1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 #include <inttypes.h> 9 #include <sys/mman.h> 10 11 #include <arch/elf.h> 12 #include <objtool/builtin.h> 13 #include <objtool/cfi.h> 14 #include <objtool/arch.h> 15 #include <objtool/check.h> 16 #include <objtool/special.h> 17 #include <objtool/warn.h> 18 #include <objtool/endianness.h> 19 20 #include <linux/objtool_types.h> 21 #include <linux/hashtable.h> 22 #include <linux/kernel.h> 23 #include <linux/static_call_types.h> 24 25 struct alternative { 26 struct alternative *next; 27 struct instruction *insn; 28 bool skip_orig; 29 }; 30 31 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 32 33 static struct cfi_init_state initial_func_cfi; 34 static struct cfi_state init_cfi; 35 static struct cfi_state func_cfi; 36 static struct cfi_state force_undefined_cfi; 37 38 struct instruction *find_insn(struct objtool_file *file, 39 struct section *sec, unsigned long offset) 40 { 41 struct instruction *insn; 42 43 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 44 if (insn->sec == sec && insn->offset == offset) 45 return insn; 46 } 47 48 return NULL; 49 } 50 51 struct instruction *next_insn_same_sec(struct objtool_file *file, 52 struct instruction *insn) 53 { 54 if (insn->idx == INSN_CHUNK_MAX) 55 return find_insn(file, insn->sec, insn->offset + insn->len); 56 57 insn++; 58 if (!insn->len) 59 return NULL; 60 61 return insn; 62 } 63 64 static struct instruction *next_insn_same_func(struct objtool_file *file, 65 struct instruction *insn) 66 { 67 struct instruction *next = next_insn_same_sec(file, insn); 68 struct symbol *func = insn_func(insn); 69 70 if (!func) 71 return NULL; 72 73 if (next && insn_func(next) == func) 74 return next; 75 76 /* Check if we're already in the subfunction: */ 77 if (func == func->cfunc) 78 return NULL; 79 80 /* Move to the subfunction: */ 81 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 82 } 83 84 static struct instruction *prev_insn_same_sec(struct objtool_file *file, 85 struct instruction *insn) 86 { 87 if (insn->idx == 0) { 88 if (insn->prev_len) 89 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 90 return NULL; 91 } 92 93 return insn - 1; 94 } 95 96 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 97 struct instruction *insn) 98 { 99 struct instruction *prev = prev_insn_same_sec(file, insn); 100 101 if (prev && insn_func(prev) == insn_func(insn)) 102 return prev; 103 104 return NULL; 105 } 106 107 #define for_each_insn(file, insn) \ 108 for (struct section *__sec, *__fake = (struct section *)1; \ 109 __fake; __fake = NULL) \ 110 for_each_sec(file, __sec) \ 111 sec_for_each_insn(file, __sec, insn) 112 113 #define func_for_each_insn(file, func, insn) \ 114 for (insn = find_insn(file, func->sec, func->offset); \ 115 insn; \ 116 insn = next_insn_same_func(file, insn)) 117 118 #define sym_for_each_insn(file, sym, insn) \ 119 for (insn = find_insn(file, sym->sec, sym->offset); \ 120 insn && insn->offset < sym->offset + sym->len; \ 121 insn = next_insn_same_sec(file, insn)) 122 123 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 124 for (insn = prev_insn_same_sec(file, insn); \ 125 insn && insn->offset >= sym->offset; \ 126 insn = prev_insn_same_sec(file, insn)) 127 128 #define sec_for_each_insn_from(file, insn) \ 129 for (; insn; insn = next_insn_same_sec(file, insn)) 130 131 #define sec_for_each_insn_continue(file, insn) \ 132 for (insn = next_insn_same_sec(file, insn); insn; \ 133 insn = next_insn_same_sec(file, insn)) 134 135 static inline struct symbol *insn_call_dest(struct instruction *insn) 136 { 137 if (insn->type == INSN_JUMP_DYNAMIC || 138 insn->type == INSN_CALL_DYNAMIC) 139 return NULL; 140 141 return insn->_call_dest; 142 } 143 144 static inline struct reloc *insn_jump_table(struct instruction *insn) 145 { 146 if (insn->type == INSN_JUMP_DYNAMIC || 147 insn->type == INSN_CALL_DYNAMIC) 148 return insn->_jump_table; 149 150 return NULL; 151 } 152 153 static bool is_jump_table_jump(struct instruction *insn) 154 { 155 struct alt_group *alt_group = insn->alt_group; 156 157 if (insn_jump_table(insn)) 158 return true; 159 160 /* Retpoline alternative for a jump table? */ 161 return alt_group && alt_group->orig_group && 162 insn_jump_table(alt_group->orig_group->first_insn); 163 } 164 165 static bool is_sibling_call(struct instruction *insn) 166 { 167 /* 168 * Assume only STT_FUNC calls have jump-tables. 169 */ 170 if (insn_func(insn)) { 171 /* An indirect jump is either a sibling call or a jump to a table. */ 172 if (insn->type == INSN_JUMP_DYNAMIC) 173 return !is_jump_table_jump(insn); 174 } 175 176 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 177 return (is_static_jump(insn) && insn_call_dest(insn)); 178 } 179 180 /* 181 * This checks to see if the given function is a "noreturn" function. 182 * 183 * For global functions which are outside the scope of this object file, we 184 * have to keep a manual list of them. 185 * 186 * For local functions, we have to detect them manually by simply looking for 187 * the lack of a return instruction. 188 */ 189 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 190 int recursion) 191 { 192 int i; 193 struct instruction *insn; 194 bool empty = true; 195 196 #define NORETURN(func) __stringify(func), 197 static const char * const global_noreturns[] = { 198 #include "noreturns.h" 199 }; 200 #undef NORETURN 201 202 if (!func) 203 return false; 204 205 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) 206 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 207 if (!strcmp(func->name, global_noreturns[i])) 208 return true; 209 210 if (func->bind == STB_WEAK) 211 return false; 212 213 if (!func->len) 214 return false; 215 216 insn = find_insn(file, func->sec, func->offset); 217 if (!insn || !insn_func(insn)) 218 return false; 219 220 func_for_each_insn(file, func, insn) { 221 empty = false; 222 223 if (insn->type == INSN_RETURN) 224 return false; 225 } 226 227 if (empty) 228 return false; 229 230 /* 231 * A function can have a sibling call instead of a return. In that 232 * case, the function's dead-end status depends on whether the target 233 * of the sibling call returns. 234 */ 235 func_for_each_insn(file, func, insn) { 236 if (is_sibling_call(insn)) { 237 struct instruction *dest = insn->jump_dest; 238 239 if (!dest) 240 /* sibling call to another file */ 241 return false; 242 243 /* local sibling call */ 244 if (recursion == 5) { 245 /* 246 * Infinite recursion: two functions have 247 * sibling calls to each other. This is a very 248 * rare case. It means they aren't dead ends. 249 */ 250 return false; 251 } 252 253 return __dead_end_function(file, insn_func(dest), recursion+1); 254 } 255 } 256 257 return true; 258 } 259 260 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 261 { 262 return __dead_end_function(file, func, 0); 263 } 264 265 static void init_cfi_state(struct cfi_state *cfi) 266 { 267 int i; 268 269 for (i = 0; i < CFI_NUM_REGS; i++) { 270 cfi->regs[i].base = CFI_UNDEFINED; 271 cfi->vals[i].base = CFI_UNDEFINED; 272 } 273 cfi->cfa.base = CFI_UNDEFINED; 274 cfi->drap_reg = CFI_UNDEFINED; 275 cfi->drap_offset = -1; 276 } 277 278 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 279 struct section *sec) 280 { 281 memset(state, 0, sizeof(*state)); 282 init_cfi_state(&state->cfi); 283 284 /* 285 * We need the full vmlinux for noinstr validation, otherwise we can 286 * not correctly determine insn_call_dest(insn)->sec (external symbols 287 * do not have a section). 288 */ 289 if (opts.link && opts.noinstr && sec) 290 state->noinstr = sec->noinstr; 291 } 292 293 static struct cfi_state *cfi_alloc(void) 294 { 295 struct cfi_state *cfi = calloc(sizeof(struct cfi_state), 1); 296 if (!cfi) { 297 WARN("calloc failed"); 298 exit(1); 299 } 300 nr_cfi++; 301 return cfi; 302 } 303 304 static int cfi_bits; 305 static struct hlist_head *cfi_hash; 306 307 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 308 { 309 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 310 (void *)cfi2 + sizeof(cfi2->hash), 311 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 312 } 313 314 static inline u32 cfi_key(struct cfi_state *cfi) 315 { 316 return jhash((void *)cfi + sizeof(cfi->hash), 317 sizeof(*cfi) - sizeof(cfi->hash), 0); 318 } 319 320 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 321 { 322 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 323 struct cfi_state *obj; 324 325 hlist_for_each_entry(obj, head, hash) { 326 if (!cficmp(cfi, obj)) { 327 nr_cfi_cache++; 328 return obj; 329 } 330 } 331 332 obj = cfi_alloc(); 333 *obj = *cfi; 334 hlist_add_head(&obj->hash, head); 335 336 return obj; 337 } 338 339 static void cfi_hash_add(struct cfi_state *cfi) 340 { 341 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 342 343 hlist_add_head(&cfi->hash, head); 344 } 345 346 static void *cfi_hash_alloc(unsigned long size) 347 { 348 cfi_bits = max(10, ilog2(size)); 349 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 350 PROT_READ|PROT_WRITE, 351 MAP_PRIVATE|MAP_ANON, -1, 0); 352 if (cfi_hash == (void *)-1L) { 353 WARN("mmap fail cfi_hash"); 354 cfi_hash = NULL; 355 } else if (opts.stats) { 356 printf("cfi_bits: %d\n", cfi_bits); 357 } 358 359 return cfi_hash; 360 } 361 362 static unsigned long nr_insns; 363 static unsigned long nr_insns_visited; 364 365 /* 366 * Call the arch-specific instruction decoder for all the instructions and add 367 * them to the global instruction list. 368 */ 369 static int decode_instructions(struct objtool_file *file) 370 { 371 struct section *sec; 372 struct symbol *func; 373 unsigned long offset; 374 struct instruction *insn; 375 int ret; 376 377 for_each_sec(file, sec) { 378 struct instruction *insns = NULL; 379 u8 prev_len = 0; 380 u8 idx = 0; 381 382 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 383 continue; 384 385 if (strcmp(sec->name, ".altinstr_replacement") && 386 strcmp(sec->name, ".altinstr_aux") && 387 strncmp(sec->name, ".discard.", 9)) 388 sec->text = true; 389 390 if (!strcmp(sec->name, ".noinstr.text") || 391 !strcmp(sec->name, ".entry.text") || 392 !strcmp(sec->name, ".cpuidle.text") || 393 !strncmp(sec->name, ".text.__x86.", 12)) 394 sec->noinstr = true; 395 396 /* 397 * .init.text code is ran before userspace and thus doesn't 398 * strictly need retpolines, except for modules which are 399 * loaded late, they very much do need retpoline in their 400 * .init.text 401 */ 402 if (!strcmp(sec->name, ".init.text") && !opts.module) 403 sec->init = true; 404 405 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 406 if (!insns || idx == INSN_CHUNK_MAX) { 407 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE); 408 if (!insns) { 409 WARN("malloc failed"); 410 return -1; 411 } 412 idx = 0; 413 } else { 414 idx++; 415 } 416 insn = &insns[idx]; 417 insn->idx = idx; 418 419 INIT_LIST_HEAD(&insn->call_node); 420 insn->sec = sec; 421 insn->offset = offset; 422 insn->prev_len = prev_len; 423 424 ret = arch_decode_instruction(file, sec, offset, 425 sec->sh.sh_size - offset, 426 insn); 427 if (ret) 428 return ret; 429 430 prev_len = insn->len; 431 432 /* 433 * By default, "ud2" is a dead end unless otherwise 434 * annotated, because GCC 7 inserts it for certain 435 * divide-by-zero cases. 436 */ 437 if (insn->type == INSN_BUG) 438 insn->dead_end = true; 439 440 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 441 nr_insns++; 442 } 443 444 // printf("%s: last chunk used: %d\n", sec->name, (int)idx); 445 446 sec_for_each_sym(sec, func) { 447 if (func->type != STT_NOTYPE && func->type != STT_FUNC) 448 continue; 449 450 if (func->offset == sec->sh.sh_size) { 451 /* Heuristic: likely an "end" symbol */ 452 if (func->type == STT_NOTYPE) 453 continue; 454 WARN("%s(): STT_FUNC at end of section", 455 func->name); 456 return -1; 457 } 458 459 if (func->return_thunk || func->alias != func) 460 continue; 461 462 if (!find_insn(file, sec, func->offset)) { 463 WARN("%s(): can't find starting instruction", 464 func->name); 465 return -1; 466 } 467 468 sym_for_each_insn(file, func, insn) { 469 insn->sym = func; 470 if (func->type == STT_FUNC && 471 insn->type == INSN_ENDBR && 472 list_empty(&insn->call_node)) { 473 if (insn->offset == func->offset) { 474 list_add_tail(&insn->call_node, &file->endbr_list); 475 file->nr_endbr++; 476 } else { 477 file->nr_endbr_int++; 478 } 479 } 480 } 481 } 482 } 483 484 if (opts.stats) 485 printf("nr_insns: %lu\n", nr_insns); 486 487 return 0; 488 } 489 490 /* 491 * Read the pv_ops[] .data table to find the static initialized values. 492 */ 493 static int add_pv_ops(struct objtool_file *file, const char *symname) 494 { 495 struct symbol *sym, *func; 496 unsigned long off, end; 497 struct reloc *rel; 498 int idx; 499 500 sym = find_symbol_by_name(file->elf, symname); 501 if (!sym) 502 return 0; 503 504 off = sym->offset; 505 end = off + sym->len; 506 for (;;) { 507 rel = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 508 if (!rel) 509 break; 510 511 func = rel->sym; 512 if (func->type == STT_SECTION) 513 func = find_symbol_by_offset(rel->sym->sec, rel->addend); 514 515 idx = (rel->offset - sym->offset) / sizeof(unsigned long); 516 517 objtool_pv_add(file, idx, func); 518 519 off = rel->offset + 1; 520 if (off > end) 521 break; 522 } 523 524 return 0; 525 } 526 527 /* 528 * Allocate and initialize file->pv_ops[]. 529 */ 530 static int init_pv_ops(struct objtool_file *file) 531 { 532 static const char *pv_ops_tables[] = { 533 "pv_ops", 534 "xen_cpu_ops", 535 "xen_irq_ops", 536 "xen_mmu_ops", 537 NULL, 538 }; 539 const char *pv_ops; 540 struct symbol *sym; 541 int idx, nr; 542 543 if (!opts.noinstr) 544 return 0; 545 546 file->pv_ops = NULL; 547 548 sym = find_symbol_by_name(file->elf, "pv_ops"); 549 if (!sym) 550 return 0; 551 552 nr = sym->len / sizeof(unsigned long); 553 file->pv_ops = calloc(sizeof(struct pv_state), nr); 554 if (!file->pv_ops) 555 return -1; 556 557 for (idx = 0; idx < nr; idx++) 558 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 559 560 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) 561 add_pv_ops(file, pv_ops); 562 563 return 0; 564 } 565 566 static struct instruction *find_last_insn(struct objtool_file *file, 567 struct section *sec) 568 { 569 struct instruction *insn = NULL; 570 unsigned int offset; 571 unsigned int end = (sec->sh.sh_size > 10) ? sec->sh.sh_size - 10 : 0; 572 573 for (offset = sec->sh.sh_size - 1; offset >= end && !insn; offset--) 574 insn = find_insn(file, sec, offset); 575 576 return insn; 577 } 578 579 /* 580 * Mark "ud2" instructions and manually annotated dead ends. 581 */ 582 static int add_dead_ends(struct objtool_file *file) 583 { 584 struct section *sec; 585 struct reloc *reloc; 586 struct instruction *insn; 587 588 /* 589 * Check for manually annotated dead ends. 590 */ 591 sec = find_section_by_name(file->elf, ".rela.discard.unreachable"); 592 if (!sec) 593 goto reachable; 594 595 list_for_each_entry(reloc, &sec->reloc_list, list) { 596 if (reloc->sym->type != STT_SECTION) { 597 WARN("unexpected relocation symbol type in %s", sec->name); 598 return -1; 599 } 600 insn = find_insn(file, reloc->sym->sec, reloc->addend); 601 if (insn) 602 insn = prev_insn_same_sec(file, insn); 603 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 604 insn = find_last_insn(file, reloc->sym->sec); 605 if (!insn) { 606 WARN("can't find unreachable insn at %s+0x%" PRIx64, 607 reloc->sym->sec->name, reloc->addend); 608 return -1; 609 } 610 } else { 611 WARN("can't find unreachable insn at %s+0x%" PRIx64, 612 reloc->sym->sec->name, reloc->addend); 613 return -1; 614 } 615 616 insn->dead_end = true; 617 } 618 619 reachable: 620 /* 621 * These manually annotated reachable checks are needed for GCC 4.4, 622 * where the Linux unreachable() macro isn't supported. In that case 623 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's 624 * not a dead end. 625 */ 626 sec = find_section_by_name(file->elf, ".rela.discard.reachable"); 627 if (!sec) 628 return 0; 629 630 list_for_each_entry(reloc, &sec->reloc_list, list) { 631 if (reloc->sym->type != STT_SECTION) { 632 WARN("unexpected relocation symbol type in %s", sec->name); 633 return -1; 634 } 635 insn = find_insn(file, reloc->sym->sec, reloc->addend); 636 if (insn) 637 insn = prev_insn_same_sec(file, insn); 638 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 639 insn = find_last_insn(file, reloc->sym->sec); 640 if (!insn) { 641 WARN("can't find reachable insn at %s+0x%" PRIx64, 642 reloc->sym->sec->name, reloc->addend); 643 return -1; 644 } 645 } else { 646 WARN("can't find reachable insn at %s+0x%" PRIx64, 647 reloc->sym->sec->name, reloc->addend); 648 return -1; 649 } 650 651 insn->dead_end = false; 652 } 653 654 return 0; 655 } 656 657 static int create_static_call_sections(struct objtool_file *file) 658 { 659 struct section *sec; 660 struct static_call_site *site; 661 struct instruction *insn; 662 struct symbol *key_sym; 663 char *key_name, *tmp; 664 int idx; 665 666 sec = find_section_by_name(file->elf, ".static_call_sites"); 667 if (sec) { 668 INIT_LIST_HEAD(&file->static_call_list); 669 WARN("file already has .static_call_sites section, skipping"); 670 return 0; 671 } 672 673 if (list_empty(&file->static_call_list)) 674 return 0; 675 676 idx = 0; 677 list_for_each_entry(insn, &file->static_call_list, call_node) 678 idx++; 679 680 sec = elf_create_section(file->elf, ".static_call_sites", 681 sizeof(struct static_call_site), idx); 682 if (!sec) 683 return -1; 684 685 /* Allow modules to set the low bits of static_call_site::key */ 686 sec->sh.sh_flags |= SHF_WRITE; 687 688 idx = 0; 689 list_for_each_entry(insn, &file->static_call_list, call_node) { 690 691 site = (struct static_call_site *)sec->data->d_buf + idx; 692 memset(site, 0, sizeof(struct static_call_site)); 693 694 /* populate reloc for 'addr' */ 695 if (elf_add_reloc_to_insn(file->elf, sec, 696 idx * sizeof(struct static_call_site), 697 R_X86_64_PC32, 698 insn->sec, insn->offset)) 699 return -1; 700 701 /* find key symbol */ 702 key_name = strdup(insn_call_dest(insn)->name); 703 if (!key_name) { 704 perror("strdup"); 705 return -1; 706 } 707 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 708 STATIC_CALL_TRAMP_PREFIX_LEN)) { 709 WARN("static_call: trampoline name malformed: %s", key_name); 710 free(key_name); 711 return -1; 712 } 713 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 714 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 715 716 key_sym = find_symbol_by_name(file->elf, tmp); 717 if (!key_sym) { 718 if (!opts.module) { 719 WARN("static_call: can't find static_call_key symbol: %s", tmp); 720 free(key_name); 721 return -1; 722 } 723 724 /* 725 * For modules(), the key might not be exported, which 726 * means the module can make static calls but isn't 727 * allowed to change them. 728 * 729 * In that case we temporarily set the key to be the 730 * trampoline address. This is fixed up in 731 * static_call_add_module(). 732 */ 733 key_sym = insn_call_dest(insn); 734 } 735 free(key_name); 736 737 /* populate reloc for 'key' */ 738 if (elf_add_reloc(file->elf, sec, 739 idx * sizeof(struct static_call_site) + 4, 740 R_X86_64_PC32, key_sym, 741 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 742 return -1; 743 744 idx++; 745 } 746 747 return 0; 748 } 749 750 static int create_retpoline_sites_sections(struct objtool_file *file) 751 { 752 struct instruction *insn; 753 struct section *sec; 754 int idx; 755 756 sec = find_section_by_name(file->elf, ".retpoline_sites"); 757 if (sec) { 758 WARN("file already has .retpoline_sites, skipping"); 759 return 0; 760 } 761 762 idx = 0; 763 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 764 idx++; 765 766 if (!idx) 767 return 0; 768 769 sec = elf_create_section(file->elf, ".retpoline_sites", 770 sizeof(int), idx); 771 if (!sec) { 772 WARN("elf_create_section: .retpoline_sites"); 773 return -1; 774 } 775 776 idx = 0; 777 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 778 779 int *site = (int *)sec->data->d_buf + idx; 780 *site = 0; 781 782 if (elf_add_reloc_to_insn(file->elf, sec, 783 idx * sizeof(int), 784 R_X86_64_PC32, 785 insn->sec, insn->offset)) { 786 WARN("elf_add_reloc_to_insn: .retpoline_sites"); 787 return -1; 788 } 789 790 idx++; 791 } 792 793 return 0; 794 } 795 796 static int create_return_sites_sections(struct objtool_file *file) 797 { 798 struct instruction *insn; 799 struct section *sec; 800 int idx; 801 802 sec = find_section_by_name(file->elf, ".return_sites"); 803 if (sec) { 804 WARN("file already has .return_sites, skipping"); 805 return 0; 806 } 807 808 idx = 0; 809 list_for_each_entry(insn, &file->return_thunk_list, call_node) 810 idx++; 811 812 if (!idx) 813 return 0; 814 815 sec = elf_create_section(file->elf, ".return_sites", 816 sizeof(int), idx); 817 if (!sec) { 818 WARN("elf_create_section: .return_sites"); 819 return -1; 820 } 821 822 idx = 0; 823 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 824 825 int *site = (int *)sec->data->d_buf + idx; 826 *site = 0; 827 828 if (elf_add_reloc_to_insn(file->elf, sec, 829 idx * sizeof(int), 830 R_X86_64_PC32, 831 insn->sec, insn->offset)) { 832 WARN("elf_add_reloc_to_insn: .return_sites"); 833 return -1; 834 } 835 836 idx++; 837 } 838 839 return 0; 840 } 841 842 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 843 { 844 struct instruction *insn; 845 struct section *sec; 846 int idx; 847 848 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 849 if (sec) { 850 WARN("file already has .ibt_endbr_seal, skipping"); 851 return 0; 852 } 853 854 idx = 0; 855 list_for_each_entry(insn, &file->endbr_list, call_node) 856 idx++; 857 858 if (opts.stats) { 859 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 860 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 861 printf("ibt: superfluous ENDBR: %d\n", idx); 862 } 863 864 if (!idx) 865 return 0; 866 867 sec = elf_create_section(file->elf, ".ibt_endbr_seal", 868 sizeof(int), idx); 869 if (!sec) { 870 WARN("elf_create_section: .ibt_endbr_seal"); 871 return -1; 872 } 873 874 idx = 0; 875 list_for_each_entry(insn, &file->endbr_list, call_node) { 876 877 int *site = (int *)sec->data->d_buf + idx; 878 struct symbol *sym = insn->sym; 879 *site = 0; 880 881 if (opts.module && sym && sym->type == STT_FUNC && 882 insn->offset == sym->offset && 883 (!strcmp(sym->name, "init_module") || 884 !strcmp(sym->name, "cleanup_module"))) 885 WARN("%s(): not an indirect call target", sym->name); 886 887 if (elf_add_reloc_to_insn(file->elf, sec, 888 idx * sizeof(int), 889 R_X86_64_PC32, 890 insn->sec, insn->offset)) { 891 WARN("elf_add_reloc_to_insn: .ibt_endbr_seal"); 892 return -1; 893 } 894 895 idx++; 896 } 897 898 return 0; 899 } 900 901 static int create_cfi_sections(struct objtool_file *file) 902 { 903 struct section *sec; 904 struct symbol *sym; 905 unsigned int *loc; 906 int idx; 907 908 sec = find_section_by_name(file->elf, ".cfi_sites"); 909 if (sec) { 910 INIT_LIST_HEAD(&file->call_list); 911 WARN("file already has .cfi_sites section, skipping"); 912 return 0; 913 } 914 915 idx = 0; 916 for_each_sym(file, sym) { 917 if (sym->type != STT_FUNC) 918 continue; 919 920 if (strncmp(sym->name, "__cfi_", 6)) 921 continue; 922 923 idx++; 924 } 925 926 sec = elf_create_section(file->elf, ".cfi_sites", sizeof(unsigned int), idx); 927 if (!sec) 928 return -1; 929 930 idx = 0; 931 for_each_sym(file, sym) { 932 if (sym->type != STT_FUNC) 933 continue; 934 935 if (strncmp(sym->name, "__cfi_", 6)) 936 continue; 937 938 loc = (unsigned int *)sec->data->d_buf + idx; 939 memset(loc, 0, sizeof(unsigned int)); 940 941 if (elf_add_reloc_to_insn(file->elf, sec, 942 idx * sizeof(unsigned int), 943 R_X86_64_PC32, 944 sym->sec, sym->offset)) 945 return -1; 946 947 idx++; 948 } 949 950 return 0; 951 } 952 953 static int create_mcount_loc_sections(struct objtool_file *file) 954 { 955 int addrsize = elf_class_addrsize(file->elf); 956 struct instruction *insn; 957 struct section *sec; 958 int idx; 959 960 sec = find_section_by_name(file->elf, "__mcount_loc"); 961 if (sec) { 962 INIT_LIST_HEAD(&file->mcount_loc_list); 963 WARN("file already has __mcount_loc section, skipping"); 964 return 0; 965 } 966 967 if (list_empty(&file->mcount_loc_list)) 968 return 0; 969 970 idx = 0; 971 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 972 idx++; 973 974 sec = elf_create_section(file->elf, "__mcount_loc", addrsize, idx); 975 if (!sec) 976 return -1; 977 978 sec->sh.sh_addralign = addrsize; 979 980 idx = 0; 981 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 982 void *loc; 983 984 loc = sec->data->d_buf + idx; 985 memset(loc, 0, addrsize); 986 987 if (elf_add_reloc_to_insn(file->elf, sec, idx, 988 addrsize == sizeof(u64) ? R_ABS64 : R_ABS32, 989 insn->sec, insn->offset)) 990 return -1; 991 992 idx += addrsize; 993 } 994 995 return 0; 996 } 997 998 static int create_direct_call_sections(struct objtool_file *file) 999 { 1000 struct instruction *insn; 1001 struct section *sec; 1002 unsigned int *loc; 1003 int idx; 1004 1005 sec = find_section_by_name(file->elf, ".call_sites"); 1006 if (sec) { 1007 INIT_LIST_HEAD(&file->call_list); 1008 WARN("file already has .call_sites section, skipping"); 1009 return 0; 1010 } 1011 1012 if (list_empty(&file->call_list)) 1013 return 0; 1014 1015 idx = 0; 1016 list_for_each_entry(insn, &file->call_list, call_node) 1017 idx++; 1018 1019 sec = elf_create_section(file->elf, ".call_sites", sizeof(unsigned int), idx); 1020 if (!sec) 1021 return -1; 1022 1023 idx = 0; 1024 list_for_each_entry(insn, &file->call_list, call_node) { 1025 1026 loc = (unsigned int *)sec->data->d_buf + idx; 1027 memset(loc, 0, sizeof(unsigned int)); 1028 1029 if (elf_add_reloc_to_insn(file->elf, sec, 1030 idx * sizeof(unsigned int), 1031 R_X86_64_PC32, 1032 insn->sec, insn->offset)) 1033 return -1; 1034 1035 idx++; 1036 } 1037 1038 return 0; 1039 } 1040 1041 /* 1042 * Warnings shouldn't be reported for ignored functions. 1043 */ 1044 static void add_ignores(struct objtool_file *file) 1045 { 1046 struct instruction *insn; 1047 struct section *sec; 1048 struct symbol *func; 1049 struct reloc *reloc; 1050 1051 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 1052 if (!sec) 1053 return; 1054 1055 list_for_each_entry(reloc, &sec->reloc_list, list) { 1056 switch (reloc->sym->type) { 1057 case STT_FUNC: 1058 func = reloc->sym; 1059 break; 1060 1061 case STT_SECTION: 1062 func = find_func_by_offset(reloc->sym->sec, reloc->addend); 1063 if (!func) 1064 continue; 1065 break; 1066 1067 default: 1068 WARN("unexpected relocation symbol type in %s: %d", sec->name, reloc->sym->type); 1069 continue; 1070 } 1071 1072 func_for_each_insn(file, func, insn) 1073 insn->ignore = true; 1074 } 1075 } 1076 1077 /* 1078 * This is a whitelist of functions that is allowed to be called with AC set. 1079 * The list is meant to be minimal and only contains compiler instrumentation 1080 * ABI and a few functions used to implement *_{to,from}_user() functions. 1081 * 1082 * These functions must not directly change AC, but may PUSHF/POPF. 1083 */ 1084 static const char *uaccess_safe_builtin[] = { 1085 /* KASAN */ 1086 "kasan_report", 1087 "kasan_check_range", 1088 /* KASAN out-of-line */ 1089 "__asan_loadN_noabort", 1090 "__asan_load1_noabort", 1091 "__asan_load2_noabort", 1092 "__asan_load4_noabort", 1093 "__asan_load8_noabort", 1094 "__asan_load16_noabort", 1095 "__asan_storeN_noabort", 1096 "__asan_store1_noabort", 1097 "__asan_store2_noabort", 1098 "__asan_store4_noabort", 1099 "__asan_store8_noabort", 1100 "__asan_store16_noabort", 1101 "__kasan_check_read", 1102 "__kasan_check_write", 1103 /* KASAN in-line */ 1104 "__asan_report_load_n_noabort", 1105 "__asan_report_load1_noabort", 1106 "__asan_report_load2_noabort", 1107 "__asan_report_load4_noabort", 1108 "__asan_report_load8_noabort", 1109 "__asan_report_load16_noabort", 1110 "__asan_report_store_n_noabort", 1111 "__asan_report_store1_noabort", 1112 "__asan_report_store2_noabort", 1113 "__asan_report_store4_noabort", 1114 "__asan_report_store8_noabort", 1115 "__asan_report_store16_noabort", 1116 /* KCSAN */ 1117 "__kcsan_check_access", 1118 "__kcsan_mb", 1119 "__kcsan_wmb", 1120 "__kcsan_rmb", 1121 "__kcsan_release", 1122 "kcsan_found_watchpoint", 1123 "kcsan_setup_watchpoint", 1124 "kcsan_check_scoped_accesses", 1125 "kcsan_disable_current", 1126 "kcsan_enable_current_nowarn", 1127 /* KCSAN/TSAN */ 1128 "__tsan_func_entry", 1129 "__tsan_func_exit", 1130 "__tsan_read_range", 1131 "__tsan_write_range", 1132 "__tsan_read1", 1133 "__tsan_read2", 1134 "__tsan_read4", 1135 "__tsan_read8", 1136 "__tsan_read16", 1137 "__tsan_write1", 1138 "__tsan_write2", 1139 "__tsan_write4", 1140 "__tsan_write8", 1141 "__tsan_write16", 1142 "__tsan_read_write1", 1143 "__tsan_read_write2", 1144 "__tsan_read_write4", 1145 "__tsan_read_write8", 1146 "__tsan_read_write16", 1147 "__tsan_volatile_read1", 1148 "__tsan_volatile_read2", 1149 "__tsan_volatile_read4", 1150 "__tsan_volatile_read8", 1151 "__tsan_volatile_read16", 1152 "__tsan_volatile_write1", 1153 "__tsan_volatile_write2", 1154 "__tsan_volatile_write4", 1155 "__tsan_volatile_write8", 1156 "__tsan_volatile_write16", 1157 "__tsan_atomic8_load", 1158 "__tsan_atomic16_load", 1159 "__tsan_atomic32_load", 1160 "__tsan_atomic64_load", 1161 "__tsan_atomic8_store", 1162 "__tsan_atomic16_store", 1163 "__tsan_atomic32_store", 1164 "__tsan_atomic64_store", 1165 "__tsan_atomic8_exchange", 1166 "__tsan_atomic16_exchange", 1167 "__tsan_atomic32_exchange", 1168 "__tsan_atomic64_exchange", 1169 "__tsan_atomic8_fetch_add", 1170 "__tsan_atomic16_fetch_add", 1171 "__tsan_atomic32_fetch_add", 1172 "__tsan_atomic64_fetch_add", 1173 "__tsan_atomic8_fetch_sub", 1174 "__tsan_atomic16_fetch_sub", 1175 "__tsan_atomic32_fetch_sub", 1176 "__tsan_atomic64_fetch_sub", 1177 "__tsan_atomic8_fetch_and", 1178 "__tsan_atomic16_fetch_and", 1179 "__tsan_atomic32_fetch_and", 1180 "__tsan_atomic64_fetch_and", 1181 "__tsan_atomic8_fetch_or", 1182 "__tsan_atomic16_fetch_or", 1183 "__tsan_atomic32_fetch_or", 1184 "__tsan_atomic64_fetch_or", 1185 "__tsan_atomic8_fetch_xor", 1186 "__tsan_atomic16_fetch_xor", 1187 "__tsan_atomic32_fetch_xor", 1188 "__tsan_atomic64_fetch_xor", 1189 "__tsan_atomic8_fetch_nand", 1190 "__tsan_atomic16_fetch_nand", 1191 "__tsan_atomic32_fetch_nand", 1192 "__tsan_atomic64_fetch_nand", 1193 "__tsan_atomic8_compare_exchange_strong", 1194 "__tsan_atomic16_compare_exchange_strong", 1195 "__tsan_atomic32_compare_exchange_strong", 1196 "__tsan_atomic64_compare_exchange_strong", 1197 "__tsan_atomic8_compare_exchange_weak", 1198 "__tsan_atomic16_compare_exchange_weak", 1199 "__tsan_atomic32_compare_exchange_weak", 1200 "__tsan_atomic64_compare_exchange_weak", 1201 "__tsan_atomic8_compare_exchange_val", 1202 "__tsan_atomic16_compare_exchange_val", 1203 "__tsan_atomic32_compare_exchange_val", 1204 "__tsan_atomic64_compare_exchange_val", 1205 "__tsan_atomic_thread_fence", 1206 "__tsan_atomic_signal_fence", 1207 "__tsan_unaligned_read16", 1208 "__tsan_unaligned_write16", 1209 /* KCOV */ 1210 "write_comp_data", 1211 "check_kcov_mode", 1212 "__sanitizer_cov_trace_pc", 1213 "__sanitizer_cov_trace_const_cmp1", 1214 "__sanitizer_cov_trace_const_cmp2", 1215 "__sanitizer_cov_trace_const_cmp4", 1216 "__sanitizer_cov_trace_const_cmp8", 1217 "__sanitizer_cov_trace_cmp1", 1218 "__sanitizer_cov_trace_cmp2", 1219 "__sanitizer_cov_trace_cmp4", 1220 "__sanitizer_cov_trace_cmp8", 1221 "__sanitizer_cov_trace_switch", 1222 /* KMSAN */ 1223 "kmsan_copy_to_user", 1224 "kmsan_report", 1225 "kmsan_unpoison_entry_regs", 1226 "kmsan_unpoison_memory", 1227 "__msan_chain_origin", 1228 "__msan_get_context_state", 1229 "__msan_instrument_asm_store", 1230 "__msan_metadata_ptr_for_load_1", 1231 "__msan_metadata_ptr_for_load_2", 1232 "__msan_metadata_ptr_for_load_4", 1233 "__msan_metadata_ptr_for_load_8", 1234 "__msan_metadata_ptr_for_load_n", 1235 "__msan_metadata_ptr_for_store_1", 1236 "__msan_metadata_ptr_for_store_2", 1237 "__msan_metadata_ptr_for_store_4", 1238 "__msan_metadata_ptr_for_store_8", 1239 "__msan_metadata_ptr_for_store_n", 1240 "__msan_poison_alloca", 1241 "__msan_warning", 1242 /* UBSAN */ 1243 "ubsan_type_mismatch_common", 1244 "__ubsan_handle_type_mismatch", 1245 "__ubsan_handle_type_mismatch_v1", 1246 "__ubsan_handle_shift_out_of_bounds", 1247 "__ubsan_handle_load_invalid_value", 1248 /* STACKLEAK */ 1249 "stackleak_track_stack", 1250 /* misc */ 1251 "csum_partial_copy_generic", 1252 "copy_mc_fragile", 1253 "copy_mc_fragile_handle_tail", 1254 "copy_mc_enhanced_fast_string", 1255 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 1256 "rep_stos_alternative", 1257 "rep_movs_alternative", 1258 "__copy_user_nocache", 1259 NULL 1260 }; 1261 1262 static void add_uaccess_safe(struct objtool_file *file) 1263 { 1264 struct symbol *func; 1265 const char **name; 1266 1267 if (!opts.uaccess) 1268 return; 1269 1270 for (name = uaccess_safe_builtin; *name; name++) { 1271 func = find_symbol_by_name(file->elf, *name); 1272 if (!func) 1273 continue; 1274 1275 func->uaccess_safe = true; 1276 } 1277 } 1278 1279 /* 1280 * FIXME: For now, just ignore any alternatives which add retpolines. This is 1281 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline. 1282 * But it at least allows objtool to understand the control flow *around* the 1283 * retpoline. 1284 */ 1285 static int add_ignore_alternatives(struct objtool_file *file) 1286 { 1287 struct section *sec; 1288 struct reloc *reloc; 1289 struct instruction *insn; 1290 1291 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts"); 1292 if (!sec) 1293 return 0; 1294 1295 list_for_each_entry(reloc, &sec->reloc_list, list) { 1296 if (reloc->sym->type != STT_SECTION) { 1297 WARN("unexpected relocation symbol type in %s", sec->name); 1298 return -1; 1299 } 1300 1301 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1302 if (!insn) { 1303 WARN("bad .discard.ignore_alts entry"); 1304 return -1; 1305 } 1306 1307 insn->ignore_alts = true; 1308 } 1309 1310 return 0; 1311 } 1312 1313 __weak bool arch_is_retpoline(struct symbol *sym) 1314 { 1315 return false; 1316 } 1317 1318 __weak bool arch_is_rethunk(struct symbol *sym) 1319 { 1320 return false; 1321 } 1322 1323 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1324 { 1325 struct reloc *reloc; 1326 1327 if (insn->no_reloc) 1328 return NULL; 1329 1330 if (!file) 1331 return NULL; 1332 1333 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1334 insn->offset, insn->len); 1335 if (!reloc) { 1336 insn->no_reloc = 1; 1337 return NULL; 1338 } 1339 1340 return reloc; 1341 } 1342 1343 static void remove_insn_ops(struct instruction *insn) 1344 { 1345 struct stack_op *op, *next; 1346 1347 for (op = insn->stack_ops; op; op = next) { 1348 next = op->next; 1349 free(op); 1350 } 1351 insn->stack_ops = NULL; 1352 } 1353 1354 static void annotate_call_site(struct objtool_file *file, 1355 struct instruction *insn, bool sibling) 1356 { 1357 struct reloc *reloc = insn_reloc(file, insn); 1358 struct symbol *sym = insn_call_dest(insn); 1359 1360 if (!sym) 1361 sym = reloc->sym; 1362 1363 /* 1364 * Alternative replacement code is just template code which is 1365 * sometimes copied to the original instruction. For now, don't 1366 * annotate it. (In the future we might consider annotating the 1367 * original instruction if/when it ever makes sense to do so.) 1368 */ 1369 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 1370 return; 1371 1372 if (sym->static_call_tramp) { 1373 list_add_tail(&insn->call_node, &file->static_call_list); 1374 return; 1375 } 1376 1377 if (sym->retpoline_thunk) { 1378 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1379 return; 1380 } 1381 1382 /* 1383 * Many compilers cannot disable KCOV or sanitizer calls with a function 1384 * attribute so they need a little help, NOP out any such calls from 1385 * noinstr text. 1386 */ 1387 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1388 if (reloc) { 1389 reloc->type = R_NONE; 1390 elf_write_reloc(file->elf, reloc); 1391 } 1392 1393 elf_write_insn(file->elf, insn->sec, 1394 insn->offset, insn->len, 1395 sibling ? arch_ret_insn(insn->len) 1396 : arch_nop_insn(insn->len)); 1397 1398 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1399 1400 if (sibling) { 1401 /* 1402 * We've replaced the tail-call JMP insn by two new 1403 * insn: RET; INT3, except we only have a single struct 1404 * insn here. Mark it retpoline_safe to avoid the SLS 1405 * warning, instead of adding another insn. 1406 */ 1407 insn->retpoline_safe = true; 1408 } 1409 1410 return; 1411 } 1412 1413 if (opts.mcount && sym->fentry) { 1414 if (sibling) 1415 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1416 if (opts.mnop) { 1417 if (reloc) { 1418 reloc->type = R_NONE; 1419 elf_write_reloc(file->elf, reloc); 1420 } 1421 1422 elf_write_insn(file->elf, insn->sec, 1423 insn->offset, insn->len, 1424 arch_nop_insn(insn->len)); 1425 1426 insn->type = INSN_NOP; 1427 } 1428 1429 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1430 return; 1431 } 1432 1433 if (insn->type == INSN_CALL && !insn->sec->init) 1434 list_add_tail(&insn->call_node, &file->call_list); 1435 1436 if (!sibling && dead_end_function(file, sym)) 1437 insn->dead_end = true; 1438 } 1439 1440 static void add_call_dest(struct objtool_file *file, struct instruction *insn, 1441 struct symbol *dest, bool sibling) 1442 { 1443 insn->_call_dest = dest; 1444 if (!dest) 1445 return; 1446 1447 /* 1448 * Whatever stack impact regular CALLs have, should be undone 1449 * by the RETURN of the called function. 1450 * 1451 * Annotated intra-function calls retain the stack_ops but 1452 * are converted to JUMP, see read_intra_function_calls(). 1453 */ 1454 remove_insn_ops(insn); 1455 1456 annotate_call_site(file, insn, sibling); 1457 } 1458 1459 static void add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1460 { 1461 /* 1462 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1463 * so convert them accordingly. 1464 */ 1465 switch (insn->type) { 1466 case INSN_CALL: 1467 insn->type = INSN_CALL_DYNAMIC; 1468 break; 1469 case INSN_JUMP_UNCONDITIONAL: 1470 insn->type = INSN_JUMP_DYNAMIC; 1471 break; 1472 case INSN_JUMP_CONDITIONAL: 1473 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1474 break; 1475 default: 1476 return; 1477 } 1478 1479 insn->retpoline_safe = true; 1480 1481 /* 1482 * Whatever stack impact regular CALLs have, should be undone 1483 * by the RETURN of the called function. 1484 * 1485 * Annotated intra-function calls retain the stack_ops but 1486 * are converted to JUMP, see read_intra_function_calls(). 1487 */ 1488 remove_insn_ops(insn); 1489 1490 annotate_call_site(file, insn, false); 1491 } 1492 1493 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1494 { 1495 /* 1496 * Return thunk tail calls are really just returns in disguise, 1497 * so convert them accordingly. 1498 */ 1499 insn->type = INSN_RETURN; 1500 insn->retpoline_safe = true; 1501 1502 if (add) 1503 list_add_tail(&insn->call_node, &file->return_thunk_list); 1504 } 1505 1506 static bool is_first_func_insn(struct objtool_file *file, 1507 struct instruction *insn, struct symbol *sym) 1508 { 1509 if (insn->offset == sym->offset) 1510 return true; 1511 1512 /* Allow direct CALL/JMP past ENDBR */ 1513 if (opts.ibt) { 1514 struct instruction *prev = prev_insn_same_sym(file, insn); 1515 1516 if (prev && prev->type == INSN_ENDBR && 1517 insn->offset == sym->offset + prev->len) 1518 return true; 1519 } 1520 1521 return false; 1522 } 1523 1524 /* 1525 * A sibling call is a tail-call to another symbol -- to differentiate from a 1526 * recursive tail-call which is to the same symbol. 1527 */ 1528 static bool jump_is_sibling_call(struct objtool_file *file, 1529 struct instruction *from, struct instruction *to) 1530 { 1531 struct symbol *fs = from->sym; 1532 struct symbol *ts = to->sym; 1533 1534 /* Not a sibling call if from/to a symbol hole */ 1535 if (!fs || !ts) 1536 return false; 1537 1538 /* Not a sibling call if not targeting the start of a symbol. */ 1539 if (!is_first_func_insn(file, to, ts)) 1540 return false; 1541 1542 /* Disallow sibling calls into STT_NOTYPE */ 1543 if (ts->type == STT_NOTYPE) 1544 return false; 1545 1546 /* Must not be self to be a sibling */ 1547 return fs->pfunc != ts->pfunc; 1548 } 1549 1550 /* 1551 * Find the destination instructions for all jumps. 1552 */ 1553 static int add_jump_destinations(struct objtool_file *file) 1554 { 1555 struct instruction *insn, *jump_dest; 1556 struct reloc *reloc; 1557 struct section *dest_sec; 1558 unsigned long dest_off; 1559 1560 for_each_insn(file, insn) { 1561 if (insn->jump_dest) { 1562 /* 1563 * handle_group_alt() may have previously set 1564 * 'jump_dest' for some alternatives. 1565 */ 1566 continue; 1567 } 1568 if (!is_static_jump(insn)) 1569 continue; 1570 1571 reloc = insn_reloc(file, insn); 1572 if (!reloc) { 1573 dest_sec = insn->sec; 1574 dest_off = arch_jump_destination(insn); 1575 } else if (reloc->sym->type == STT_SECTION) { 1576 dest_sec = reloc->sym->sec; 1577 dest_off = arch_dest_reloc_offset(reloc->addend); 1578 } else if (reloc->sym->retpoline_thunk) { 1579 add_retpoline_call(file, insn); 1580 continue; 1581 } else if (reloc->sym->return_thunk) { 1582 add_return_call(file, insn, true); 1583 continue; 1584 } else if (insn_func(insn)) { 1585 /* 1586 * External sibling call or internal sibling call with 1587 * STT_FUNC reloc. 1588 */ 1589 add_call_dest(file, insn, reloc->sym, true); 1590 continue; 1591 } else if (reloc->sym->sec->idx) { 1592 dest_sec = reloc->sym->sec; 1593 dest_off = reloc->sym->sym.st_value + 1594 arch_dest_reloc_offset(reloc->addend); 1595 } else { 1596 /* non-func asm code jumping to another file */ 1597 continue; 1598 } 1599 1600 jump_dest = find_insn(file, dest_sec, dest_off); 1601 if (!jump_dest) { 1602 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1603 1604 /* 1605 * This is a special case for zen_untrain_ret(). 1606 * It jumps to __x86_return_thunk(), but objtool 1607 * can't find the thunk's starting RET 1608 * instruction, because the RET is also in the 1609 * middle of another instruction. Objtool only 1610 * knows about the outer instruction. 1611 */ 1612 if (sym && sym->return_thunk) { 1613 add_return_call(file, insn, false); 1614 continue; 1615 } 1616 1617 WARN_INSN(insn, "can't find jump dest instruction at %s+0x%lx", 1618 dest_sec->name, dest_off); 1619 return -1; 1620 } 1621 1622 /* 1623 * Cross-function jump. 1624 */ 1625 if (insn_func(insn) && insn_func(jump_dest) && 1626 insn_func(insn) != insn_func(jump_dest)) { 1627 1628 /* 1629 * For GCC 8+, create parent/child links for any cold 1630 * subfunctions. This is _mostly_ redundant with a 1631 * similar initialization in read_symbols(). 1632 * 1633 * If a function has aliases, we want the *first* such 1634 * function in the symbol table to be the subfunction's 1635 * parent. In that case we overwrite the 1636 * initialization done in read_symbols(). 1637 * 1638 * However this code can't completely replace the 1639 * read_symbols() code because this doesn't detect the 1640 * case where the parent function's only reference to a 1641 * subfunction is through a jump table. 1642 */ 1643 if (!strstr(insn_func(insn)->name, ".cold") && 1644 strstr(insn_func(jump_dest)->name, ".cold")) { 1645 insn_func(insn)->cfunc = insn_func(jump_dest); 1646 insn_func(jump_dest)->pfunc = insn_func(insn); 1647 } 1648 } 1649 1650 if (jump_is_sibling_call(file, insn, jump_dest)) { 1651 /* 1652 * Internal sibling call without reloc or with 1653 * STT_SECTION reloc. 1654 */ 1655 add_call_dest(file, insn, insn_func(jump_dest), true); 1656 continue; 1657 } 1658 1659 insn->jump_dest = jump_dest; 1660 } 1661 1662 return 0; 1663 } 1664 1665 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1666 { 1667 struct symbol *call_dest; 1668 1669 call_dest = find_func_by_offset(sec, offset); 1670 if (!call_dest) 1671 call_dest = find_symbol_by_offset(sec, offset); 1672 1673 return call_dest; 1674 } 1675 1676 /* 1677 * Find the destination instructions for all calls. 1678 */ 1679 static int add_call_destinations(struct objtool_file *file) 1680 { 1681 struct instruction *insn; 1682 unsigned long dest_off; 1683 struct symbol *dest; 1684 struct reloc *reloc; 1685 1686 for_each_insn(file, insn) { 1687 if (insn->type != INSN_CALL) 1688 continue; 1689 1690 reloc = insn_reloc(file, insn); 1691 if (!reloc) { 1692 dest_off = arch_jump_destination(insn); 1693 dest = find_call_destination(insn->sec, dest_off); 1694 1695 add_call_dest(file, insn, dest, false); 1696 1697 if (insn->ignore) 1698 continue; 1699 1700 if (!insn_call_dest(insn)) { 1701 WARN_INSN(insn, "unannotated intra-function call"); 1702 return -1; 1703 } 1704 1705 if (insn_func(insn) && insn_call_dest(insn)->type != STT_FUNC) { 1706 WARN_INSN(insn, "unsupported call to non-function"); 1707 return -1; 1708 } 1709 1710 } else if (reloc->sym->type == STT_SECTION) { 1711 dest_off = arch_dest_reloc_offset(reloc->addend); 1712 dest = find_call_destination(reloc->sym->sec, dest_off); 1713 if (!dest) { 1714 WARN_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1715 reloc->sym->sec->name, dest_off); 1716 return -1; 1717 } 1718 1719 add_call_dest(file, insn, dest, false); 1720 1721 } else if (reloc->sym->retpoline_thunk) { 1722 add_retpoline_call(file, insn); 1723 1724 } else 1725 add_call_dest(file, insn, reloc->sym, false); 1726 } 1727 1728 return 0; 1729 } 1730 1731 /* 1732 * The .alternatives section requires some extra special care over and above 1733 * other special sections because alternatives are patched in place. 1734 */ 1735 static int handle_group_alt(struct objtool_file *file, 1736 struct special_alt *special_alt, 1737 struct instruction *orig_insn, 1738 struct instruction **new_insn) 1739 { 1740 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1741 struct alt_group *orig_alt_group, *new_alt_group; 1742 unsigned long dest_off; 1743 1744 orig_alt_group = orig_insn->alt_group; 1745 if (!orig_alt_group) { 1746 struct instruction *last_orig_insn = NULL; 1747 1748 orig_alt_group = malloc(sizeof(*orig_alt_group)); 1749 if (!orig_alt_group) { 1750 WARN("malloc failed"); 1751 return -1; 1752 } 1753 orig_alt_group->cfi = calloc(special_alt->orig_len, 1754 sizeof(struct cfi_state *)); 1755 if (!orig_alt_group->cfi) { 1756 WARN("calloc failed"); 1757 return -1; 1758 } 1759 1760 insn = orig_insn; 1761 sec_for_each_insn_from(file, insn) { 1762 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1763 break; 1764 1765 insn->alt_group = orig_alt_group; 1766 last_orig_insn = insn; 1767 } 1768 orig_alt_group->orig_group = NULL; 1769 orig_alt_group->first_insn = orig_insn; 1770 orig_alt_group->last_insn = last_orig_insn; 1771 orig_alt_group->nop = NULL; 1772 } else { 1773 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1774 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1775 WARN_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1776 orig_alt_group->last_insn->offset + 1777 orig_alt_group->last_insn->len - 1778 orig_alt_group->first_insn->offset, 1779 special_alt->orig_len); 1780 return -1; 1781 } 1782 } 1783 1784 new_alt_group = malloc(sizeof(*new_alt_group)); 1785 if (!new_alt_group) { 1786 WARN("malloc failed"); 1787 return -1; 1788 } 1789 1790 if (special_alt->new_len < special_alt->orig_len) { 1791 /* 1792 * Insert a fake nop at the end to make the replacement 1793 * alt_group the same size as the original. This is needed to 1794 * allow propagate_alt_cfi() to do its magic. When the last 1795 * instruction affects the stack, the instruction after it (the 1796 * nop) will propagate the new state to the shared CFI array. 1797 */ 1798 nop = malloc(sizeof(*nop)); 1799 if (!nop) { 1800 WARN("malloc failed"); 1801 return -1; 1802 } 1803 memset(nop, 0, sizeof(*nop)); 1804 1805 nop->sec = special_alt->new_sec; 1806 nop->offset = special_alt->new_off + special_alt->new_len; 1807 nop->len = special_alt->orig_len - special_alt->new_len; 1808 nop->type = INSN_NOP; 1809 nop->sym = orig_insn->sym; 1810 nop->alt_group = new_alt_group; 1811 nop->ignore = orig_insn->ignore_alts; 1812 } 1813 1814 if (!special_alt->new_len) { 1815 *new_insn = nop; 1816 goto end; 1817 } 1818 1819 insn = *new_insn; 1820 sec_for_each_insn_from(file, insn) { 1821 struct reloc *alt_reloc; 1822 1823 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1824 break; 1825 1826 last_new_insn = insn; 1827 1828 insn->ignore = orig_insn->ignore_alts; 1829 insn->sym = orig_insn->sym; 1830 insn->alt_group = new_alt_group; 1831 1832 /* 1833 * Since alternative replacement code is copy/pasted by the 1834 * kernel after applying relocations, generally such code can't 1835 * have relative-address relocation references to outside the 1836 * .altinstr_replacement section, unless the arch's 1837 * alternatives code can adjust the relative offsets 1838 * accordingly. 1839 */ 1840 alt_reloc = insn_reloc(file, insn); 1841 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1842 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1843 1844 WARN_INSN(insn, "unsupported relocation in alternatives section"); 1845 return -1; 1846 } 1847 1848 if (!is_static_jump(insn)) 1849 continue; 1850 1851 if (!insn->immediate) 1852 continue; 1853 1854 dest_off = arch_jump_destination(insn); 1855 if (dest_off == special_alt->new_off + special_alt->new_len) { 1856 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1857 if (!insn->jump_dest) { 1858 WARN_INSN(insn, "can't find alternative jump destination"); 1859 return -1; 1860 } 1861 } 1862 } 1863 1864 if (!last_new_insn) { 1865 WARN_FUNC("can't find last new alternative instruction", 1866 special_alt->new_sec, special_alt->new_off); 1867 return -1; 1868 } 1869 1870 end: 1871 new_alt_group->orig_group = orig_alt_group; 1872 new_alt_group->first_insn = *new_insn; 1873 new_alt_group->last_insn = last_new_insn; 1874 new_alt_group->nop = nop; 1875 new_alt_group->cfi = orig_alt_group->cfi; 1876 return 0; 1877 } 1878 1879 /* 1880 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1881 * If the original instruction is a jump, make the alt entry an effective nop 1882 * by just skipping the original instruction. 1883 */ 1884 static int handle_jump_alt(struct objtool_file *file, 1885 struct special_alt *special_alt, 1886 struct instruction *orig_insn, 1887 struct instruction **new_insn) 1888 { 1889 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1890 orig_insn->type != INSN_NOP) { 1891 1892 WARN_INSN(orig_insn, "unsupported instruction at jump label"); 1893 return -1; 1894 } 1895 1896 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1897 struct reloc *reloc = insn_reloc(file, orig_insn); 1898 1899 if (reloc) { 1900 reloc->type = R_NONE; 1901 elf_write_reloc(file->elf, reloc); 1902 } 1903 elf_write_insn(file->elf, orig_insn->sec, 1904 orig_insn->offset, orig_insn->len, 1905 arch_nop_insn(orig_insn->len)); 1906 orig_insn->type = INSN_NOP; 1907 } 1908 1909 if (orig_insn->type == INSN_NOP) { 1910 if (orig_insn->len == 2) 1911 file->jl_nop_short++; 1912 else 1913 file->jl_nop_long++; 1914 1915 return 0; 1916 } 1917 1918 if (orig_insn->len == 2) 1919 file->jl_short++; 1920 else 1921 file->jl_long++; 1922 1923 *new_insn = next_insn_same_sec(file, orig_insn); 1924 return 0; 1925 } 1926 1927 /* 1928 * Read all the special sections which have alternate instructions which can be 1929 * patched in or redirected to at runtime. Each instruction having alternate 1930 * instruction(s) has them added to its insn->alts list, which will be 1931 * traversed in validate_branch(). 1932 */ 1933 static int add_special_section_alts(struct objtool_file *file) 1934 { 1935 struct list_head special_alts; 1936 struct instruction *orig_insn, *new_insn; 1937 struct special_alt *special_alt, *tmp; 1938 struct alternative *alt; 1939 int ret; 1940 1941 ret = special_get_alts(file->elf, &special_alts); 1942 if (ret) 1943 return ret; 1944 1945 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1946 1947 orig_insn = find_insn(file, special_alt->orig_sec, 1948 special_alt->orig_off); 1949 if (!orig_insn) { 1950 WARN_FUNC("special: can't find orig instruction", 1951 special_alt->orig_sec, special_alt->orig_off); 1952 ret = -1; 1953 goto out; 1954 } 1955 1956 new_insn = NULL; 1957 if (!special_alt->group || special_alt->new_len) { 1958 new_insn = find_insn(file, special_alt->new_sec, 1959 special_alt->new_off); 1960 if (!new_insn) { 1961 WARN_FUNC("special: can't find new instruction", 1962 special_alt->new_sec, 1963 special_alt->new_off); 1964 ret = -1; 1965 goto out; 1966 } 1967 } 1968 1969 if (special_alt->group) { 1970 if (!special_alt->orig_len) { 1971 WARN_INSN(orig_insn, "empty alternative entry"); 1972 continue; 1973 } 1974 1975 ret = handle_group_alt(file, special_alt, orig_insn, 1976 &new_insn); 1977 if (ret) 1978 goto out; 1979 } else if (special_alt->jump_or_nop) { 1980 ret = handle_jump_alt(file, special_alt, orig_insn, 1981 &new_insn); 1982 if (ret) 1983 goto out; 1984 } 1985 1986 alt = malloc(sizeof(*alt)); 1987 if (!alt) { 1988 WARN("malloc failed"); 1989 ret = -1; 1990 goto out; 1991 } 1992 1993 alt->insn = new_insn; 1994 alt->skip_orig = special_alt->skip_orig; 1995 orig_insn->ignore_alts |= special_alt->skip_alt; 1996 alt->next = orig_insn->alts; 1997 orig_insn->alts = alt; 1998 1999 list_del(&special_alt->list); 2000 free(special_alt); 2001 } 2002 2003 if (opts.stats) { 2004 printf("jl\\\tNOP\tJMP\n"); 2005 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 2006 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 2007 } 2008 2009 out: 2010 return ret; 2011 } 2012 2013 static int add_jump_table(struct objtool_file *file, struct instruction *insn, 2014 struct reloc *table) 2015 { 2016 struct reloc *reloc = table; 2017 struct instruction *dest_insn; 2018 struct alternative *alt; 2019 struct symbol *pfunc = insn_func(insn)->pfunc; 2020 unsigned int prev_offset = 0; 2021 2022 /* 2023 * Each @reloc is a switch table relocation which points to the target 2024 * instruction. 2025 */ 2026 list_for_each_entry_from(reloc, &table->sec->reloc_list, list) { 2027 2028 /* Check for the end of the table: */ 2029 if (reloc != table && reloc->jump_table_start) 2030 break; 2031 2032 /* Make sure the table entries are consecutive: */ 2033 if (prev_offset && reloc->offset != prev_offset + 8) 2034 break; 2035 2036 /* Detect function pointers from contiguous objects: */ 2037 if (reloc->sym->sec == pfunc->sec && 2038 reloc->addend == pfunc->offset) 2039 break; 2040 2041 dest_insn = find_insn(file, reloc->sym->sec, reloc->addend); 2042 if (!dest_insn) 2043 break; 2044 2045 /* Make sure the destination is in the same function: */ 2046 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 2047 break; 2048 2049 alt = malloc(sizeof(*alt)); 2050 if (!alt) { 2051 WARN("malloc failed"); 2052 return -1; 2053 } 2054 2055 alt->insn = dest_insn; 2056 alt->next = insn->alts; 2057 insn->alts = alt; 2058 prev_offset = reloc->offset; 2059 } 2060 2061 if (!prev_offset) { 2062 WARN_INSN(insn, "can't find switch jump table"); 2063 return -1; 2064 } 2065 2066 return 0; 2067 } 2068 2069 /* 2070 * find_jump_table() - Given a dynamic jump, find the switch jump table 2071 * associated with it. 2072 */ 2073 static struct reloc *find_jump_table(struct objtool_file *file, 2074 struct symbol *func, 2075 struct instruction *insn) 2076 { 2077 struct reloc *table_reloc; 2078 struct instruction *dest_insn, *orig_insn = insn; 2079 2080 /* 2081 * Backward search using the @first_jump_src links, these help avoid 2082 * much of the 'in between' code. Which avoids us getting confused by 2083 * it. 2084 */ 2085 for (; 2086 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2087 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2088 2089 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2090 break; 2091 2092 /* allow small jumps within the range */ 2093 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2094 insn->jump_dest && 2095 (insn->jump_dest->offset <= insn->offset || 2096 insn->jump_dest->offset > orig_insn->offset)) 2097 break; 2098 2099 table_reloc = arch_find_switch_table(file, insn); 2100 if (!table_reloc) 2101 continue; 2102 dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend); 2103 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2104 continue; 2105 2106 return table_reloc; 2107 } 2108 2109 return NULL; 2110 } 2111 2112 /* 2113 * First pass: Mark the head of each jump table so that in the next pass, 2114 * we know when a given jump table ends and the next one starts. 2115 */ 2116 static void mark_func_jump_tables(struct objtool_file *file, 2117 struct symbol *func) 2118 { 2119 struct instruction *insn, *last = NULL; 2120 struct reloc *reloc; 2121 2122 func_for_each_insn(file, func, insn) { 2123 if (!last) 2124 last = insn; 2125 2126 /* 2127 * Store back-pointers for unconditional forward jumps such 2128 * that find_jump_table() can back-track using those and 2129 * avoid some potentially confusing code. 2130 */ 2131 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2132 insn->offset > last->offset && 2133 insn->jump_dest->offset > insn->offset && 2134 !insn->jump_dest->first_jump_src) { 2135 2136 insn->jump_dest->first_jump_src = insn; 2137 last = insn->jump_dest; 2138 } 2139 2140 if (insn->type != INSN_JUMP_DYNAMIC) 2141 continue; 2142 2143 reloc = find_jump_table(file, func, insn); 2144 if (reloc) { 2145 reloc->jump_table_start = true; 2146 insn->_jump_table = reloc; 2147 } 2148 } 2149 } 2150 2151 static int add_func_jump_tables(struct objtool_file *file, 2152 struct symbol *func) 2153 { 2154 struct instruction *insn; 2155 int ret; 2156 2157 func_for_each_insn(file, func, insn) { 2158 if (!insn_jump_table(insn)) 2159 continue; 2160 2161 ret = add_jump_table(file, insn, insn_jump_table(insn)); 2162 if (ret) 2163 return ret; 2164 } 2165 2166 return 0; 2167 } 2168 2169 /* 2170 * For some switch statements, gcc generates a jump table in the .rodata 2171 * section which contains a list of addresses within the function to jump to. 2172 * This finds these jump tables and adds them to the insn->alts lists. 2173 */ 2174 static int add_jump_table_alts(struct objtool_file *file) 2175 { 2176 struct symbol *func; 2177 int ret; 2178 2179 if (!file->rodata) 2180 return 0; 2181 2182 for_each_sym(file, func) { 2183 if (func->type != STT_FUNC) 2184 continue; 2185 2186 mark_func_jump_tables(file, func); 2187 ret = add_func_jump_tables(file, func); 2188 if (ret) 2189 return ret; 2190 } 2191 2192 return 0; 2193 } 2194 2195 static void set_func_state(struct cfi_state *state) 2196 { 2197 state->cfa = initial_func_cfi.cfa; 2198 memcpy(&state->regs, &initial_func_cfi.regs, 2199 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2200 state->stack_size = initial_func_cfi.cfa.offset; 2201 state->type = UNWIND_HINT_TYPE_CALL; 2202 } 2203 2204 static int read_unwind_hints(struct objtool_file *file) 2205 { 2206 struct cfi_state cfi = init_cfi; 2207 struct section *sec, *relocsec; 2208 struct unwind_hint *hint; 2209 struct instruction *insn; 2210 struct reloc *reloc; 2211 int i; 2212 2213 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2214 if (!sec) 2215 return 0; 2216 2217 relocsec = sec->reloc; 2218 if (!relocsec) { 2219 WARN("missing .rela.discard.unwind_hints section"); 2220 return -1; 2221 } 2222 2223 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2224 WARN("struct unwind_hint size mismatch"); 2225 return -1; 2226 } 2227 2228 file->hints = true; 2229 2230 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2231 hint = (struct unwind_hint *)sec->data->d_buf + i; 2232 2233 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2234 if (!reloc) { 2235 WARN("can't find reloc for unwind_hints[%d]", i); 2236 return -1; 2237 } 2238 2239 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2240 if (!insn) { 2241 WARN("can't find insn for unwind_hints[%d]", i); 2242 return -1; 2243 } 2244 2245 insn->hint = true; 2246 2247 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) { 2248 insn->cfi = &force_undefined_cfi; 2249 continue; 2250 } 2251 2252 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2253 insn->hint = false; 2254 insn->save = true; 2255 continue; 2256 } 2257 2258 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2259 insn->restore = true; 2260 continue; 2261 } 2262 2263 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2264 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2265 2266 if (sym && sym->bind == STB_GLOBAL) { 2267 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2268 WARN_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2269 } 2270 } 2271 } 2272 2273 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2274 insn->cfi = &func_cfi; 2275 continue; 2276 } 2277 2278 if (insn->cfi) 2279 cfi = *(insn->cfi); 2280 2281 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2282 WARN_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2283 return -1; 2284 } 2285 2286 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2287 cfi.type = hint->type; 2288 cfi.signal = hint->signal; 2289 2290 insn->cfi = cfi_hash_find_or_add(&cfi); 2291 } 2292 2293 return 0; 2294 } 2295 2296 static int read_noendbr_hints(struct objtool_file *file) 2297 { 2298 struct section *sec; 2299 struct instruction *insn; 2300 struct reloc *reloc; 2301 2302 sec = find_section_by_name(file->elf, ".rela.discard.noendbr"); 2303 if (!sec) 2304 return 0; 2305 2306 list_for_each_entry(reloc, &sec->reloc_list, list) { 2307 insn = find_insn(file, reloc->sym->sec, reloc->sym->offset + reloc->addend); 2308 if (!insn) { 2309 WARN("bad .discard.noendbr entry"); 2310 return -1; 2311 } 2312 2313 insn->noendbr = 1; 2314 } 2315 2316 return 0; 2317 } 2318 2319 static int read_retpoline_hints(struct objtool_file *file) 2320 { 2321 struct section *sec; 2322 struct instruction *insn; 2323 struct reloc *reloc; 2324 2325 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); 2326 if (!sec) 2327 return 0; 2328 2329 list_for_each_entry(reloc, &sec->reloc_list, list) { 2330 if (reloc->sym->type != STT_SECTION) { 2331 WARN("unexpected relocation symbol type in %s", sec->name); 2332 return -1; 2333 } 2334 2335 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2336 if (!insn) { 2337 WARN("bad .discard.retpoline_safe entry"); 2338 return -1; 2339 } 2340 2341 if (insn->type != INSN_JUMP_DYNAMIC && 2342 insn->type != INSN_CALL_DYNAMIC && 2343 insn->type != INSN_RETURN && 2344 insn->type != INSN_NOP) { 2345 WARN_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2346 return -1; 2347 } 2348 2349 insn->retpoline_safe = true; 2350 } 2351 2352 return 0; 2353 } 2354 2355 static int read_instr_hints(struct objtool_file *file) 2356 { 2357 struct section *sec; 2358 struct instruction *insn; 2359 struct reloc *reloc; 2360 2361 sec = find_section_by_name(file->elf, ".rela.discard.instr_end"); 2362 if (!sec) 2363 return 0; 2364 2365 list_for_each_entry(reloc, &sec->reloc_list, list) { 2366 if (reloc->sym->type != STT_SECTION) { 2367 WARN("unexpected relocation symbol type in %s", sec->name); 2368 return -1; 2369 } 2370 2371 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2372 if (!insn) { 2373 WARN("bad .discard.instr_end entry"); 2374 return -1; 2375 } 2376 2377 insn->instr--; 2378 } 2379 2380 sec = find_section_by_name(file->elf, ".rela.discard.instr_begin"); 2381 if (!sec) 2382 return 0; 2383 2384 list_for_each_entry(reloc, &sec->reloc_list, list) { 2385 if (reloc->sym->type != STT_SECTION) { 2386 WARN("unexpected relocation symbol type in %s", sec->name); 2387 return -1; 2388 } 2389 2390 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2391 if (!insn) { 2392 WARN("bad .discard.instr_begin entry"); 2393 return -1; 2394 } 2395 2396 insn->instr++; 2397 } 2398 2399 return 0; 2400 } 2401 2402 static int read_validate_unret_hints(struct objtool_file *file) 2403 { 2404 struct section *sec; 2405 struct instruction *insn; 2406 struct reloc *reloc; 2407 2408 sec = find_section_by_name(file->elf, ".rela.discard.validate_unret"); 2409 if (!sec) 2410 return 0; 2411 2412 list_for_each_entry(reloc, &sec->reloc_list, list) { 2413 if (reloc->sym->type != STT_SECTION) { 2414 WARN("unexpected relocation symbol type in %s", sec->name); 2415 return -1; 2416 } 2417 2418 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2419 if (!insn) { 2420 WARN("bad .discard.instr_end entry"); 2421 return -1; 2422 } 2423 insn->unret = 1; 2424 } 2425 2426 return 0; 2427 } 2428 2429 2430 static int read_intra_function_calls(struct objtool_file *file) 2431 { 2432 struct instruction *insn; 2433 struct section *sec; 2434 struct reloc *reloc; 2435 2436 sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls"); 2437 if (!sec) 2438 return 0; 2439 2440 list_for_each_entry(reloc, &sec->reloc_list, list) { 2441 unsigned long dest_off; 2442 2443 if (reloc->sym->type != STT_SECTION) { 2444 WARN("unexpected relocation symbol type in %s", 2445 sec->name); 2446 return -1; 2447 } 2448 2449 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2450 if (!insn) { 2451 WARN("bad .discard.intra_function_call entry"); 2452 return -1; 2453 } 2454 2455 if (insn->type != INSN_CALL) { 2456 WARN_INSN(insn, "intra_function_call not a direct call"); 2457 return -1; 2458 } 2459 2460 /* 2461 * Treat intra-function CALLs as JMPs, but with a stack_op. 2462 * See add_call_destinations(), which strips stack_ops from 2463 * normal CALLs. 2464 */ 2465 insn->type = INSN_JUMP_UNCONDITIONAL; 2466 2467 dest_off = arch_jump_destination(insn); 2468 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2469 if (!insn->jump_dest) { 2470 WARN_INSN(insn, "can't find call dest at %s+0x%lx", 2471 insn->sec->name, dest_off); 2472 return -1; 2473 } 2474 } 2475 2476 return 0; 2477 } 2478 2479 /* 2480 * Return true if name matches an instrumentation function, where calls to that 2481 * function from noinstr code can safely be removed, but compilers won't do so. 2482 */ 2483 static bool is_profiling_func(const char *name) 2484 { 2485 /* 2486 * Many compilers cannot disable KCOV with a function attribute. 2487 */ 2488 if (!strncmp(name, "__sanitizer_cov_", 16)) 2489 return true; 2490 2491 /* 2492 * Some compilers currently do not remove __tsan_func_entry/exit nor 2493 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2494 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2495 * minimum Clang version is 14.0, this can be removed. 2496 */ 2497 if (!strncmp(name, "__tsan_func_", 12) || 2498 !strcmp(name, "__tsan_atomic_signal_fence")) 2499 return true; 2500 2501 return false; 2502 } 2503 2504 static int classify_symbols(struct objtool_file *file) 2505 { 2506 struct symbol *func; 2507 2508 for_each_sym(file, func) { 2509 if (func->bind != STB_GLOBAL) 2510 continue; 2511 2512 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2513 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2514 func->static_call_tramp = true; 2515 2516 if (arch_is_retpoline(func)) 2517 func->retpoline_thunk = true; 2518 2519 if (arch_is_rethunk(func)) 2520 func->return_thunk = true; 2521 2522 if (arch_ftrace_match(func->name)) 2523 func->fentry = true; 2524 2525 if (is_profiling_func(func->name)) 2526 func->profiling_func = true; 2527 } 2528 2529 return 0; 2530 } 2531 2532 static void mark_rodata(struct objtool_file *file) 2533 { 2534 struct section *sec; 2535 bool found = false; 2536 2537 /* 2538 * Search for the following rodata sections, each of which can 2539 * potentially contain jump tables: 2540 * 2541 * - .rodata: can contain GCC switch tables 2542 * - .rodata.<func>: same, if -fdata-sections is being used 2543 * - .rodata..c_jump_table: contains C annotated jump tables 2544 * 2545 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2546 */ 2547 for_each_sec(file, sec) { 2548 if (!strncmp(sec->name, ".rodata", 7) && 2549 !strstr(sec->name, ".str1.")) { 2550 sec->rodata = true; 2551 found = true; 2552 } 2553 } 2554 2555 file->rodata = found; 2556 } 2557 2558 static int decode_sections(struct objtool_file *file) 2559 { 2560 int ret; 2561 2562 mark_rodata(file); 2563 2564 ret = init_pv_ops(file); 2565 if (ret) 2566 return ret; 2567 2568 /* 2569 * Must be before add_{jump_call}_destination. 2570 */ 2571 ret = classify_symbols(file); 2572 if (ret) 2573 return ret; 2574 2575 ret = decode_instructions(file); 2576 if (ret) 2577 return ret; 2578 2579 add_ignores(file); 2580 add_uaccess_safe(file); 2581 2582 ret = add_ignore_alternatives(file); 2583 if (ret) 2584 return ret; 2585 2586 /* 2587 * Must be before read_unwind_hints() since that needs insn->noendbr. 2588 */ 2589 ret = read_noendbr_hints(file); 2590 if (ret) 2591 return ret; 2592 2593 /* 2594 * Must be before add_jump_destinations(), which depends on 'func' 2595 * being set for alternatives, to enable proper sibling call detection. 2596 */ 2597 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) { 2598 ret = add_special_section_alts(file); 2599 if (ret) 2600 return ret; 2601 } 2602 2603 ret = add_jump_destinations(file); 2604 if (ret) 2605 return ret; 2606 2607 /* 2608 * Must be before add_call_destination(); it changes INSN_CALL to 2609 * INSN_JUMP. 2610 */ 2611 ret = read_intra_function_calls(file); 2612 if (ret) 2613 return ret; 2614 2615 ret = add_call_destinations(file); 2616 if (ret) 2617 return ret; 2618 2619 /* 2620 * Must be after add_call_destinations() such that it can override 2621 * dead_end_function() marks. 2622 */ 2623 ret = add_dead_ends(file); 2624 if (ret) 2625 return ret; 2626 2627 ret = add_jump_table_alts(file); 2628 if (ret) 2629 return ret; 2630 2631 ret = read_unwind_hints(file); 2632 if (ret) 2633 return ret; 2634 2635 ret = read_retpoline_hints(file); 2636 if (ret) 2637 return ret; 2638 2639 ret = read_instr_hints(file); 2640 if (ret) 2641 return ret; 2642 2643 ret = read_validate_unret_hints(file); 2644 if (ret) 2645 return ret; 2646 2647 return 0; 2648 } 2649 2650 static bool is_fentry_call(struct instruction *insn) 2651 { 2652 if (insn->type == INSN_CALL && 2653 insn_call_dest(insn) && 2654 insn_call_dest(insn)->fentry) 2655 return true; 2656 2657 return false; 2658 } 2659 2660 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2661 { 2662 struct cfi_state *cfi = &state->cfi; 2663 int i; 2664 2665 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2666 return true; 2667 2668 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2669 return true; 2670 2671 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2672 return true; 2673 2674 for (i = 0; i < CFI_NUM_REGS; i++) { 2675 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2676 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2677 return true; 2678 } 2679 2680 return false; 2681 } 2682 2683 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2684 int expected_offset) 2685 { 2686 return reg->base == CFI_CFA && 2687 reg->offset == expected_offset; 2688 } 2689 2690 static bool has_valid_stack_frame(struct insn_state *state) 2691 { 2692 struct cfi_state *cfi = &state->cfi; 2693 2694 if (cfi->cfa.base == CFI_BP && 2695 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2696 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2697 return true; 2698 2699 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2700 return true; 2701 2702 return false; 2703 } 2704 2705 static int update_cfi_state_regs(struct instruction *insn, 2706 struct cfi_state *cfi, 2707 struct stack_op *op) 2708 { 2709 struct cfi_reg *cfa = &cfi->cfa; 2710 2711 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2712 return 0; 2713 2714 /* push */ 2715 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2716 cfa->offset += 8; 2717 2718 /* pop */ 2719 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2720 cfa->offset -= 8; 2721 2722 /* add immediate to sp */ 2723 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2724 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2725 cfa->offset -= op->src.offset; 2726 2727 return 0; 2728 } 2729 2730 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2731 { 2732 if (arch_callee_saved_reg(reg) && 2733 cfi->regs[reg].base == CFI_UNDEFINED) { 2734 cfi->regs[reg].base = base; 2735 cfi->regs[reg].offset = offset; 2736 } 2737 } 2738 2739 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2740 { 2741 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2742 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2743 } 2744 2745 /* 2746 * A note about DRAP stack alignment: 2747 * 2748 * GCC has the concept of a DRAP register, which is used to help keep track of 2749 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2750 * register. The typical DRAP pattern is: 2751 * 2752 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2753 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2754 * 41 ff 72 f8 pushq -0x8(%r10) 2755 * 55 push %rbp 2756 * 48 89 e5 mov %rsp,%rbp 2757 * (more pushes) 2758 * 41 52 push %r10 2759 * ... 2760 * 41 5a pop %r10 2761 * (more pops) 2762 * 5d pop %rbp 2763 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2764 * c3 retq 2765 * 2766 * There are some variations in the epilogues, like: 2767 * 2768 * 5b pop %rbx 2769 * 41 5a pop %r10 2770 * 41 5c pop %r12 2771 * 41 5d pop %r13 2772 * 41 5e pop %r14 2773 * c9 leaveq 2774 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2775 * c3 retq 2776 * 2777 * and: 2778 * 2779 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2780 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2781 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2782 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2783 * c9 leaveq 2784 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2785 * c3 retq 2786 * 2787 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2788 * restored beforehand: 2789 * 2790 * 41 55 push %r13 2791 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2792 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2793 * ... 2794 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2795 * 41 5d pop %r13 2796 * c3 retq 2797 */ 2798 static int update_cfi_state(struct instruction *insn, 2799 struct instruction *next_insn, 2800 struct cfi_state *cfi, struct stack_op *op) 2801 { 2802 struct cfi_reg *cfa = &cfi->cfa; 2803 struct cfi_reg *regs = cfi->regs; 2804 2805 /* ignore UNWIND_HINT_UNDEFINED regions */ 2806 if (cfi->force_undefined) 2807 return 0; 2808 2809 /* stack operations don't make sense with an undefined CFA */ 2810 if (cfa->base == CFI_UNDEFINED) { 2811 if (insn_func(insn)) { 2812 WARN_INSN(insn, "undefined stack state"); 2813 return -1; 2814 } 2815 return 0; 2816 } 2817 2818 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2819 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2820 return update_cfi_state_regs(insn, cfi, op); 2821 2822 switch (op->dest.type) { 2823 2824 case OP_DEST_REG: 2825 switch (op->src.type) { 2826 2827 case OP_SRC_REG: 2828 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2829 cfa->base == CFI_SP && 2830 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2831 2832 /* mov %rsp, %rbp */ 2833 cfa->base = op->dest.reg; 2834 cfi->bp_scratch = false; 2835 } 2836 2837 else if (op->src.reg == CFI_SP && 2838 op->dest.reg == CFI_BP && cfi->drap) { 2839 2840 /* drap: mov %rsp, %rbp */ 2841 regs[CFI_BP].base = CFI_BP; 2842 regs[CFI_BP].offset = -cfi->stack_size; 2843 cfi->bp_scratch = false; 2844 } 2845 2846 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2847 2848 /* 2849 * mov %rsp, %reg 2850 * 2851 * This is needed for the rare case where GCC 2852 * does: 2853 * 2854 * mov %rsp, %rax 2855 * ... 2856 * mov %rax, %rsp 2857 */ 2858 cfi->vals[op->dest.reg].base = CFI_CFA; 2859 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2860 } 2861 2862 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2863 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2864 2865 /* 2866 * mov %rbp, %rsp 2867 * 2868 * Restore the original stack pointer (Clang). 2869 */ 2870 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2871 } 2872 2873 else if (op->dest.reg == cfa->base) { 2874 2875 /* mov %reg, %rsp */ 2876 if (cfa->base == CFI_SP && 2877 cfi->vals[op->src.reg].base == CFI_CFA) { 2878 2879 /* 2880 * This is needed for the rare case 2881 * where GCC does something dumb like: 2882 * 2883 * lea 0x8(%rsp), %rcx 2884 * ... 2885 * mov %rcx, %rsp 2886 */ 2887 cfa->offset = -cfi->vals[op->src.reg].offset; 2888 cfi->stack_size = cfa->offset; 2889 2890 } else if (cfa->base == CFI_SP && 2891 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2892 cfi->vals[op->src.reg].offset == cfa->offset) { 2893 2894 /* 2895 * Stack swizzle: 2896 * 2897 * 1: mov %rsp, (%[tos]) 2898 * 2: mov %[tos], %rsp 2899 * ... 2900 * 3: pop %rsp 2901 * 2902 * Where: 2903 * 2904 * 1 - places a pointer to the previous 2905 * stack at the Top-of-Stack of the 2906 * new stack. 2907 * 2908 * 2 - switches to the new stack. 2909 * 2910 * 3 - pops the Top-of-Stack to restore 2911 * the original stack. 2912 * 2913 * Note: we set base to SP_INDIRECT 2914 * here and preserve offset. Therefore 2915 * when the unwinder reaches ToS it 2916 * will dereference SP and then add the 2917 * offset to find the next frame, IOW: 2918 * (%rsp) + offset. 2919 */ 2920 cfa->base = CFI_SP_INDIRECT; 2921 2922 } else { 2923 cfa->base = CFI_UNDEFINED; 2924 cfa->offset = 0; 2925 } 2926 } 2927 2928 else if (op->dest.reg == CFI_SP && 2929 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2930 cfi->vals[op->src.reg].offset == cfa->offset) { 2931 2932 /* 2933 * The same stack swizzle case 2) as above. But 2934 * because we can't change cfa->base, case 3) 2935 * will become a regular POP. Pretend we're a 2936 * PUSH so things don't go unbalanced. 2937 */ 2938 cfi->stack_size += 8; 2939 } 2940 2941 2942 break; 2943 2944 case OP_SRC_ADD: 2945 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2946 2947 /* add imm, %rsp */ 2948 cfi->stack_size -= op->src.offset; 2949 if (cfa->base == CFI_SP) 2950 cfa->offset -= op->src.offset; 2951 break; 2952 } 2953 2954 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2955 2956 /* lea disp(%rbp), %rsp */ 2957 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2958 break; 2959 } 2960 2961 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2962 2963 /* drap: lea disp(%rsp), %drap */ 2964 cfi->drap_reg = op->dest.reg; 2965 2966 /* 2967 * lea disp(%rsp), %reg 2968 * 2969 * This is needed for the rare case where GCC 2970 * does something dumb like: 2971 * 2972 * lea 0x8(%rsp), %rcx 2973 * ... 2974 * mov %rcx, %rsp 2975 */ 2976 cfi->vals[op->dest.reg].base = CFI_CFA; 2977 cfi->vals[op->dest.reg].offset = \ 2978 -cfi->stack_size + op->src.offset; 2979 2980 break; 2981 } 2982 2983 if (cfi->drap && op->dest.reg == CFI_SP && 2984 op->src.reg == cfi->drap_reg) { 2985 2986 /* drap: lea disp(%drap), %rsp */ 2987 cfa->base = CFI_SP; 2988 cfa->offset = cfi->stack_size = -op->src.offset; 2989 cfi->drap_reg = CFI_UNDEFINED; 2990 cfi->drap = false; 2991 break; 2992 } 2993 2994 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 2995 WARN_INSN(insn, "unsupported stack register modification"); 2996 return -1; 2997 } 2998 2999 break; 3000 3001 case OP_SRC_AND: 3002 if (op->dest.reg != CFI_SP || 3003 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 3004 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 3005 WARN_INSN(insn, "unsupported stack pointer realignment"); 3006 return -1; 3007 } 3008 3009 if (cfi->drap_reg != CFI_UNDEFINED) { 3010 /* drap: and imm, %rsp */ 3011 cfa->base = cfi->drap_reg; 3012 cfa->offset = cfi->stack_size = 0; 3013 cfi->drap = true; 3014 } 3015 3016 /* 3017 * Older versions of GCC (4.8ish) realign the stack 3018 * without DRAP, with a frame pointer. 3019 */ 3020 3021 break; 3022 3023 case OP_SRC_POP: 3024 case OP_SRC_POPF: 3025 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 3026 3027 /* pop %rsp; # restore from a stack swizzle */ 3028 cfa->base = CFI_SP; 3029 break; 3030 } 3031 3032 if (!cfi->drap && op->dest.reg == cfa->base) { 3033 3034 /* pop %rbp */ 3035 cfa->base = CFI_SP; 3036 } 3037 3038 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 3039 op->dest.reg == cfi->drap_reg && 3040 cfi->drap_offset == -cfi->stack_size) { 3041 3042 /* drap: pop %drap */ 3043 cfa->base = cfi->drap_reg; 3044 cfa->offset = 0; 3045 cfi->drap_offset = -1; 3046 3047 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 3048 3049 /* pop %reg */ 3050 restore_reg(cfi, op->dest.reg); 3051 } 3052 3053 cfi->stack_size -= 8; 3054 if (cfa->base == CFI_SP) 3055 cfa->offset -= 8; 3056 3057 break; 3058 3059 case OP_SRC_REG_INDIRECT: 3060 if (!cfi->drap && op->dest.reg == cfa->base && 3061 op->dest.reg == CFI_BP) { 3062 3063 /* mov disp(%rsp), %rbp */ 3064 cfa->base = CFI_SP; 3065 cfa->offset = cfi->stack_size; 3066 } 3067 3068 if (cfi->drap && op->src.reg == CFI_BP && 3069 op->src.offset == cfi->drap_offset) { 3070 3071 /* drap: mov disp(%rbp), %drap */ 3072 cfa->base = cfi->drap_reg; 3073 cfa->offset = 0; 3074 cfi->drap_offset = -1; 3075 } 3076 3077 if (cfi->drap && op->src.reg == CFI_BP && 3078 op->src.offset == regs[op->dest.reg].offset) { 3079 3080 /* drap: mov disp(%rbp), %reg */ 3081 restore_reg(cfi, op->dest.reg); 3082 3083 } else if (op->src.reg == cfa->base && 3084 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3085 3086 /* mov disp(%rbp), %reg */ 3087 /* mov disp(%rsp), %reg */ 3088 restore_reg(cfi, op->dest.reg); 3089 3090 } else if (op->src.reg == CFI_SP && 3091 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3092 3093 /* mov disp(%rsp), %reg */ 3094 restore_reg(cfi, op->dest.reg); 3095 } 3096 3097 break; 3098 3099 default: 3100 WARN_INSN(insn, "unknown stack-related instruction"); 3101 return -1; 3102 } 3103 3104 break; 3105 3106 case OP_DEST_PUSH: 3107 case OP_DEST_PUSHF: 3108 cfi->stack_size += 8; 3109 if (cfa->base == CFI_SP) 3110 cfa->offset += 8; 3111 3112 if (op->src.type != OP_SRC_REG) 3113 break; 3114 3115 if (cfi->drap) { 3116 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3117 3118 /* drap: push %drap */ 3119 cfa->base = CFI_BP_INDIRECT; 3120 cfa->offset = -cfi->stack_size; 3121 3122 /* save drap so we know when to restore it */ 3123 cfi->drap_offset = -cfi->stack_size; 3124 3125 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3126 3127 /* drap: push %rbp */ 3128 cfi->stack_size = 0; 3129 3130 } else { 3131 3132 /* drap: push %reg */ 3133 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3134 } 3135 3136 } else { 3137 3138 /* push %reg */ 3139 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3140 } 3141 3142 /* detect when asm code uses rbp as a scratch register */ 3143 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3144 cfa->base != CFI_BP) 3145 cfi->bp_scratch = true; 3146 break; 3147 3148 case OP_DEST_REG_INDIRECT: 3149 3150 if (cfi->drap) { 3151 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3152 3153 /* drap: mov %drap, disp(%rbp) */ 3154 cfa->base = CFI_BP_INDIRECT; 3155 cfa->offset = op->dest.offset; 3156 3157 /* save drap offset so we know when to restore it */ 3158 cfi->drap_offset = op->dest.offset; 3159 } else { 3160 3161 /* drap: mov reg, disp(%rbp) */ 3162 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3163 } 3164 3165 } else if (op->dest.reg == cfa->base) { 3166 3167 /* mov reg, disp(%rbp) */ 3168 /* mov reg, disp(%rsp) */ 3169 save_reg(cfi, op->src.reg, CFI_CFA, 3170 op->dest.offset - cfi->cfa.offset); 3171 3172 } else if (op->dest.reg == CFI_SP) { 3173 3174 /* mov reg, disp(%rsp) */ 3175 save_reg(cfi, op->src.reg, CFI_CFA, 3176 op->dest.offset - cfi->stack_size); 3177 3178 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3179 3180 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3181 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3182 cfi->vals[op->dest.reg].offset = cfa->offset; 3183 } 3184 3185 break; 3186 3187 case OP_DEST_MEM: 3188 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3189 WARN_INSN(insn, "unknown stack-related memory operation"); 3190 return -1; 3191 } 3192 3193 /* pop mem */ 3194 cfi->stack_size -= 8; 3195 if (cfa->base == CFI_SP) 3196 cfa->offset -= 8; 3197 3198 break; 3199 3200 default: 3201 WARN_INSN(insn, "unknown stack-related instruction"); 3202 return -1; 3203 } 3204 3205 return 0; 3206 } 3207 3208 /* 3209 * The stack layouts of alternatives instructions can sometimes diverge when 3210 * they have stack modifications. That's fine as long as the potential stack 3211 * layouts don't conflict at any given potential instruction boundary. 3212 * 3213 * Flatten the CFIs of the different alternative code streams (both original 3214 * and replacement) into a single shared CFI array which can be used to detect 3215 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3216 */ 3217 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3218 { 3219 struct cfi_state **alt_cfi; 3220 int group_off; 3221 3222 if (!insn->alt_group) 3223 return 0; 3224 3225 if (!insn->cfi) { 3226 WARN("CFI missing"); 3227 return -1; 3228 } 3229 3230 alt_cfi = insn->alt_group->cfi; 3231 group_off = insn->offset - insn->alt_group->first_insn->offset; 3232 3233 if (!alt_cfi[group_off]) { 3234 alt_cfi[group_off] = insn->cfi; 3235 } else { 3236 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3237 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3238 struct instruction *orig = orig_group->first_insn; 3239 char *where = offstr(insn->sec, insn->offset); 3240 WARN_INSN(orig, "stack layout conflict in alternatives: %s", where); 3241 free(where); 3242 return -1; 3243 } 3244 } 3245 3246 return 0; 3247 } 3248 3249 static int handle_insn_ops(struct instruction *insn, 3250 struct instruction *next_insn, 3251 struct insn_state *state) 3252 { 3253 struct stack_op *op; 3254 3255 for (op = insn->stack_ops; op; op = op->next) { 3256 3257 if (update_cfi_state(insn, next_insn, &state->cfi, op)) 3258 return 1; 3259 3260 if (!insn->alt_group) 3261 continue; 3262 3263 if (op->dest.type == OP_DEST_PUSHF) { 3264 if (!state->uaccess_stack) { 3265 state->uaccess_stack = 1; 3266 } else if (state->uaccess_stack >> 31) { 3267 WARN_INSN(insn, "PUSHF stack exhausted"); 3268 return 1; 3269 } 3270 state->uaccess_stack <<= 1; 3271 state->uaccess_stack |= state->uaccess; 3272 } 3273 3274 if (op->src.type == OP_SRC_POPF) { 3275 if (state->uaccess_stack) { 3276 state->uaccess = state->uaccess_stack & 1; 3277 state->uaccess_stack >>= 1; 3278 if (state->uaccess_stack == 1) 3279 state->uaccess_stack = 0; 3280 } 3281 } 3282 } 3283 3284 return 0; 3285 } 3286 3287 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3288 { 3289 struct cfi_state *cfi1 = insn->cfi; 3290 int i; 3291 3292 if (!cfi1) { 3293 WARN("CFI missing"); 3294 return false; 3295 } 3296 3297 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3298 3299 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3300 cfi1->cfa.base, cfi1->cfa.offset, 3301 cfi2->cfa.base, cfi2->cfa.offset); 3302 3303 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3304 for (i = 0; i < CFI_NUM_REGS; i++) { 3305 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], 3306 sizeof(struct cfi_reg))) 3307 continue; 3308 3309 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3310 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3311 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3312 break; 3313 } 3314 3315 } else if (cfi1->type != cfi2->type) { 3316 3317 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3318 cfi1->type, cfi2->type); 3319 3320 } else if (cfi1->drap != cfi2->drap || 3321 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3322 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3323 3324 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3325 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3326 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3327 3328 } else 3329 return true; 3330 3331 return false; 3332 } 3333 3334 static inline bool func_uaccess_safe(struct symbol *func) 3335 { 3336 if (func) 3337 return func->uaccess_safe; 3338 3339 return false; 3340 } 3341 3342 static inline const char *call_dest_name(struct instruction *insn) 3343 { 3344 static char pvname[19]; 3345 struct reloc *rel; 3346 int idx; 3347 3348 if (insn_call_dest(insn)) 3349 return insn_call_dest(insn)->name; 3350 3351 rel = insn_reloc(NULL, insn); 3352 if (rel && !strcmp(rel->sym->name, "pv_ops")) { 3353 idx = (rel->addend / sizeof(void *)); 3354 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3355 return pvname; 3356 } 3357 3358 return "{dynamic}"; 3359 } 3360 3361 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3362 { 3363 struct symbol *target; 3364 struct reloc *rel; 3365 int idx; 3366 3367 rel = insn_reloc(file, insn); 3368 if (!rel || strcmp(rel->sym->name, "pv_ops")) 3369 return false; 3370 3371 idx = (arch_dest_reloc_offset(rel->addend) / sizeof(void *)); 3372 3373 if (file->pv_ops[idx].clean) 3374 return true; 3375 3376 file->pv_ops[idx].clean = true; 3377 3378 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3379 if (!target->sec->noinstr) { 3380 WARN("pv_ops[%d]: %s", idx, target->name); 3381 file->pv_ops[idx].clean = false; 3382 } 3383 } 3384 3385 return file->pv_ops[idx].clean; 3386 } 3387 3388 static inline bool noinstr_call_dest(struct objtool_file *file, 3389 struct instruction *insn, 3390 struct symbol *func) 3391 { 3392 /* 3393 * We can't deal with indirect function calls at present; 3394 * assume they're instrumented. 3395 */ 3396 if (!func) { 3397 if (file->pv_ops) 3398 return pv_call_dest(file, insn); 3399 3400 return false; 3401 } 3402 3403 /* 3404 * If the symbol is from a noinstr section; we good. 3405 */ 3406 if (func->sec->noinstr) 3407 return true; 3408 3409 /* 3410 * If the symbol is a static_call trampoline, we can't tell. 3411 */ 3412 if (func->static_call_tramp) 3413 return true; 3414 3415 /* 3416 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3417 * something 'BAD' happened. At the risk of taking the machine down, 3418 * let them proceed to get the message out. 3419 */ 3420 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3421 return true; 3422 3423 return false; 3424 } 3425 3426 static int validate_call(struct objtool_file *file, 3427 struct instruction *insn, 3428 struct insn_state *state) 3429 { 3430 if (state->noinstr && state->instr <= 0 && 3431 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3432 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3433 return 1; 3434 } 3435 3436 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3437 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3438 return 1; 3439 } 3440 3441 if (state->df) { 3442 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3443 return 1; 3444 } 3445 3446 return 0; 3447 } 3448 3449 static int validate_sibling_call(struct objtool_file *file, 3450 struct instruction *insn, 3451 struct insn_state *state) 3452 { 3453 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3454 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3455 return 1; 3456 } 3457 3458 return validate_call(file, insn, state); 3459 } 3460 3461 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3462 { 3463 if (state->noinstr && state->instr > 0) { 3464 WARN_INSN(insn, "return with instrumentation enabled"); 3465 return 1; 3466 } 3467 3468 if (state->uaccess && !func_uaccess_safe(func)) { 3469 WARN_INSN(insn, "return with UACCESS enabled"); 3470 return 1; 3471 } 3472 3473 if (!state->uaccess && func_uaccess_safe(func)) { 3474 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3475 return 1; 3476 } 3477 3478 if (state->df) { 3479 WARN_INSN(insn, "return with DF set"); 3480 return 1; 3481 } 3482 3483 if (func && has_modified_stack_frame(insn, state)) { 3484 WARN_INSN(insn, "return with modified stack frame"); 3485 return 1; 3486 } 3487 3488 if (state->cfi.bp_scratch) { 3489 WARN_INSN(insn, "BP used as a scratch register"); 3490 return 1; 3491 } 3492 3493 return 0; 3494 } 3495 3496 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3497 struct instruction *insn) 3498 { 3499 struct alt_group *alt_group = insn->alt_group; 3500 3501 /* 3502 * Simulate the fact that alternatives are patched in-place. When the 3503 * end of a replacement alt_group is reached, redirect objtool flow to 3504 * the end of the original alt_group. 3505 * 3506 * insn->alts->insn -> alt_group->first_insn 3507 * ... 3508 * alt_group->last_insn 3509 * [alt_group->nop] -> next(orig_group->last_insn) 3510 */ 3511 if (alt_group) { 3512 if (alt_group->nop) { 3513 /* ->nop implies ->orig_group */ 3514 if (insn == alt_group->last_insn) 3515 return alt_group->nop; 3516 if (insn == alt_group->nop) 3517 goto next_orig; 3518 } 3519 if (insn == alt_group->last_insn && alt_group->orig_group) 3520 goto next_orig; 3521 } 3522 3523 return next_insn_same_sec(file, insn); 3524 3525 next_orig: 3526 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3527 } 3528 3529 /* 3530 * Follow the branch starting at the given instruction, and recursively follow 3531 * any other branches (jumps). Meanwhile, track the frame pointer state at 3532 * each instruction and validate all the rules described in 3533 * tools/objtool/Documentation/objtool.txt. 3534 */ 3535 static int validate_branch(struct objtool_file *file, struct symbol *func, 3536 struct instruction *insn, struct insn_state state) 3537 { 3538 struct alternative *alt; 3539 struct instruction *next_insn, *prev_insn = NULL; 3540 struct section *sec; 3541 u8 visited; 3542 int ret; 3543 3544 sec = insn->sec; 3545 3546 while (1) { 3547 next_insn = next_insn_to_validate(file, insn); 3548 3549 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3550 /* Ignore KCFI type preambles, which always fall through */ 3551 if (!strncmp(func->name, "__cfi_", 6) || 3552 !strncmp(func->name, "__pfx_", 6)) 3553 return 0; 3554 3555 WARN("%s() falls through to next function %s()", 3556 func->name, insn_func(insn)->name); 3557 return 1; 3558 } 3559 3560 if (func && insn->ignore) { 3561 WARN_INSN(insn, "BUG: why am I validating an ignored function?"); 3562 return 1; 3563 } 3564 3565 visited = VISITED_BRANCH << state.uaccess; 3566 if (insn->visited & VISITED_BRANCH_MASK) { 3567 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3568 return 1; 3569 3570 if (insn->visited & visited) 3571 return 0; 3572 } else { 3573 nr_insns_visited++; 3574 } 3575 3576 if (state.noinstr) 3577 state.instr += insn->instr; 3578 3579 if (insn->hint) { 3580 if (insn->restore) { 3581 struct instruction *save_insn, *i; 3582 3583 i = insn; 3584 save_insn = NULL; 3585 3586 sym_for_each_insn_continue_reverse(file, func, i) { 3587 if (i->save) { 3588 save_insn = i; 3589 break; 3590 } 3591 } 3592 3593 if (!save_insn) { 3594 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3595 return 1; 3596 } 3597 3598 if (!save_insn->visited) { 3599 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3600 return 1; 3601 } 3602 3603 insn->cfi = save_insn->cfi; 3604 nr_cfi_reused++; 3605 } 3606 3607 state.cfi = *insn->cfi; 3608 } else { 3609 /* XXX track if we actually changed state.cfi */ 3610 3611 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3612 insn->cfi = prev_insn->cfi; 3613 nr_cfi_reused++; 3614 } else { 3615 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3616 } 3617 } 3618 3619 insn->visited |= visited; 3620 3621 if (propagate_alt_cfi(file, insn)) 3622 return 1; 3623 3624 if (!insn->ignore_alts && insn->alts) { 3625 bool skip_orig = false; 3626 3627 for (alt = insn->alts; alt; alt = alt->next) { 3628 if (alt->skip_orig) 3629 skip_orig = true; 3630 3631 ret = validate_branch(file, func, alt->insn, state); 3632 if (ret) { 3633 BT_INSN(insn, "(alt)"); 3634 return ret; 3635 } 3636 } 3637 3638 if (skip_orig) 3639 return 0; 3640 } 3641 3642 if (handle_insn_ops(insn, next_insn, &state)) 3643 return 1; 3644 3645 switch (insn->type) { 3646 3647 case INSN_RETURN: 3648 return validate_return(func, insn, &state); 3649 3650 case INSN_CALL: 3651 case INSN_CALL_DYNAMIC: 3652 ret = validate_call(file, insn, &state); 3653 if (ret) 3654 return ret; 3655 3656 if (opts.stackval && func && !is_fentry_call(insn) && 3657 !has_valid_stack_frame(&state)) { 3658 WARN_INSN(insn, "call without frame pointer save/setup"); 3659 return 1; 3660 } 3661 3662 if (insn->dead_end) 3663 return 0; 3664 3665 break; 3666 3667 case INSN_JUMP_CONDITIONAL: 3668 case INSN_JUMP_UNCONDITIONAL: 3669 if (is_sibling_call(insn)) { 3670 ret = validate_sibling_call(file, insn, &state); 3671 if (ret) 3672 return ret; 3673 3674 } else if (insn->jump_dest) { 3675 ret = validate_branch(file, func, 3676 insn->jump_dest, state); 3677 if (ret) { 3678 BT_INSN(insn, "(branch)"); 3679 return ret; 3680 } 3681 } 3682 3683 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3684 return 0; 3685 3686 break; 3687 3688 case INSN_JUMP_DYNAMIC: 3689 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3690 if (is_sibling_call(insn)) { 3691 ret = validate_sibling_call(file, insn, &state); 3692 if (ret) 3693 return ret; 3694 } 3695 3696 if (insn->type == INSN_JUMP_DYNAMIC) 3697 return 0; 3698 3699 break; 3700 3701 case INSN_CONTEXT_SWITCH: 3702 if (func && (!next_insn || !next_insn->hint)) { 3703 WARN_INSN(insn, "unsupported instruction in callable function"); 3704 return 1; 3705 } 3706 return 0; 3707 3708 case INSN_STAC: 3709 if (state.uaccess) { 3710 WARN_INSN(insn, "recursive UACCESS enable"); 3711 return 1; 3712 } 3713 3714 state.uaccess = true; 3715 break; 3716 3717 case INSN_CLAC: 3718 if (!state.uaccess && func) { 3719 WARN_INSN(insn, "redundant UACCESS disable"); 3720 return 1; 3721 } 3722 3723 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3724 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3725 return 1; 3726 } 3727 3728 state.uaccess = false; 3729 break; 3730 3731 case INSN_STD: 3732 if (state.df) { 3733 WARN_INSN(insn, "recursive STD"); 3734 return 1; 3735 } 3736 3737 state.df = true; 3738 break; 3739 3740 case INSN_CLD: 3741 if (!state.df && func) { 3742 WARN_INSN(insn, "redundant CLD"); 3743 return 1; 3744 } 3745 3746 state.df = false; 3747 break; 3748 3749 default: 3750 break; 3751 } 3752 3753 if (insn->dead_end) 3754 return 0; 3755 3756 if (!next_insn) { 3757 if (state.cfi.cfa.base == CFI_UNDEFINED) 3758 return 0; 3759 WARN("%s: unexpected end of section", sec->name); 3760 return 1; 3761 } 3762 3763 prev_insn = insn; 3764 insn = next_insn; 3765 } 3766 3767 return 0; 3768 } 3769 3770 static int validate_unwind_hint(struct objtool_file *file, 3771 struct instruction *insn, 3772 struct insn_state *state) 3773 { 3774 if (insn->hint && !insn->visited && !insn->ignore) { 3775 int ret = validate_branch(file, insn_func(insn), insn, *state); 3776 if (ret) 3777 BT_INSN(insn, "<=== (hint)"); 3778 return ret; 3779 } 3780 3781 return 0; 3782 } 3783 3784 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3785 { 3786 struct instruction *insn; 3787 struct insn_state state; 3788 int warnings = 0; 3789 3790 if (!file->hints) 3791 return 0; 3792 3793 init_insn_state(file, &state, sec); 3794 3795 if (sec) { 3796 sec_for_each_insn(file, sec, insn) 3797 warnings += validate_unwind_hint(file, insn, &state); 3798 } else { 3799 for_each_insn(file, insn) 3800 warnings += validate_unwind_hint(file, insn, &state); 3801 } 3802 3803 return warnings; 3804 } 3805 3806 /* 3807 * Validate rethunk entry constraint: must untrain RET before the first RET. 3808 * 3809 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 3810 * before an actual RET instruction. 3811 */ 3812 static int validate_unret(struct objtool_file *file, struct instruction *insn) 3813 { 3814 struct instruction *next, *dest; 3815 int ret; 3816 3817 for (;;) { 3818 next = next_insn_to_validate(file, insn); 3819 3820 if (insn->visited & VISITED_UNRET) 3821 return 0; 3822 3823 insn->visited |= VISITED_UNRET; 3824 3825 if (!insn->ignore_alts && insn->alts) { 3826 struct alternative *alt; 3827 bool skip_orig = false; 3828 3829 for (alt = insn->alts; alt; alt = alt->next) { 3830 if (alt->skip_orig) 3831 skip_orig = true; 3832 3833 ret = validate_unret(file, alt->insn); 3834 if (ret) { 3835 BT_INSN(insn, "(alt)"); 3836 return ret; 3837 } 3838 } 3839 3840 if (skip_orig) 3841 return 0; 3842 } 3843 3844 switch (insn->type) { 3845 3846 case INSN_CALL_DYNAMIC: 3847 case INSN_JUMP_DYNAMIC: 3848 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3849 WARN_INSN(insn, "early indirect call"); 3850 return 1; 3851 3852 case INSN_JUMP_UNCONDITIONAL: 3853 case INSN_JUMP_CONDITIONAL: 3854 if (!is_sibling_call(insn)) { 3855 if (!insn->jump_dest) { 3856 WARN_INSN(insn, "unresolved jump target after linking?!?"); 3857 return -1; 3858 } 3859 ret = validate_unret(file, insn->jump_dest); 3860 if (ret) { 3861 BT_INSN(insn, "(branch%s)", 3862 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3863 return ret; 3864 } 3865 3866 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3867 return 0; 3868 3869 break; 3870 } 3871 3872 /* fallthrough */ 3873 case INSN_CALL: 3874 dest = find_insn(file, insn_call_dest(insn)->sec, 3875 insn_call_dest(insn)->offset); 3876 if (!dest) { 3877 WARN("Unresolved function after linking!?: %s", 3878 insn_call_dest(insn)->name); 3879 return -1; 3880 } 3881 3882 ret = validate_unret(file, dest); 3883 if (ret) { 3884 BT_INSN(insn, "(call)"); 3885 return ret; 3886 } 3887 /* 3888 * If a call returns without error, it must have seen UNTRAIN_RET. 3889 * Therefore any non-error return is a success. 3890 */ 3891 return 0; 3892 3893 case INSN_RETURN: 3894 WARN_INSN(insn, "RET before UNTRAIN"); 3895 return 1; 3896 3897 case INSN_NOP: 3898 if (insn->retpoline_safe) 3899 return 0; 3900 break; 3901 3902 default: 3903 break; 3904 } 3905 3906 if (!next) { 3907 WARN_INSN(insn, "teh end!"); 3908 return -1; 3909 } 3910 insn = next; 3911 } 3912 3913 return 0; 3914 } 3915 3916 /* 3917 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 3918 * VALIDATE_UNRET_END before RET. 3919 */ 3920 static int validate_unrets(struct objtool_file *file) 3921 { 3922 struct instruction *insn; 3923 int ret, warnings = 0; 3924 3925 for_each_insn(file, insn) { 3926 if (!insn->unret) 3927 continue; 3928 3929 ret = validate_unret(file, insn); 3930 if (ret < 0) { 3931 WARN_INSN(insn, "Failed UNRET validation"); 3932 return ret; 3933 } 3934 warnings += ret; 3935 } 3936 3937 return warnings; 3938 } 3939 3940 static int validate_retpoline(struct objtool_file *file) 3941 { 3942 struct instruction *insn; 3943 int warnings = 0; 3944 3945 for_each_insn(file, insn) { 3946 if (insn->type != INSN_JUMP_DYNAMIC && 3947 insn->type != INSN_CALL_DYNAMIC && 3948 insn->type != INSN_RETURN) 3949 continue; 3950 3951 if (insn->retpoline_safe) 3952 continue; 3953 3954 if (insn->sec->init) 3955 continue; 3956 3957 if (insn->type == INSN_RETURN) { 3958 if (opts.rethunk) { 3959 WARN_INSN(insn, "'naked' return found in RETHUNK build"); 3960 } else 3961 continue; 3962 } else { 3963 WARN_INSN(insn, "indirect %s found in RETPOLINE build", 3964 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3965 } 3966 3967 warnings++; 3968 } 3969 3970 return warnings; 3971 } 3972 3973 static bool is_kasan_insn(struct instruction *insn) 3974 { 3975 return (insn->type == INSN_CALL && 3976 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 3977 } 3978 3979 static bool is_ubsan_insn(struct instruction *insn) 3980 { 3981 return (insn->type == INSN_CALL && 3982 !strcmp(insn_call_dest(insn)->name, 3983 "__ubsan_handle_builtin_unreachable")); 3984 } 3985 3986 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 3987 { 3988 int i; 3989 struct instruction *prev_insn; 3990 3991 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) 3992 return true; 3993 3994 /* 3995 * Ignore alternative replacement instructions. This can happen 3996 * when a whitelisted function uses one of the ALTERNATIVE macros. 3997 */ 3998 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 3999 !strcmp(insn->sec->name, ".altinstr_aux")) 4000 return true; 4001 4002 /* 4003 * Whole archive runs might encounter dead code from weak symbols. 4004 * This is where the linker will have dropped the weak symbol in 4005 * favour of a regular symbol, but leaves the code in place. 4006 * 4007 * In this case we'll find a piece of code (whole function) that is not 4008 * covered by a !section symbol. Ignore them. 4009 */ 4010 if (opts.link && !insn_func(insn)) { 4011 int size = find_symbol_hole_containing(insn->sec, insn->offset); 4012 unsigned long end = insn->offset + size; 4013 4014 if (!size) /* not a hole */ 4015 return false; 4016 4017 if (size < 0) /* hole until the end */ 4018 return true; 4019 4020 sec_for_each_insn_continue(file, insn) { 4021 /* 4022 * If we reach a visited instruction at or before the 4023 * end of the hole, ignore the unreachable. 4024 */ 4025 if (insn->visited) 4026 return true; 4027 4028 if (insn->offset >= end) 4029 break; 4030 4031 /* 4032 * If this hole jumps to a .cold function, mark it ignore too. 4033 */ 4034 if (insn->jump_dest && insn_func(insn->jump_dest) && 4035 strstr(insn_func(insn->jump_dest)->name, ".cold")) { 4036 struct instruction *dest = insn->jump_dest; 4037 func_for_each_insn(file, insn_func(dest), dest) 4038 dest->ignore = true; 4039 } 4040 } 4041 4042 return false; 4043 } 4044 4045 if (!insn_func(insn)) 4046 return false; 4047 4048 if (insn_func(insn)->static_call_tramp) 4049 return true; 4050 4051 /* 4052 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4053 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4054 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4055 * (or occasionally a JMP to UD2). 4056 * 4057 * It may also insert a UD2 after calling a __noreturn function. 4058 */ 4059 prev_insn = prev_insn_same_sec(file, insn); 4060 if (prev_insn->dead_end && 4061 (insn->type == INSN_BUG || 4062 (insn->type == INSN_JUMP_UNCONDITIONAL && 4063 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4064 return true; 4065 4066 /* 4067 * Check if this (or a subsequent) instruction is related to 4068 * CONFIG_UBSAN or CONFIG_KASAN. 4069 * 4070 * End the search at 5 instructions to avoid going into the weeds. 4071 */ 4072 for (i = 0; i < 5; i++) { 4073 4074 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4075 return true; 4076 4077 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4078 if (insn->jump_dest && 4079 insn_func(insn->jump_dest) == insn_func(insn)) { 4080 insn = insn->jump_dest; 4081 continue; 4082 } 4083 4084 break; 4085 } 4086 4087 if (insn->offset + insn->len >= insn_func(insn)->offset + insn_func(insn)->len) 4088 break; 4089 4090 insn = next_insn_same_sec(file, insn); 4091 } 4092 4093 return false; 4094 } 4095 4096 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func) 4097 { 4098 struct instruction *insn, *prev; 4099 struct cfi_state *cfi; 4100 4101 insn = find_insn(file, func->sec, func->offset); 4102 if (!insn) 4103 return -1; 4104 4105 for (prev = prev_insn_same_sec(file, insn); 4106 prev; 4107 prev = prev_insn_same_sec(file, prev)) { 4108 u64 offset; 4109 4110 if (prev->type != INSN_NOP) 4111 return -1; 4112 4113 offset = func->offset - prev->offset; 4114 4115 if (offset > opts.prefix) 4116 return -1; 4117 4118 if (offset < opts.prefix) 4119 continue; 4120 4121 elf_create_prefix_symbol(file->elf, func, opts.prefix); 4122 break; 4123 } 4124 4125 if (!prev) 4126 return -1; 4127 4128 if (!insn->cfi) { 4129 /* 4130 * This can happen if stack validation isn't enabled or the 4131 * function is annotated with STACK_FRAME_NON_STANDARD. 4132 */ 4133 return 0; 4134 } 4135 4136 /* Propagate insn->cfi to the prefix code */ 4137 cfi = cfi_hash_find_or_add(insn->cfi); 4138 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4139 prev->cfi = cfi; 4140 4141 return 0; 4142 } 4143 4144 static int add_prefix_symbols(struct objtool_file *file) 4145 { 4146 struct section *sec; 4147 struct symbol *func; 4148 4149 for_each_sec(file, sec) { 4150 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4151 continue; 4152 4153 sec_for_each_sym(sec, func) { 4154 if (func->type != STT_FUNC) 4155 continue; 4156 4157 add_prefix_symbol(file, func); 4158 } 4159 } 4160 4161 return 0; 4162 } 4163 4164 static int validate_symbol(struct objtool_file *file, struct section *sec, 4165 struct symbol *sym, struct insn_state *state) 4166 { 4167 struct instruction *insn; 4168 int ret; 4169 4170 if (!sym->len) { 4171 WARN("%s() is missing an ELF size annotation", sym->name); 4172 return 1; 4173 } 4174 4175 if (sym->pfunc != sym || sym->alias != sym) 4176 return 0; 4177 4178 insn = find_insn(file, sec, sym->offset); 4179 if (!insn || insn->ignore || insn->visited) 4180 return 0; 4181 4182 state->uaccess = sym->uaccess_safe; 4183 4184 ret = validate_branch(file, insn_func(insn), insn, *state); 4185 if (ret) 4186 BT_INSN(insn, "<=== (sym)"); 4187 return ret; 4188 } 4189 4190 static int validate_section(struct objtool_file *file, struct section *sec) 4191 { 4192 struct insn_state state; 4193 struct symbol *func; 4194 int warnings = 0; 4195 4196 sec_for_each_sym(sec, func) { 4197 if (func->type != STT_FUNC) 4198 continue; 4199 4200 init_insn_state(file, &state, sec); 4201 set_func_state(&state.cfi); 4202 4203 warnings += validate_symbol(file, sec, func, &state); 4204 } 4205 4206 return warnings; 4207 } 4208 4209 static int validate_noinstr_sections(struct objtool_file *file) 4210 { 4211 struct section *sec; 4212 int warnings = 0; 4213 4214 sec = find_section_by_name(file->elf, ".noinstr.text"); 4215 if (sec) { 4216 warnings += validate_section(file, sec); 4217 warnings += validate_unwind_hints(file, sec); 4218 } 4219 4220 sec = find_section_by_name(file->elf, ".entry.text"); 4221 if (sec) { 4222 warnings += validate_section(file, sec); 4223 warnings += validate_unwind_hints(file, sec); 4224 } 4225 4226 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4227 if (sec) { 4228 warnings += validate_section(file, sec); 4229 warnings += validate_unwind_hints(file, sec); 4230 } 4231 4232 return warnings; 4233 } 4234 4235 static int validate_functions(struct objtool_file *file) 4236 { 4237 struct section *sec; 4238 int warnings = 0; 4239 4240 for_each_sec(file, sec) { 4241 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4242 continue; 4243 4244 warnings += validate_section(file, sec); 4245 } 4246 4247 return warnings; 4248 } 4249 4250 static void mark_endbr_used(struct instruction *insn) 4251 { 4252 if (!list_empty(&insn->call_node)) 4253 list_del_init(&insn->call_node); 4254 } 4255 4256 static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4257 { 4258 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4259 struct instruction *first; 4260 4261 if (!sym) 4262 return false; 4263 4264 first = find_insn(file, sym->sec, sym->offset); 4265 if (!first) 4266 return false; 4267 4268 if (first->type != INSN_ENDBR && !first->noendbr) 4269 return false; 4270 4271 return insn->offset == sym->offset + sym->len; 4272 } 4273 4274 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4275 { 4276 struct instruction *dest; 4277 struct reloc *reloc; 4278 unsigned long off; 4279 int warnings = 0; 4280 4281 /* 4282 * Looking for function pointer load relocations. Ignore 4283 * direct/indirect branches: 4284 */ 4285 switch (insn->type) { 4286 case INSN_CALL: 4287 case INSN_CALL_DYNAMIC: 4288 case INSN_JUMP_CONDITIONAL: 4289 case INSN_JUMP_UNCONDITIONAL: 4290 case INSN_JUMP_DYNAMIC: 4291 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4292 case INSN_RETURN: 4293 case INSN_NOP: 4294 return 0; 4295 default: 4296 break; 4297 } 4298 4299 for (reloc = insn_reloc(file, insn); 4300 reloc; 4301 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4302 reloc->offset + 1, 4303 (insn->offset + insn->len) - (reloc->offset + 1))) { 4304 4305 /* 4306 * static_call_update() references the trampoline, which 4307 * doesn't have (or need) ENDBR. Skip warning in that case. 4308 */ 4309 if (reloc->sym->static_call_tramp) 4310 continue; 4311 4312 off = reloc->sym->offset; 4313 if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32) 4314 off += arch_dest_reloc_offset(reloc->addend); 4315 else 4316 off += reloc->addend; 4317 4318 dest = find_insn(file, reloc->sym->sec, off); 4319 if (!dest) 4320 continue; 4321 4322 if (dest->type == INSN_ENDBR) { 4323 mark_endbr_used(dest); 4324 continue; 4325 } 4326 4327 if (insn_func(dest) && insn_func(dest) == insn_func(insn)) { 4328 /* 4329 * Anything from->to self is either _THIS_IP_ or 4330 * IRET-to-self. 4331 * 4332 * There is no sane way to annotate _THIS_IP_ since the 4333 * compiler treats the relocation as a constant and is 4334 * happy to fold in offsets, skewing any annotation we 4335 * do, leading to vast amounts of false-positives. 4336 * 4337 * There's also compiler generated _THIS_IP_ through 4338 * KCOV and such which we have no hope of annotating. 4339 * 4340 * As such, blanket accept self-references without 4341 * issue. 4342 */ 4343 continue; 4344 } 4345 4346 /* 4347 * Accept anything ANNOTATE_NOENDBR. 4348 */ 4349 if (dest->noendbr) 4350 continue; 4351 4352 /* 4353 * Accept if this is the instruction after a symbol 4354 * that is (no)endbr -- typical code-range usage. 4355 */ 4356 if (noendbr_range(file, dest)) 4357 continue; 4358 4359 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4360 4361 warnings++; 4362 } 4363 4364 return warnings; 4365 } 4366 4367 static int validate_ibt_data_reloc(struct objtool_file *file, 4368 struct reloc *reloc) 4369 { 4370 struct instruction *dest; 4371 4372 dest = find_insn(file, reloc->sym->sec, 4373 reloc->sym->offset + reloc->addend); 4374 if (!dest) 4375 return 0; 4376 4377 if (dest->type == INSN_ENDBR) { 4378 mark_endbr_used(dest); 4379 return 0; 4380 } 4381 4382 if (dest->noendbr) 4383 return 0; 4384 4385 WARN_FUNC("data relocation to !ENDBR: %s", 4386 reloc->sec->base, reloc->offset, 4387 offstr(dest->sec, dest->offset)); 4388 4389 return 1; 4390 } 4391 4392 /* 4393 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4394 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4395 * NOPs) later, in create_ibt_endbr_seal_sections(). 4396 */ 4397 static int validate_ibt(struct objtool_file *file) 4398 { 4399 struct section *sec; 4400 struct reloc *reloc; 4401 struct instruction *insn; 4402 int warnings = 0; 4403 4404 for_each_insn(file, insn) 4405 warnings += validate_ibt_insn(file, insn); 4406 4407 for_each_sec(file, sec) { 4408 4409 /* Already done by validate_ibt_insn() */ 4410 if (sec->sh.sh_flags & SHF_EXECINSTR) 4411 continue; 4412 4413 if (!sec->reloc) 4414 continue; 4415 4416 /* 4417 * These sections can reference text addresses, but not with 4418 * the intent to indirect branch to them. 4419 */ 4420 if ((!strncmp(sec->name, ".discard", 8) && 4421 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4422 !strncmp(sec->name, ".debug", 6) || 4423 !strcmp(sec->name, ".altinstructions") || 4424 !strcmp(sec->name, ".ibt_endbr_seal") || 4425 !strcmp(sec->name, ".orc_unwind_ip") || 4426 !strcmp(sec->name, ".parainstructions") || 4427 !strcmp(sec->name, ".retpoline_sites") || 4428 !strcmp(sec->name, ".smp_locks") || 4429 !strcmp(sec->name, ".static_call_sites") || 4430 !strcmp(sec->name, "_error_injection_whitelist") || 4431 !strcmp(sec->name, "_kprobe_blacklist") || 4432 !strcmp(sec->name, "__bug_table") || 4433 !strcmp(sec->name, "__ex_table") || 4434 !strcmp(sec->name, "__jump_table") || 4435 !strcmp(sec->name, "__mcount_loc") || 4436 !strcmp(sec->name, ".kcfi_traps") || 4437 strstr(sec->name, "__patchable_function_entries")) 4438 continue; 4439 4440 list_for_each_entry(reloc, &sec->reloc->reloc_list, list) 4441 warnings += validate_ibt_data_reloc(file, reloc); 4442 } 4443 4444 return warnings; 4445 } 4446 4447 static int validate_sls(struct objtool_file *file) 4448 { 4449 struct instruction *insn, *next_insn; 4450 int warnings = 0; 4451 4452 for_each_insn(file, insn) { 4453 next_insn = next_insn_same_sec(file, insn); 4454 4455 if (insn->retpoline_safe) 4456 continue; 4457 4458 switch (insn->type) { 4459 case INSN_RETURN: 4460 if (!next_insn || next_insn->type != INSN_TRAP) { 4461 WARN_INSN(insn, "missing int3 after ret"); 4462 warnings++; 4463 } 4464 4465 break; 4466 case INSN_JUMP_DYNAMIC: 4467 if (!next_insn || next_insn->type != INSN_TRAP) { 4468 WARN_INSN(insn, "missing int3 after indirect jump"); 4469 warnings++; 4470 } 4471 break; 4472 default: 4473 break; 4474 } 4475 } 4476 4477 return warnings; 4478 } 4479 4480 static bool ignore_noreturn_call(struct instruction *insn) 4481 { 4482 struct symbol *call_dest = insn_call_dest(insn); 4483 4484 /* 4485 * FIXME: hack, we need a real noreturn solution 4486 * 4487 * Problem is, exc_double_fault() may or may not return, depending on 4488 * whether CONFIG_X86_ESPFIX64 is set. But objtool has no visibility 4489 * to the kernel config. 4490 * 4491 * Other potential ways to fix it: 4492 * 4493 * - have compiler communicate __noreturn functions somehow 4494 * - remove CONFIG_X86_ESPFIX64 4495 * - read the .config file 4496 * - add a cmdline option 4497 * - create a generic objtool annotation format (vs a bunch of custom 4498 * formats) and annotate it 4499 */ 4500 if (!strcmp(call_dest->name, "exc_double_fault")) { 4501 /* prevent further unreachable warnings for the caller */ 4502 insn->sym->warned = 1; 4503 return true; 4504 } 4505 4506 return false; 4507 } 4508 4509 static int validate_reachable_instructions(struct objtool_file *file) 4510 { 4511 struct instruction *insn, *prev_insn; 4512 struct symbol *call_dest; 4513 int warnings = 0; 4514 4515 if (file->ignore_unreachables) 4516 return 0; 4517 4518 for_each_insn(file, insn) { 4519 if (insn->visited || ignore_unreachable_insn(file, insn)) 4520 continue; 4521 4522 prev_insn = prev_insn_same_sec(file, insn); 4523 if (prev_insn && prev_insn->dead_end) { 4524 call_dest = insn_call_dest(prev_insn); 4525 if (call_dest && !ignore_noreturn_call(prev_insn)) { 4526 WARN_INSN(insn, "%s() is missing a __noreturn annotation", 4527 call_dest->name); 4528 warnings++; 4529 continue; 4530 } 4531 } 4532 4533 WARN_INSN(insn, "unreachable instruction"); 4534 warnings++; 4535 } 4536 4537 return warnings; 4538 } 4539 4540 /* 'funcs' is a space-separated list of function names */ 4541 static int disas_funcs(const char *funcs) 4542 { 4543 const char *objdump_str, *cross_compile; 4544 int size, ret; 4545 char *cmd; 4546 4547 cross_compile = getenv("CROSS_COMPILE"); 4548 4549 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '" 4550 "BEGIN { split(_funcs, funcs); }" 4551 "/^$/ { func_match = 0; }" 4552 "/<.*>:/ { " 4553 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);" 4554 "for (i in funcs) {" 4555 "if (funcs[i] == f) {" 4556 "func_match = 1;" 4557 "base = strtonum(\"0x\" $1);" 4558 "break;" 4559 "}" 4560 "}" 4561 "}" 4562 "{" 4563 "if (func_match) {" 4564 "addr = strtonum(\"0x\" $1);" 4565 "printf(\"%%04x \", addr - base);" 4566 "print;" 4567 "}" 4568 "}' 1>&2"; 4569 4570 /* fake snprintf() to calculate the size */ 4571 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1; 4572 if (size <= 0) { 4573 WARN("objdump string size calculation failed"); 4574 return -1; 4575 } 4576 4577 cmd = malloc(size); 4578 4579 /* real snprintf() */ 4580 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs); 4581 ret = system(cmd); 4582 if (ret) { 4583 WARN("disassembly failed: %d", ret); 4584 return -1; 4585 } 4586 4587 return 0; 4588 } 4589 4590 static int disas_warned_funcs(struct objtool_file *file) 4591 { 4592 struct symbol *sym; 4593 char *funcs = NULL, *tmp; 4594 4595 for_each_sym(file, sym) { 4596 if (sym->warned) { 4597 if (!funcs) { 4598 funcs = malloc(strlen(sym->name) + 1); 4599 strcpy(funcs, sym->name); 4600 } else { 4601 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2); 4602 sprintf(tmp, "%s %s", funcs, sym->name); 4603 free(funcs); 4604 funcs = tmp; 4605 } 4606 } 4607 } 4608 4609 if (funcs) 4610 disas_funcs(funcs); 4611 4612 return 0; 4613 } 4614 4615 int check(struct objtool_file *file) 4616 { 4617 int ret, warnings = 0; 4618 4619 arch_initial_func_cfi_state(&initial_func_cfi); 4620 init_cfi_state(&init_cfi); 4621 init_cfi_state(&func_cfi); 4622 set_func_state(&func_cfi); 4623 init_cfi_state(&force_undefined_cfi); 4624 force_undefined_cfi.force_undefined = true; 4625 4626 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) 4627 goto out; 4628 4629 cfi_hash_add(&init_cfi); 4630 cfi_hash_add(&func_cfi); 4631 4632 ret = decode_sections(file); 4633 if (ret < 0) 4634 goto out; 4635 4636 warnings += ret; 4637 4638 if (!nr_insns) 4639 goto out; 4640 4641 if (opts.retpoline) { 4642 ret = validate_retpoline(file); 4643 if (ret < 0) 4644 return ret; 4645 warnings += ret; 4646 } 4647 4648 if (opts.stackval || opts.orc || opts.uaccess) { 4649 ret = validate_functions(file); 4650 if (ret < 0) 4651 goto out; 4652 warnings += ret; 4653 4654 ret = validate_unwind_hints(file, NULL); 4655 if (ret < 0) 4656 goto out; 4657 warnings += ret; 4658 4659 if (!warnings) { 4660 ret = validate_reachable_instructions(file); 4661 if (ret < 0) 4662 goto out; 4663 warnings += ret; 4664 } 4665 4666 } else if (opts.noinstr) { 4667 ret = validate_noinstr_sections(file); 4668 if (ret < 0) 4669 goto out; 4670 warnings += ret; 4671 } 4672 4673 if (opts.unret) { 4674 /* 4675 * Must be after validate_branch() and friends, it plays 4676 * further games with insn->visited. 4677 */ 4678 ret = validate_unrets(file); 4679 if (ret < 0) 4680 return ret; 4681 warnings += ret; 4682 } 4683 4684 if (opts.ibt) { 4685 ret = validate_ibt(file); 4686 if (ret < 0) 4687 goto out; 4688 warnings += ret; 4689 } 4690 4691 if (opts.sls) { 4692 ret = validate_sls(file); 4693 if (ret < 0) 4694 goto out; 4695 warnings += ret; 4696 } 4697 4698 if (opts.static_call) { 4699 ret = create_static_call_sections(file); 4700 if (ret < 0) 4701 goto out; 4702 warnings += ret; 4703 } 4704 4705 if (opts.retpoline) { 4706 ret = create_retpoline_sites_sections(file); 4707 if (ret < 0) 4708 goto out; 4709 warnings += ret; 4710 } 4711 4712 if (opts.cfi) { 4713 ret = create_cfi_sections(file); 4714 if (ret < 0) 4715 goto out; 4716 warnings += ret; 4717 } 4718 4719 if (opts.rethunk) { 4720 ret = create_return_sites_sections(file); 4721 if (ret < 0) 4722 goto out; 4723 warnings += ret; 4724 4725 if (opts.hack_skylake) { 4726 ret = create_direct_call_sections(file); 4727 if (ret < 0) 4728 goto out; 4729 warnings += ret; 4730 } 4731 } 4732 4733 if (opts.mcount) { 4734 ret = create_mcount_loc_sections(file); 4735 if (ret < 0) 4736 goto out; 4737 warnings += ret; 4738 } 4739 4740 if (opts.prefix) { 4741 ret = add_prefix_symbols(file); 4742 if (ret < 0) 4743 return ret; 4744 warnings += ret; 4745 } 4746 4747 if (opts.ibt) { 4748 ret = create_ibt_endbr_seal_sections(file); 4749 if (ret < 0) 4750 goto out; 4751 warnings += ret; 4752 } 4753 4754 if (opts.orc && nr_insns) { 4755 ret = orc_create(file); 4756 if (ret < 0) 4757 goto out; 4758 warnings += ret; 4759 } 4760 4761 if (opts.verbose) 4762 disas_warned_funcs(file); 4763 4764 if (opts.stats) { 4765 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4766 printf("nr_cfi: %ld\n", nr_cfi); 4767 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4768 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4769 } 4770 4771 out: 4772 /* 4773 * For now, don't fail the kernel build on fatal warnings. These 4774 * errors are still fairly common due to the growing matrix of 4775 * supported toolchains and their recent pace of change. 4776 */ 4777 return 0; 4778 } 4779