1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #define _GNU_SOURCE /* memmem() */ 7 #include <string.h> 8 #include <stdlib.h> 9 #include <inttypes.h> 10 #include <sys/mman.h> 11 12 #include <objtool/builtin.h> 13 #include <objtool/cfi.h> 14 #include <objtool/arch.h> 15 #include <objtool/check.h> 16 #include <objtool/special.h> 17 #include <objtool/warn.h> 18 #include <objtool/checksum.h> 19 #include <objtool/util.h> 20 21 #include <linux/objtool_types.h> 22 #include <linux/hashtable.h> 23 #include <linux/kernel.h> 24 #include <linux/static_call_types.h> 25 #include <linux/string.h> 26 27 struct alternative { 28 struct alternative *next; 29 struct instruction *insn; 30 }; 31 32 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 33 34 static struct cfi_init_state initial_func_cfi; 35 static struct cfi_state init_cfi; 36 static struct cfi_state func_cfi; 37 static struct cfi_state force_undefined_cfi; 38 39 struct instruction *find_insn(struct objtool_file *file, 40 struct section *sec, unsigned long offset) 41 { 42 struct instruction *insn; 43 44 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 45 if (insn->sec == sec && insn->offset == offset) 46 return insn; 47 } 48 49 return NULL; 50 } 51 52 struct instruction *next_insn_same_sec(struct objtool_file *file, 53 struct instruction *insn) 54 { 55 if (insn->idx == INSN_CHUNK_MAX) 56 return find_insn(file, insn->sec, insn->offset + insn->len); 57 58 insn++; 59 if (!insn->len) 60 return NULL; 61 62 return insn; 63 } 64 65 static struct instruction *next_insn_same_func(struct objtool_file *file, 66 struct instruction *insn) 67 { 68 struct instruction *next = next_insn_same_sec(file, insn); 69 struct symbol *func = insn_func(insn); 70 71 if (!func) 72 return NULL; 73 74 if (next && insn_func(next) == func) 75 return next; 76 77 /* Check if we're already in the subfunction: */ 78 if (func == func->cfunc) 79 return NULL; 80 81 /* Move to the subfunction: */ 82 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 83 } 84 85 static struct instruction *prev_insn_same_sec(struct objtool_file *file, 86 struct instruction *insn) 87 { 88 if (insn->idx == 0) { 89 if (insn->prev_len) 90 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 91 return NULL; 92 } 93 94 return insn - 1; 95 } 96 97 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 98 struct instruction *insn) 99 { 100 struct instruction *prev = prev_insn_same_sec(file, insn); 101 102 if (prev && insn_func(prev) == insn_func(insn)) 103 return prev; 104 105 return NULL; 106 } 107 108 #define for_each_insn(file, insn) \ 109 for (struct section *__sec, *__fake = (struct section *)1; \ 110 __fake; __fake = NULL) \ 111 for_each_sec(file->elf, __sec) \ 112 sec_for_each_insn(file, __sec, insn) 113 114 #define func_for_each_insn(file, func, insn) \ 115 for (insn = find_insn(file, func->sec, func->offset); \ 116 insn; \ 117 insn = next_insn_same_func(file, insn)) 118 119 #define sym_for_each_insn(file, sym, insn) \ 120 for (insn = find_insn(file, sym->sec, sym->offset); \ 121 insn && insn->offset < sym->offset + sym->len; \ 122 insn = next_insn_same_sec(file, insn)) 123 124 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 125 for (insn = prev_insn_same_sec(file, insn); \ 126 insn && insn->offset >= sym->offset; \ 127 insn = prev_insn_same_sec(file, insn)) 128 129 #define sec_for_each_insn_from(file, insn) \ 130 for (; insn; insn = next_insn_same_sec(file, insn)) 131 132 #define sec_for_each_insn_continue(file, insn) \ 133 for (insn = next_insn_same_sec(file, insn); insn; \ 134 insn = next_insn_same_sec(file, insn)) 135 136 static inline struct symbol *insn_call_dest(struct instruction *insn) 137 { 138 if (insn->type == INSN_JUMP_DYNAMIC || 139 insn->type == INSN_CALL_DYNAMIC) 140 return NULL; 141 142 return insn->_call_dest; 143 } 144 145 static inline struct reloc *insn_jump_table(struct instruction *insn) 146 { 147 if (insn->type == INSN_JUMP_DYNAMIC || 148 insn->type == INSN_CALL_DYNAMIC) 149 return insn->_jump_table; 150 151 return NULL; 152 } 153 154 static inline unsigned long insn_jump_table_size(struct instruction *insn) 155 { 156 if (insn->type == INSN_JUMP_DYNAMIC || 157 insn->type == INSN_CALL_DYNAMIC) 158 return insn->_jump_table_size; 159 160 return 0; 161 } 162 163 static bool is_jump_table_jump(struct instruction *insn) 164 { 165 struct alt_group *alt_group = insn->alt_group; 166 167 if (insn_jump_table(insn)) 168 return true; 169 170 /* Retpoline alternative for a jump table? */ 171 return alt_group && alt_group->orig_group && 172 insn_jump_table(alt_group->orig_group->first_insn); 173 } 174 175 static bool is_sibling_call(struct instruction *insn) 176 { 177 /* 178 * Assume only STT_FUNC calls have jump-tables. 179 */ 180 if (insn_func(insn)) { 181 /* An indirect jump is either a sibling call or a jump to a table. */ 182 if (insn->type == INSN_JUMP_DYNAMIC) 183 return !is_jump_table_jump(insn); 184 } 185 186 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 187 return (is_static_jump(insn) && insn_call_dest(insn)); 188 } 189 190 /* 191 * Checks if a function is a Rust "noreturn" one. 192 */ 193 static bool is_rust_noreturn(const struct symbol *func) 194 { 195 /* 196 * If it does not start with "_R", then it is not a Rust symbol. 197 */ 198 if (strncmp(func->name, "_R", 2)) 199 return false; 200 201 /* 202 * These are just heuristics -- we do not control the precise symbol 203 * name, due to the crate disambiguators (which depend on the compiler) 204 * as well as changes to the source code itself between versions (since 205 * these come from the Rust standard library). 206 */ 207 return str_ends_with(func->name, "_4core5sliceSp15copy_from_slice17len_mismatch_fail") || 208 str_ends_with(func->name, "_4core6option13expect_failed") || 209 str_ends_with(func->name, "_4core6option13unwrap_failed") || 210 str_ends_with(func->name, "_4core6result13unwrap_failed") || 211 str_ends_with(func->name, "_4core9panicking5panic") || 212 str_ends_with(func->name, "_4core9panicking9panic_fmt") || 213 str_ends_with(func->name, "_4core9panicking14panic_explicit") || 214 str_ends_with(func->name, "_4core9panicking14panic_nounwind") || 215 str_ends_with(func->name, "_4core9panicking18panic_bounds_check") || 216 str_ends_with(func->name, "_4core9panicking18panic_nounwind_fmt") || 217 str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || 218 str_ends_with(func->name, "_4core9panicking30panic_null_pointer_dereference") || 219 str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || 220 str_ends_with(func->name, "_7___rustc17rust_begin_unwind") || 221 strstr(func->name, "_4core9panicking13assert_failed") || 222 strstr(func->name, "_4core9panicking11panic_const24panic_const_") || 223 (strstr(func->name, "_4core5slice5index") && 224 strstr(func->name, "slice_") && 225 str_ends_with(func->name, "_fail")); 226 } 227 228 /* 229 * This checks to see if the given function is a "noreturn" function. 230 * 231 * For global functions which are outside the scope of this object file, we 232 * have to keep a manual list of them. 233 * 234 * For local functions, we have to detect them manually by simply looking for 235 * the lack of a return instruction. 236 */ 237 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 238 int recursion) 239 { 240 int i; 241 struct instruction *insn; 242 bool empty = true; 243 244 #define NORETURN(func) __stringify(func), 245 static const char * const global_noreturns[] = { 246 #include "noreturns.h" 247 }; 248 #undef NORETURN 249 250 if (!func) 251 return false; 252 253 if (!is_local_sym(func)) { 254 if (is_rust_noreturn(func)) 255 return true; 256 257 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 258 if (!strcmp(func->name, global_noreturns[i])) 259 return true; 260 } 261 262 if (is_weak_sym(func)) 263 return false; 264 265 if (!func->len) 266 return false; 267 268 insn = find_insn(file, func->sec, func->offset); 269 if (!insn || !insn_func(insn)) 270 return false; 271 272 func_for_each_insn(file, func, insn) { 273 empty = false; 274 275 if (insn->type == INSN_RETURN) 276 return false; 277 } 278 279 if (empty) 280 return false; 281 282 /* 283 * A function can have a sibling call instead of a return. In that 284 * case, the function's dead-end status depends on whether the target 285 * of the sibling call returns. 286 */ 287 func_for_each_insn(file, func, insn) { 288 if (is_sibling_call(insn)) { 289 struct instruction *dest = insn->jump_dest; 290 291 if (!dest) 292 /* sibling call to another file */ 293 return false; 294 295 /* local sibling call */ 296 if (recursion == 5) { 297 /* 298 * Infinite recursion: two functions have 299 * sibling calls to each other. This is a very 300 * rare case. It means they aren't dead ends. 301 */ 302 return false; 303 } 304 305 return __dead_end_function(file, insn_func(dest), recursion+1); 306 } 307 } 308 309 return true; 310 } 311 312 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 313 { 314 return __dead_end_function(file, func, 0); 315 } 316 317 static void init_cfi_state(struct cfi_state *cfi) 318 { 319 int i; 320 321 for (i = 0; i < CFI_NUM_REGS; i++) { 322 cfi->regs[i].base = CFI_UNDEFINED; 323 cfi->vals[i].base = CFI_UNDEFINED; 324 } 325 cfi->cfa.base = CFI_UNDEFINED; 326 cfi->drap_reg = CFI_UNDEFINED; 327 cfi->drap_offset = -1; 328 } 329 330 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 331 struct section *sec) 332 { 333 memset(state, 0, sizeof(*state)); 334 init_cfi_state(&state->cfi); 335 336 if (opts.noinstr && sec) 337 state->noinstr = sec->noinstr; 338 } 339 340 static struct cfi_state *cfi_alloc(void) 341 { 342 struct cfi_state *cfi = calloc(1, sizeof(struct cfi_state)); 343 if (!cfi) { 344 ERROR_GLIBC("calloc"); 345 exit(1); 346 } 347 nr_cfi++; 348 return cfi; 349 } 350 351 static int cfi_bits; 352 static struct hlist_head *cfi_hash; 353 354 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 355 { 356 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 357 (void *)cfi2 + sizeof(cfi2->hash), 358 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 359 } 360 361 static inline u32 cfi_key(struct cfi_state *cfi) 362 { 363 return jhash((void *)cfi + sizeof(cfi->hash), 364 sizeof(*cfi) - sizeof(cfi->hash), 0); 365 } 366 367 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 368 { 369 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 370 struct cfi_state *obj; 371 372 hlist_for_each_entry(obj, head, hash) { 373 if (!cficmp(cfi, obj)) { 374 nr_cfi_cache++; 375 return obj; 376 } 377 } 378 379 obj = cfi_alloc(); 380 *obj = *cfi; 381 hlist_add_head(&obj->hash, head); 382 383 return obj; 384 } 385 386 static void cfi_hash_add(struct cfi_state *cfi) 387 { 388 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 389 390 hlist_add_head(&cfi->hash, head); 391 } 392 393 static void *cfi_hash_alloc(unsigned long size) 394 { 395 cfi_bits = max(10, ilog2(size)); 396 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 397 PROT_READ|PROT_WRITE, 398 MAP_PRIVATE|MAP_ANON, -1, 0); 399 if (cfi_hash == (void *)-1L) { 400 ERROR_GLIBC("mmap fail cfi_hash"); 401 cfi_hash = NULL; 402 } else if (opts.stats) { 403 printf("cfi_bits: %d\n", cfi_bits); 404 } 405 406 return cfi_hash; 407 } 408 409 static unsigned long nr_insns; 410 static unsigned long nr_insns_visited; 411 412 /* 413 * Call the arch-specific instruction decoder for all the instructions and add 414 * them to the global instruction list. 415 */ 416 static int decode_instructions(struct objtool_file *file) 417 { 418 struct section *sec; 419 struct symbol *func; 420 unsigned long offset; 421 struct instruction *insn; 422 423 for_each_sec(file->elf, sec) { 424 struct instruction *insns = NULL; 425 u8 prev_len = 0; 426 u8 idx = 0; 427 428 if (!is_text_sec(sec)) 429 continue; 430 431 if (strcmp(sec->name, ".altinstr_replacement") && 432 strcmp(sec->name, ".altinstr_aux") && 433 strncmp(sec->name, ".discard.", 9)) 434 sec->text = true; 435 436 if (!strcmp(sec->name, ".noinstr.text") || 437 !strcmp(sec->name, ".entry.text") || 438 !strcmp(sec->name, ".cpuidle.text") || 439 !strncmp(sec->name, ".text..__x86.", 13)) 440 sec->noinstr = true; 441 442 /* 443 * .init.text code is ran before userspace and thus doesn't 444 * strictly need retpolines, except for modules which are 445 * loaded late, they very much do need retpoline in their 446 * .init.text 447 */ 448 if (!strcmp(sec->name, ".init.text") && !opts.module) 449 sec->init = true; 450 451 for (offset = 0; offset < sec_size(sec); offset += insn->len) { 452 if (!insns || idx == INSN_CHUNK_MAX) { 453 insns = calloc(INSN_CHUNK_SIZE, sizeof(*insn)); 454 if (!insns) { 455 ERROR_GLIBC("calloc"); 456 return -1; 457 } 458 idx = 0; 459 } else { 460 idx++; 461 } 462 insn = &insns[idx]; 463 insn->idx = idx; 464 465 INIT_LIST_HEAD(&insn->call_node); 466 insn->sec = sec; 467 insn->offset = offset; 468 insn->prev_len = prev_len; 469 470 if (arch_decode_instruction(file, sec, offset, sec_size(sec) - offset, insn)) 471 return -1; 472 473 prev_len = insn->len; 474 475 /* 476 * By default, "ud2" is a dead end unless otherwise 477 * annotated, because GCC 7 inserts it for certain 478 * divide-by-zero cases. 479 */ 480 if (insn->type == INSN_BUG) 481 insn->dead_end = true; 482 483 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 484 nr_insns++; 485 } 486 487 sec_for_each_sym(sec, func) { 488 if (!is_notype_sym(func) && !is_func_sym(func)) 489 continue; 490 491 if (func->offset == sec_size(sec)) { 492 /* Heuristic: likely an "end" symbol */ 493 if (is_notype_sym(func)) 494 continue; 495 ERROR("%s(): STT_FUNC at end of section", func->name); 496 return -1; 497 } 498 499 if (func->embedded_insn || func->alias != func) 500 continue; 501 502 if (!find_insn(file, sec, func->offset)) { 503 ERROR("%s(): can't find starting instruction", func->name); 504 return -1; 505 } 506 507 sym_for_each_insn(file, func, insn) { 508 insn->sym = func; 509 if (is_func_sym(func) && 510 insn->type == INSN_ENDBR && 511 list_empty(&insn->call_node)) { 512 if (insn->offset == func->offset) { 513 list_add_tail(&insn->call_node, &file->endbr_list); 514 file->nr_endbr++; 515 } else { 516 file->nr_endbr_int++; 517 } 518 } 519 } 520 } 521 } 522 523 if (opts.stats) 524 printf("nr_insns: %lu\n", nr_insns); 525 526 return 0; 527 } 528 529 /* 530 * Read the pv_ops[] .data table to find the static initialized values. 531 */ 532 static int add_pv_ops(struct objtool_file *file, const char *symname) 533 { 534 struct symbol *sym, *func; 535 unsigned long off, end; 536 struct reloc *reloc; 537 int idx; 538 539 sym = find_symbol_by_name(file->elf, symname); 540 if (!sym) 541 return 0; 542 543 off = sym->offset; 544 end = off + sym->len; 545 for (;;) { 546 reloc = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 547 if (!reloc) 548 break; 549 550 idx = (reloc_offset(reloc) - sym->offset) / sizeof(unsigned long); 551 552 func = reloc->sym; 553 if (is_sec_sym(func)) 554 func = find_symbol_by_offset(reloc->sym->sec, 555 reloc_addend(reloc)); 556 if (!func) { 557 ERROR_FUNC(reloc->sym->sec, reloc_addend(reloc), 558 "can't find func at %s[%d]", symname, idx); 559 return -1; 560 } 561 562 if (objtool_pv_add(file, idx, func)) 563 return -1; 564 565 off = reloc_offset(reloc) + 1; 566 if (off > end) 567 break; 568 } 569 570 return 0; 571 } 572 573 /* 574 * Allocate and initialize file->pv_ops[]. 575 */ 576 static int init_pv_ops(struct objtool_file *file) 577 { 578 static const char *pv_ops_tables[] = { 579 "pv_ops", 580 "xen_cpu_ops", 581 "xen_irq_ops", 582 "xen_mmu_ops", 583 NULL, 584 }; 585 const char *pv_ops; 586 struct symbol *sym; 587 int idx, nr; 588 589 if (!opts.noinstr) 590 return 0; 591 592 file->pv_ops = NULL; 593 594 sym = find_symbol_by_name(file->elf, "pv_ops"); 595 if (!sym) 596 return 0; 597 598 nr = sym->len / sizeof(unsigned long); 599 file->pv_ops = calloc(nr, sizeof(struct pv_state)); 600 if (!file->pv_ops) { 601 ERROR_GLIBC("calloc"); 602 return -1; 603 } 604 605 for (idx = 0; idx < nr; idx++) 606 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 607 608 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) { 609 if (add_pv_ops(file, pv_ops)) 610 return -1; 611 } 612 613 return 0; 614 } 615 616 static bool is_livepatch_module(struct objtool_file *file) 617 { 618 struct section *sec; 619 620 if (!opts.module) 621 return false; 622 623 sec = find_section_by_name(file->elf, ".modinfo"); 624 if (!sec) 625 return false; 626 627 return memmem(sec->data->d_buf, sec_size(sec), "\0livepatch=Y", 12); 628 } 629 630 static int create_static_call_sections(struct objtool_file *file) 631 { 632 struct static_call_site *site; 633 struct section *sec; 634 struct instruction *insn; 635 struct symbol *key_sym; 636 char *key_name, *tmp; 637 int idx; 638 639 sec = find_section_by_name(file->elf, ".static_call_sites"); 640 if (sec) { 641 /* 642 * Livepatch modules may have already extracted the static call 643 * site entries to take advantage of vmlinux static call 644 * privileges. 645 */ 646 if (!file->klp) 647 WARN("file already has .static_call_sites section, skipping"); 648 649 return 0; 650 } 651 652 if (list_empty(&file->static_call_list)) 653 return 0; 654 655 idx = 0; 656 list_for_each_entry(insn, &file->static_call_list, call_node) 657 idx++; 658 659 sec = elf_create_section_pair(file->elf, ".static_call_sites", 660 sizeof(*site), idx, idx * 2); 661 if (!sec) 662 return -1; 663 664 /* Allow modules to modify the low bits of static_call_site::key */ 665 sec->sh.sh_flags |= SHF_WRITE; 666 667 idx = 0; 668 list_for_each_entry(insn, &file->static_call_list, call_node) { 669 670 /* populate reloc for 'addr' */ 671 if (!elf_init_reloc_text_sym(file->elf, sec, 672 idx * sizeof(*site), idx * 2, 673 insn->sec, insn->offset)) 674 return -1; 675 676 /* find key symbol */ 677 key_name = strdup(insn_call_dest(insn)->name); 678 if (!key_name) { 679 ERROR_GLIBC("strdup"); 680 return -1; 681 } 682 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 683 STATIC_CALL_TRAMP_PREFIX_LEN)) { 684 ERROR("static_call: trampoline name malformed: %s", key_name); 685 return -1; 686 } 687 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 688 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 689 690 key_sym = find_symbol_by_name(file->elf, tmp); 691 if (!key_sym) { 692 if (!opts.module || file->klp) { 693 ERROR("static_call: can't find static_call_key symbol: %s", tmp); 694 return -1; 695 } 696 697 /* 698 * For modules(), the key might not be exported, which 699 * means the module can make static calls but isn't 700 * allowed to change them. 701 * 702 * In that case we temporarily set the key to be the 703 * trampoline address. This is fixed up in 704 * static_call_add_module(). 705 */ 706 key_sym = insn_call_dest(insn); 707 } 708 709 /* populate reloc for 'key' */ 710 if (!elf_init_reloc_data_sym(file->elf, sec, 711 idx * sizeof(*site) + 4, 712 (idx * 2) + 1, key_sym, 713 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 714 return -1; 715 716 idx++; 717 } 718 719 return 0; 720 } 721 722 static int create_retpoline_sites_sections(struct objtool_file *file) 723 { 724 struct instruction *insn; 725 struct section *sec; 726 int idx; 727 728 sec = find_section_by_name(file->elf, ".retpoline_sites"); 729 if (sec) { 730 WARN("file already has .retpoline_sites, skipping"); 731 return 0; 732 } 733 734 idx = 0; 735 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 736 idx++; 737 738 if (!idx) 739 return 0; 740 741 sec = elf_create_section_pair(file->elf, ".retpoline_sites", 742 sizeof(int), idx, idx); 743 if (!sec) 744 return -1; 745 746 idx = 0; 747 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 748 749 if (!elf_init_reloc_text_sym(file->elf, sec, 750 idx * sizeof(int), idx, 751 insn->sec, insn->offset)) 752 return -1; 753 754 idx++; 755 } 756 757 return 0; 758 } 759 760 static int create_return_sites_sections(struct objtool_file *file) 761 { 762 struct instruction *insn; 763 struct section *sec; 764 int idx; 765 766 sec = find_section_by_name(file->elf, ".return_sites"); 767 if (sec) { 768 WARN("file already has .return_sites, skipping"); 769 return 0; 770 } 771 772 idx = 0; 773 list_for_each_entry(insn, &file->return_thunk_list, call_node) 774 idx++; 775 776 if (!idx) 777 return 0; 778 779 sec = elf_create_section_pair(file->elf, ".return_sites", 780 sizeof(int), idx, idx); 781 if (!sec) 782 return -1; 783 784 idx = 0; 785 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 786 787 if (!elf_init_reloc_text_sym(file->elf, sec, 788 idx * sizeof(int), idx, 789 insn->sec, insn->offset)) 790 return -1; 791 792 idx++; 793 } 794 795 return 0; 796 } 797 798 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 799 { 800 struct instruction *insn; 801 struct section *sec; 802 int idx; 803 804 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 805 if (sec) { 806 WARN("file already has .ibt_endbr_seal, skipping"); 807 return 0; 808 } 809 810 idx = 0; 811 list_for_each_entry(insn, &file->endbr_list, call_node) 812 idx++; 813 814 if (opts.stats) { 815 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 816 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 817 printf("ibt: superfluous ENDBR: %d\n", idx); 818 } 819 820 if (!idx) 821 return 0; 822 823 sec = elf_create_section_pair(file->elf, ".ibt_endbr_seal", 824 sizeof(int), idx, idx); 825 if (!sec) 826 return -1; 827 828 idx = 0; 829 list_for_each_entry(insn, &file->endbr_list, call_node) { 830 831 int *site = (int *)sec->data->d_buf + idx; 832 struct symbol *sym = insn->sym; 833 *site = 0; 834 835 if (opts.module && sym && is_func_sym(sym) && 836 insn->offset == sym->offset && 837 (!strcmp(sym->name, "init_module") || 838 !strcmp(sym->name, "cleanup_module"))) { 839 ERROR("%s(): Magic init_module() function name is deprecated, use module_init(fn) instead", 840 sym->name); 841 return -1; 842 } 843 844 if (!elf_init_reloc_text_sym(file->elf, sec, 845 idx * sizeof(int), idx, 846 insn->sec, insn->offset)) 847 return -1; 848 849 idx++; 850 } 851 852 return 0; 853 } 854 855 static int create_cfi_sections(struct objtool_file *file) 856 { 857 struct section *sec; 858 struct symbol *sym; 859 int idx; 860 861 sec = find_section_by_name(file->elf, ".cfi_sites"); 862 if (sec) { 863 WARN("file already has .cfi_sites section, skipping"); 864 return 0; 865 } 866 867 idx = 0; 868 for_each_sym(file->elf, sym) { 869 if (!is_func_sym(sym)) 870 continue; 871 872 if (strncmp(sym->name, "__cfi_", 6)) 873 continue; 874 875 idx++; 876 } 877 878 sec = elf_create_section_pair(file->elf, ".cfi_sites", 879 sizeof(unsigned int), idx, idx); 880 if (!sec) 881 return -1; 882 883 idx = 0; 884 for_each_sym(file->elf, sym) { 885 if (!is_func_sym(sym)) 886 continue; 887 888 if (strncmp(sym->name, "__cfi_", 6)) 889 continue; 890 891 if (!elf_init_reloc_text_sym(file->elf, sec, 892 idx * sizeof(unsigned int), idx, 893 sym->sec, sym->offset)) 894 return -1; 895 896 idx++; 897 } 898 899 return 0; 900 } 901 902 static int create_mcount_loc_sections(struct objtool_file *file) 903 { 904 size_t addr_size = elf_addr_size(file->elf); 905 struct instruction *insn; 906 struct section *sec; 907 int idx; 908 909 sec = find_section_by_name(file->elf, "__mcount_loc"); 910 if (sec) { 911 /* 912 * Livepatch modules have already extracted their __mcount_loc 913 * entries to cover the !CONFIG_FTRACE_MCOUNT_USE_OBJTOOL case. 914 */ 915 if (!file->klp) 916 WARN("file already has __mcount_loc section, skipping"); 917 918 return 0; 919 } 920 921 if (list_empty(&file->mcount_loc_list)) 922 return 0; 923 924 idx = 0; 925 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 926 idx++; 927 928 sec = elf_create_section_pair(file->elf, "__mcount_loc", addr_size, 929 idx, idx); 930 if (!sec) 931 return -1; 932 933 sec->sh.sh_addralign = addr_size; 934 935 idx = 0; 936 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 937 938 struct reloc *reloc; 939 940 reloc = elf_init_reloc_text_sym(file->elf, sec, idx * addr_size, idx, 941 insn->sec, insn->offset); 942 if (!reloc) 943 return -1; 944 945 set_reloc_type(file->elf, reloc, addr_size == 8 ? R_ABS64 : R_ABS32); 946 947 idx++; 948 } 949 950 return 0; 951 } 952 953 static int create_direct_call_sections(struct objtool_file *file) 954 { 955 struct instruction *insn; 956 struct section *sec; 957 int idx; 958 959 sec = find_section_by_name(file->elf, ".call_sites"); 960 if (sec) { 961 WARN("file already has .call_sites section, skipping"); 962 return 0; 963 } 964 965 if (list_empty(&file->call_list)) 966 return 0; 967 968 idx = 0; 969 list_for_each_entry(insn, &file->call_list, call_node) 970 idx++; 971 972 sec = elf_create_section_pair(file->elf, ".call_sites", 973 sizeof(unsigned int), idx, idx); 974 if (!sec) 975 return -1; 976 977 idx = 0; 978 list_for_each_entry(insn, &file->call_list, call_node) { 979 980 if (!elf_init_reloc_text_sym(file->elf, sec, 981 idx * sizeof(unsigned int), idx, 982 insn->sec, insn->offset)) 983 return -1; 984 985 idx++; 986 } 987 988 return 0; 989 } 990 991 #ifdef BUILD_KLP 992 static int create_sym_checksum_section(struct objtool_file *file) 993 { 994 struct section *sec; 995 struct symbol *sym; 996 unsigned int idx = 0; 997 struct sym_checksum *checksum; 998 size_t entsize = sizeof(struct sym_checksum); 999 1000 sec = find_section_by_name(file->elf, ".discard.sym_checksum"); 1001 if (sec) { 1002 if (!opts.dryrun) 1003 WARN("file already has .discard.sym_checksum section, skipping"); 1004 1005 return 0; 1006 } 1007 1008 for_each_sym(file->elf, sym) 1009 if (sym->csum.checksum) 1010 idx++; 1011 1012 if (!idx) 1013 return 0; 1014 1015 sec = elf_create_section_pair(file->elf, ".discard.sym_checksum", entsize, 1016 idx, idx); 1017 if (!sec) 1018 return -1; 1019 1020 idx = 0; 1021 for_each_sym(file->elf, sym) { 1022 if (!sym->csum.checksum) 1023 continue; 1024 1025 if (!elf_init_reloc(file->elf, sec->rsec, idx, idx * entsize, 1026 sym, 0, R_TEXT64)) 1027 return -1; 1028 1029 checksum = (struct sym_checksum *)sec->data->d_buf + idx; 1030 checksum->addr = 0; /* reloc */ 1031 checksum->checksum = sym->csum.checksum; 1032 1033 mark_sec_changed(file->elf, sec, true); 1034 1035 idx++; 1036 } 1037 1038 return 0; 1039 } 1040 #else 1041 static int create_sym_checksum_section(struct objtool_file *file) { return -EINVAL; } 1042 #endif 1043 1044 /* 1045 * Warnings shouldn't be reported for ignored functions. 1046 */ 1047 static int add_ignores(struct objtool_file *file) 1048 { 1049 struct section *rsec; 1050 struct symbol *func; 1051 struct reloc *reloc; 1052 1053 rsec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 1054 if (!rsec) 1055 return 0; 1056 1057 for_each_reloc(rsec, reloc) { 1058 switch (reloc->sym->type) { 1059 case STT_FUNC: 1060 func = reloc->sym; 1061 break; 1062 1063 case STT_SECTION: 1064 func = find_func_by_offset(reloc->sym->sec, reloc_addend(reloc)); 1065 if (!func) 1066 continue; 1067 break; 1068 1069 default: 1070 ERROR("unexpected relocation symbol type in %s: %d", 1071 rsec->name, reloc->sym->type); 1072 return -1; 1073 } 1074 1075 func->ignore = true; 1076 if (func->cfunc) 1077 func->cfunc->ignore = true; 1078 } 1079 1080 return 0; 1081 } 1082 1083 /* 1084 * This is a whitelist of functions that is allowed to be called with AC set. 1085 * The list is meant to be minimal and only contains compiler instrumentation 1086 * ABI and a few functions used to implement *_{to,from}_user() functions. 1087 * 1088 * These functions must not directly change AC, but may PUSHF/POPF. 1089 */ 1090 static const char *uaccess_safe_builtin[] = { 1091 /* KASAN */ 1092 "kasan_report", 1093 "kasan_check_range", 1094 /* KASAN out-of-line */ 1095 "__asan_loadN_noabort", 1096 "__asan_load1_noabort", 1097 "__asan_load2_noabort", 1098 "__asan_load4_noabort", 1099 "__asan_load8_noabort", 1100 "__asan_load16_noabort", 1101 "__asan_storeN_noabort", 1102 "__asan_store1_noabort", 1103 "__asan_store2_noabort", 1104 "__asan_store4_noabort", 1105 "__asan_store8_noabort", 1106 "__asan_store16_noabort", 1107 "__kasan_check_read", 1108 "__kasan_check_write", 1109 /* KASAN in-line */ 1110 "__asan_report_load_n_noabort", 1111 "__asan_report_load1_noabort", 1112 "__asan_report_load2_noabort", 1113 "__asan_report_load4_noabort", 1114 "__asan_report_load8_noabort", 1115 "__asan_report_load16_noabort", 1116 "__asan_report_store_n_noabort", 1117 "__asan_report_store1_noabort", 1118 "__asan_report_store2_noabort", 1119 "__asan_report_store4_noabort", 1120 "__asan_report_store8_noabort", 1121 "__asan_report_store16_noabort", 1122 /* KCSAN */ 1123 "__kcsan_check_access", 1124 "__kcsan_mb", 1125 "__kcsan_wmb", 1126 "__kcsan_rmb", 1127 "__kcsan_release", 1128 "kcsan_found_watchpoint", 1129 "kcsan_setup_watchpoint", 1130 "kcsan_check_scoped_accesses", 1131 "kcsan_disable_current", 1132 "kcsan_enable_current_nowarn", 1133 /* KCSAN/TSAN */ 1134 "__tsan_func_entry", 1135 "__tsan_func_exit", 1136 "__tsan_read_range", 1137 "__tsan_write_range", 1138 "__tsan_read1", 1139 "__tsan_read2", 1140 "__tsan_read4", 1141 "__tsan_read8", 1142 "__tsan_read16", 1143 "__tsan_write1", 1144 "__tsan_write2", 1145 "__tsan_write4", 1146 "__tsan_write8", 1147 "__tsan_write16", 1148 "__tsan_read_write1", 1149 "__tsan_read_write2", 1150 "__tsan_read_write4", 1151 "__tsan_read_write8", 1152 "__tsan_read_write16", 1153 "__tsan_volatile_read1", 1154 "__tsan_volatile_read2", 1155 "__tsan_volatile_read4", 1156 "__tsan_volatile_read8", 1157 "__tsan_volatile_read16", 1158 "__tsan_volatile_write1", 1159 "__tsan_volatile_write2", 1160 "__tsan_volatile_write4", 1161 "__tsan_volatile_write8", 1162 "__tsan_volatile_write16", 1163 "__tsan_atomic8_load", 1164 "__tsan_atomic16_load", 1165 "__tsan_atomic32_load", 1166 "__tsan_atomic64_load", 1167 "__tsan_atomic8_store", 1168 "__tsan_atomic16_store", 1169 "__tsan_atomic32_store", 1170 "__tsan_atomic64_store", 1171 "__tsan_atomic8_exchange", 1172 "__tsan_atomic16_exchange", 1173 "__tsan_atomic32_exchange", 1174 "__tsan_atomic64_exchange", 1175 "__tsan_atomic8_fetch_add", 1176 "__tsan_atomic16_fetch_add", 1177 "__tsan_atomic32_fetch_add", 1178 "__tsan_atomic64_fetch_add", 1179 "__tsan_atomic8_fetch_sub", 1180 "__tsan_atomic16_fetch_sub", 1181 "__tsan_atomic32_fetch_sub", 1182 "__tsan_atomic64_fetch_sub", 1183 "__tsan_atomic8_fetch_and", 1184 "__tsan_atomic16_fetch_and", 1185 "__tsan_atomic32_fetch_and", 1186 "__tsan_atomic64_fetch_and", 1187 "__tsan_atomic8_fetch_or", 1188 "__tsan_atomic16_fetch_or", 1189 "__tsan_atomic32_fetch_or", 1190 "__tsan_atomic64_fetch_or", 1191 "__tsan_atomic8_fetch_xor", 1192 "__tsan_atomic16_fetch_xor", 1193 "__tsan_atomic32_fetch_xor", 1194 "__tsan_atomic64_fetch_xor", 1195 "__tsan_atomic8_fetch_nand", 1196 "__tsan_atomic16_fetch_nand", 1197 "__tsan_atomic32_fetch_nand", 1198 "__tsan_atomic64_fetch_nand", 1199 "__tsan_atomic8_compare_exchange_strong", 1200 "__tsan_atomic16_compare_exchange_strong", 1201 "__tsan_atomic32_compare_exchange_strong", 1202 "__tsan_atomic64_compare_exchange_strong", 1203 "__tsan_atomic8_compare_exchange_weak", 1204 "__tsan_atomic16_compare_exchange_weak", 1205 "__tsan_atomic32_compare_exchange_weak", 1206 "__tsan_atomic64_compare_exchange_weak", 1207 "__tsan_atomic8_compare_exchange_val", 1208 "__tsan_atomic16_compare_exchange_val", 1209 "__tsan_atomic32_compare_exchange_val", 1210 "__tsan_atomic64_compare_exchange_val", 1211 "__tsan_atomic_thread_fence", 1212 "__tsan_atomic_signal_fence", 1213 "__tsan_unaligned_read16", 1214 "__tsan_unaligned_write16", 1215 /* KCOV */ 1216 "write_comp_data", 1217 "check_kcov_mode", 1218 "__sanitizer_cov_trace_pc", 1219 "__sanitizer_cov_trace_const_cmp1", 1220 "__sanitizer_cov_trace_const_cmp2", 1221 "__sanitizer_cov_trace_const_cmp4", 1222 "__sanitizer_cov_trace_const_cmp8", 1223 "__sanitizer_cov_trace_cmp1", 1224 "__sanitizer_cov_trace_cmp2", 1225 "__sanitizer_cov_trace_cmp4", 1226 "__sanitizer_cov_trace_cmp8", 1227 "__sanitizer_cov_trace_switch", 1228 /* KMSAN */ 1229 "kmsan_copy_to_user", 1230 "kmsan_disable_current", 1231 "kmsan_enable_current", 1232 "kmsan_report", 1233 "kmsan_unpoison_entry_regs", 1234 "kmsan_unpoison_memory", 1235 "__msan_chain_origin", 1236 "__msan_get_context_state", 1237 "__msan_instrument_asm_store", 1238 "__msan_metadata_ptr_for_load_1", 1239 "__msan_metadata_ptr_for_load_2", 1240 "__msan_metadata_ptr_for_load_4", 1241 "__msan_metadata_ptr_for_load_8", 1242 "__msan_metadata_ptr_for_load_n", 1243 "__msan_metadata_ptr_for_store_1", 1244 "__msan_metadata_ptr_for_store_2", 1245 "__msan_metadata_ptr_for_store_4", 1246 "__msan_metadata_ptr_for_store_8", 1247 "__msan_metadata_ptr_for_store_n", 1248 "__msan_poison_alloca", 1249 "__msan_warning", 1250 /* UBSAN */ 1251 "ubsan_type_mismatch_common", 1252 "__ubsan_handle_type_mismatch", 1253 "__ubsan_handle_type_mismatch_v1", 1254 "__ubsan_handle_shift_out_of_bounds", 1255 "__ubsan_handle_load_invalid_value", 1256 /* KSTACK_ERASE */ 1257 "__sanitizer_cov_stack_depth", 1258 /* TRACE_BRANCH_PROFILING */ 1259 "ftrace_likely_update", 1260 /* STACKPROTECTOR */ 1261 "__stack_chk_fail", 1262 /* misc */ 1263 "csum_partial_copy_generic", 1264 "copy_mc_fragile", 1265 "copy_mc_fragile_handle_tail", 1266 "copy_mc_enhanced_fast_string", 1267 "rep_stos_alternative", 1268 "rep_movs_alternative", 1269 "__copy_user_nocache", 1270 NULL 1271 }; 1272 1273 static void add_uaccess_safe(struct objtool_file *file) 1274 { 1275 struct symbol *func; 1276 const char **name; 1277 1278 if (!opts.uaccess) 1279 return; 1280 1281 for (name = uaccess_safe_builtin; *name; name++) { 1282 func = find_symbol_by_name(file->elf, *name); 1283 if (!func) 1284 continue; 1285 1286 func->uaccess_safe = true; 1287 } 1288 } 1289 1290 /* 1291 * Symbols that replace INSN_CALL_DYNAMIC, every (tail) call to such a symbol 1292 * will be added to the .retpoline_sites section. 1293 */ 1294 __weak bool arch_is_retpoline(struct symbol *sym) 1295 { 1296 return false; 1297 } 1298 1299 /* 1300 * Symbols that replace INSN_RETURN, every (tail) call to such a symbol 1301 * will be added to the .return_sites section. 1302 */ 1303 __weak bool arch_is_rethunk(struct symbol *sym) 1304 { 1305 return false; 1306 } 1307 1308 /* 1309 * Symbols that are embedded inside other instructions, because sometimes crazy 1310 * code exists. These are mostly ignored for validation purposes. 1311 */ 1312 __weak bool arch_is_embedded_insn(struct symbol *sym) 1313 { 1314 return false; 1315 } 1316 1317 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1318 { 1319 struct reloc *reloc; 1320 1321 if (insn->no_reloc) 1322 return NULL; 1323 1324 if (!file) 1325 return NULL; 1326 1327 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1328 insn->offset, insn->len); 1329 if (!reloc) { 1330 insn->no_reloc = 1; 1331 return NULL; 1332 } 1333 1334 return reloc; 1335 } 1336 1337 static void remove_insn_ops(struct instruction *insn) 1338 { 1339 struct stack_op *op, *next; 1340 1341 for (op = insn->stack_ops; op; op = next) { 1342 next = op->next; 1343 free(op); 1344 } 1345 insn->stack_ops = NULL; 1346 } 1347 1348 static int annotate_call_site(struct objtool_file *file, 1349 struct instruction *insn, bool sibling) 1350 { 1351 struct reloc *reloc = insn_reloc(file, insn); 1352 struct symbol *sym = insn_call_dest(insn); 1353 1354 if (!sym) 1355 sym = reloc->sym; 1356 1357 if (sym->static_call_tramp) { 1358 list_add_tail(&insn->call_node, &file->static_call_list); 1359 return 0; 1360 } 1361 1362 if (sym->retpoline_thunk) { 1363 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1364 return 0; 1365 } 1366 1367 /* 1368 * Many compilers cannot disable KCOV or sanitizer calls with a function 1369 * attribute so they need a little help, NOP out any such calls from 1370 * noinstr text. 1371 */ 1372 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1373 if (reloc) 1374 set_reloc_type(file->elf, reloc, R_NONE); 1375 1376 if (elf_write_insn(file->elf, insn->sec, 1377 insn->offset, insn->len, 1378 sibling ? arch_ret_insn(insn->len) 1379 : arch_nop_insn(insn->len))) { 1380 return -1; 1381 } 1382 1383 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1384 1385 if (sibling) { 1386 /* 1387 * We've replaced the tail-call JMP insn by two new 1388 * insn: RET; INT3, except we only have a single struct 1389 * insn here. Mark it retpoline_safe to avoid the SLS 1390 * warning, instead of adding another insn. 1391 */ 1392 insn->retpoline_safe = true; 1393 } 1394 1395 return 0; 1396 } 1397 1398 if (opts.mcount && sym->fentry) { 1399 if (sibling) 1400 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1401 if (opts.mnop) { 1402 if (reloc) 1403 set_reloc_type(file->elf, reloc, R_NONE); 1404 1405 if (elf_write_insn(file->elf, insn->sec, 1406 insn->offset, insn->len, 1407 arch_nop_insn(insn->len))) { 1408 return -1; 1409 } 1410 1411 insn->type = INSN_NOP; 1412 } 1413 1414 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1415 return 0; 1416 } 1417 1418 if (insn->type == INSN_CALL && !insn->sec->init && 1419 !insn->_call_dest->embedded_insn) 1420 list_add_tail(&insn->call_node, &file->call_list); 1421 1422 if (!sibling && dead_end_function(file, sym)) 1423 insn->dead_end = true; 1424 1425 return 0; 1426 } 1427 1428 static int add_call_dest(struct objtool_file *file, struct instruction *insn, 1429 struct symbol *dest, bool sibling) 1430 { 1431 insn->_call_dest = dest; 1432 if (!dest) 1433 return 0; 1434 1435 /* 1436 * Whatever stack impact regular CALLs have, should be undone 1437 * by the RETURN of the called function. 1438 * 1439 * Annotated intra-function calls retain the stack_ops but 1440 * are converted to JUMP, see read_intra_function_calls(). 1441 */ 1442 remove_insn_ops(insn); 1443 1444 return annotate_call_site(file, insn, sibling); 1445 } 1446 1447 static int add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1448 { 1449 /* 1450 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1451 * so convert them accordingly. 1452 */ 1453 switch (insn->type) { 1454 case INSN_CALL: 1455 insn->type = INSN_CALL_DYNAMIC; 1456 break; 1457 case INSN_JUMP_UNCONDITIONAL: 1458 insn->type = INSN_JUMP_DYNAMIC; 1459 break; 1460 case INSN_JUMP_CONDITIONAL: 1461 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1462 break; 1463 default: 1464 return 0; 1465 } 1466 1467 insn->retpoline_safe = true; 1468 1469 /* 1470 * Whatever stack impact regular CALLs have, should be undone 1471 * by the RETURN of the called function. 1472 * 1473 * Annotated intra-function calls retain the stack_ops but 1474 * are converted to JUMP, see read_intra_function_calls(). 1475 */ 1476 remove_insn_ops(insn); 1477 1478 return annotate_call_site(file, insn, false); 1479 } 1480 1481 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1482 { 1483 /* 1484 * Return thunk tail calls are really just returns in disguise, 1485 * so convert them accordingly. 1486 */ 1487 insn->type = INSN_RETURN; 1488 insn->retpoline_safe = true; 1489 1490 if (add) 1491 list_add_tail(&insn->call_node, &file->return_thunk_list); 1492 } 1493 1494 static bool is_first_func_insn(struct objtool_file *file, 1495 struct instruction *insn) 1496 { 1497 struct symbol *func = insn_func(insn); 1498 1499 if (!func) 1500 return false; 1501 1502 if (insn->offset == func->offset) 1503 return true; 1504 1505 /* Allow direct CALL/JMP past ENDBR */ 1506 if (opts.ibt) { 1507 struct instruction *prev = prev_insn_same_sym(file, insn); 1508 1509 if (prev && prev->type == INSN_ENDBR && 1510 insn->offset == func->offset + prev->len) 1511 return true; 1512 } 1513 1514 return false; 1515 } 1516 1517 /* 1518 * Find the destination instructions for all jumps. 1519 */ 1520 static int add_jump_destinations(struct objtool_file *file) 1521 { 1522 struct instruction *insn; 1523 struct reloc *reloc; 1524 1525 for_each_insn(file, insn) { 1526 struct symbol *func = insn_func(insn); 1527 struct instruction *dest_insn; 1528 struct section *dest_sec; 1529 struct symbol *dest_sym; 1530 unsigned long dest_off; 1531 1532 if (!is_static_jump(insn)) 1533 continue; 1534 1535 if (insn->jump_dest) { 1536 /* 1537 * handle_group_alt() may have previously set 1538 * 'jump_dest' for some alternatives. 1539 */ 1540 continue; 1541 } 1542 1543 reloc = insn_reloc(file, insn); 1544 if (!reloc) { 1545 dest_sec = insn->sec; 1546 dest_off = arch_jump_destination(insn); 1547 dest_sym = dest_sec->sym; 1548 } else { 1549 dest_sym = reloc->sym; 1550 if (is_undef_sym(dest_sym)) { 1551 if (dest_sym->retpoline_thunk) { 1552 if (add_retpoline_call(file, insn)) 1553 return -1; 1554 continue; 1555 } 1556 1557 if (dest_sym->return_thunk) { 1558 add_return_call(file, insn, true); 1559 continue; 1560 } 1561 1562 /* External symbol */ 1563 if (func) { 1564 /* External sibling call */ 1565 if (add_call_dest(file, insn, dest_sym, true)) 1566 return -1; 1567 continue; 1568 } 1569 1570 /* Non-func asm code jumping to external symbol */ 1571 continue; 1572 } 1573 1574 dest_sec = dest_sym->sec; 1575 dest_off = dest_sym->offset + arch_insn_adjusted_addend(insn, reloc); 1576 } 1577 1578 dest_insn = find_insn(file, dest_sec, dest_off); 1579 if (!dest_insn) { 1580 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1581 1582 /* 1583 * retbleed_untrain_ret() jumps to 1584 * __x86_return_thunk(), but objtool can't find 1585 * the thunk's starting RET instruction, 1586 * because the RET is also in the middle of 1587 * another instruction. Objtool only knows 1588 * about the outer instruction. 1589 */ 1590 if (sym && sym->embedded_insn) { 1591 add_return_call(file, insn, false); 1592 continue; 1593 } 1594 1595 /* 1596 * GCOV/KCOV dead code can jump to the end of 1597 * the function/section. 1598 */ 1599 if (file->ignore_unreachables && func && 1600 dest_sec == insn->sec && 1601 dest_off == func->offset + func->len) 1602 continue; 1603 1604 ERROR_INSN(insn, "can't find jump dest instruction at %s", 1605 offstr(dest_sec, dest_off)); 1606 return -1; 1607 } 1608 1609 if (!dest_sym || is_sec_sym(dest_sym)) { 1610 dest_sym = dest_insn->sym; 1611 if (!dest_sym) 1612 goto set_jump_dest; 1613 } 1614 1615 if (dest_sym->retpoline_thunk && dest_insn->offset == dest_sym->offset) { 1616 if (add_retpoline_call(file, insn)) 1617 return -1; 1618 continue; 1619 } 1620 1621 if (dest_sym->return_thunk && dest_insn->offset == dest_sym->offset) { 1622 add_return_call(file, insn, true); 1623 continue; 1624 } 1625 1626 if (!insn->sym || insn->sym == dest_insn->sym) 1627 goto set_jump_dest; 1628 1629 /* 1630 * Internal cross-function jump. 1631 */ 1632 1633 /* 1634 * For GCC 8+, create parent/child links for any cold 1635 * subfunctions. This is _mostly_ redundant with a 1636 * similar initialization in read_symbols(). 1637 * 1638 * If a function has aliases, we want the *first* such 1639 * function in the symbol table to be the subfunction's 1640 * parent. In that case we overwrite the 1641 * initialization done in read_symbols(). 1642 * 1643 * However this code can't completely replace the 1644 * read_symbols() code because this doesn't detect the 1645 * case where the parent function's only reference to a 1646 * subfunction is through a jump table. 1647 */ 1648 if (func && dest_sym->cold) { 1649 func->cfunc = dest_sym; 1650 dest_sym->pfunc = func; 1651 goto set_jump_dest; 1652 } 1653 1654 if (is_first_func_insn(file, dest_insn)) { 1655 /* Internal sibling call */ 1656 if (add_call_dest(file, insn, dest_sym, true)) 1657 return -1; 1658 continue; 1659 } 1660 1661 set_jump_dest: 1662 insn->jump_dest = dest_insn; 1663 } 1664 1665 return 0; 1666 } 1667 1668 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1669 { 1670 struct symbol *call_dest; 1671 1672 call_dest = find_func_by_offset(sec, offset); 1673 if (!call_dest) 1674 call_dest = find_symbol_by_offset(sec, offset); 1675 1676 return call_dest; 1677 } 1678 1679 /* 1680 * Find the destination instructions for all calls. 1681 */ 1682 static int add_call_destinations(struct objtool_file *file) 1683 { 1684 struct instruction *insn; 1685 unsigned long dest_off; 1686 struct symbol *dest; 1687 struct reloc *reloc; 1688 1689 for_each_insn(file, insn) { 1690 struct symbol *func = insn_func(insn); 1691 if (insn->type != INSN_CALL) 1692 continue; 1693 1694 reloc = insn_reloc(file, insn); 1695 if (!reloc) { 1696 dest_off = arch_jump_destination(insn); 1697 dest = find_call_destination(insn->sec, dest_off); 1698 1699 if (add_call_dest(file, insn, dest, false)) 1700 return -1; 1701 1702 if (func && func->ignore) 1703 continue; 1704 1705 if (!insn_call_dest(insn)) { 1706 ERROR_INSN(insn, "unannotated intra-function call"); 1707 return -1; 1708 } 1709 1710 if (func && !is_func_sym(insn_call_dest(insn))) { 1711 ERROR_INSN(insn, "unsupported call to non-function"); 1712 return -1; 1713 } 1714 1715 } else if (is_sec_sym(reloc->sym)) { 1716 dest_off = arch_insn_adjusted_addend(insn, reloc); 1717 dest = find_call_destination(reloc->sym->sec, dest_off); 1718 if (!dest) { 1719 ERROR_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1720 reloc->sym->sec->name, dest_off); 1721 return -1; 1722 } 1723 1724 if (add_call_dest(file, insn, dest, false)) 1725 return -1; 1726 1727 } else if (reloc->sym->retpoline_thunk) { 1728 if (add_retpoline_call(file, insn)) 1729 return -1; 1730 1731 } else { 1732 if (add_call_dest(file, insn, reloc->sym, false)) 1733 return -1; 1734 } 1735 } 1736 1737 return 0; 1738 } 1739 1740 /* 1741 * The .alternatives section requires some extra special care over and above 1742 * other special sections because alternatives are patched in place. 1743 */ 1744 static int handle_group_alt(struct objtool_file *file, 1745 struct special_alt *special_alt, 1746 struct instruction *orig_insn, 1747 struct instruction **new_insn) 1748 { 1749 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1750 struct alt_group *orig_alt_group, *new_alt_group; 1751 unsigned long dest_off; 1752 1753 orig_alt_group = orig_insn->alt_group; 1754 if (!orig_alt_group) { 1755 struct instruction *last_orig_insn = NULL; 1756 1757 orig_alt_group = calloc(1, sizeof(*orig_alt_group)); 1758 if (!orig_alt_group) { 1759 ERROR_GLIBC("calloc"); 1760 return -1; 1761 } 1762 orig_alt_group->cfi = calloc(special_alt->orig_len, 1763 sizeof(struct cfi_state *)); 1764 if (!orig_alt_group->cfi) { 1765 ERROR_GLIBC("calloc"); 1766 return -1; 1767 } 1768 1769 insn = orig_insn; 1770 sec_for_each_insn_from(file, insn) { 1771 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1772 break; 1773 1774 insn->alt_group = orig_alt_group; 1775 last_orig_insn = insn; 1776 } 1777 orig_alt_group->orig_group = NULL; 1778 orig_alt_group->first_insn = orig_insn; 1779 orig_alt_group->last_insn = last_orig_insn; 1780 orig_alt_group->nop = NULL; 1781 orig_alt_group->ignore = orig_insn->ignore_alts; 1782 } else { 1783 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1784 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1785 ERROR_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1786 orig_alt_group->last_insn->offset + 1787 orig_alt_group->last_insn->len - 1788 orig_alt_group->first_insn->offset, 1789 special_alt->orig_len); 1790 return -1; 1791 } 1792 } 1793 1794 new_alt_group = calloc(1, sizeof(*new_alt_group)); 1795 if (!new_alt_group) { 1796 ERROR_GLIBC("calloc"); 1797 return -1; 1798 } 1799 1800 if (special_alt->new_len < special_alt->orig_len) { 1801 /* 1802 * Insert a fake nop at the end to make the replacement 1803 * alt_group the same size as the original. This is needed to 1804 * allow propagate_alt_cfi() to do its magic. When the last 1805 * instruction affects the stack, the instruction after it (the 1806 * nop) will propagate the new state to the shared CFI array. 1807 */ 1808 nop = calloc(1, sizeof(*nop)); 1809 if (!nop) { 1810 ERROR_GLIBC("calloc"); 1811 return -1; 1812 } 1813 memset(nop, 0, sizeof(*nop)); 1814 1815 nop->sec = special_alt->new_sec; 1816 nop->offset = special_alt->new_off + special_alt->new_len; 1817 nop->len = special_alt->orig_len - special_alt->new_len; 1818 nop->type = INSN_NOP; 1819 nop->sym = orig_insn->sym; 1820 nop->alt_group = new_alt_group; 1821 nop->fake = 1; 1822 } 1823 1824 if (!special_alt->new_len) { 1825 *new_insn = nop; 1826 goto end; 1827 } 1828 1829 insn = *new_insn; 1830 sec_for_each_insn_from(file, insn) { 1831 struct reloc *alt_reloc; 1832 1833 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1834 break; 1835 1836 last_new_insn = insn; 1837 1838 insn->sym = orig_insn->sym; 1839 insn->alt_group = new_alt_group; 1840 1841 /* 1842 * Since alternative replacement code is copy/pasted by the 1843 * kernel after applying relocations, generally such code can't 1844 * have relative-address relocation references to outside the 1845 * .altinstr_replacement section, unless the arch's 1846 * alternatives code can adjust the relative offsets 1847 * accordingly. 1848 */ 1849 alt_reloc = insn_reloc(file, insn); 1850 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1851 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1852 1853 ERROR_INSN(insn, "unsupported relocation in alternatives section"); 1854 return -1; 1855 } 1856 1857 if (!is_static_jump(insn)) 1858 continue; 1859 1860 if (!insn->immediate) 1861 continue; 1862 1863 dest_off = arch_jump_destination(insn); 1864 if (dest_off == special_alt->new_off + special_alt->new_len) { 1865 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1866 if (!insn->jump_dest) { 1867 ERROR_INSN(insn, "can't find alternative jump destination"); 1868 return -1; 1869 } 1870 } 1871 } 1872 1873 if (!last_new_insn) { 1874 ERROR_FUNC(special_alt->new_sec, special_alt->new_off, 1875 "can't find last new alternative instruction"); 1876 return -1; 1877 } 1878 1879 end: 1880 new_alt_group->orig_group = orig_alt_group; 1881 new_alt_group->first_insn = *new_insn; 1882 new_alt_group->last_insn = last_new_insn; 1883 new_alt_group->nop = nop; 1884 new_alt_group->ignore = (*new_insn)->ignore_alts; 1885 new_alt_group->cfi = orig_alt_group->cfi; 1886 return 0; 1887 } 1888 1889 /* 1890 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1891 * If the original instruction is a jump, make the alt entry an effective nop 1892 * by just skipping the original instruction. 1893 */ 1894 static int handle_jump_alt(struct objtool_file *file, 1895 struct special_alt *special_alt, 1896 struct instruction *orig_insn, 1897 struct instruction **new_insn) 1898 { 1899 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1900 orig_insn->type != INSN_NOP) { 1901 1902 ERROR_INSN(orig_insn, "unsupported instruction at jump label"); 1903 return -1; 1904 } 1905 1906 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1907 struct reloc *reloc = insn_reloc(file, orig_insn); 1908 1909 if (reloc) 1910 set_reloc_type(file->elf, reloc, R_NONE); 1911 1912 if (elf_write_insn(file->elf, orig_insn->sec, 1913 orig_insn->offset, orig_insn->len, 1914 arch_nop_insn(orig_insn->len))) { 1915 return -1; 1916 } 1917 1918 orig_insn->type = INSN_NOP; 1919 } 1920 1921 if (orig_insn->type == INSN_NOP) { 1922 if (orig_insn->len == 2) 1923 file->jl_nop_short++; 1924 else 1925 file->jl_nop_long++; 1926 1927 return 0; 1928 } 1929 1930 if (orig_insn->len == 2) 1931 file->jl_short++; 1932 else 1933 file->jl_long++; 1934 1935 *new_insn = next_insn_same_sec(file, orig_insn); 1936 return 0; 1937 } 1938 1939 /* 1940 * Read all the special sections which have alternate instructions which can be 1941 * patched in or redirected to at runtime. Each instruction having alternate 1942 * instruction(s) has them added to its insn->alts list, which will be 1943 * traversed in validate_branch(). 1944 */ 1945 static int add_special_section_alts(struct objtool_file *file) 1946 { 1947 struct list_head special_alts; 1948 struct instruction *orig_insn, *new_insn; 1949 struct special_alt *special_alt, *tmp; 1950 struct alternative *alt; 1951 1952 if (special_get_alts(file->elf, &special_alts)) 1953 return -1; 1954 1955 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1956 1957 orig_insn = find_insn(file, special_alt->orig_sec, 1958 special_alt->orig_off); 1959 if (!orig_insn) { 1960 ERROR_FUNC(special_alt->orig_sec, special_alt->orig_off, 1961 "special: can't find orig instruction"); 1962 return -1; 1963 } 1964 1965 new_insn = NULL; 1966 if (!special_alt->group || special_alt->new_len) { 1967 new_insn = find_insn(file, special_alt->new_sec, 1968 special_alt->new_off); 1969 if (!new_insn) { 1970 ERROR_FUNC(special_alt->new_sec, special_alt->new_off, 1971 "special: can't find new instruction"); 1972 return -1; 1973 } 1974 } 1975 1976 if (special_alt->group) { 1977 if (!special_alt->orig_len) { 1978 ERROR_INSN(orig_insn, "empty alternative entry"); 1979 continue; 1980 } 1981 1982 if (handle_group_alt(file, special_alt, orig_insn, &new_insn)) 1983 return -1; 1984 1985 } else if (special_alt->jump_or_nop) { 1986 if (handle_jump_alt(file, special_alt, orig_insn, &new_insn)) 1987 return -1; 1988 } 1989 1990 alt = calloc(1, sizeof(*alt)); 1991 if (!alt) { 1992 ERROR_GLIBC("calloc"); 1993 return -1; 1994 } 1995 1996 alt->insn = new_insn; 1997 alt->next = orig_insn->alts; 1998 orig_insn->alts = alt; 1999 2000 list_del(&special_alt->list); 2001 free(special_alt); 2002 } 2003 2004 if (opts.stats) { 2005 printf("jl\\\tNOP\tJMP\n"); 2006 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 2007 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 2008 } 2009 2010 return 0; 2011 } 2012 2013 __weak unsigned long arch_jump_table_sym_offset(struct reloc *reloc, struct reloc *table) 2014 { 2015 return reloc->sym->offset + reloc_addend(reloc); 2016 } 2017 2018 static int add_jump_table(struct objtool_file *file, struct instruction *insn) 2019 { 2020 unsigned long table_size = insn_jump_table_size(insn); 2021 struct symbol *pfunc = insn_func(insn)->pfunc; 2022 struct reloc *table = insn_jump_table(insn); 2023 struct instruction *dest_insn; 2024 unsigned int prev_offset = 0; 2025 struct reloc *reloc = table; 2026 struct alternative *alt; 2027 unsigned long sym_offset; 2028 2029 /* 2030 * Each @reloc is a switch table relocation which points to the target 2031 * instruction. 2032 */ 2033 for_each_reloc_from(table->sec, reloc) { 2034 2035 /* Check for the end of the table: */ 2036 if (table_size && reloc_offset(reloc) - reloc_offset(table) >= table_size) 2037 break; 2038 if (reloc != table && is_jump_table(reloc)) 2039 break; 2040 2041 /* Make sure the table entries are consecutive: */ 2042 if (prev_offset && reloc_offset(reloc) != prev_offset + arch_reloc_size(reloc)) 2043 break; 2044 2045 sym_offset = arch_jump_table_sym_offset(reloc, table); 2046 2047 /* Detect function pointers from contiguous objects: */ 2048 if (reloc->sym->sec == pfunc->sec && sym_offset == pfunc->offset) 2049 break; 2050 2051 /* 2052 * Clang sometimes leaves dangling unused jump table entries 2053 * which point to the end of the function. Ignore them. 2054 */ 2055 if (reloc->sym->sec == pfunc->sec && 2056 sym_offset == pfunc->offset + pfunc->len) 2057 goto next; 2058 2059 dest_insn = find_insn(file, reloc->sym->sec, sym_offset); 2060 if (!dest_insn) 2061 break; 2062 2063 /* Make sure the destination is in the same function: */ 2064 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 2065 break; 2066 2067 alt = calloc(1, sizeof(*alt)); 2068 if (!alt) { 2069 ERROR_GLIBC("calloc"); 2070 return -1; 2071 } 2072 2073 alt->insn = dest_insn; 2074 alt->next = insn->alts; 2075 insn->alts = alt; 2076 next: 2077 prev_offset = reloc_offset(reloc); 2078 } 2079 2080 if (!prev_offset) { 2081 ERROR_INSN(insn, "can't find switch jump table"); 2082 return -1; 2083 } 2084 2085 return 0; 2086 } 2087 2088 /* 2089 * find_jump_table() - Given a dynamic jump, find the switch jump table 2090 * associated with it. 2091 */ 2092 static void find_jump_table(struct objtool_file *file, struct symbol *func, 2093 struct instruction *insn) 2094 { 2095 struct reloc *table_reloc; 2096 struct instruction *dest_insn, *orig_insn = insn; 2097 unsigned long table_size; 2098 unsigned long sym_offset; 2099 2100 /* 2101 * Backward search using the @first_jump_src links, these help avoid 2102 * much of the 'in between' code. Which avoids us getting confused by 2103 * it. 2104 */ 2105 for (; 2106 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2107 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2108 2109 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2110 break; 2111 2112 /* allow small jumps within the range */ 2113 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2114 insn->jump_dest && 2115 (insn->jump_dest->offset <= insn->offset || 2116 insn->jump_dest->offset > orig_insn->offset)) 2117 break; 2118 2119 table_reloc = arch_find_switch_table(file, insn, &table_size); 2120 if (!table_reloc) 2121 continue; 2122 2123 sym_offset = table_reloc->sym->offset + reloc_addend(table_reloc); 2124 2125 dest_insn = find_insn(file, table_reloc->sym->sec, sym_offset); 2126 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2127 continue; 2128 2129 set_jump_table(table_reloc); 2130 orig_insn->_jump_table = table_reloc; 2131 orig_insn->_jump_table_size = table_size; 2132 2133 break; 2134 } 2135 } 2136 2137 /* 2138 * First pass: Mark the head of each jump table so that in the next pass, 2139 * we know when a given jump table ends and the next one starts. 2140 */ 2141 static void mark_func_jump_tables(struct objtool_file *file, 2142 struct symbol *func) 2143 { 2144 struct instruction *insn, *last = NULL; 2145 2146 func_for_each_insn(file, func, insn) { 2147 if (!last) 2148 last = insn; 2149 2150 /* 2151 * Store back-pointers for unconditional forward jumps such 2152 * that find_jump_table() can back-track using those and 2153 * avoid some potentially confusing code. 2154 */ 2155 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2156 insn->offset > last->offset && 2157 insn->jump_dest->offset > insn->offset && 2158 !insn->jump_dest->first_jump_src) { 2159 2160 insn->jump_dest->first_jump_src = insn; 2161 last = insn->jump_dest; 2162 } 2163 2164 if (insn->type != INSN_JUMP_DYNAMIC) 2165 continue; 2166 2167 find_jump_table(file, func, insn); 2168 } 2169 } 2170 2171 static int add_func_jump_tables(struct objtool_file *file, 2172 struct symbol *func) 2173 { 2174 struct instruction *insn; 2175 2176 func_for_each_insn(file, func, insn) { 2177 if (!insn_jump_table(insn)) 2178 continue; 2179 2180 if (add_jump_table(file, insn)) 2181 return -1; 2182 } 2183 2184 return 0; 2185 } 2186 2187 /* 2188 * For some switch statements, gcc generates a jump table in the .rodata 2189 * section which contains a list of addresses within the function to jump to. 2190 * This finds these jump tables and adds them to the insn->alts lists. 2191 */ 2192 static int add_jump_table_alts(struct objtool_file *file) 2193 { 2194 struct symbol *func; 2195 2196 if (!file->rodata) 2197 return 0; 2198 2199 for_each_sym(file->elf, func) { 2200 if (!is_func_sym(func)) 2201 continue; 2202 2203 mark_func_jump_tables(file, func); 2204 if (add_func_jump_tables(file, func)) 2205 return -1; 2206 } 2207 2208 return 0; 2209 } 2210 2211 static void set_func_state(struct cfi_state *state) 2212 { 2213 state->cfa = initial_func_cfi.cfa; 2214 memcpy(&state->regs, &initial_func_cfi.regs, 2215 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2216 state->stack_size = initial_func_cfi.cfa.offset; 2217 state->type = UNWIND_HINT_TYPE_CALL; 2218 } 2219 2220 static int read_unwind_hints(struct objtool_file *file) 2221 { 2222 struct cfi_state cfi = init_cfi; 2223 struct section *sec; 2224 struct unwind_hint *hint; 2225 struct instruction *insn; 2226 struct reloc *reloc; 2227 unsigned long offset; 2228 int i; 2229 2230 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2231 if (!sec) 2232 return 0; 2233 2234 if (!sec->rsec) { 2235 ERROR("missing .rela.discard.unwind_hints section"); 2236 return -1; 2237 } 2238 2239 if (sec_size(sec) % sizeof(struct unwind_hint)) { 2240 ERROR("struct unwind_hint size mismatch"); 2241 return -1; 2242 } 2243 2244 file->hints = true; 2245 2246 for (i = 0; i < sec_size(sec) / sizeof(struct unwind_hint); i++) { 2247 hint = (struct unwind_hint *)sec->data->d_buf + i; 2248 2249 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2250 if (!reloc) { 2251 ERROR("can't find reloc for unwind_hints[%d]", i); 2252 return -1; 2253 } 2254 2255 offset = reloc->sym->offset + reloc_addend(reloc); 2256 2257 insn = find_insn(file, reloc->sym->sec, offset); 2258 if (!insn) { 2259 ERROR("can't find insn for unwind_hints[%d]", i); 2260 return -1; 2261 } 2262 2263 insn->hint = true; 2264 2265 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) { 2266 insn->cfi = &force_undefined_cfi; 2267 continue; 2268 } 2269 2270 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2271 insn->hint = false; 2272 insn->save = true; 2273 continue; 2274 } 2275 2276 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2277 insn->restore = true; 2278 continue; 2279 } 2280 2281 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2282 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2283 2284 if (sym && is_global_sym(sym)) { 2285 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2286 ERROR_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2287 return -1; 2288 } 2289 } 2290 } 2291 2292 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2293 insn->cfi = &func_cfi; 2294 continue; 2295 } 2296 2297 if (insn->cfi) 2298 cfi = *(insn->cfi); 2299 2300 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2301 ERROR_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2302 return -1; 2303 } 2304 2305 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2306 cfi.type = hint->type; 2307 cfi.signal = hint->signal; 2308 2309 insn->cfi = cfi_hash_find_or_add(&cfi); 2310 } 2311 2312 return 0; 2313 } 2314 2315 static int read_annotate(struct objtool_file *file, 2316 int (*func)(struct objtool_file *file, int type, struct instruction *insn)) 2317 { 2318 struct section *sec; 2319 struct instruction *insn; 2320 struct reloc *reloc; 2321 uint64_t offset; 2322 int type; 2323 2324 sec = find_section_by_name(file->elf, ".discard.annotate_insn"); 2325 if (!sec) 2326 return 0; 2327 2328 if (!sec->rsec) 2329 return 0; 2330 2331 if (sec->sh.sh_entsize != 8) { 2332 static bool warned = false; 2333 if (!warned && opts.verbose) { 2334 WARN("%s: dodgy linker, sh_entsize != 8", sec->name); 2335 warned = true; 2336 } 2337 sec->sh.sh_entsize = 8; 2338 } 2339 2340 if (sec_num_entries(sec) != sec_num_entries(sec->rsec)) { 2341 ERROR("bad .discard.annotate_insn section: missing relocs"); 2342 return -1; 2343 } 2344 2345 for_each_reloc(sec->rsec, reloc) { 2346 type = annotype(file->elf, sec, reloc); 2347 offset = reloc->sym->offset + reloc_addend(reloc); 2348 insn = find_insn(file, reloc->sym->sec, offset); 2349 2350 if (!insn) { 2351 ERROR("bad .discard.annotate_insn entry: %d of type %d", reloc_idx(reloc), type); 2352 return -1; 2353 } 2354 2355 if (func(file, type, insn)) 2356 return -1; 2357 } 2358 2359 return 0; 2360 } 2361 2362 static int __annotate_early(struct objtool_file *file, int type, struct instruction *insn) 2363 { 2364 switch (type) { 2365 2366 /* Must be before add_special_section_alts() */ 2367 case ANNOTYPE_IGNORE_ALTS: 2368 insn->ignore_alts = true; 2369 break; 2370 2371 /* 2372 * Must be before read_unwind_hints() since that needs insn->noendbr. 2373 */ 2374 case ANNOTYPE_NOENDBR: 2375 insn->noendbr = 1; 2376 break; 2377 2378 default: 2379 break; 2380 } 2381 2382 return 0; 2383 } 2384 2385 static int __annotate_ifc(struct objtool_file *file, int type, struct instruction *insn) 2386 { 2387 unsigned long dest_off; 2388 2389 if (type != ANNOTYPE_INTRA_FUNCTION_CALL) 2390 return 0; 2391 2392 if (insn->type != INSN_CALL) { 2393 ERROR_INSN(insn, "intra_function_call not a direct call"); 2394 return -1; 2395 } 2396 2397 /* 2398 * Treat intra-function CALLs as JMPs, but with a stack_op. 2399 * See add_call_destinations(), which strips stack_ops from 2400 * normal CALLs. 2401 */ 2402 insn->type = INSN_JUMP_UNCONDITIONAL; 2403 2404 dest_off = arch_jump_destination(insn); 2405 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2406 if (!insn->jump_dest) { 2407 ERROR_INSN(insn, "can't find call dest at %s+0x%lx", 2408 insn->sec->name, dest_off); 2409 return -1; 2410 } 2411 2412 return 0; 2413 } 2414 2415 static int __annotate_late(struct objtool_file *file, int type, struct instruction *insn) 2416 { 2417 struct symbol *sym; 2418 2419 switch (type) { 2420 case ANNOTYPE_NOENDBR: 2421 /* early */ 2422 break; 2423 2424 case ANNOTYPE_RETPOLINE_SAFE: 2425 if (insn->type != INSN_JUMP_DYNAMIC && 2426 insn->type != INSN_CALL_DYNAMIC && 2427 insn->type != INSN_RETURN && 2428 insn->type != INSN_NOP) { 2429 ERROR_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2430 return -1; 2431 } 2432 2433 insn->retpoline_safe = true; 2434 break; 2435 2436 case ANNOTYPE_INSTR_BEGIN: 2437 insn->instr++; 2438 break; 2439 2440 case ANNOTYPE_INSTR_END: 2441 insn->instr--; 2442 break; 2443 2444 case ANNOTYPE_UNRET_BEGIN: 2445 insn->unret = 1; 2446 break; 2447 2448 case ANNOTYPE_IGNORE_ALTS: 2449 /* early */ 2450 break; 2451 2452 case ANNOTYPE_INTRA_FUNCTION_CALL: 2453 /* ifc */ 2454 break; 2455 2456 case ANNOTYPE_REACHABLE: 2457 insn->dead_end = false; 2458 break; 2459 2460 case ANNOTYPE_NOCFI: 2461 sym = insn->sym; 2462 if (!sym) { 2463 ERROR_INSN(insn, "dodgy NOCFI annotation"); 2464 return -1; 2465 } 2466 insn->sym->nocfi = 1; 2467 break; 2468 2469 default: 2470 ERROR_INSN(insn, "Unknown annotation type: %d", type); 2471 return -1; 2472 } 2473 2474 return 0; 2475 } 2476 2477 /* 2478 * Return true if name matches an instrumentation function, where calls to that 2479 * function from noinstr code can safely be removed, but compilers won't do so. 2480 */ 2481 static bool is_profiling_func(const char *name) 2482 { 2483 /* 2484 * Many compilers cannot disable KCOV with a function attribute. 2485 */ 2486 if (!strncmp(name, "__sanitizer_cov_", 16)) 2487 return true; 2488 2489 return false; 2490 } 2491 2492 static int classify_symbols(struct objtool_file *file) 2493 { 2494 struct symbol *func; 2495 2496 for_each_sym(file->elf, func) { 2497 if (is_notype_sym(func) && strstarts(func->name, ".L")) 2498 func->local_label = true; 2499 2500 if (!is_global_sym(func)) 2501 continue; 2502 2503 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2504 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2505 func->static_call_tramp = true; 2506 2507 if (arch_is_retpoline(func)) 2508 func->retpoline_thunk = true; 2509 2510 if (arch_is_rethunk(func)) 2511 func->return_thunk = true; 2512 2513 if (arch_is_embedded_insn(func)) 2514 func->embedded_insn = true; 2515 2516 if (arch_ftrace_match(func->name)) 2517 func->fentry = true; 2518 2519 if (is_profiling_func(func->name)) 2520 func->profiling_func = true; 2521 } 2522 2523 return 0; 2524 } 2525 2526 static void mark_rodata(struct objtool_file *file) 2527 { 2528 struct section *sec; 2529 bool found = false; 2530 2531 /* 2532 * Search for the following rodata sections, each of which can 2533 * potentially contain jump tables: 2534 * 2535 * - .rodata: can contain GCC switch tables 2536 * - .rodata.<func>: same, if -fdata-sections is being used 2537 * - .data.rel.ro.c_jump_table: contains C annotated jump tables 2538 * 2539 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2540 */ 2541 for_each_sec(file->elf, sec) { 2542 if ((!strncmp(sec->name, ".rodata", 7) && 2543 !strstr(sec->name, ".str1.")) || 2544 !strncmp(sec->name, ".data.rel.ro", 12)) { 2545 sec->rodata = true; 2546 found = true; 2547 } 2548 } 2549 2550 file->rodata = found; 2551 } 2552 2553 static void mark_holes(struct objtool_file *file) 2554 { 2555 struct instruction *insn; 2556 bool in_hole = false; 2557 2558 if (!opts.link) 2559 return; 2560 2561 /* 2562 * Whole archive runs might encounter dead code from weak symbols. 2563 * This is where the linker will have dropped the weak symbol in 2564 * favour of a regular symbol, but leaves the code in place. 2565 */ 2566 for_each_insn(file, insn) { 2567 if (insn->sym || !find_symbol_hole_containing(insn->sec, insn->offset)) { 2568 in_hole = false; 2569 continue; 2570 } 2571 2572 /* Skip function padding and pfx code */ 2573 if (!in_hole && insn->type == INSN_NOP) 2574 continue; 2575 2576 in_hole = true; 2577 insn->hole = 1; 2578 2579 /* 2580 * If this hole jumps to a .cold function, mark it ignore. 2581 */ 2582 if (insn->jump_dest) { 2583 struct symbol *dest_func = insn_func(insn->jump_dest); 2584 2585 if (dest_func && dest_func->cold) 2586 dest_func->ignore = true; 2587 } 2588 } 2589 } 2590 2591 static bool validate_branch_enabled(void) 2592 { 2593 return opts.stackval || 2594 opts.orc || 2595 opts.uaccess || 2596 opts.checksum; 2597 } 2598 2599 static int decode_sections(struct objtool_file *file) 2600 { 2601 file->klp = is_livepatch_module(file); 2602 2603 mark_rodata(file); 2604 2605 if (init_pv_ops(file)) 2606 return -1; 2607 2608 /* 2609 * Must be before add_{jump_call}_destination. 2610 */ 2611 if (classify_symbols(file)) 2612 return -1; 2613 2614 if (decode_instructions(file)) 2615 return -1; 2616 2617 if (add_ignores(file)) 2618 return -1; 2619 2620 add_uaccess_safe(file); 2621 2622 if (read_annotate(file, __annotate_early)) 2623 return -1; 2624 2625 /* 2626 * Must be before add_jump_destinations(), which depends on 'func' 2627 * being set for alternatives, to enable proper sibling call detection. 2628 */ 2629 if (validate_branch_enabled() || opts.noinstr || opts.hack_jump_label) { 2630 if (add_special_section_alts(file)) 2631 return -1; 2632 } 2633 2634 if (add_jump_destinations(file)) 2635 return -1; 2636 2637 /* 2638 * Must be before add_call_destination(); it changes INSN_CALL to 2639 * INSN_JUMP. 2640 */ 2641 if (read_annotate(file, __annotate_ifc)) 2642 return -1; 2643 2644 if (add_call_destinations(file)) 2645 return -1; 2646 2647 if (add_jump_table_alts(file)) 2648 return -1; 2649 2650 if (read_unwind_hints(file)) 2651 return -1; 2652 2653 /* Must be after add_jump_destinations() */ 2654 mark_holes(file); 2655 2656 /* 2657 * Must be after add_call_destinations() such that it can override 2658 * dead_end_function() marks. 2659 */ 2660 if (read_annotate(file, __annotate_late)) 2661 return -1; 2662 2663 return 0; 2664 } 2665 2666 /* 2667 * Certain function names are disallowed due to section name ambiguities 2668 * introduced by -ffunction-sections. 2669 * 2670 * See the comment above TEXT_MAIN in include/asm-generic/vmlinux.lds.h. 2671 */ 2672 static int validate_function_names(struct objtool_file *file) 2673 { 2674 struct symbol *func; 2675 int warnings = 0; 2676 2677 for_each_sym(file->elf, func) { 2678 if (!is_func_sym(func)) 2679 continue; 2680 2681 if (!strcmp(func->name, "startup") || strstarts(func->name, "startup.") || 2682 !strcmp(func->name, "exit") || strstarts(func->name, "exit.") || 2683 !strcmp(func->name, "split") || strstarts(func->name, "split.") || 2684 !strcmp(func->name, "unlikely") || strstarts(func->name, "unlikely.") || 2685 !strcmp(func->name, "hot") || strstarts(func->name, "hot.") || 2686 !strcmp(func->name, "unknown") || strstarts(func->name, "unknown.")) { 2687 2688 WARN("%s() function name creates ambiguity with -ffunction-sections", 2689 func->name); 2690 warnings++; 2691 } 2692 } 2693 2694 return warnings; 2695 } 2696 2697 static bool is_special_call(struct instruction *insn) 2698 { 2699 if (insn->type == INSN_CALL) { 2700 struct symbol *dest = insn_call_dest(insn); 2701 2702 if (!dest) 2703 return false; 2704 2705 if (dest->fentry || dest->embedded_insn) 2706 return true; 2707 } 2708 2709 return false; 2710 } 2711 2712 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2713 { 2714 struct cfi_state *cfi = &state->cfi; 2715 int i; 2716 2717 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2718 return true; 2719 2720 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2721 return true; 2722 2723 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2724 return true; 2725 2726 for (i = 0; i < CFI_NUM_REGS; i++) { 2727 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2728 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2729 return true; 2730 } 2731 2732 return false; 2733 } 2734 2735 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2736 int expected_offset) 2737 { 2738 return reg->base == CFI_CFA && 2739 reg->offset == expected_offset; 2740 } 2741 2742 static bool has_valid_stack_frame(struct insn_state *state) 2743 { 2744 struct cfi_state *cfi = &state->cfi; 2745 2746 if (cfi->cfa.base == CFI_BP && 2747 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2748 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2749 return true; 2750 2751 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2752 return true; 2753 2754 return false; 2755 } 2756 2757 static int update_cfi_state_regs(struct instruction *insn, 2758 struct cfi_state *cfi, 2759 struct stack_op *op) 2760 { 2761 struct cfi_reg *cfa = &cfi->cfa; 2762 2763 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2764 return 0; 2765 2766 /* push */ 2767 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2768 cfa->offset += 8; 2769 2770 /* pop */ 2771 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2772 cfa->offset -= 8; 2773 2774 /* add immediate to sp */ 2775 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2776 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2777 cfa->offset -= op->src.offset; 2778 2779 return 0; 2780 } 2781 2782 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2783 { 2784 if (arch_callee_saved_reg(reg) && 2785 cfi->regs[reg].base == CFI_UNDEFINED) { 2786 cfi->regs[reg].base = base; 2787 cfi->regs[reg].offset = offset; 2788 } 2789 } 2790 2791 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2792 { 2793 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2794 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2795 } 2796 2797 /* 2798 * A note about DRAP stack alignment: 2799 * 2800 * GCC has the concept of a DRAP register, which is used to help keep track of 2801 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2802 * register. The typical DRAP pattern is: 2803 * 2804 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2805 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2806 * 41 ff 72 f8 pushq -0x8(%r10) 2807 * 55 push %rbp 2808 * 48 89 e5 mov %rsp,%rbp 2809 * (more pushes) 2810 * 41 52 push %r10 2811 * ... 2812 * 41 5a pop %r10 2813 * (more pops) 2814 * 5d pop %rbp 2815 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2816 * c3 retq 2817 * 2818 * There are some variations in the epilogues, like: 2819 * 2820 * 5b pop %rbx 2821 * 41 5a pop %r10 2822 * 41 5c pop %r12 2823 * 41 5d pop %r13 2824 * 41 5e pop %r14 2825 * c9 leaveq 2826 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2827 * c3 retq 2828 * 2829 * and: 2830 * 2831 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2832 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2833 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2834 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2835 * c9 leaveq 2836 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2837 * c3 retq 2838 * 2839 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2840 * restored beforehand: 2841 * 2842 * 41 55 push %r13 2843 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2844 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2845 * ... 2846 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2847 * 41 5d pop %r13 2848 * c3 retq 2849 */ 2850 static int update_cfi_state(struct instruction *insn, 2851 struct instruction *next_insn, 2852 struct cfi_state *cfi, struct stack_op *op) 2853 { 2854 struct cfi_reg *cfa = &cfi->cfa; 2855 struct cfi_reg *regs = cfi->regs; 2856 2857 /* ignore UNWIND_HINT_UNDEFINED regions */ 2858 if (cfi->force_undefined) 2859 return 0; 2860 2861 /* stack operations don't make sense with an undefined CFA */ 2862 if (cfa->base == CFI_UNDEFINED) { 2863 if (insn_func(insn)) { 2864 WARN_INSN(insn, "undefined stack state"); 2865 return 1; 2866 } 2867 return 0; 2868 } 2869 2870 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2871 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2872 return update_cfi_state_regs(insn, cfi, op); 2873 2874 switch (op->dest.type) { 2875 2876 case OP_DEST_REG: 2877 switch (op->src.type) { 2878 2879 case OP_SRC_REG: 2880 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2881 cfa->base == CFI_SP && 2882 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2883 2884 /* mov %rsp, %rbp */ 2885 cfa->base = op->dest.reg; 2886 cfi->bp_scratch = false; 2887 } 2888 2889 else if (op->src.reg == CFI_SP && 2890 op->dest.reg == CFI_BP && cfi->drap) { 2891 2892 /* drap: mov %rsp, %rbp */ 2893 regs[CFI_BP].base = CFI_BP; 2894 regs[CFI_BP].offset = -cfi->stack_size; 2895 cfi->bp_scratch = false; 2896 } 2897 2898 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2899 2900 /* 2901 * mov %rsp, %reg 2902 * 2903 * This is needed for the rare case where GCC 2904 * does: 2905 * 2906 * mov %rsp, %rax 2907 * ... 2908 * mov %rax, %rsp 2909 */ 2910 cfi->vals[op->dest.reg].base = CFI_CFA; 2911 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2912 } 2913 2914 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2915 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2916 2917 /* 2918 * mov %rbp, %rsp 2919 * 2920 * Restore the original stack pointer (Clang). 2921 */ 2922 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2923 } 2924 2925 else if (op->dest.reg == cfa->base) { 2926 2927 /* mov %reg, %rsp */ 2928 if (cfa->base == CFI_SP && 2929 cfi->vals[op->src.reg].base == CFI_CFA) { 2930 2931 /* 2932 * This is needed for the rare case 2933 * where GCC does something dumb like: 2934 * 2935 * lea 0x8(%rsp), %rcx 2936 * ... 2937 * mov %rcx, %rsp 2938 */ 2939 cfa->offset = -cfi->vals[op->src.reg].offset; 2940 cfi->stack_size = cfa->offset; 2941 2942 } else if (cfa->base == CFI_SP && 2943 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2944 cfi->vals[op->src.reg].offset == cfa->offset) { 2945 2946 /* 2947 * Stack swizzle: 2948 * 2949 * 1: mov %rsp, (%[tos]) 2950 * 2: mov %[tos], %rsp 2951 * ... 2952 * 3: pop %rsp 2953 * 2954 * Where: 2955 * 2956 * 1 - places a pointer to the previous 2957 * stack at the Top-of-Stack of the 2958 * new stack. 2959 * 2960 * 2 - switches to the new stack. 2961 * 2962 * 3 - pops the Top-of-Stack to restore 2963 * the original stack. 2964 * 2965 * Note: we set base to SP_INDIRECT 2966 * here and preserve offset. Therefore 2967 * when the unwinder reaches ToS it 2968 * will dereference SP and then add the 2969 * offset to find the next frame, IOW: 2970 * (%rsp) + offset. 2971 */ 2972 cfa->base = CFI_SP_INDIRECT; 2973 2974 } else { 2975 cfa->base = CFI_UNDEFINED; 2976 cfa->offset = 0; 2977 } 2978 } 2979 2980 else if (op->dest.reg == CFI_SP && 2981 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2982 cfi->vals[op->src.reg].offset == cfa->offset) { 2983 2984 /* 2985 * The same stack swizzle case 2) as above. But 2986 * because we can't change cfa->base, case 3) 2987 * will become a regular POP. Pretend we're a 2988 * PUSH so things don't go unbalanced. 2989 */ 2990 cfi->stack_size += 8; 2991 } 2992 2993 2994 break; 2995 2996 case OP_SRC_ADD: 2997 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2998 2999 /* add imm, %rsp */ 3000 cfi->stack_size -= op->src.offset; 3001 if (cfa->base == CFI_SP) 3002 cfa->offset -= op->src.offset; 3003 break; 3004 } 3005 3006 if (op->dest.reg == CFI_BP && op->src.reg == CFI_SP && 3007 insn->sym->frame_pointer) { 3008 /* addi.d fp,sp,imm on LoongArch */ 3009 if (cfa->base == CFI_SP && cfa->offset == op->src.offset) { 3010 cfa->base = CFI_BP; 3011 cfa->offset = 0; 3012 } 3013 break; 3014 } 3015 3016 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 3017 /* addi.d sp,fp,imm on LoongArch */ 3018 if (cfa->base == CFI_BP && cfa->offset == 0) { 3019 if (insn->sym->frame_pointer) { 3020 cfa->base = CFI_SP; 3021 cfa->offset = -op->src.offset; 3022 } 3023 } else { 3024 /* lea disp(%rbp), %rsp */ 3025 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 3026 } 3027 break; 3028 } 3029 3030 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 3031 3032 /* drap: lea disp(%rsp), %drap */ 3033 cfi->drap_reg = op->dest.reg; 3034 3035 /* 3036 * lea disp(%rsp), %reg 3037 * 3038 * This is needed for the rare case where GCC 3039 * does something dumb like: 3040 * 3041 * lea 0x8(%rsp), %rcx 3042 * ... 3043 * mov %rcx, %rsp 3044 */ 3045 cfi->vals[op->dest.reg].base = CFI_CFA; 3046 cfi->vals[op->dest.reg].offset = \ 3047 -cfi->stack_size + op->src.offset; 3048 3049 break; 3050 } 3051 3052 if (cfi->drap && op->dest.reg == CFI_SP && 3053 op->src.reg == cfi->drap_reg) { 3054 3055 /* drap: lea disp(%drap), %rsp */ 3056 cfa->base = CFI_SP; 3057 cfa->offset = cfi->stack_size = -op->src.offset; 3058 cfi->drap_reg = CFI_UNDEFINED; 3059 cfi->drap = false; 3060 break; 3061 } 3062 3063 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 3064 WARN_INSN(insn, "unsupported stack register modification"); 3065 return -1; 3066 } 3067 3068 break; 3069 3070 case OP_SRC_AND: 3071 if (op->dest.reg != CFI_SP || 3072 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 3073 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 3074 WARN_INSN(insn, "unsupported stack pointer realignment"); 3075 return -1; 3076 } 3077 3078 if (cfi->drap_reg != CFI_UNDEFINED) { 3079 /* drap: and imm, %rsp */ 3080 cfa->base = cfi->drap_reg; 3081 cfa->offset = cfi->stack_size = 0; 3082 cfi->drap = true; 3083 } 3084 3085 /* 3086 * Older versions of GCC (4.8ish) realign the stack 3087 * without DRAP, with a frame pointer. 3088 */ 3089 3090 break; 3091 3092 case OP_SRC_POP: 3093 case OP_SRC_POPF: 3094 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 3095 3096 /* pop %rsp; # restore from a stack swizzle */ 3097 cfa->base = CFI_SP; 3098 break; 3099 } 3100 3101 if (!cfi->drap && op->dest.reg == cfa->base) { 3102 3103 /* pop %rbp */ 3104 cfa->base = CFI_SP; 3105 } 3106 3107 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 3108 op->dest.reg == cfi->drap_reg && 3109 cfi->drap_offset == -cfi->stack_size) { 3110 3111 /* drap: pop %drap */ 3112 cfa->base = cfi->drap_reg; 3113 cfa->offset = 0; 3114 cfi->drap_offset = -1; 3115 3116 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 3117 3118 /* pop %reg */ 3119 restore_reg(cfi, op->dest.reg); 3120 } 3121 3122 cfi->stack_size -= 8; 3123 if (cfa->base == CFI_SP) 3124 cfa->offset -= 8; 3125 3126 break; 3127 3128 case OP_SRC_REG_INDIRECT: 3129 if (!cfi->drap && op->dest.reg == cfa->base && 3130 op->dest.reg == CFI_BP) { 3131 3132 /* mov disp(%rsp), %rbp */ 3133 cfa->base = CFI_SP; 3134 cfa->offset = cfi->stack_size; 3135 } 3136 3137 if (cfi->drap && op->src.reg == CFI_BP && 3138 op->src.offset == cfi->drap_offset) { 3139 3140 /* drap: mov disp(%rbp), %drap */ 3141 cfa->base = cfi->drap_reg; 3142 cfa->offset = 0; 3143 cfi->drap_offset = -1; 3144 } 3145 3146 if (cfi->drap && op->src.reg == CFI_BP && 3147 op->src.offset == regs[op->dest.reg].offset) { 3148 3149 /* drap: mov disp(%rbp), %reg */ 3150 restore_reg(cfi, op->dest.reg); 3151 3152 } else if (op->src.reg == cfa->base && 3153 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3154 3155 /* mov disp(%rbp), %reg */ 3156 /* mov disp(%rsp), %reg */ 3157 restore_reg(cfi, op->dest.reg); 3158 3159 } else if (op->src.reg == CFI_SP && 3160 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3161 3162 /* mov disp(%rsp), %reg */ 3163 restore_reg(cfi, op->dest.reg); 3164 } 3165 3166 break; 3167 3168 default: 3169 WARN_INSN(insn, "unknown stack-related instruction"); 3170 return -1; 3171 } 3172 3173 break; 3174 3175 case OP_DEST_PUSH: 3176 case OP_DEST_PUSHF: 3177 cfi->stack_size += 8; 3178 if (cfa->base == CFI_SP) 3179 cfa->offset += 8; 3180 3181 if (op->src.type != OP_SRC_REG) 3182 break; 3183 3184 if (cfi->drap) { 3185 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3186 3187 /* drap: push %drap */ 3188 cfa->base = CFI_BP_INDIRECT; 3189 cfa->offset = -cfi->stack_size; 3190 3191 /* save drap so we know when to restore it */ 3192 cfi->drap_offset = -cfi->stack_size; 3193 3194 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3195 3196 /* drap: push %rbp */ 3197 cfi->stack_size = 0; 3198 3199 } else { 3200 3201 /* drap: push %reg */ 3202 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3203 } 3204 3205 } else { 3206 3207 /* push %reg */ 3208 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3209 } 3210 3211 /* detect when asm code uses rbp as a scratch register */ 3212 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3213 cfa->base != CFI_BP) 3214 cfi->bp_scratch = true; 3215 break; 3216 3217 case OP_DEST_REG_INDIRECT: 3218 3219 if (cfi->drap) { 3220 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3221 3222 /* drap: mov %drap, disp(%rbp) */ 3223 cfa->base = CFI_BP_INDIRECT; 3224 cfa->offset = op->dest.offset; 3225 3226 /* save drap offset so we know when to restore it */ 3227 cfi->drap_offset = op->dest.offset; 3228 } else { 3229 3230 /* drap: mov reg, disp(%rbp) */ 3231 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3232 } 3233 3234 } else if (op->dest.reg == cfa->base) { 3235 3236 /* mov reg, disp(%rbp) */ 3237 /* mov reg, disp(%rsp) */ 3238 save_reg(cfi, op->src.reg, CFI_CFA, 3239 op->dest.offset - cfi->cfa.offset); 3240 3241 } else if (op->dest.reg == CFI_SP) { 3242 3243 /* mov reg, disp(%rsp) */ 3244 save_reg(cfi, op->src.reg, CFI_CFA, 3245 op->dest.offset - cfi->stack_size); 3246 3247 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3248 3249 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3250 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3251 cfi->vals[op->dest.reg].offset = cfa->offset; 3252 } 3253 3254 break; 3255 3256 case OP_DEST_MEM: 3257 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3258 WARN_INSN(insn, "unknown stack-related memory operation"); 3259 return -1; 3260 } 3261 3262 /* pop mem */ 3263 cfi->stack_size -= 8; 3264 if (cfa->base == CFI_SP) 3265 cfa->offset -= 8; 3266 3267 break; 3268 3269 default: 3270 WARN_INSN(insn, "unknown stack-related instruction"); 3271 return -1; 3272 } 3273 3274 return 0; 3275 } 3276 3277 /* 3278 * The stack layouts of alternatives instructions can sometimes diverge when 3279 * they have stack modifications. That's fine as long as the potential stack 3280 * layouts don't conflict at any given potential instruction boundary. 3281 * 3282 * Flatten the CFIs of the different alternative code streams (both original 3283 * and replacement) into a single shared CFI array which can be used to detect 3284 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3285 */ 3286 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3287 { 3288 struct cfi_state **alt_cfi; 3289 int group_off; 3290 3291 if (!insn->alt_group) 3292 return 0; 3293 3294 if (!insn->cfi) { 3295 WARN("CFI missing"); 3296 return -1; 3297 } 3298 3299 alt_cfi = insn->alt_group->cfi; 3300 group_off = insn->offset - insn->alt_group->first_insn->offset; 3301 3302 if (!alt_cfi[group_off]) { 3303 alt_cfi[group_off] = insn->cfi; 3304 } else { 3305 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3306 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3307 struct instruction *orig = orig_group->first_insn; 3308 WARN_INSN(orig, "stack layout conflict in alternatives: %s", 3309 offstr(insn->sec, insn->offset)); 3310 return -1; 3311 } 3312 } 3313 3314 return 0; 3315 } 3316 3317 static int handle_insn_ops(struct instruction *insn, 3318 struct instruction *next_insn, 3319 struct insn_state *state) 3320 { 3321 struct stack_op *op; 3322 int ret; 3323 3324 for (op = insn->stack_ops; op; op = op->next) { 3325 3326 ret = update_cfi_state(insn, next_insn, &state->cfi, op); 3327 if (ret) 3328 return ret; 3329 3330 if (!opts.uaccess || !insn->alt_group) 3331 continue; 3332 3333 if (op->dest.type == OP_DEST_PUSHF) { 3334 if (!state->uaccess_stack) { 3335 state->uaccess_stack = 1; 3336 } else if (state->uaccess_stack >> 31) { 3337 WARN_INSN(insn, "PUSHF stack exhausted"); 3338 return 1; 3339 } 3340 state->uaccess_stack <<= 1; 3341 state->uaccess_stack |= state->uaccess; 3342 } 3343 3344 if (op->src.type == OP_SRC_POPF) { 3345 if (state->uaccess_stack) { 3346 state->uaccess = state->uaccess_stack & 1; 3347 state->uaccess_stack >>= 1; 3348 if (state->uaccess_stack == 1) 3349 state->uaccess_stack = 0; 3350 } 3351 } 3352 } 3353 3354 return 0; 3355 } 3356 3357 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3358 { 3359 struct cfi_state *cfi1 = insn->cfi; 3360 int i; 3361 3362 if (!cfi1) { 3363 WARN("CFI missing"); 3364 return false; 3365 } 3366 3367 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3368 3369 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3370 cfi1->cfa.base, cfi1->cfa.offset, 3371 cfi2->cfa.base, cfi2->cfa.offset); 3372 return false; 3373 3374 } 3375 3376 if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3377 for (i = 0; i < CFI_NUM_REGS; i++) { 3378 3379 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], sizeof(struct cfi_reg))) 3380 continue; 3381 3382 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3383 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3384 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3385 } 3386 return false; 3387 } 3388 3389 if (cfi1->type != cfi2->type) { 3390 3391 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3392 cfi1->type, cfi2->type); 3393 return false; 3394 } 3395 3396 if (cfi1->drap != cfi2->drap || 3397 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3398 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3399 3400 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3401 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3402 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3403 return false; 3404 } 3405 3406 return true; 3407 } 3408 3409 static inline bool func_uaccess_safe(struct symbol *func) 3410 { 3411 if (func) 3412 return func->uaccess_safe; 3413 3414 return false; 3415 } 3416 3417 static inline const char *call_dest_name(struct instruction *insn) 3418 { 3419 static char pvname[19]; 3420 struct reloc *reloc; 3421 int idx; 3422 3423 if (insn_call_dest(insn)) 3424 return insn_call_dest(insn)->name; 3425 3426 reloc = insn_reloc(NULL, insn); 3427 if (reloc && !strcmp(reloc->sym->name, "pv_ops")) { 3428 idx = (reloc_addend(reloc) / sizeof(void *)); 3429 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3430 return pvname; 3431 } 3432 3433 return "{dynamic}"; 3434 } 3435 3436 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3437 { 3438 struct symbol *target; 3439 struct reloc *reloc; 3440 int idx; 3441 3442 reloc = insn_reloc(file, insn); 3443 if (!reloc || strcmp(reloc->sym->name, "pv_ops")) 3444 return false; 3445 3446 idx = arch_insn_adjusted_addend(insn, reloc) / sizeof(void *); 3447 3448 if (file->pv_ops[idx].clean) 3449 return true; 3450 3451 file->pv_ops[idx].clean = true; 3452 3453 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3454 if (!target->sec->noinstr) { 3455 WARN("pv_ops[%d]: %s", idx, target->name); 3456 file->pv_ops[idx].clean = false; 3457 } 3458 } 3459 3460 return file->pv_ops[idx].clean; 3461 } 3462 3463 static inline bool noinstr_call_dest(struct objtool_file *file, 3464 struct instruction *insn, 3465 struct symbol *func) 3466 { 3467 /* 3468 * We can't deal with indirect function calls at present; 3469 * assume they're instrumented. 3470 */ 3471 if (!func) { 3472 if (file->pv_ops) 3473 return pv_call_dest(file, insn); 3474 3475 return false; 3476 } 3477 3478 /* 3479 * If the symbol is from a noinstr section; we good. 3480 */ 3481 if (func->sec->noinstr) 3482 return true; 3483 3484 /* 3485 * If the symbol is a static_call trampoline, we can't tell. 3486 */ 3487 if (func->static_call_tramp) 3488 return true; 3489 3490 /* 3491 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3492 * something 'BAD' happened. At the risk of taking the machine down, 3493 * let them proceed to get the message out. 3494 */ 3495 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3496 return true; 3497 3498 return false; 3499 } 3500 3501 static int validate_call(struct objtool_file *file, 3502 struct instruction *insn, 3503 struct insn_state *state) 3504 { 3505 if (state->noinstr && state->instr <= 0 && 3506 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3507 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3508 return 1; 3509 } 3510 3511 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3512 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3513 return 1; 3514 } 3515 3516 if (state->df) { 3517 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3518 return 1; 3519 } 3520 3521 return 0; 3522 } 3523 3524 static int validate_sibling_call(struct objtool_file *file, 3525 struct instruction *insn, 3526 struct insn_state *state) 3527 { 3528 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3529 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3530 return 1; 3531 } 3532 3533 return validate_call(file, insn, state); 3534 } 3535 3536 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3537 { 3538 if (state->noinstr && state->instr > 0) { 3539 WARN_INSN(insn, "return with instrumentation enabled"); 3540 return 1; 3541 } 3542 3543 if (state->uaccess && !func_uaccess_safe(func)) { 3544 WARN_INSN(insn, "return with UACCESS enabled"); 3545 return 1; 3546 } 3547 3548 if (!state->uaccess && func_uaccess_safe(func)) { 3549 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3550 return 1; 3551 } 3552 3553 if (state->df) { 3554 WARN_INSN(insn, "return with DF set"); 3555 return 1; 3556 } 3557 3558 if (func && has_modified_stack_frame(insn, state)) { 3559 WARN_INSN(insn, "return with modified stack frame"); 3560 return 1; 3561 } 3562 3563 if (state->cfi.bp_scratch) { 3564 WARN_INSN(insn, "BP used as a scratch register"); 3565 return 1; 3566 } 3567 3568 return 0; 3569 } 3570 3571 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3572 struct instruction *insn) 3573 { 3574 struct alt_group *alt_group = insn->alt_group; 3575 3576 /* 3577 * Simulate the fact that alternatives are patched in-place. When the 3578 * end of a replacement alt_group is reached, redirect objtool flow to 3579 * the end of the original alt_group. 3580 * 3581 * insn->alts->insn -> alt_group->first_insn 3582 * ... 3583 * alt_group->last_insn 3584 * [alt_group->nop] -> next(orig_group->last_insn) 3585 */ 3586 if (alt_group) { 3587 if (alt_group->nop) { 3588 /* ->nop implies ->orig_group */ 3589 if (insn == alt_group->last_insn) 3590 return alt_group->nop; 3591 if (insn == alt_group->nop) 3592 goto next_orig; 3593 } 3594 if (insn == alt_group->last_insn && alt_group->orig_group) 3595 goto next_orig; 3596 } 3597 3598 return next_insn_same_sec(file, insn); 3599 3600 next_orig: 3601 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3602 } 3603 3604 static bool skip_alt_group(struct instruction *insn) 3605 { 3606 struct instruction *alt_insn = insn->alts ? insn->alts->insn : NULL; 3607 3608 if (!insn->alt_group) 3609 return false; 3610 3611 /* ANNOTATE_IGNORE_ALTERNATIVE */ 3612 if (insn->alt_group->ignore) 3613 return true; 3614 3615 /* 3616 * For NOP patched with CLAC/STAC, only follow the latter to avoid 3617 * impossible code paths combining patched CLAC with unpatched STAC 3618 * or vice versa. 3619 * 3620 * ANNOTATE_IGNORE_ALTERNATIVE could have been used here, but Linus 3621 * requested not to do that to avoid hurting .s file readability 3622 * around CLAC/STAC alternative sites. 3623 */ 3624 3625 if (!alt_insn) 3626 return false; 3627 3628 /* Don't override ASM_{CLAC,STAC}_UNSAFE */ 3629 if (alt_insn->alt_group && alt_insn->alt_group->ignore) 3630 return false; 3631 3632 return alt_insn->type == INSN_CLAC || alt_insn->type == INSN_STAC; 3633 } 3634 3635 static int checksum_debug_init(struct objtool_file *file) 3636 { 3637 char *dup, *s; 3638 3639 if (!opts.debug_checksum) 3640 return 0; 3641 3642 dup = strdup(opts.debug_checksum); 3643 if (!dup) { 3644 ERROR_GLIBC("strdup"); 3645 return -1; 3646 } 3647 3648 s = dup; 3649 while (*s) { 3650 struct symbol *func; 3651 char *comma; 3652 3653 comma = strchr(s, ','); 3654 if (comma) 3655 *comma = '\0'; 3656 3657 func = find_symbol_by_name(file->elf, s); 3658 if (!func || !is_func_sym(func)) 3659 WARN("--debug-checksum: can't find '%s'", s); 3660 else 3661 func->debug_checksum = 1; 3662 3663 if (!comma) 3664 break; 3665 3666 s = comma + 1; 3667 } 3668 3669 free(dup); 3670 return 0; 3671 } 3672 3673 static void checksum_update_insn(struct objtool_file *file, struct symbol *func, 3674 struct instruction *insn) 3675 { 3676 struct reloc *reloc = insn_reloc(file, insn); 3677 unsigned long offset; 3678 struct symbol *sym; 3679 3680 if (insn->fake) 3681 return; 3682 3683 checksum_update(func, insn, insn->sec->data->d_buf + insn->offset, insn->len); 3684 3685 if (!reloc) { 3686 struct symbol *call_dest = insn_call_dest(insn); 3687 3688 if (call_dest) 3689 checksum_update(func, insn, call_dest->demangled_name, 3690 strlen(call_dest->demangled_name)); 3691 return; 3692 } 3693 3694 sym = reloc->sym; 3695 offset = arch_insn_adjusted_addend(insn, reloc); 3696 3697 if (is_string_sec(sym->sec)) { 3698 char *str; 3699 3700 str = sym->sec->data->d_buf + sym->offset + offset; 3701 checksum_update(func, insn, str, strlen(str)); 3702 return; 3703 } 3704 3705 if (is_sec_sym(sym)) { 3706 sym = find_symbol_containing(reloc->sym->sec, offset); 3707 if (!sym) 3708 return; 3709 3710 offset -= sym->offset; 3711 } 3712 3713 checksum_update(func, insn, sym->demangled_name, strlen(sym->demangled_name)); 3714 checksum_update(func, insn, &offset, sizeof(offset)); 3715 } 3716 3717 /* 3718 * Follow the branch starting at the given instruction, and recursively follow 3719 * any other branches (jumps). Meanwhile, track the frame pointer state at 3720 * each instruction and validate all the rules described in 3721 * tools/objtool/Documentation/objtool.txt. 3722 */ 3723 static int validate_branch(struct objtool_file *file, struct symbol *func, 3724 struct instruction *insn, struct insn_state state) 3725 { 3726 struct alternative *alt; 3727 struct instruction *next_insn, *prev_insn = NULL; 3728 u8 visited; 3729 int ret; 3730 3731 if (func && func->ignore) 3732 return 0; 3733 3734 while (1) { 3735 next_insn = next_insn_to_validate(file, insn); 3736 3737 if (opts.checksum && func && insn->sec) 3738 checksum_update_insn(file, func, insn); 3739 3740 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3741 /* Ignore KCFI type preambles, which always fall through */ 3742 if (is_prefix_func(func)) 3743 return 0; 3744 3745 if (file->ignore_unreachables) 3746 return 0; 3747 3748 WARN("%s() falls through to next function %s()", 3749 func->name, insn_func(insn)->name); 3750 func->warned = 1; 3751 3752 return 1; 3753 } 3754 3755 visited = VISITED_BRANCH << state.uaccess; 3756 if (insn->visited & VISITED_BRANCH_MASK) { 3757 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3758 return 1; 3759 3760 if (insn->visited & visited) 3761 return 0; 3762 } else { 3763 nr_insns_visited++; 3764 } 3765 3766 if (state.noinstr) 3767 state.instr += insn->instr; 3768 3769 if (insn->hint) { 3770 if (insn->restore) { 3771 struct instruction *save_insn, *i; 3772 3773 i = insn; 3774 save_insn = NULL; 3775 3776 sym_for_each_insn_continue_reverse(file, func, i) { 3777 if (i->save) { 3778 save_insn = i; 3779 break; 3780 } 3781 } 3782 3783 if (!save_insn) { 3784 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3785 return 1; 3786 } 3787 3788 if (!save_insn->visited) { 3789 /* 3790 * If the restore hint insn is at the 3791 * beginning of a basic block and was 3792 * branched to from elsewhere, and the 3793 * save insn hasn't been visited yet, 3794 * defer following this branch for now. 3795 * It will be seen later via the 3796 * straight-line path. 3797 */ 3798 if (!prev_insn) 3799 return 0; 3800 3801 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3802 return 1; 3803 } 3804 3805 insn->cfi = save_insn->cfi; 3806 nr_cfi_reused++; 3807 } 3808 3809 state.cfi = *insn->cfi; 3810 } else { 3811 /* XXX track if we actually changed state.cfi */ 3812 3813 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3814 insn->cfi = prev_insn->cfi; 3815 nr_cfi_reused++; 3816 } else { 3817 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3818 } 3819 } 3820 3821 insn->visited |= visited; 3822 3823 if (propagate_alt_cfi(file, insn)) 3824 return 1; 3825 3826 if (insn->alts) { 3827 for (alt = insn->alts; alt; alt = alt->next) { 3828 ret = validate_branch(file, func, alt->insn, state); 3829 if (ret) { 3830 BT_INSN(insn, "(alt)"); 3831 return ret; 3832 } 3833 } 3834 } 3835 3836 if (skip_alt_group(insn)) 3837 return 0; 3838 3839 if (handle_insn_ops(insn, next_insn, &state)) 3840 return 1; 3841 3842 switch (insn->type) { 3843 3844 case INSN_RETURN: 3845 return validate_return(func, insn, &state); 3846 3847 case INSN_CALL: 3848 case INSN_CALL_DYNAMIC: 3849 ret = validate_call(file, insn, &state); 3850 if (ret) 3851 return ret; 3852 3853 if (opts.stackval && func && !is_special_call(insn) && 3854 !has_valid_stack_frame(&state)) { 3855 WARN_INSN(insn, "call without frame pointer save/setup"); 3856 return 1; 3857 } 3858 3859 break; 3860 3861 case INSN_JUMP_CONDITIONAL: 3862 case INSN_JUMP_UNCONDITIONAL: 3863 if (is_sibling_call(insn)) { 3864 ret = validate_sibling_call(file, insn, &state); 3865 if (ret) 3866 return ret; 3867 3868 } else if (insn->jump_dest) { 3869 ret = validate_branch(file, func, 3870 insn->jump_dest, state); 3871 if (ret) { 3872 BT_INSN(insn, "(branch)"); 3873 return ret; 3874 } 3875 } 3876 3877 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3878 return 0; 3879 3880 break; 3881 3882 case INSN_JUMP_DYNAMIC: 3883 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3884 if (is_sibling_call(insn)) { 3885 ret = validate_sibling_call(file, insn, &state); 3886 if (ret) 3887 return ret; 3888 } 3889 3890 if (insn->type == INSN_JUMP_DYNAMIC) 3891 return 0; 3892 3893 break; 3894 3895 case INSN_SYSCALL: 3896 if (func && (!next_insn || !next_insn->hint)) { 3897 WARN_INSN(insn, "unsupported instruction in callable function"); 3898 return 1; 3899 } 3900 3901 break; 3902 3903 case INSN_SYSRET: 3904 if (func && (!next_insn || !next_insn->hint)) { 3905 WARN_INSN(insn, "unsupported instruction in callable function"); 3906 return 1; 3907 } 3908 3909 return 0; 3910 3911 case INSN_STAC: 3912 if (!opts.uaccess) 3913 break; 3914 3915 if (state.uaccess) { 3916 WARN_INSN(insn, "recursive UACCESS enable"); 3917 return 1; 3918 } 3919 3920 state.uaccess = true; 3921 break; 3922 3923 case INSN_CLAC: 3924 if (!opts.uaccess) 3925 break; 3926 3927 if (!state.uaccess && func) { 3928 WARN_INSN(insn, "redundant UACCESS disable"); 3929 return 1; 3930 } 3931 3932 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3933 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3934 return 1; 3935 } 3936 3937 state.uaccess = false; 3938 break; 3939 3940 case INSN_STD: 3941 if (state.df) { 3942 WARN_INSN(insn, "recursive STD"); 3943 return 1; 3944 } 3945 3946 state.df = true; 3947 break; 3948 3949 case INSN_CLD: 3950 if (!state.df && func) { 3951 WARN_INSN(insn, "redundant CLD"); 3952 return 1; 3953 } 3954 3955 state.df = false; 3956 break; 3957 3958 default: 3959 break; 3960 } 3961 3962 if (insn->dead_end) 3963 return 0; 3964 3965 if (!next_insn) { 3966 if (state.cfi.cfa.base == CFI_UNDEFINED) 3967 return 0; 3968 if (file->ignore_unreachables) 3969 return 0; 3970 3971 WARN("%s%sunexpected end of section %s", 3972 func ? func->name : "", func ? "(): " : "", 3973 insn->sec->name); 3974 return 1; 3975 } 3976 3977 prev_insn = insn; 3978 insn = next_insn; 3979 } 3980 3981 return 0; 3982 } 3983 3984 static int validate_unwind_hint(struct objtool_file *file, 3985 struct instruction *insn, 3986 struct insn_state *state) 3987 { 3988 if (insn->hint && !insn->visited) { 3989 struct symbol *func = insn_func(insn); 3990 int ret; 3991 3992 if (opts.checksum) 3993 checksum_init(func); 3994 3995 ret = validate_branch(file, func, insn, *state); 3996 if (ret) 3997 BT_INSN(insn, "<=== (hint)"); 3998 return ret; 3999 } 4000 4001 return 0; 4002 } 4003 4004 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 4005 { 4006 struct instruction *insn; 4007 struct insn_state state; 4008 int warnings = 0; 4009 4010 if (!file->hints) 4011 return 0; 4012 4013 init_insn_state(file, &state, sec); 4014 4015 if (sec) { 4016 sec_for_each_insn(file, sec, insn) 4017 warnings += validate_unwind_hint(file, insn, &state); 4018 } else { 4019 for_each_insn(file, insn) 4020 warnings += validate_unwind_hint(file, insn, &state); 4021 } 4022 4023 return warnings; 4024 } 4025 4026 /* 4027 * Validate rethunk entry constraint: must untrain RET before the first RET. 4028 * 4029 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 4030 * before an actual RET instruction. 4031 */ 4032 static int validate_unret(struct objtool_file *file, struct instruction *insn) 4033 { 4034 struct instruction *next, *dest; 4035 int ret; 4036 4037 for (;;) { 4038 next = next_insn_to_validate(file, insn); 4039 4040 if (insn->visited & VISITED_UNRET) 4041 return 0; 4042 4043 insn->visited |= VISITED_UNRET; 4044 4045 if (insn->alts) { 4046 struct alternative *alt; 4047 for (alt = insn->alts; alt; alt = alt->next) { 4048 ret = validate_unret(file, alt->insn); 4049 if (ret) { 4050 BT_INSN(insn, "(alt)"); 4051 return ret; 4052 } 4053 } 4054 } 4055 4056 switch (insn->type) { 4057 4058 case INSN_CALL_DYNAMIC: 4059 case INSN_JUMP_DYNAMIC: 4060 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4061 WARN_INSN(insn, "early indirect call"); 4062 return 1; 4063 4064 case INSN_JUMP_UNCONDITIONAL: 4065 case INSN_JUMP_CONDITIONAL: 4066 if (!is_sibling_call(insn)) { 4067 if (!insn->jump_dest) { 4068 WARN_INSN(insn, "unresolved jump target after linking?!?"); 4069 return 1; 4070 } 4071 ret = validate_unret(file, insn->jump_dest); 4072 if (ret) { 4073 BT_INSN(insn, "(branch%s)", 4074 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 4075 return ret; 4076 } 4077 4078 if (insn->type == INSN_JUMP_UNCONDITIONAL) 4079 return 0; 4080 4081 break; 4082 } 4083 4084 /* fallthrough */ 4085 case INSN_CALL: 4086 dest = find_insn(file, insn_call_dest(insn)->sec, 4087 insn_call_dest(insn)->offset); 4088 if (!dest) { 4089 WARN("Unresolved function after linking!?: %s", 4090 insn_call_dest(insn)->name); 4091 return 1; 4092 } 4093 4094 ret = validate_unret(file, dest); 4095 if (ret) { 4096 BT_INSN(insn, "(call)"); 4097 return ret; 4098 } 4099 /* 4100 * If a call returns without error, it must have seen UNTRAIN_RET. 4101 * Therefore any non-error return is a success. 4102 */ 4103 return 0; 4104 4105 case INSN_RETURN: 4106 WARN_INSN(insn, "RET before UNTRAIN"); 4107 return 1; 4108 4109 case INSN_SYSCALL: 4110 break; 4111 4112 case INSN_SYSRET: 4113 return 0; 4114 4115 case INSN_NOP: 4116 if (insn->retpoline_safe) 4117 return 0; 4118 break; 4119 4120 default: 4121 break; 4122 } 4123 4124 if (insn->dead_end) 4125 return 0; 4126 4127 if (!next) { 4128 WARN_INSN(insn, "teh end!"); 4129 return 1; 4130 } 4131 insn = next; 4132 } 4133 4134 return 0; 4135 } 4136 4137 /* 4138 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 4139 * VALIDATE_UNRET_END before RET. 4140 */ 4141 static int validate_unrets(struct objtool_file *file) 4142 { 4143 struct instruction *insn; 4144 int warnings = 0; 4145 4146 for_each_insn(file, insn) { 4147 if (!insn->unret) 4148 continue; 4149 4150 warnings += validate_unret(file, insn); 4151 } 4152 4153 return warnings; 4154 } 4155 4156 static int validate_retpoline(struct objtool_file *file) 4157 { 4158 struct instruction *insn; 4159 int warnings = 0; 4160 4161 for_each_insn(file, insn) { 4162 if (insn->type != INSN_JUMP_DYNAMIC && 4163 insn->type != INSN_CALL_DYNAMIC && 4164 insn->type != INSN_RETURN) 4165 continue; 4166 4167 if (insn->retpoline_safe) 4168 continue; 4169 4170 if (insn->sec->init) 4171 continue; 4172 4173 if (insn->type == INSN_RETURN) { 4174 if (opts.rethunk) { 4175 WARN_INSN(insn, "'naked' return found in MITIGATION_RETHUNK build"); 4176 warnings++; 4177 } 4178 continue; 4179 } 4180 4181 WARN_INSN(insn, "indirect %s found in MITIGATION_RETPOLINE build", 4182 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 4183 warnings++; 4184 } 4185 4186 if (!opts.cfi) 4187 return warnings; 4188 4189 /* 4190 * kCFI call sites look like: 4191 * 4192 * movl $(-0x12345678), %r10d 4193 * addl -4(%r11), %r10d 4194 * jz 1f 4195 * ud2 4196 * 1: cs call __x86_indirect_thunk_r11 4197 * 4198 * Verify all indirect calls are kCFI adorned by checking for the 4199 * UD2. Notably, doing __nocfi calls to regular (cfi) functions is 4200 * broken. 4201 */ 4202 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 4203 struct symbol *sym = insn->sym; 4204 4205 if (sym && (sym->type == STT_NOTYPE || 4206 sym->type == STT_FUNC) && !sym->nocfi) { 4207 struct instruction *prev = 4208 prev_insn_same_sym(file, insn); 4209 4210 if (!prev || prev->type != INSN_BUG) { 4211 WARN_INSN(insn, "no-cfi indirect call!"); 4212 warnings++; 4213 } 4214 } 4215 } 4216 4217 return warnings; 4218 } 4219 4220 static bool is_kasan_insn(struct instruction *insn) 4221 { 4222 return (insn->type == INSN_CALL && 4223 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 4224 } 4225 4226 static bool is_ubsan_insn(struct instruction *insn) 4227 { 4228 return (insn->type == INSN_CALL && 4229 !strcmp(insn_call_dest(insn)->name, 4230 "__ubsan_handle_builtin_unreachable")); 4231 } 4232 4233 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 4234 { 4235 struct symbol *func = insn_func(insn); 4236 struct instruction *prev_insn; 4237 int i; 4238 4239 if (insn->type == INSN_NOP || insn->type == INSN_TRAP || 4240 insn->hole || (func && func->ignore)) 4241 return true; 4242 4243 /* 4244 * Ignore alternative replacement instructions. This can happen 4245 * when a whitelisted function uses one of the ALTERNATIVE macros. 4246 */ 4247 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 4248 !strcmp(insn->sec->name, ".altinstr_aux")) 4249 return true; 4250 4251 if (!func) 4252 return false; 4253 4254 if (func->static_call_tramp) 4255 return true; 4256 4257 /* 4258 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4259 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4260 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4261 * (or occasionally a JMP to UD2). 4262 * 4263 * It may also insert a UD2 after calling a __noreturn function. 4264 */ 4265 prev_insn = prev_insn_same_sec(file, insn); 4266 if (prev_insn && prev_insn->dead_end && 4267 (insn->type == INSN_BUG || 4268 (insn->type == INSN_JUMP_UNCONDITIONAL && 4269 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4270 return true; 4271 4272 /* 4273 * Check if this (or a subsequent) instruction is related to 4274 * CONFIG_UBSAN or CONFIG_KASAN. 4275 * 4276 * End the search at 5 instructions to avoid going into the weeds. 4277 */ 4278 for (i = 0; i < 5; i++) { 4279 4280 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4281 return true; 4282 4283 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4284 if (insn->jump_dest && 4285 insn_func(insn->jump_dest) == func) { 4286 insn = insn->jump_dest; 4287 continue; 4288 } 4289 4290 break; 4291 } 4292 4293 if (insn->offset + insn->len >= func->offset + func->len) 4294 break; 4295 4296 insn = next_insn_same_sec(file, insn); 4297 } 4298 4299 return false; 4300 } 4301 4302 /* 4303 * For FineIBT or kCFI, a certain number of bytes preceding the function may be 4304 * NOPs. Those NOPs may be rewritten at runtime and executed, so give them a 4305 * proper function name: __pfx_<func>. 4306 * 4307 * The NOPs may not exist for the following cases: 4308 * 4309 * - compiler cloned functions (*.cold, *.part0, etc) 4310 * - asm functions created with inline asm or without SYM_FUNC_START() 4311 * 4312 * Also, the function may already have a prefix from a previous objtool run 4313 * (livepatch extracted functions, or manually running objtool multiple times). 4314 * 4315 * So return 0 if the NOPs are missing or the function already has a prefix 4316 * symbol. 4317 */ 4318 static int create_prefix_symbol(struct objtool_file *file, struct symbol *func) 4319 { 4320 struct instruction *insn, *prev; 4321 char name[SYM_NAME_LEN]; 4322 struct cfi_state *cfi; 4323 4324 if (!is_func_sym(func) || is_prefix_func(func) || 4325 func->cold || func->static_call_tramp) 4326 return 0; 4327 4328 if ((strlen(func->name) + sizeof("__pfx_") > SYM_NAME_LEN)) { 4329 WARN("%s: symbol name too long, can't create __pfx_ symbol", 4330 func->name); 4331 return 0; 4332 } 4333 4334 if (snprintf_check(name, SYM_NAME_LEN, "__pfx_%s", func->name)) 4335 return -1; 4336 4337 if (file->klp) { 4338 struct symbol *pfx; 4339 4340 pfx = find_symbol_by_offset(func->sec, func->offset - opts.prefix); 4341 if (pfx && is_prefix_func(pfx) && !strcmp(pfx->name, name)) 4342 return 0; 4343 } 4344 4345 insn = find_insn(file, func->sec, func->offset); 4346 if (!insn) { 4347 WARN("%s: can't find starting instruction", func->name); 4348 return -1; 4349 } 4350 4351 for (prev = prev_insn_same_sec(file, insn); 4352 prev; 4353 prev = prev_insn_same_sec(file, prev)) { 4354 u64 offset; 4355 4356 if (prev->type != INSN_NOP) 4357 return 0; 4358 4359 offset = func->offset - prev->offset; 4360 4361 if (offset > opts.prefix) 4362 return 0; 4363 4364 if (offset < opts.prefix) 4365 continue; 4366 4367 if (!elf_create_symbol(file->elf, name, func->sec, 4368 GELF_ST_BIND(func->sym.st_info), 4369 GELF_ST_TYPE(func->sym.st_info), 4370 prev->offset, opts.prefix)) 4371 return -1; 4372 4373 break; 4374 } 4375 4376 if (!prev) 4377 return 0; 4378 4379 if (!insn->cfi) { 4380 /* 4381 * This can happen if stack validation isn't enabled or the 4382 * function is annotated with STACK_FRAME_NON_STANDARD. 4383 */ 4384 return 0; 4385 } 4386 4387 /* Propagate insn->cfi to the prefix code */ 4388 cfi = cfi_hash_find_or_add(insn->cfi); 4389 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4390 prev->cfi = cfi; 4391 4392 return 0; 4393 } 4394 4395 static int create_prefix_symbols(struct objtool_file *file) 4396 { 4397 struct section *sec; 4398 struct symbol *func; 4399 4400 for_each_sec(file->elf, sec) { 4401 if (!is_text_sec(sec)) 4402 continue; 4403 4404 sec_for_each_sym(sec, func) { 4405 if (create_prefix_symbol(file, func)) 4406 return -1; 4407 } 4408 } 4409 4410 return 0; 4411 } 4412 4413 static int validate_symbol(struct objtool_file *file, struct section *sec, 4414 struct symbol *sym, struct insn_state *state) 4415 { 4416 struct instruction *insn; 4417 struct symbol *func; 4418 int ret; 4419 4420 if (!sym->len) { 4421 WARN("%s() is missing an ELF size annotation", sym->name); 4422 return 1; 4423 } 4424 4425 if (sym->pfunc != sym || sym->alias != sym) 4426 return 0; 4427 4428 insn = find_insn(file, sec, sym->offset); 4429 if (!insn || insn->visited) 4430 return 0; 4431 4432 if (opts.uaccess) 4433 state->uaccess = sym->uaccess_safe; 4434 4435 func = insn_func(insn); 4436 4437 if (opts.checksum) 4438 checksum_init(func); 4439 4440 ret = validate_branch(file, func, insn, *state); 4441 if (ret) 4442 BT_INSN(insn, "<=== (sym)"); 4443 4444 if (opts.checksum) 4445 checksum_finish(func); 4446 4447 return ret; 4448 } 4449 4450 static int validate_section(struct objtool_file *file, struct section *sec) 4451 { 4452 struct insn_state state; 4453 struct symbol *func; 4454 int warnings = 0; 4455 4456 sec_for_each_sym(sec, func) { 4457 if (!is_func_sym(func)) 4458 continue; 4459 4460 init_insn_state(file, &state, sec); 4461 set_func_state(&state.cfi); 4462 4463 warnings += validate_symbol(file, sec, func, &state); 4464 } 4465 4466 return warnings; 4467 } 4468 4469 static int validate_noinstr_sections(struct objtool_file *file) 4470 { 4471 struct section *sec; 4472 int warnings = 0; 4473 4474 sec = find_section_by_name(file->elf, ".noinstr.text"); 4475 if (sec) { 4476 warnings += validate_section(file, sec); 4477 warnings += validate_unwind_hints(file, sec); 4478 } 4479 4480 sec = find_section_by_name(file->elf, ".entry.text"); 4481 if (sec) { 4482 warnings += validate_section(file, sec); 4483 warnings += validate_unwind_hints(file, sec); 4484 } 4485 4486 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4487 if (sec) { 4488 warnings += validate_section(file, sec); 4489 warnings += validate_unwind_hints(file, sec); 4490 } 4491 4492 return warnings; 4493 } 4494 4495 static int validate_functions(struct objtool_file *file) 4496 { 4497 struct section *sec; 4498 int warnings = 0; 4499 4500 for_each_sec(file->elf, sec) { 4501 if (!is_text_sec(sec)) 4502 continue; 4503 4504 warnings += validate_section(file, sec); 4505 } 4506 4507 return warnings; 4508 } 4509 4510 static void mark_endbr_used(struct instruction *insn) 4511 { 4512 if (!list_empty(&insn->call_node)) 4513 list_del_init(&insn->call_node); 4514 } 4515 4516 static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4517 { 4518 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4519 struct instruction *first; 4520 4521 if (!sym) 4522 return false; 4523 4524 first = find_insn(file, sym->sec, sym->offset); 4525 if (!first) 4526 return false; 4527 4528 if (first->type != INSN_ENDBR && !first->noendbr) 4529 return false; 4530 4531 return insn->offset == sym->offset + sym->len; 4532 } 4533 4534 static int __validate_ibt_insn(struct objtool_file *file, struct instruction *insn, 4535 struct instruction *dest) 4536 { 4537 if (dest->type == INSN_ENDBR) { 4538 mark_endbr_used(dest); 4539 return 0; 4540 } 4541 4542 if (insn_func(dest) && insn_func(insn) && 4543 insn_func(dest)->pfunc == insn_func(insn)->pfunc) { 4544 /* 4545 * Anything from->to self is either _THIS_IP_ or 4546 * IRET-to-self. 4547 * 4548 * There is no sane way to annotate _THIS_IP_ since the 4549 * compiler treats the relocation as a constant and is 4550 * happy to fold in offsets, skewing any annotation we 4551 * do, leading to vast amounts of false-positives. 4552 * 4553 * There's also compiler generated _THIS_IP_ through 4554 * KCOV and such which we have no hope of annotating. 4555 * 4556 * As such, blanket accept self-references without 4557 * issue. 4558 */ 4559 return 0; 4560 } 4561 4562 /* 4563 * Accept anything ANNOTATE_NOENDBR. 4564 */ 4565 if (dest->noendbr) 4566 return 0; 4567 4568 /* 4569 * Accept if this is the instruction after a symbol 4570 * that is (no)endbr -- typical code-range usage. 4571 */ 4572 if (noendbr_range(file, dest)) 4573 return 0; 4574 4575 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4576 return 1; 4577 } 4578 4579 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4580 { 4581 struct instruction *dest; 4582 struct reloc *reloc; 4583 unsigned long off; 4584 int warnings = 0; 4585 4586 /* 4587 * Looking for function pointer load relocations. Ignore 4588 * direct/indirect branches: 4589 */ 4590 switch (insn->type) { 4591 4592 case INSN_CALL: 4593 case INSN_CALL_DYNAMIC: 4594 case INSN_JUMP_CONDITIONAL: 4595 case INSN_JUMP_UNCONDITIONAL: 4596 case INSN_JUMP_DYNAMIC: 4597 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4598 case INSN_RETURN: 4599 case INSN_NOP: 4600 return 0; 4601 4602 case INSN_LEA_RIP: 4603 if (!insn_reloc(file, insn)) { 4604 /* local function pointer reference without reloc */ 4605 4606 off = arch_jump_destination(insn); 4607 4608 dest = find_insn(file, insn->sec, off); 4609 if (!dest) { 4610 WARN_INSN(insn, "corrupt function pointer reference"); 4611 return 1; 4612 } 4613 4614 return __validate_ibt_insn(file, insn, dest); 4615 } 4616 break; 4617 4618 default: 4619 break; 4620 } 4621 4622 for (reloc = insn_reloc(file, insn); 4623 reloc; 4624 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4625 reloc_offset(reloc) + 1, 4626 (insn->offset + insn->len) - (reloc_offset(reloc) + 1))) { 4627 4628 off = reloc->sym->offset + arch_insn_adjusted_addend(insn, reloc); 4629 4630 dest = find_insn(file, reloc->sym->sec, off); 4631 if (!dest) 4632 continue; 4633 4634 warnings += __validate_ibt_insn(file, insn, dest); 4635 } 4636 4637 return warnings; 4638 } 4639 4640 static int validate_ibt_data_reloc(struct objtool_file *file, 4641 struct reloc *reloc) 4642 { 4643 struct instruction *dest; 4644 4645 dest = find_insn(file, reloc->sym->sec, 4646 reloc->sym->offset + reloc_addend(reloc)); 4647 if (!dest) 4648 return 0; 4649 4650 if (dest->type == INSN_ENDBR) { 4651 mark_endbr_used(dest); 4652 return 0; 4653 } 4654 4655 if (dest->noendbr) 4656 return 0; 4657 4658 WARN_FUNC(reloc->sec->base, reloc_offset(reloc), 4659 "data relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4660 4661 return 1; 4662 } 4663 4664 /* 4665 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4666 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4667 * NOPs) later, in create_ibt_endbr_seal_sections(). 4668 */ 4669 static int validate_ibt(struct objtool_file *file) 4670 { 4671 struct section *sec; 4672 struct reloc *reloc; 4673 struct instruction *insn; 4674 int warnings = 0; 4675 4676 for_each_insn(file, insn) 4677 warnings += validate_ibt_insn(file, insn); 4678 4679 for_each_sec(file->elf, sec) { 4680 4681 /* Already done by validate_ibt_insn() */ 4682 if (is_text_sec(sec)) 4683 continue; 4684 4685 if (!sec->rsec) 4686 continue; 4687 4688 /* 4689 * These sections can reference text addresses, but not with 4690 * the intent to indirect branch to them. 4691 */ 4692 if ((!strncmp(sec->name, ".discard", 8) && 4693 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4694 !strncmp(sec->name, ".debug", 6) || 4695 !strcmp(sec->name, ".altinstructions") || 4696 !strcmp(sec->name, ".ibt_endbr_seal") || 4697 !strcmp(sec->name, ".kcfi_traps") || 4698 !strcmp(sec->name, ".orc_unwind_ip") || 4699 !strcmp(sec->name, ".retpoline_sites") || 4700 !strcmp(sec->name, ".smp_locks") || 4701 !strcmp(sec->name, ".static_call_sites") || 4702 !strcmp(sec->name, "_error_injection_whitelist") || 4703 !strcmp(sec->name, "_kprobe_blacklist") || 4704 !strcmp(sec->name, "__bug_table") || 4705 !strcmp(sec->name, "__ex_table") || 4706 !strcmp(sec->name, "__jump_table") || 4707 !strcmp(sec->name, "__klp_funcs") || 4708 !strcmp(sec->name, "__mcount_loc") || 4709 !strcmp(sec->name, ".llvm.call-graph-profile") || 4710 !strcmp(sec->name, ".llvm_bb_addr_map") || 4711 !strcmp(sec->name, "__tracepoints") || 4712 !strcmp(sec->name, "__patchable_function_entries")) 4713 continue; 4714 4715 for_each_reloc(sec->rsec, reloc) 4716 warnings += validate_ibt_data_reloc(file, reloc); 4717 } 4718 4719 return warnings; 4720 } 4721 4722 static int validate_sls(struct objtool_file *file) 4723 { 4724 struct instruction *insn, *next_insn; 4725 int warnings = 0; 4726 4727 for_each_insn(file, insn) { 4728 next_insn = next_insn_same_sec(file, insn); 4729 4730 if (insn->retpoline_safe) 4731 continue; 4732 4733 switch (insn->type) { 4734 case INSN_RETURN: 4735 if (!next_insn || next_insn->type != INSN_TRAP) { 4736 WARN_INSN(insn, "missing int3 after ret"); 4737 warnings++; 4738 } 4739 4740 break; 4741 case INSN_JUMP_DYNAMIC: 4742 if (!next_insn || next_insn->type != INSN_TRAP) { 4743 WARN_INSN(insn, "missing int3 after indirect jump"); 4744 warnings++; 4745 } 4746 break; 4747 default: 4748 break; 4749 } 4750 } 4751 4752 return warnings; 4753 } 4754 4755 static int validate_reachable_instructions(struct objtool_file *file) 4756 { 4757 struct instruction *insn, *prev_insn; 4758 struct symbol *call_dest; 4759 int warnings = 0; 4760 4761 if (file->ignore_unreachables) 4762 return 0; 4763 4764 for_each_insn(file, insn) { 4765 if (insn->visited || ignore_unreachable_insn(file, insn)) 4766 continue; 4767 4768 prev_insn = prev_insn_same_sec(file, insn); 4769 if (prev_insn && prev_insn->dead_end) { 4770 call_dest = insn_call_dest(prev_insn); 4771 if (call_dest) { 4772 WARN_INSN(insn, "%s() missing __noreturn in .c/.h or NORETURN() in noreturns.h", 4773 call_dest->name); 4774 warnings++; 4775 continue; 4776 } 4777 } 4778 4779 WARN_INSN(insn, "unreachable instruction"); 4780 warnings++; 4781 } 4782 4783 return warnings; 4784 } 4785 4786 /* 'funcs' is a space-separated list of function names */ 4787 static void disas_funcs(const char *funcs) 4788 { 4789 const char *objdump_str, *cross_compile; 4790 int size, ret; 4791 char *cmd; 4792 4793 cross_compile = getenv("CROSS_COMPILE"); 4794 if (!cross_compile) 4795 cross_compile = ""; 4796 4797 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '" 4798 "BEGIN { split(_funcs, funcs); }" 4799 "/^$/ { func_match = 0; }" 4800 "/<.*>:/ { " 4801 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);" 4802 "for (i in funcs) {" 4803 "if (funcs[i] == f) {" 4804 "func_match = 1;" 4805 "base = strtonum(\"0x\" $1);" 4806 "break;" 4807 "}" 4808 "}" 4809 "}" 4810 "{" 4811 "if (func_match) {" 4812 "addr = strtonum(\"0x\" $1);" 4813 "printf(\"%%04x \", addr - base);" 4814 "print;" 4815 "}" 4816 "}' 1>&2"; 4817 4818 /* fake snprintf() to calculate the size */ 4819 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1; 4820 if (size <= 0) { 4821 WARN("objdump string size calculation failed"); 4822 return; 4823 } 4824 4825 cmd = malloc(size); 4826 4827 /* real snprintf() */ 4828 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs); 4829 ret = system(cmd); 4830 if (ret) { 4831 WARN("disassembly failed: %d", ret); 4832 return; 4833 } 4834 } 4835 4836 static void disas_warned_funcs(struct objtool_file *file) 4837 { 4838 struct symbol *sym; 4839 char *funcs = NULL, *tmp; 4840 4841 for_each_sym(file->elf, sym) { 4842 if (sym->warned) { 4843 if (!funcs) { 4844 funcs = malloc(strlen(sym->name) + 1); 4845 if (!funcs) { 4846 ERROR_GLIBC("malloc"); 4847 return; 4848 } 4849 strcpy(funcs, sym->name); 4850 } else { 4851 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2); 4852 if (!tmp) { 4853 ERROR_GLIBC("malloc"); 4854 return; 4855 } 4856 sprintf(tmp, "%s %s", funcs, sym->name); 4857 free(funcs); 4858 funcs = tmp; 4859 } 4860 } 4861 } 4862 4863 if (funcs) 4864 disas_funcs(funcs); 4865 } 4866 4867 __weak bool arch_absolute_reloc(struct elf *elf, struct reloc *reloc) 4868 { 4869 unsigned int type = reloc_type(reloc); 4870 size_t sz = elf_addr_size(elf); 4871 4872 return (sz == 8) ? (type == R_ABS64) : (type == R_ABS32); 4873 } 4874 4875 static int check_abs_references(struct objtool_file *file) 4876 { 4877 struct section *sec; 4878 struct reloc *reloc; 4879 int ret = 0; 4880 4881 for_each_sec(file->elf, sec) { 4882 /* absolute references in non-loadable sections are fine */ 4883 if (!(sec->sh.sh_flags & SHF_ALLOC)) 4884 continue; 4885 4886 /* section must have an associated .rela section */ 4887 if (!sec->rsec) 4888 continue; 4889 4890 /* 4891 * Special case for compiler generated metadata that is not 4892 * consumed until after boot. 4893 */ 4894 if (!strcmp(sec->name, "__patchable_function_entries")) 4895 continue; 4896 4897 for_each_reloc(sec->rsec, reloc) { 4898 if (arch_absolute_reloc(file->elf, reloc)) { 4899 WARN("section %s has absolute relocation at offset 0x%llx", 4900 sec->name, (unsigned long long)reloc_offset(reloc)); 4901 ret++; 4902 } 4903 } 4904 } 4905 return ret; 4906 } 4907 4908 struct insn_chunk { 4909 void *addr; 4910 struct insn_chunk *next; 4911 }; 4912 4913 /* 4914 * Reduce peak RSS usage by freeing insns memory before writing the ELF file, 4915 * which can trigger more allocations for .debug_* sections whose data hasn't 4916 * been read yet. 4917 */ 4918 static void free_insns(struct objtool_file *file) 4919 { 4920 struct instruction *insn; 4921 struct insn_chunk *chunks = NULL, *chunk; 4922 4923 for_each_insn(file, insn) { 4924 if (!insn->idx) { 4925 chunk = malloc(sizeof(*chunk)); 4926 chunk->addr = insn; 4927 chunk->next = chunks; 4928 chunks = chunk; 4929 } 4930 } 4931 4932 for (chunk = chunks; chunk; chunk = chunk->next) 4933 free(chunk->addr); 4934 } 4935 4936 int check(struct objtool_file *file) 4937 { 4938 int ret = 0, warnings = 0; 4939 4940 arch_initial_func_cfi_state(&initial_func_cfi); 4941 init_cfi_state(&init_cfi); 4942 init_cfi_state(&func_cfi); 4943 set_func_state(&func_cfi); 4944 init_cfi_state(&force_undefined_cfi); 4945 force_undefined_cfi.force_undefined = true; 4946 4947 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) { 4948 ret = -1; 4949 goto out; 4950 } 4951 4952 cfi_hash_add(&init_cfi); 4953 cfi_hash_add(&func_cfi); 4954 4955 ret = checksum_debug_init(file); 4956 if (ret) 4957 goto out; 4958 4959 ret = decode_sections(file); 4960 if (ret) 4961 goto out; 4962 4963 if (!nr_insns) 4964 goto out; 4965 4966 warnings += validate_function_names(file); 4967 4968 if (opts.retpoline) 4969 warnings += validate_retpoline(file); 4970 4971 if (validate_branch_enabled()) { 4972 int w = 0; 4973 4974 w += validate_functions(file); 4975 w += validate_unwind_hints(file, NULL); 4976 if (!w) 4977 w += validate_reachable_instructions(file); 4978 4979 warnings += w; 4980 4981 } else if (opts.noinstr) { 4982 warnings += validate_noinstr_sections(file); 4983 } 4984 4985 if (opts.unret) { 4986 /* 4987 * Must be after validate_branch() and friends, it plays 4988 * further games with insn->visited. 4989 */ 4990 warnings += validate_unrets(file); 4991 } 4992 4993 if (opts.ibt) 4994 warnings += validate_ibt(file); 4995 4996 if (opts.sls) 4997 warnings += validate_sls(file); 4998 4999 if (opts.static_call) { 5000 ret = create_static_call_sections(file); 5001 if (ret) 5002 goto out; 5003 } 5004 5005 if (opts.retpoline) { 5006 ret = create_retpoline_sites_sections(file); 5007 if (ret) 5008 goto out; 5009 } 5010 5011 if (opts.cfi) { 5012 ret = create_cfi_sections(file); 5013 if (ret) 5014 goto out; 5015 } 5016 5017 if (opts.rethunk) { 5018 ret = create_return_sites_sections(file); 5019 if (ret) 5020 goto out; 5021 5022 if (opts.hack_skylake) { 5023 ret = create_direct_call_sections(file); 5024 if (ret) 5025 goto out; 5026 } 5027 } 5028 5029 if (opts.mcount) { 5030 ret = create_mcount_loc_sections(file); 5031 if (ret) 5032 goto out; 5033 } 5034 5035 if (opts.prefix) { 5036 ret = create_prefix_symbols(file); 5037 if (ret) 5038 goto out; 5039 } 5040 5041 if (opts.ibt) { 5042 ret = create_ibt_endbr_seal_sections(file); 5043 if (ret) 5044 goto out; 5045 } 5046 5047 if (opts.noabs) 5048 warnings += check_abs_references(file); 5049 5050 if (opts.checksum) { 5051 ret = create_sym_checksum_section(file); 5052 if (ret) 5053 goto out; 5054 } 5055 5056 if (opts.orc && nr_insns) { 5057 ret = orc_create(file); 5058 if (ret) 5059 goto out; 5060 } 5061 5062 free_insns(file); 5063 5064 if (opts.stats) { 5065 printf("nr_insns_visited: %ld\n", nr_insns_visited); 5066 printf("nr_cfi: %ld\n", nr_cfi); 5067 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 5068 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 5069 } 5070 5071 out: 5072 if (!ret && !warnings) 5073 return 0; 5074 5075 if (opts.werror && warnings) 5076 ret = 1; 5077 5078 if (opts.verbose) { 5079 if (opts.werror && warnings) 5080 WARN("%d warning(s) upgraded to errors", warnings); 5081 disas_warned_funcs(file); 5082 } 5083 5084 if (opts.backup && make_backup()) 5085 return 1; 5086 5087 return ret; 5088 } 5089