1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 9 #include "builtin.h" 10 #include "cfi.h" 11 #include "arch.h" 12 #include "check.h" 13 #include "special.h" 14 #include "warn.h" 15 #include "arch_elf.h" 16 17 #include <linux/hashtable.h> 18 #include <linux/kernel.h> 19 #include <linux/static_call_types.h> 20 21 #define FAKE_JUMP_OFFSET -1 22 23 #define C_JUMP_TABLE_SECTION ".rodata..c_jump_table" 24 25 struct alternative { 26 struct list_head list; 27 struct instruction *insn; 28 bool skip_orig; 29 }; 30 31 const char *objname; 32 struct cfi_init_state initial_func_cfi; 33 34 struct instruction *find_insn(struct objtool_file *file, 35 struct section *sec, unsigned long offset) 36 { 37 struct instruction *insn; 38 39 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 40 if (insn->sec == sec && insn->offset == offset) 41 return insn; 42 } 43 44 return NULL; 45 } 46 47 static struct instruction *next_insn_same_sec(struct objtool_file *file, 48 struct instruction *insn) 49 { 50 struct instruction *next = list_next_entry(insn, list); 51 52 if (!next || &next->list == &file->insn_list || next->sec != insn->sec) 53 return NULL; 54 55 return next; 56 } 57 58 static struct instruction *next_insn_same_func(struct objtool_file *file, 59 struct instruction *insn) 60 { 61 struct instruction *next = list_next_entry(insn, list); 62 struct symbol *func = insn->func; 63 64 if (!func) 65 return NULL; 66 67 if (&next->list != &file->insn_list && next->func == func) 68 return next; 69 70 /* Check if we're already in the subfunction: */ 71 if (func == func->cfunc) 72 return NULL; 73 74 /* Move to the subfunction: */ 75 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 76 } 77 78 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 79 struct instruction *insn) 80 { 81 struct instruction *prev = list_prev_entry(insn, list); 82 83 if (&prev->list != &file->insn_list && prev->func == insn->func) 84 return prev; 85 86 return NULL; 87 } 88 89 #define func_for_each_insn(file, func, insn) \ 90 for (insn = find_insn(file, func->sec, func->offset); \ 91 insn; \ 92 insn = next_insn_same_func(file, insn)) 93 94 #define sym_for_each_insn(file, sym, insn) \ 95 for (insn = find_insn(file, sym->sec, sym->offset); \ 96 insn && &insn->list != &file->insn_list && \ 97 insn->sec == sym->sec && \ 98 insn->offset < sym->offset + sym->len; \ 99 insn = list_next_entry(insn, list)) 100 101 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 102 for (insn = list_prev_entry(insn, list); \ 103 &insn->list != &file->insn_list && \ 104 insn->sec == sym->sec && insn->offset >= sym->offset; \ 105 insn = list_prev_entry(insn, list)) 106 107 #define sec_for_each_insn_from(file, insn) \ 108 for (; insn; insn = next_insn_same_sec(file, insn)) 109 110 #define sec_for_each_insn_continue(file, insn) \ 111 for (insn = next_insn_same_sec(file, insn); insn; \ 112 insn = next_insn_same_sec(file, insn)) 113 114 static bool is_static_jump(struct instruction *insn) 115 { 116 return insn->type == INSN_JUMP_CONDITIONAL || 117 insn->type == INSN_JUMP_UNCONDITIONAL; 118 } 119 120 static bool is_sibling_call(struct instruction *insn) 121 { 122 /* An indirect jump is either a sibling call or a jump to a table. */ 123 if (insn->type == INSN_JUMP_DYNAMIC) 124 return list_empty(&insn->alts); 125 126 if (!is_static_jump(insn)) 127 return false; 128 129 /* add_jump_destinations() sets insn->call_dest for sibling calls. */ 130 return !!insn->call_dest; 131 } 132 133 /* 134 * This checks to see if the given function is a "noreturn" function. 135 * 136 * For global functions which are outside the scope of this object file, we 137 * have to keep a manual list of them. 138 * 139 * For local functions, we have to detect them manually by simply looking for 140 * the lack of a return instruction. 141 */ 142 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 143 int recursion) 144 { 145 int i; 146 struct instruction *insn; 147 bool empty = true; 148 149 /* 150 * Unfortunately these have to be hard coded because the noreturn 151 * attribute isn't provided in ELF data. 152 */ 153 static const char * const global_noreturns[] = { 154 "__stack_chk_fail", 155 "panic", 156 "do_exit", 157 "do_task_dead", 158 "__module_put_and_exit", 159 "complete_and_exit", 160 "__reiserfs_panic", 161 "lbug_with_loc", 162 "fortify_panic", 163 "usercopy_abort", 164 "machine_real_restart", 165 "rewind_stack_do_exit", 166 "kunit_try_catch_throw", 167 }; 168 169 if (!func) 170 return false; 171 172 if (func->bind == STB_WEAK) 173 return false; 174 175 if (func->bind == STB_GLOBAL) 176 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 177 if (!strcmp(func->name, global_noreturns[i])) 178 return true; 179 180 if (!func->len) 181 return false; 182 183 insn = find_insn(file, func->sec, func->offset); 184 if (!insn->func) 185 return false; 186 187 func_for_each_insn(file, func, insn) { 188 empty = false; 189 190 if (insn->type == INSN_RETURN) 191 return false; 192 } 193 194 if (empty) 195 return false; 196 197 /* 198 * A function can have a sibling call instead of a return. In that 199 * case, the function's dead-end status depends on whether the target 200 * of the sibling call returns. 201 */ 202 func_for_each_insn(file, func, insn) { 203 if (is_sibling_call(insn)) { 204 struct instruction *dest = insn->jump_dest; 205 206 if (!dest) 207 /* sibling call to another file */ 208 return false; 209 210 /* local sibling call */ 211 if (recursion == 5) { 212 /* 213 * Infinite recursion: two functions have 214 * sibling calls to each other. This is a very 215 * rare case. It means they aren't dead ends. 216 */ 217 return false; 218 } 219 220 return __dead_end_function(file, dest->func, recursion+1); 221 } 222 } 223 224 return true; 225 } 226 227 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 228 { 229 return __dead_end_function(file, func, 0); 230 } 231 232 static void init_cfi_state(struct cfi_state *cfi) 233 { 234 int i; 235 236 for (i = 0; i < CFI_NUM_REGS; i++) { 237 cfi->regs[i].base = CFI_UNDEFINED; 238 cfi->vals[i].base = CFI_UNDEFINED; 239 } 240 cfi->cfa.base = CFI_UNDEFINED; 241 cfi->drap_reg = CFI_UNDEFINED; 242 cfi->drap_offset = -1; 243 } 244 245 static void init_insn_state(struct insn_state *state, struct section *sec) 246 { 247 memset(state, 0, sizeof(*state)); 248 init_cfi_state(&state->cfi); 249 250 /* 251 * We need the full vmlinux for noinstr validation, otherwise we can 252 * not correctly determine insn->call_dest->sec (external symbols do 253 * not have a section). 254 */ 255 if (vmlinux && sec) 256 state->noinstr = sec->noinstr; 257 } 258 259 /* 260 * Call the arch-specific instruction decoder for all the instructions and add 261 * them to the global instruction list. 262 */ 263 static int decode_instructions(struct objtool_file *file) 264 { 265 struct section *sec; 266 struct symbol *func; 267 unsigned long offset; 268 struct instruction *insn; 269 unsigned long nr_insns = 0; 270 int ret; 271 272 for_each_sec(file, sec) { 273 274 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 275 continue; 276 277 if (strcmp(sec->name, ".altinstr_replacement") && 278 strcmp(sec->name, ".altinstr_aux") && 279 strncmp(sec->name, ".discard.", 9)) 280 sec->text = true; 281 282 if (!strcmp(sec->name, ".noinstr.text") || 283 !strcmp(sec->name, ".entry.text")) 284 sec->noinstr = true; 285 286 for (offset = 0; offset < sec->len; offset += insn->len) { 287 insn = malloc(sizeof(*insn)); 288 if (!insn) { 289 WARN("malloc failed"); 290 return -1; 291 } 292 memset(insn, 0, sizeof(*insn)); 293 INIT_LIST_HEAD(&insn->alts); 294 INIT_LIST_HEAD(&insn->stack_ops); 295 init_cfi_state(&insn->cfi); 296 297 insn->sec = sec; 298 insn->offset = offset; 299 300 ret = arch_decode_instruction(file->elf, sec, offset, 301 sec->len - offset, 302 &insn->len, &insn->type, 303 &insn->immediate, 304 &insn->stack_ops); 305 if (ret) 306 goto err; 307 308 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 309 list_add_tail(&insn->list, &file->insn_list); 310 nr_insns++; 311 } 312 313 list_for_each_entry(func, &sec->symbol_list, list) { 314 if (func->type != STT_FUNC || func->alias != func) 315 continue; 316 317 if (!find_insn(file, sec, func->offset)) { 318 WARN("%s(): can't find starting instruction", 319 func->name); 320 return -1; 321 } 322 323 sym_for_each_insn(file, func, insn) 324 insn->func = func; 325 } 326 } 327 328 if (stats) 329 printf("nr_insns: %lu\n", nr_insns); 330 331 return 0; 332 333 err: 334 free(insn); 335 return ret; 336 } 337 338 static struct instruction *find_last_insn(struct objtool_file *file, 339 struct section *sec) 340 { 341 struct instruction *insn = NULL; 342 unsigned int offset; 343 unsigned int end = (sec->len > 10) ? sec->len - 10 : 0; 344 345 for (offset = sec->len - 1; offset >= end && !insn; offset--) 346 insn = find_insn(file, sec, offset); 347 348 return insn; 349 } 350 351 /* 352 * Mark "ud2" instructions and manually annotated dead ends. 353 */ 354 static int add_dead_ends(struct objtool_file *file) 355 { 356 struct section *sec; 357 struct reloc *reloc; 358 struct instruction *insn; 359 360 /* 361 * By default, "ud2" is a dead end unless otherwise annotated, because 362 * GCC 7 inserts it for certain divide-by-zero cases. 363 */ 364 for_each_insn(file, insn) 365 if (insn->type == INSN_BUG) 366 insn->dead_end = true; 367 368 /* 369 * Check for manually annotated dead ends. 370 */ 371 sec = find_section_by_name(file->elf, ".rela.discard.unreachable"); 372 if (!sec) 373 goto reachable; 374 375 list_for_each_entry(reloc, &sec->reloc_list, list) { 376 if (reloc->sym->type != STT_SECTION) { 377 WARN("unexpected relocation symbol type in %s", sec->name); 378 return -1; 379 } 380 insn = find_insn(file, reloc->sym->sec, reloc->addend); 381 if (insn) 382 insn = list_prev_entry(insn, list); 383 else if (reloc->addend == reloc->sym->sec->len) { 384 insn = find_last_insn(file, reloc->sym->sec); 385 if (!insn) { 386 WARN("can't find unreachable insn at %s+0x%x", 387 reloc->sym->sec->name, reloc->addend); 388 return -1; 389 } 390 } else { 391 WARN("can't find unreachable insn at %s+0x%x", 392 reloc->sym->sec->name, reloc->addend); 393 return -1; 394 } 395 396 insn->dead_end = true; 397 } 398 399 reachable: 400 /* 401 * These manually annotated reachable checks are needed for GCC 4.4, 402 * where the Linux unreachable() macro isn't supported. In that case 403 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's 404 * not a dead end. 405 */ 406 sec = find_section_by_name(file->elf, ".rela.discard.reachable"); 407 if (!sec) 408 return 0; 409 410 list_for_each_entry(reloc, &sec->reloc_list, list) { 411 if (reloc->sym->type != STT_SECTION) { 412 WARN("unexpected relocation symbol type in %s", sec->name); 413 return -1; 414 } 415 insn = find_insn(file, reloc->sym->sec, reloc->addend); 416 if (insn) 417 insn = list_prev_entry(insn, list); 418 else if (reloc->addend == reloc->sym->sec->len) { 419 insn = find_last_insn(file, reloc->sym->sec); 420 if (!insn) { 421 WARN("can't find reachable insn at %s+0x%x", 422 reloc->sym->sec->name, reloc->addend); 423 return -1; 424 } 425 } else { 426 WARN("can't find reachable insn at %s+0x%x", 427 reloc->sym->sec->name, reloc->addend); 428 return -1; 429 } 430 431 insn->dead_end = false; 432 } 433 434 return 0; 435 } 436 437 static int create_static_call_sections(struct objtool_file *file) 438 { 439 struct section *sec, *reloc_sec; 440 struct reloc *reloc; 441 struct static_call_site *site; 442 struct instruction *insn; 443 struct symbol *key_sym; 444 char *key_name, *tmp; 445 int idx; 446 447 sec = find_section_by_name(file->elf, ".static_call_sites"); 448 if (sec) { 449 INIT_LIST_HEAD(&file->static_call_list); 450 WARN("file already has .static_call_sites section, skipping"); 451 return 0; 452 } 453 454 if (list_empty(&file->static_call_list)) 455 return 0; 456 457 idx = 0; 458 list_for_each_entry(insn, &file->static_call_list, static_call_node) 459 idx++; 460 461 sec = elf_create_section(file->elf, ".static_call_sites", SHF_WRITE, 462 sizeof(struct static_call_site), idx); 463 if (!sec) 464 return -1; 465 466 reloc_sec = elf_create_reloc_section(file->elf, sec, SHT_RELA); 467 if (!reloc_sec) 468 return -1; 469 470 idx = 0; 471 list_for_each_entry(insn, &file->static_call_list, static_call_node) { 472 473 site = (struct static_call_site *)sec->data->d_buf + idx; 474 memset(site, 0, sizeof(struct static_call_site)); 475 476 /* populate reloc for 'addr' */ 477 reloc = malloc(sizeof(*reloc)); 478 if (!reloc) { 479 perror("malloc"); 480 return -1; 481 } 482 memset(reloc, 0, sizeof(*reloc)); 483 reloc->sym = insn->sec->sym; 484 reloc->addend = insn->offset; 485 reloc->type = R_X86_64_PC32; 486 reloc->offset = idx * sizeof(struct static_call_site); 487 reloc->sec = reloc_sec; 488 elf_add_reloc(file->elf, reloc); 489 490 /* find key symbol */ 491 key_name = strdup(insn->call_dest->name); 492 if (!key_name) { 493 perror("strdup"); 494 return -1; 495 } 496 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 497 STATIC_CALL_TRAMP_PREFIX_LEN)) { 498 WARN("static_call: trampoline name malformed: %s", key_name); 499 return -1; 500 } 501 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 502 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 503 504 key_sym = find_symbol_by_name(file->elf, tmp); 505 if (!key_sym) { 506 WARN("static_call: can't find static_call_key symbol: %s", tmp); 507 return -1; 508 } 509 free(key_name); 510 511 /* populate reloc for 'key' */ 512 reloc = malloc(sizeof(*reloc)); 513 if (!reloc) { 514 perror("malloc"); 515 return -1; 516 } 517 memset(reloc, 0, sizeof(*reloc)); 518 reloc->sym = key_sym; 519 reloc->addend = is_sibling_call(insn) ? STATIC_CALL_SITE_TAIL : 0; 520 reloc->type = R_X86_64_PC32; 521 reloc->offset = idx * sizeof(struct static_call_site) + 4; 522 reloc->sec = reloc_sec; 523 elf_add_reloc(file->elf, reloc); 524 525 idx++; 526 } 527 528 if (elf_rebuild_reloc_section(file->elf, reloc_sec)) 529 return -1; 530 531 return 0; 532 } 533 534 /* 535 * Warnings shouldn't be reported for ignored functions. 536 */ 537 static void add_ignores(struct objtool_file *file) 538 { 539 struct instruction *insn; 540 struct section *sec; 541 struct symbol *func; 542 struct reloc *reloc; 543 544 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 545 if (!sec) 546 return; 547 548 list_for_each_entry(reloc, &sec->reloc_list, list) { 549 switch (reloc->sym->type) { 550 case STT_FUNC: 551 func = reloc->sym; 552 break; 553 554 case STT_SECTION: 555 func = find_func_by_offset(reloc->sym->sec, reloc->addend); 556 if (!func) 557 continue; 558 break; 559 560 default: 561 WARN("unexpected relocation symbol type in %s: %d", sec->name, reloc->sym->type); 562 continue; 563 } 564 565 func_for_each_insn(file, func, insn) 566 insn->ignore = true; 567 } 568 } 569 570 /* 571 * This is a whitelist of functions that is allowed to be called with AC set. 572 * The list is meant to be minimal and only contains compiler instrumentation 573 * ABI and a few functions used to implement *_{to,from}_user() functions. 574 * 575 * These functions must not directly change AC, but may PUSHF/POPF. 576 */ 577 static const char *uaccess_safe_builtin[] = { 578 /* KASAN */ 579 "kasan_report", 580 "check_memory_region", 581 /* KASAN out-of-line */ 582 "__asan_loadN_noabort", 583 "__asan_load1_noabort", 584 "__asan_load2_noabort", 585 "__asan_load4_noabort", 586 "__asan_load8_noabort", 587 "__asan_load16_noabort", 588 "__asan_storeN_noabort", 589 "__asan_store1_noabort", 590 "__asan_store2_noabort", 591 "__asan_store4_noabort", 592 "__asan_store8_noabort", 593 "__asan_store16_noabort", 594 /* KASAN in-line */ 595 "__asan_report_load_n_noabort", 596 "__asan_report_load1_noabort", 597 "__asan_report_load2_noabort", 598 "__asan_report_load4_noabort", 599 "__asan_report_load8_noabort", 600 "__asan_report_load16_noabort", 601 "__asan_report_store_n_noabort", 602 "__asan_report_store1_noabort", 603 "__asan_report_store2_noabort", 604 "__asan_report_store4_noabort", 605 "__asan_report_store8_noabort", 606 "__asan_report_store16_noabort", 607 /* KCSAN */ 608 "__kcsan_check_access", 609 "kcsan_found_watchpoint", 610 "kcsan_setup_watchpoint", 611 "kcsan_check_scoped_accesses", 612 "kcsan_disable_current", 613 "kcsan_enable_current_nowarn", 614 /* KCSAN/TSAN */ 615 "__tsan_func_entry", 616 "__tsan_func_exit", 617 "__tsan_read_range", 618 "__tsan_write_range", 619 "__tsan_read1", 620 "__tsan_read2", 621 "__tsan_read4", 622 "__tsan_read8", 623 "__tsan_read16", 624 "__tsan_write1", 625 "__tsan_write2", 626 "__tsan_write4", 627 "__tsan_write8", 628 "__tsan_write16", 629 "__tsan_read_write1", 630 "__tsan_read_write2", 631 "__tsan_read_write4", 632 "__tsan_read_write8", 633 "__tsan_read_write16", 634 "__tsan_atomic8_load", 635 "__tsan_atomic16_load", 636 "__tsan_atomic32_load", 637 "__tsan_atomic64_load", 638 "__tsan_atomic8_store", 639 "__tsan_atomic16_store", 640 "__tsan_atomic32_store", 641 "__tsan_atomic64_store", 642 "__tsan_atomic8_exchange", 643 "__tsan_atomic16_exchange", 644 "__tsan_atomic32_exchange", 645 "__tsan_atomic64_exchange", 646 "__tsan_atomic8_fetch_add", 647 "__tsan_atomic16_fetch_add", 648 "__tsan_atomic32_fetch_add", 649 "__tsan_atomic64_fetch_add", 650 "__tsan_atomic8_fetch_sub", 651 "__tsan_atomic16_fetch_sub", 652 "__tsan_atomic32_fetch_sub", 653 "__tsan_atomic64_fetch_sub", 654 "__tsan_atomic8_fetch_and", 655 "__tsan_atomic16_fetch_and", 656 "__tsan_atomic32_fetch_and", 657 "__tsan_atomic64_fetch_and", 658 "__tsan_atomic8_fetch_or", 659 "__tsan_atomic16_fetch_or", 660 "__tsan_atomic32_fetch_or", 661 "__tsan_atomic64_fetch_or", 662 "__tsan_atomic8_fetch_xor", 663 "__tsan_atomic16_fetch_xor", 664 "__tsan_atomic32_fetch_xor", 665 "__tsan_atomic64_fetch_xor", 666 "__tsan_atomic8_fetch_nand", 667 "__tsan_atomic16_fetch_nand", 668 "__tsan_atomic32_fetch_nand", 669 "__tsan_atomic64_fetch_nand", 670 "__tsan_atomic8_compare_exchange_strong", 671 "__tsan_atomic16_compare_exchange_strong", 672 "__tsan_atomic32_compare_exchange_strong", 673 "__tsan_atomic64_compare_exchange_strong", 674 "__tsan_atomic8_compare_exchange_weak", 675 "__tsan_atomic16_compare_exchange_weak", 676 "__tsan_atomic32_compare_exchange_weak", 677 "__tsan_atomic64_compare_exchange_weak", 678 "__tsan_atomic8_compare_exchange_val", 679 "__tsan_atomic16_compare_exchange_val", 680 "__tsan_atomic32_compare_exchange_val", 681 "__tsan_atomic64_compare_exchange_val", 682 "__tsan_atomic_thread_fence", 683 "__tsan_atomic_signal_fence", 684 /* KCOV */ 685 "write_comp_data", 686 "check_kcov_mode", 687 "__sanitizer_cov_trace_pc", 688 "__sanitizer_cov_trace_const_cmp1", 689 "__sanitizer_cov_trace_const_cmp2", 690 "__sanitizer_cov_trace_const_cmp4", 691 "__sanitizer_cov_trace_const_cmp8", 692 "__sanitizer_cov_trace_cmp1", 693 "__sanitizer_cov_trace_cmp2", 694 "__sanitizer_cov_trace_cmp4", 695 "__sanitizer_cov_trace_cmp8", 696 "__sanitizer_cov_trace_switch", 697 /* UBSAN */ 698 "ubsan_type_mismatch_common", 699 "__ubsan_handle_type_mismatch", 700 "__ubsan_handle_type_mismatch_v1", 701 "__ubsan_handle_shift_out_of_bounds", 702 /* misc */ 703 "csum_partial_copy_generic", 704 "copy_mc_fragile", 705 "copy_mc_fragile_handle_tail", 706 "copy_mc_enhanced_fast_string", 707 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 708 NULL 709 }; 710 711 static void add_uaccess_safe(struct objtool_file *file) 712 { 713 struct symbol *func; 714 const char **name; 715 716 if (!uaccess) 717 return; 718 719 for (name = uaccess_safe_builtin; *name; name++) { 720 func = find_symbol_by_name(file->elf, *name); 721 if (!func) 722 continue; 723 724 func->uaccess_safe = true; 725 } 726 } 727 728 /* 729 * FIXME: For now, just ignore any alternatives which add retpolines. This is 730 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline. 731 * But it at least allows objtool to understand the control flow *around* the 732 * retpoline. 733 */ 734 static int add_ignore_alternatives(struct objtool_file *file) 735 { 736 struct section *sec; 737 struct reloc *reloc; 738 struct instruction *insn; 739 740 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts"); 741 if (!sec) 742 return 0; 743 744 list_for_each_entry(reloc, &sec->reloc_list, list) { 745 if (reloc->sym->type != STT_SECTION) { 746 WARN("unexpected relocation symbol type in %s", sec->name); 747 return -1; 748 } 749 750 insn = find_insn(file, reloc->sym->sec, reloc->addend); 751 if (!insn) { 752 WARN("bad .discard.ignore_alts entry"); 753 return -1; 754 } 755 756 insn->ignore_alts = true; 757 } 758 759 return 0; 760 } 761 762 /* 763 * Find the destination instructions for all jumps. 764 */ 765 static int add_jump_destinations(struct objtool_file *file) 766 { 767 struct instruction *insn; 768 struct reloc *reloc; 769 struct section *dest_sec; 770 unsigned long dest_off; 771 772 for_each_insn(file, insn) { 773 if (!is_static_jump(insn)) 774 continue; 775 776 if (insn->offset == FAKE_JUMP_OFFSET) 777 continue; 778 779 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 780 insn->offset, insn->len); 781 if (!reloc) { 782 dest_sec = insn->sec; 783 dest_off = arch_jump_destination(insn); 784 } else if (reloc->sym->type == STT_SECTION) { 785 dest_sec = reloc->sym->sec; 786 dest_off = arch_dest_reloc_offset(reloc->addend); 787 } else if (reloc->sym->sec->idx) { 788 dest_sec = reloc->sym->sec; 789 dest_off = reloc->sym->sym.st_value + 790 arch_dest_reloc_offset(reloc->addend); 791 } else if (strstr(reloc->sym->name, "_indirect_thunk_")) { 792 /* 793 * Retpoline jumps are really dynamic jumps in 794 * disguise, so convert them accordingly. 795 */ 796 if (insn->type == INSN_JUMP_UNCONDITIONAL) 797 insn->type = INSN_JUMP_DYNAMIC; 798 else 799 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 800 801 insn->retpoline_safe = true; 802 continue; 803 } else { 804 /* external sibling call */ 805 insn->call_dest = reloc->sym; 806 if (insn->call_dest->static_call_tramp) { 807 list_add_tail(&insn->static_call_node, 808 &file->static_call_list); 809 } 810 continue; 811 } 812 813 insn->jump_dest = find_insn(file, dest_sec, dest_off); 814 if (!insn->jump_dest) { 815 816 /* 817 * This is a special case where an alt instruction 818 * jumps past the end of the section. These are 819 * handled later in handle_group_alt(). 820 */ 821 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 822 continue; 823 824 WARN_FUNC("can't find jump dest instruction at %s+0x%lx", 825 insn->sec, insn->offset, dest_sec->name, 826 dest_off); 827 return -1; 828 } 829 830 /* 831 * Cross-function jump. 832 */ 833 if (insn->func && insn->jump_dest->func && 834 insn->func != insn->jump_dest->func) { 835 836 /* 837 * For GCC 8+, create parent/child links for any cold 838 * subfunctions. This is _mostly_ redundant with a 839 * similar initialization in read_symbols(). 840 * 841 * If a function has aliases, we want the *first* such 842 * function in the symbol table to be the subfunction's 843 * parent. In that case we overwrite the 844 * initialization done in read_symbols(). 845 * 846 * However this code can't completely replace the 847 * read_symbols() code because this doesn't detect the 848 * case where the parent function's only reference to a 849 * subfunction is through a jump table. 850 */ 851 if (!strstr(insn->func->name, ".cold.") && 852 strstr(insn->jump_dest->func->name, ".cold.")) { 853 insn->func->cfunc = insn->jump_dest->func; 854 insn->jump_dest->func->pfunc = insn->func; 855 856 } else if (insn->jump_dest->func->pfunc != insn->func->pfunc && 857 insn->jump_dest->offset == insn->jump_dest->func->offset) { 858 859 /* internal sibling call */ 860 insn->call_dest = insn->jump_dest->func; 861 if (insn->call_dest->static_call_tramp) { 862 list_add_tail(&insn->static_call_node, 863 &file->static_call_list); 864 } 865 } 866 } 867 } 868 869 return 0; 870 } 871 872 static void remove_insn_ops(struct instruction *insn) 873 { 874 struct stack_op *op, *tmp; 875 876 list_for_each_entry_safe(op, tmp, &insn->stack_ops, list) { 877 list_del(&op->list); 878 free(op); 879 } 880 } 881 882 /* 883 * Find the destination instructions for all calls. 884 */ 885 static int add_call_destinations(struct objtool_file *file) 886 { 887 struct instruction *insn; 888 unsigned long dest_off; 889 struct reloc *reloc; 890 891 for_each_insn(file, insn) { 892 if (insn->type != INSN_CALL) 893 continue; 894 895 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 896 insn->offset, insn->len); 897 if (!reloc) { 898 dest_off = arch_jump_destination(insn); 899 insn->call_dest = find_func_by_offset(insn->sec, dest_off); 900 if (!insn->call_dest) 901 insn->call_dest = find_symbol_by_offset(insn->sec, dest_off); 902 903 if (insn->ignore) 904 continue; 905 906 if (!insn->call_dest) { 907 WARN_FUNC("unannotated intra-function call", insn->sec, insn->offset); 908 return -1; 909 } 910 911 if (insn->func && insn->call_dest->type != STT_FUNC) { 912 WARN_FUNC("unsupported call to non-function", 913 insn->sec, insn->offset); 914 return -1; 915 } 916 917 } else if (reloc->sym->type == STT_SECTION) { 918 dest_off = arch_dest_reloc_offset(reloc->addend); 919 insn->call_dest = find_func_by_offset(reloc->sym->sec, 920 dest_off); 921 if (!insn->call_dest) { 922 WARN_FUNC("can't find call dest symbol at %s+0x%lx", 923 insn->sec, insn->offset, 924 reloc->sym->sec->name, 925 dest_off); 926 return -1; 927 } 928 } else 929 insn->call_dest = reloc->sym; 930 931 /* 932 * Many compilers cannot disable KCOV with a function attribute 933 * so they need a little help, NOP out any KCOV calls from noinstr 934 * text. 935 */ 936 if (insn->sec->noinstr && 937 !strncmp(insn->call_dest->name, "__sanitizer_cov_", 16)) { 938 if (reloc) { 939 reloc->type = R_NONE; 940 elf_write_reloc(file->elf, reloc); 941 } 942 943 elf_write_insn(file->elf, insn->sec, 944 insn->offset, insn->len, 945 arch_nop_insn(insn->len)); 946 insn->type = INSN_NOP; 947 } 948 949 /* 950 * Whatever stack impact regular CALLs have, should be undone 951 * by the RETURN of the called function. 952 * 953 * Annotated intra-function calls retain the stack_ops but 954 * are converted to JUMP, see read_intra_function_calls(). 955 */ 956 remove_insn_ops(insn); 957 } 958 959 return 0; 960 } 961 962 /* 963 * The .alternatives section requires some extra special care, over and above 964 * what other special sections require: 965 * 966 * 1. Because alternatives are patched in-place, we need to insert a fake jump 967 * instruction at the end so that validate_branch() skips all the original 968 * replaced instructions when validating the new instruction path. 969 * 970 * 2. An added wrinkle is that the new instruction length might be zero. In 971 * that case the old instructions are replaced with noops. We simulate that 972 * by creating a fake jump as the only new instruction. 973 * 974 * 3. In some cases, the alternative section includes an instruction which 975 * conditionally jumps to the _end_ of the entry. We have to modify these 976 * jumps' destinations to point back to .text rather than the end of the 977 * entry in .altinstr_replacement. 978 */ 979 static int handle_group_alt(struct objtool_file *file, 980 struct special_alt *special_alt, 981 struct instruction *orig_insn, 982 struct instruction **new_insn) 983 { 984 static unsigned int alt_group_next_index = 1; 985 struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump = NULL; 986 unsigned int alt_group = alt_group_next_index++; 987 unsigned long dest_off; 988 989 last_orig_insn = NULL; 990 insn = orig_insn; 991 sec_for_each_insn_from(file, insn) { 992 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 993 break; 994 995 insn->alt_group = alt_group; 996 last_orig_insn = insn; 997 } 998 999 if (next_insn_same_sec(file, last_orig_insn)) { 1000 fake_jump = malloc(sizeof(*fake_jump)); 1001 if (!fake_jump) { 1002 WARN("malloc failed"); 1003 return -1; 1004 } 1005 memset(fake_jump, 0, sizeof(*fake_jump)); 1006 INIT_LIST_HEAD(&fake_jump->alts); 1007 INIT_LIST_HEAD(&fake_jump->stack_ops); 1008 init_cfi_state(&fake_jump->cfi); 1009 1010 fake_jump->sec = special_alt->new_sec; 1011 fake_jump->offset = FAKE_JUMP_OFFSET; 1012 fake_jump->type = INSN_JUMP_UNCONDITIONAL; 1013 fake_jump->jump_dest = list_next_entry(last_orig_insn, list); 1014 fake_jump->func = orig_insn->func; 1015 } 1016 1017 if (!special_alt->new_len) { 1018 if (!fake_jump) { 1019 WARN("%s: empty alternative at end of section", 1020 special_alt->orig_sec->name); 1021 return -1; 1022 } 1023 1024 *new_insn = fake_jump; 1025 return 0; 1026 } 1027 1028 last_new_insn = NULL; 1029 alt_group = alt_group_next_index++; 1030 insn = *new_insn; 1031 sec_for_each_insn_from(file, insn) { 1032 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1033 break; 1034 1035 last_new_insn = insn; 1036 1037 insn->ignore = orig_insn->ignore_alts; 1038 insn->func = orig_insn->func; 1039 insn->alt_group = alt_group; 1040 1041 /* 1042 * Since alternative replacement code is copy/pasted by the 1043 * kernel after applying relocations, generally such code can't 1044 * have relative-address relocation references to outside the 1045 * .altinstr_replacement section, unless the arch's 1046 * alternatives code can adjust the relative offsets 1047 * accordingly. 1048 * 1049 * The x86 alternatives code adjusts the offsets only when it 1050 * encounters a branch instruction at the very beginning of the 1051 * replacement group. 1052 */ 1053 if ((insn->offset != special_alt->new_off || 1054 (insn->type != INSN_CALL && !is_static_jump(insn))) && 1055 find_reloc_by_dest_range(file->elf, insn->sec, insn->offset, insn->len)) { 1056 1057 WARN_FUNC("unsupported relocation in alternatives section", 1058 insn->sec, insn->offset); 1059 return -1; 1060 } 1061 1062 if (!is_static_jump(insn)) 1063 continue; 1064 1065 if (!insn->immediate) 1066 continue; 1067 1068 dest_off = arch_jump_destination(insn); 1069 if (dest_off == special_alt->new_off + special_alt->new_len) { 1070 if (!fake_jump) { 1071 WARN("%s: alternative jump to end of section", 1072 special_alt->orig_sec->name); 1073 return -1; 1074 } 1075 insn->jump_dest = fake_jump; 1076 } 1077 1078 if (!insn->jump_dest) { 1079 WARN_FUNC("can't find alternative jump destination", 1080 insn->sec, insn->offset); 1081 return -1; 1082 } 1083 } 1084 1085 if (!last_new_insn) { 1086 WARN_FUNC("can't find last new alternative instruction", 1087 special_alt->new_sec, special_alt->new_off); 1088 return -1; 1089 } 1090 1091 if (fake_jump) 1092 list_add(&fake_jump->list, &last_new_insn->list); 1093 1094 return 0; 1095 } 1096 1097 /* 1098 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1099 * If the original instruction is a jump, make the alt entry an effective nop 1100 * by just skipping the original instruction. 1101 */ 1102 static int handle_jump_alt(struct objtool_file *file, 1103 struct special_alt *special_alt, 1104 struct instruction *orig_insn, 1105 struct instruction **new_insn) 1106 { 1107 if (orig_insn->type == INSN_NOP) 1108 return 0; 1109 1110 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) { 1111 WARN_FUNC("unsupported instruction at jump label", 1112 orig_insn->sec, orig_insn->offset); 1113 return -1; 1114 } 1115 1116 *new_insn = list_next_entry(orig_insn, list); 1117 return 0; 1118 } 1119 1120 /* 1121 * Read all the special sections which have alternate instructions which can be 1122 * patched in or redirected to at runtime. Each instruction having alternate 1123 * instruction(s) has them added to its insn->alts list, which will be 1124 * traversed in validate_branch(). 1125 */ 1126 static int add_special_section_alts(struct objtool_file *file) 1127 { 1128 struct list_head special_alts; 1129 struct instruction *orig_insn, *new_insn; 1130 struct special_alt *special_alt, *tmp; 1131 struct alternative *alt; 1132 int ret; 1133 1134 ret = special_get_alts(file->elf, &special_alts); 1135 if (ret) 1136 return ret; 1137 1138 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1139 1140 orig_insn = find_insn(file, special_alt->orig_sec, 1141 special_alt->orig_off); 1142 if (!orig_insn) { 1143 WARN_FUNC("special: can't find orig instruction", 1144 special_alt->orig_sec, special_alt->orig_off); 1145 ret = -1; 1146 goto out; 1147 } 1148 1149 new_insn = NULL; 1150 if (!special_alt->group || special_alt->new_len) { 1151 new_insn = find_insn(file, special_alt->new_sec, 1152 special_alt->new_off); 1153 if (!new_insn) { 1154 WARN_FUNC("special: can't find new instruction", 1155 special_alt->new_sec, 1156 special_alt->new_off); 1157 ret = -1; 1158 goto out; 1159 } 1160 } 1161 1162 if (special_alt->group) { 1163 if (!special_alt->orig_len) { 1164 WARN_FUNC("empty alternative entry", 1165 orig_insn->sec, orig_insn->offset); 1166 continue; 1167 } 1168 1169 ret = handle_group_alt(file, special_alt, orig_insn, 1170 &new_insn); 1171 if (ret) 1172 goto out; 1173 } else if (special_alt->jump_or_nop) { 1174 ret = handle_jump_alt(file, special_alt, orig_insn, 1175 &new_insn); 1176 if (ret) 1177 goto out; 1178 } 1179 1180 alt = malloc(sizeof(*alt)); 1181 if (!alt) { 1182 WARN("malloc failed"); 1183 ret = -1; 1184 goto out; 1185 } 1186 1187 alt->insn = new_insn; 1188 alt->skip_orig = special_alt->skip_orig; 1189 orig_insn->ignore_alts |= special_alt->skip_alt; 1190 list_add_tail(&alt->list, &orig_insn->alts); 1191 1192 list_del(&special_alt->list); 1193 free(special_alt); 1194 } 1195 1196 out: 1197 return ret; 1198 } 1199 1200 static int add_jump_table(struct objtool_file *file, struct instruction *insn, 1201 struct reloc *table) 1202 { 1203 struct reloc *reloc = table; 1204 struct instruction *dest_insn; 1205 struct alternative *alt; 1206 struct symbol *pfunc = insn->func->pfunc; 1207 unsigned int prev_offset = 0; 1208 1209 /* 1210 * Each @reloc is a switch table relocation which points to the target 1211 * instruction. 1212 */ 1213 list_for_each_entry_from(reloc, &table->sec->reloc_list, list) { 1214 1215 /* Check for the end of the table: */ 1216 if (reloc != table && reloc->jump_table_start) 1217 break; 1218 1219 /* Make sure the table entries are consecutive: */ 1220 if (prev_offset && reloc->offset != prev_offset + 8) 1221 break; 1222 1223 /* Detect function pointers from contiguous objects: */ 1224 if (reloc->sym->sec == pfunc->sec && 1225 reloc->addend == pfunc->offset) 1226 break; 1227 1228 dest_insn = find_insn(file, reloc->sym->sec, reloc->addend); 1229 if (!dest_insn) 1230 break; 1231 1232 /* Make sure the destination is in the same function: */ 1233 if (!dest_insn->func || dest_insn->func->pfunc != pfunc) 1234 break; 1235 1236 alt = malloc(sizeof(*alt)); 1237 if (!alt) { 1238 WARN("malloc failed"); 1239 return -1; 1240 } 1241 1242 alt->insn = dest_insn; 1243 list_add_tail(&alt->list, &insn->alts); 1244 prev_offset = reloc->offset; 1245 } 1246 1247 if (!prev_offset) { 1248 WARN_FUNC("can't find switch jump table", 1249 insn->sec, insn->offset); 1250 return -1; 1251 } 1252 1253 return 0; 1254 } 1255 1256 /* 1257 * find_jump_table() - Given a dynamic jump, find the switch jump table in 1258 * .rodata associated with it. 1259 * 1260 * There are 3 basic patterns: 1261 * 1262 * 1. jmpq *[rodata addr](,%reg,8) 1263 * 1264 * This is the most common case by far. It jumps to an address in a simple 1265 * jump table which is stored in .rodata. 1266 * 1267 * 2. jmpq *[rodata addr](%rip) 1268 * 1269 * This is caused by a rare GCC quirk, currently only seen in three driver 1270 * functions in the kernel, only with certain obscure non-distro configs. 1271 * 1272 * As part of an optimization, GCC makes a copy of an existing switch jump 1273 * table, modifies it, and then hard-codes the jump (albeit with an indirect 1274 * jump) to use a single entry in the table. The rest of the jump table and 1275 * some of its jump targets remain as dead code. 1276 * 1277 * In such a case we can just crudely ignore all unreachable instruction 1278 * warnings for the entire object file. Ideally we would just ignore them 1279 * for the function, but that would require redesigning the code quite a 1280 * bit. And honestly that's just not worth doing: unreachable instruction 1281 * warnings are of questionable value anyway, and this is such a rare issue. 1282 * 1283 * 3. mov [rodata addr],%reg1 1284 * ... some instructions ... 1285 * jmpq *(%reg1,%reg2,8) 1286 * 1287 * This is a fairly uncommon pattern which is new for GCC 6. As of this 1288 * writing, there are 11 occurrences of it in the allmodconfig kernel. 1289 * 1290 * As of GCC 7 there are quite a few more of these and the 'in between' code 1291 * is significant. Esp. with KASAN enabled some of the code between the mov 1292 * and jmpq uses .rodata itself, which can confuse things. 1293 * 1294 * TODO: Once we have DWARF CFI and smarter instruction decoding logic, 1295 * ensure the same register is used in the mov and jump instructions. 1296 * 1297 * NOTE: RETPOLINE made it harder still to decode dynamic jumps. 1298 */ 1299 static struct reloc *find_jump_table(struct objtool_file *file, 1300 struct symbol *func, 1301 struct instruction *insn) 1302 { 1303 struct reloc *text_reloc, *table_reloc; 1304 struct instruction *dest_insn, *orig_insn = insn; 1305 struct section *table_sec; 1306 unsigned long table_offset; 1307 1308 /* 1309 * Backward search using the @first_jump_src links, these help avoid 1310 * much of the 'in between' code. Which avoids us getting confused by 1311 * it. 1312 */ 1313 for (; 1314 insn && insn->func && insn->func->pfunc == func; 1315 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 1316 1317 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 1318 break; 1319 1320 /* allow small jumps within the range */ 1321 if (insn->type == INSN_JUMP_UNCONDITIONAL && 1322 insn->jump_dest && 1323 (insn->jump_dest->offset <= insn->offset || 1324 insn->jump_dest->offset > orig_insn->offset)) 1325 break; 1326 1327 /* look for a relocation which references .rodata */ 1328 text_reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1329 insn->offset, insn->len); 1330 if (!text_reloc || text_reloc->sym->type != STT_SECTION || 1331 !text_reloc->sym->sec->rodata) 1332 continue; 1333 1334 table_offset = text_reloc->addend; 1335 table_sec = text_reloc->sym->sec; 1336 1337 if (text_reloc->type == R_X86_64_PC32) 1338 table_offset += 4; 1339 1340 /* 1341 * Make sure the .rodata address isn't associated with a 1342 * symbol. GCC jump tables are anonymous data. 1343 * 1344 * Also support C jump tables which are in the same format as 1345 * switch jump tables. For objtool to recognize them, they 1346 * need to be placed in the C_JUMP_TABLE_SECTION section. They 1347 * have symbols associated with them. 1348 */ 1349 if (find_symbol_containing(table_sec, table_offset) && 1350 strcmp(table_sec->name, C_JUMP_TABLE_SECTION)) 1351 continue; 1352 1353 /* 1354 * Each table entry has a reloc associated with it. The reloc 1355 * should reference text in the same function as the original 1356 * instruction. 1357 */ 1358 table_reloc = find_reloc_by_dest(file->elf, table_sec, table_offset); 1359 if (!table_reloc) 1360 continue; 1361 dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend); 1362 if (!dest_insn || !dest_insn->func || dest_insn->func->pfunc != func) 1363 continue; 1364 1365 /* 1366 * Use of RIP-relative switch jumps is quite rare, and 1367 * indicates a rare GCC quirk/bug which can leave dead code 1368 * behind. 1369 */ 1370 if (text_reloc->type == R_X86_64_PC32) 1371 file->ignore_unreachables = true; 1372 1373 return table_reloc; 1374 } 1375 1376 return NULL; 1377 } 1378 1379 /* 1380 * First pass: Mark the head of each jump table so that in the next pass, 1381 * we know when a given jump table ends and the next one starts. 1382 */ 1383 static void mark_func_jump_tables(struct objtool_file *file, 1384 struct symbol *func) 1385 { 1386 struct instruction *insn, *last = NULL; 1387 struct reloc *reloc; 1388 1389 func_for_each_insn(file, func, insn) { 1390 if (!last) 1391 last = insn; 1392 1393 /* 1394 * Store back-pointers for unconditional forward jumps such 1395 * that find_jump_table() can back-track using those and 1396 * avoid some potentially confusing code. 1397 */ 1398 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 1399 insn->offset > last->offset && 1400 insn->jump_dest->offset > insn->offset && 1401 !insn->jump_dest->first_jump_src) { 1402 1403 insn->jump_dest->first_jump_src = insn; 1404 last = insn->jump_dest; 1405 } 1406 1407 if (insn->type != INSN_JUMP_DYNAMIC) 1408 continue; 1409 1410 reloc = find_jump_table(file, func, insn); 1411 if (reloc) { 1412 reloc->jump_table_start = true; 1413 insn->jump_table = reloc; 1414 } 1415 } 1416 } 1417 1418 static int add_func_jump_tables(struct objtool_file *file, 1419 struct symbol *func) 1420 { 1421 struct instruction *insn; 1422 int ret; 1423 1424 func_for_each_insn(file, func, insn) { 1425 if (!insn->jump_table) 1426 continue; 1427 1428 ret = add_jump_table(file, insn, insn->jump_table); 1429 if (ret) 1430 return ret; 1431 } 1432 1433 return 0; 1434 } 1435 1436 /* 1437 * For some switch statements, gcc generates a jump table in the .rodata 1438 * section which contains a list of addresses within the function to jump to. 1439 * This finds these jump tables and adds them to the insn->alts lists. 1440 */ 1441 static int add_jump_table_alts(struct objtool_file *file) 1442 { 1443 struct section *sec; 1444 struct symbol *func; 1445 int ret; 1446 1447 if (!file->rodata) 1448 return 0; 1449 1450 for_each_sec(file, sec) { 1451 list_for_each_entry(func, &sec->symbol_list, list) { 1452 if (func->type != STT_FUNC) 1453 continue; 1454 1455 mark_func_jump_tables(file, func); 1456 ret = add_func_jump_tables(file, func); 1457 if (ret) 1458 return ret; 1459 } 1460 } 1461 1462 return 0; 1463 } 1464 1465 static int read_unwind_hints(struct objtool_file *file) 1466 { 1467 struct section *sec, *relocsec; 1468 struct reloc *reloc; 1469 struct unwind_hint *hint; 1470 struct instruction *insn; 1471 struct cfi_reg *cfa; 1472 int i; 1473 1474 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 1475 if (!sec) 1476 return 0; 1477 1478 relocsec = sec->reloc; 1479 if (!relocsec) { 1480 WARN("missing .rela.discard.unwind_hints section"); 1481 return -1; 1482 } 1483 1484 if (sec->len % sizeof(struct unwind_hint)) { 1485 WARN("struct unwind_hint size mismatch"); 1486 return -1; 1487 } 1488 1489 file->hints = true; 1490 1491 for (i = 0; i < sec->len / sizeof(struct unwind_hint); i++) { 1492 hint = (struct unwind_hint *)sec->data->d_buf + i; 1493 1494 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 1495 if (!reloc) { 1496 WARN("can't find reloc for unwind_hints[%d]", i); 1497 return -1; 1498 } 1499 1500 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1501 if (!insn) { 1502 WARN("can't find insn for unwind_hints[%d]", i); 1503 return -1; 1504 } 1505 1506 cfa = &insn->cfi.cfa; 1507 1508 if (hint->type == UNWIND_HINT_TYPE_RET_OFFSET) { 1509 insn->ret_offset = hint->sp_offset; 1510 continue; 1511 } 1512 1513 insn->hint = true; 1514 1515 switch (hint->sp_reg) { 1516 case ORC_REG_UNDEFINED: 1517 cfa->base = CFI_UNDEFINED; 1518 break; 1519 case ORC_REG_SP: 1520 cfa->base = CFI_SP; 1521 break; 1522 case ORC_REG_BP: 1523 cfa->base = CFI_BP; 1524 break; 1525 case ORC_REG_SP_INDIRECT: 1526 cfa->base = CFI_SP_INDIRECT; 1527 break; 1528 case ORC_REG_R10: 1529 cfa->base = CFI_R10; 1530 break; 1531 case ORC_REG_R13: 1532 cfa->base = CFI_R13; 1533 break; 1534 case ORC_REG_DI: 1535 cfa->base = CFI_DI; 1536 break; 1537 case ORC_REG_DX: 1538 cfa->base = CFI_DX; 1539 break; 1540 default: 1541 WARN_FUNC("unsupported unwind_hint sp base reg %d", 1542 insn->sec, insn->offset, hint->sp_reg); 1543 return -1; 1544 } 1545 1546 cfa->offset = hint->sp_offset; 1547 insn->cfi.type = hint->type; 1548 insn->cfi.end = hint->end; 1549 } 1550 1551 return 0; 1552 } 1553 1554 static int read_retpoline_hints(struct objtool_file *file) 1555 { 1556 struct section *sec; 1557 struct instruction *insn; 1558 struct reloc *reloc; 1559 1560 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); 1561 if (!sec) 1562 return 0; 1563 1564 list_for_each_entry(reloc, &sec->reloc_list, list) { 1565 if (reloc->sym->type != STT_SECTION) { 1566 WARN("unexpected relocation symbol type in %s", sec->name); 1567 return -1; 1568 } 1569 1570 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1571 if (!insn) { 1572 WARN("bad .discard.retpoline_safe entry"); 1573 return -1; 1574 } 1575 1576 if (insn->type != INSN_JUMP_DYNAMIC && 1577 insn->type != INSN_CALL_DYNAMIC) { 1578 WARN_FUNC("retpoline_safe hint not an indirect jump/call", 1579 insn->sec, insn->offset); 1580 return -1; 1581 } 1582 1583 insn->retpoline_safe = true; 1584 } 1585 1586 return 0; 1587 } 1588 1589 static int read_instr_hints(struct objtool_file *file) 1590 { 1591 struct section *sec; 1592 struct instruction *insn; 1593 struct reloc *reloc; 1594 1595 sec = find_section_by_name(file->elf, ".rela.discard.instr_end"); 1596 if (!sec) 1597 return 0; 1598 1599 list_for_each_entry(reloc, &sec->reloc_list, list) { 1600 if (reloc->sym->type != STT_SECTION) { 1601 WARN("unexpected relocation symbol type in %s", sec->name); 1602 return -1; 1603 } 1604 1605 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1606 if (!insn) { 1607 WARN("bad .discard.instr_end entry"); 1608 return -1; 1609 } 1610 1611 insn->instr--; 1612 } 1613 1614 sec = find_section_by_name(file->elf, ".rela.discard.instr_begin"); 1615 if (!sec) 1616 return 0; 1617 1618 list_for_each_entry(reloc, &sec->reloc_list, list) { 1619 if (reloc->sym->type != STT_SECTION) { 1620 WARN("unexpected relocation symbol type in %s", sec->name); 1621 return -1; 1622 } 1623 1624 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1625 if (!insn) { 1626 WARN("bad .discard.instr_begin entry"); 1627 return -1; 1628 } 1629 1630 insn->instr++; 1631 } 1632 1633 return 0; 1634 } 1635 1636 static int read_intra_function_calls(struct objtool_file *file) 1637 { 1638 struct instruction *insn; 1639 struct section *sec; 1640 struct reloc *reloc; 1641 1642 sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls"); 1643 if (!sec) 1644 return 0; 1645 1646 list_for_each_entry(reloc, &sec->reloc_list, list) { 1647 unsigned long dest_off; 1648 1649 if (reloc->sym->type != STT_SECTION) { 1650 WARN("unexpected relocation symbol type in %s", 1651 sec->name); 1652 return -1; 1653 } 1654 1655 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1656 if (!insn) { 1657 WARN("bad .discard.intra_function_call entry"); 1658 return -1; 1659 } 1660 1661 if (insn->type != INSN_CALL) { 1662 WARN_FUNC("intra_function_call not a direct call", 1663 insn->sec, insn->offset); 1664 return -1; 1665 } 1666 1667 /* 1668 * Treat intra-function CALLs as JMPs, but with a stack_op. 1669 * See add_call_destinations(), which strips stack_ops from 1670 * normal CALLs. 1671 */ 1672 insn->type = INSN_JUMP_UNCONDITIONAL; 1673 1674 dest_off = insn->offset + insn->len + insn->immediate; 1675 insn->jump_dest = find_insn(file, insn->sec, dest_off); 1676 if (!insn->jump_dest) { 1677 WARN_FUNC("can't find call dest at %s+0x%lx", 1678 insn->sec, insn->offset, 1679 insn->sec->name, dest_off); 1680 return -1; 1681 } 1682 } 1683 1684 return 0; 1685 } 1686 1687 static int read_static_call_tramps(struct objtool_file *file) 1688 { 1689 struct section *sec; 1690 struct symbol *func; 1691 1692 for_each_sec(file, sec) { 1693 list_for_each_entry(func, &sec->symbol_list, list) { 1694 if (func->bind == STB_GLOBAL && 1695 !strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 1696 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 1697 func->static_call_tramp = true; 1698 } 1699 } 1700 1701 return 0; 1702 } 1703 1704 static void mark_rodata(struct objtool_file *file) 1705 { 1706 struct section *sec; 1707 bool found = false; 1708 1709 /* 1710 * Search for the following rodata sections, each of which can 1711 * potentially contain jump tables: 1712 * 1713 * - .rodata: can contain GCC switch tables 1714 * - .rodata.<func>: same, if -fdata-sections is being used 1715 * - .rodata..c_jump_table: contains C annotated jump tables 1716 * 1717 * .rodata.str1.* sections are ignored; they don't contain jump tables. 1718 */ 1719 for_each_sec(file, sec) { 1720 if (!strncmp(sec->name, ".rodata", 7) && 1721 !strstr(sec->name, ".str1.")) { 1722 sec->rodata = true; 1723 found = true; 1724 } 1725 } 1726 1727 file->rodata = found; 1728 } 1729 1730 static int decode_sections(struct objtool_file *file) 1731 { 1732 int ret; 1733 1734 mark_rodata(file); 1735 1736 ret = decode_instructions(file); 1737 if (ret) 1738 return ret; 1739 1740 ret = add_dead_ends(file); 1741 if (ret) 1742 return ret; 1743 1744 add_ignores(file); 1745 add_uaccess_safe(file); 1746 1747 ret = add_ignore_alternatives(file); 1748 if (ret) 1749 return ret; 1750 1751 ret = read_static_call_tramps(file); 1752 if (ret) 1753 return ret; 1754 1755 ret = add_jump_destinations(file); 1756 if (ret) 1757 return ret; 1758 1759 ret = add_special_section_alts(file); 1760 if (ret) 1761 return ret; 1762 1763 ret = read_intra_function_calls(file); 1764 if (ret) 1765 return ret; 1766 1767 ret = add_call_destinations(file); 1768 if (ret) 1769 return ret; 1770 1771 ret = add_jump_table_alts(file); 1772 if (ret) 1773 return ret; 1774 1775 ret = read_unwind_hints(file); 1776 if (ret) 1777 return ret; 1778 1779 ret = read_retpoline_hints(file); 1780 if (ret) 1781 return ret; 1782 1783 ret = read_instr_hints(file); 1784 if (ret) 1785 return ret; 1786 1787 return 0; 1788 } 1789 1790 static bool is_fentry_call(struct instruction *insn) 1791 { 1792 if (insn->type == INSN_CALL && insn->call_dest && 1793 insn->call_dest->type == STT_NOTYPE && 1794 !strcmp(insn->call_dest->name, "__fentry__")) 1795 return true; 1796 1797 return false; 1798 } 1799 1800 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 1801 { 1802 u8 ret_offset = insn->ret_offset; 1803 struct cfi_state *cfi = &state->cfi; 1804 int i; 1805 1806 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 1807 return true; 1808 1809 if (cfi->cfa.offset != initial_func_cfi.cfa.offset + ret_offset) 1810 return true; 1811 1812 if (cfi->stack_size != initial_func_cfi.cfa.offset + ret_offset) 1813 return true; 1814 1815 /* 1816 * If there is a ret offset hint then don't check registers 1817 * because a callee-saved register might have been pushed on 1818 * the stack. 1819 */ 1820 if (ret_offset) 1821 return false; 1822 1823 for (i = 0; i < CFI_NUM_REGS; i++) { 1824 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 1825 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 1826 return true; 1827 } 1828 1829 return false; 1830 } 1831 1832 static bool has_valid_stack_frame(struct insn_state *state) 1833 { 1834 struct cfi_state *cfi = &state->cfi; 1835 1836 if (cfi->cfa.base == CFI_BP && cfi->regs[CFI_BP].base == CFI_CFA && 1837 cfi->regs[CFI_BP].offset == -16) 1838 return true; 1839 1840 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 1841 return true; 1842 1843 return false; 1844 } 1845 1846 static int update_cfi_state_regs(struct instruction *insn, 1847 struct cfi_state *cfi, 1848 struct stack_op *op) 1849 { 1850 struct cfi_reg *cfa = &cfi->cfa; 1851 1852 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 1853 return 0; 1854 1855 /* push */ 1856 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 1857 cfa->offset += 8; 1858 1859 /* pop */ 1860 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 1861 cfa->offset -= 8; 1862 1863 /* add immediate to sp */ 1864 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 1865 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 1866 cfa->offset -= op->src.offset; 1867 1868 return 0; 1869 } 1870 1871 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 1872 { 1873 if (arch_callee_saved_reg(reg) && 1874 cfi->regs[reg].base == CFI_UNDEFINED) { 1875 cfi->regs[reg].base = base; 1876 cfi->regs[reg].offset = offset; 1877 } 1878 } 1879 1880 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 1881 { 1882 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 1883 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 1884 } 1885 1886 /* 1887 * A note about DRAP stack alignment: 1888 * 1889 * GCC has the concept of a DRAP register, which is used to help keep track of 1890 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 1891 * register. The typical DRAP pattern is: 1892 * 1893 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 1894 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 1895 * 41 ff 72 f8 pushq -0x8(%r10) 1896 * 55 push %rbp 1897 * 48 89 e5 mov %rsp,%rbp 1898 * (more pushes) 1899 * 41 52 push %r10 1900 * ... 1901 * 41 5a pop %r10 1902 * (more pops) 1903 * 5d pop %rbp 1904 * 49 8d 62 f8 lea -0x8(%r10),%rsp 1905 * c3 retq 1906 * 1907 * There are some variations in the epilogues, like: 1908 * 1909 * 5b pop %rbx 1910 * 41 5a pop %r10 1911 * 41 5c pop %r12 1912 * 41 5d pop %r13 1913 * 41 5e pop %r14 1914 * c9 leaveq 1915 * 49 8d 62 f8 lea -0x8(%r10),%rsp 1916 * c3 retq 1917 * 1918 * and: 1919 * 1920 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 1921 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 1922 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 1923 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 1924 * c9 leaveq 1925 * 49 8d 62 f8 lea -0x8(%r10),%rsp 1926 * c3 retq 1927 * 1928 * Sometimes r13 is used as the DRAP register, in which case it's saved and 1929 * restored beforehand: 1930 * 1931 * 41 55 push %r13 1932 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 1933 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 1934 * ... 1935 * 49 8d 65 f0 lea -0x10(%r13),%rsp 1936 * 41 5d pop %r13 1937 * c3 retq 1938 */ 1939 static int update_cfi_state(struct instruction *insn, struct cfi_state *cfi, 1940 struct stack_op *op) 1941 { 1942 struct cfi_reg *cfa = &cfi->cfa; 1943 struct cfi_reg *regs = cfi->regs; 1944 1945 /* stack operations don't make sense with an undefined CFA */ 1946 if (cfa->base == CFI_UNDEFINED) { 1947 if (insn->func) { 1948 WARN_FUNC("undefined stack state", insn->sec, insn->offset); 1949 return -1; 1950 } 1951 return 0; 1952 } 1953 1954 if (cfi->type == ORC_TYPE_REGS || cfi->type == ORC_TYPE_REGS_IRET) 1955 return update_cfi_state_regs(insn, cfi, op); 1956 1957 switch (op->dest.type) { 1958 1959 case OP_DEST_REG: 1960 switch (op->src.type) { 1961 1962 case OP_SRC_REG: 1963 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 1964 cfa->base == CFI_SP && 1965 regs[CFI_BP].base == CFI_CFA && 1966 regs[CFI_BP].offset == -cfa->offset) { 1967 1968 /* mov %rsp, %rbp */ 1969 cfa->base = op->dest.reg; 1970 cfi->bp_scratch = false; 1971 } 1972 1973 else if (op->src.reg == CFI_SP && 1974 op->dest.reg == CFI_BP && cfi->drap) { 1975 1976 /* drap: mov %rsp, %rbp */ 1977 regs[CFI_BP].base = CFI_BP; 1978 regs[CFI_BP].offset = -cfi->stack_size; 1979 cfi->bp_scratch = false; 1980 } 1981 1982 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 1983 1984 /* 1985 * mov %rsp, %reg 1986 * 1987 * This is needed for the rare case where GCC 1988 * does: 1989 * 1990 * mov %rsp, %rax 1991 * ... 1992 * mov %rax, %rsp 1993 */ 1994 cfi->vals[op->dest.reg].base = CFI_CFA; 1995 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 1996 } 1997 1998 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 1999 cfa->base == CFI_BP) { 2000 2001 /* 2002 * mov %rbp, %rsp 2003 * 2004 * Restore the original stack pointer (Clang). 2005 */ 2006 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2007 } 2008 2009 else if (op->dest.reg == cfa->base) { 2010 2011 /* mov %reg, %rsp */ 2012 if (cfa->base == CFI_SP && 2013 cfi->vals[op->src.reg].base == CFI_CFA) { 2014 2015 /* 2016 * This is needed for the rare case 2017 * where GCC does something dumb like: 2018 * 2019 * lea 0x8(%rsp), %rcx 2020 * ... 2021 * mov %rcx, %rsp 2022 */ 2023 cfa->offset = -cfi->vals[op->src.reg].offset; 2024 cfi->stack_size = cfa->offset; 2025 2026 } else { 2027 cfa->base = CFI_UNDEFINED; 2028 cfa->offset = 0; 2029 } 2030 } 2031 2032 break; 2033 2034 case OP_SRC_ADD: 2035 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2036 2037 /* add imm, %rsp */ 2038 cfi->stack_size -= op->src.offset; 2039 if (cfa->base == CFI_SP) 2040 cfa->offset -= op->src.offset; 2041 break; 2042 } 2043 2044 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2045 2046 /* lea disp(%rbp), %rsp */ 2047 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2048 break; 2049 } 2050 2051 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2052 2053 /* drap: lea disp(%rsp), %drap */ 2054 cfi->drap_reg = op->dest.reg; 2055 2056 /* 2057 * lea disp(%rsp), %reg 2058 * 2059 * This is needed for the rare case where GCC 2060 * does something dumb like: 2061 * 2062 * lea 0x8(%rsp), %rcx 2063 * ... 2064 * mov %rcx, %rsp 2065 */ 2066 cfi->vals[op->dest.reg].base = CFI_CFA; 2067 cfi->vals[op->dest.reg].offset = \ 2068 -cfi->stack_size + op->src.offset; 2069 2070 break; 2071 } 2072 2073 if (cfi->drap && op->dest.reg == CFI_SP && 2074 op->src.reg == cfi->drap_reg) { 2075 2076 /* drap: lea disp(%drap), %rsp */ 2077 cfa->base = CFI_SP; 2078 cfa->offset = cfi->stack_size = -op->src.offset; 2079 cfi->drap_reg = CFI_UNDEFINED; 2080 cfi->drap = false; 2081 break; 2082 } 2083 2084 if (op->dest.reg == cfi->cfa.base) { 2085 WARN_FUNC("unsupported stack register modification", 2086 insn->sec, insn->offset); 2087 return -1; 2088 } 2089 2090 break; 2091 2092 case OP_SRC_AND: 2093 if (op->dest.reg != CFI_SP || 2094 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 2095 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 2096 WARN_FUNC("unsupported stack pointer realignment", 2097 insn->sec, insn->offset); 2098 return -1; 2099 } 2100 2101 if (cfi->drap_reg != CFI_UNDEFINED) { 2102 /* drap: and imm, %rsp */ 2103 cfa->base = cfi->drap_reg; 2104 cfa->offset = cfi->stack_size = 0; 2105 cfi->drap = true; 2106 } 2107 2108 /* 2109 * Older versions of GCC (4.8ish) realign the stack 2110 * without DRAP, with a frame pointer. 2111 */ 2112 2113 break; 2114 2115 case OP_SRC_POP: 2116 case OP_SRC_POPF: 2117 if (!cfi->drap && op->dest.reg == cfa->base) { 2118 2119 /* pop %rbp */ 2120 cfa->base = CFI_SP; 2121 } 2122 2123 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 2124 op->dest.reg == cfi->drap_reg && 2125 cfi->drap_offset == -cfi->stack_size) { 2126 2127 /* drap: pop %drap */ 2128 cfa->base = cfi->drap_reg; 2129 cfa->offset = 0; 2130 cfi->drap_offset = -1; 2131 2132 } else if (regs[op->dest.reg].offset == -cfi->stack_size) { 2133 2134 /* pop %reg */ 2135 restore_reg(cfi, op->dest.reg); 2136 } 2137 2138 cfi->stack_size -= 8; 2139 if (cfa->base == CFI_SP) 2140 cfa->offset -= 8; 2141 2142 break; 2143 2144 case OP_SRC_REG_INDIRECT: 2145 if (cfi->drap && op->src.reg == CFI_BP && 2146 op->src.offset == cfi->drap_offset) { 2147 2148 /* drap: mov disp(%rbp), %drap */ 2149 cfa->base = cfi->drap_reg; 2150 cfa->offset = 0; 2151 cfi->drap_offset = -1; 2152 } 2153 2154 if (cfi->drap && op->src.reg == CFI_BP && 2155 op->src.offset == regs[op->dest.reg].offset) { 2156 2157 /* drap: mov disp(%rbp), %reg */ 2158 restore_reg(cfi, op->dest.reg); 2159 2160 } else if (op->src.reg == cfa->base && 2161 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 2162 2163 /* mov disp(%rbp), %reg */ 2164 /* mov disp(%rsp), %reg */ 2165 restore_reg(cfi, op->dest.reg); 2166 } 2167 2168 break; 2169 2170 default: 2171 WARN_FUNC("unknown stack-related instruction", 2172 insn->sec, insn->offset); 2173 return -1; 2174 } 2175 2176 break; 2177 2178 case OP_DEST_PUSH: 2179 case OP_DEST_PUSHF: 2180 cfi->stack_size += 8; 2181 if (cfa->base == CFI_SP) 2182 cfa->offset += 8; 2183 2184 if (op->src.type != OP_SRC_REG) 2185 break; 2186 2187 if (cfi->drap) { 2188 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 2189 2190 /* drap: push %drap */ 2191 cfa->base = CFI_BP_INDIRECT; 2192 cfa->offset = -cfi->stack_size; 2193 2194 /* save drap so we know when to restore it */ 2195 cfi->drap_offset = -cfi->stack_size; 2196 2197 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 2198 2199 /* drap: push %rbp */ 2200 cfi->stack_size = 0; 2201 2202 } else if (regs[op->src.reg].base == CFI_UNDEFINED) { 2203 2204 /* drap: push %reg */ 2205 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 2206 } 2207 2208 } else { 2209 2210 /* push %reg */ 2211 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 2212 } 2213 2214 /* detect when asm code uses rbp as a scratch register */ 2215 if (!no_fp && insn->func && op->src.reg == CFI_BP && 2216 cfa->base != CFI_BP) 2217 cfi->bp_scratch = true; 2218 break; 2219 2220 case OP_DEST_REG_INDIRECT: 2221 2222 if (cfi->drap) { 2223 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 2224 2225 /* drap: mov %drap, disp(%rbp) */ 2226 cfa->base = CFI_BP_INDIRECT; 2227 cfa->offset = op->dest.offset; 2228 2229 /* save drap offset so we know when to restore it */ 2230 cfi->drap_offset = op->dest.offset; 2231 } 2232 2233 else if (regs[op->src.reg].base == CFI_UNDEFINED) { 2234 2235 /* drap: mov reg, disp(%rbp) */ 2236 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 2237 } 2238 2239 } else if (op->dest.reg == cfa->base) { 2240 2241 /* mov reg, disp(%rbp) */ 2242 /* mov reg, disp(%rsp) */ 2243 save_reg(cfi, op->src.reg, CFI_CFA, 2244 op->dest.offset - cfi->cfa.offset); 2245 } 2246 2247 break; 2248 2249 case OP_DEST_LEAVE: 2250 if ((!cfi->drap && cfa->base != CFI_BP) || 2251 (cfi->drap && cfa->base != cfi->drap_reg)) { 2252 WARN_FUNC("leave instruction with modified stack frame", 2253 insn->sec, insn->offset); 2254 return -1; 2255 } 2256 2257 /* leave (mov %rbp, %rsp; pop %rbp) */ 2258 2259 cfi->stack_size = -cfi->regs[CFI_BP].offset - 8; 2260 restore_reg(cfi, CFI_BP); 2261 2262 if (!cfi->drap) { 2263 cfa->base = CFI_SP; 2264 cfa->offset -= 8; 2265 } 2266 2267 break; 2268 2269 case OP_DEST_MEM: 2270 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 2271 WARN_FUNC("unknown stack-related memory operation", 2272 insn->sec, insn->offset); 2273 return -1; 2274 } 2275 2276 /* pop mem */ 2277 cfi->stack_size -= 8; 2278 if (cfa->base == CFI_SP) 2279 cfa->offset -= 8; 2280 2281 break; 2282 2283 default: 2284 WARN_FUNC("unknown stack-related instruction", 2285 insn->sec, insn->offset); 2286 return -1; 2287 } 2288 2289 return 0; 2290 } 2291 2292 static int handle_insn_ops(struct instruction *insn, struct insn_state *state) 2293 { 2294 struct stack_op *op; 2295 2296 list_for_each_entry(op, &insn->stack_ops, list) { 2297 struct cfi_state old_cfi = state->cfi; 2298 int res; 2299 2300 res = update_cfi_state(insn, &state->cfi, op); 2301 if (res) 2302 return res; 2303 2304 if (insn->alt_group && memcmp(&state->cfi, &old_cfi, sizeof(struct cfi_state))) { 2305 WARN_FUNC("alternative modifies stack", insn->sec, insn->offset); 2306 return -1; 2307 } 2308 2309 if (op->dest.type == OP_DEST_PUSHF) { 2310 if (!state->uaccess_stack) { 2311 state->uaccess_stack = 1; 2312 } else if (state->uaccess_stack >> 31) { 2313 WARN_FUNC("PUSHF stack exhausted", 2314 insn->sec, insn->offset); 2315 return 1; 2316 } 2317 state->uaccess_stack <<= 1; 2318 state->uaccess_stack |= state->uaccess; 2319 } 2320 2321 if (op->src.type == OP_SRC_POPF) { 2322 if (state->uaccess_stack) { 2323 state->uaccess = state->uaccess_stack & 1; 2324 state->uaccess_stack >>= 1; 2325 if (state->uaccess_stack == 1) 2326 state->uaccess_stack = 0; 2327 } 2328 } 2329 } 2330 2331 return 0; 2332 } 2333 2334 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 2335 { 2336 struct cfi_state *cfi1 = &insn->cfi; 2337 int i; 2338 2339 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 2340 2341 WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 2342 insn->sec, insn->offset, 2343 cfi1->cfa.base, cfi1->cfa.offset, 2344 cfi2->cfa.base, cfi2->cfa.offset); 2345 2346 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 2347 for (i = 0; i < CFI_NUM_REGS; i++) { 2348 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], 2349 sizeof(struct cfi_reg))) 2350 continue; 2351 2352 WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 2353 insn->sec, insn->offset, 2354 i, cfi1->regs[i].base, cfi1->regs[i].offset, 2355 i, cfi2->regs[i].base, cfi2->regs[i].offset); 2356 break; 2357 } 2358 2359 } else if (cfi1->type != cfi2->type) { 2360 2361 WARN_FUNC("stack state mismatch: type1=%d type2=%d", 2362 insn->sec, insn->offset, cfi1->type, cfi2->type); 2363 2364 } else if (cfi1->drap != cfi2->drap || 2365 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 2366 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 2367 2368 WARN_FUNC("stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 2369 insn->sec, insn->offset, 2370 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 2371 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 2372 2373 } else 2374 return true; 2375 2376 return false; 2377 } 2378 2379 static inline bool func_uaccess_safe(struct symbol *func) 2380 { 2381 if (func) 2382 return func->uaccess_safe; 2383 2384 return false; 2385 } 2386 2387 static inline const char *call_dest_name(struct instruction *insn) 2388 { 2389 if (insn->call_dest) 2390 return insn->call_dest->name; 2391 2392 return "{dynamic}"; 2393 } 2394 2395 static inline bool noinstr_call_dest(struct symbol *func) 2396 { 2397 /* 2398 * We can't deal with indirect function calls at present; 2399 * assume they're instrumented. 2400 */ 2401 if (!func) 2402 return false; 2403 2404 /* 2405 * If the symbol is from a noinstr section; we good. 2406 */ 2407 if (func->sec->noinstr) 2408 return true; 2409 2410 /* 2411 * The __ubsan_handle_*() calls are like WARN(), they only happen when 2412 * something 'BAD' happened. At the risk of taking the machine down, 2413 * let them proceed to get the message out. 2414 */ 2415 if (!strncmp(func->name, "__ubsan_handle_", 15)) 2416 return true; 2417 2418 return false; 2419 } 2420 2421 static int validate_call(struct instruction *insn, struct insn_state *state) 2422 { 2423 if (state->noinstr && state->instr <= 0 && 2424 !noinstr_call_dest(insn->call_dest)) { 2425 WARN_FUNC("call to %s() leaves .noinstr.text section", 2426 insn->sec, insn->offset, call_dest_name(insn)); 2427 return 1; 2428 } 2429 2430 if (state->uaccess && !func_uaccess_safe(insn->call_dest)) { 2431 WARN_FUNC("call to %s() with UACCESS enabled", 2432 insn->sec, insn->offset, call_dest_name(insn)); 2433 return 1; 2434 } 2435 2436 if (state->df) { 2437 WARN_FUNC("call to %s() with DF set", 2438 insn->sec, insn->offset, call_dest_name(insn)); 2439 return 1; 2440 } 2441 2442 return 0; 2443 } 2444 2445 static int validate_sibling_call(struct instruction *insn, struct insn_state *state) 2446 { 2447 if (has_modified_stack_frame(insn, state)) { 2448 WARN_FUNC("sibling call from callable instruction with modified stack frame", 2449 insn->sec, insn->offset); 2450 return 1; 2451 } 2452 2453 return validate_call(insn, state); 2454 } 2455 2456 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 2457 { 2458 if (state->noinstr && state->instr > 0) { 2459 WARN_FUNC("return with instrumentation enabled", 2460 insn->sec, insn->offset); 2461 return 1; 2462 } 2463 2464 if (state->uaccess && !func_uaccess_safe(func)) { 2465 WARN_FUNC("return with UACCESS enabled", 2466 insn->sec, insn->offset); 2467 return 1; 2468 } 2469 2470 if (!state->uaccess && func_uaccess_safe(func)) { 2471 WARN_FUNC("return with UACCESS disabled from a UACCESS-safe function", 2472 insn->sec, insn->offset); 2473 return 1; 2474 } 2475 2476 if (state->df) { 2477 WARN_FUNC("return with DF set", 2478 insn->sec, insn->offset); 2479 return 1; 2480 } 2481 2482 if (func && has_modified_stack_frame(insn, state)) { 2483 WARN_FUNC("return with modified stack frame", 2484 insn->sec, insn->offset); 2485 return 1; 2486 } 2487 2488 if (state->cfi.bp_scratch) { 2489 WARN_FUNC("BP used as a scratch register", 2490 insn->sec, insn->offset); 2491 return 1; 2492 } 2493 2494 return 0; 2495 } 2496 2497 /* 2498 * Alternatives should not contain any ORC entries, this in turn means they 2499 * should not contain any CFI ops, which implies all instructions should have 2500 * the same same CFI state. 2501 * 2502 * It is possible to constuct alternatives that have unreachable holes that go 2503 * unreported (because they're NOPs), such holes would result in CFI_UNDEFINED 2504 * states which then results in ORC entries, which we just said we didn't want. 2505 * 2506 * Avoid them by copying the CFI entry of the first instruction into the whole 2507 * alternative. 2508 */ 2509 static void fill_alternative_cfi(struct objtool_file *file, struct instruction *insn) 2510 { 2511 struct instruction *first_insn = insn; 2512 int alt_group = insn->alt_group; 2513 2514 sec_for_each_insn_continue(file, insn) { 2515 if (insn->alt_group != alt_group) 2516 break; 2517 insn->cfi = first_insn->cfi; 2518 } 2519 } 2520 2521 /* 2522 * Follow the branch starting at the given instruction, and recursively follow 2523 * any other branches (jumps). Meanwhile, track the frame pointer state at 2524 * each instruction and validate all the rules described in 2525 * tools/objtool/Documentation/stack-validation.txt. 2526 */ 2527 static int validate_branch(struct objtool_file *file, struct symbol *func, 2528 struct instruction *insn, struct insn_state state) 2529 { 2530 struct alternative *alt; 2531 struct instruction *next_insn; 2532 struct section *sec; 2533 u8 visited; 2534 int ret; 2535 2536 sec = insn->sec; 2537 2538 while (1) { 2539 next_insn = next_insn_same_sec(file, insn); 2540 2541 if (file->c_file && func && insn->func && func != insn->func->pfunc) { 2542 WARN("%s() falls through to next function %s()", 2543 func->name, insn->func->name); 2544 return 1; 2545 } 2546 2547 if (func && insn->ignore) { 2548 WARN_FUNC("BUG: why am I validating an ignored function?", 2549 sec, insn->offset); 2550 return 1; 2551 } 2552 2553 visited = 1 << state.uaccess; 2554 if (insn->visited) { 2555 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 2556 return 1; 2557 2558 if (insn->visited & visited) 2559 return 0; 2560 } 2561 2562 if (state.noinstr) 2563 state.instr += insn->instr; 2564 2565 if (insn->hint) 2566 state.cfi = insn->cfi; 2567 else 2568 insn->cfi = state.cfi; 2569 2570 insn->visited |= visited; 2571 2572 if (!insn->ignore_alts && !list_empty(&insn->alts)) { 2573 bool skip_orig = false; 2574 2575 list_for_each_entry(alt, &insn->alts, list) { 2576 if (alt->skip_orig) 2577 skip_orig = true; 2578 2579 ret = validate_branch(file, func, alt->insn, state); 2580 if (ret) { 2581 if (backtrace) 2582 BT_FUNC("(alt)", insn); 2583 return ret; 2584 } 2585 } 2586 2587 if (insn->alt_group) 2588 fill_alternative_cfi(file, insn); 2589 2590 if (skip_orig) 2591 return 0; 2592 } 2593 2594 if (handle_insn_ops(insn, &state)) 2595 return 1; 2596 2597 switch (insn->type) { 2598 2599 case INSN_RETURN: 2600 return validate_return(func, insn, &state); 2601 2602 case INSN_CALL: 2603 case INSN_CALL_DYNAMIC: 2604 ret = validate_call(insn, &state); 2605 if (ret) 2606 return ret; 2607 2608 if (!no_fp && func && !is_fentry_call(insn) && 2609 !has_valid_stack_frame(&state)) { 2610 WARN_FUNC("call without frame pointer save/setup", 2611 sec, insn->offset); 2612 return 1; 2613 } 2614 2615 if (dead_end_function(file, insn->call_dest)) 2616 return 0; 2617 2618 if (insn->type == INSN_CALL && insn->call_dest->static_call_tramp) { 2619 list_add_tail(&insn->static_call_node, 2620 &file->static_call_list); 2621 } 2622 2623 break; 2624 2625 case INSN_JUMP_CONDITIONAL: 2626 case INSN_JUMP_UNCONDITIONAL: 2627 if (func && is_sibling_call(insn)) { 2628 ret = validate_sibling_call(insn, &state); 2629 if (ret) 2630 return ret; 2631 2632 } else if (insn->jump_dest) { 2633 ret = validate_branch(file, func, 2634 insn->jump_dest, state); 2635 if (ret) { 2636 if (backtrace) 2637 BT_FUNC("(branch)", insn); 2638 return ret; 2639 } 2640 } 2641 2642 if (insn->type == INSN_JUMP_UNCONDITIONAL) 2643 return 0; 2644 2645 break; 2646 2647 case INSN_JUMP_DYNAMIC: 2648 case INSN_JUMP_DYNAMIC_CONDITIONAL: 2649 if (func && is_sibling_call(insn)) { 2650 ret = validate_sibling_call(insn, &state); 2651 if (ret) 2652 return ret; 2653 } 2654 2655 if (insn->type == INSN_JUMP_DYNAMIC) 2656 return 0; 2657 2658 break; 2659 2660 case INSN_CONTEXT_SWITCH: 2661 if (func && (!next_insn || !next_insn->hint)) { 2662 WARN_FUNC("unsupported instruction in callable function", 2663 sec, insn->offset); 2664 return 1; 2665 } 2666 return 0; 2667 2668 case INSN_STAC: 2669 if (state.uaccess) { 2670 WARN_FUNC("recursive UACCESS enable", sec, insn->offset); 2671 return 1; 2672 } 2673 2674 state.uaccess = true; 2675 break; 2676 2677 case INSN_CLAC: 2678 if (!state.uaccess && func) { 2679 WARN_FUNC("redundant UACCESS disable", sec, insn->offset); 2680 return 1; 2681 } 2682 2683 if (func_uaccess_safe(func) && !state.uaccess_stack) { 2684 WARN_FUNC("UACCESS-safe disables UACCESS", sec, insn->offset); 2685 return 1; 2686 } 2687 2688 state.uaccess = false; 2689 break; 2690 2691 case INSN_STD: 2692 if (state.df) 2693 WARN_FUNC("recursive STD", sec, insn->offset); 2694 2695 state.df = true; 2696 break; 2697 2698 case INSN_CLD: 2699 if (!state.df && func) 2700 WARN_FUNC("redundant CLD", sec, insn->offset); 2701 2702 state.df = false; 2703 break; 2704 2705 default: 2706 break; 2707 } 2708 2709 if (insn->dead_end) 2710 return 0; 2711 2712 if (!next_insn) { 2713 if (state.cfi.cfa.base == CFI_UNDEFINED) 2714 return 0; 2715 WARN("%s: unexpected end of section", sec->name); 2716 return 1; 2717 } 2718 2719 insn = next_insn; 2720 } 2721 2722 return 0; 2723 } 2724 2725 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 2726 { 2727 struct instruction *insn; 2728 struct insn_state state; 2729 int ret, warnings = 0; 2730 2731 if (!file->hints) 2732 return 0; 2733 2734 init_insn_state(&state, sec); 2735 2736 if (sec) { 2737 insn = find_insn(file, sec, 0); 2738 if (!insn) 2739 return 0; 2740 } else { 2741 insn = list_first_entry(&file->insn_list, typeof(*insn), list); 2742 } 2743 2744 while (&insn->list != &file->insn_list && (!sec || insn->sec == sec)) { 2745 if (insn->hint && !insn->visited) { 2746 ret = validate_branch(file, insn->func, insn, state); 2747 if (ret && backtrace) 2748 BT_FUNC("<=== (hint)", insn); 2749 warnings += ret; 2750 } 2751 2752 insn = list_next_entry(insn, list); 2753 } 2754 2755 return warnings; 2756 } 2757 2758 static int validate_retpoline(struct objtool_file *file) 2759 { 2760 struct instruction *insn; 2761 int warnings = 0; 2762 2763 for_each_insn(file, insn) { 2764 if (insn->type != INSN_JUMP_DYNAMIC && 2765 insn->type != INSN_CALL_DYNAMIC) 2766 continue; 2767 2768 if (insn->retpoline_safe) 2769 continue; 2770 2771 /* 2772 * .init.text code is ran before userspace and thus doesn't 2773 * strictly need retpolines, except for modules which are 2774 * loaded late, they very much do need retpoline in their 2775 * .init.text 2776 */ 2777 if (!strcmp(insn->sec->name, ".init.text") && !module) 2778 continue; 2779 2780 WARN_FUNC("indirect %s found in RETPOLINE build", 2781 insn->sec, insn->offset, 2782 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 2783 2784 warnings++; 2785 } 2786 2787 return warnings; 2788 } 2789 2790 static bool is_kasan_insn(struct instruction *insn) 2791 { 2792 return (insn->type == INSN_CALL && 2793 !strcmp(insn->call_dest->name, "__asan_handle_no_return")); 2794 } 2795 2796 static bool is_ubsan_insn(struct instruction *insn) 2797 { 2798 return (insn->type == INSN_CALL && 2799 !strcmp(insn->call_dest->name, 2800 "__ubsan_handle_builtin_unreachable")); 2801 } 2802 2803 static bool ignore_unreachable_insn(struct instruction *insn) 2804 { 2805 int i; 2806 2807 if (insn->ignore || insn->type == INSN_NOP) 2808 return true; 2809 2810 /* 2811 * Ignore any unused exceptions. This can happen when a whitelisted 2812 * function has an exception table entry. 2813 * 2814 * Also ignore alternative replacement instructions. This can happen 2815 * when a whitelisted function uses one of the ALTERNATIVE macros. 2816 */ 2817 if (!strcmp(insn->sec->name, ".fixup") || 2818 !strcmp(insn->sec->name, ".altinstr_replacement") || 2819 !strcmp(insn->sec->name, ".altinstr_aux")) 2820 return true; 2821 2822 if (!insn->func) 2823 return false; 2824 2825 /* 2826 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 2827 * __builtin_unreachable(). The BUG() macro has an unreachable() after 2828 * the UD2, which causes GCC's undefined trap logic to emit another UD2 2829 * (or occasionally a JMP to UD2). 2830 */ 2831 if (list_prev_entry(insn, list)->dead_end && 2832 (insn->type == INSN_BUG || 2833 (insn->type == INSN_JUMP_UNCONDITIONAL && 2834 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 2835 return true; 2836 2837 /* 2838 * Check if this (or a subsequent) instruction is related to 2839 * CONFIG_UBSAN or CONFIG_KASAN. 2840 * 2841 * End the search at 5 instructions to avoid going into the weeds. 2842 */ 2843 for (i = 0; i < 5; i++) { 2844 2845 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 2846 return true; 2847 2848 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 2849 if (insn->jump_dest && 2850 insn->jump_dest->func == insn->func) { 2851 insn = insn->jump_dest; 2852 continue; 2853 } 2854 2855 break; 2856 } 2857 2858 if (insn->offset + insn->len >= insn->func->offset + insn->func->len) 2859 break; 2860 2861 insn = list_next_entry(insn, list); 2862 } 2863 2864 return false; 2865 } 2866 2867 static int validate_symbol(struct objtool_file *file, struct section *sec, 2868 struct symbol *sym, struct insn_state *state) 2869 { 2870 struct instruction *insn; 2871 int ret; 2872 2873 if (!sym->len) { 2874 WARN("%s() is missing an ELF size annotation", sym->name); 2875 return 1; 2876 } 2877 2878 if (sym->pfunc != sym || sym->alias != sym) 2879 return 0; 2880 2881 insn = find_insn(file, sec, sym->offset); 2882 if (!insn || insn->ignore || insn->visited) 2883 return 0; 2884 2885 state->uaccess = sym->uaccess_safe; 2886 2887 ret = validate_branch(file, insn->func, insn, *state); 2888 if (ret && backtrace) 2889 BT_FUNC("<=== (sym)", insn); 2890 return ret; 2891 } 2892 2893 static int validate_section(struct objtool_file *file, struct section *sec) 2894 { 2895 struct insn_state state; 2896 struct symbol *func; 2897 int warnings = 0; 2898 2899 list_for_each_entry(func, &sec->symbol_list, list) { 2900 if (func->type != STT_FUNC) 2901 continue; 2902 2903 init_insn_state(&state, sec); 2904 state.cfi.cfa = initial_func_cfi.cfa; 2905 memcpy(&state.cfi.regs, &initial_func_cfi.regs, 2906 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2907 state.cfi.stack_size = initial_func_cfi.cfa.offset; 2908 2909 warnings += validate_symbol(file, sec, func, &state); 2910 } 2911 2912 return warnings; 2913 } 2914 2915 static int validate_vmlinux_functions(struct objtool_file *file) 2916 { 2917 struct section *sec; 2918 int warnings = 0; 2919 2920 sec = find_section_by_name(file->elf, ".noinstr.text"); 2921 if (sec) { 2922 warnings += validate_section(file, sec); 2923 warnings += validate_unwind_hints(file, sec); 2924 } 2925 2926 sec = find_section_by_name(file->elf, ".entry.text"); 2927 if (sec) { 2928 warnings += validate_section(file, sec); 2929 warnings += validate_unwind_hints(file, sec); 2930 } 2931 2932 return warnings; 2933 } 2934 2935 static int validate_functions(struct objtool_file *file) 2936 { 2937 struct section *sec; 2938 int warnings = 0; 2939 2940 for_each_sec(file, sec) { 2941 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 2942 continue; 2943 2944 warnings += validate_section(file, sec); 2945 } 2946 2947 return warnings; 2948 } 2949 2950 static int validate_reachable_instructions(struct objtool_file *file) 2951 { 2952 struct instruction *insn; 2953 2954 if (file->ignore_unreachables) 2955 return 0; 2956 2957 for_each_insn(file, insn) { 2958 if (insn->visited || ignore_unreachable_insn(insn)) 2959 continue; 2960 2961 WARN_FUNC("unreachable instruction", insn->sec, insn->offset); 2962 return 1; 2963 } 2964 2965 return 0; 2966 } 2967 2968 static struct objtool_file file; 2969 2970 int check(const char *_objname, bool orc) 2971 { 2972 int ret, warnings = 0; 2973 2974 objname = _objname; 2975 2976 file.elf = elf_open_read(objname, O_RDWR); 2977 if (!file.elf) 2978 return 1; 2979 2980 INIT_LIST_HEAD(&file.insn_list); 2981 hash_init(file.insn_hash); 2982 INIT_LIST_HEAD(&file.static_call_list); 2983 file.c_file = !vmlinux && find_section_by_name(file.elf, ".comment"); 2984 file.ignore_unreachables = no_unreachable; 2985 file.hints = false; 2986 2987 arch_initial_func_cfi_state(&initial_func_cfi); 2988 2989 ret = decode_sections(&file); 2990 if (ret < 0) 2991 goto out; 2992 warnings += ret; 2993 2994 if (list_empty(&file.insn_list)) 2995 goto out; 2996 2997 if (vmlinux && !validate_dup) { 2998 ret = validate_vmlinux_functions(&file); 2999 if (ret < 0) 3000 goto out; 3001 3002 warnings += ret; 3003 goto out; 3004 } 3005 3006 if (retpoline) { 3007 ret = validate_retpoline(&file); 3008 if (ret < 0) 3009 return ret; 3010 warnings += ret; 3011 } 3012 3013 ret = validate_functions(&file); 3014 if (ret < 0) 3015 goto out; 3016 warnings += ret; 3017 3018 ret = validate_unwind_hints(&file, NULL); 3019 if (ret < 0) 3020 goto out; 3021 warnings += ret; 3022 3023 if (!warnings) { 3024 ret = validate_reachable_instructions(&file); 3025 if (ret < 0) 3026 goto out; 3027 warnings += ret; 3028 } 3029 3030 ret = create_static_call_sections(&file); 3031 if (ret < 0) 3032 goto out; 3033 warnings += ret; 3034 3035 if (orc) { 3036 ret = create_orc(&file); 3037 if (ret < 0) 3038 goto out; 3039 3040 ret = create_orc_sections(&file); 3041 if (ret < 0) 3042 goto out; 3043 } 3044 3045 if (file.elf->changed) { 3046 ret = elf_write(file.elf); 3047 if (ret < 0) 3048 goto out; 3049 } 3050 3051 out: 3052 if (ret < 0) { 3053 /* 3054 * Fatal error. The binary is corrupt or otherwise broken in 3055 * some way, or objtool itself is broken. Fail the kernel 3056 * build. 3057 */ 3058 return ret; 3059 } 3060 3061 return 0; 3062 } 3063