1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 #include <inttypes.h> 9 #include <sys/mman.h> 10 11 #include <arch/elf.h> 12 #include <objtool/builtin.h> 13 #include <objtool/cfi.h> 14 #include <objtool/arch.h> 15 #include <objtool/check.h> 16 #include <objtool/special.h> 17 #include <objtool/warn.h> 18 #include <objtool/endianness.h> 19 20 #include <linux/objtool_types.h> 21 #include <linux/hashtable.h> 22 #include <linux/kernel.h> 23 #include <linux/static_call_types.h> 24 25 struct alternative { 26 struct alternative *next; 27 struct instruction *insn; 28 bool skip_orig; 29 }; 30 31 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 32 33 static struct cfi_init_state initial_func_cfi; 34 static struct cfi_state init_cfi; 35 static struct cfi_state func_cfi; 36 37 struct instruction *find_insn(struct objtool_file *file, 38 struct section *sec, unsigned long offset) 39 { 40 struct instruction *insn; 41 42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 43 if (insn->sec == sec && insn->offset == offset) 44 return insn; 45 } 46 47 return NULL; 48 } 49 50 struct instruction *next_insn_same_sec(struct objtool_file *file, 51 struct instruction *insn) 52 { 53 if (insn->idx == INSN_CHUNK_MAX) 54 return find_insn(file, insn->sec, insn->offset + insn->len); 55 56 insn++; 57 if (!insn->len) 58 return NULL; 59 60 return insn; 61 } 62 63 static struct instruction *next_insn_same_func(struct objtool_file *file, 64 struct instruction *insn) 65 { 66 struct instruction *next = next_insn_same_sec(file, insn); 67 struct symbol *func = insn_func(insn); 68 69 if (!func) 70 return NULL; 71 72 if (next && insn_func(next) == func) 73 return next; 74 75 /* Check if we're already in the subfunction: */ 76 if (func == func->cfunc) 77 return NULL; 78 79 /* Move to the subfunction: */ 80 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 81 } 82 83 static struct instruction *prev_insn_same_sec(struct objtool_file *file, 84 struct instruction *insn) 85 { 86 if (insn->idx == 0) { 87 if (insn->prev_len) 88 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 89 return NULL; 90 } 91 92 return insn - 1; 93 } 94 95 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 96 struct instruction *insn) 97 { 98 struct instruction *prev = prev_insn_same_sec(file, insn); 99 100 if (prev && insn_func(prev) == insn_func(insn)) 101 return prev; 102 103 return NULL; 104 } 105 106 #define for_each_insn(file, insn) \ 107 for (struct section *__sec, *__fake = (struct section *)1; \ 108 __fake; __fake = NULL) \ 109 for_each_sec(file, __sec) \ 110 sec_for_each_insn(file, __sec, insn) 111 112 #define func_for_each_insn(file, func, insn) \ 113 for (insn = find_insn(file, func->sec, func->offset); \ 114 insn; \ 115 insn = next_insn_same_func(file, insn)) 116 117 #define sym_for_each_insn(file, sym, insn) \ 118 for (insn = find_insn(file, sym->sec, sym->offset); \ 119 insn && insn->offset < sym->offset + sym->len; \ 120 insn = next_insn_same_sec(file, insn)) 121 122 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 123 for (insn = prev_insn_same_sec(file, insn); \ 124 insn && insn->offset >= sym->offset; \ 125 insn = prev_insn_same_sec(file, insn)) 126 127 #define sec_for_each_insn_from(file, insn) \ 128 for (; insn; insn = next_insn_same_sec(file, insn)) 129 130 #define sec_for_each_insn_continue(file, insn) \ 131 for (insn = next_insn_same_sec(file, insn); insn; \ 132 insn = next_insn_same_sec(file, insn)) 133 134 static inline struct symbol *insn_call_dest(struct instruction *insn) 135 { 136 if (insn->type == INSN_JUMP_DYNAMIC || 137 insn->type == INSN_CALL_DYNAMIC) 138 return NULL; 139 140 return insn->_call_dest; 141 } 142 143 static inline struct reloc *insn_jump_table(struct instruction *insn) 144 { 145 if (insn->type == INSN_JUMP_DYNAMIC || 146 insn->type == INSN_CALL_DYNAMIC) 147 return insn->_jump_table; 148 149 return NULL; 150 } 151 152 static bool is_jump_table_jump(struct instruction *insn) 153 { 154 struct alt_group *alt_group = insn->alt_group; 155 156 if (insn_jump_table(insn)) 157 return true; 158 159 /* Retpoline alternative for a jump table? */ 160 return alt_group && alt_group->orig_group && 161 insn_jump_table(alt_group->orig_group->first_insn); 162 } 163 164 static bool is_sibling_call(struct instruction *insn) 165 { 166 /* 167 * Assume only STT_FUNC calls have jump-tables. 168 */ 169 if (insn_func(insn)) { 170 /* An indirect jump is either a sibling call or a jump to a table. */ 171 if (insn->type == INSN_JUMP_DYNAMIC) 172 return !is_jump_table_jump(insn); 173 } 174 175 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 176 return (is_static_jump(insn) && insn_call_dest(insn)); 177 } 178 179 /* 180 * This checks to see if the given function is a "noreturn" function. 181 * 182 * For global functions which are outside the scope of this object file, we 183 * have to keep a manual list of them. 184 * 185 * For local functions, we have to detect them manually by simply looking for 186 * the lack of a return instruction. 187 */ 188 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 189 int recursion) 190 { 191 int i; 192 struct instruction *insn; 193 bool empty = true; 194 195 /* 196 * Unfortunately these have to be hard coded because the noreturn 197 * attribute isn't provided in ELF data. Keep 'em sorted. 198 */ 199 static const char * const global_noreturns[] = { 200 "__invalid_creds", 201 "__module_put_and_kthread_exit", 202 "__reiserfs_panic", 203 "__stack_chk_fail", 204 "__ubsan_handle_builtin_unreachable", 205 "arch_call_rest_init", 206 "arch_cpu_idle_dead", 207 "btrfs_assertfail", 208 "cpu_bringup_and_idle", 209 "cpu_startup_entry", 210 "do_exit", 211 "do_group_exit", 212 "do_task_dead", 213 "ex_handler_msr_mce", 214 "fortify_panic", 215 "hlt_play_dead", 216 "hv_ghcb_terminate", 217 "kthread_complete_and_exit", 218 "kthread_exit", 219 "kunit_try_catch_throw", 220 "machine_real_restart", 221 "make_task_dead", 222 "mpt_halt_firmware", 223 "nmi_panic_self_stop", 224 "panic", 225 "panic_smp_self_stop", 226 "rest_init", 227 "rewind_stack_and_make_dead", 228 "sev_es_terminate", 229 "snp_abort", 230 "start_kernel", 231 "stop_this_cpu", 232 "usercopy_abort", 233 "x86_64_start_kernel", 234 "x86_64_start_reservations", 235 "xen_cpu_bringup_again", 236 "xen_start_kernel", 237 }; 238 239 if (!func) 240 return false; 241 242 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) 243 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 244 if (!strcmp(func->name, global_noreturns[i])) 245 return true; 246 247 if (func->bind == STB_WEAK) 248 return false; 249 250 if (!func->len) 251 return false; 252 253 insn = find_insn(file, func->sec, func->offset); 254 if (!insn || !insn_func(insn)) 255 return false; 256 257 func_for_each_insn(file, func, insn) { 258 empty = false; 259 260 if (insn->type == INSN_RETURN) 261 return false; 262 } 263 264 if (empty) 265 return false; 266 267 /* 268 * A function can have a sibling call instead of a return. In that 269 * case, the function's dead-end status depends on whether the target 270 * of the sibling call returns. 271 */ 272 func_for_each_insn(file, func, insn) { 273 if (is_sibling_call(insn)) { 274 struct instruction *dest = insn->jump_dest; 275 276 if (!dest) 277 /* sibling call to another file */ 278 return false; 279 280 /* local sibling call */ 281 if (recursion == 5) { 282 /* 283 * Infinite recursion: two functions have 284 * sibling calls to each other. This is a very 285 * rare case. It means they aren't dead ends. 286 */ 287 return false; 288 } 289 290 return __dead_end_function(file, insn_func(dest), recursion+1); 291 } 292 } 293 294 return true; 295 } 296 297 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 298 { 299 return __dead_end_function(file, func, 0); 300 } 301 302 static void init_cfi_state(struct cfi_state *cfi) 303 { 304 int i; 305 306 for (i = 0; i < CFI_NUM_REGS; i++) { 307 cfi->regs[i].base = CFI_UNDEFINED; 308 cfi->vals[i].base = CFI_UNDEFINED; 309 } 310 cfi->cfa.base = CFI_UNDEFINED; 311 cfi->drap_reg = CFI_UNDEFINED; 312 cfi->drap_offset = -1; 313 } 314 315 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 316 struct section *sec) 317 { 318 memset(state, 0, sizeof(*state)); 319 init_cfi_state(&state->cfi); 320 321 /* 322 * We need the full vmlinux for noinstr validation, otherwise we can 323 * not correctly determine insn_call_dest(insn)->sec (external symbols 324 * do not have a section). 325 */ 326 if (opts.link && opts.noinstr && sec) 327 state->noinstr = sec->noinstr; 328 } 329 330 static struct cfi_state *cfi_alloc(void) 331 { 332 struct cfi_state *cfi = calloc(sizeof(struct cfi_state), 1); 333 if (!cfi) { 334 WARN("calloc failed"); 335 exit(1); 336 } 337 nr_cfi++; 338 return cfi; 339 } 340 341 static int cfi_bits; 342 static struct hlist_head *cfi_hash; 343 344 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 345 { 346 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 347 (void *)cfi2 + sizeof(cfi2->hash), 348 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 349 } 350 351 static inline u32 cfi_key(struct cfi_state *cfi) 352 { 353 return jhash((void *)cfi + sizeof(cfi->hash), 354 sizeof(*cfi) - sizeof(cfi->hash), 0); 355 } 356 357 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 358 { 359 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 360 struct cfi_state *obj; 361 362 hlist_for_each_entry(obj, head, hash) { 363 if (!cficmp(cfi, obj)) { 364 nr_cfi_cache++; 365 return obj; 366 } 367 } 368 369 obj = cfi_alloc(); 370 *obj = *cfi; 371 hlist_add_head(&obj->hash, head); 372 373 return obj; 374 } 375 376 static void cfi_hash_add(struct cfi_state *cfi) 377 { 378 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 379 380 hlist_add_head(&cfi->hash, head); 381 } 382 383 static void *cfi_hash_alloc(unsigned long size) 384 { 385 cfi_bits = max(10, ilog2(size)); 386 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 387 PROT_READ|PROT_WRITE, 388 MAP_PRIVATE|MAP_ANON, -1, 0); 389 if (cfi_hash == (void *)-1L) { 390 WARN("mmap fail cfi_hash"); 391 cfi_hash = NULL; 392 } else if (opts.stats) { 393 printf("cfi_bits: %d\n", cfi_bits); 394 } 395 396 return cfi_hash; 397 } 398 399 static unsigned long nr_insns; 400 static unsigned long nr_insns_visited; 401 402 /* 403 * Call the arch-specific instruction decoder for all the instructions and add 404 * them to the global instruction list. 405 */ 406 static int decode_instructions(struct objtool_file *file) 407 { 408 struct section *sec; 409 struct symbol *func; 410 unsigned long offset; 411 struct instruction *insn; 412 int ret; 413 414 for_each_sec(file, sec) { 415 struct instruction *insns = NULL; 416 u8 prev_len = 0; 417 u8 idx = 0; 418 419 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 420 continue; 421 422 if (strcmp(sec->name, ".altinstr_replacement") && 423 strcmp(sec->name, ".altinstr_aux") && 424 strncmp(sec->name, ".discard.", 9)) 425 sec->text = true; 426 427 if (!strcmp(sec->name, ".noinstr.text") || 428 !strcmp(sec->name, ".entry.text") || 429 !strcmp(sec->name, ".cpuidle.text") || 430 !strncmp(sec->name, ".text.__x86.", 12)) 431 sec->noinstr = true; 432 433 /* 434 * .init.text code is ran before userspace and thus doesn't 435 * strictly need retpolines, except for modules which are 436 * loaded late, they very much do need retpoline in their 437 * .init.text 438 */ 439 if (!strcmp(sec->name, ".init.text") && !opts.module) 440 sec->init = true; 441 442 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 443 if (!insns || idx == INSN_CHUNK_MAX) { 444 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE); 445 if (!insns) { 446 WARN("malloc failed"); 447 return -1; 448 } 449 idx = 0; 450 } else { 451 idx++; 452 } 453 insn = &insns[idx]; 454 insn->idx = idx; 455 456 INIT_LIST_HEAD(&insn->call_node); 457 insn->sec = sec; 458 insn->offset = offset; 459 insn->prev_len = prev_len; 460 461 ret = arch_decode_instruction(file, sec, offset, 462 sec->sh.sh_size - offset, 463 insn); 464 if (ret) 465 return ret; 466 467 prev_len = insn->len; 468 469 /* 470 * By default, "ud2" is a dead end unless otherwise 471 * annotated, because GCC 7 inserts it for certain 472 * divide-by-zero cases. 473 */ 474 if (insn->type == INSN_BUG) 475 insn->dead_end = true; 476 477 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 478 nr_insns++; 479 } 480 481 // printf("%s: last chunk used: %d\n", sec->name, (int)idx); 482 483 sec_for_each_sym(sec, func) { 484 if (func->type != STT_NOTYPE && func->type != STT_FUNC) 485 continue; 486 487 if (func->offset == sec->sh.sh_size) { 488 /* Heuristic: likely an "end" symbol */ 489 if (func->type == STT_NOTYPE) 490 continue; 491 WARN("%s(): STT_FUNC at end of section", 492 func->name); 493 return -1; 494 } 495 496 if (func->return_thunk || func->alias != func) 497 continue; 498 499 if (!find_insn(file, sec, func->offset)) { 500 WARN("%s(): can't find starting instruction", 501 func->name); 502 return -1; 503 } 504 505 sym_for_each_insn(file, func, insn) { 506 insn->sym = func; 507 if (func->type == STT_FUNC && 508 insn->type == INSN_ENDBR && 509 list_empty(&insn->call_node)) { 510 if (insn->offset == func->offset) { 511 list_add_tail(&insn->call_node, &file->endbr_list); 512 file->nr_endbr++; 513 } else { 514 file->nr_endbr_int++; 515 } 516 } 517 } 518 } 519 } 520 521 if (opts.stats) 522 printf("nr_insns: %lu\n", nr_insns); 523 524 return 0; 525 } 526 527 /* 528 * Read the pv_ops[] .data table to find the static initialized values. 529 */ 530 static int add_pv_ops(struct objtool_file *file, const char *symname) 531 { 532 struct symbol *sym, *func; 533 unsigned long off, end; 534 struct reloc *rel; 535 int idx; 536 537 sym = find_symbol_by_name(file->elf, symname); 538 if (!sym) 539 return 0; 540 541 off = sym->offset; 542 end = off + sym->len; 543 for (;;) { 544 rel = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 545 if (!rel) 546 break; 547 548 func = rel->sym; 549 if (func->type == STT_SECTION) 550 func = find_symbol_by_offset(rel->sym->sec, rel->addend); 551 552 idx = (rel->offset - sym->offset) / sizeof(unsigned long); 553 554 objtool_pv_add(file, idx, func); 555 556 off = rel->offset + 1; 557 if (off > end) 558 break; 559 } 560 561 return 0; 562 } 563 564 /* 565 * Allocate and initialize file->pv_ops[]. 566 */ 567 static int init_pv_ops(struct objtool_file *file) 568 { 569 static const char *pv_ops_tables[] = { 570 "pv_ops", 571 "xen_cpu_ops", 572 "xen_irq_ops", 573 "xen_mmu_ops", 574 NULL, 575 }; 576 const char *pv_ops; 577 struct symbol *sym; 578 int idx, nr; 579 580 if (!opts.noinstr) 581 return 0; 582 583 file->pv_ops = NULL; 584 585 sym = find_symbol_by_name(file->elf, "pv_ops"); 586 if (!sym) 587 return 0; 588 589 nr = sym->len / sizeof(unsigned long); 590 file->pv_ops = calloc(sizeof(struct pv_state), nr); 591 if (!file->pv_ops) 592 return -1; 593 594 for (idx = 0; idx < nr; idx++) 595 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 596 597 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) 598 add_pv_ops(file, pv_ops); 599 600 return 0; 601 } 602 603 static struct instruction *find_last_insn(struct objtool_file *file, 604 struct section *sec) 605 { 606 struct instruction *insn = NULL; 607 unsigned int offset; 608 unsigned int end = (sec->sh.sh_size > 10) ? sec->sh.sh_size - 10 : 0; 609 610 for (offset = sec->sh.sh_size - 1; offset >= end && !insn; offset--) 611 insn = find_insn(file, sec, offset); 612 613 return insn; 614 } 615 616 /* 617 * Mark "ud2" instructions and manually annotated dead ends. 618 */ 619 static int add_dead_ends(struct objtool_file *file) 620 { 621 struct section *sec; 622 struct reloc *reloc; 623 struct instruction *insn; 624 625 /* 626 * Check for manually annotated dead ends. 627 */ 628 sec = find_section_by_name(file->elf, ".rela.discard.unreachable"); 629 if (!sec) 630 goto reachable; 631 632 list_for_each_entry(reloc, &sec->reloc_list, list) { 633 if (reloc->sym->type != STT_SECTION) { 634 WARN("unexpected relocation symbol type in %s", sec->name); 635 return -1; 636 } 637 insn = find_insn(file, reloc->sym->sec, reloc->addend); 638 if (insn) 639 insn = prev_insn_same_sec(file, insn); 640 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 641 insn = find_last_insn(file, reloc->sym->sec); 642 if (!insn) { 643 WARN("can't find unreachable insn at %s+0x%" PRIx64, 644 reloc->sym->sec->name, reloc->addend); 645 return -1; 646 } 647 } else { 648 WARN("can't find unreachable insn at %s+0x%" PRIx64, 649 reloc->sym->sec->name, reloc->addend); 650 return -1; 651 } 652 653 insn->dead_end = true; 654 } 655 656 reachable: 657 /* 658 * These manually annotated reachable checks are needed for GCC 4.4, 659 * where the Linux unreachable() macro isn't supported. In that case 660 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's 661 * not a dead end. 662 */ 663 sec = find_section_by_name(file->elf, ".rela.discard.reachable"); 664 if (!sec) 665 return 0; 666 667 list_for_each_entry(reloc, &sec->reloc_list, list) { 668 if (reloc->sym->type != STT_SECTION) { 669 WARN("unexpected relocation symbol type in %s", sec->name); 670 return -1; 671 } 672 insn = find_insn(file, reloc->sym->sec, reloc->addend); 673 if (insn) 674 insn = prev_insn_same_sec(file, insn); 675 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 676 insn = find_last_insn(file, reloc->sym->sec); 677 if (!insn) { 678 WARN("can't find reachable insn at %s+0x%" PRIx64, 679 reloc->sym->sec->name, reloc->addend); 680 return -1; 681 } 682 } else { 683 WARN("can't find reachable insn at %s+0x%" PRIx64, 684 reloc->sym->sec->name, reloc->addend); 685 return -1; 686 } 687 688 insn->dead_end = false; 689 } 690 691 return 0; 692 } 693 694 static int create_static_call_sections(struct objtool_file *file) 695 { 696 struct section *sec; 697 struct static_call_site *site; 698 struct instruction *insn; 699 struct symbol *key_sym; 700 char *key_name, *tmp; 701 int idx; 702 703 sec = find_section_by_name(file->elf, ".static_call_sites"); 704 if (sec) { 705 INIT_LIST_HEAD(&file->static_call_list); 706 WARN("file already has .static_call_sites section, skipping"); 707 return 0; 708 } 709 710 if (list_empty(&file->static_call_list)) 711 return 0; 712 713 idx = 0; 714 list_for_each_entry(insn, &file->static_call_list, call_node) 715 idx++; 716 717 sec = elf_create_section(file->elf, ".static_call_sites", SHF_WRITE, 718 sizeof(struct static_call_site), idx); 719 if (!sec) 720 return -1; 721 722 idx = 0; 723 list_for_each_entry(insn, &file->static_call_list, call_node) { 724 725 site = (struct static_call_site *)sec->data->d_buf + idx; 726 memset(site, 0, sizeof(struct static_call_site)); 727 728 /* populate reloc for 'addr' */ 729 if (elf_add_reloc_to_insn(file->elf, sec, 730 idx * sizeof(struct static_call_site), 731 R_X86_64_PC32, 732 insn->sec, insn->offset)) 733 return -1; 734 735 /* find key symbol */ 736 key_name = strdup(insn_call_dest(insn)->name); 737 if (!key_name) { 738 perror("strdup"); 739 return -1; 740 } 741 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 742 STATIC_CALL_TRAMP_PREFIX_LEN)) { 743 WARN("static_call: trampoline name malformed: %s", key_name); 744 free(key_name); 745 return -1; 746 } 747 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 748 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 749 750 key_sym = find_symbol_by_name(file->elf, tmp); 751 if (!key_sym) { 752 if (!opts.module) { 753 WARN("static_call: can't find static_call_key symbol: %s", tmp); 754 free(key_name); 755 return -1; 756 } 757 758 /* 759 * For modules(), the key might not be exported, which 760 * means the module can make static calls but isn't 761 * allowed to change them. 762 * 763 * In that case we temporarily set the key to be the 764 * trampoline address. This is fixed up in 765 * static_call_add_module(). 766 */ 767 key_sym = insn_call_dest(insn); 768 } 769 free(key_name); 770 771 /* populate reloc for 'key' */ 772 if (elf_add_reloc(file->elf, sec, 773 idx * sizeof(struct static_call_site) + 4, 774 R_X86_64_PC32, key_sym, 775 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 776 return -1; 777 778 idx++; 779 } 780 781 return 0; 782 } 783 784 static int create_retpoline_sites_sections(struct objtool_file *file) 785 { 786 struct instruction *insn; 787 struct section *sec; 788 int idx; 789 790 sec = find_section_by_name(file->elf, ".retpoline_sites"); 791 if (sec) { 792 WARN("file already has .retpoline_sites, skipping"); 793 return 0; 794 } 795 796 idx = 0; 797 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 798 idx++; 799 800 if (!idx) 801 return 0; 802 803 sec = elf_create_section(file->elf, ".retpoline_sites", 0, 804 sizeof(int), idx); 805 if (!sec) { 806 WARN("elf_create_section: .retpoline_sites"); 807 return -1; 808 } 809 810 idx = 0; 811 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 812 813 int *site = (int *)sec->data->d_buf + idx; 814 *site = 0; 815 816 if (elf_add_reloc_to_insn(file->elf, sec, 817 idx * sizeof(int), 818 R_X86_64_PC32, 819 insn->sec, insn->offset)) { 820 WARN("elf_add_reloc_to_insn: .retpoline_sites"); 821 return -1; 822 } 823 824 idx++; 825 } 826 827 return 0; 828 } 829 830 static int create_return_sites_sections(struct objtool_file *file) 831 { 832 struct instruction *insn; 833 struct section *sec; 834 int idx; 835 836 sec = find_section_by_name(file->elf, ".return_sites"); 837 if (sec) { 838 WARN("file already has .return_sites, skipping"); 839 return 0; 840 } 841 842 idx = 0; 843 list_for_each_entry(insn, &file->return_thunk_list, call_node) 844 idx++; 845 846 if (!idx) 847 return 0; 848 849 sec = elf_create_section(file->elf, ".return_sites", 0, 850 sizeof(int), idx); 851 if (!sec) { 852 WARN("elf_create_section: .return_sites"); 853 return -1; 854 } 855 856 idx = 0; 857 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 858 859 int *site = (int *)sec->data->d_buf + idx; 860 *site = 0; 861 862 if (elf_add_reloc_to_insn(file->elf, sec, 863 idx * sizeof(int), 864 R_X86_64_PC32, 865 insn->sec, insn->offset)) { 866 WARN("elf_add_reloc_to_insn: .return_sites"); 867 return -1; 868 } 869 870 idx++; 871 } 872 873 return 0; 874 } 875 876 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 877 { 878 struct instruction *insn; 879 struct section *sec; 880 int idx; 881 882 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 883 if (sec) { 884 WARN("file already has .ibt_endbr_seal, skipping"); 885 return 0; 886 } 887 888 idx = 0; 889 list_for_each_entry(insn, &file->endbr_list, call_node) 890 idx++; 891 892 if (opts.stats) { 893 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 894 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 895 printf("ibt: superfluous ENDBR: %d\n", idx); 896 } 897 898 if (!idx) 899 return 0; 900 901 sec = elf_create_section(file->elf, ".ibt_endbr_seal", 0, 902 sizeof(int), idx); 903 if (!sec) { 904 WARN("elf_create_section: .ibt_endbr_seal"); 905 return -1; 906 } 907 908 idx = 0; 909 list_for_each_entry(insn, &file->endbr_list, call_node) { 910 911 int *site = (int *)sec->data->d_buf + idx; 912 struct symbol *sym = insn->sym; 913 *site = 0; 914 915 if (opts.module && sym && sym->type == STT_FUNC && 916 insn->offset == sym->offset && 917 (!strcmp(sym->name, "init_module") || 918 !strcmp(sym->name, "cleanup_module"))) 919 WARN("%s(): not an indirect call target", sym->name); 920 921 if (elf_add_reloc_to_insn(file->elf, sec, 922 idx * sizeof(int), 923 R_X86_64_PC32, 924 insn->sec, insn->offset)) { 925 WARN("elf_add_reloc_to_insn: .ibt_endbr_seal"); 926 return -1; 927 } 928 929 idx++; 930 } 931 932 return 0; 933 } 934 935 static int create_cfi_sections(struct objtool_file *file) 936 { 937 struct section *sec; 938 struct symbol *sym; 939 unsigned int *loc; 940 int idx; 941 942 sec = find_section_by_name(file->elf, ".cfi_sites"); 943 if (sec) { 944 INIT_LIST_HEAD(&file->call_list); 945 WARN("file already has .cfi_sites section, skipping"); 946 return 0; 947 } 948 949 idx = 0; 950 for_each_sym(file, sym) { 951 if (sym->type != STT_FUNC) 952 continue; 953 954 if (strncmp(sym->name, "__cfi_", 6)) 955 continue; 956 957 idx++; 958 } 959 960 sec = elf_create_section(file->elf, ".cfi_sites", 0, sizeof(unsigned int), idx); 961 if (!sec) 962 return -1; 963 964 idx = 0; 965 for_each_sym(file, sym) { 966 if (sym->type != STT_FUNC) 967 continue; 968 969 if (strncmp(sym->name, "__cfi_", 6)) 970 continue; 971 972 loc = (unsigned int *)sec->data->d_buf + idx; 973 memset(loc, 0, sizeof(unsigned int)); 974 975 if (elf_add_reloc_to_insn(file->elf, sec, 976 idx * sizeof(unsigned int), 977 R_X86_64_PC32, 978 sym->sec, sym->offset)) 979 return -1; 980 981 idx++; 982 } 983 984 return 0; 985 } 986 987 static int create_mcount_loc_sections(struct objtool_file *file) 988 { 989 int addrsize = elf_class_addrsize(file->elf); 990 struct instruction *insn; 991 struct section *sec; 992 int idx; 993 994 sec = find_section_by_name(file->elf, "__mcount_loc"); 995 if (sec) { 996 INIT_LIST_HEAD(&file->mcount_loc_list); 997 WARN("file already has __mcount_loc section, skipping"); 998 return 0; 999 } 1000 1001 if (list_empty(&file->mcount_loc_list)) 1002 return 0; 1003 1004 idx = 0; 1005 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 1006 idx++; 1007 1008 sec = elf_create_section(file->elf, "__mcount_loc", 0, addrsize, idx); 1009 if (!sec) 1010 return -1; 1011 1012 sec->sh.sh_addralign = addrsize; 1013 1014 idx = 0; 1015 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 1016 void *loc; 1017 1018 loc = sec->data->d_buf + idx; 1019 memset(loc, 0, addrsize); 1020 1021 if (elf_add_reloc_to_insn(file->elf, sec, idx, 1022 addrsize == sizeof(u64) ? R_ABS64 : R_ABS32, 1023 insn->sec, insn->offset)) 1024 return -1; 1025 1026 idx += addrsize; 1027 } 1028 1029 return 0; 1030 } 1031 1032 static int create_direct_call_sections(struct objtool_file *file) 1033 { 1034 struct instruction *insn; 1035 struct section *sec; 1036 unsigned int *loc; 1037 int idx; 1038 1039 sec = find_section_by_name(file->elf, ".call_sites"); 1040 if (sec) { 1041 INIT_LIST_HEAD(&file->call_list); 1042 WARN("file already has .call_sites section, skipping"); 1043 return 0; 1044 } 1045 1046 if (list_empty(&file->call_list)) 1047 return 0; 1048 1049 idx = 0; 1050 list_for_each_entry(insn, &file->call_list, call_node) 1051 idx++; 1052 1053 sec = elf_create_section(file->elf, ".call_sites", 0, sizeof(unsigned int), idx); 1054 if (!sec) 1055 return -1; 1056 1057 idx = 0; 1058 list_for_each_entry(insn, &file->call_list, call_node) { 1059 1060 loc = (unsigned int *)sec->data->d_buf + idx; 1061 memset(loc, 0, sizeof(unsigned int)); 1062 1063 if (elf_add_reloc_to_insn(file->elf, sec, 1064 idx * sizeof(unsigned int), 1065 R_X86_64_PC32, 1066 insn->sec, insn->offset)) 1067 return -1; 1068 1069 idx++; 1070 } 1071 1072 return 0; 1073 } 1074 1075 /* 1076 * Warnings shouldn't be reported for ignored functions. 1077 */ 1078 static void add_ignores(struct objtool_file *file) 1079 { 1080 struct instruction *insn; 1081 struct section *sec; 1082 struct symbol *func; 1083 struct reloc *reloc; 1084 1085 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 1086 if (!sec) 1087 return; 1088 1089 list_for_each_entry(reloc, &sec->reloc_list, list) { 1090 switch (reloc->sym->type) { 1091 case STT_FUNC: 1092 func = reloc->sym; 1093 break; 1094 1095 case STT_SECTION: 1096 func = find_func_by_offset(reloc->sym->sec, reloc->addend); 1097 if (!func) 1098 continue; 1099 break; 1100 1101 default: 1102 WARN("unexpected relocation symbol type in %s: %d", sec->name, reloc->sym->type); 1103 continue; 1104 } 1105 1106 func_for_each_insn(file, func, insn) 1107 insn->ignore = true; 1108 } 1109 } 1110 1111 /* 1112 * This is a whitelist of functions that is allowed to be called with AC set. 1113 * The list is meant to be minimal and only contains compiler instrumentation 1114 * ABI and a few functions used to implement *_{to,from}_user() functions. 1115 * 1116 * These functions must not directly change AC, but may PUSHF/POPF. 1117 */ 1118 static const char *uaccess_safe_builtin[] = { 1119 /* KASAN */ 1120 "kasan_report", 1121 "kasan_check_range", 1122 /* KASAN out-of-line */ 1123 "__asan_loadN_noabort", 1124 "__asan_load1_noabort", 1125 "__asan_load2_noabort", 1126 "__asan_load4_noabort", 1127 "__asan_load8_noabort", 1128 "__asan_load16_noabort", 1129 "__asan_storeN_noabort", 1130 "__asan_store1_noabort", 1131 "__asan_store2_noabort", 1132 "__asan_store4_noabort", 1133 "__asan_store8_noabort", 1134 "__asan_store16_noabort", 1135 "__kasan_check_read", 1136 "__kasan_check_write", 1137 /* KASAN in-line */ 1138 "__asan_report_load_n_noabort", 1139 "__asan_report_load1_noabort", 1140 "__asan_report_load2_noabort", 1141 "__asan_report_load4_noabort", 1142 "__asan_report_load8_noabort", 1143 "__asan_report_load16_noabort", 1144 "__asan_report_store_n_noabort", 1145 "__asan_report_store1_noabort", 1146 "__asan_report_store2_noabort", 1147 "__asan_report_store4_noabort", 1148 "__asan_report_store8_noabort", 1149 "__asan_report_store16_noabort", 1150 /* KCSAN */ 1151 "__kcsan_check_access", 1152 "__kcsan_mb", 1153 "__kcsan_wmb", 1154 "__kcsan_rmb", 1155 "__kcsan_release", 1156 "kcsan_found_watchpoint", 1157 "kcsan_setup_watchpoint", 1158 "kcsan_check_scoped_accesses", 1159 "kcsan_disable_current", 1160 "kcsan_enable_current_nowarn", 1161 /* KCSAN/TSAN */ 1162 "__tsan_func_entry", 1163 "__tsan_func_exit", 1164 "__tsan_read_range", 1165 "__tsan_write_range", 1166 "__tsan_read1", 1167 "__tsan_read2", 1168 "__tsan_read4", 1169 "__tsan_read8", 1170 "__tsan_read16", 1171 "__tsan_write1", 1172 "__tsan_write2", 1173 "__tsan_write4", 1174 "__tsan_write8", 1175 "__tsan_write16", 1176 "__tsan_read_write1", 1177 "__tsan_read_write2", 1178 "__tsan_read_write4", 1179 "__tsan_read_write8", 1180 "__tsan_read_write16", 1181 "__tsan_volatile_read1", 1182 "__tsan_volatile_read2", 1183 "__tsan_volatile_read4", 1184 "__tsan_volatile_read8", 1185 "__tsan_volatile_read16", 1186 "__tsan_volatile_write1", 1187 "__tsan_volatile_write2", 1188 "__tsan_volatile_write4", 1189 "__tsan_volatile_write8", 1190 "__tsan_volatile_write16", 1191 "__tsan_atomic8_load", 1192 "__tsan_atomic16_load", 1193 "__tsan_atomic32_load", 1194 "__tsan_atomic64_load", 1195 "__tsan_atomic8_store", 1196 "__tsan_atomic16_store", 1197 "__tsan_atomic32_store", 1198 "__tsan_atomic64_store", 1199 "__tsan_atomic8_exchange", 1200 "__tsan_atomic16_exchange", 1201 "__tsan_atomic32_exchange", 1202 "__tsan_atomic64_exchange", 1203 "__tsan_atomic8_fetch_add", 1204 "__tsan_atomic16_fetch_add", 1205 "__tsan_atomic32_fetch_add", 1206 "__tsan_atomic64_fetch_add", 1207 "__tsan_atomic8_fetch_sub", 1208 "__tsan_atomic16_fetch_sub", 1209 "__tsan_atomic32_fetch_sub", 1210 "__tsan_atomic64_fetch_sub", 1211 "__tsan_atomic8_fetch_and", 1212 "__tsan_atomic16_fetch_and", 1213 "__tsan_atomic32_fetch_and", 1214 "__tsan_atomic64_fetch_and", 1215 "__tsan_atomic8_fetch_or", 1216 "__tsan_atomic16_fetch_or", 1217 "__tsan_atomic32_fetch_or", 1218 "__tsan_atomic64_fetch_or", 1219 "__tsan_atomic8_fetch_xor", 1220 "__tsan_atomic16_fetch_xor", 1221 "__tsan_atomic32_fetch_xor", 1222 "__tsan_atomic64_fetch_xor", 1223 "__tsan_atomic8_fetch_nand", 1224 "__tsan_atomic16_fetch_nand", 1225 "__tsan_atomic32_fetch_nand", 1226 "__tsan_atomic64_fetch_nand", 1227 "__tsan_atomic8_compare_exchange_strong", 1228 "__tsan_atomic16_compare_exchange_strong", 1229 "__tsan_atomic32_compare_exchange_strong", 1230 "__tsan_atomic64_compare_exchange_strong", 1231 "__tsan_atomic8_compare_exchange_weak", 1232 "__tsan_atomic16_compare_exchange_weak", 1233 "__tsan_atomic32_compare_exchange_weak", 1234 "__tsan_atomic64_compare_exchange_weak", 1235 "__tsan_atomic8_compare_exchange_val", 1236 "__tsan_atomic16_compare_exchange_val", 1237 "__tsan_atomic32_compare_exchange_val", 1238 "__tsan_atomic64_compare_exchange_val", 1239 "__tsan_atomic_thread_fence", 1240 "__tsan_atomic_signal_fence", 1241 "__tsan_unaligned_read16", 1242 "__tsan_unaligned_write16", 1243 /* KCOV */ 1244 "write_comp_data", 1245 "check_kcov_mode", 1246 "__sanitizer_cov_trace_pc", 1247 "__sanitizer_cov_trace_const_cmp1", 1248 "__sanitizer_cov_trace_const_cmp2", 1249 "__sanitizer_cov_trace_const_cmp4", 1250 "__sanitizer_cov_trace_const_cmp8", 1251 "__sanitizer_cov_trace_cmp1", 1252 "__sanitizer_cov_trace_cmp2", 1253 "__sanitizer_cov_trace_cmp4", 1254 "__sanitizer_cov_trace_cmp8", 1255 "__sanitizer_cov_trace_switch", 1256 /* KMSAN */ 1257 "kmsan_copy_to_user", 1258 "kmsan_report", 1259 "kmsan_unpoison_entry_regs", 1260 "kmsan_unpoison_memory", 1261 "__msan_chain_origin", 1262 "__msan_get_context_state", 1263 "__msan_instrument_asm_store", 1264 "__msan_metadata_ptr_for_load_1", 1265 "__msan_metadata_ptr_for_load_2", 1266 "__msan_metadata_ptr_for_load_4", 1267 "__msan_metadata_ptr_for_load_8", 1268 "__msan_metadata_ptr_for_load_n", 1269 "__msan_metadata_ptr_for_store_1", 1270 "__msan_metadata_ptr_for_store_2", 1271 "__msan_metadata_ptr_for_store_4", 1272 "__msan_metadata_ptr_for_store_8", 1273 "__msan_metadata_ptr_for_store_n", 1274 "__msan_poison_alloca", 1275 "__msan_warning", 1276 /* UBSAN */ 1277 "ubsan_type_mismatch_common", 1278 "__ubsan_handle_type_mismatch", 1279 "__ubsan_handle_type_mismatch_v1", 1280 "__ubsan_handle_shift_out_of_bounds", 1281 "__ubsan_handle_load_invalid_value", 1282 /* STACKLEAK */ 1283 "stackleak_track_stack", 1284 /* misc */ 1285 "csum_partial_copy_generic", 1286 "copy_mc_fragile", 1287 "copy_mc_fragile_handle_tail", 1288 "copy_mc_enhanced_fast_string", 1289 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 1290 "rep_stos_alternative", 1291 "rep_movs_alternative", 1292 "__copy_user_nocache", 1293 NULL 1294 }; 1295 1296 static void add_uaccess_safe(struct objtool_file *file) 1297 { 1298 struct symbol *func; 1299 const char **name; 1300 1301 if (!opts.uaccess) 1302 return; 1303 1304 for (name = uaccess_safe_builtin; *name; name++) { 1305 func = find_symbol_by_name(file->elf, *name); 1306 if (!func) 1307 continue; 1308 1309 func->uaccess_safe = true; 1310 } 1311 } 1312 1313 /* 1314 * FIXME: For now, just ignore any alternatives which add retpolines. This is 1315 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline. 1316 * But it at least allows objtool to understand the control flow *around* the 1317 * retpoline. 1318 */ 1319 static int add_ignore_alternatives(struct objtool_file *file) 1320 { 1321 struct section *sec; 1322 struct reloc *reloc; 1323 struct instruction *insn; 1324 1325 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts"); 1326 if (!sec) 1327 return 0; 1328 1329 list_for_each_entry(reloc, &sec->reloc_list, list) { 1330 if (reloc->sym->type != STT_SECTION) { 1331 WARN("unexpected relocation symbol type in %s", sec->name); 1332 return -1; 1333 } 1334 1335 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1336 if (!insn) { 1337 WARN("bad .discard.ignore_alts entry"); 1338 return -1; 1339 } 1340 1341 insn->ignore_alts = true; 1342 } 1343 1344 return 0; 1345 } 1346 1347 __weak bool arch_is_retpoline(struct symbol *sym) 1348 { 1349 return false; 1350 } 1351 1352 __weak bool arch_is_rethunk(struct symbol *sym) 1353 { 1354 return false; 1355 } 1356 1357 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1358 { 1359 struct reloc *reloc; 1360 1361 if (insn->no_reloc) 1362 return NULL; 1363 1364 if (!file) 1365 return NULL; 1366 1367 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1368 insn->offset, insn->len); 1369 if (!reloc) { 1370 insn->no_reloc = 1; 1371 return NULL; 1372 } 1373 1374 return reloc; 1375 } 1376 1377 static void remove_insn_ops(struct instruction *insn) 1378 { 1379 struct stack_op *op, *next; 1380 1381 for (op = insn->stack_ops; op; op = next) { 1382 next = op->next; 1383 free(op); 1384 } 1385 insn->stack_ops = NULL; 1386 } 1387 1388 static void annotate_call_site(struct objtool_file *file, 1389 struct instruction *insn, bool sibling) 1390 { 1391 struct reloc *reloc = insn_reloc(file, insn); 1392 struct symbol *sym = insn_call_dest(insn); 1393 1394 if (!sym) 1395 sym = reloc->sym; 1396 1397 /* 1398 * Alternative replacement code is just template code which is 1399 * sometimes copied to the original instruction. For now, don't 1400 * annotate it. (In the future we might consider annotating the 1401 * original instruction if/when it ever makes sense to do so.) 1402 */ 1403 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 1404 return; 1405 1406 if (sym->static_call_tramp) { 1407 list_add_tail(&insn->call_node, &file->static_call_list); 1408 return; 1409 } 1410 1411 if (sym->retpoline_thunk) { 1412 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1413 return; 1414 } 1415 1416 /* 1417 * Many compilers cannot disable KCOV or sanitizer calls with a function 1418 * attribute so they need a little help, NOP out any such calls from 1419 * noinstr text. 1420 */ 1421 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1422 if (reloc) { 1423 reloc->type = R_NONE; 1424 elf_write_reloc(file->elf, reloc); 1425 } 1426 1427 elf_write_insn(file->elf, insn->sec, 1428 insn->offset, insn->len, 1429 sibling ? arch_ret_insn(insn->len) 1430 : arch_nop_insn(insn->len)); 1431 1432 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1433 1434 if (sibling) { 1435 /* 1436 * We've replaced the tail-call JMP insn by two new 1437 * insn: RET; INT3, except we only have a single struct 1438 * insn here. Mark it retpoline_safe to avoid the SLS 1439 * warning, instead of adding another insn. 1440 */ 1441 insn->retpoline_safe = true; 1442 } 1443 1444 return; 1445 } 1446 1447 if (opts.mcount && sym->fentry) { 1448 if (sibling) 1449 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1450 if (opts.mnop) { 1451 if (reloc) { 1452 reloc->type = R_NONE; 1453 elf_write_reloc(file->elf, reloc); 1454 } 1455 1456 elf_write_insn(file->elf, insn->sec, 1457 insn->offset, insn->len, 1458 arch_nop_insn(insn->len)); 1459 1460 insn->type = INSN_NOP; 1461 } 1462 1463 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1464 return; 1465 } 1466 1467 if (insn->type == INSN_CALL && !insn->sec->init) 1468 list_add_tail(&insn->call_node, &file->call_list); 1469 1470 if (!sibling && dead_end_function(file, sym)) 1471 insn->dead_end = true; 1472 } 1473 1474 static void add_call_dest(struct objtool_file *file, struct instruction *insn, 1475 struct symbol *dest, bool sibling) 1476 { 1477 insn->_call_dest = dest; 1478 if (!dest) 1479 return; 1480 1481 /* 1482 * Whatever stack impact regular CALLs have, should be undone 1483 * by the RETURN of the called function. 1484 * 1485 * Annotated intra-function calls retain the stack_ops but 1486 * are converted to JUMP, see read_intra_function_calls(). 1487 */ 1488 remove_insn_ops(insn); 1489 1490 annotate_call_site(file, insn, sibling); 1491 } 1492 1493 static void add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1494 { 1495 /* 1496 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1497 * so convert them accordingly. 1498 */ 1499 switch (insn->type) { 1500 case INSN_CALL: 1501 insn->type = INSN_CALL_DYNAMIC; 1502 break; 1503 case INSN_JUMP_UNCONDITIONAL: 1504 insn->type = INSN_JUMP_DYNAMIC; 1505 break; 1506 case INSN_JUMP_CONDITIONAL: 1507 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1508 break; 1509 default: 1510 return; 1511 } 1512 1513 insn->retpoline_safe = true; 1514 1515 /* 1516 * Whatever stack impact regular CALLs have, should be undone 1517 * by the RETURN of the called function. 1518 * 1519 * Annotated intra-function calls retain the stack_ops but 1520 * are converted to JUMP, see read_intra_function_calls(). 1521 */ 1522 remove_insn_ops(insn); 1523 1524 annotate_call_site(file, insn, false); 1525 } 1526 1527 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1528 { 1529 /* 1530 * Return thunk tail calls are really just returns in disguise, 1531 * so convert them accordingly. 1532 */ 1533 insn->type = INSN_RETURN; 1534 insn->retpoline_safe = true; 1535 1536 if (add) 1537 list_add_tail(&insn->call_node, &file->return_thunk_list); 1538 } 1539 1540 static bool is_first_func_insn(struct objtool_file *file, 1541 struct instruction *insn, struct symbol *sym) 1542 { 1543 if (insn->offset == sym->offset) 1544 return true; 1545 1546 /* Allow direct CALL/JMP past ENDBR */ 1547 if (opts.ibt) { 1548 struct instruction *prev = prev_insn_same_sym(file, insn); 1549 1550 if (prev && prev->type == INSN_ENDBR && 1551 insn->offset == sym->offset + prev->len) 1552 return true; 1553 } 1554 1555 return false; 1556 } 1557 1558 /* 1559 * A sibling call is a tail-call to another symbol -- to differentiate from a 1560 * recursive tail-call which is to the same symbol. 1561 */ 1562 static bool jump_is_sibling_call(struct objtool_file *file, 1563 struct instruction *from, struct instruction *to) 1564 { 1565 struct symbol *fs = from->sym; 1566 struct symbol *ts = to->sym; 1567 1568 /* Not a sibling call if from/to a symbol hole */ 1569 if (!fs || !ts) 1570 return false; 1571 1572 /* Not a sibling call if not targeting the start of a symbol. */ 1573 if (!is_first_func_insn(file, to, ts)) 1574 return false; 1575 1576 /* Disallow sibling calls into STT_NOTYPE */ 1577 if (ts->type == STT_NOTYPE) 1578 return false; 1579 1580 /* Must not be self to be a sibling */ 1581 return fs->pfunc != ts->pfunc; 1582 } 1583 1584 /* 1585 * Find the destination instructions for all jumps. 1586 */ 1587 static int add_jump_destinations(struct objtool_file *file) 1588 { 1589 struct instruction *insn, *jump_dest; 1590 struct reloc *reloc; 1591 struct section *dest_sec; 1592 unsigned long dest_off; 1593 1594 for_each_insn(file, insn) { 1595 if (insn->jump_dest) { 1596 /* 1597 * handle_group_alt() may have previously set 1598 * 'jump_dest' for some alternatives. 1599 */ 1600 continue; 1601 } 1602 if (!is_static_jump(insn)) 1603 continue; 1604 1605 reloc = insn_reloc(file, insn); 1606 if (!reloc) { 1607 dest_sec = insn->sec; 1608 dest_off = arch_jump_destination(insn); 1609 } else if (reloc->sym->type == STT_SECTION) { 1610 dest_sec = reloc->sym->sec; 1611 dest_off = arch_dest_reloc_offset(reloc->addend); 1612 } else if (reloc->sym->retpoline_thunk) { 1613 add_retpoline_call(file, insn); 1614 continue; 1615 } else if (reloc->sym->return_thunk) { 1616 add_return_call(file, insn, true); 1617 continue; 1618 } else if (insn_func(insn)) { 1619 /* 1620 * External sibling call or internal sibling call with 1621 * STT_FUNC reloc. 1622 */ 1623 add_call_dest(file, insn, reloc->sym, true); 1624 continue; 1625 } else if (reloc->sym->sec->idx) { 1626 dest_sec = reloc->sym->sec; 1627 dest_off = reloc->sym->sym.st_value + 1628 arch_dest_reloc_offset(reloc->addend); 1629 } else { 1630 /* non-func asm code jumping to another file */ 1631 continue; 1632 } 1633 1634 jump_dest = find_insn(file, dest_sec, dest_off); 1635 if (!jump_dest) { 1636 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1637 1638 /* 1639 * This is a special case for zen_untrain_ret(). 1640 * It jumps to __x86_return_thunk(), but objtool 1641 * can't find the thunk's starting RET 1642 * instruction, because the RET is also in the 1643 * middle of another instruction. Objtool only 1644 * knows about the outer instruction. 1645 */ 1646 if (sym && sym->return_thunk) { 1647 add_return_call(file, insn, false); 1648 continue; 1649 } 1650 1651 WARN_INSN(insn, "can't find jump dest instruction at %s+0x%lx", 1652 dest_sec->name, dest_off); 1653 return -1; 1654 } 1655 1656 /* 1657 * Cross-function jump. 1658 */ 1659 if (insn_func(insn) && insn_func(jump_dest) && 1660 insn_func(insn) != insn_func(jump_dest)) { 1661 1662 /* 1663 * For GCC 8+, create parent/child links for any cold 1664 * subfunctions. This is _mostly_ redundant with a 1665 * similar initialization in read_symbols(). 1666 * 1667 * If a function has aliases, we want the *first* such 1668 * function in the symbol table to be the subfunction's 1669 * parent. In that case we overwrite the 1670 * initialization done in read_symbols(). 1671 * 1672 * However this code can't completely replace the 1673 * read_symbols() code because this doesn't detect the 1674 * case where the parent function's only reference to a 1675 * subfunction is through a jump table. 1676 */ 1677 if (!strstr(insn_func(insn)->name, ".cold") && 1678 strstr(insn_func(jump_dest)->name, ".cold")) { 1679 insn_func(insn)->cfunc = insn_func(jump_dest); 1680 insn_func(jump_dest)->pfunc = insn_func(insn); 1681 } 1682 } 1683 1684 if (jump_is_sibling_call(file, insn, jump_dest)) { 1685 /* 1686 * Internal sibling call without reloc or with 1687 * STT_SECTION reloc. 1688 */ 1689 add_call_dest(file, insn, insn_func(jump_dest), true); 1690 continue; 1691 } 1692 1693 insn->jump_dest = jump_dest; 1694 } 1695 1696 return 0; 1697 } 1698 1699 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1700 { 1701 struct symbol *call_dest; 1702 1703 call_dest = find_func_by_offset(sec, offset); 1704 if (!call_dest) 1705 call_dest = find_symbol_by_offset(sec, offset); 1706 1707 return call_dest; 1708 } 1709 1710 /* 1711 * Find the destination instructions for all calls. 1712 */ 1713 static int add_call_destinations(struct objtool_file *file) 1714 { 1715 struct instruction *insn; 1716 unsigned long dest_off; 1717 struct symbol *dest; 1718 struct reloc *reloc; 1719 1720 for_each_insn(file, insn) { 1721 if (insn->type != INSN_CALL) 1722 continue; 1723 1724 reloc = insn_reloc(file, insn); 1725 if (!reloc) { 1726 dest_off = arch_jump_destination(insn); 1727 dest = find_call_destination(insn->sec, dest_off); 1728 1729 add_call_dest(file, insn, dest, false); 1730 1731 if (insn->ignore) 1732 continue; 1733 1734 if (!insn_call_dest(insn)) { 1735 WARN_INSN(insn, "unannotated intra-function call"); 1736 return -1; 1737 } 1738 1739 if (insn_func(insn) && insn_call_dest(insn)->type != STT_FUNC) { 1740 WARN_INSN(insn, "unsupported call to non-function"); 1741 return -1; 1742 } 1743 1744 } else if (reloc->sym->type == STT_SECTION) { 1745 dest_off = arch_dest_reloc_offset(reloc->addend); 1746 dest = find_call_destination(reloc->sym->sec, dest_off); 1747 if (!dest) { 1748 WARN_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1749 reloc->sym->sec->name, dest_off); 1750 return -1; 1751 } 1752 1753 add_call_dest(file, insn, dest, false); 1754 1755 } else if (reloc->sym->retpoline_thunk) { 1756 add_retpoline_call(file, insn); 1757 1758 } else 1759 add_call_dest(file, insn, reloc->sym, false); 1760 } 1761 1762 return 0; 1763 } 1764 1765 /* 1766 * The .alternatives section requires some extra special care over and above 1767 * other special sections because alternatives are patched in place. 1768 */ 1769 static int handle_group_alt(struct objtool_file *file, 1770 struct special_alt *special_alt, 1771 struct instruction *orig_insn, 1772 struct instruction **new_insn) 1773 { 1774 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1775 struct alt_group *orig_alt_group, *new_alt_group; 1776 unsigned long dest_off; 1777 1778 orig_alt_group = orig_insn->alt_group; 1779 if (!orig_alt_group) { 1780 struct instruction *last_orig_insn = NULL; 1781 1782 orig_alt_group = malloc(sizeof(*orig_alt_group)); 1783 if (!orig_alt_group) { 1784 WARN("malloc failed"); 1785 return -1; 1786 } 1787 orig_alt_group->cfi = calloc(special_alt->orig_len, 1788 sizeof(struct cfi_state *)); 1789 if (!orig_alt_group->cfi) { 1790 WARN("calloc failed"); 1791 return -1; 1792 } 1793 1794 insn = orig_insn; 1795 sec_for_each_insn_from(file, insn) { 1796 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1797 break; 1798 1799 insn->alt_group = orig_alt_group; 1800 last_orig_insn = insn; 1801 } 1802 orig_alt_group->orig_group = NULL; 1803 orig_alt_group->first_insn = orig_insn; 1804 orig_alt_group->last_insn = last_orig_insn; 1805 orig_alt_group->nop = NULL; 1806 } else { 1807 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1808 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1809 WARN_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1810 orig_alt_group->last_insn->offset + 1811 orig_alt_group->last_insn->len - 1812 orig_alt_group->first_insn->offset, 1813 special_alt->orig_len); 1814 return -1; 1815 } 1816 } 1817 1818 new_alt_group = malloc(sizeof(*new_alt_group)); 1819 if (!new_alt_group) { 1820 WARN("malloc failed"); 1821 return -1; 1822 } 1823 1824 if (special_alt->new_len < special_alt->orig_len) { 1825 /* 1826 * Insert a fake nop at the end to make the replacement 1827 * alt_group the same size as the original. This is needed to 1828 * allow propagate_alt_cfi() to do its magic. When the last 1829 * instruction affects the stack, the instruction after it (the 1830 * nop) will propagate the new state to the shared CFI array. 1831 */ 1832 nop = malloc(sizeof(*nop)); 1833 if (!nop) { 1834 WARN("malloc failed"); 1835 return -1; 1836 } 1837 memset(nop, 0, sizeof(*nop)); 1838 1839 nop->sec = special_alt->new_sec; 1840 nop->offset = special_alt->new_off + special_alt->new_len; 1841 nop->len = special_alt->orig_len - special_alt->new_len; 1842 nop->type = INSN_NOP; 1843 nop->sym = orig_insn->sym; 1844 nop->alt_group = new_alt_group; 1845 nop->ignore = orig_insn->ignore_alts; 1846 } 1847 1848 if (!special_alt->new_len) { 1849 *new_insn = nop; 1850 goto end; 1851 } 1852 1853 insn = *new_insn; 1854 sec_for_each_insn_from(file, insn) { 1855 struct reloc *alt_reloc; 1856 1857 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1858 break; 1859 1860 last_new_insn = insn; 1861 1862 insn->ignore = orig_insn->ignore_alts; 1863 insn->sym = orig_insn->sym; 1864 insn->alt_group = new_alt_group; 1865 1866 /* 1867 * Since alternative replacement code is copy/pasted by the 1868 * kernel after applying relocations, generally such code can't 1869 * have relative-address relocation references to outside the 1870 * .altinstr_replacement section, unless the arch's 1871 * alternatives code can adjust the relative offsets 1872 * accordingly. 1873 */ 1874 alt_reloc = insn_reloc(file, insn); 1875 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1876 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1877 1878 WARN_INSN(insn, "unsupported relocation in alternatives section"); 1879 return -1; 1880 } 1881 1882 if (!is_static_jump(insn)) 1883 continue; 1884 1885 if (!insn->immediate) 1886 continue; 1887 1888 dest_off = arch_jump_destination(insn); 1889 if (dest_off == special_alt->new_off + special_alt->new_len) { 1890 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1891 if (!insn->jump_dest) { 1892 WARN_INSN(insn, "can't find alternative jump destination"); 1893 return -1; 1894 } 1895 } 1896 } 1897 1898 if (!last_new_insn) { 1899 WARN_FUNC("can't find last new alternative instruction", 1900 special_alt->new_sec, special_alt->new_off); 1901 return -1; 1902 } 1903 1904 end: 1905 new_alt_group->orig_group = orig_alt_group; 1906 new_alt_group->first_insn = *new_insn; 1907 new_alt_group->last_insn = last_new_insn; 1908 new_alt_group->nop = nop; 1909 new_alt_group->cfi = orig_alt_group->cfi; 1910 return 0; 1911 } 1912 1913 /* 1914 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1915 * If the original instruction is a jump, make the alt entry an effective nop 1916 * by just skipping the original instruction. 1917 */ 1918 static int handle_jump_alt(struct objtool_file *file, 1919 struct special_alt *special_alt, 1920 struct instruction *orig_insn, 1921 struct instruction **new_insn) 1922 { 1923 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1924 orig_insn->type != INSN_NOP) { 1925 1926 WARN_INSN(orig_insn, "unsupported instruction at jump label"); 1927 return -1; 1928 } 1929 1930 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1931 struct reloc *reloc = insn_reloc(file, orig_insn); 1932 1933 if (reloc) { 1934 reloc->type = R_NONE; 1935 elf_write_reloc(file->elf, reloc); 1936 } 1937 elf_write_insn(file->elf, orig_insn->sec, 1938 orig_insn->offset, orig_insn->len, 1939 arch_nop_insn(orig_insn->len)); 1940 orig_insn->type = INSN_NOP; 1941 } 1942 1943 if (orig_insn->type == INSN_NOP) { 1944 if (orig_insn->len == 2) 1945 file->jl_nop_short++; 1946 else 1947 file->jl_nop_long++; 1948 1949 return 0; 1950 } 1951 1952 if (orig_insn->len == 2) 1953 file->jl_short++; 1954 else 1955 file->jl_long++; 1956 1957 *new_insn = next_insn_same_sec(file, orig_insn); 1958 return 0; 1959 } 1960 1961 /* 1962 * Read all the special sections which have alternate instructions which can be 1963 * patched in or redirected to at runtime. Each instruction having alternate 1964 * instruction(s) has them added to its insn->alts list, which will be 1965 * traversed in validate_branch(). 1966 */ 1967 static int add_special_section_alts(struct objtool_file *file) 1968 { 1969 struct list_head special_alts; 1970 struct instruction *orig_insn, *new_insn; 1971 struct special_alt *special_alt, *tmp; 1972 struct alternative *alt; 1973 int ret; 1974 1975 ret = special_get_alts(file->elf, &special_alts); 1976 if (ret) 1977 return ret; 1978 1979 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1980 1981 orig_insn = find_insn(file, special_alt->orig_sec, 1982 special_alt->orig_off); 1983 if (!orig_insn) { 1984 WARN_FUNC("special: can't find orig instruction", 1985 special_alt->orig_sec, special_alt->orig_off); 1986 ret = -1; 1987 goto out; 1988 } 1989 1990 new_insn = NULL; 1991 if (!special_alt->group || special_alt->new_len) { 1992 new_insn = find_insn(file, special_alt->new_sec, 1993 special_alt->new_off); 1994 if (!new_insn) { 1995 WARN_FUNC("special: can't find new instruction", 1996 special_alt->new_sec, 1997 special_alt->new_off); 1998 ret = -1; 1999 goto out; 2000 } 2001 } 2002 2003 if (special_alt->group) { 2004 if (!special_alt->orig_len) { 2005 WARN_INSN(orig_insn, "empty alternative entry"); 2006 continue; 2007 } 2008 2009 ret = handle_group_alt(file, special_alt, orig_insn, 2010 &new_insn); 2011 if (ret) 2012 goto out; 2013 } else if (special_alt->jump_or_nop) { 2014 ret = handle_jump_alt(file, special_alt, orig_insn, 2015 &new_insn); 2016 if (ret) 2017 goto out; 2018 } 2019 2020 alt = malloc(sizeof(*alt)); 2021 if (!alt) { 2022 WARN("malloc failed"); 2023 ret = -1; 2024 goto out; 2025 } 2026 2027 alt->insn = new_insn; 2028 alt->skip_orig = special_alt->skip_orig; 2029 orig_insn->ignore_alts |= special_alt->skip_alt; 2030 alt->next = orig_insn->alts; 2031 orig_insn->alts = alt; 2032 2033 list_del(&special_alt->list); 2034 free(special_alt); 2035 } 2036 2037 if (opts.stats) { 2038 printf("jl\\\tNOP\tJMP\n"); 2039 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 2040 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 2041 } 2042 2043 out: 2044 return ret; 2045 } 2046 2047 static int add_jump_table(struct objtool_file *file, struct instruction *insn, 2048 struct reloc *table) 2049 { 2050 struct reloc *reloc = table; 2051 struct instruction *dest_insn; 2052 struct alternative *alt; 2053 struct symbol *pfunc = insn_func(insn)->pfunc; 2054 unsigned int prev_offset = 0; 2055 2056 /* 2057 * Each @reloc is a switch table relocation which points to the target 2058 * instruction. 2059 */ 2060 list_for_each_entry_from(reloc, &table->sec->reloc_list, list) { 2061 2062 /* Check for the end of the table: */ 2063 if (reloc != table && reloc->jump_table_start) 2064 break; 2065 2066 /* Make sure the table entries are consecutive: */ 2067 if (prev_offset && reloc->offset != prev_offset + 8) 2068 break; 2069 2070 /* Detect function pointers from contiguous objects: */ 2071 if (reloc->sym->sec == pfunc->sec && 2072 reloc->addend == pfunc->offset) 2073 break; 2074 2075 dest_insn = find_insn(file, reloc->sym->sec, reloc->addend); 2076 if (!dest_insn) 2077 break; 2078 2079 /* Make sure the destination is in the same function: */ 2080 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 2081 break; 2082 2083 alt = malloc(sizeof(*alt)); 2084 if (!alt) { 2085 WARN("malloc failed"); 2086 return -1; 2087 } 2088 2089 alt->insn = dest_insn; 2090 alt->next = insn->alts; 2091 insn->alts = alt; 2092 prev_offset = reloc->offset; 2093 } 2094 2095 if (!prev_offset) { 2096 WARN_INSN(insn, "can't find switch jump table"); 2097 return -1; 2098 } 2099 2100 return 0; 2101 } 2102 2103 /* 2104 * find_jump_table() - Given a dynamic jump, find the switch jump table 2105 * associated with it. 2106 */ 2107 static struct reloc *find_jump_table(struct objtool_file *file, 2108 struct symbol *func, 2109 struct instruction *insn) 2110 { 2111 struct reloc *table_reloc; 2112 struct instruction *dest_insn, *orig_insn = insn; 2113 2114 /* 2115 * Backward search using the @first_jump_src links, these help avoid 2116 * much of the 'in between' code. Which avoids us getting confused by 2117 * it. 2118 */ 2119 for (; 2120 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2121 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2122 2123 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2124 break; 2125 2126 /* allow small jumps within the range */ 2127 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2128 insn->jump_dest && 2129 (insn->jump_dest->offset <= insn->offset || 2130 insn->jump_dest->offset > orig_insn->offset)) 2131 break; 2132 2133 table_reloc = arch_find_switch_table(file, insn); 2134 if (!table_reloc) 2135 continue; 2136 dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend); 2137 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2138 continue; 2139 2140 return table_reloc; 2141 } 2142 2143 return NULL; 2144 } 2145 2146 /* 2147 * First pass: Mark the head of each jump table so that in the next pass, 2148 * we know when a given jump table ends and the next one starts. 2149 */ 2150 static void mark_func_jump_tables(struct objtool_file *file, 2151 struct symbol *func) 2152 { 2153 struct instruction *insn, *last = NULL; 2154 struct reloc *reloc; 2155 2156 func_for_each_insn(file, func, insn) { 2157 if (!last) 2158 last = insn; 2159 2160 /* 2161 * Store back-pointers for unconditional forward jumps such 2162 * that find_jump_table() can back-track using those and 2163 * avoid some potentially confusing code. 2164 */ 2165 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2166 insn->offset > last->offset && 2167 insn->jump_dest->offset > insn->offset && 2168 !insn->jump_dest->first_jump_src) { 2169 2170 insn->jump_dest->first_jump_src = insn; 2171 last = insn->jump_dest; 2172 } 2173 2174 if (insn->type != INSN_JUMP_DYNAMIC) 2175 continue; 2176 2177 reloc = find_jump_table(file, func, insn); 2178 if (reloc) { 2179 reloc->jump_table_start = true; 2180 insn->_jump_table = reloc; 2181 } 2182 } 2183 } 2184 2185 static int add_func_jump_tables(struct objtool_file *file, 2186 struct symbol *func) 2187 { 2188 struct instruction *insn; 2189 int ret; 2190 2191 func_for_each_insn(file, func, insn) { 2192 if (!insn_jump_table(insn)) 2193 continue; 2194 2195 ret = add_jump_table(file, insn, insn_jump_table(insn)); 2196 if (ret) 2197 return ret; 2198 } 2199 2200 return 0; 2201 } 2202 2203 /* 2204 * For some switch statements, gcc generates a jump table in the .rodata 2205 * section which contains a list of addresses within the function to jump to. 2206 * This finds these jump tables and adds them to the insn->alts lists. 2207 */ 2208 static int add_jump_table_alts(struct objtool_file *file) 2209 { 2210 struct symbol *func; 2211 int ret; 2212 2213 if (!file->rodata) 2214 return 0; 2215 2216 for_each_sym(file, func) { 2217 if (func->type != STT_FUNC) 2218 continue; 2219 2220 mark_func_jump_tables(file, func); 2221 ret = add_func_jump_tables(file, func); 2222 if (ret) 2223 return ret; 2224 } 2225 2226 return 0; 2227 } 2228 2229 static void set_func_state(struct cfi_state *state) 2230 { 2231 state->cfa = initial_func_cfi.cfa; 2232 memcpy(&state->regs, &initial_func_cfi.regs, 2233 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2234 state->stack_size = initial_func_cfi.cfa.offset; 2235 state->type = UNWIND_HINT_TYPE_CALL; 2236 } 2237 2238 static int read_unwind_hints(struct objtool_file *file) 2239 { 2240 struct cfi_state cfi = init_cfi; 2241 struct section *sec, *relocsec; 2242 struct unwind_hint *hint; 2243 struct instruction *insn; 2244 struct reloc *reloc; 2245 int i; 2246 2247 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2248 if (!sec) 2249 return 0; 2250 2251 relocsec = sec->reloc; 2252 if (!relocsec) { 2253 WARN("missing .rela.discard.unwind_hints section"); 2254 return -1; 2255 } 2256 2257 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2258 WARN("struct unwind_hint size mismatch"); 2259 return -1; 2260 } 2261 2262 file->hints = true; 2263 2264 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2265 hint = (struct unwind_hint *)sec->data->d_buf + i; 2266 2267 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2268 if (!reloc) { 2269 WARN("can't find reloc for unwind_hints[%d]", i); 2270 return -1; 2271 } 2272 2273 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2274 if (!insn) { 2275 WARN("can't find insn for unwind_hints[%d]", i); 2276 return -1; 2277 } 2278 2279 insn->hint = true; 2280 2281 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2282 insn->hint = false; 2283 insn->save = true; 2284 continue; 2285 } 2286 2287 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2288 insn->restore = true; 2289 continue; 2290 } 2291 2292 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2293 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2294 2295 if (sym && sym->bind == STB_GLOBAL) { 2296 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2297 WARN_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2298 } 2299 } 2300 } 2301 2302 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2303 insn->cfi = &func_cfi; 2304 continue; 2305 } 2306 2307 if (insn->cfi) 2308 cfi = *(insn->cfi); 2309 2310 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2311 WARN_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2312 return -1; 2313 } 2314 2315 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2316 cfi.type = hint->type; 2317 cfi.signal = hint->signal; 2318 2319 insn->cfi = cfi_hash_find_or_add(&cfi); 2320 } 2321 2322 return 0; 2323 } 2324 2325 static int read_noendbr_hints(struct objtool_file *file) 2326 { 2327 struct section *sec; 2328 struct instruction *insn; 2329 struct reloc *reloc; 2330 2331 sec = find_section_by_name(file->elf, ".rela.discard.noendbr"); 2332 if (!sec) 2333 return 0; 2334 2335 list_for_each_entry(reloc, &sec->reloc_list, list) { 2336 insn = find_insn(file, reloc->sym->sec, reloc->sym->offset + reloc->addend); 2337 if (!insn) { 2338 WARN("bad .discard.noendbr entry"); 2339 return -1; 2340 } 2341 2342 insn->noendbr = 1; 2343 } 2344 2345 return 0; 2346 } 2347 2348 static int read_retpoline_hints(struct objtool_file *file) 2349 { 2350 struct section *sec; 2351 struct instruction *insn; 2352 struct reloc *reloc; 2353 2354 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); 2355 if (!sec) 2356 return 0; 2357 2358 list_for_each_entry(reloc, &sec->reloc_list, list) { 2359 if (reloc->sym->type != STT_SECTION) { 2360 WARN("unexpected relocation symbol type in %s", sec->name); 2361 return -1; 2362 } 2363 2364 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2365 if (!insn) { 2366 WARN("bad .discard.retpoline_safe entry"); 2367 return -1; 2368 } 2369 2370 if (insn->type != INSN_JUMP_DYNAMIC && 2371 insn->type != INSN_CALL_DYNAMIC && 2372 insn->type != INSN_RETURN && 2373 insn->type != INSN_NOP) { 2374 WARN_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2375 return -1; 2376 } 2377 2378 insn->retpoline_safe = true; 2379 } 2380 2381 return 0; 2382 } 2383 2384 static int read_instr_hints(struct objtool_file *file) 2385 { 2386 struct section *sec; 2387 struct instruction *insn; 2388 struct reloc *reloc; 2389 2390 sec = find_section_by_name(file->elf, ".rela.discard.instr_end"); 2391 if (!sec) 2392 return 0; 2393 2394 list_for_each_entry(reloc, &sec->reloc_list, list) { 2395 if (reloc->sym->type != STT_SECTION) { 2396 WARN("unexpected relocation symbol type in %s", sec->name); 2397 return -1; 2398 } 2399 2400 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2401 if (!insn) { 2402 WARN("bad .discard.instr_end entry"); 2403 return -1; 2404 } 2405 2406 insn->instr--; 2407 } 2408 2409 sec = find_section_by_name(file->elf, ".rela.discard.instr_begin"); 2410 if (!sec) 2411 return 0; 2412 2413 list_for_each_entry(reloc, &sec->reloc_list, list) { 2414 if (reloc->sym->type != STT_SECTION) { 2415 WARN("unexpected relocation symbol type in %s", sec->name); 2416 return -1; 2417 } 2418 2419 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2420 if (!insn) { 2421 WARN("bad .discard.instr_begin entry"); 2422 return -1; 2423 } 2424 2425 insn->instr++; 2426 } 2427 2428 return 0; 2429 } 2430 2431 static int read_validate_unret_hints(struct objtool_file *file) 2432 { 2433 struct section *sec; 2434 struct instruction *insn; 2435 struct reloc *reloc; 2436 2437 sec = find_section_by_name(file->elf, ".rela.discard.validate_unret"); 2438 if (!sec) 2439 return 0; 2440 2441 list_for_each_entry(reloc, &sec->reloc_list, list) { 2442 if (reloc->sym->type != STT_SECTION) { 2443 WARN("unexpected relocation symbol type in %s", sec->name); 2444 return -1; 2445 } 2446 2447 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2448 if (!insn) { 2449 WARN("bad .discard.instr_end entry"); 2450 return -1; 2451 } 2452 insn->unret = 1; 2453 } 2454 2455 return 0; 2456 } 2457 2458 2459 static int read_intra_function_calls(struct objtool_file *file) 2460 { 2461 struct instruction *insn; 2462 struct section *sec; 2463 struct reloc *reloc; 2464 2465 sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls"); 2466 if (!sec) 2467 return 0; 2468 2469 list_for_each_entry(reloc, &sec->reloc_list, list) { 2470 unsigned long dest_off; 2471 2472 if (reloc->sym->type != STT_SECTION) { 2473 WARN("unexpected relocation symbol type in %s", 2474 sec->name); 2475 return -1; 2476 } 2477 2478 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2479 if (!insn) { 2480 WARN("bad .discard.intra_function_call entry"); 2481 return -1; 2482 } 2483 2484 if (insn->type != INSN_CALL) { 2485 WARN_INSN(insn, "intra_function_call not a direct call"); 2486 return -1; 2487 } 2488 2489 /* 2490 * Treat intra-function CALLs as JMPs, but with a stack_op. 2491 * See add_call_destinations(), which strips stack_ops from 2492 * normal CALLs. 2493 */ 2494 insn->type = INSN_JUMP_UNCONDITIONAL; 2495 2496 dest_off = arch_jump_destination(insn); 2497 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2498 if (!insn->jump_dest) { 2499 WARN_INSN(insn, "can't find call dest at %s+0x%lx", 2500 insn->sec->name, dest_off); 2501 return -1; 2502 } 2503 } 2504 2505 return 0; 2506 } 2507 2508 /* 2509 * Return true if name matches an instrumentation function, where calls to that 2510 * function from noinstr code can safely be removed, but compilers won't do so. 2511 */ 2512 static bool is_profiling_func(const char *name) 2513 { 2514 /* 2515 * Many compilers cannot disable KCOV with a function attribute. 2516 */ 2517 if (!strncmp(name, "__sanitizer_cov_", 16)) 2518 return true; 2519 2520 /* 2521 * Some compilers currently do not remove __tsan_func_entry/exit nor 2522 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2523 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2524 * minimum Clang version is 14.0, this can be removed. 2525 */ 2526 if (!strncmp(name, "__tsan_func_", 12) || 2527 !strcmp(name, "__tsan_atomic_signal_fence")) 2528 return true; 2529 2530 return false; 2531 } 2532 2533 static int classify_symbols(struct objtool_file *file) 2534 { 2535 struct symbol *func; 2536 2537 for_each_sym(file, func) { 2538 if (func->bind != STB_GLOBAL) 2539 continue; 2540 2541 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2542 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2543 func->static_call_tramp = true; 2544 2545 if (arch_is_retpoline(func)) 2546 func->retpoline_thunk = true; 2547 2548 if (arch_is_rethunk(func)) 2549 func->return_thunk = true; 2550 2551 if (arch_ftrace_match(func->name)) 2552 func->fentry = true; 2553 2554 if (is_profiling_func(func->name)) 2555 func->profiling_func = true; 2556 } 2557 2558 return 0; 2559 } 2560 2561 static void mark_rodata(struct objtool_file *file) 2562 { 2563 struct section *sec; 2564 bool found = false; 2565 2566 /* 2567 * Search for the following rodata sections, each of which can 2568 * potentially contain jump tables: 2569 * 2570 * - .rodata: can contain GCC switch tables 2571 * - .rodata.<func>: same, if -fdata-sections is being used 2572 * - .rodata..c_jump_table: contains C annotated jump tables 2573 * 2574 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2575 */ 2576 for_each_sec(file, sec) { 2577 if (!strncmp(sec->name, ".rodata", 7) && 2578 !strstr(sec->name, ".str1.")) { 2579 sec->rodata = true; 2580 found = true; 2581 } 2582 } 2583 2584 file->rodata = found; 2585 } 2586 2587 static int decode_sections(struct objtool_file *file) 2588 { 2589 int ret; 2590 2591 mark_rodata(file); 2592 2593 ret = init_pv_ops(file); 2594 if (ret) 2595 return ret; 2596 2597 /* 2598 * Must be before add_{jump_call}_destination. 2599 */ 2600 ret = classify_symbols(file); 2601 if (ret) 2602 return ret; 2603 2604 ret = decode_instructions(file); 2605 if (ret) 2606 return ret; 2607 2608 add_ignores(file); 2609 add_uaccess_safe(file); 2610 2611 ret = add_ignore_alternatives(file); 2612 if (ret) 2613 return ret; 2614 2615 /* 2616 * Must be before read_unwind_hints() since that needs insn->noendbr. 2617 */ 2618 ret = read_noendbr_hints(file); 2619 if (ret) 2620 return ret; 2621 2622 /* 2623 * Must be before add_jump_destinations(), which depends on 'func' 2624 * being set for alternatives, to enable proper sibling call detection. 2625 */ 2626 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) { 2627 ret = add_special_section_alts(file); 2628 if (ret) 2629 return ret; 2630 } 2631 2632 ret = add_jump_destinations(file); 2633 if (ret) 2634 return ret; 2635 2636 /* 2637 * Must be before add_call_destination(); it changes INSN_CALL to 2638 * INSN_JUMP. 2639 */ 2640 ret = read_intra_function_calls(file); 2641 if (ret) 2642 return ret; 2643 2644 ret = add_call_destinations(file); 2645 if (ret) 2646 return ret; 2647 2648 /* 2649 * Must be after add_call_destinations() such that it can override 2650 * dead_end_function() marks. 2651 */ 2652 ret = add_dead_ends(file); 2653 if (ret) 2654 return ret; 2655 2656 ret = add_jump_table_alts(file); 2657 if (ret) 2658 return ret; 2659 2660 ret = read_unwind_hints(file); 2661 if (ret) 2662 return ret; 2663 2664 ret = read_retpoline_hints(file); 2665 if (ret) 2666 return ret; 2667 2668 ret = read_instr_hints(file); 2669 if (ret) 2670 return ret; 2671 2672 ret = read_validate_unret_hints(file); 2673 if (ret) 2674 return ret; 2675 2676 return 0; 2677 } 2678 2679 static bool is_fentry_call(struct instruction *insn) 2680 { 2681 if (insn->type == INSN_CALL && 2682 insn_call_dest(insn) && 2683 insn_call_dest(insn)->fentry) 2684 return true; 2685 2686 return false; 2687 } 2688 2689 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2690 { 2691 struct cfi_state *cfi = &state->cfi; 2692 int i; 2693 2694 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2695 return true; 2696 2697 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2698 return true; 2699 2700 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2701 return true; 2702 2703 for (i = 0; i < CFI_NUM_REGS; i++) { 2704 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2705 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2706 return true; 2707 } 2708 2709 return false; 2710 } 2711 2712 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2713 int expected_offset) 2714 { 2715 return reg->base == CFI_CFA && 2716 reg->offset == expected_offset; 2717 } 2718 2719 static bool has_valid_stack_frame(struct insn_state *state) 2720 { 2721 struct cfi_state *cfi = &state->cfi; 2722 2723 if (cfi->cfa.base == CFI_BP && 2724 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2725 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2726 return true; 2727 2728 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2729 return true; 2730 2731 return false; 2732 } 2733 2734 static int update_cfi_state_regs(struct instruction *insn, 2735 struct cfi_state *cfi, 2736 struct stack_op *op) 2737 { 2738 struct cfi_reg *cfa = &cfi->cfa; 2739 2740 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2741 return 0; 2742 2743 /* push */ 2744 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2745 cfa->offset += 8; 2746 2747 /* pop */ 2748 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2749 cfa->offset -= 8; 2750 2751 /* add immediate to sp */ 2752 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2753 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2754 cfa->offset -= op->src.offset; 2755 2756 return 0; 2757 } 2758 2759 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2760 { 2761 if (arch_callee_saved_reg(reg) && 2762 cfi->regs[reg].base == CFI_UNDEFINED) { 2763 cfi->regs[reg].base = base; 2764 cfi->regs[reg].offset = offset; 2765 } 2766 } 2767 2768 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2769 { 2770 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2771 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2772 } 2773 2774 /* 2775 * A note about DRAP stack alignment: 2776 * 2777 * GCC has the concept of a DRAP register, which is used to help keep track of 2778 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2779 * register. The typical DRAP pattern is: 2780 * 2781 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2782 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2783 * 41 ff 72 f8 pushq -0x8(%r10) 2784 * 55 push %rbp 2785 * 48 89 e5 mov %rsp,%rbp 2786 * (more pushes) 2787 * 41 52 push %r10 2788 * ... 2789 * 41 5a pop %r10 2790 * (more pops) 2791 * 5d pop %rbp 2792 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2793 * c3 retq 2794 * 2795 * There are some variations in the epilogues, like: 2796 * 2797 * 5b pop %rbx 2798 * 41 5a pop %r10 2799 * 41 5c pop %r12 2800 * 41 5d pop %r13 2801 * 41 5e pop %r14 2802 * c9 leaveq 2803 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2804 * c3 retq 2805 * 2806 * and: 2807 * 2808 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2809 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2810 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2811 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2812 * c9 leaveq 2813 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2814 * c3 retq 2815 * 2816 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2817 * restored beforehand: 2818 * 2819 * 41 55 push %r13 2820 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2821 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2822 * ... 2823 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2824 * 41 5d pop %r13 2825 * c3 retq 2826 */ 2827 static int update_cfi_state(struct instruction *insn, 2828 struct instruction *next_insn, 2829 struct cfi_state *cfi, struct stack_op *op) 2830 { 2831 struct cfi_reg *cfa = &cfi->cfa; 2832 struct cfi_reg *regs = cfi->regs; 2833 2834 /* stack operations don't make sense with an undefined CFA */ 2835 if (cfa->base == CFI_UNDEFINED) { 2836 if (insn_func(insn)) { 2837 WARN_INSN(insn, "undefined stack state"); 2838 return -1; 2839 } 2840 return 0; 2841 } 2842 2843 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2844 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2845 return update_cfi_state_regs(insn, cfi, op); 2846 2847 switch (op->dest.type) { 2848 2849 case OP_DEST_REG: 2850 switch (op->src.type) { 2851 2852 case OP_SRC_REG: 2853 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2854 cfa->base == CFI_SP && 2855 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2856 2857 /* mov %rsp, %rbp */ 2858 cfa->base = op->dest.reg; 2859 cfi->bp_scratch = false; 2860 } 2861 2862 else if (op->src.reg == CFI_SP && 2863 op->dest.reg == CFI_BP && cfi->drap) { 2864 2865 /* drap: mov %rsp, %rbp */ 2866 regs[CFI_BP].base = CFI_BP; 2867 regs[CFI_BP].offset = -cfi->stack_size; 2868 cfi->bp_scratch = false; 2869 } 2870 2871 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2872 2873 /* 2874 * mov %rsp, %reg 2875 * 2876 * This is needed for the rare case where GCC 2877 * does: 2878 * 2879 * mov %rsp, %rax 2880 * ... 2881 * mov %rax, %rsp 2882 */ 2883 cfi->vals[op->dest.reg].base = CFI_CFA; 2884 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2885 } 2886 2887 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2888 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2889 2890 /* 2891 * mov %rbp, %rsp 2892 * 2893 * Restore the original stack pointer (Clang). 2894 */ 2895 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2896 } 2897 2898 else if (op->dest.reg == cfa->base) { 2899 2900 /* mov %reg, %rsp */ 2901 if (cfa->base == CFI_SP && 2902 cfi->vals[op->src.reg].base == CFI_CFA) { 2903 2904 /* 2905 * This is needed for the rare case 2906 * where GCC does something dumb like: 2907 * 2908 * lea 0x8(%rsp), %rcx 2909 * ... 2910 * mov %rcx, %rsp 2911 */ 2912 cfa->offset = -cfi->vals[op->src.reg].offset; 2913 cfi->stack_size = cfa->offset; 2914 2915 } else if (cfa->base == CFI_SP && 2916 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2917 cfi->vals[op->src.reg].offset == cfa->offset) { 2918 2919 /* 2920 * Stack swizzle: 2921 * 2922 * 1: mov %rsp, (%[tos]) 2923 * 2: mov %[tos], %rsp 2924 * ... 2925 * 3: pop %rsp 2926 * 2927 * Where: 2928 * 2929 * 1 - places a pointer to the previous 2930 * stack at the Top-of-Stack of the 2931 * new stack. 2932 * 2933 * 2 - switches to the new stack. 2934 * 2935 * 3 - pops the Top-of-Stack to restore 2936 * the original stack. 2937 * 2938 * Note: we set base to SP_INDIRECT 2939 * here and preserve offset. Therefore 2940 * when the unwinder reaches ToS it 2941 * will dereference SP and then add the 2942 * offset to find the next frame, IOW: 2943 * (%rsp) + offset. 2944 */ 2945 cfa->base = CFI_SP_INDIRECT; 2946 2947 } else { 2948 cfa->base = CFI_UNDEFINED; 2949 cfa->offset = 0; 2950 } 2951 } 2952 2953 else if (op->dest.reg == CFI_SP && 2954 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2955 cfi->vals[op->src.reg].offset == cfa->offset) { 2956 2957 /* 2958 * The same stack swizzle case 2) as above. But 2959 * because we can't change cfa->base, case 3) 2960 * will become a regular POP. Pretend we're a 2961 * PUSH so things don't go unbalanced. 2962 */ 2963 cfi->stack_size += 8; 2964 } 2965 2966 2967 break; 2968 2969 case OP_SRC_ADD: 2970 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2971 2972 /* add imm, %rsp */ 2973 cfi->stack_size -= op->src.offset; 2974 if (cfa->base == CFI_SP) 2975 cfa->offset -= op->src.offset; 2976 break; 2977 } 2978 2979 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2980 2981 /* lea disp(%rbp), %rsp */ 2982 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2983 break; 2984 } 2985 2986 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2987 2988 /* drap: lea disp(%rsp), %drap */ 2989 cfi->drap_reg = op->dest.reg; 2990 2991 /* 2992 * lea disp(%rsp), %reg 2993 * 2994 * This is needed for the rare case where GCC 2995 * does something dumb like: 2996 * 2997 * lea 0x8(%rsp), %rcx 2998 * ... 2999 * mov %rcx, %rsp 3000 */ 3001 cfi->vals[op->dest.reg].base = CFI_CFA; 3002 cfi->vals[op->dest.reg].offset = \ 3003 -cfi->stack_size + op->src.offset; 3004 3005 break; 3006 } 3007 3008 if (cfi->drap && op->dest.reg == CFI_SP && 3009 op->src.reg == cfi->drap_reg) { 3010 3011 /* drap: lea disp(%drap), %rsp */ 3012 cfa->base = CFI_SP; 3013 cfa->offset = cfi->stack_size = -op->src.offset; 3014 cfi->drap_reg = CFI_UNDEFINED; 3015 cfi->drap = false; 3016 break; 3017 } 3018 3019 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 3020 WARN_INSN(insn, "unsupported stack register modification"); 3021 return -1; 3022 } 3023 3024 break; 3025 3026 case OP_SRC_AND: 3027 if (op->dest.reg != CFI_SP || 3028 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 3029 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 3030 WARN_INSN(insn, "unsupported stack pointer realignment"); 3031 return -1; 3032 } 3033 3034 if (cfi->drap_reg != CFI_UNDEFINED) { 3035 /* drap: and imm, %rsp */ 3036 cfa->base = cfi->drap_reg; 3037 cfa->offset = cfi->stack_size = 0; 3038 cfi->drap = true; 3039 } 3040 3041 /* 3042 * Older versions of GCC (4.8ish) realign the stack 3043 * without DRAP, with a frame pointer. 3044 */ 3045 3046 break; 3047 3048 case OP_SRC_POP: 3049 case OP_SRC_POPF: 3050 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 3051 3052 /* pop %rsp; # restore from a stack swizzle */ 3053 cfa->base = CFI_SP; 3054 break; 3055 } 3056 3057 if (!cfi->drap && op->dest.reg == cfa->base) { 3058 3059 /* pop %rbp */ 3060 cfa->base = CFI_SP; 3061 } 3062 3063 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 3064 op->dest.reg == cfi->drap_reg && 3065 cfi->drap_offset == -cfi->stack_size) { 3066 3067 /* drap: pop %drap */ 3068 cfa->base = cfi->drap_reg; 3069 cfa->offset = 0; 3070 cfi->drap_offset = -1; 3071 3072 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 3073 3074 /* pop %reg */ 3075 restore_reg(cfi, op->dest.reg); 3076 } 3077 3078 cfi->stack_size -= 8; 3079 if (cfa->base == CFI_SP) 3080 cfa->offset -= 8; 3081 3082 break; 3083 3084 case OP_SRC_REG_INDIRECT: 3085 if (!cfi->drap && op->dest.reg == cfa->base && 3086 op->dest.reg == CFI_BP) { 3087 3088 /* mov disp(%rsp), %rbp */ 3089 cfa->base = CFI_SP; 3090 cfa->offset = cfi->stack_size; 3091 } 3092 3093 if (cfi->drap && op->src.reg == CFI_BP && 3094 op->src.offset == cfi->drap_offset) { 3095 3096 /* drap: mov disp(%rbp), %drap */ 3097 cfa->base = cfi->drap_reg; 3098 cfa->offset = 0; 3099 cfi->drap_offset = -1; 3100 } 3101 3102 if (cfi->drap && op->src.reg == CFI_BP && 3103 op->src.offset == regs[op->dest.reg].offset) { 3104 3105 /* drap: mov disp(%rbp), %reg */ 3106 restore_reg(cfi, op->dest.reg); 3107 3108 } else if (op->src.reg == cfa->base && 3109 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3110 3111 /* mov disp(%rbp), %reg */ 3112 /* mov disp(%rsp), %reg */ 3113 restore_reg(cfi, op->dest.reg); 3114 3115 } else if (op->src.reg == CFI_SP && 3116 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3117 3118 /* mov disp(%rsp), %reg */ 3119 restore_reg(cfi, op->dest.reg); 3120 } 3121 3122 break; 3123 3124 default: 3125 WARN_INSN(insn, "unknown stack-related instruction"); 3126 return -1; 3127 } 3128 3129 break; 3130 3131 case OP_DEST_PUSH: 3132 case OP_DEST_PUSHF: 3133 cfi->stack_size += 8; 3134 if (cfa->base == CFI_SP) 3135 cfa->offset += 8; 3136 3137 if (op->src.type != OP_SRC_REG) 3138 break; 3139 3140 if (cfi->drap) { 3141 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3142 3143 /* drap: push %drap */ 3144 cfa->base = CFI_BP_INDIRECT; 3145 cfa->offset = -cfi->stack_size; 3146 3147 /* save drap so we know when to restore it */ 3148 cfi->drap_offset = -cfi->stack_size; 3149 3150 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3151 3152 /* drap: push %rbp */ 3153 cfi->stack_size = 0; 3154 3155 } else { 3156 3157 /* drap: push %reg */ 3158 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3159 } 3160 3161 } else { 3162 3163 /* push %reg */ 3164 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3165 } 3166 3167 /* detect when asm code uses rbp as a scratch register */ 3168 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3169 cfa->base != CFI_BP) 3170 cfi->bp_scratch = true; 3171 break; 3172 3173 case OP_DEST_REG_INDIRECT: 3174 3175 if (cfi->drap) { 3176 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3177 3178 /* drap: mov %drap, disp(%rbp) */ 3179 cfa->base = CFI_BP_INDIRECT; 3180 cfa->offset = op->dest.offset; 3181 3182 /* save drap offset so we know when to restore it */ 3183 cfi->drap_offset = op->dest.offset; 3184 } else { 3185 3186 /* drap: mov reg, disp(%rbp) */ 3187 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3188 } 3189 3190 } else if (op->dest.reg == cfa->base) { 3191 3192 /* mov reg, disp(%rbp) */ 3193 /* mov reg, disp(%rsp) */ 3194 save_reg(cfi, op->src.reg, CFI_CFA, 3195 op->dest.offset - cfi->cfa.offset); 3196 3197 } else if (op->dest.reg == CFI_SP) { 3198 3199 /* mov reg, disp(%rsp) */ 3200 save_reg(cfi, op->src.reg, CFI_CFA, 3201 op->dest.offset - cfi->stack_size); 3202 3203 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3204 3205 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3206 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3207 cfi->vals[op->dest.reg].offset = cfa->offset; 3208 } 3209 3210 break; 3211 3212 case OP_DEST_MEM: 3213 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3214 WARN_INSN(insn, "unknown stack-related memory operation"); 3215 return -1; 3216 } 3217 3218 /* pop mem */ 3219 cfi->stack_size -= 8; 3220 if (cfa->base == CFI_SP) 3221 cfa->offset -= 8; 3222 3223 break; 3224 3225 default: 3226 WARN_INSN(insn, "unknown stack-related instruction"); 3227 return -1; 3228 } 3229 3230 return 0; 3231 } 3232 3233 /* 3234 * The stack layouts of alternatives instructions can sometimes diverge when 3235 * they have stack modifications. That's fine as long as the potential stack 3236 * layouts don't conflict at any given potential instruction boundary. 3237 * 3238 * Flatten the CFIs of the different alternative code streams (both original 3239 * and replacement) into a single shared CFI array which can be used to detect 3240 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3241 */ 3242 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3243 { 3244 struct cfi_state **alt_cfi; 3245 int group_off; 3246 3247 if (!insn->alt_group) 3248 return 0; 3249 3250 if (!insn->cfi) { 3251 WARN("CFI missing"); 3252 return -1; 3253 } 3254 3255 alt_cfi = insn->alt_group->cfi; 3256 group_off = insn->offset - insn->alt_group->first_insn->offset; 3257 3258 if (!alt_cfi[group_off]) { 3259 alt_cfi[group_off] = insn->cfi; 3260 } else { 3261 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3262 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3263 struct instruction *orig = orig_group->first_insn; 3264 char *where = offstr(insn->sec, insn->offset); 3265 WARN_INSN(orig, "stack layout conflict in alternatives: %s", where); 3266 free(where); 3267 return -1; 3268 } 3269 } 3270 3271 return 0; 3272 } 3273 3274 static int handle_insn_ops(struct instruction *insn, 3275 struct instruction *next_insn, 3276 struct insn_state *state) 3277 { 3278 struct stack_op *op; 3279 3280 for (op = insn->stack_ops; op; op = op->next) { 3281 3282 if (update_cfi_state(insn, next_insn, &state->cfi, op)) 3283 return 1; 3284 3285 if (!insn->alt_group) 3286 continue; 3287 3288 if (op->dest.type == OP_DEST_PUSHF) { 3289 if (!state->uaccess_stack) { 3290 state->uaccess_stack = 1; 3291 } else if (state->uaccess_stack >> 31) { 3292 WARN_INSN(insn, "PUSHF stack exhausted"); 3293 return 1; 3294 } 3295 state->uaccess_stack <<= 1; 3296 state->uaccess_stack |= state->uaccess; 3297 } 3298 3299 if (op->src.type == OP_SRC_POPF) { 3300 if (state->uaccess_stack) { 3301 state->uaccess = state->uaccess_stack & 1; 3302 state->uaccess_stack >>= 1; 3303 if (state->uaccess_stack == 1) 3304 state->uaccess_stack = 0; 3305 } 3306 } 3307 } 3308 3309 return 0; 3310 } 3311 3312 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3313 { 3314 struct cfi_state *cfi1 = insn->cfi; 3315 int i; 3316 3317 if (!cfi1) { 3318 WARN("CFI missing"); 3319 return false; 3320 } 3321 3322 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3323 3324 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3325 cfi1->cfa.base, cfi1->cfa.offset, 3326 cfi2->cfa.base, cfi2->cfa.offset); 3327 3328 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3329 for (i = 0; i < CFI_NUM_REGS; i++) { 3330 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], 3331 sizeof(struct cfi_reg))) 3332 continue; 3333 3334 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3335 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3336 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3337 break; 3338 } 3339 3340 } else if (cfi1->type != cfi2->type) { 3341 3342 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3343 cfi1->type, cfi2->type); 3344 3345 } else if (cfi1->drap != cfi2->drap || 3346 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3347 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3348 3349 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3350 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3351 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3352 3353 } else 3354 return true; 3355 3356 return false; 3357 } 3358 3359 static inline bool func_uaccess_safe(struct symbol *func) 3360 { 3361 if (func) 3362 return func->uaccess_safe; 3363 3364 return false; 3365 } 3366 3367 static inline const char *call_dest_name(struct instruction *insn) 3368 { 3369 static char pvname[19]; 3370 struct reloc *rel; 3371 int idx; 3372 3373 if (insn_call_dest(insn)) 3374 return insn_call_dest(insn)->name; 3375 3376 rel = insn_reloc(NULL, insn); 3377 if (rel && !strcmp(rel->sym->name, "pv_ops")) { 3378 idx = (rel->addend / sizeof(void *)); 3379 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3380 return pvname; 3381 } 3382 3383 return "{dynamic}"; 3384 } 3385 3386 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3387 { 3388 struct symbol *target; 3389 struct reloc *rel; 3390 int idx; 3391 3392 rel = insn_reloc(file, insn); 3393 if (!rel || strcmp(rel->sym->name, "pv_ops")) 3394 return false; 3395 3396 idx = (arch_dest_reloc_offset(rel->addend) / sizeof(void *)); 3397 3398 if (file->pv_ops[idx].clean) 3399 return true; 3400 3401 file->pv_ops[idx].clean = true; 3402 3403 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3404 if (!target->sec->noinstr) { 3405 WARN("pv_ops[%d]: %s", idx, target->name); 3406 file->pv_ops[idx].clean = false; 3407 } 3408 } 3409 3410 return file->pv_ops[idx].clean; 3411 } 3412 3413 static inline bool noinstr_call_dest(struct objtool_file *file, 3414 struct instruction *insn, 3415 struct symbol *func) 3416 { 3417 /* 3418 * We can't deal with indirect function calls at present; 3419 * assume they're instrumented. 3420 */ 3421 if (!func) { 3422 if (file->pv_ops) 3423 return pv_call_dest(file, insn); 3424 3425 return false; 3426 } 3427 3428 /* 3429 * If the symbol is from a noinstr section; we good. 3430 */ 3431 if (func->sec->noinstr) 3432 return true; 3433 3434 /* 3435 * If the symbol is a static_call trampoline, we can't tell. 3436 */ 3437 if (func->static_call_tramp) 3438 return true; 3439 3440 /* 3441 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3442 * something 'BAD' happened. At the risk of taking the machine down, 3443 * let them proceed to get the message out. 3444 */ 3445 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3446 return true; 3447 3448 return false; 3449 } 3450 3451 static int validate_call(struct objtool_file *file, 3452 struct instruction *insn, 3453 struct insn_state *state) 3454 { 3455 if (state->noinstr && state->instr <= 0 && 3456 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3457 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3458 return 1; 3459 } 3460 3461 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3462 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3463 return 1; 3464 } 3465 3466 if (state->df) { 3467 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3468 return 1; 3469 } 3470 3471 return 0; 3472 } 3473 3474 static int validate_sibling_call(struct objtool_file *file, 3475 struct instruction *insn, 3476 struct insn_state *state) 3477 { 3478 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3479 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3480 return 1; 3481 } 3482 3483 return validate_call(file, insn, state); 3484 } 3485 3486 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3487 { 3488 if (state->noinstr && state->instr > 0) { 3489 WARN_INSN(insn, "return with instrumentation enabled"); 3490 return 1; 3491 } 3492 3493 if (state->uaccess && !func_uaccess_safe(func)) { 3494 WARN_INSN(insn, "return with UACCESS enabled"); 3495 return 1; 3496 } 3497 3498 if (!state->uaccess && func_uaccess_safe(func)) { 3499 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3500 return 1; 3501 } 3502 3503 if (state->df) { 3504 WARN_INSN(insn, "return with DF set"); 3505 return 1; 3506 } 3507 3508 if (func && has_modified_stack_frame(insn, state)) { 3509 WARN_INSN(insn, "return with modified stack frame"); 3510 return 1; 3511 } 3512 3513 if (state->cfi.bp_scratch) { 3514 WARN_INSN(insn, "BP used as a scratch register"); 3515 return 1; 3516 } 3517 3518 return 0; 3519 } 3520 3521 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3522 struct instruction *insn) 3523 { 3524 struct alt_group *alt_group = insn->alt_group; 3525 3526 /* 3527 * Simulate the fact that alternatives are patched in-place. When the 3528 * end of a replacement alt_group is reached, redirect objtool flow to 3529 * the end of the original alt_group. 3530 * 3531 * insn->alts->insn -> alt_group->first_insn 3532 * ... 3533 * alt_group->last_insn 3534 * [alt_group->nop] -> next(orig_group->last_insn) 3535 */ 3536 if (alt_group) { 3537 if (alt_group->nop) { 3538 /* ->nop implies ->orig_group */ 3539 if (insn == alt_group->last_insn) 3540 return alt_group->nop; 3541 if (insn == alt_group->nop) 3542 goto next_orig; 3543 } 3544 if (insn == alt_group->last_insn && alt_group->orig_group) 3545 goto next_orig; 3546 } 3547 3548 return next_insn_same_sec(file, insn); 3549 3550 next_orig: 3551 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3552 } 3553 3554 /* 3555 * Follow the branch starting at the given instruction, and recursively follow 3556 * any other branches (jumps). Meanwhile, track the frame pointer state at 3557 * each instruction and validate all the rules described in 3558 * tools/objtool/Documentation/objtool.txt. 3559 */ 3560 static int validate_branch(struct objtool_file *file, struct symbol *func, 3561 struct instruction *insn, struct insn_state state) 3562 { 3563 struct alternative *alt; 3564 struct instruction *next_insn, *prev_insn = NULL; 3565 struct section *sec; 3566 u8 visited; 3567 int ret; 3568 3569 sec = insn->sec; 3570 3571 while (1) { 3572 next_insn = next_insn_to_validate(file, insn); 3573 3574 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3575 /* Ignore KCFI type preambles, which always fall through */ 3576 if (!strncmp(func->name, "__cfi_", 6) || 3577 !strncmp(func->name, "__pfx_", 6)) 3578 return 0; 3579 3580 WARN("%s() falls through to next function %s()", 3581 func->name, insn_func(insn)->name); 3582 return 1; 3583 } 3584 3585 if (func && insn->ignore) { 3586 WARN_INSN(insn, "BUG: why am I validating an ignored function?"); 3587 return 1; 3588 } 3589 3590 visited = VISITED_BRANCH << state.uaccess; 3591 if (insn->visited & VISITED_BRANCH_MASK) { 3592 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3593 return 1; 3594 3595 if (insn->visited & visited) 3596 return 0; 3597 } else { 3598 nr_insns_visited++; 3599 } 3600 3601 if (state.noinstr) 3602 state.instr += insn->instr; 3603 3604 if (insn->hint) { 3605 if (insn->restore) { 3606 struct instruction *save_insn, *i; 3607 3608 i = insn; 3609 save_insn = NULL; 3610 3611 sym_for_each_insn_continue_reverse(file, func, i) { 3612 if (i->save) { 3613 save_insn = i; 3614 break; 3615 } 3616 } 3617 3618 if (!save_insn) { 3619 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3620 return 1; 3621 } 3622 3623 if (!save_insn->visited) { 3624 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3625 return 1; 3626 } 3627 3628 insn->cfi = save_insn->cfi; 3629 nr_cfi_reused++; 3630 } 3631 3632 state.cfi = *insn->cfi; 3633 } else { 3634 /* XXX track if we actually changed state.cfi */ 3635 3636 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3637 insn->cfi = prev_insn->cfi; 3638 nr_cfi_reused++; 3639 } else { 3640 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3641 } 3642 } 3643 3644 insn->visited |= visited; 3645 3646 if (propagate_alt_cfi(file, insn)) 3647 return 1; 3648 3649 if (!insn->ignore_alts && insn->alts) { 3650 bool skip_orig = false; 3651 3652 for (alt = insn->alts; alt; alt = alt->next) { 3653 if (alt->skip_orig) 3654 skip_orig = true; 3655 3656 ret = validate_branch(file, func, alt->insn, state); 3657 if (ret) { 3658 BT_INSN(insn, "(alt)"); 3659 return ret; 3660 } 3661 } 3662 3663 if (skip_orig) 3664 return 0; 3665 } 3666 3667 if (handle_insn_ops(insn, next_insn, &state)) 3668 return 1; 3669 3670 switch (insn->type) { 3671 3672 case INSN_RETURN: 3673 return validate_return(func, insn, &state); 3674 3675 case INSN_CALL: 3676 case INSN_CALL_DYNAMIC: 3677 ret = validate_call(file, insn, &state); 3678 if (ret) 3679 return ret; 3680 3681 if (opts.stackval && func && !is_fentry_call(insn) && 3682 !has_valid_stack_frame(&state)) { 3683 WARN_INSN(insn, "call without frame pointer save/setup"); 3684 return 1; 3685 } 3686 3687 if (insn->dead_end) 3688 return 0; 3689 3690 break; 3691 3692 case INSN_JUMP_CONDITIONAL: 3693 case INSN_JUMP_UNCONDITIONAL: 3694 if (is_sibling_call(insn)) { 3695 ret = validate_sibling_call(file, insn, &state); 3696 if (ret) 3697 return ret; 3698 3699 } else if (insn->jump_dest) { 3700 ret = validate_branch(file, func, 3701 insn->jump_dest, state); 3702 if (ret) { 3703 BT_INSN(insn, "(branch)"); 3704 return ret; 3705 } 3706 } 3707 3708 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3709 return 0; 3710 3711 break; 3712 3713 case INSN_JUMP_DYNAMIC: 3714 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3715 if (is_sibling_call(insn)) { 3716 ret = validate_sibling_call(file, insn, &state); 3717 if (ret) 3718 return ret; 3719 } 3720 3721 if (insn->type == INSN_JUMP_DYNAMIC) 3722 return 0; 3723 3724 break; 3725 3726 case INSN_CONTEXT_SWITCH: 3727 if (func && (!next_insn || !next_insn->hint)) { 3728 WARN_INSN(insn, "unsupported instruction in callable function"); 3729 return 1; 3730 } 3731 return 0; 3732 3733 case INSN_STAC: 3734 if (state.uaccess) { 3735 WARN_INSN(insn, "recursive UACCESS enable"); 3736 return 1; 3737 } 3738 3739 state.uaccess = true; 3740 break; 3741 3742 case INSN_CLAC: 3743 if (!state.uaccess && func) { 3744 WARN_INSN(insn, "redundant UACCESS disable"); 3745 return 1; 3746 } 3747 3748 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3749 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3750 return 1; 3751 } 3752 3753 state.uaccess = false; 3754 break; 3755 3756 case INSN_STD: 3757 if (state.df) { 3758 WARN_INSN(insn, "recursive STD"); 3759 return 1; 3760 } 3761 3762 state.df = true; 3763 break; 3764 3765 case INSN_CLD: 3766 if (!state.df && func) { 3767 WARN_INSN(insn, "redundant CLD"); 3768 return 1; 3769 } 3770 3771 state.df = false; 3772 break; 3773 3774 default: 3775 break; 3776 } 3777 3778 if (insn->dead_end) 3779 return 0; 3780 3781 if (!next_insn) { 3782 if (state.cfi.cfa.base == CFI_UNDEFINED) 3783 return 0; 3784 WARN("%s: unexpected end of section", sec->name); 3785 return 1; 3786 } 3787 3788 prev_insn = insn; 3789 insn = next_insn; 3790 } 3791 3792 return 0; 3793 } 3794 3795 static int validate_unwind_hint(struct objtool_file *file, 3796 struct instruction *insn, 3797 struct insn_state *state) 3798 { 3799 if (insn->hint && !insn->visited && !insn->ignore) { 3800 int ret = validate_branch(file, insn_func(insn), insn, *state); 3801 if (ret) 3802 BT_INSN(insn, "<=== (hint)"); 3803 return ret; 3804 } 3805 3806 return 0; 3807 } 3808 3809 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3810 { 3811 struct instruction *insn; 3812 struct insn_state state; 3813 int warnings = 0; 3814 3815 if (!file->hints) 3816 return 0; 3817 3818 init_insn_state(file, &state, sec); 3819 3820 if (sec) { 3821 sec_for_each_insn(file, sec, insn) 3822 warnings += validate_unwind_hint(file, insn, &state); 3823 } else { 3824 for_each_insn(file, insn) 3825 warnings += validate_unwind_hint(file, insn, &state); 3826 } 3827 3828 return warnings; 3829 } 3830 3831 /* 3832 * Validate rethunk entry constraint: must untrain RET before the first RET. 3833 * 3834 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 3835 * before an actual RET instruction. 3836 */ 3837 static int validate_unret(struct objtool_file *file, struct instruction *insn) 3838 { 3839 struct instruction *next, *dest; 3840 int ret, warnings = 0; 3841 3842 for (;;) { 3843 next = next_insn_to_validate(file, insn); 3844 3845 if (insn->visited & VISITED_UNRET) 3846 return 0; 3847 3848 insn->visited |= VISITED_UNRET; 3849 3850 if (!insn->ignore_alts && insn->alts) { 3851 struct alternative *alt; 3852 bool skip_orig = false; 3853 3854 for (alt = insn->alts; alt; alt = alt->next) { 3855 if (alt->skip_orig) 3856 skip_orig = true; 3857 3858 ret = validate_unret(file, alt->insn); 3859 if (ret) { 3860 BT_INSN(insn, "(alt)"); 3861 return ret; 3862 } 3863 } 3864 3865 if (skip_orig) 3866 return 0; 3867 } 3868 3869 switch (insn->type) { 3870 3871 case INSN_CALL_DYNAMIC: 3872 case INSN_JUMP_DYNAMIC: 3873 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3874 WARN_INSN(insn, "early indirect call"); 3875 return 1; 3876 3877 case INSN_JUMP_UNCONDITIONAL: 3878 case INSN_JUMP_CONDITIONAL: 3879 if (!is_sibling_call(insn)) { 3880 if (!insn->jump_dest) { 3881 WARN_INSN(insn, "unresolved jump target after linking?!?"); 3882 return -1; 3883 } 3884 ret = validate_unret(file, insn->jump_dest); 3885 if (ret) { 3886 BT_INSN(insn, "(branch%s)", 3887 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3888 return ret; 3889 } 3890 3891 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3892 return 0; 3893 3894 break; 3895 } 3896 3897 /* fallthrough */ 3898 case INSN_CALL: 3899 dest = find_insn(file, insn_call_dest(insn)->sec, 3900 insn_call_dest(insn)->offset); 3901 if (!dest) { 3902 WARN("Unresolved function after linking!?: %s", 3903 insn_call_dest(insn)->name); 3904 return -1; 3905 } 3906 3907 ret = validate_unret(file, dest); 3908 if (ret) { 3909 BT_INSN(insn, "(call)"); 3910 return ret; 3911 } 3912 /* 3913 * If a call returns without error, it must have seen UNTRAIN_RET. 3914 * Therefore any non-error return is a success. 3915 */ 3916 return 0; 3917 3918 case INSN_RETURN: 3919 WARN_INSN(insn, "RET before UNTRAIN"); 3920 return 1; 3921 3922 case INSN_NOP: 3923 if (insn->retpoline_safe) 3924 return 0; 3925 break; 3926 3927 default: 3928 break; 3929 } 3930 3931 if (!next) { 3932 WARN_INSN(insn, "teh end!"); 3933 return -1; 3934 } 3935 insn = next; 3936 } 3937 3938 return warnings; 3939 } 3940 3941 /* 3942 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 3943 * VALIDATE_UNRET_END before RET. 3944 */ 3945 static int validate_unrets(struct objtool_file *file) 3946 { 3947 struct instruction *insn; 3948 int ret, warnings = 0; 3949 3950 for_each_insn(file, insn) { 3951 if (!insn->unret) 3952 continue; 3953 3954 ret = validate_unret(file, insn); 3955 if (ret < 0) { 3956 WARN_INSN(insn, "Failed UNRET validation"); 3957 return ret; 3958 } 3959 warnings += ret; 3960 } 3961 3962 return warnings; 3963 } 3964 3965 static int validate_retpoline(struct objtool_file *file) 3966 { 3967 struct instruction *insn; 3968 int warnings = 0; 3969 3970 for_each_insn(file, insn) { 3971 if (insn->type != INSN_JUMP_DYNAMIC && 3972 insn->type != INSN_CALL_DYNAMIC && 3973 insn->type != INSN_RETURN) 3974 continue; 3975 3976 if (insn->retpoline_safe) 3977 continue; 3978 3979 if (insn->sec->init) 3980 continue; 3981 3982 if (insn->type == INSN_RETURN) { 3983 if (opts.rethunk) { 3984 WARN_INSN(insn, "'naked' return found in RETHUNK build"); 3985 } else 3986 continue; 3987 } else { 3988 WARN_INSN(insn, "indirect %s found in RETPOLINE build", 3989 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3990 } 3991 3992 warnings++; 3993 } 3994 3995 return warnings; 3996 } 3997 3998 static bool is_kasan_insn(struct instruction *insn) 3999 { 4000 return (insn->type == INSN_CALL && 4001 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 4002 } 4003 4004 static bool is_ubsan_insn(struct instruction *insn) 4005 { 4006 return (insn->type == INSN_CALL && 4007 !strcmp(insn_call_dest(insn)->name, 4008 "__ubsan_handle_builtin_unreachable")); 4009 } 4010 4011 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 4012 { 4013 int i; 4014 struct instruction *prev_insn; 4015 4016 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) 4017 return true; 4018 4019 /* 4020 * Ignore alternative replacement instructions. This can happen 4021 * when a whitelisted function uses one of the ALTERNATIVE macros. 4022 */ 4023 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 4024 !strcmp(insn->sec->name, ".altinstr_aux")) 4025 return true; 4026 4027 /* 4028 * Whole archive runs might encounter dead code from weak symbols. 4029 * This is where the linker will have dropped the weak symbol in 4030 * favour of a regular symbol, but leaves the code in place. 4031 * 4032 * In this case we'll find a piece of code (whole function) that is not 4033 * covered by a !section symbol. Ignore them. 4034 */ 4035 if (opts.link && !insn_func(insn)) { 4036 int size = find_symbol_hole_containing(insn->sec, insn->offset); 4037 unsigned long end = insn->offset + size; 4038 4039 if (!size) /* not a hole */ 4040 return false; 4041 4042 if (size < 0) /* hole until the end */ 4043 return true; 4044 4045 sec_for_each_insn_continue(file, insn) { 4046 /* 4047 * If we reach a visited instruction at or before the 4048 * end of the hole, ignore the unreachable. 4049 */ 4050 if (insn->visited) 4051 return true; 4052 4053 if (insn->offset >= end) 4054 break; 4055 4056 /* 4057 * If this hole jumps to a .cold function, mark it ignore too. 4058 */ 4059 if (insn->jump_dest && insn_func(insn->jump_dest) && 4060 strstr(insn_func(insn->jump_dest)->name, ".cold")) { 4061 struct instruction *dest = insn->jump_dest; 4062 func_for_each_insn(file, insn_func(dest), dest) 4063 dest->ignore = true; 4064 } 4065 } 4066 4067 return false; 4068 } 4069 4070 if (!insn_func(insn)) 4071 return false; 4072 4073 if (insn_func(insn)->static_call_tramp) 4074 return true; 4075 4076 /* 4077 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4078 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4079 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4080 * (or occasionally a JMP to UD2). 4081 * 4082 * It may also insert a UD2 after calling a __noreturn function. 4083 */ 4084 prev_insn = prev_insn_same_sec(file, insn); 4085 if (prev_insn->dead_end && 4086 (insn->type == INSN_BUG || 4087 (insn->type == INSN_JUMP_UNCONDITIONAL && 4088 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4089 return true; 4090 4091 /* 4092 * Check if this (or a subsequent) instruction is related to 4093 * CONFIG_UBSAN or CONFIG_KASAN. 4094 * 4095 * End the search at 5 instructions to avoid going into the weeds. 4096 */ 4097 for (i = 0; i < 5; i++) { 4098 4099 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4100 return true; 4101 4102 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4103 if (insn->jump_dest && 4104 insn_func(insn->jump_dest) == insn_func(insn)) { 4105 insn = insn->jump_dest; 4106 continue; 4107 } 4108 4109 break; 4110 } 4111 4112 if (insn->offset + insn->len >= insn_func(insn)->offset + insn_func(insn)->len) 4113 break; 4114 4115 insn = next_insn_same_sec(file, insn); 4116 } 4117 4118 return false; 4119 } 4120 4121 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func) 4122 { 4123 struct instruction *insn, *prev; 4124 struct cfi_state *cfi; 4125 4126 insn = find_insn(file, func->sec, func->offset); 4127 if (!insn) 4128 return -1; 4129 4130 for (prev = prev_insn_same_sec(file, insn); 4131 prev; 4132 prev = prev_insn_same_sec(file, prev)) { 4133 u64 offset; 4134 4135 if (prev->type != INSN_NOP) 4136 return -1; 4137 4138 offset = func->offset - prev->offset; 4139 4140 if (offset > opts.prefix) 4141 return -1; 4142 4143 if (offset < opts.prefix) 4144 continue; 4145 4146 elf_create_prefix_symbol(file->elf, func, opts.prefix); 4147 break; 4148 } 4149 4150 if (!prev) 4151 return -1; 4152 4153 if (!insn->cfi) { 4154 /* 4155 * This can happen if stack validation isn't enabled or the 4156 * function is annotated with STACK_FRAME_NON_STANDARD. 4157 */ 4158 return 0; 4159 } 4160 4161 /* Propagate insn->cfi to the prefix code */ 4162 cfi = cfi_hash_find_or_add(insn->cfi); 4163 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4164 prev->cfi = cfi; 4165 4166 return 0; 4167 } 4168 4169 static int add_prefix_symbols(struct objtool_file *file) 4170 { 4171 struct section *sec; 4172 struct symbol *func; 4173 int warnings = 0; 4174 4175 for_each_sec(file, sec) { 4176 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4177 continue; 4178 4179 sec_for_each_sym(sec, func) { 4180 if (func->type != STT_FUNC) 4181 continue; 4182 4183 add_prefix_symbol(file, func); 4184 } 4185 } 4186 4187 return warnings; 4188 } 4189 4190 static int validate_symbol(struct objtool_file *file, struct section *sec, 4191 struct symbol *sym, struct insn_state *state) 4192 { 4193 struct instruction *insn; 4194 int ret; 4195 4196 if (!sym->len) { 4197 WARN("%s() is missing an ELF size annotation", sym->name); 4198 return 1; 4199 } 4200 4201 if (sym->pfunc != sym || sym->alias != sym) 4202 return 0; 4203 4204 insn = find_insn(file, sec, sym->offset); 4205 if (!insn || insn->ignore || insn->visited) 4206 return 0; 4207 4208 state->uaccess = sym->uaccess_safe; 4209 4210 ret = validate_branch(file, insn_func(insn), insn, *state); 4211 if (ret) 4212 BT_INSN(insn, "<=== (sym)"); 4213 return ret; 4214 } 4215 4216 static int validate_section(struct objtool_file *file, struct section *sec) 4217 { 4218 struct insn_state state; 4219 struct symbol *func; 4220 int warnings = 0; 4221 4222 sec_for_each_sym(sec, func) { 4223 if (func->type != STT_FUNC) 4224 continue; 4225 4226 init_insn_state(file, &state, sec); 4227 set_func_state(&state.cfi); 4228 4229 warnings += validate_symbol(file, sec, func, &state); 4230 } 4231 4232 return warnings; 4233 } 4234 4235 static int validate_noinstr_sections(struct objtool_file *file) 4236 { 4237 struct section *sec; 4238 int warnings = 0; 4239 4240 sec = find_section_by_name(file->elf, ".noinstr.text"); 4241 if (sec) { 4242 warnings += validate_section(file, sec); 4243 warnings += validate_unwind_hints(file, sec); 4244 } 4245 4246 sec = find_section_by_name(file->elf, ".entry.text"); 4247 if (sec) { 4248 warnings += validate_section(file, sec); 4249 warnings += validate_unwind_hints(file, sec); 4250 } 4251 4252 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4253 if (sec) { 4254 warnings += validate_section(file, sec); 4255 warnings += validate_unwind_hints(file, sec); 4256 } 4257 4258 return warnings; 4259 } 4260 4261 static int validate_functions(struct objtool_file *file) 4262 { 4263 struct section *sec; 4264 int warnings = 0; 4265 4266 for_each_sec(file, sec) { 4267 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4268 continue; 4269 4270 warnings += validate_section(file, sec); 4271 } 4272 4273 return warnings; 4274 } 4275 4276 static void mark_endbr_used(struct instruction *insn) 4277 { 4278 if (!list_empty(&insn->call_node)) 4279 list_del_init(&insn->call_node); 4280 } 4281 4282 static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4283 { 4284 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4285 struct instruction *first; 4286 4287 if (!sym) 4288 return false; 4289 4290 first = find_insn(file, sym->sec, sym->offset); 4291 if (!first) 4292 return false; 4293 4294 if (first->type != INSN_ENDBR && !first->noendbr) 4295 return false; 4296 4297 return insn->offset == sym->offset + sym->len; 4298 } 4299 4300 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4301 { 4302 struct instruction *dest; 4303 struct reloc *reloc; 4304 unsigned long off; 4305 int warnings = 0; 4306 4307 /* 4308 * Looking for function pointer load relocations. Ignore 4309 * direct/indirect branches: 4310 */ 4311 switch (insn->type) { 4312 case INSN_CALL: 4313 case INSN_CALL_DYNAMIC: 4314 case INSN_JUMP_CONDITIONAL: 4315 case INSN_JUMP_UNCONDITIONAL: 4316 case INSN_JUMP_DYNAMIC: 4317 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4318 case INSN_RETURN: 4319 case INSN_NOP: 4320 return 0; 4321 default: 4322 break; 4323 } 4324 4325 for (reloc = insn_reloc(file, insn); 4326 reloc; 4327 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4328 reloc->offset + 1, 4329 (insn->offset + insn->len) - (reloc->offset + 1))) { 4330 4331 /* 4332 * static_call_update() references the trampoline, which 4333 * doesn't have (or need) ENDBR. Skip warning in that case. 4334 */ 4335 if (reloc->sym->static_call_tramp) 4336 continue; 4337 4338 off = reloc->sym->offset; 4339 if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32) 4340 off += arch_dest_reloc_offset(reloc->addend); 4341 else 4342 off += reloc->addend; 4343 4344 dest = find_insn(file, reloc->sym->sec, off); 4345 if (!dest) 4346 continue; 4347 4348 if (dest->type == INSN_ENDBR) { 4349 mark_endbr_used(dest); 4350 continue; 4351 } 4352 4353 if (insn_func(dest) && insn_func(dest) == insn_func(insn)) { 4354 /* 4355 * Anything from->to self is either _THIS_IP_ or 4356 * IRET-to-self. 4357 * 4358 * There is no sane way to annotate _THIS_IP_ since the 4359 * compiler treats the relocation as a constant and is 4360 * happy to fold in offsets, skewing any annotation we 4361 * do, leading to vast amounts of false-positives. 4362 * 4363 * There's also compiler generated _THIS_IP_ through 4364 * KCOV and such which we have no hope of annotating. 4365 * 4366 * As such, blanket accept self-references without 4367 * issue. 4368 */ 4369 continue; 4370 } 4371 4372 /* 4373 * Accept anything ANNOTATE_NOENDBR. 4374 */ 4375 if (dest->noendbr) 4376 continue; 4377 4378 /* 4379 * Accept if this is the instruction after a symbol 4380 * that is (no)endbr -- typical code-range usage. 4381 */ 4382 if (noendbr_range(file, dest)) 4383 continue; 4384 4385 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4386 4387 warnings++; 4388 } 4389 4390 return warnings; 4391 } 4392 4393 static int validate_ibt_data_reloc(struct objtool_file *file, 4394 struct reloc *reloc) 4395 { 4396 struct instruction *dest; 4397 4398 dest = find_insn(file, reloc->sym->sec, 4399 reloc->sym->offset + reloc->addend); 4400 if (!dest) 4401 return 0; 4402 4403 if (dest->type == INSN_ENDBR) { 4404 mark_endbr_used(dest); 4405 return 0; 4406 } 4407 4408 if (dest->noendbr) 4409 return 0; 4410 4411 WARN_FUNC("data relocation to !ENDBR: %s", 4412 reloc->sec->base, reloc->offset, 4413 offstr(dest->sec, dest->offset)); 4414 4415 return 1; 4416 } 4417 4418 /* 4419 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4420 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4421 * NOPs) later, in create_ibt_endbr_seal_sections(). 4422 */ 4423 static int validate_ibt(struct objtool_file *file) 4424 { 4425 struct section *sec; 4426 struct reloc *reloc; 4427 struct instruction *insn; 4428 int warnings = 0; 4429 4430 for_each_insn(file, insn) 4431 warnings += validate_ibt_insn(file, insn); 4432 4433 for_each_sec(file, sec) { 4434 4435 /* Already done by validate_ibt_insn() */ 4436 if (sec->sh.sh_flags & SHF_EXECINSTR) 4437 continue; 4438 4439 if (!sec->reloc) 4440 continue; 4441 4442 /* 4443 * These sections can reference text addresses, but not with 4444 * the intent to indirect branch to them. 4445 */ 4446 if ((!strncmp(sec->name, ".discard", 8) && 4447 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4448 !strncmp(sec->name, ".debug", 6) || 4449 !strcmp(sec->name, ".altinstructions") || 4450 !strcmp(sec->name, ".ibt_endbr_seal") || 4451 !strcmp(sec->name, ".orc_unwind_ip") || 4452 !strcmp(sec->name, ".parainstructions") || 4453 !strcmp(sec->name, ".retpoline_sites") || 4454 !strcmp(sec->name, ".smp_locks") || 4455 !strcmp(sec->name, ".static_call_sites") || 4456 !strcmp(sec->name, "_error_injection_whitelist") || 4457 !strcmp(sec->name, "_kprobe_blacklist") || 4458 !strcmp(sec->name, "__bug_table") || 4459 !strcmp(sec->name, "__ex_table") || 4460 !strcmp(sec->name, "__jump_table") || 4461 !strcmp(sec->name, "__mcount_loc") || 4462 !strcmp(sec->name, ".kcfi_traps") || 4463 strstr(sec->name, "__patchable_function_entries")) 4464 continue; 4465 4466 list_for_each_entry(reloc, &sec->reloc->reloc_list, list) 4467 warnings += validate_ibt_data_reloc(file, reloc); 4468 } 4469 4470 return warnings; 4471 } 4472 4473 static int validate_sls(struct objtool_file *file) 4474 { 4475 struct instruction *insn, *next_insn; 4476 int warnings = 0; 4477 4478 for_each_insn(file, insn) { 4479 next_insn = next_insn_same_sec(file, insn); 4480 4481 if (insn->retpoline_safe) 4482 continue; 4483 4484 switch (insn->type) { 4485 case INSN_RETURN: 4486 if (!next_insn || next_insn->type != INSN_TRAP) { 4487 WARN_INSN(insn, "missing int3 after ret"); 4488 warnings++; 4489 } 4490 4491 break; 4492 case INSN_JUMP_DYNAMIC: 4493 if (!next_insn || next_insn->type != INSN_TRAP) { 4494 WARN_INSN(insn, "missing int3 after indirect jump"); 4495 warnings++; 4496 } 4497 break; 4498 default: 4499 break; 4500 } 4501 } 4502 4503 return warnings; 4504 } 4505 4506 static bool ignore_noreturn_call(struct instruction *insn) 4507 { 4508 struct symbol *call_dest = insn_call_dest(insn); 4509 4510 /* 4511 * FIXME: hack, we need a real noreturn solution 4512 * 4513 * Problem is, exc_double_fault() may or may not return, depending on 4514 * whether CONFIG_X86_ESPFIX64 is set. But objtool has no visibility 4515 * to the kernel config. 4516 * 4517 * Other potential ways to fix it: 4518 * 4519 * - have compiler communicate __noreturn functions somehow 4520 * - remove CONFIG_X86_ESPFIX64 4521 * - read the .config file 4522 * - add a cmdline option 4523 * - create a generic objtool annotation format (vs a bunch of custom 4524 * formats) and annotate it 4525 */ 4526 if (!strcmp(call_dest->name, "exc_double_fault")) { 4527 /* prevent further unreachable warnings for the caller */ 4528 insn->sym->warned = 1; 4529 return true; 4530 } 4531 4532 return false; 4533 } 4534 4535 static int validate_reachable_instructions(struct objtool_file *file) 4536 { 4537 struct instruction *insn, *prev_insn; 4538 struct symbol *call_dest; 4539 int warnings = 0; 4540 4541 if (file->ignore_unreachables) 4542 return 0; 4543 4544 for_each_insn(file, insn) { 4545 if (insn->visited || ignore_unreachable_insn(file, insn)) 4546 continue; 4547 4548 prev_insn = prev_insn_same_sec(file, insn); 4549 if (prev_insn && prev_insn->dead_end) { 4550 call_dest = insn_call_dest(prev_insn); 4551 if (call_dest && !ignore_noreturn_call(prev_insn)) { 4552 WARN_INSN(insn, "%s() is missing a __noreturn annotation", 4553 call_dest->name); 4554 warnings++; 4555 continue; 4556 } 4557 } 4558 4559 WARN_INSN(insn, "unreachable instruction"); 4560 warnings++; 4561 } 4562 4563 return warnings; 4564 } 4565 4566 /* 'funcs' is a space-separated list of function names */ 4567 static int disas_funcs(const char *funcs) 4568 { 4569 const char *objdump_str, *cross_compile; 4570 int size, ret; 4571 char *cmd; 4572 4573 cross_compile = getenv("CROSS_COMPILE"); 4574 4575 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '" 4576 "BEGIN { split(_funcs, funcs); }" 4577 "/^$/ { func_match = 0; }" 4578 "/<.*>:/ { " 4579 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);" 4580 "for (i in funcs) {" 4581 "if (funcs[i] == f) {" 4582 "func_match = 1;" 4583 "base = strtonum(\"0x\" $1);" 4584 "break;" 4585 "}" 4586 "}" 4587 "}" 4588 "{" 4589 "if (func_match) {" 4590 "addr = strtonum(\"0x\" $1);" 4591 "printf(\"%%04x \", addr - base);" 4592 "print;" 4593 "}" 4594 "}' 1>&2"; 4595 4596 /* fake snprintf() to calculate the size */ 4597 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1; 4598 if (size <= 0) { 4599 WARN("objdump string size calculation failed"); 4600 return -1; 4601 } 4602 4603 cmd = malloc(size); 4604 4605 /* real snprintf() */ 4606 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs); 4607 ret = system(cmd); 4608 if (ret) { 4609 WARN("disassembly failed: %d", ret); 4610 return -1; 4611 } 4612 4613 return 0; 4614 } 4615 4616 static int disas_warned_funcs(struct objtool_file *file) 4617 { 4618 struct symbol *sym; 4619 char *funcs = NULL, *tmp; 4620 4621 for_each_sym(file, sym) { 4622 if (sym->warned) { 4623 if (!funcs) { 4624 funcs = malloc(strlen(sym->name) + 1); 4625 strcpy(funcs, sym->name); 4626 } else { 4627 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2); 4628 sprintf(tmp, "%s %s", funcs, sym->name); 4629 free(funcs); 4630 funcs = tmp; 4631 } 4632 } 4633 } 4634 4635 if (funcs) 4636 disas_funcs(funcs); 4637 4638 return 0; 4639 } 4640 4641 int check(struct objtool_file *file) 4642 { 4643 int ret, warnings = 0; 4644 4645 arch_initial_func_cfi_state(&initial_func_cfi); 4646 init_cfi_state(&init_cfi); 4647 init_cfi_state(&func_cfi); 4648 set_func_state(&func_cfi); 4649 4650 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) 4651 goto out; 4652 4653 cfi_hash_add(&init_cfi); 4654 cfi_hash_add(&func_cfi); 4655 4656 ret = decode_sections(file); 4657 if (ret < 0) 4658 goto out; 4659 4660 warnings += ret; 4661 4662 if (!nr_insns) 4663 goto out; 4664 4665 if (opts.retpoline) { 4666 ret = validate_retpoline(file); 4667 if (ret < 0) 4668 return ret; 4669 warnings += ret; 4670 } 4671 4672 if (opts.stackval || opts.orc || opts.uaccess) { 4673 ret = validate_functions(file); 4674 if (ret < 0) 4675 goto out; 4676 warnings += ret; 4677 4678 ret = validate_unwind_hints(file, NULL); 4679 if (ret < 0) 4680 goto out; 4681 warnings += ret; 4682 4683 if (!warnings) { 4684 ret = validate_reachable_instructions(file); 4685 if (ret < 0) 4686 goto out; 4687 warnings += ret; 4688 } 4689 4690 } else if (opts.noinstr) { 4691 ret = validate_noinstr_sections(file); 4692 if (ret < 0) 4693 goto out; 4694 warnings += ret; 4695 } 4696 4697 if (opts.unret) { 4698 /* 4699 * Must be after validate_branch() and friends, it plays 4700 * further games with insn->visited. 4701 */ 4702 ret = validate_unrets(file); 4703 if (ret < 0) 4704 return ret; 4705 warnings += ret; 4706 } 4707 4708 if (opts.ibt) { 4709 ret = validate_ibt(file); 4710 if (ret < 0) 4711 goto out; 4712 warnings += ret; 4713 } 4714 4715 if (opts.sls) { 4716 ret = validate_sls(file); 4717 if (ret < 0) 4718 goto out; 4719 warnings += ret; 4720 } 4721 4722 if (opts.static_call) { 4723 ret = create_static_call_sections(file); 4724 if (ret < 0) 4725 goto out; 4726 warnings += ret; 4727 } 4728 4729 if (opts.retpoline) { 4730 ret = create_retpoline_sites_sections(file); 4731 if (ret < 0) 4732 goto out; 4733 warnings += ret; 4734 } 4735 4736 if (opts.cfi) { 4737 ret = create_cfi_sections(file); 4738 if (ret < 0) 4739 goto out; 4740 warnings += ret; 4741 } 4742 4743 if (opts.rethunk) { 4744 ret = create_return_sites_sections(file); 4745 if (ret < 0) 4746 goto out; 4747 warnings += ret; 4748 4749 if (opts.hack_skylake) { 4750 ret = create_direct_call_sections(file); 4751 if (ret < 0) 4752 goto out; 4753 warnings += ret; 4754 } 4755 } 4756 4757 if (opts.mcount) { 4758 ret = create_mcount_loc_sections(file); 4759 if (ret < 0) 4760 goto out; 4761 warnings += ret; 4762 } 4763 4764 if (opts.prefix) { 4765 ret = add_prefix_symbols(file); 4766 if (ret < 0) 4767 return ret; 4768 warnings += ret; 4769 } 4770 4771 if (opts.ibt) { 4772 ret = create_ibt_endbr_seal_sections(file); 4773 if (ret < 0) 4774 goto out; 4775 warnings += ret; 4776 } 4777 4778 if (opts.orc && nr_insns) { 4779 ret = orc_create(file); 4780 if (ret < 0) 4781 goto out; 4782 warnings += ret; 4783 } 4784 4785 if (opts.verbose) 4786 disas_warned_funcs(file); 4787 4788 if (opts.stats) { 4789 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4790 printf("nr_cfi: %ld\n", nr_cfi); 4791 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4792 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4793 } 4794 4795 out: 4796 /* 4797 * For now, don't fail the kernel build on fatal warnings. These 4798 * errors are still fairly common due to the growing matrix of 4799 * supported toolchains and their recent pace of change. 4800 */ 4801 return 0; 4802 } 4803