595 * 1596 * However this code can't completely replace the 1597 * read_symbols() code because this doesn't detect the 1598 * case where the parent function's only reference to a 1599 * subfunction is through a jump table. 1600 */ 1601 if (!strstr(func->name, ".cold") && 1602 strstr(insn_func(jump_dest)->name, ".cold")) { 1603 func->cfunc = insn_func(jump_dest); 1604 insn_func(jump_dest)->pfunc = func; 1605 } 1606 } 1607 1608 if (jump_is_sibling_call(file, insn, jump_dest)) { 1609 /* 1610 * Internal sibling call without reloc or with 1611 * STT_SECTION reloc. 1612 */ 1613 ret = add_call_dest(file, insn, insn_func(jump_dest), true); 1614 if (ret) 1615 return ret; 1616 continue; 1617 } 1618 1619 insn->jump_dest = jump_dest; 1620 } 1621 1622 return 0; 1623 } 1624 1625 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1626 { 1627 struct symbol *call_dest; 1628 1629 call_dest = find_func_by_offset(sec, offset); 1630 if (!call_dest) 1631 call_dest = find_symbol_by_offset(sec, offset); 1632 1633 return call_dest; 1634 } 1635 1636 /* 1637 * Find the destination instructions for all calls. 1638 */ 1639 static int add_call_destinations(struct objtool_file *file) 1640 { 1641 struct instruction *insn; 1642 unsigned long dest_off; 1643 struct symbol *dest; 1644 struct reloc *reloc; 1645 int ret; 1646 1647 for_each_insn(file, insn) { 1648 struct symbol *func = insn_func(insn); 1649 if (insn->type != INSN_CALL) 1650 continue; 1651 1652 reloc = insn_reloc(file, insn); 1653 if (!reloc) { 1654 dest_off = arch_jump_destination(insn); 1655 dest = find_call_destination(insn->sec, dest_off); 1656 1657 ret = add_call_dest(file, insn, dest, false); 1658 if (ret) 1659 return ret; 1660 1661 if (func && func->ignore) 1662 continue; 1663 1664 if (!insn_call_dest(insn)) { 1665 ERROR_INSN(insn, "unannotated intra-function call"); 1666 return -1; 1667 } 1668 1669 if (func && insn_call_dest(insn)->type != STT_FUNC) { 1670 ERROR_INSN(insn, "unsupported call to non-function"); 1671 return -1; 1672 } 1673 1674 } else if (reloc->sym->type == STT_SECTION) { 1675 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1676 dest = find_call_destination(reloc->sym->sec, dest_off); 1677 if (!dest) { 1678 ERROR_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1679 reloc->sym->sec->name, dest_off); 1680 return -1; 1681 } 1682 1683 ret = add_call_dest(file, insn, dest, false); 1684 if (ret) 1685 return ret; 1686 1687 } else if (reloc->sym->retpoline_thunk) { 1688 ret = add_retpoline_call(file, insn); 1689 if (ret) 1690 return ret; 1691 1692 } else { 1693 ret = add_call_dest(file, insn, reloc->sym, false); 1694 if (ret) 1695 return ret; 1696 } 1697 } 1698 1699 return 0; 1700 } 1701 1702 /* 1703 * The .alternatives section requires some extra special care over and above 1704 * other special sections because alternatives are patched in place. 1705 */ 1706 static int handle_group_alt(struct objtool_file *file, 1707 struct special_alt *special_alt, 1708 struct instruction *orig_insn, 1709 struct instruction **new_insn) 1710 { 1711 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1712 struct alt_group *orig_alt_group, *new_alt_group; 1713 unsigned long dest_off; 1714 1715 orig_alt_group = orig_insn->alt_group; 1716 if (!orig_alt_group) { 1717 struct instruction *last_orig_insn = NULL; 1718 1719 orig_alt_group = calloc(1, sizeof(*orig_alt_group)); 1720 if (!orig_alt_group) { 1721 ERROR_GLIBC("calloc"); 1722 return -1; 1723 } 1724 orig_alt_group->cfi = calloc(special_alt->orig_len, 1725 sizeof(struct cfi_state *)); 1726 if (!orig_alt_group->cfi) { 1727 ERROR_GLIBC("calloc"); 1728 return -1; 1729 } 1730 1731 insn = orig_insn; 1732 sec_for_each_insn_from(file, insn) { 1733 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1734 break; 1735 1736 insn->alt_group = orig_alt_group; 1737 last_orig_insn = insn; 1738 } 1739 orig_alt_group->orig_group = NULL; 1740 orig_alt_group->first_insn = orig_insn; 1741 orig_alt_group->last_insn = last_orig_insn; 1742 orig_alt_group->nop = NULL; 1743 orig_alt_group->ignore = orig_insn->ignore_alts; 1744 } else { 1745 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1746 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1747 ERROR_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1748 orig_alt_group->last_insn->offset + 1749 orig_alt_group->last_insn->len - 1750 orig_alt_group->first_insn->offset, 1751 special_alt->orig_len); 1752 return -1; 1753 } 1754 } 1755 1756 new_alt_group = calloc(1, sizeof(*new_alt_group)); 1757 if (!new_alt_group) { 1758 ERROR_GLIBC("calloc"); 1759 return -1; 1760 } 1761 1762 if (special_alt->new_len < special_alt->orig_len) { 1763 /* 1764 * Insert a fake nop at the end to make the replacement 1765 * alt_group the same size as the original. This is needed to 1766 * allow propagate_alt_cfi() to do its magic. When the last 1767 * instruction affects the stack, the instruction after it (the 1768 * nop) will propagate the new state to the shared CFI array. 1769 */ 1770 nop = calloc(1, sizeof(*nop)); 1771 if (!nop) { 1772 ERROR_GLIBC("calloc"); 1773 return -1; 1774 } 1775 memset(nop, 0, sizeof(*nop)); 1776 1777 nop->sec = special_alt->new_sec; 1778 nop->offset = special_alt->new_off + special_alt->new_len; 1779 nop->len = special_alt->orig_len - special_alt->new_len; 1780 nop->type = INSN_NOP; 1781 nop->sym = orig_insn->sym; 1782 nop->alt_group = new_alt_group; 1783 } 1784 1785 if (!special_alt->new_len) { 1786 *new_insn = nop; 1787 goto end; 1788 } 1789 1790 insn = *new_insn; 1791 sec_for_each_insn_from(file, insn) { 1792 struct reloc *alt_reloc; 1793 1794 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1795 break; 1796 1797 last_new_insn = insn; 1798 1799 insn->sym = orig_insn->sym; 1800 insn->alt_group = new_alt_group; 1801 1802 /* 1803 * Since alternative replacement code is copy/pasted by the 1804 * kernel after applying relocations, generally such code can't 1805 * have relative-address relocation references to outside the 1806 * .altinstr_replacement section, unless the arch's 1807 * alternatives code can adjust the relative offsets 1808 * accordingly. 1809 */ 1810 alt_reloc = insn_reloc(file, insn); 1811 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1812 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1813 1814 ERROR_INSN(insn, "unsupported relocation in alternatives section"); 1815 return -1; 1816 } 1817 1818 if (!is_static_jump(insn)) 1819 continue; 1820 1821 if (!insn->immediate) 1822 continue; 1823 1824 dest_off = arch_jump_destination(insn); 1825 if (dest_off == special_alt->new_off + special_alt->new_len) { 1826 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1827 if (!insn->jump_dest) { 1828 ERROR_INSN(insn, "can't find alternative jump destination"); 1829 return -1; 1830 } 1831 } 1832 } 1833 1834 if (!last_new_insn) { 1835 ERROR_FUNC(special_alt->new_sec, special_alt->new_off, 1836 "can't find last new alternative instruction"); 1837 return -1; 1838 } 1839 1840 end: 1841 new_alt_group->orig_group = orig_alt_group; 1842 new_alt_group->first_insn = *new_insn; 1843 new_alt_group->last_insn = last_new_insn; 1844 new_alt_group->nop = nop; 1845 new_alt_group->ignore = (*new_insn)->ignore_alts; 1846 new_alt_group->cfi = orig_alt_group->cfi; 1847 return 0; 1848 } 1849 1850 /* 1851 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1852 * If the original instruction is a jump, make the alt entry an effective nop 1853 * by just skipping the original instruction. 1854 */ 1855 static int handle_jump_alt(struct objtool_file *file, 1856 struct special_alt *special_alt, 1857 struct instruction *orig_insn, 1858 struct instruction **new_insn) 1859 { 1860 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1861 orig_insn->type != INSN_NOP) { 1862 1863 ERROR_INSN(orig_insn, "unsupported instruction at jump label"); 1864 return -1; 1865 } 1866 1867 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1868 struct reloc *reloc = insn_reloc(file, orig_insn); 1869 1870 if (reloc) 1871 set_reloc_type(file->elf, reloc, R_NONE); 1872 1873 if (elf_write_insn(file->elf, orig_insn->sec, 1874 orig_insn->offset, orig_insn->len, 1875 arch_nop_insn(orig_insn->len))) { 1876 return -1; 1877 } 1878 1879 orig_insn->type = INSN_NOP; 1880 } 1881 1882 if (orig_insn->type == INSN_NOP) { 1883 if (orig_insn->len == 2) 1884 file->jl_nop_short++; 1885 else 1886 file->jl_nop_long++; 1887 1888 return 0; 1889 } 1890 1891 if (orig_insn->len == 2) 1892 file->jl_short++; 1893 else 1894 file->jl_long++; 1895 1896 *new_insn = next_insn_same_sec(file, orig_insn); 1897 return 0; 1898 } 1899 1900 /* 1901 * Read all the special sections which have alternate instructions which can be 1902 * patched in or redirected to at runtime. Each instruction having alternate 1903 * instruction(s) has them added to its insn->alts list, which will be 1904 * traversed in validate_branch(). 1905 */ 1906 static int add_special_section_alts(struct objtool_file *file) 1907 { 1908 struct list_head special_alts; 1909 struct instruction *orig_insn, *new_insn; 1910 struct special_alt *special_alt, *tmp; 1911 struct alternative *alt; 1912 int ret; 1913 1914 if (special_get_alts(file->elf, &special_alts)) 1915 return -1; 1916 1917 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1918 1919 orig_insn = find_insn(file, special_alt->orig_sec, 1920 special_alt->orig_off); 1921 if (!orig_insn) { 1922 ERROR_FUNC(special_alt->orig_sec, special_alt->orig_off, 1923 "special: can't find orig instruction"); 1924 return -1; 1925 } 1926 1927 new_insn = NULL; 1928 if (!special_alt->group || special_alt->new_len) { 1929 new_insn = find_insn(file, special_alt->new_sec, 1930 special_alt->new_off); 1931 if (!new_insn) { 1932 ERROR_FUNC(special_alt->new_sec, special_alt->new_off, 1933 "special: can't find new instruction"); 1934 return -1; 1935 } 1936 } 1937 1938 if (special_alt->group) { 1939 if (!special_alt->orig_len) { 1940 ERROR_INSN(orig_insn, "empty alternative entry"); 1941 continue; 1942 } 1943 1944 ret = handle_group_alt(file, special_alt, orig_insn, 1945 &new_insn); 1946 if (ret) 1947 return ret; 1948 1949 } else if (special_alt->jump_or_nop) { 1950 ret = handle_jump_alt(file, special_alt, orig_insn, 1951 &new_insn); 1952 if (ret) 1953 return ret; 1954 } 1955 1956 alt = calloc(1, sizeof(*alt)); 1957 if (!alt) { 1958 ERROR_GLIBC("calloc"); 1959 return -1; 1960 } 1961 1962 alt->insn = new_insn; 1963 alt->next = orig_insn->alts; 1964 orig_insn->alts = alt; 1965 1966 list_del(&special_alt->list); 1967 free(special_alt); 1968 } 1969 1970 if (opts.stats) { 1971 printf("jl\\\tNOP\tJMP\n"); 1972 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 1973 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 1974 } 1975 1976 return 0; 1977 } 1978 1979 __weak unsigned long arch_jump_table_sym_offset(struct reloc *reloc, struct reloc *table) 1980 { 1981 return reloc->sym->offset + reloc_addend(reloc); 1982 } 1983 1984 static int add_jump_table(struct objtool_file *file, struct instruction *insn) 1985 { 1986 unsigned long table_size = insn_jump_table_size(insn); 1987 struct symbol *pfunc = insn_func(insn)->pfunc; 1988 struct reloc *table = insn_jump_table(insn); 1989 struct instruction *dest_insn; 1990 unsigned int prev_offset = 0; 1991 struct reloc *reloc = table; 1992 struct alternative *alt; 1993 unsigned long sym_offset; 1994 1995 /* 1996 * Each @reloc is a switch table relocation which points to the target 1997 * instruction. 1998 */ 1999 for_each_reloc_from(table->sec, reloc) { 2000 2001 /* Check for the end of the table: */ 2002 if (table_size && reloc_offset(reloc) - reloc_offset(table) >= table_size) 2003 break; 2004 if (reloc != table && is_jump_table(reloc)) 2005 break; 2006 2007 /* Make sure the table entries are consecutive: */ 2008 if (prev_offset && reloc_offset(reloc) != prev_offset + arch_reloc_size(reloc)) 2009 break; 2010 2011 sym_offset = arch_jump_table_sym_offset(reloc, table); 2012 2013 /* Detect function pointers from contiguous objects: */ 2014 if (reloc->sym->sec == pfunc->sec && sym_offset == pfunc->offset) 2015 break; 2016 2017 /* 2018 * Clang sometimes leaves dangling unused jump table entries 2019 * which point to the end of the function. Ignore them. 2020 */ 2021 if (reloc->sym->sec == pfunc->sec && 2022 sym_offset == pfunc->offset + pfunc->len) 2023 goto next; 2024 2025 dest_insn = find_insn(file, reloc->sym->sec, sym_offset); 2026 if (!dest_insn) 2027 break; 2028 2029 /* Make sure the destination is in the same function: */ 2030 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 2031 break; 2032 2033 alt = calloc(1, sizeof(*alt)); 2034 if (!alt) { 2035 ERROR_GLIBC("calloc"); 2036 return -1; 2037 } 2038 2039 alt->insn = dest_insn; 2040 alt->next = insn->alts; 2041 insn->alts = alt; 2042 next: 2043 prev_offset = reloc_offset(reloc); 2044 } 2045 2046 if (!prev_offset) { 2047 ERROR_INSN(insn, "can't find switch jump table"); 2048 return -1; 2049 } 2050 2051 return 0; 2052 } 2053 2054 /* 2055 * find_jump_table() - Given a dynamic jump, find the switch jump table 2056 * associated with it. 2057 */ 2058 static void find_jump_table(struct objtool_file *file, struct symbol *func, 2059 struct instruction *insn) 2060 { 2061 struct reloc *table_reloc; 2062 struct instruction *dest_insn, *orig_insn = insn; 2063 unsigned long table_size; 2064 unsigned long sym_offset; 2065 2066 /* 2067 * Backward search using the @first_jump_src links, these help avoid 2068 * much of the 'in between' code. Which avoids us getting confused by 2069 * it. 2070 */ 2071 for (; 2072 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2073 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2074 2075 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2076 break; 2077 2078 /* allow small jumps within the range */ 2079 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2080 insn->jump_dest && 2081 (insn->jump_dest->offset <= insn->offset || 2082 insn->jump_dest->offset > orig_insn->offset)) 2083 break; 2084 2085 table_reloc = arch_find_switch_table(file, insn, &table_size); 2086 if (!table_reloc) 2087 continue; 2088 2089 sym_offset = table_reloc->sym->offset + reloc_addend(table_reloc); 2090 2091 dest_insn = find_insn(file, table_reloc->sym->sec, sym_offset); 2092 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2093 continue; 2094 2095 set_jump_table(table_reloc); 2096 orig_insn->_jump_table = table_reloc; 2097 orig_insn->_jump_table_size = table_size; 2098 2099 break; 2100 } 2101 } 2102 2103 /* 2104 * First pass: Mark the head of each jump table so that in the next pass, 2105 * we know when a given jump table ends and the next one starts. 2106 */ 2107 static void mark_func_jump_tables(struct objtool_file *file, 2108 struct symbol *func) 2109 { 2110 struct instruction *insn, *last = NULL; 2111 2112 func_for_each_insn(file, func, insn) { 2113 if (!last) 2114 last = insn; 2115 2116 /* 2117 * Store back-pointers for unconditional forward jumps such 2118 * that find_jump_table() can back-track using those and 2119 * avoid some potentially confusing code. 2120 */ 2121 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2122 insn->offset > last->offset && 2123 insn->jump_dest->offset > insn->offset && 2124 !insn->jump_dest->first_jump_src) { 2125 2126 insn->jump_dest->first_jump_src = insn; 2127 last = insn->jump_dest; 2128 } 2129 2130 if (insn->type != INSN_JUMP_DYNAMIC) 2131 continue; 2132 2133 find_jump_table(file, func, insn); 2134 } 2135 } 2136 2137 static int add_func_jump_tables(struct objtool_file *file, 2138 struct symbol *func) 2139 { 2140 struct instruction *insn; 2141 int ret; 2142 2143 func_for_each_insn(file, func, insn) { 2144 if (!insn_jump_table(insn)) 2145 continue; 2146 2147 ret = add_jump_table(file, insn); 2148 if (ret) 2149 return ret; 2150 } 2151 2152 return 0; 2153 } 2154 2155 /* 2156 * For some switch statements, gcc generates a jump table in the .rodata 2157 * section which contains a list of addresses within the function to jump to. 2158 * This finds these jump tables and adds them to the insn->alts lists. 2159 */ 2160 static int add_jump_table_alts(struct objtool_file *file) 2161 { 2162 struct symbol *func; 2163 int ret; 2164 2165 if (!file->rodata) 2166 return 0; 2167 2168 for_each_sym(file, func) { 2169 if (func->type != STT_FUNC) 2170 continue; 2171 2172 mark_func_jump_tables(file, func); 2173 ret = add_func_jump_tables(file, func); 2174 if (ret) 2175 return ret; 2176 } 2177 2178 return 0; 2179 } 2180 2181 static void set_func_state(struct cfi_state *state) 2182 { 2183 state->cfa = initial_func_cfi.cfa; 2184 memcpy(&state->regs, &initial_func_cfi.regs, 2185 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2186 state->stack_size = initial_func_cfi.cfa.offset; 2187 state->type = UNWIND_HINT_TYPE_CALL; 2188 } 2189 2190 static int read_unwind_hints(struct objtool_file *file) 2191 { 2192 struct cfi_state cfi = init_cfi; 2193 struct section *sec; 2194 struct unwind_hint *hint; 2195 struct instruction *insn; 2196 struct reloc *reloc; 2197 unsigned long offset; 2198 int i; 2199 2200 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2201 if (!sec) 2202 return 0; 2203 2204 if (!sec->rsec) { 2205 ERROR("missing .rela.discard.unwind_hints section"); 2206 return -1; 2207 } 2208 2209 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2210 ERROR("struct unwind_hint size mismatch"); 2211 return -1; 2212 } 2213 2214 file->hints = true; 2215 2216 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2217 hint = (struct unwind_hint *)sec->data->d_buf + i; 2218 2219 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2220 if (!reloc) { 2221 ERROR("can't find reloc for unwind_hints[%d]", i); 2222 return -1; 2223 } 2224 2225 if (reloc->sym->type == STT_SECTION) { 2226 offset = reloc_addend(reloc); 2227 } else if (reloc->sym->local_label) { 2228 offset = reloc->sym->offset; 2229 } else { 2230 ERROR("unexpected relocation symbol type in %s", sec->rsec->name); 2231 return -1; 2232 } 2233 2234 insn = find_insn(file, reloc->sym->sec, offset); 2235 if (!insn) { 2236 ERROR("can't find insn for unwind_hints[%d]", i); 2237 return -1; 2238 } 2239 2240 insn->hint = true; 2241 2242 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) { 2243 insn->cfi = &force_undefined_cfi; 2244 continue; 2245 } 2246 2247 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2248 insn->hint = false; 2249 insn->save = true; 2250 continue; 2251 } 2252 2253 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2254 insn->restore = true; 2255 continue; 2256 } 2257 2258 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2259 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2260 2261 if (sym && sym->bind == STB_GLOBAL) { 2262 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2263 ERROR_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2264 return -1; 2265 } 2266 } 2267 } 2268 2269 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2270 insn->cfi = &func_cfi; 2271 continue; 2272 } 2273 2274 if (insn->cfi) 2275 cfi = *(insn->cfi); 2276 2277 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2278 ERROR_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2279 return -1; 2280 } 2281 2282 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2283 cfi.type = hint->type; 2284 cfi.signal = hint->signal; 2285 2286 insn->cfi = cfi_hash_find_or_add(&cfi); 2287 } 2288 2289 return 0; 2290 } 2291 2292 static int read_annotate(struct objtool_file *file, 2293 int (*func)(struct objtool_file *file, int type, struct instruction *insn)) 2294 { 2295 struct section *sec; 2296 struct instruction *insn; 2297 struct reloc *reloc; 2298 uint64_t offset; 2299 int type, ret; 2300 2301 sec = find_section_by_name(file->elf, ".discard.annotate_insn"); 2302 if (!sec) 2303 return 0; 2304 2305 if (!sec->rsec) 2306 return 0; 2307 2308 if (sec->sh.sh_entsize != 8) { 2309 static bool warned = false; 2310 if (!warned && opts.verbose) { 2311 WARN("%s: dodgy linker, sh_entsize != 8", sec->name); 2312 warned = true; 2313 } 2314 sec->sh.sh_entsize = 8; 2315 } 2316 2317 for_each_reloc(sec->rsec, reloc) { 2318 type = *(u32 *)(sec->data->d_buf + (reloc_idx(reloc) * sec->sh.sh_entsize) + 4); 2319 2320 offset = reloc->sym->offset + reloc_addend(reloc); 2321 insn = find_insn(file, reloc->sym->sec, offset); 2322 2323 if (!insn) { 2324 ERROR("bad .discard.annotate_insn entry: %d of type %d", reloc_idx(reloc), type); 2325 return -1; 2326 } 2327 2328 ret = func(file, type, insn); 2329 if (ret < 0) 2330 return ret; 2331 } 2332 2333 return 0; 2334 } 2335 2336 static int __annotate_early(struct objtool_file *file, int type, struct instruction *insn) 2337 { 2338 switch (type) { 2339 2340 /* Must be before add_special_section_alts() */ 2341 case ANNOTYPE_IGNORE_ALTS: 2342 insn->ignore_alts = true; 2343 break; 2344 2345 /* 2346 * Must be before read_unwind_hints() since that needs insn->noendbr. 2347 */ 2348 case ANNOTYPE_NOENDBR: 2349 insn->noendbr = 1; 2350 break; 2351 2352 default: 2353 break; 2354 } 2355 2356 return 0; 2357 } 2358 2359 static int __annotate_ifc(struct objtool_file *file, int type, struct instruction *insn) 2360 { 2361 unsigned long dest_off; 2362 2363 if (type != ANNOTYPE_INTRA_FUNCTION_CALL) 2364 return 0; 2365 2366 if (insn->type != INSN_CALL) { 2367 ERROR_INSN(insn, "intra_function_call not a direct call"); 2368 return -1; 2369 } 2370 2371 /* 2372 * Treat intra-function CALLs as JMPs, but with a stack_op. 2373 * See add_call_destinations(), which strips stack_ops from 2374 * normal CALLs. 2375 */ 2376 insn->type = INSN_JUMP_UNCONDITIONAL; 2377 2378 dest_off = arch_jump_destination(insn); 2379 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2380 if (!insn->jump_dest) { 2381 ERROR_INSN(insn, "can't find call dest at %s+0x%lx", 2382 insn->sec->name, dest_off); 2383 return -1; 2384 } 2385 2386 return 0; 2387 } 2388 2389 static int __annotate_late(struct objtool_file *file, int type, struct instruction *insn) 2390 { 2391 switch (type) { 2392 case ANNOTYPE_NOENDBR: 2393 /* early */ 2394 break; 2395 2396 case ANNOTYPE_RETPOLINE_SAFE: 2397 if (insn->type != INSN_JUMP_DYNAMIC && 2398 insn->type != INSN_CALL_DYNAMIC && 2399 insn->type != INSN_RETURN && 2400 insn->type != INSN_NOP) { 2401 ERROR_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2402 return -1; 2403 } 2404 2405 insn->retpoline_safe = true; 2406 break; 2407 2408 case ANNOTYPE_INSTR_BEGIN: 2409 insn->instr++; 2410 break; 2411 2412 case ANNOTYPE_INSTR_END: 2413 insn->instr--; 2414 break; 2415 2416 case ANNOTYPE_UNRET_BEGIN: 2417 insn->unret = 1; 2418 break; 2419 2420 case ANNOTYPE_IGNORE_ALTS: 2421 /* early */ 2422 break; 2423 2424 case ANNOTYPE_INTRA_FUNCTION_CALL: 2425 /* ifc */ 2426 break; 2427 2428 case ANNOTYPE_REACHABLE: 2429 insn->dead_end = false; 2430 break; 2431 2432 default: 2433 ERROR_INSN(insn, "Unknown annotation type: %d", type); 2434 return -1; 2435 } 2436 2437 return 0; 2438 } 2439 2440 /* 2441 * Return true if name matches an instrumentation function, where calls to that 2442 * function from noinstr code can safely be removed, but compilers won't do so. 2443 */ 2444 static bool is_profiling_func(const char *name) 2445 { 2446 /* 2447 * Many compilers cannot disable KCOV with a function attribute. 2448 */ 2449 if (!strncmp(name, "__sanitizer_cov_", 16)) 2450 return true; 2451 2452 /* 2453 * Some compilers currently do not remove __tsan_func_entry/exit nor 2454 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2455 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2456 * minimum Clang version is 14.0, this can be removed. 2457 */ 2458 if (!strncmp(name, "__tsan_func_", 12) || 2459 !strcmp(name, "__tsan_atomic_signal_fence")) 2460 return true; 2461 2462 return false; 2463 } 2464 2465 static int classify_symbols(struct objtool_file *file) 2466 { 2467 struct symbol *func; 2468 2469 for_each_sym(file, func) { 2470 if (func->type == STT_NOTYPE && strstarts(func->name, ".L")) 2471 func->local_label = true; 2472 2473 if (func->bind != STB_GLOBAL) 2474 continue; 2475 2476 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2477 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2478 func->static_call_tramp = true; 2479 2480 if (arch_is_retpoline(func)) 2481 func->retpoline_thunk = true; 2482 2483 if (arch_is_rethunk(func)) 2484 func->return_thunk = true; 2485 2486 if (arch_is_embedded_insn(func)) 2487 func->embedded_insn = true; 2488 2489 if (arch_ftrace_match(func->name)) 2490 func->fentry = true; 2491 2492 if (is_profiling_func(func->name)) 2493 func->profiling_func = true; 2494 } 2495 2496 return 0; 2497 } 2498 2499 static void mark_rodata(struct objtool_file *file) 2500 { 2501 struct section *sec; 2502 bool found = false; 2503 2504 /* 2505 * Search for the following rodata sections, each of which can 2506 * potentially contain jump tables: 2507 * 2508 * - .rodata: can contain GCC switch tables 2509 * - .rodata.<func>: same, if -fdata-sections is being used 2510 * - .data.rel.ro.c_jump_table: contains C annotated jump tables 2511 * 2512 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2513 */ 2514 for_each_sec(file, sec) { 2515 if ((!strncmp(sec->name, ".rodata", 7) && 2516 !strstr(sec->name, ".str1.")) || 2517 !strncmp(sec->name, ".data.rel.ro", 12)) { 2518 sec->rodata = true; 2519 found = true; 2520 } 2521 } 2522 2523 file->rodata = found; 2524 } 2525 2526 static int decode_sections(struct objtool_file *file) 2527 { 2528 int ret; 2529 2530 mark_rodata(file); 2531 2532 ret = init_pv_ops(file); 2533 if (ret) 2534 return ret; 2535 2536 /* 2537 * Must be before add_{jump_call}_destination. 2538 */ 2539 ret = classify_symbols(file); 2540 if (ret) 2541 return ret; 2542 2543 ret = decode_instructions(file); 2544 if (ret) 2545 return ret; 2546 2547 ret = add_ignores(file); 2548 if (ret) 2549 return ret; 2550 2551 add_uaccess_safe(file); 2552 2553 ret = read_annotate(file, __annotate_early); 2554 if (ret) 2555 return ret; 2556 2557 /* 2558 * Must be before add_jump_destinations(), which depends on 'func' 2559 * being set for alternatives, to enable proper sibling call detection. 2560 */ 2561 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) { 2562 ret = add_special_section_alts(file); 2563 if (ret) 2564 return ret; 2565 } 2566 2567 ret = add_jump_destinations(file); 2568 if (ret) 2569 return ret; 2570 2571 /* 2572 * Must be before add_call_destination(); it changes INSN_CALL to 2573 * INSN_JUMP. 2574 */ 2575 ret = read_annotate(file, __annotate_ifc); 2576 if (ret) 2577 return ret; 2578 2579 ret = add_call_destinations(file); 2580 if (ret) 2581 return ret; 2582 2583 ret = add_jump_table_alts(file); 2584 if (ret) 2585 return ret; 2586 2587 ret = read_unwind_hints(file); 2588 if (ret) 2589 return ret; 2590 2591 /* 2592 * Must be after add_call_destinations() such that it can override 2593 * dead_end_function() marks. 2594 */ 2595 ret = read_annotate(file, __annotate_late); 2596 if (ret) 2597 return ret; 2598 2599 return 0; 2600 } 2601 2602 static bool is_special_call(struct instruction *insn) 2603 { 2604 if (insn->type == INSN_CALL) { 2605 struct symbol *dest = insn_call_dest(insn); 2606 2607 if (!dest) 2608 return false; 2609 2610 if (dest->fentry || dest->embedded_insn) 2611 return true; 2612 } 2613 2614 return false; 2615 } 2616 2617 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2618 { 2619 struct cfi_state *cfi = &state->cfi; 2620 int i; 2621 2622 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2623 return true; 2624 2625 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2626 return true; 2627 2628 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2629 return true; 2630 2631 for (i = 0; i < CFI_NUM_REGS; i++) { 2632 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2633 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2634 return true; 2635 } 2636 2637 return false; 2638 } 2639 2640 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2641 int expected_offset) 2642 { 2643 return reg->base == CFI_CFA && 2644 reg->offset == expected_offset; 2645 } 2646 2647 static bool has_valid_stack_frame(struct insn_state *state) 2648 { 2649 struct cfi_state *cfi = &state->cfi; 2650 2651 if (cfi->cfa.base == CFI_BP && 2652 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2653 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2654 return true; 2655 2656 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2657 return true; 2658 2659 return false; 2660 } 2661 2662 static int update_cfi_state_regs(struct instruction *insn, 2663 struct cfi_state *cfi, 2664 struct stack_op *op) 2665 { 2666 struct cfi_reg *cfa = &cfi->cfa; 2667 2668 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2669 return 0; 2670 2671 /* push */ 2672 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2673 cfa->offset += 8; 2674 2675 /* pop */ 2676 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2677 cfa->offset -= 8; 2678 2679 /* add immediate to sp */ 2680 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2681 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2682 cfa->offset -= op->src.offset; 2683 2684 return 0; 2685 } 2686 2687 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2688 { 2689 if (arch_callee_saved_reg(reg) && 2690 cfi->regs[reg].base == CFI_UNDEFINED) { 2691 cfi->regs[reg].base = base; 2692 cfi->regs[reg].offset = offset; 2693 } 2694 } 2695 2696 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2697 { 2698 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2699 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2700 } 2701 2702 /* 2703 * A note about DRAP stack alignment: 2704 * 2705 * GCC has the concept of a DRAP register, which is used to help keep track of 2706 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2707 * register. The typical DRAP pattern is: 2708 * 2709 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2710 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2711 * 41 ff 72 f8 pushq -0x8(%r10) 2712 * 55 push %rbp 2713 * 48 89 e5 mov %rsp,%rbp 2714 * (more pushes) 2715 * 41 52 push %r10 2716 * ... 2717 * 41 5a pop %r10 2718 * (more pops) 2719 * 5d pop %rbp 2720 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2721 * c3 retq 2722 * 2723 * There are some variations in the epilogues, like: 2724 * 2725 * 5b pop %rbx 2726 * 41 5a pop %r10 2727 * 41 5c pop %r12 2728 * 41 5d pop %r13 2729 * 41 5e pop %r14 2730 * c9 leaveq 2731 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2732 * c3 retq 2733 * 2734 * and: 2735 * 2736 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2737 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2738 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2739 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2740 * c9 leaveq 2741 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2742 * c3 retq 2743 * 2744 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2745 * restored beforehand: 2746 * 2747 * 41 55 push %r13 2748 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2749 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2750 * ... 2751 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2752 * 41 5d pop %r13 2753 * c3 retq 2754 */ 2755 static int update_cfi_state(struct instruction *insn, 2756 struct instruction *next_insn, 2757 struct cfi_state *cfi, struct stack_op *op) 2758 { 2759 struct cfi_reg *cfa = &cfi->cfa; 2760 struct cfi_reg *regs = cfi->regs; 2761 2762 /* ignore UNWIND_HINT_UNDEFINED regions */ 2763 if (cfi->force_undefined) 2764 return 0; 2765 2766 /* stack operations don't make sense with an undefined CFA */ 2767 if (cfa->base == CFI_UNDEFINED) { 2768 if (insn_func(insn)) { 2769 WARN_INSN(insn, "undefined stack state"); 2770 return 1; 2771 } 2772 return 0; 2773 } 2774 2775 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2776 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2777 return update_cfi_state_regs(insn, cfi, op); 2778 2779 switch (op->dest.type) { 2780 2781 case OP_DEST_REG: 2782 switch (op->src.type) { 2783 2784 case OP_SRC_REG: 2785 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2786 cfa->base == CFI_SP && 2787 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2788 2789 /* mov %rsp, %rbp */ 2790 cfa->base = op->dest.reg; 2791 cfi->bp_scratch = false; 2792 } 2793 2794 else if (op->src.reg == CFI_SP && 2795 op->dest.reg == CFI_BP && cfi->drap) { 2796 2797 /* drap: mov %rsp, %rbp */ 2798 regs[CFI_BP].base = CFI_BP; 2799 regs[CFI_BP].offset = -cfi->stack_size; 2800 cfi->bp_scratch = false; 2801 } 2802 2803 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2804 2805 /* 2806 * mov %rsp, %reg 2807 * 2808 * This is needed for the rare case where GCC 2809 * does: 2810 * 2811 * mov %rsp, %rax 2812 * ... 2813 * mov %rax, %rsp 2814 */ 2815 cfi->vals[op->dest.reg].base = CFI_CFA; 2816 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2817 } 2818 2819 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2820 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2821 2822 /* 2823 * mov %rbp, %rsp 2824 * 2825 * Restore the original stack pointer (Clang). 2826 */ 2827 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2828 } 2829 2830 else if (op->dest.reg == cfa->base) { 2831 2832 /* mov %reg, %rsp */ 2833 if (cfa->base == CFI_SP && 2834 cfi->vals[op->src.reg].base == CFI_CFA) { 2835 2836 /* 2837 * This is needed for the rare case 2838 * where GCC does something dumb like: 2839 * 2840 * lea 0x8(%rsp), %rcx 2841 * ... 2842 * mov %rcx, %rsp 2843 */ 2844 cfa->offset = -cfi->vals[op->src.reg].offset; 2845 cfi->stack_size = cfa->offset; 2846 2847 } else if (cfa->base == CFI_SP && 2848 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2849 cfi->vals[op->src.reg].offset == cfa->offset) { 2850 2851 /* 2852 * Stack swizzle: 2853 * 2854 * 1: mov %rsp, (%[tos]) 2855 * 2: mov %[tos], %rsp 2856 * ... 2857 * 3: pop %rsp 2858 * 2859 * Where: 2860 * 2861 * 1 - places a pointer to the previous 2862 * stack at the Top-of-Stack of the 2863 * new stack. 2864 * 2865 * 2 - switches to the new stack. 2866 * 2867 * 3 - pops the Top-of-Stack to restore 2868 * the original stack. 2869 * 2870 * Note: we set base to SP_INDIRECT 2871 * here and preserve offset. Therefore 2872 * when the unwinder reaches ToS it 2873 * will dereference SP and then add the 2874 * offset to find the next frame, IOW: 2875 * (%rsp) + offset. 2876 */ 2877 cfa->base = CFI_SP_INDIRECT; 2878 2879 } else { 2880 cfa->base = CFI_UNDEFINED; 2881 cfa->offset = 0; 2882 } 2883 } 2884 2885 else if (op->dest.reg == CFI_SP && 2886 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2887 cfi->vals[op->src.reg].offset == cfa->offset) { 2888 2889 /* 2890 * The same stack swizzle case 2) as above. But 2891 * because we can't change cfa->base, case 3) 2892 * will become a regular POP. Pretend we're a 2893 * PUSH so things don't go unbalanced. 2894 */ 2895 cfi->stack_size += 8; 2896 } 2897 2898 2899 break; 2900 2901 case OP_SRC_ADD: 2902 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2903 2904 /* add imm, %rsp */ 2905 cfi->stack_size -= op->src.offset; 2906 if (cfa->base == CFI_SP) 2907 cfa->offset -= op->src.offset; 2908 break; 2909 } 2910 2911 if (op->dest.reg == CFI_BP && op->src.reg == CFI_SP && 2912 insn->sym->frame_pointer) { 2913 /* addi.d fp,sp,imm on LoongArch */ 2914 if (cfa->base == CFI_SP && cfa->offset == op->src.offset) { 2915 cfa->base = CFI_BP; 2916 cfa->offset = 0; 2917 } 2918 break; 2919 } 2920 2921 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2922 /* addi.d sp,fp,imm on LoongArch */ 2923 if (cfa->base == CFI_BP && cfa->offset == 0) { 2924 if (insn->sym->frame_pointer) { 2925 cfa->base = CFI_SP; 2926 cfa->offset = -op->src.offset; 2927 } 2928 } else { 2929 /* lea disp(%rbp), %rsp */ 2930 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2931 } 2932 break; 2933 } 2934 2935 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2936 2937 /* drap: lea disp(%rsp), %drap */ 2938 cfi->drap_reg = op->dest.reg; 2939 2940 /* 2941 * lea disp(%rsp), %reg 2942 * 2943 * This is needed for the rare case where GCC 2944 * does something dumb like: 2945 * 2946 * lea 0x8(%rsp), %rcx 2947 * ... 2948 * mov %rcx, %rsp 2949 */ 2950 cfi->vals[op->dest.reg].base = CFI_CFA; 2951 cfi->vals[op->dest.reg].offset = \ 2952 -cfi->stack_size + op->src.offset; 2953 2954 break; 2955 } 2956 2957 if (cfi->drap && op->dest.reg == CFI_SP && 2958 op->src.reg == cfi->drap_reg) { 2959 2960 /* drap: lea disp(%drap), %rsp */ 2961 cfa->base = CFI_SP; 2962 cfa->offset = cfi->stack_size = -op->src.offset; 2963 cfi->drap_reg = CFI_UNDEFINED; 2964 cfi->drap = false; 2965 break; 2966 } 2967 2968 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 2969 WARN_INSN(insn, "unsupported stack register modification"); 2970 return -1; 2971 } 2972 2973 break; 2974 2975 case OP_SRC_AND: 2976 if (op->dest.reg != CFI_SP || 2977 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 2978 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 2979 WARN_INSN(insn, "unsupported stack pointer realignment"); 2980 return -1; 2981 } 2982 2983 if (cfi->drap_reg != CFI_UNDEFINED) { 2984 /* drap: and imm, %rsp */ 2985 cfa->base = cfi->drap_reg; 2986 cfa->offset = cfi->stack_size = 0; 2987 cfi->drap = true; 2988 } 2989 2990 /* 2991 * Older versions of GCC (4.8ish) realign the stack 2992 * without DRAP, with a frame pointer. 2993 */ 2994 2995 break; 2996 2997 case OP_SRC_POP: 2998 case OP_SRC_POPF: 2999 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 3000 3001 /* pop %rsp; # restore from a stack swizzle */ 3002 cfa->base = CFI_SP; 3003 break; 3004 } 3005 3006 if (!cfi->drap && op->dest.reg == cfa->base) { 3007 3008 /* pop %rbp */ 3009 cfa->base = CFI_SP; 3010 } 3011 3012 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 3013 op->dest.reg == cfi->drap_reg && 3014 cfi->drap_offset == -cfi->stack_size) { 3015 3016 /* drap: pop %drap */ 3017 cfa->base = cfi->drap_reg; 3018 cfa->offset = 0; 3019 cfi->drap_offset = -1; 3020 3021 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 3022 3023 /* pop %reg */ 3024 restore_reg(cfi, op->dest.reg); 3025 } 3026 3027 cfi->stack_size -= 8; 3028 if (cfa->base == CFI_SP) 3029 cfa->offset -= 8; 3030 3031 break; 3032 3033 case OP_SRC_REG_INDIRECT: 3034 if (!cfi->drap && op->dest.reg == cfa->base && 3035 op->dest.reg == CFI_BP) { 3036 3037 /* mov disp(%rsp), %rbp */ 3038 cfa->base = CFI_SP; 3039 cfa->offset = cfi->stack_size; 3040 } 3041 3042 if (cfi->drap && op->src.reg == CFI_BP && 3043 op->src.offset == cfi->drap_offset) { 3044 3045 /* drap: mov disp(%rbp), %drap */ 3046 cfa->base = cfi->drap_reg; 3047 cfa->offset = 0; 3048 cfi->drap_offset = -1; 3049 } 3050 3051 if (cfi->drap && op->src.reg == CFI_BP && 3052 op->src.offset == regs[op->dest.reg].offset) { 3053 3054 /* drap: mov disp(%rbp), %reg */ 3055 restore_reg(cfi, op->dest.reg); 3056 3057 } else if (op->src.reg == cfa->base && 3058 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3059 3060 /* mov disp(%rbp), %reg */ 3061 /* mov disp(%rsp), %reg */ 3062 restore_reg(cfi, op->dest.reg); 3063 3064 } else if (op->src.reg == CFI_SP && 3065 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3066 3067 /* mov disp(%rsp), %reg */ 3068 restore_reg(cfi, op->dest.reg); 3069 } 3070 3071 break; 3072 3073 default: 3074 WARN_INSN(insn, "unknown stack-related instruction"); 3075 return -1; 3076 } 3077 3078 break; 3079 3080 case OP_DEST_PUSH: 3081 case OP_DEST_PUSHF: 3082 cfi->stack_size += 8; 3083 if (cfa->base == CFI_SP) 3084 cfa->offset += 8; 3085 3086 if (op->src.type != OP_SRC_REG) 3087 break; 3088 3089 if (cfi->drap) { 3090 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3091 3092 /* drap: push %drap */ 3093 cfa->base = CFI_BP_INDIRECT; 3094 cfa->offset = -cfi->stack_size; 3095 3096 /* save drap so we know when to restore it */ 3097 cfi->drap_offset = -cfi->stack_size; 3098 3099 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3100 3101 /* drap: push %rbp */ 3102 cfi->stack_size = 0; 3103 3104 } else { 3105 3106 /* drap: push %reg */ 3107 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3108 } 3109 3110 } else { 3111 3112 /* push %reg */ 3113 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3114 } 3115 3116 /* detect when asm code uses rbp as a scratch register */ 3117 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3118 cfa->base != CFI_BP) 3119 cfi->bp_scratch = true; 3120 break; 3121 3122 case OP_DEST_REG_INDIRECT: 3123 3124 if (cfi->drap) { 3125 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3126 3127 /* drap: mov %drap, disp(%rbp) */ 3128 cfa->base = CFI_BP_INDIRECT; 3129 cfa->offset = op->dest.offset; 3130 3131 /* save drap offset so we know when to restore it */ 3132 cfi->drap_offset = op->dest.offset; 3133 } else { 3134 3135 /* drap: mov reg, disp(%rbp) */ 3136 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3137 } 3138 3139 } else if (op->dest.reg == cfa->base) { 3140 3141 /* mov reg, disp(%rbp) */ 3142 /* mov reg, disp(%rsp) */ 3143 save_reg(cfi, op->src.reg, CFI_CFA, 3144 op->dest.offset - cfi->cfa.offset); 3145 3146 } else if (op->dest.reg == CFI_SP) { 3147 3148 /* mov reg, disp(%rsp) */ 3149 save_reg(cfi, op->src.reg, CFI_CFA, 3150 op->dest.offset - cfi->stack_size); 3151 3152 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3153 3154 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3155 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3156 cfi->vals[op->dest.reg].offset = cfa->offset; 3157 } 3158 3159 break; 3160 3161 case OP_DEST_MEM: 3162 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3163 WARN_INSN(insn, "unknown stack-related memory operation"); 3164 return -1; 3165 } 3166 3167 /* pop mem */ 3168 cfi->stack_size -= 8; 3169 if (cfa->base == CFI_SP) 3170 cfa->offset -= 8; 3171 3172 break; 3173 3174 default: 3175 WARN_INSN(insn, "unknown stack-related instruction"); 3176 return -1; 3177 } 3178 3179 return 0; 3180 } 3181 3182 /* 3183 * The stack layouts of alternatives instructions can sometimes diverge when 3184 * they have stack modifications. That's fine as long as the potential stack 3185 * layouts don't conflict at any given potential instruction boundary. 3186 * 3187 * Flatten the CFIs of the different alternative code streams (both original 3188 * and replacement) into a single shared CFI array which can be used to detect 3189 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3190 */ 3191 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3192 { 3193 struct cfi_state **alt_cfi; 3194 int group_off; 3195 3196 if (!insn->alt_group) 3197 return 0; 3198 3199 if (!insn->cfi) { 3200 WARN("CFI missing"); 3201 return -1; 3202 } 3203 3204 alt_cfi = insn->alt_group->cfi; 3205 group_off = insn->offset - insn->alt_group->first_insn->offset; 3206 3207 if (!alt_cfi[group_off]) { 3208 alt_cfi[group_off] = insn->cfi; 3209 } else { 3210 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3211 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3212 struct instruction *orig = orig_group->first_insn; 3213 WARN_INSN(orig, "stack layout conflict in alternatives: %s", 3214 offstr(insn->sec, insn->offset)); 3215 return -1; 3216 } 3217 } 3218 3219 return 0; 3220 } 3221 3222 static int handle_insn_ops(struct instruction *insn, 3223 struct instruction *next_insn, 3224 struct insn_state *state) 3225 { 3226 struct stack_op *op; 3227 int ret; 3228 3229 for (op = insn->stack_ops; op; op = op->next) { 3230 3231 ret = update_cfi_state(insn, next_insn, &state->cfi, op); 3232 if (ret) 3233 return ret; 3234 3235 if (!opts.uaccess || !insn->alt_group) 3236 continue; 3237 3238 if (op->dest.type == OP_DEST_PUSHF) { 3239 if (!state->uaccess_stack) { 3240 state->uaccess_stack = 1; 3241 } else if (state->uaccess_stack >> 31) { 3242 WARN_INSN(insn, "PUSHF stack exhausted"); 3243 return 1; 3244 } 3245 state->uaccess_stack <<= 1; 3246 state->uaccess_stack |= state->uaccess; 3247 } 3248 3249 if (op->src.type == OP_SRC_POPF) { 3250 if (state->uaccess_stack) { 3251 state->uaccess = state->uaccess_stack & 1; 3252 state->uaccess_stack >>= 1; 3253 if (state->uaccess_stack == 1) 3254 state->uaccess_stack = 0; 3255 } 3256 } 3257 } 3258 3259 return 0; 3260 } 3261 3262 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3263 { 3264 struct cfi_state *cfi1 = insn->cfi; 3265 int i; 3266 3267 if (!cfi1) { 3268 WARN("CFI missing"); 3269 return false; 3270 } 3271 3272 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3273 3274 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3275 cfi1->cfa.base, cfi1->cfa.offset, 3276 cfi2->cfa.base, cfi2->cfa.offset); 3277 return false; 3278 3279 } 3280 3281 if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3282 for (i = 0; i < CFI_NUM_REGS; i++) { 3283 3284 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], sizeof(struct cfi_reg))) 3285 continue; 3286 3287 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3288 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3289 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3290 } 3291 return false; 3292 } 3293 3294 if (cfi1->type != cfi2->type) { 3295 3296 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3297 cfi1->type, cfi2->type); 3298 return false; 3299 } 3300 3301 if (cfi1->drap != cfi2->drap || 3302 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3303 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3304 3305 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3306 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3307 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3308 return false; 3309 } 3310 3311 return true; 3312 } 3313 3314 static inline bool func_uaccess_safe(struct symbol *func) 3315 { 3316 if (func) 3317 return func->uaccess_safe; 3318 3319 return false; 3320 } 3321 3322 static inline const char *call_dest_name(struct instruction *insn) 3323 { 3324 static char pvname[19]; 3325 struct reloc *reloc; 3326 int idx; 3327 3328 if (insn_call_dest(insn)) 3329 return insn_call_dest(insn)->name; 3330 3331 reloc = insn_reloc(NULL, insn); 3332 if (reloc && !strcmp(reloc->sym->name, "pv_ops")) { 3333 idx = (reloc_addend(reloc) / sizeof(void *)); 3334 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3335 return pvname; 3336 } 3337 3338 return "{dynamic}"; 3339 } 3340 3341 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3342 { 3343 struct symbol *target; 3344 struct reloc *reloc; 3345 int idx; 3346 3347 reloc = insn_reloc(file, insn); 3348 if (!reloc || strcmp(reloc->sym->name, "pv_ops")) 3349 return false; 3350 3351 idx = (arch_dest_reloc_offset(reloc_addend(reloc)) / sizeof(void *)); 3352 3353 if (file->pv_ops[idx].clean) 3354 return true; 3355 3356 file->pv_ops[idx].clean = true; 3357 3358 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3359 if (!target->sec->noinstr) { 3360 WARN("pv_ops[%d]: %s", idx, target->name); 3361 file->pv_ops[idx].clean = false; 3362 } 3363 } 3364 3365 return file->pv_ops[idx].clean; 3366 } 3367 3368 static inline bool noinstr_call_dest(struct objtool_file *file, 3369 struct instruction *insn, 3370 struct symbol *func) 3371 { 3372 /* 3373 * We can't deal with indirect function calls at present; 3374 * assume they're instrumented. 3375 */ 3376 if (!func) { 3377 if (file->pv_ops) 3378 return pv_call_dest(file, insn); 3379 3380 return false; 3381 } 3382 3383 /* 3384 * If the symbol is from a noinstr section; we good. 3385 */ 3386 if (func->sec->noinstr) 3387 return true; 3388 3389 /* 3390 * If the symbol is a static_call trampoline, we can't tell. 3391 */ 3392 if (func->static_call_tramp) 3393 return true; 3394 3395 /* 3396 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3397 * something 'BAD' happened. At the risk of taking the machine down, 3398 * let them proceed to get the message out. 3399 */ 3400 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3401 return true; 3402 3403 return false; 3404 } 3405 3406 static int validate_call(struct objtool_file *file, 3407 struct instruction *insn, 3408 struct insn_state *state) 3409 { 3410 if (state->noinstr && state->instr <= 0 && 3411 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3412 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3413 return 1; 3414 } 3415 3416 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3417 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3418 return 1; 3419 } 3420 3421 if (state->df) { 3422 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3423 return 1; 3424 } 3425 3426 return 0; 3427 } 3428 3429 static int validate_sibling_call(struct objtool_file *file, 3430 struct instruction *insn, 3431 struct insn_state *state) 3432 { 3433 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3434 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3435 return 1; 3436 } 3437 3438 return validate_call(file, insn, state); 3439 } 3440 3441 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3442 { 3443 if (state->noinstr && state->instr > 0) { 3444 WARN_INSN(insn, "return with instrumentation enabled"); 3445 return 1; 3446 } 3447 3448 if (state->uaccess && !func_uaccess_safe(func)) { 3449 WARN_INSN(insn, "return with UACCESS enabled"); 3450 return 1; 3451 } 3452 3453 if (!state->uaccess && func_uaccess_safe(func)) { 3454 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3455 return 1; 3456 } 3457 3458 if (state->df) { 3459 WARN_INSN(insn, "return with DF set"); 3460 return 1; 3461 } 3462 3463 if (func && has_modified_stack_frame(insn, state)) { 3464 WARN_INSN(insn, "return with modified stack frame"); 3465 return 1; 3466 } 3467 3468 if (state->cfi.bp_scratch) { 3469 WARN_INSN(insn, "BP used as a scratch register"); 3470 return 1; 3471 } 3472 3473 return 0; 3474 } 3475 3476 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3477 struct instruction *insn) 3478 { 3479 struct alt_group *alt_group = insn->alt_group; 3480 3481 /* 3482 * Simulate the fact that alternatives are patched in-place. When the 3483 * end of a replacement alt_group is reached, redirect objtool flow to 3484 * the end of the original alt_group. 3485 * 3486 * insn->alts->insn -> alt_group->first_insn 3487 * ... 3488 * alt_group->last_insn 3489 * [alt_group->nop] -> next(orig_group->last_insn) 3490 */ 3491 if (alt_group) { 3492 if (alt_group->nop) { 3493 /* ->nop implies ->orig_group */ 3494 if (insn == alt_group->last_insn) 3495 return alt_group->nop; 3496 if (insn == alt_group->nop) 3497 goto next_orig; 3498 } 3499 if (insn == alt_group->last_insn && alt_group->orig_group) 3500 goto next_orig; 3501 } 3502 3503 return next_insn_same_sec(file, insn); 3504 3505 next_orig: 3506 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3507 } 3508 3509 static bool skip_alt_group(struct instruction *insn) 3510 { 3511 struct instruction *alt_insn = insn->alts ? insn->alts->insn : NULL; 3512 3513 /* ANNOTATE_IGNORE_ALTERNATIVE */ 3514 if (insn->alt_group && insn->alt_group->ignore) 3515 return true; 3516 3517 /* 3518 * For NOP patched with CLAC/STAC, only follow the latter to avoid 3519 * impossible code paths combining patched CLAC with unpatched STAC 3520 * or vice versa. 3521 * 3522 * ANNOTATE_IGNORE_ALTERNATIVE could have been used here, but Linus 3523 * requested not to do that to avoid hurting .s file readability 3524 * around CLAC/STAC alternative sites. 3525 */ 3526 3527 if (!alt_insn) 3528 return false; 3529 3530 /* Don't override ASM_{CLAC,STAC}_UNSAFE */ 3531 if (alt_insn->alt_group && alt_insn->alt_group->ignore) 3532 return false; 3533 3534 return alt_insn->type == INSN_CLAC || alt_insn->type == INSN_STAC; 3535 } 3536 3537 /* 3538 * Follow the branch starting at the given instruction, and recursively follow 3539 * any other branches (jumps). Meanwhile, track the frame pointer state at 3540 * each instruction and validate all the rules described in 3541 * tools/objtool/Documentation/objtool.txt. 3542 */ 3543 static int validate_branch(struct objtool_file *file, struct symbol *func, 3544 struct instruction *insn, struct insn_state state) 3545 { 3546 struct alternative *alt; 3547 struct instruction *next_insn, *prev_insn = NULL; 3548 struct section *sec; 3549 u8 visited; 3550 int ret; 3551 3552 if (func && func->ignore) 3553 return 0; 3554 3555 sec = insn->sec; 3556 3557 while (1) { 3558 next_insn = next_insn_to_validate(file, insn); 3559 3560 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3561 /* Ignore KCFI type preambles, which always fall through */ 3562 if (!strncmp(func->name, "__cfi_", 6) || 3563 !strncmp(func->name, "__pfx_", 6)) 3564 return 0; 3565 3566 if (file->ignore_unreachables) 3567 return 0; 3568 3569 WARN("%s() falls through to next function %s()", 3570 func->name, insn_func(insn)->name); 3571 func->warned = 1; 3572 3573 return 1; 3574 } 3575 3576 visited = VISITED_BRANCH << state.uaccess; 3577 if (insn->visited & VISITED_BRANCH_MASK) { 3578 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3579 return 1; 3580 3581 if (insn->visited & visited) 3582 return 0; 3583 } else { 3584 nr_insns_visited++; 3585 } 3586 3587 if (state.noinstr) 3588 state.instr += insn->instr; 3589 3590 if (insn->hint) { 3591 if (insn->restore) { 3592 struct instruction *save_insn, *i; 3593 3594 i = insn; 3595 save_insn = NULL; 3596 3597 sym_for_each_insn_continue_reverse(file, func, i) { 3598 if (i->save) { 3599 save_insn = i; 3600 break; 3601 } 3602 } 3603 3604 if (!save_insn) { 3605 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3606 return 1; 3607 } 3608 3609 if (!save_insn->visited) { 3610 /* 3611 * If the restore hint insn is at the 3612 * beginning of a basic block and was 3613 * branched to from elsewhere, and the 3614 * save insn hasn't been visited yet, 3615 * defer following this branch for now. 3616 * It will be seen later via the 3617 * straight-line path. 3618 */ 3619 if (!prev_insn) 3620 return 0; 3621 3622 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3623 return 1; 3624 } 3625 3626 insn->cfi = save_insn->cfi; 3627 nr_cfi_reused++; 3628 } 3629 3630 state.cfi = *insn->cfi; 3631 } else { 3632 /* XXX track if we actually changed state.cfi */ 3633 3634 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3635 insn->cfi = prev_insn->cfi; 3636 nr_cfi_reused++; 3637 } else { 3638 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3639 } 3640 } 3641 3642 insn->visited |= visited; 3643 3644 if (propagate_alt_cfi(file, insn)) 3645 return 1; 3646 3647 if (insn->alts) { 3648 for (alt = insn->alts; alt; alt = alt->next) { 3649 ret = validate_branch(file, func, alt->insn, state); 3650 if (ret) { 3651 BT_INSN(insn, "(alt)"); 3652 return ret; 3653 } 3654 } 3655 } 3656 3657 if (skip_alt_group(insn)) 3658 return 0; 3659 3660 if (handle_insn_ops(insn, next_insn, &state)) 3661 return 1; 3662 3663 switch (insn->type) { 3664 3665 case INSN_RETURN: 3666 return validate_return(func, insn, &state); 3667 3668 case INSN_CALL: 3669 case INSN_CALL_DYNAMIC: 3670 ret = validate_call(file, insn, &state); 3671 if (ret) 3672 return ret; 3673 3674 if (opts.stackval && func && !is_special_call(insn) && 3675 !has_valid_stack_frame(&state)) { 3676 WARN_INSN(insn, "call without frame pointer save/setup"); 3677 return 1; 3678 } 3679 3680 break; 3681 3682 case INSN_JUMP_CONDITIONAL: 3683 case INSN_JUMP_UNCONDITIONAL: 3684 if (is_sibling_call(insn)) { 3685 ret = validate_sibling_call(file, insn, &state); 3686 if (ret) 3687 return ret; 3688 3689 } else if (insn->jump_dest) { 3690 ret = validate_branch(file, func, 3691 insn->jump_dest, state); 3692 if (ret) { 3693 BT_INSN(insn, "(branch)"); 3694 return ret; 3695 } 3696 } 3697 3698 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3699 return 0; 3700 3701 break; 3702 3703 case INSN_JUMP_DYNAMIC: 3704 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3705 if (is_sibling_call(insn)) { 3706 ret = validate_sibling_call(file, insn, &state); 3707 if (ret) 3708 return ret; 3709 } 3710 3711 if (insn->type == INSN_JUMP_DYNAMIC) 3712 return 0; 3713 3714 break; 3715 3716 case INSN_SYSCALL: 3717 if (func && (!next_insn || !next_insn->hint)) { 3718 WARN_INSN(insn, "unsupported instruction in callable function"); 3719 return 1; 3720 } 3721 3722 break; 3723 3724 case INSN_SYSRET: 3725 if (func && (!next_insn || !next_insn->hint)) { 3726 WARN_INSN(insn, "unsupported instruction in callable function"); 3727 return 1; 3728 } 3729 3730 return 0; 3731 3732 case INSN_STAC: 3733 if (!opts.uaccess) 3734 break; 3735 3736 if (state.uaccess) { 3737 WARN_INSN(insn, "recursive UACCESS enable"); 3738 return 1; 3739 } 3740 3741 state.uaccess = true; 3742 break; 3743 3744 case INSN_CLAC: 3745 if (!opts.uaccess) 3746 break; 3747 3748 if (!state.uaccess && func) { 3749 WARN_INSN(insn, "redundant UACCESS disable"); 3750 return 1; 3751 } 3752 3753 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3754 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3755 return 1; 3756 } 3757 3758 state.uaccess = false; 3759 break; 3760 3761 case INSN_STD: 3762 if (state.df) { 3763 WARN_INSN(insn, "recursive STD"); 3764 return 1; 3765 } 3766 3767 state.df = true; 3768 break; 3769 3770 case INSN_CLD: 3771 if (!state.df && func) { 3772 WARN_INSN(insn, "redundant CLD"); 3773 return 1; 3774 } 3775 3776 state.df = false; 3777 break; 3778 3779 default: 3780 break; 3781 } 3782 3783 if (insn->dead_end) 3784 return 0; 3785 3786 if (!next_insn) { 3787 if (state.cfi.cfa.base == CFI_UNDEFINED) 3788 return 0; 3789 if (file->ignore_unreachables) 3790 return 0; 3791 3792 WARN("%s%sunexpected end of section %s", 3793 func ? func->name : "", func ? "(): " : "", 3794 sec->name); 3795 return 1; 3796 } 3797 3798 prev_insn = insn; 3799 insn = next_insn; 3800 } 3801 3802 return 0; 3803 } 3804 3805 static int validate_unwind_hint(struct objtool_file *file, 3806 struct instruction *insn, 3807 struct insn_state *state) 3808 { 3809 if (insn->hint && !insn->visited) { 3810 int ret = validate_branch(file, insn_func(insn), insn, *state); 3811 if (ret) 3812 BT_INSN(insn, "<=== (hint)"); 3813 return ret; 3814 } 3815 3816 return 0; 3817 } 3818 3819 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3820 { 3821 struct instruction *insn; 3822 struct insn_state state; 3823 int warnings = 0; 3824 3825 if (!file->hints) 3826 return 0; 3827 3828 init_insn_state(file, &state, sec); 3829 3830 if (sec) { 3831 sec_for_each_insn(file, sec, insn) 3832 warnings += validate_unwind_hint(file, insn, &state); 3833 } else { 3834 for_each_insn(file, insn) 3835 warnings += validate_unwind_hint(file, insn, &state); 3836 } 3837 3838 return warnings; 3839 } 3840 3841 /* 3842 * Validate rethunk entry constraint: must untrain RET before the first RET. 3843 * 3844 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 3845 * before an actual RET instruction. 3846 */ 3847 static int validate_unret(struct objtool_file *file, struct instruction *insn) 3848 { 3849 struct instruction *next, *dest; 3850 int ret; 3851 3852 for (;;) { 3853 next = next_insn_to_validate(file, insn); 3854 3855 if (insn->visited & VISITED_UNRET) 3856 return 0; 3857 3858 insn->visited |= VISITED_UNRET; 3859 3860 if (insn->alts) { 3861 struct alternative *alt; 3862 for (alt = insn->alts; alt; alt = alt->next) { 3863 ret = validate_unret(file, alt->insn); 3864 if (ret) { 3865 BT_INSN(insn, "(alt)"); 3866 return ret; 3867 } 3868 } 3869 } 3870 3871 switch (insn->type) { 3872 3873 case INSN_CALL_DYNAMIC: 3874 case INSN_JUMP_DYNAMIC: 3875 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3876 WARN_INSN(insn, "early indirect call"); 3877 return 1; 3878 3879 case INSN_JUMP_UNCONDITIONAL: 3880 case INSN_JUMP_CONDITIONAL: 3881 if (!is_sibling_call(insn)) { 3882 if (!insn->jump_dest) { 3883 WARN_INSN(insn, "unresolved jump target after linking?!?"); 3884 return 1; 3885 } 3886 ret = validate_unret(file, insn->jump_dest); 3887 if (ret) { 3888 BT_INSN(insn, "(branch%s)", 3889 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3890 return ret; 3891 } 3892 3893 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3894 return 0; 3895 3896 break; 3897 } 3898 3899 /* fallthrough */ 3900 case INSN_CALL: 3901 dest = find_insn(file, insn_call_dest(insn)->sec, 3902 insn_call_dest(insn)->offset); 3903 if (!dest) { 3904 WARN("Unresolved function after linking!?: %s", 3905 insn_call_dest(insn)->name); 3906 return 1; 3907 } 3908 3909 ret = validate_unret(file, dest); 3910 if (ret) { 3911 BT_INSN(insn, "(call)"); 3912 return ret; 3913 } 3914 /* 3915 * If a call returns without error, it must have seen UNTRAIN_RET. 3916 * Therefore any non-error return is a success. 3917 */ 3918 return 0; 3919 3920 case INSN_RETURN: 3921 WARN_INSN(insn, "RET before UNTRAIN"); 3922 return 1; 3923 3924 case INSN_SYSCALL: 3925 break; 3926 3927 case INSN_SYSRET: 3928 return 0; 3929 3930 case INSN_NOP: 3931 if (insn->retpoline_safe) 3932 return 0; 3933 break; 3934 3935 default: 3936 break; 3937 } 3938 3939 if (insn->dead_end) 3940 return 0; 3941 3942 if (!next) { 3943 WARN_INSN(insn, "teh end!"); 3944 return 1; 3945 } 3946 insn = next; 3947 } 3948 3949 return 0; 3950 } 3951 3952 /* 3953 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 3954 * VALIDATE_UNRET_END before RET. 3955 */ 3956 static int validate_unrets(struct objtool_file *file) 3957 { 3958 struct instruction *insn; 3959 int warnings = 0; 3960 3961 for_each_insn(file, insn) { 3962 if (!insn->unret) 3963 continue; 3964 3965 warnings += validate_unret(file, insn); 3966 } 3967 3968 return warnings; 3969 } 3970 3971 static int validate_retpoline(struct objtool_file *file) 3972 { 3973 struct instruction *insn; 3974 int warnings = 0; 3975 3976 for_each_insn(file, insn) { 3977 if (insn->type != INSN_JUMP_DYNAMIC && 3978 insn->type != INSN_CALL_DYNAMIC && 3979 insn->type != INSN_RETURN) 3980 continue; 3981 3982 if (insn->retpoline_safe) 3983 continue; 3984 3985 if (insn->sec->init) 3986 continue; 3987 3988 if (insn->type == INSN_RETURN) { 3989 if (opts.rethunk) { 3990 WARN_INSN(insn, "'naked' return found in MITIGATION_RETHUNK build"); 3991 warnings++; 3992 } 3993 continue; 3994 } 3995 3996 WARN_INSN(insn, "indirect %s found in MITIGATION_RETPOLINE build", 3997 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3998 warnings++; 3999 } 4000 4001 return warnings; 4002 } 4003 4004 static bool is_kasan_insn(struct instruction *insn) 4005 { 4006 return (insn->type == INSN_CALL && 4007 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 4008 } 4009 4010 static bool is_ubsan_insn(struct instruction *insn) 4011 { 4012 return (insn->type == INSN_CALL && 4013 !strcmp(insn_call_dest(insn)->name, 4014 "__ubsan_handle_builtin_unreachable")); 4015 } 4016 4017 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 4018 { 4019 struct symbol *func = insn_func(insn); 4020 struct instruction *prev_insn; 4021 int i; 4022 4023 if (insn->type == INSN_NOP || insn->type == INSN_TRAP || (func && func->ignore)) 4024 return true; 4025 4026 /* 4027 * Ignore alternative replacement instructions. This can happen 4028 * when a whitelisted function uses one of the ALTERNATIVE macros. 4029 */ 4030 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 4031 !strcmp(insn->sec->name, ".altinstr_aux")) 4032 return true; 4033 4034 /* 4035 * Whole archive runs might encounter dead code from weak symbols. 4036 * This is where the linker will have dropped the weak symbol in 4037 * favour of a regular symbol, but leaves the code in place. 4038 * 4039 * In this case we'll find a piece of code (whole function) that is not 4040 * covered by a !section symbol. Ignore them. 4041 */ 4042 if (opts.link && !func) { 4043 int size = find_symbol_hole_containing(insn->sec, insn->offset); 4044 unsigned long end = insn->offset + size; 4045 4046 if (!size) /* not a hole */ 4047 return false; 4048 4049 if (size < 0) /* hole until the end */ 4050 return true; 4051 4052 sec_for_each_insn_continue(file, insn) { 4053 /* 4054 * If we reach a visited instruction at or before the 4055 * end of the hole, ignore the unreachable. 4056 */ 4057 if (insn->visited) 4058 return true; 4059 4060 if (insn->offset >= end) 4061 break; 4062 4063 /* 4064 * If this hole jumps to a .cold function, mark it ignore too. 4065 */ 4066 if (insn->jump_dest && insn_func(insn->jump_dest) && 4067 strstr(insn_func(insn->jump_dest)->name, ".cold")) { 4068 insn_func(insn->jump_dest)->ignore = true; 4069 } 4070 } 4071 4072 return false; 4073 } 4074 4075 if (!func) 4076 return false; 4077 4078 if (func->static_call_tramp) 4079 return true; 4080 4081 /* 4082 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4083 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4084 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4085 * (or occasionally a JMP to UD2). 4086 * 4087 * It may also insert a UD2 after calling a __noreturn function. 4088 */ 4089 prev_insn = prev_insn_same_sec(file, insn); 4090 if (prev_insn && prev_insn->dead_end && 4091 (insn->type == INSN_BUG || 4092 (insn->type == INSN_JUMP_UNCONDITIONAL && 4093 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4094 return true; 4095 4096 /* 4097 * Check if this (or a subsequent) instruction is related to 4098 * CONFIG_UBSAN or CONFIG_KASAN. 4099 * 4100 * End the search at 5 instructions to avoid going into the weeds. 4101 */ 4102 for (i = 0; i < 5; i++) { 4103 4104 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4105 return true; 4106 4107 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4108 if (insn->jump_dest && 4109 insn_func(insn->jump_dest) == func) { 4110 insn = insn->jump_dest; 4111 continue; 4112 } 4113 4114 break; 4115 } 4116 4117 if (insn->offset + insn->len >= func->offset + func->len) 4118 break; 4119 4120 insn = next_insn_same_sec(file, insn); 4121 } 4122 4123 return false; 4124 } 4125 4126 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func) 4127 { 4128 struct instruction *insn, *prev; 4129 struct cfi_state *cfi; 4130 4131 insn = find_insn(file, func->sec, func->offset); 4132 if (!insn) 4133 return -1; 4134 4135 for (prev = prev_insn_same_sec(file, insn); 4136 prev; 4137 prev = prev_insn_same_sec(file, prev)) { 4138 u64 offset; 4139 4140 if (prev->type != INSN_NOP) 4141 return -1; 4142 4143 offset = func->offset - prev->offset; 4144 4145 if (offset > opts.prefix) 4146 return -1; 4147 4148 if (offset < opts.prefix) 4149 continue; 4150 4151 elf_create_prefix_symbol(file->elf, func, opts.prefix); 4152 break; 4153 } 4154 4155 if (!prev) 4156 return -1; 4157 4158 if (!insn->cfi) { 4159 /* 4160 * This can happen if stack validation isn't enabled or the 4161 * function is annotated with STACK_FRAME_NON_STANDARD. 4162 */ 4163 return 0; 4164 } 4165 4166 /* Propagate insn->cfi to the prefix code */ 4167 cfi = cfi_hash_find_or_add(insn->cfi); 4168 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4169 prev->cfi = cfi; 4170 4171 return 0; 4172 } 4173 4174 static int add_prefix_symbols(struct objtool_file *file) 4175 { 4176 struct section *sec; 4177 struct symbol *func; 4178 4179 for_each_sec(file, sec) { 4180 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4181 continue; 4182 4183 sec_for_each_sym(sec, func) { 4184 if (func->type != STT_FUNC) 4185 continue; 4186 4187 add_prefix_symbol(file, func); 4188 } 4189 } 4190 4191 return 0; 4192 } 4193 4194 static int validate_symbol(struct objtool_file *file, struct section *sec, 4195 struct symbol *sym, struct insn_state *state) 4196 { 4197 struct instruction *insn; 4198 int ret; 4199 4200 if (!sym->len) { 4201 WARN("%s() is missing an ELF size annotation", sym->name); 4202 return 1; 4203 } 4204 4205 if (sym->pfunc != sym || sym->alias != sym) 4206 return 0; 4207 4208 insn = find_insn(file, sec, sym->offset); 4209 if (!insn || insn->visited) 4210 return 0; 4211 4212 if (opts.uaccess) 4213 state->uaccess = sym->uaccess_safe; 4214 4215 ret = validate_branch(file, insn_func(insn), insn, *state); 4216 if (ret) 4217 BT_INSN(insn, "<=== (sym)"); 4218 return ret; 4219 } 4220 4221 static int validate_section(struct objtool_file *file, struct section *sec) 4222 { 4223 struct insn_state state; 4224 struct symbol *func; 4225 int warnings = 0; 4226 4227 sec_for_each_sym(sec, func) { 4228 if (func->type != STT_FUNC) 4229 continue; 4230 4231 init_insn_state(file, &state, sec); 4232 set_func_state(&state.cfi); 4233 4234 warnings += validate_symbol(file, sec, func, &state); 4235 } 4236 4237 return warnings; 4238 } 4239 4240 static int validate_noinstr_sections(struct objtool_file *file) 4241 { 4242 struct section *sec; 4243 int warnings = 0; 4244 4245 sec = find_section_by_name(file->elf, ".noinstr.text"); 4246 if (sec) { 4247 warnings += validate_section(file, sec); 4248 warnings += validate_unwind_hints(file, sec); 4249 } 4250 4251 sec = find_section_by_name(file->elf, ".entry.text"); 4252 if (sec) { 4253 warnings += validate_section(file, sec); 4254 warnings += validate_unwind_hints(file, sec); 4255 } 4256 4257 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4258 if (sec) { 4259 warnings += validate_section(file, sec); 4260 warnings += validate_unwind_hints(file, sec); 4261 } 4262 4263 return warnings; 4264 } 4265 4266 static int validate_functions(struct objtool_file *file) 4267 { 4268 struct section *sec; 4269 int warnings = 0; 4270 4271 for_each_sec(file, sec) { 4272 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4273 continue; 4274 4275 warnings += validate_section(file, sec); 4276 } 4277 4278 return warnings; 4279 } 4280 4281 static void mark_endbr_used(struct instruction *insn) 4282 { 4283 if (!list_empty(&insn->call_node)) 4284 list_del_init(&insn->call_node); 4285 } 4286 4287 static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4288 { 4289 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4290 struct instruction *first; 4291 4292 if (!sym) 4293 return false; 4294 4295 first = find_insn(file, sym->sec, sym->offset); 4296 if (!first) 4297 return false; 4298 4299 if (first->type != INSN_ENDBR && !first->noendbr) 4300 return false; 4301 4302 return insn->offset == sym->offset + sym->len; 4303 } 4304 4305 static int __validate_ibt_insn(struct objtool_file *file, struct instruction *insn, 4306 struct instruction *dest) 4307 { 4308 if (dest->type == INSN_ENDBR) { 4309 mark_endbr_used(dest); 4310 return 0; 4311 } 4312 4313 if (insn_func(dest) && insn_func(insn) && 4314 insn_func(dest)->pfunc == insn_func(insn)->pfunc) { 4315 /* 4316 * Anything from->to self is either _THIS_IP_ or 4317 * IRET-to-self. 4318 * 4319 * There is no sane way to annotate _THIS_IP_ since the 4320 * compiler treats the relocation as a constant and is 4321 * happy to fold in offsets, skewing any annotation we 4322 * do, leading to vast amounts of false-positives. 4323 * 4324 * There's also compiler generated _THIS_IP_ through 4325 * KCOV and such which we have no hope of annotating. 4326 * 4327 * As such, blanket accept self-references without 4328 * issue. 4329 */ 4330 return 0; 4331 } 4332 4333 /* 4334 * Accept anything ANNOTATE_NOENDBR. 4335 */ 4336 if (dest->noendbr) 4337 return 0; 4338 4339 /* 4340 * Accept if this is the instruction after a symbol 4341 * that is (no)endbr -- typical code-range usage. 4342 */ 4343 if (noendbr_range(file, dest)) 4344 return 0; 4345 4346 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4347 return 1; 4348 } 4349 4350 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4351 { 4352 struct instruction *dest; 4353 struct reloc *reloc; 4354 unsigned long off; 4355 int warnings = 0; 4356 4357 /* 4358 * Looking for function pointer load relocations. Ignore 4359 * direct/indirect branches: 4360 */ 4361 switch (insn->type) { 4362 4363 case INSN_CALL: 4364 case INSN_CALL_DYNAMIC: 4365 case INSN_JUMP_CONDITIONAL: 4366 case INSN_JUMP_UNCONDITIONAL: 4367 case INSN_JUMP_DYNAMIC: 4368 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4369 case INSN_RETURN: 4370 case INSN_NOP: 4371 return 0; 4372 4373 case INSN_LEA_RIP: 4374 if (!insn_reloc(file, insn)) { 4375 /* local function pointer reference without reloc */ 4376 4377 off = arch_jump_destination(insn); 4378 4379 dest = find_insn(file, insn->sec, off); 4380 if (!dest) { 4381 WARN_INSN(insn, "corrupt function pointer reference"); 4382 return 1; 4383 } 4384 4385 return __validate_ibt_insn(file, insn, dest); 4386 } 4387 break; 4388 4389 default: 4390 break; 4391 } 4392 4393 for (reloc = insn_reloc(file, insn); 4394 reloc; 4395 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4396 reloc_offset(reloc) + 1, 4397 (insn->offset + insn->len) - (reloc_offset(reloc) + 1))) { 4398 4399 off = reloc->sym->offset; 4400 if (reloc_type(reloc) == R_X86_64_PC32 || 4401 reloc_type(reloc) == R_X86_64_PLT32) 4402 off += arch_dest_reloc_offset(reloc_addend(reloc)); 4403 else 4404 off += reloc_addend(reloc); 4405 4406 dest = find_insn(file, reloc->sym->sec, off); 4407 if (!dest) 4408 continue; 4409 4410 warnings += __validate_ibt_insn(file, insn, dest); 4411 } 4412 4413 return warnings; 4414 } 4415 4416 static int validate_ibt_data_reloc(struct objtool_file *file, 4417 struct reloc *reloc) 4418 { 4419 struct instruction *dest; 4420 4421 dest = find_insn(file, reloc->sym->sec, 4422 reloc->sym->offset + reloc_addend(reloc)); 4423 if (!dest) 4424 return 0; 4425 4426 if (dest->type == INSN_ENDBR) { 4427 mark_endbr_used(dest); 4428 return 0; 4429 } 4430 4431 if (dest->noendbr) 4432 return 0; 4433 4434 WARN_FUNC(reloc->sec->base, reloc_offset(reloc), 4435 "data relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4436 4437 return 1; 4438 } 4439 4440 /* 4441 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4442 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4443 * NOPs) later, in create_ibt_endbr_seal_sections(). 4444 */ 4445 static int validate_ibt(struct objtool_file *file) 4446 { 4447 struct section *sec; 4448 struct reloc *reloc; 4449 struct instruction *insn; 4450 int warnings = 0; 4451 4452 for_each_insn(file, insn) 4453 warnings += validate_ibt_insn(file, insn); 4454 4455 for_each_sec(file, sec) { 4456 4457 /* Already done by validate_ibt_insn() */ 4458 if (sec->sh.sh_flags & SHF_EXECINSTR) 4459 continue; 4460 4461 if (!sec->rsec) 4462 continue; 4463 4464 /* 4465 * These sections can reference text addresses, but not with 4466 * the intent to indirect branch to them. 4467 */ 4468 if ((!strncmp(sec->name, ".discard", 8) && 4469 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4470 !strncmp(sec->name, ".debug", 6) || 4471 !strcmp(sec->name, ".altinstructions") || 4472 !strcmp(sec->name, ".ibt_endbr_seal") || 4473 !strcmp(sec->name, ".orc_unwind_ip") || 4474 !strcmp(sec->name, ".parainstructions") || 4475 !strcmp(sec->name, ".retpoline_sites") || 4476 !strcmp(sec->name, ".smp_locks") || 4477 !strcmp(sec->name, ".static_call_sites") || 4478 !strcmp(sec->name, "_error_injection_whitelist") || 4479 !strcmp(sec->name, "_kprobe_blacklist") || 4480 !strcmp(sec->name, "__bug_table") || 4481 !strcmp(sec->name, "__ex_table") || 4482 !strcmp(sec->name, "__jump_table") || 4483 !strcmp(sec->name, "__mcount_loc") || 4484 !strcmp(sec->name, ".kcfi_traps") || 4485 !strcmp(sec->name, ".llvm.call-graph-profile") || 4486 !strcmp(sec->name, ".llvm_bb_addr_map") || 4487 !strcmp(sec->name, "__tracepoints") || 4488 strstr(sec->name, "__patchable_function_entries")) 4489 continue; 4490 4491 for_each_reloc(sec->rsec, reloc) 4492 warnings += validate_ibt_data_reloc(file, reloc); 4493 } 4494 4495 return warnings; 4496 } 4497 4498 static int validate_sls(struct objtool_file *file) 4499 { 4500 struct instruction *insn, *next_insn; 4501 int warnings = 0; 4502 4503 for_each_insn(file, insn) { 4504 next_insn = next_insn_same_sec(file, insn); 4505 4506 if (insn->retpoline_safe) 4507 continue; 4508 4509 switch (insn->type) { 4510 case INSN_RETURN: 4511 if (!next_insn || next_insn->type != INSN_TRAP) { 4512 WARN_INSN(insn, "missing int3 after ret"); 4513 warnings++; 4514 } 4515 4516 break; 4517 case INSN_JUMP_DYNAMIC: 4518 if (!next_insn || next_insn->type != INSN_TRAP) { 4519 WARN_INSN(insn, "missing int3 after indirect jump"); 4520 warnings++; 4521 } 4522 break; 4523 default: 4524 break; 4525 } 4526 } 4527 4528 return warnings; 4529 } 4530 4531 static int validate_reachable_instructions(struct objtool_file *file) 4532 { 4533 struct instruction *insn, *prev_insn; 4534 struct symbol *call_dest; 4535 int warnings = 0; 4536 4537 if (file->ignore_unreachables) 4538 return 0; 4539 4540 for_each_insn(file, insn) { 4541 if (insn->visited || ignore_unreachable_insn(file, insn)) 4542 continue; 4543 4544 prev_insn = prev_insn_same_sec(file, insn); 4545 if (prev_insn && prev_insn->dead_end) { 4546 call_dest = insn_call_dest(prev_insn); 4547 if (call_dest) { 4548 WARN_INSN(insn, "%s() missing __noreturn in .c/.h or NORETURN() in noreturns.h", 4549 call_dest->name); 4550 warnings++; 4551 continue; 4552 } 4553 } 4554 4555 WARN_INSN(insn, "unreachable instruction"); 4556 warnings++; 4557 } 4558 4559 return warnings; 4560 } 4561 4562 /* 'funcs' is a space-separated list of function names */ 4563 static void disas_funcs(const char *funcs) 4564 { 4565 const char *objdump_str, *cross_compile; 4566 int size, ret; 4567 char *cmd; 4568 4569 cross_compile = getenv("CROSS_COMPILE"); 4570 if (!cross_compile) 4571 cross_compile = ""; 4572 4573 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '" 4574 "BEGIN { split(_funcs, funcs); }" 4575 "/^$/ { func_match = 0; }" 4576 "/<.*>:/ { " 4577 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);" 4578 "for (i in funcs) {" 4579 "if (funcs[i] == f) {" 4580 "func_match = 1;" 4581 "base = strtonum(\"0x\" $1);" 4582 "break;" 4583 "}" 4584 "}" 4585 "}" 4586 "{" 4587 "if (func_match) {" 4588 "addr = strtonum(\"0x\" $1);" 4589 "printf(\"%%04x \", addr - base);" 4590 "print;" 4591 "}" 4592 "}' 1>&2"; 4593 4594 /* fake snprintf() to calculate the size */ 4595 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1; 4596 if (size <= 0) { 4597 WARN("objdump string size calculation failed"); 4598 return; 4599 } 4600 4601 cmd = malloc(size); 4602 4603 /* real snprintf() */ 4604 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs); 4605 ret = system(cmd); 4606 if (ret) { 4607 WARN("disassembly failed: %d", ret); 4608 return; 4609 } 4610 } 4611 4612 static void disas_warned_funcs(struct objtool_file *file) 4613 { 4614 struct symbol *sym; 4615 char *funcs = NULL, *tmp; 4616 4617 for_each_sym(file, sym) { 4618 if (sym->warned) { 4619 if (!funcs) { 4620 funcs = malloc(strlen(sym->name) + 1); 4621 if (!funcs) { 4622 ERROR_GLIBC("malloc"); 4623 return; 4624 } 4625 strcpy(funcs, sym->name); 4626 } else { 4627 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2); 4628 if (!tmp) { 4629 ERROR_GLIBC("malloc"); 4630 return; 4631 } 4632 sprintf(tmp, "%s %s", funcs, sym->name); 4633 free(funcs); 4634 funcs = tmp; 4635 } 4636 } 4637 } 4638 4639 if (funcs) 4640 disas_funcs(funcs); 4641 } 4642 4643 struct insn_chunk { 4644 void *addr; 4645 struct insn_chunk *next; 4646 }; 4647 4648 /* 4649 * Reduce peak RSS usage by freeing insns memory before writing the ELF file, 4650 * which can trigger more allocations for .debug_* sections whose data hasn't 4651 * been read yet. 4652 */ 4653 static void free_insns(struct objtool_file *file) 4654 { 4655 struct instruction *insn; 4656 struct insn_chunk *chunks = NULL, *chunk; 4657 4658 for_each_insn(file, insn) { 4659 if (!insn->idx) { 4660 chunk = malloc(sizeof(*chunk)); 4661 chunk->addr = insn; 4662 chunk->next = chunks; 4663 chunks = chunk; 4664 } 4665 } 4666 4667 for (chunk = chunks; chunk; chunk = chunk->next) 4668 free(chunk->addr); 4669 } 4670 4671 int check(struct objtool_file *file) 4672 { 4673 int ret = 0, warnings = 0; 4674 4675 arch_initial_func_cfi_state(&initial_func_cfi); 4676 init_cfi_state(&init_cfi); 4677 init_cfi_state(&func_cfi); 4678 set_func_state(&func_cfi); 4679 init_cfi_state(&force_undefined_cfi); 4680 force_undefined_cfi.force_undefined = true; 4681 4682 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) { 4683 ret = -1; 4684 goto out; 4685 } 4686 4687 cfi_hash_add(&init_cfi); 4688 cfi_hash_add(&func_cfi); 4689 4690 ret = decode_sections(file); 4691 if (ret) 4692 goto out; 4693 4694 if (!nr_insns) 4695 goto out; 4696 4697 if (opts.retpoline) 4698 warnings += validate_retpoline(file); 4699 4700 if (opts.stackval || opts.orc || opts.uaccess) { 4701 int w = 0; 4702 4703 w += validate_functions(file); 4704 w += validate_unwind_hints(file, NULL); 4705 if (!w) 4706 w += validate_reachable_instructions(file); 4707 4708 warnings += w; 4709 4710 } else if (opts.noinstr) { 4711 warnings += validate_noinstr_sections(file); 4712 } 4713 4714 if (opts.unret) { 4715 /* 4716 * Must be after validate_branch() and friends, it plays 4717 * further games with insn->visited. 4718 */ 4719 warnings += validate_unrets(file); 4720 } 4721 4722 if (opts.ibt) 4723 warnings += validate_ibt(file); 4724 4725 if (opts.sls) 4726 warnings += validate_sls(file); 4727 4728 if (opts.static_call) { 4729 ret = create_static_call_sections(file); 4730 if (ret) 4731 goto out; 4732 } 4733 4734 if (opts.retpoline) { 4735 ret = create_retpoline_sites_sections(file); 4736 if (ret) 4737 goto out; 4738 } 4739 4740 if (opts.cfi) { 4741 ret = create_cfi_sections(file); 4742 if (ret) 4743 goto out; 4744 } 4745 4746 if (opts.rethunk) { 4747 ret = create_return_sites_sections(file); 4748 if (ret) 4749 goto out; 4750 4751 if (opts.hack_skylake) { 4752 ret = create_direct_call_sections(file); 4753 if (ret) 4754 goto out; 4755 } 4756 } 4757 4758 if (opts.mcount) { 4759 ret = create_mcount_loc_sections(file); 4760 if (ret) 4761 goto out; 4762 } 4763 4764 if (opts.prefix) { 4765 ret = add_prefix_symbols(file); 4766 if (ret) 4767 goto out; 4768 } 4769 4770 if (opts.ibt) { 4771 ret = create_ibt_endbr_seal_sections(file); 4772 if (ret) 4773 goto out; 4774 } 4775 4776 if (opts.orc && nr_insns) { 4777 ret = orc_create(file); 4778 if (ret) 4779 goto out; 4780 } 4781 4782 free_insns(file); 4783 4784 if (opts.stats) { 4785 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4786 printf("nr_cfi: %ld\n", nr_cfi); 4787 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4788 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4789 } 4790 4791 out: 4792 if (!ret && !warnings) 4793 return 0; 4794 4795 if (opts.werror && warnings) 4796 ret = 1; 4797 4798 if (opts.verbose) { 4799 if (opts.werror && warnings) 4800 WARN("%d warning(s) upgraded to errors", warnings); 4801 print_args(); 4802 disas_warned_funcs(file); 4803 } 4804 4805 return ret; 4806 } 4807