1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 #include <inttypes.h> 9 #include <sys/mman.h> 10 11 #include <objtool/builtin.h> 12 #include <objtool/cfi.h> 13 #include <objtool/arch.h> 14 #include <objtool/check.h> 15 #include <objtool/special.h> 16 #include <objtool/warn.h> 17 #include <objtool/endianness.h> 18 19 #include <linux/objtool_types.h> 20 #include <linux/hashtable.h> 21 #include <linux/kernel.h> 22 #include <linux/static_call_types.h> 23 #include <linux/string.h> 24 25 struct alternative { 26 struct alternative *next; 27 struct instruction *insn; 28 }; 29 30 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 31 32 static struct cfi_init_state initial_func_cfi; 33 static struct cfi_state init_cfi; 34 static struct cfi_state func_cfi; 35 static struct cfi_state force_undefined_cfi; 36 37 struct instruction *find_insn(struct objtool_file *file, 38 struct section *sec, unsigned long offset) 39 { 40 struct instruction *insn; 41 42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 43 if (insn->sec == sec && insn->offset == offset) 44 return insn; 45 } 46 47 return NULL; 48 } 49 50 struct instruction *next_insn_same_sec(struct objtool_file *file, 51 struct instruction *insn) 52 { 53 if (insn->idx == INSN_CHUNK_MAX) 54 return find_insn(file, insn->sec, insn->offset + insn->len); 55 56 insn++; 57 if (!insn->len) 58 return NULL; 59 60 return insn; 61 } 62 63 static struct instruction *next_insn_same_func(struct objtool_file *file, 64 struct instruction *insn) 65 { 66 struct instruction *next = next_insn_same_sec(file, insn); 67 struct symbol *func = insn_func(insn); 68 69 if (!func) 70 return NULL; 71 72 if (next && insn_func(next) == func) 73 return next; 74 75 /* Check if we're already in the subfunction: */ 76 if (func == func->cfunc) 77 return NULL; 78 79 /* Move to the subfunction: */ 80 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 81 } 82 83 static struct instruction *prev_insn_same_sec(struct objtool_file *file, 84 struct instruction *insn) 85 { 86 if (insn->idx == 0) { 87 if (insn->prev_len) 88 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 89 return NULL; 90 } 91 92 return insn - 1; 93 } 94 95 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 96 struct instruction *insn) 97 { 98 struct instruction *prev = prev_insn_same_sec(file, insn); 99 100 if (prev && insn_func(prev) == insn_func(insn)) 101 return prev; 102 103 return NULL; 104 } 105 106 #define for_each_insn(file, insn) \ 107 for (struct section *__sec, *__fake = (struct section *)1; \ 108 __fake; __fake = NULL) \ 109 for_each_sec(file, __sec) \ 110 sec_for_each_insn(file, __sec, insn) 111 112 #define func_for_each_insn(file, func, insn) \ 113 for (insn = find_insn(file, func->sec, func->offset); \ 114 insn; \ 115 insn = next_insn_same_func(file, insn)) 116 117 #define sym_for_each_insn(file, sym, insn) \ 118 for (insn = find_insn(file, sym->sec, sym->offset); \ 119 insn && insn->offset < sym->offset + sym->len; \ 120 insn = next_insn_same_sec(file, insn)) 121 122 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 123 for (insn = prev_insn_same_sec(file, insn); \ 124 insn && insn->offset >= sym->offset; \ 125 insn = prev_insn_same_sec(file, insn)) 126 127 #define sec_for_each_insn_from(file, insn) \ 128 for (; insn; insn = next_insn_same_sec(file, insn)) 129 130 #define sec_for_each_insn_continue(file, insn) \ 131 for (insn = next_insn_same_sec(file, insn); insn; \ 132 insn = next_insn_same_sec(file, insn)) 133 134 static inline struct symbol *insn_call_dest(struct instruction *insn) 135 { 136 if (insn->type == INSN_JUMP_DYNAMIC || 137 insn->type == INSN_CALL_DYNAMIC) 138 return NULL; 139 140 return insn->_call_dest; 141 } 142 143 static inline struct reloc *insn_jump_table(struct instruction *insn) 144 { 145 if (insn->type == INSN_JUMP_DYNAMIC || 146 insn->type == INSN_CALL_DYNAMIC) 147 return insn->_jump_table; 148 149 return NULL; 150 } 151 152 static inline unsigned long insn_jump_table_size(struct instruction *insn) 153 { 154 if (insn->type == INSN_JUMP_DYNAMIC || 155 insn->type == INSN_CALL_DYNAMIC) 156 return insn->_jump_table_size; 157 158 return 0; 159 } 160 161 static bool is_jump_table_jump(struct instruction *insn) 162 { 163 struct alt_group *alt_group = insn->alt_group; 164 165 if (insn_jump_table(insn)) 166 return true; 167 168 /* Retpoline alternative for a jump table? */ 169 return alt_group && alt_group->orig_group && 170 insn_jump_table(alt_group->orig_group->first_insn); 171 } 172 173 static bool is_sibling_call(struct instruction *insn) 174 { 175 /* 176 * Assume only STT_FUNC calls have jump-tables. 177 */ 178 if (insn_func(insn)) { 179 /* An indirect jump is either a sibling call or a jump to a table. */ 180 if (insn->type == INSN_JUMP_DYNAMIC) 181 return !is_jump_table_jump(insn); 182 } 183 184 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 185 return (is_static_jump(insn) && insn_call_dest(insn)); 186 } 187 188 /* 189 * Checks if a string ends with another. 190 */ 191 static bool str_ends_with(const char *s, const char *sub) 192 { 193 const int slen = strlen(s); 194 const int sublen = strlen(sub); 195 196 if (sublen > slen) 197 return 0; 198 199 return !memcmp(s + slen - sublen, sub, sublen); 200 } 201 202 /* 203 * Checks if a function is a Rust "noreturn" one. 204 */ 205 static bool is_rust_noreturn(const struct symbol *func) 206 { 207 /* 208 * If it does not start with "_R", then it is not a Rust symbol. 209 */ 210 if (strncmp(func->name, "_R", 2)) 211 return false; 212 213 /* 214 * These are just heuristics -- we do not control the precise symbol 215 * name, due to the crate disambiguators (which depend on the compiler) 216 * as well as changes to the source code itself between versions (since 217 * these come from the Rust standard library). 218 */ 219 return str_ends_with(func->name, "_4core5sliceSp15copy_from_slice17len_mismatch_fail") || 220 str_ends_with(func->name, "_4core6option13unwrap_failed") || 221 str_ends_with(func->name, "_4core6result13unwrap_failed") || 222 str_ends_with(func->name, "_4core9panicking5panic") || 223 str_ends_with(func->name, "_4core9panicking9panic_fmt") || 224 str_ends_with(func->name, "_4core9panicking14panic_explicit") || 225 str_ends_with(func->name, "_4core9panicking14panic_nounwind") || 226 str_ends_with(func->name, "_4core9panicking18panic_bounds_check") || 227 str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || 228 str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || 229 strstr(func->name, "_4core9panicking13assert_failed") || 230 strstr(func->name, "_4core9panicking11panic_const24panic_const_") || 231 (strstr(func->name, "_4core5slice5index24slice_") && 232 str_ends_with(func->name, "_fail")); 233 } 234 235 /* 236 * This checks to see if the given function is a "noreturn" function. 237 * 238 * For global functions which are outside the scope of this object file, we 239 * have to keep a manual list of them. 240 * 241 * For local functions, we have to detect them manually by simply looking for 242 * the lack of a return instruction. 243 */ 244 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 245 int recursion) 246 { 247 int i; 248 struct instruction *insn; 249 bool empty = true; 250 251 #define NORETURN(func) __stringify(func), 252 static const char * const global_noreturns[] = { 253 #include "noreturns.h" 254 }; 255 #undef NORETURN 256 257 if (!func) 258 return false; 259 260 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) { 261 if (is_rust_noreturn(func)) 262 return true; 263 264 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 265 if (!strcmp(func->name, global_noreturns[i])) 266 return true; 267 } 268 269 if (func->bind == STB_WEAK) 270 return false; 271 272 if (!func->len) 273 return false; 274 275 insn = find_insn(file, func->sec, func->offset); 276 if (!insn || !insn_func(insn)) 277 return false; 278 279 func_for_each_insn(file, func, insn) { 280 empty = false; 281 282 if (insn->type == INSN_RETURN) 283 return false; 284 } 285 286 if (empty) 287 return false; 288 289 /* 290 * A function can have a sibling call instead of a return. In that 291 * case, the function's dead-end status depends on whether the target 292 * of the sibling call returns. 293 */ 294 func_for_each_insn(file, func, insn) { 295 if (is_sibling_call(insn)) { 296 struct instruction *dest = insn->jump_dest; 297 298 if (!dest) 299 /* sibling call to another file */ 300 return false; 301 302 /* local sibling call */ 303 if (recursion == 5) { 304 /* 305 * Infinite recursion: two functions have 306 * sibling calls to each other. This is a very 307 * rare case. It means they aren't dead ends. 308 */ 309 return false; 310 } 311 312 return __dead_end_function(file, insn_func(dest), recursion+1); 313 } 314 } 315 316 return true; 317 } 318 319 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 320 { 321 return __dead_end_function(file, func, 0); 322 } 323 324 static void init_cfi_state(struct cfi_state *cfi) 325 { 326 int i; 327 328 for (i = 0; i < CFI_NUM_REGS; i++) { 329 cfi->regs[i].base = CFI_UNDEFINED; 330 cfi->vals[i].base = CFI_UNDEFINED; 331 } 332 cfi->cfa.base = CFI_UNDEFINED; 333 cfi->drap_reg = CFI_UNDEFINED; 334 cfi->drap_offset = -1; 335 } 336 337 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 338 struct section *sec) 339 { 340 memset(state, 0, sizeof(*state)); 341 init_cfi_state(&state->cfi); 342 343 if (opts.noinstr && sec) 344 state->noinstr = sec->noinstr; 345 } 346 347 static struct cfi_state *cfi_alloc(void) 348 { 349 struct cfi_state *cfi = calloc(1, sizeof(struct cfi_state)); 350 if (!cfi) { 351 ERROR_GLIBC("calloc"); 352 exit(1); 353 } 354 nr_cfi++; 355 return cfi; 356 } 357 358 static int cfi_bits; 359 static struct hlist_head *cfi_hash; 360 361 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 362 { 363 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 364 (void *)cfi2 + sizeof(cfi2->hash), 365 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 366 } 367 368 static inline u32 cfi_key(struct cfi_state *cfi) 369 { 370 return jhash((void *)cfi + sizeof(cfi->hash), 371 sizeof(*cfi) - sizeof(cfi->hash), 0); 372 } 373 374 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 375 { 376 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 377 struct cfi_state *obj; 378 379 hlist_for_each_entry(obj, head, hash) { 380 if (!cficmp(cfi, obj)) { 381 nr_cfi_cache++; 382 return obj; 383 } 384 } 385 386 obj = cfi_alloc(); 387 *obj = *cfi; 388 hlist_add_head(&obj->hash, head); 389 390 return obj; 391 } 392 393 static void cfi_hash_add(struct cfi_state *cfi) 394 { 395 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 396 397 hlist_add_head(&cfi->hash, head); 398 } 399 400 static void *cfi_hash_alloc(unsigned long size) 401 { 402 cfi_bits = max(10, ilog2(size)); 403 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 404 PROT_READ|PROT_WRITE, 405 MAP_PRIVATE|MAP_ANON, -1, 0); 406 if (cfi_hash == (void *)-1L) { 407 ERROR_GLIBC("mmap fail cfi_hash"); 408 cfi_hash = NULL; 409 } else if (opts.stats) { 410 printf("cfi_bits: %d\n", cfi_bits); 411 } 412 413 return cfi_hash; 414 } 415 416 static unsigned long nr_insns; 417 static unsigned long nr_insns_visited; 418 419 /* 420 * Call the arch-specific instruction decoder for all the instructions and add 421 * them to the global instruction list. 422 */ 423 static int decode_instructions(struct objtool_file *file) 424 { 425 struct section *sec; 426 struct symbol *func; 427 unsigned long offset; 428 struct instruction *insn; 429 int ret; 430 431 for_each_sec(file, sec) { 432 struct instruction *insns = NULL; 433 u8 prev_len = 0; 434 u8 idx = 0; 435 436 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 437 continue; 438 439 if (strcmp(sec->name, ".altinstr_replacement") && 440 strcmp(sec->name, ".altinstr_aux") && 441 strncmp(sec->name, ".discard.", 9)) 442 sec->text = true; 443 444 if (!strcmp(sec->name, ".noinstr.text") || 445 !strcmp(sec->name, ".entry.text") || 446 !strcmp(sec->name, ".cpuidle.text") || 447 !strncmp(sec->name, ".text..__x86.", 13)) 448 sec->noinstr = true; 449 450 /* 451 * .init.text code is ran before userspace and thus doesn't 452 * strictly need retpolines, except for modules which are 453 * loaded late, they very much do need retpoline in their 454 * .init.text 455 */ 456 if (!strcmp(sec->name, ".init.text") && !opts.module) 457 sec->init = true; 458 459 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 460 if (!insns || idx == INSN_CHUNK_MAX) { 461 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE); 462 if (!insns) { 463 ERROR_GLIBC("calloc"); 464 return -1; 465 } 466 idx = 0; 467 } else { 468 idx++; 469 } 470 insn = &insns[idx]; 471 insn->idx = idx; 472 473 INIT_LIST_HEAD(&insn->call_node); 474 insn->sec = sec; 475 insn->offset = offset; 476 insn->prev_len = prev_len; 477 478 ret = arch_decode_instruction(file, sec, offset, 479 sec->sh.sh_size - offset, 480 insn); 481 if (ret) 482 return ret; 483 484 prev_len = insn->len; 485 486 /* 487 * By default, "ud2" is a dead end unless otherwise 488 * annotated, because GCC 7 inserts it for certain 489 * divide-by-zero cases. 490 */ 491 if (insn->type == INSN_BUG) 492 insn->dead_end = true; 493 494 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 495 nr_insns++; 496 } 497 498 sec_for_each_sym(sec, func) { 499 if (func->type != STT_NOTYPE && func->type != STT_FUNC) 500 continue; 501 502 if (func->offset == sec->sh.sh_size) { 503 /* Heuristic: likely an "end" symbol */ 504 if (func->type == STT_NOTYPE) 505 continue; 506 ERROR("%s(): STT_FUNC at end of section", func->name); 507 return -1; 508 } 509 510 if (func->embedded_insn || func->alias != func) 511 continue; 512 513 if (!find_insn(file, sec, func->offset)) { 514 ERROR("%s(): can't find starting instruction", func->name); 515 return -1; 516 } 517 518 sym_for_each_insn(file, func, insn) { 519 insn->sym = func; 520 if (func->type == STT_FUNC && 521 insn->type == INSN_ENDBR && 522 list_empty(&insn->call_node)) { 523 if (insn->offset == func->offset) { 524 list_add_tail(&insn->call_node, &file->endbr_list); 525 file->nr_endbr++; 526 } else { 527 file->nr_endbr_int++; 528 } 529 } 530 } 531 } 532 } 533 534 if (opts.stats) 535 printf("nr_insns: %lu\n", nr_insns); 536 537 return 0; 538 } 539 540 /* 541 * Read the pv_ops[] .data table to find the static initialized values. 542 */ 543 static int add_pv_ops(struct objtool_file *file, const char *symname) 544 { 545 struct symbol *sym, *func; 546 unsigned long off, end; 547 struct reloc *reloc; 548 int idx; 549 550 sym = find_symbol_by_name(file->elf, symname); 551 if (!sym) 552 return 0; 553 554 off = sym->offset; 555 end = off + sym->len; 556 for (;;) { 557 reloc = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 558 if (!reloc) 559 break; 560 561 idx = (reloc_offset(reloc) - sym->offset) / sizeof(unsigned long); 562 563 func = reloc->sym; 564 if (func->type == STT_SECTION) 565 func = find_symbol_by_offset(reloc->sym->sec, 566 reloc_addend(reloc)); 567 if (!func) { 568 ERROR_FUNC(reloc->sym->sec, reloc_addend(reloc), 569 "can't find func at %s[%d]", symname, idx); 570 return -1; 571 } 572 573 if (objtool_pv_add(file, idx, func)) 574 return -1; 575 576 off = reloc_offset(reloc) + 1; 577 if (off > end) 578 break; 579 } 580 581 return 0; 582 } 583 584 /* 585 * Allocate and initialize file->pv_ops[]. 586 */ 587 static int init_pv_ops(struct objtool_file *file) 588 { 589 static const char *pv_ops_tables[] = { 590 "pv_ops", 591 "xen_cpu_ops", 592 "xen_irq_ops", 593 "xen_mmu_ops", 594 NULL, 595 }; 596 const char *pv_ops; 597 struct symbol *sym; 598 int idx, nr, ret; 599 600 if (!opts.noinstr) 601 return 0; 602 603 file->pv_ops = NULL; 604 605 sym = find_symbol_by_name(file->elf, "pv_ops"); 606 if (!sym) 607 return 0; 608 609 nr = sym->len / sizeof(unsigned long); 610 file->pv_ops = calloc(sizeof(struct pv_state), nr); 611 if (!file->pv_ops) { 612 ERROR_GLIBC("calloc"); 613 return -1; 614 } 615 616 for (idx = 0; idx < nr; idx++) 617 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 618 619 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) { 620 ret = add_pv_ops(file, pv_ops); 621 if (ret) 622 return ret; 623 } 624 625 return 0; 626 } 627 628 static int create_static_call_sections(struct objtool_file *file) 629 { 630 struct static_call_site *site; 631 struct section *sec; 632 struct instruction *insn; 633 struct symbol *key_sym; 634 char *key_name, *tmp; 635 int idx; 636 637 sec = find_section_by_name(file->elf, ".static_call_sites"); 638 if (sec) { 639 INIT_LIST_HEAD(&file->static_call_list); 640 WARN("file already has .static_call_sites section, skipping"); 641 return 0; 642 } 643 644 if (list_empty(&file->static_call_list)) 645 return 0; 646 647 idx = 0; 648 list_for_each_entry(insn, &file->static_call_list, call_node) 649 idx++; 650 651 sec = elf_create_section_pair(file->elf, ".static_call_sites", 652 sizeof(*site), idx, idx * 2); 653 if (!sec) 654 return -1; 655 656 /* Allow modules to modify the low bits of static_call_site::key */ 657 sec->sh.sh_flags |= SHF_WRITE; 658 659 idx = 0; 660 list_for_each_entry(insn, &file->static_call_list, call_node) { 661 662 /* populate reloc for 'addr' */ 663 if (!elf_init_reloc_text_sym(file->elf, sec, 664 idx * sizeof(*site), idx * 2, 665 insn->sec, insn->offset)) 666 return -1; 667 668 /* find key symbol */ 669 key_name = strdup(insn_call_dest(insn)->name); 670 if (!key_name) { 671 ERROR_GLIBC("strdup"); 672 return -1; 673 } 674 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 675 STATIC_CALL_TRAMP_PREFIX_LEN)) { 676 ERROR("static_call: trampoline name malformed: %s", key_name); 677 return -1; 678 } 679 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 680 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 681 682 key_sym = find_symbol_by_name(file->elf, tmp); 683 if (!key_sym) { 684 if (!opts.module) { 685 ERROR("static_call: can't find static_call_key symbol: %s", tmp); 686 return -1; 687 } 688 689 /* 690 * For modules(), the key might not be exported, which 691 * means the module can make static calls but isn't 692 * allowed to change them. 693 * 694 * In that case we temporarily set the key to be the 695 * trampoline address. This is fixed up in 696 * static_call_add_module(). 697 */ 698 key_sym = insn_call_dest(insn); 699 } 700 701 /* populate reloc for 'key' */ 702 if (!elf_init_reloc_data_sym(file->elf, sec, 703 idx * sizeof(*site) + 4, 704 (idx * 2) + 1, key_sym, 705 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 706 return -1; 707 708 idx++; 709 } 710 711 return 0; 712 } 713 714 static int create_retpoline_sites_sections(struct objtool_file *file) 715 { 716 struct instruction *insn; 717 struct section *sec; 718 int idx; 719 720 sec = find_section_by_name(file->elf, ".retpoline_sites"); 721 if (sec) { 722 WARN("file already has .retpoline_sites, skipping"); 723 return 0; 724 } 725 726 idx = 0; 727 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 728 idx++; 729 730 if (!idx) 731 return 0; 732 733 sec = elf_create_section_pair(file->elf, ".retpoline_sites", 734 sizeof(int), idx, idx); 735 if (!sec) 736 return -1; 737 738 idx = 0; 739 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 740 741 if (!elf_init_reloc_text_sym(file->elf, sec, 742 idx * sizeof(int), idx, 743 insn->sec, insn->offset)) 744 return -1; 745 746 idx++; 747 } 748 749 return 0; 750 } 751 752 static int create_return_sites_sections(struct objtool_file *file) 753 { 754 struct instruction *insn; 755 struct section *sec; 756 int idx; 757 758 sec = find_section_by_name(file->elf, ".return_sites"); 759 if (sec) { 760 WARN("file already has .return_sites, skipping"); 761 return 0; 762 } 763 764 idx = 0; 765 list_for_each_entry(insn, &file->return_thunk_list, call_node) 766 idx++; 767 768 if (!idx) 769 return 0; 770 771 sec = elf_create_section_pair(file->elf, ".return_sites", 772 sizeof(int), idx, idx); 773 if (!sec) 774 return -1; 775 776 idx = 0; 777 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 778 779 if (!elf_init_reloc_text_sym(file->elf, sec, 780 idx * sizeof(int), idx, 781 insn->sec, insn->offset)) 782 return -1; 783 784 idx++; 785 } 786 787 return 0; 788 } 789 790 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 791 { 792 struct instruction *insn; 793 struct section *sec; 794 int idx; 795 796 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 797 if (sec) { 798 WARN("file already has .ibt_endbr_seal, skipping"); 799 return 0; 800 } 801 802 idx = 0; 803 list_for_each_entry(insn, &file->endbr_list, call_node) 804 idx++; 805 806 if (opts.stats) { 807 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 808 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 809 printf("ibt: superfluous ENDBR: %d\n", idx); 810 } 811 812 if (!idx) 813 return 0; 814 815 sec = elf_create_section_pair(file->elf, ".ibt_endbr_seal", 816 sizeof(int), idx, idx); 817 if (!sec) 818 return -1; 819 820 idx = 0; 821 list_for_each_entry(insn, &file->endbr_list, call_node) { 822 823 int *site = (int *)sec->data->d_buf + idx; 824 struct symbol *sym = insn->sym; 825 *site = 0; 826 827 if (opts.module && sym && sym->type == STT_FUNC && 828 insn->offset == sym->offset && 829 (!strcmp(sym->name, "init_module") || 830 !strcmp(sym->name, "cleanup_module"))) { 831 ERROR("%s(): Magic init_module() function name is deprecated, use module_init(fn) instead", 832 sym->name); 833 return -1; 834 } 835 836 if (!elf_init_reloc_text_sym(file->elf, sec, 837 idx * sizeof(int), idx, 838 insn->sec, insn->offset)) 839 return -1; 840 841 idx++; 842 } 843 844 return 0; 845 } 846 847 static int create_cfi_sections(struct objtool_file *file) 848 { 849 struct section *sec; 850 struct symbol *sym; 851 int idx; 852 853 sec = find_section_by_name(file->elf, ".cfi_sites"); 854 if (sec) { 855 INIT_LIST_HEAD(&file->call_list); 856 WARN("file already has .cfi_sites section, skipping"); 857 return 0; 858 } 859 860 idx = 0; 861 for_each_sym(file, sym) { 862 if (sym->type != STT_FUNC) 863 continue; 864 865 if (strncmp(sym->name, "__cfi_", 6)) 866 continue; 867 868 idx++; 869 } 870 871 sec = elf_create_section_pair(file->elf, ".cfi_sites", 872 sizeof(unsigned int), idx, idx); 873 if (!sec) 874 return -1; 875 876 idx = 0; 877 for_each_sym(file, sym) { 878 if (sym->type != STT_FUNC) 879 continue; 880 881 if (strncmp(sym->name, "__cfi_", 6)) 882 continue; 883 884 if (!elf_init_reloc_text_sym(file->elf, sec, 885 idx * sizeof(unsigned int), idx, 886 sym->sec, sym->offset)) 887 return -1; 888 889 idx++; 890 } 891 892 return 0; 893 } 894 895 static int create_mcount_loc_sections(struct objtool_file *file) 896 { 897 size_t addr_size = elf_addr_size(file->elf); 898 struct instruction *insn; 899 struct section *sec; 900 int idx; 901 902 sec = find_section_by_name(file->elf, "__mcount_loc"); 903 if (sec) { 904 INIT_LIST_HEAD(&file->mcount_loc_list); 905 WARN("file already has __mcount_loc section, skipping"); 906 return 0; 907 } 908 909 if (list_empty(&file->mcount_loc_list)) 910 return 0; 911 912 idx = 0; 913 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 914 idx++; 915 916 sec = elf_create_section_pair(file->elf, "__mcount_loc", addr_size, 917 idx, idx); 918 if (!sec) 919 return -1; 920 921 sec->sh.sh_addralign = addr_size; 922 923 idx = 0; 924 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 925 926 struct reloc *reloc; 927 928 reloc = elf_init_reloc_text_sym(file->elf, sec, idx * addr_size, idx, 929 insn->sec, insn->offset); 930 if (!reloc) 931 return -1; 932 933 set_reloc_type(file->elf, reloc, addr_size == 8 ? R_ABS64 : R_ABS32); 934 935 idx++; 936 } 937 938 return 0; 939 } 940 941 static int create_direct_call_sections(struct objtool_file *file) 942 { 943 struct instruction *insn; 944 struct section *sec; 945 int idx; 946 947 sec = find_section_by_name(file->elf, ".call_sites"); 948 if (sec) { 949 INIT_LIST_HEAD(&file->call_list); 950 WARN("file already has .call_sites section, skipping"); 951 return 0; 952 } 953 954 if (list_empty(&file->call_list)) 955 return 0; 956 957 idx = 0; 958 list_for_each_entry(insn, &file->call_list, call_node) 959 idx++; 960 961 sec = elf_create_section_pair(file->elf, ".call_sites", 962 sizeof(unsigned int), idx, idx); 963 if (!sec) 964 return -1; 965 966 idx = 0; 967 list_for_each_entry(insn, &file->call_list, call_node) { 968 969 if (!elf_init_reloc_text_sym(file->elf, sec, 970 idx * sizeof(unsigned int), idx, 971 insn->sec, insn->offset)) 972 return -1; 973 974 idx++; 975 } 976 977 return 0; 978 } 979 980 /* 981 * Warnings shouldn't be reported for ignored functions. 982 */ 983 static int add_ignores(struct objtool_file *file) 984 { 985 struct section *rsec; 986 struct symbol *func; 987 struct reloc *reloc; 988 989 rsec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 990 if (!rsec) 991 return 0; 992 993 for_each_reloc(rsec, reloc) { 994 switch (reloc->sym->type) { 995 case STT_FUNC: 996 func = reloc->sym; 997 break; 998 999 case STT_SECTION: 1000 func = find_func_by_offset(reloc->sym->sec, reloc_addend(reloc)); 1001 if (!func) 1002 continue; 1003 break; 1004 1005 default: 1006 ERROR("unexpected relocation symbol type in %s: %d", 1007 rsec->name, reloc->sym->type); 1008 return -1; 1009 } 1010 1011 func->ignore = true; 1012 if (func->cfunc) 1013 func->cfunc->ignore = true; 1014 } 1015 1016 return 0; 1017 } 1018 1019 /* 1020 * This is a whitelist of functions that is allowed to be called with AC set. 1021 * The list is meant to be minimal and only contains compiler instrumentation 1022 * ABI and a few functions used to implement *_{to,from}_user() functions. 1023 * 1024 * These functions must not directly change AC, but may PUSHF/POPF. 1025 */ 1026 static const char *uaccess_safe_builtin[] = { 1027 /* KASAN */ 1028 "kasan_report", 1029 "kasan_check_range", 1030 /* KASAN out-of-line */ 1031 "__asan_loadN_noabort", 1032 "__asan_load1_noabort", 1033 "__asan_load2_noabort", 1034 "__asan_load4_noabort", 1035 "__asan_load8_noabort", 1036 "__asan_load16_noabort", 1037 "__asan_storeN_noabort", 1038 "__asan_store1_noabort", 1039 "__asan_store2_noabort", 1040 "__asan_store4_noabort", 1041 "__asan_store8_noabort", 1042 "__asan_store16_noabort", 1043 "__kasan_check_read", 1044 "__kasan_check_write", 1045 /* KASAN in-line */ 1046 "__asan_report_load_n_noabort", 1047 "__asan_report_load1_noabort", 1048 "__asan_report_load2_noabort", 1049 "__asan_report_load4_noabort", 1050 "__asan_report_load8_noabort", 1051 "__asan_report_load16_noabort", 1052 "__asan_report_store_n_noabort", 1053 "__asan_report_store1_noabort", 1054 "__asan_report_store2_noabort", 1055 "__asan_report_store4_noabort", 1056 "__asan_report_store8_noabort", 1057 "__asan_report_store16_noabort", 1058 /* KCSAN */ 1059 "__kcsan_check_access", 1060 "__kcsan_mb", 1061 "__kcsan_wmb", 1062 "__kcsan_rmb", 1063 "__kcsan_release", 1064 "kcsan_found_watchpoint", 1065 "kcsan_setup_watchpoint", 1066 "kcsan_check_scoped_accesses", 1067 "kcsan_disable_current", 1068 "kcsan_enable_current_nowarn", 1069 /* KCSAN/TSAN */ 1070 "__tsan_func_entry", 1071 "__tsan_func_exit", 1072 "__tsan_read_range", 1073 "__tsan_write_range", 1074 "__tsan_read1", 1075 "__tsan_read2", 1076 "__tsan_read4", 1077 "__tsan_read8", 1078 "__tsan_read16", 1079 "__tsan_write1", 1080 "__tsan_write2", 1081 "__tsan_write4", 1082 "__tsan_write8", 1083 "__tsan_write16", 1084 "__tsan_read_write1", 1085 "__tsan_read_write2", 1086 "__tsan_read_write4", 1087 "__tsan_read_write8", 1088 "__tsan_read_write16", 1089 "__tsan_volatile_read1", 1090 "__tsan_volatile_read2", 1091 "__tsan_volatile_read4", 1092 "__tsan_volatile_read8", 1093 "__tsan_volatile_read16", 1094 "__tsan_volatile_write1", 1095 "__tsan_volatile_write2", 1096 "__tsan_volatile_write4", 1097 "__tsan_volatile_write8", 1098 "__tsan_volatile_write16", 1099 "__tsan_atomic8_load", 1100 "__tsan_atomic16_load", 1101 "__tsan_atomic32_load", 1102 "__tsan_atomic64_load", 1103 "__tsan_atomic8_store", 1104 "__tsan_atomic16_store", 1105 "__tsan_atomic32_store", 1106 "__tsan_atomic64_store", 1107 "__tsan_atomic8_exchange", 1108 "__tsan_atomic16_exchange", 1109 "__tsan_atomic32_exchange", 1110 "__tsan_atomic64_exchange", 1111 "__tsan_atomic8_fetch_add", 1112 "__tsan_atomic16_fetch_add", 1113 "__tsan_atomic32_fetch_add", 1114 "__tsan_atomic64_fetch_add", 1115 "__tsan_atomic8_fetch_sub", 1116 "__tsan_atomic16_fetch_sub", 1117 "__tsan_atomic32_fetch_sub", 1118 "__tsan_atomic64_fetch_sub", 1119 "__tsan_atomic8_fetch_and", 1120 "__tsan_atomic16_fetch_and", 1121 "__tsan_atomic32_fetch_and", 1122 "__tsan_atomic64_fetch_and", 1123 "__tsan_atomic8_fetch_or", 1124 "__tsan_atomic16_fetch_or", 1125 "__tsan_atomic32_fetch_or", 1126 "__tsan_atomic64_fetch_or", 1127 "__tsan_atomic8_fetch_xor", 1128 "__tsan_atomic16_fetch_xor", 1129 "__tsan_atomic32_fetch_xor", 1130 "__tsan_atomic64_fetch_xor", 1131 "__tsan_atomic8_fetch_nand", 1132 "__tsan_atomic16_fetch_nand", 1133 "__tsan_atomic32_fetch_nand", 1134 "__tsan_atomic64_fetch_nand", 1135 "__tsan_atomic8_compare_exchange_strong", 1136 "__tsan_atomic16_compare_exchange_strong", 1137 "__tsan_atomic32_compare_exchange_strong", 1138 "__tsan_atomic64_compare_exchange_strong", 1139 "__tsan_atomic8_compare_exchange_weak", 1140 "__tsan_atomic16_compare_exchange_weak", 1141 "__tsan_atomic32_compare_exchange_weak", 1142 "__tsan_atomic64_compare_exchange_weak", 1143 "__tsan_atomic8_compare_exchange_val", 1144 "__tsan_atomic16_compare_exchange_val", 1145 "__tsan_atomic32_compare_exchange_val", 1146 "__tsan_atomic64_compare_exchange_val", 1147 "__tsan_atomic_thread_fence", 1148 "__tsan_atomic_signal_fence", 1149 "__tsan_unaligned_read16", 1150 "__tsan_unaligned_write16", 1151 /* KCOV */ 1152 "write_comp_data", 1153 "check_kcov_mode", 1154 "__sanitizer_cov_trace_pc", 1155 "__sanitizer_cov_trace_const_cmp1", 1156 "__sanitizer_cov_trace_const_cmp2", 1157 "__sanitizer_cov_trace_const_cmp4", 1158 "__sanitizer_cov_trace_const_cmp8", 1159 "__sanitizer_cov_trace_cmp1", 1160 "__sanitizer_cov_trace_cmp2", 1161 "__sanitizer_cov_trace_cmp4", 1162 "__sanitizer_cov_trace_cmp8", 1163 "__sanitizer_cov_trace_switch", 1164 /* KMSAN */ 1165 "kmsan_copy_to_user", 1166 "kmsan_disable_current", 1167 "kmsan_enable_current", 1168 "kmsan_report", 1169 "kmsan_unpoison_entry_regs", 1170 "kmsan_unpoison_memory", 1171 "__msan_chain_origin", 1172 "__msan_get_context_state", 1173 "__msan_instrument_asm_store", 1174 "__msan_metadata_ptr_for_load_1", 1175 "__msan_metadata_ptr_for_load_2", 1176 "__msan_metadata_ptr_for_load_4", 1177 "__msan_metadata_ptr_for_load_8", 1178 "__msan_metadata_ptr_for_load_n", 1179 "__msan_metadata_ptr_for_store_1", 1180 "__msan_metadata_ptr_for_store_2", 1181 "__msan_metadata_ptr_for_store_4", 1182 "__msan_metadata_ptr_for_store_8", 1183 "__msan_metadata_ptr_for_store_n", 1184 "__msan_poison_alloca", 1185 "__msan_warning", 1186 /* UBSAN */ 1187 "ubsan_type_mismatch_common", 1188 "__ubsan_handle_type_mismatch", 1189 "__ubsan_handle_type_mismatch_v1", 1190 "__ubsan_handle_shift_out_of_bounds", 1191 "__ubsan_handle_load_invalid_value", 1192 /* STACKLEAK */ 1193 "stackleak_track_stack", 1194 /* TRACE_BRANCH_PROFILING */ 1195 "ftrace_likely_update", 1196 /* STACKPROTECTOR */ 1197 "__stack_chk_fail", 1198 /* misc */ 1199 "csum_partial_copy_generic", 1200 "copy_mc_fragile", 1201 "copy_mc_fragile_handle_tail", 1202 "copy_mc_enhanced_fast_string", 1203 "rep_stos_alternative", 1204 "rep_movs_alternative", 1205 "__copy_user_nocache", 1206 NULL 1207 }; 1208 1209 static void add_uaccess_safe(struct objtool_file *file) 1210 { 1211 struct symbol *func; 1212 const char **name; 1213 1214 if (!opts.uaccess) 1215 return; 1216 1217 for (name = uaccess_safe_builtin; *name; name++) { 1218 func = find_symbol_by_name(file->elf, *name); 1219 if (!func) 1220 continue; 1221 1222 func->uaccess_safe = true; 1223 } 1224 } 1225 1226 /* 1227 * Symbols that replace INSN_CALL_DYNAMIC, every (tail) call to such a symbol 1228 * will be added to the .retpoline_sites section. 1229 */ 1230 __weak bool arch_is_retpoline(struct symbol *sym) 1231 { 1232 return false; 1233 } 1234 1235 /* 1236 * Symbols that replace INSN_RETURN, every (tail) call to such a symbol 1237 * will be added to the .return_sites section. 1238 */ 1239 __weak bool arch_is_rethunk(struct symbol *sym) 1240 { 1241 return false; 1242 } 1243 1244 /* 1245 * Symbols that are embedded inside other instructions, because sometimes crazy 1246 * code exists. These are mostly ignored for validation purposes. 1247 */ 1248 __weak bool arch_is_embedded_insn(struct symbol *sym) 1249 { 1250 return false; 1251 } 1252 1253 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1254 { 1255 struct reloc *reloc; 1256 1257 if (insn->no_reloc) 1258 return NULL; 1259 1260 if (!file) 1261 return NULL; 1262 1263 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1264 insn->offset, insn->len); 1265 if (!reloc) { 1266 insn->no_reloc = 1; 1267 return NULL; 1268 } 1269 1270 return reloc; 1271 } 1272 1273 static void remove_insn_ops(struct instruction *insn) 1274 { 1275 struct stack_op *op, *next; 1276 1277 for (op = insn->stack_ops; op; op = next) { 1278 next = op->next; 1279 free(op); 1280 } 1281 insn->stack_ops = NULL; 1282 } 1283 1284 static int annotate_call_site(struct objtool_file *file, 1285 struct instruction *insn, bool sibling) 1286 { 1287 struct reloc *reloc = insn_reloc(file, insn); 1288 struct symbol *sym = insn_call_dest(insn); 1289 1290 if (!sym) 1291 sym = reloc->sym; 1292 1293 if (sym->static_call_tramp) { 1294 list_add_tail(&insn->call_node, &file->static_call_list); 1295 return 0; 1296 } 1297 1298 if (sym->retpoline_thunk) { 1299 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1300 return 0; 1301 } 1302 1303 /* 1304 * Many compilers cannot disable KCOV or sanitizer calls with a function 1305 * attribute so they need a little help, NOP out any such calls from 1306 * noinstr text. 1307 */ 1308 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1309 if (reloc) 1310 set_reloc_type(file->elf, reloc, R_NONE); 1311 1312 if (elf_write_insn(file->elf, insn->sec, 1313 insn->offset, insn->len, 1314 sibling ? arch_ret_insn(insn->len) 1315 : arch_nop_insn(insn->len))) { 1316 return -1; 1317 } 1318 1319 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1320 1321 if (sibling) { 1322 /* 1323 * We've replaced the tail-call JMP insn by two new 1324 * insn: RET; INT3, except we only have a single struct 1325 * insn here. Mark it retpoline_safe to avoid the SLS 1326 * warning, instead of adding another insn. 1327 */ 1328 insn->retpoline_safe = true; 1329 } 1330 1331 return 0; 1332 } 1333 1334 if (opts.mcount && sym->fentry) { 1335 if (sibling) 1336 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1337 if (opts.mnop) { 1338 if (reloc) 1339 set_reloc_type(file->elf, reloc, R_NONE); 1340 1341 if (elf_write_insn(file->elf, insn->sec, 1342 insn->offset, insn->len, 1343 arch_nop_insn(insn->len))) { 1344 return -1; 1345 } 1346 1347 insn->type = INSN_NOP; 1348 } 1349 1350 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1351 return 0; 1352 } 1353 1354 if (insn->type == INSN_CALL && !insn->sec->init && 1355 !insn->_call_dest->embedded_insn) 1356 list_add_tail(&insn->call_node, &file->call_list); 1357 1358 if (!sibling && dead_end_function(file, sym)) 1359 insn->dead_end = true; 1360 1361 return 0; 1362 } 1363 1364 static int add_call_dest(struct objtool_file *file, struct instruction *insn, 1365 struct symbol *dest, bool sibling) 1366 { 1367 insn->_call_dest = dest; 1368 if (!dest) 1369 return 0; 1370 1371 /* 1372 * Whatever stack impact regular CALLs have, should be undone 1373 * by the RETURN of the called function. 1374 * 1375 * Annotated intra-function calls retain the stack_ops but 1376 * are converted to JUMP, see read_intra_function_calls(). 1377 */ 1378 remove_insn_ops(insn); 1379 1380 return annotate_call_site(file, insn, sibling); 1381 } 1382 1383 static int add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1384 { 1385 /* 1386 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1387 * so convert them accordingly. 1388 */ 1389 switch (insn->type) { 1390 case INSN_CALL: 1391 insn->type = INSN_CALL_DYNAMIC; 1392 break; 1393 case INSN_JUMP_UNCONDITIONAL: 1394 insn->type = INSN_JUMP_DYNAMIC; 1395 break; 1396 case INSN_JUMP_CONDITIONAL: 1397 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1398 break; 1399 default: 1400 return 0; 1401 } 1402 1403 insn->retpoline_safe = true; 1404 1405 /* 1406 * Whatever stack impact regular CALLs have, should be undone 1407 * by the RETURN of the called function. 1408 * 1409 * Annotated intra-function calls retain the stack_ops but 1410 * are converted to JUMP, see read_intra_function_calls(). 1411 */ 1412 remove_insn_ops(insn); 1413 1414 return annotate_call_site(file, insn, false); 1415 } 1416 1417 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1418 { 1419 /* 1420 * Return thunk tail calls are really just returns in disguise, 1421 * so convert them accordingly. 1422 */ 1423 insn->type = INSN_RETURN; 1424 insn->retpoline_safe = true; 1425 1426 if (add) 1427 list_add_tail(&insn->call_node, &file->return_thunk_list); 1428 } 1429 1430 static bool is_first_func_insn(struct objtool_file *file, 1431 struct instruction *insn, struct symbol *sym) 1432 { 1433 if (insn->offset == sym->offset) 1434 return true; 1435 1436 /* Allow direct CALL/JMP past ENDBR */ 1437 if (opts.ibt) { 1438 struct instruction *prev = prev_insn_same_sym(file, insn); 1439 1440 if (prev && prev->type == INSN_ENDBR && 1441 insn->offset == sym->offset + prev->len) 1442 return true; 1443 } 1444 1445 return false; 1446 } 1447 1448 /* 1449 * A sibling call is a tail-call to another symbol -- to differentiate from a 1450 * recursive tail-call which is to the same symbol. 1451 */ 1452 static bool jump_is_sibling_call(struct objtool_file *file, 1453 struct instruction *from, struct instruction *to) 1454 { 1455 struct symbol *fs = from->sym; 1456 struct symbol *ts = to->sym; 1457 1458 /* Not a sibling call if from/to a symbol hole */ 1459 if (!fs || !ts) 1460 return false; 1461 1462 /* Not a sibling call if not targeting the start of a symbol. */ 1463 if (!is_first_func_insn(file, to, ts)) 1464 return false; 1465 1466 /* Disallow sibling calls into STT_NOTYPE */ 1467 if (ts->type == STT_NOTYPE) 1468 return false; 1469 1470 /* Must not be self to be a sibling */ 1471 return fs->pfunc != ts->pfunc; 1472 } 1473 1474 /* 1475 * Find the destination instructions for all jumps. 1476 */ 1477 static int add_jump_destinations(struct objtool_file *file) 1478 { 1479 struct instruction *insn, *jump_dest; 1480 struct reloc *reloc; 1481 struct section *dest_sec; 1482 unsigned long dest_off; 1483 int ret; 1484 1485 for_each_insn(file, insn) { 1486 struct symbol *func = insn_func(insn); 1487 1488 if (insn->jump_dest) { 1489 /* 1490 * handle_group_alt() may have previously set 1491 * 'jump_dest' for some alternatives. 1492 */ 1493 continue; 1494 } 1495 if (!is_static_jump(insn)) 1496 continue; 1497 1498 reloc = insn_reloc(file, insn); 1499 if (!reloc) { 1500 dest_sec = insn->sec; 1501 dest_off = arch_jump_destination(insn); 1502 } else if (reloc->sym->type == STT_SECTION) { 1503 dest_sec = reloc->sym->sec; 1504 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1505 } else if (reloc->sym->retpoline_thunk) { 1506 ret = add_retpoline_call(file, insn); 1507 if (ret) 1508 return ret; 1509 continue; 1510 } else if (reloc->sym->return_thunk) { 1511 add_return_call(file, insn, true); 1512 continue; 1513 } else if (func) { 1514 /* 1515 * External sibling call or internal sibling call with 1516 * STT_FUNC reloc. 1517 */ 1518 ret = add_call_dest(file, insn, reloc->sym, true); 1519 if (ret) 1520 return ret; 1521 continue; 1522 } else if (reloc->sym->sec->idx) { 1523 dest_sec = reloc->sym->sec; 1524 dest_off = reloc->sym->sym.st_value + 1525 arch_dest_reloc_offset(reloc_addend(reloc)); 1526 } else { 1527 /* non-func asm code jumping to another file */ 1528 continue; 1529 } 1530 1531 jump_dest = find_insn(file, dest_sec, dest_off); 1532 if (!jump_dest) { 1533 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1534 1535 /* 1536 * This is a special case for retbleed_untrain_ret(). 1537 * It jumps to __x86_return_thunk(), but objtool 1538 * can't find the thunk's starting RET 1539 * instruction, because the RET is also in the 1540 * middle of another instruction. Objtool only 1541 * knows about the outer instruction. 1542 */ 1543 if (sym && sym->embedded_insn) { 1544 add_return_call(file, insn, false); 1545 continue; 1546 } 1547 1548 /* 1549 * GCOV/KCOV dead code can jump to the end of the 1550 * function/section. 1551 */ 1552 if (file->ignore_unreachables && func && 1553 dest_sec == insn->sec && 1554 dest_off == func->offset + func->len) 1555 continue; 1556 1557 ERROR_INSN(insn, "can't find jump dest instruction at %s+0x%lx", 1558 dest_sec->name, dest_off); 1559 return -1; 1560 } 1561 1562 /* 1563 * An intra-TU jump in retpoline.o might not have a relocation 1564 * for its jump dest, in which case the above 1565 * add_{retpoline,return}_call() didn't happen. 1566 */ 1567 if (jump_dest->sym && jump_dest->offset == jump_dest->sym->offset) { 1568 if (jump_dest->sym->retpoline_thunk) { 1569 ret = add_retpoline_call(file, insn); 1570 if (ret) 1571 return ret; 1572 continue; 1573 } 1574 if (jump_dest->sym->return_thunk) { 1575 add_return_call(file, insn, true); 1576 continue; 1577 } 1578 } 1579 1580 /* 1581 * Cross-function jump. 1582 */ 1583 if (func && insn_func(jump_dest) && func != insn_func(jump_dest)) { 1584 1585 /* 1586 * For GCC 8+, create parent/child links for any cold 1587 * subfunctions. This is _mostly_ redundant with a 1588 * similar initialization in read_symbols(). 1589 * 1590 * If a function has aliases, we want the *first* such 1591 * function in the symbol table to be the subfunction's 1592 * parent. In that case we overwrite the 1593 * initialization done in read_symbols(). 1594 * 1595 * However this code can't completely replace the 1596 * read_symbols() code because this doesn't detect the 1597 * case where the parent function's only reference to a 1598 * subfunction is through a jump table. 1599 */ 1600 if (!strstr(func->name, ".cold") && 1601 strstr(insn_func(jump_dest)->name, ".cold")) { 1602 func->cfunc = insn_func(jump_dest); 1603 insn_func(jump_dest)->pfunc = func; 1604 } 1605 } 1606 1607 if (jump_is_sibling_call(file, insn, jump_dest)) { 1608 /* 1609 * Internal sibling call without reloc or with 1610 * STT_SECTION reloc. 1611 */ 1612 ret = add_call_dest(file, insn, insn_func(jump_dest), true); 1613 if (ret) 1614 return ret; 1615 continue; 1616 } 1617 1618 insn->jump_dest = jump_dest; 1619 } 1620 1621 return 0; 1622 } 1623 1624 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1625 { 1626 struct symbol *call_dest; 1627 1628 call_dest = find_func_by_offset(sec, offset); 1629 if (!call_dest) 1630 call_dest = find_symbol_by_offset(sec, offset); 1631 1632 return call_dest; 1633 } 1634 1635 /* 1636 * Find the destination instructions for all calls. 1637 */ 1638 static int add_call_destinations(struct objtool_file *file) 1639 { 1640 struct instruction *insn; 1641 unsigned long dest_off; 1642 struct symbol *dest; 1643 struct reloc *reloc; 1644 int ret; 1645 1646 for_each_insn(file, insn) { 1647 struct symbol *func = insn_func(insn); 1648 if (insn->type != INSN_CALL) 1649 continue; 1650 1651 reloc = insn_reloc(file, insn); 1652 if (!reloc) { 1653 dest_off = arch_jump_destination(insn); 1654 dest = find_call_destination(insn->sec, dest_off); 1655 1656 ret = add_call_dest(file, insn, dest, false); 1657 if (ret) 1658 return ret; 1659 1660 if (func && func->ignore) 1661 continue; 1662 1663 if (!insn_call_dest(insn)) { 1664 ERROR_INSN(insn, "unannotated intra-function call"); 1665 return -1; 1666 } 1667 1668 if (func && insn_call_dest(insn)->type != STT_FUNC) { 1669 ERROR_INSN(insn, "unsupported call to non-function"); 1670 return -1; 1671 } 1672 1673 } else if (reloc->sym->type == STT_SECTION) { 1674 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1675 dest = find_call_destination(reloc->sym->sec, dest_off); 1676 if (!dest) { 1677 ERROR_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1678 reloc->sym->sec->name, dest_off); 1679 return -1; 1680 } 1681 1682 ret = add_call_dest(file, insn, dest, false); 1683 if (ret) 1684 return ret; 1685 1686 } else if (reloc->sym->retpoline_thunk) { 1687 ret = add_retpoline_call(file, insn); 1688 if (ret) 1689 return ret; 1690 1691 } else { 1692 ret = add_call_dest(file, insn, reloc->sym, false); 1693 if (ret) 1694 return ret; 1695 } 1696 } 1697 1698 return 0; 1699 } 1700 1701 /* 1702 * The .alternatives section requires some extra special care over and above 1703 * other special sections because alternatives are patched in place. 1704 */ 1705 static int handle_group_alt(struct objtool_file *file, 1706 struct special_alt *special_alt, 1707 struct instruction *orig_insn, 1708 struct instruction **new_insn) 1709 { 1710 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1711 struct alt_group *orig_alt_group, *new_alt_group; 1712 unsigned long dest_off; 1713 1714 orig_alt_group = orig_insn->alt_group; 1715 if (!orig_alt_group) { 1716 struct instruction *last_orig_insn = NULL; 1717 1718 orig_alt_group = calloc(1, sizeof(*orig_alt_group)); 1719 if (!orig_alt_group) { 1720 ERROR_GLIBC("calloc"); 1721 return -1; 1722 } 1723 orig_alt_group->cfi = calloc(special_alt->orig_len, 1724 sizeof(struct cfi_state *)); 1725 if (!orig_alt_group->cfi) { 1726 ERROR_GLIBC("calloc"); 1727 return -1; 1728 } 1729 1730 insn = orig_insn; 1731 sec_for_each_insn_from(file, insn) { 1732 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1733 break; 1734 1735 insn->alt_group = orig_alt_group; 1736 last_orig_insn = insn; 1737 } 1738 orig_alt_group->orig_group = NULL; 1739 orig_alt_group->first_insn = orig_insn; 1740 orig_alt_group->last_insn = last_orig_insn; 1741 orig_alt_group->nop = NULL; 1742 orig_alt_group->ignore = orig_insn->ignore_alts; 1743 } else { 1744 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1745 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1746 ERROR_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1747 orig_alt_group->last_insn->offset + 1748 orig_alt_group->last_insn->len - 1749 orig_alt_group->first_insn->offset, 1750 special_alt->orig_len); 1751 return -1; 1752 } 1753 } 1754 1755 new_alt_group = calloc(1, sizeof(*new_alt_group)); 1756 if (!new_alt_group) { 1757 ERROR_GLIBC("calloc"); 1758 return -1; 1759 } 1760 1761 if (special_alt->new_len < special_alt->orig_len) { 1762 /* 1763 * Insert a fake nop at the end to make the replacement 1764 * alt_group the same size as the original. This is needed to 1765 * allow propagate_alt_cfi() to do its magic. When the last 1766 * instruction affects the stack, the instruction after it (the 1767 * nop) will propagate the new state to the shared CFI array. 1768 */ 1769 nop = calloc(1, sizeof(*nop)); 1770 if (!nop) { 1771 ERROR_GLIBC("calloc"); 1772 return -1; 1773 } 1774 memset(nop, 0, sizeof(*nop)); 1775 1776 nop->sec = special_alt->new_sec; 1777 nop->offset = special_alt->new_off + special_alt->new_len; 1778 nop->len = special_alt->orig_len - special_alt->new_len; 1779 nop->type = INSN_NOP; 1780 nop->sym = orig_insn->sym; 1781 nop->alt_group = new_alt_group; 1782 } 1783 1784 if (!special_alt->new_len) { 1785 *new_insn = nop; 1786 goto end; 1787 } 1788 1789 insn = *new_insn; 1790 sec_for_each_insn_from(file, insn) { 1791 struct reloc *alt_reloc; 1792 1793 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1794 break; 1795 1796 last_new_insn = insn; 1797 1798 insn->sym = orig_insn->sym; 1799 insn->alt_group = new_alt_group; 1800 1801 /* 1802 * Since alternative replacement code is copy/pasted by the 1803 * kernel after applying relocations, generally such code can't 1804 * have relative-address relocation references to outside the 1805 * .altinstr_replacement section, unless the arch's 1806 * alternatives code can adjust the relative offsets 1807 * accordingly. 1808 */ 1809 alt_reloc = insn_reloc(file, insn); 1810 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1811 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1812 1813 ERROR_INSN(insn, "unsupported relocation in alternatives section"); 1814 return -1; 1815 } 1816 1817 if (!is_static_jump(insn)) 1818 continue; 1819 1820 if (!insn->immediate) 1821 continue; 1822 1823 dest_off = arch_jump_destination(insn); 1824 if (dest_off == special_alt->new_off + special_alt->new_len) { 1825 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1826 if (!insn->jump_dest) { 1827 ERROR_INSN(insn, "can't find alternative jump destination"); 1828 return -1; 1829 } 1830 } 1831 } 1832 1833 if (!last_new_insn) { 1834 ERROR_FUNC(special_alt->new_sec, special_alt->new_off, 1835 "can't find last new alternative instruction"); 1836 return -1; 1837 } 1838 1839 end: 1840 new_alt_group->orig_group = orig_alt_group; 1841 new_alt_group->first_insn = *new_insn; 1842 new_alt_group->last_insn = last_new_insn; 1843 new_alt_group->nop = nop; 1844 new_alt_group->ignore = (*new_insn)->ignore_alts; 1845 new_alt_group->cfi = orig_alt_group->cfi; 1846 return 0; 1847 } 1848 1849 /* 1850 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1851 * If the original instruction is a jump, make the alt entry an effective nop 1852 * by just skipping the original instruction. 1853 */ 1854 static int handle_jump_alt(struct objtool_file *file, 1855 struct special_alt *special_alt, 1856 struct instruction *orig_insn, 1857 struct instruction **new_insn) 1858 { 1859 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1860 orig_insn->type != INSN_NOP) { 1861 1862 ERROR_INSN(orig_insn, "unsupported instruction at jump label"); 1863 return -1; 1864 } 1865 1866 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1867 struct reloc *reloc = insn_reloc(file, orig_insn); 1868 1869 if (reloc) 1870 set_reloc_type(file->elf, reloc, R_NONE); 1871 1872 if (elf_write_insn(file->elf, orig_insn->sec, 1873 orig_insn->offset, orig_insn->len, 1874 arch_nop_insn(orig_insn->len))) { 1875 return -1; 1876 } 1877 1878 orig_insn->type = INSN_NOP; 1879 } 1880 1881 if (orig_insn->type == INSN_NOP) { 1882 if (orig_insn->len == 2) 1883 file->jl_nop_short++; 1884 else 1885 file->jl_nop_long++; 1886 1887 return 0; 1888 } 1889 1890 if (orig_insn->len == 2) 1891 file->jl_short++; 1892 else 1893 file->jl_long++; 1894 1895 *new_insn = next_insn_same_sec(file, orig_insn); 1896 return 0; 1897 } 1898 1899 /* 1900 * Read all the special sections which have alternate instructions which can be 1901 * patched in or redirected to at runtime. Each instruction having alternate 1902 * instruction(s) has them added to its insn->alts list, which will be 1903 * traversed in validate_branch(). 1904 */ 1905 static int add_special_section_alts(struct objtool_file *file) 1906 { 1907 struct list_head special_alts; 1908 struct instruction *orig_insn, *new_insn; 1909 struct special_alt *special_alt, *tmp; 1910 struct alternative *alt; 1911 int ret; 1912 1913 if (special_get_alts(file->elf, &special_alts)) 1914 return -1; 1915 1916 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1917 1918 orig_insn = find_insn(file, special_alt->orig_sec, 1919 special_alt->orig_off); 1920 if (!orig_insn) { 1921 ERROR_FUNC(special_alt->orig_sec, special_alt->orig_off, 1922 "special: can't find orig instruction"); 1923 return -1; 1924 } 1925 1926 new_insn = NULL; 1927 if (!special_alt->group || special_alt->new_len) { 1928 new_insn = find_insn(file, special_alt->new_sec, 1929 special_alt->new_off); 1930 if (!new_insn) { 1931 ERROR_FUNC(special_alt->new_sec, special_alt->new_off, 1932 "special: can't find new instruction"); 1933 return -1; 1934 } 1935 } 1936 1937 if (special_alt->group) { 1938 if (!special_alt->orig_len) { 1939 ERROR_INSN(orig_insn, "empty alternative entry"); 1940 continue; 1941 } 1942 1943 ret = handle_group_alt(file, special_alt, orig_insn, 1944 &new_insn); 1945 if (ret) 1946 return ret; 1947 1948 } else if (special_alt->jump_or_nop) { 1949 ret = handle_jump_alt(file, special_alt, orig_insn, 1950 &new_insn); 1951 if (ret) 1952 return ret; 1953 } 1954 1955 alt = calloc(1, sizeof(*alt)); 1956 if (!alt) { 1957 ERROR_GLIBC("calloc"); 1958 return -1; 1959 } 1960 1961 alt->insn = new_insn; 1962 alt->next = orig_insn->alts; 1963 orig_insn->alts = alt; 1964 1965 list_del(&special_alt->list); 1966 free(special_alt); 1967 } 1968 1969 if (opts.stats) { 1970 printf("jl\\\tNOP\tJMP\n"); 1971 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 1972 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 1973 } 1974 1975 return 0; 1976 } 1977 1978 __weak unsigned long arch_jump_table_sym_offset(struct reloc *reloc, struct reloc *table) 1979 { 1980 return reloc->sym->offset + reloc_addend(reloc); 1981 } 1982 1983 static int add_jump_table(struct objtool_file *file, struct instruction *insn) 1984 { 1985 unsigned long table_size = insn_jump_table_size(insn); 1986 struct symbol *pfunc = insn_func(insn)->pfunc; 1987 struct reloc *table = insn_jump_table(insn); 1988 struct instruction *dest_insn; 1989 unsigned int prev_offset = 0; 1990 struct reloc *reloc = table; 1991 struct alternative *alt; 1992 unsigned long sym_offset; 1993 1994 /* 1995 * Each @reloc is a switch table relocation which points to the target 1996 * instruction. 1997 */ 1998 for_each_reloc_from(table->sec, reloc) { 1999 2000 /* Check for the end of the table: */ 2001 if (table_size && reloc_offset(reloc) - reloc_offset(table) >= table_size) 2002 break; 2003 if (reloc != table && is_jump_table(reloc)) 2004 break; 2005 2006 /* Make sure the table entries are consecutive: */ 2007 if (prev_offset && reloc_offset(reloc) != prev_offset + arch_reloc_size(reloc)) 2008 break; 2009 2010 sym_offset = arch_jump_table_sym_offset(reloc, table); 2011 2012 /* Detect function pointers from contiguous objects: */ 2013 if (reloc->sym->sec == pfunc->sec && sym_offset == pfunc->offset) 2014 break; 2015 2016 /* 2017 * Clang sometimes leaves dangling unused jump table entries 2018 * which point to the end of the function. Ignore them. 2019 */ 2020 if (reloc->sym->sec == pfunc->sec && 2021 sym_offset == pfunc->offset + pfunc->len) 2022 goto next; 2023 2024 dest_insn = find_insn(file, reloc->sym->sec, sym_offset); 2025 if (!dest_insn) 2026 break; 2027 2028 /* Make sure the destination is in the same function: */ 2029 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 2030 break; 2031 2032 alt = calloc(1, sizeof(*alt)); 2033 if (!alt) { 2034 ERROR_GLIBC("calloc"); 2035 return -1; 2036 } 2037 2038 alt->insn = dest_insn; 2039 alt->next = insn->alts; 2040 insn->alts = alt; 2041 next: 2042 prev_offset = reloc_offset(reloc); 2043 } 2044 2045 if (!prev_offset) { 2046 ERROR_INSN(insn, "can't find switch jump table"); 2047 return -1; 2048 } 2049 2050 return 0; 2051 } 2052 2053 /* 2054 * find_jump_table() - Given a dynamic jump, find the switch jump table 2055 * associated with it. 2056 */ 2057 static void find_jump_table(struct objtool_file *file, struct symbol *func, 2058 struct instruction *insn) 2059 { 2060 struct reloc *table_reloc; 2061 struct instruction *dest_insn, *orig_insn = insn; 2062 unsigned long table_size; 2063 unsigned long sym_offset; 2064 2065 /* 2066 * Backward search using the @first_jump_src links, these help avoid 2067 * much of the 'in between' code. Which avoids us getting confused by 2068 * it. 2069 */ 2070 for (; 2071 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2072 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2073 2074 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2075 break; 2076 2077 /* allow small jumps within the range */ 2078 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2079 insn->jump_dest && 2080 (insn->jump_dest->offset <= insn->offset || 2081 insn->jump_dest->offset > orig_insn->offset)) 2082 break; 2083 2084 table_reloc = arch_find_switch_table(file, insn, &table_size); 2085 if (!table_reloc) 2086 continue; 2087 2088 sym_offset = table_reloc->sym->offset + reloc_addend(table_reloc); 2089 2090 dest_insn = find_insn(file, table_reloc->sym->sec, sym_offset); 2091 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2092 continue; 2093 2094 set_jump_table(table_reloc); 2095 orig_insn->_jump_table = table_reloc; 2096 orig_insn->_jump_table_size = table_size; 2097 2098 break; 2099 } 2100 } 2101 2102 /* 2103 * First pass: Mark the head of each jump table so that in the next pass, 2104 * we know when a given jump table ends and the next one starts. 2105 */ 2106 static void mark_func_jump_tables(struct objtool_file *file, 2107 struct symbol *func) 2108 { 2109 struct instruction *insn, *last = NULL; 2110 2111 func_for_each_insn(file, func, insn) { 2112 if (!last) 2113 last = insn; 2114 2115 /* 2116 * Store back-pointers for unconditional forward jumps such 2117 * that find_jump_table() can back-track using those and 2118 * avoid some potentially confusing code. 2119 */ 2120 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2121 insn->offset > last->offset && 2122 insn->jump_dest->offset > insn->offset && 2123 !insn->jump_dest->first_jump_src) { 2124 2125 insn->jump_dest->first_jump_src = insn; 2126 last = insn->jump_dest; 2127 } 2128 2129 if (insn->type != INSN_JUMP_DYNAMIC) 2130 continue; 2131 2132 find_jump_table(file, func, insn); 2133 } 2134 } 2135 2136 static int add_func_jump_tables(struct objtool_file *file, 2137 struct symbol *func) 2138 { 2139 struct instruction *insn; 2140 int ret; 2141 2142 func_for_each_insn(file, func, insn) { 2143 if (!insn_jump_table(insn)) 2144 continue; 2145 2146 ret = add_jump_table(file, insn); 2147 if (ret) 2148 return ret; 2149 } 2150 2151 return 0; 2152 } 2153 2154 /* 2155 * For some switch statements, gcc generates a jump table in the .rodata 2156 * section which contains a list of addresses within the function to jump to. 2157 * This finds these jump tables and adds them to the insn->alts lists. 2158 */ 2159 static int add_jump_table_alts(struct objtool_file *file) 2160 { 2161 struct symbol *func; 2162 int ret; 2163 2164 if (!file->rodata) 2165 return 0; 2166 2167 for_each_sym(file, func) { 2168 if (func->type != STT_FUNC) 2169 continue; 2170 2171 mark_func_jump_tables(file, func); 2172 ret = add_func_jump_tables(file, func); 2173 if (ret) 2174 return ret; 2175 } 2176 2177 return 0; 2178 } 2179 2180 static void set_func_state(struct cfi_state *state) 2181 { 2182 state->cfa = initial_func_cfi.cfa; 2183 memcpy(&state->regs, &initial_func_cfi.regs, 2184 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2185 state->stack_size = initial_func_cfi.cfa.offset; 2186 state->type = UNWIND_HINT_TYPE_CALL; 2187 } 2188 2189 static int read_unwind_hints(struct objtool_file *file) 2190 { 2191 struct cfi_state cfi = init_cfi; 2192 struct section *sec; 2193 struct unwind_hint *hint; 2194 struct instruction *insn; 2195 struct reloc *reloc; 2196 unsigned long offset; 2197 int i; 2198 2199 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2200 if (!sec) 2201 return 0; 2202 2203 if (!sec->rsec) { 2204 ERROR("missing .rela.discard.unwind_hints section"); 2205 return -1; 2206 } 2207 2208 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2209 ERROR("struct unwind_hint size mismatch"); 2210 return -1; 2211 } 2212 2213 file->hints = true; 2214 2215 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2216 hint = (struct unwind_hint *)sec->data->d_buf + i; 2217 2218 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2219 if (!reloc) { 2220 ERROR("can't find reloc for unwind_hints[%d]", i); 2221 return -1; 2222 } 2223 2224 if (reloc->sym->type == STT_SECTION) { 2225 offset = reloc_addend(reloc); 2226 } else if (reloc->sym->local_label) { 2227 offset = reloc->sym->offset; 2228 } else { 2229 ERROR("unexpected relocation symbol type in %s", sec->rsec->name); 2230 return -1; 2231 } 2232 2233 insn = find_insn(file, reloc->sym->sec, offset); 2234 if (!insn) { 2235 ERROR("can't find insn for unwind_hints[%d]", i); 2236 return -1; 2237 } 2238 2239 insn->hint = true; 2240 2241 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) { 2242 insn->cfi = &force_undefined_cfi; 2243 continue; 2244 } 2245 2246 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2247 insn->hint = false; 2248 insn->save = true; 2249 continue; 2250 } 2251 2252 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2253 insn->restore = true; 2254 continue; 2255 } 2256 2257 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2258 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2259 2260 if (sym && sym->bind == STB_GLOBAL) { 2261 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2262 ERROR_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2263 return -1; 2264 } 2265 } 2266 } 2267 2268 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2269 insn->cfi = &func_cfi; 2270 continue; 2271 } 2272 2273 if (insn->cfi) 2274 cfi = *(insn->cfi); 2275 2276 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2277 ERROR_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2278 return -1; 2279 } 2280 2281 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2282 cfi.type = hint->type; 2283 cfi.signal = hint->signal; 2284 2285 insn->cfi = cfi_hash_find_or_add(&cfi); 2286 } 2287 2288 return 0; 2289 } 2290 2291 static int read_annotate(struct objtool_file *file, 2292 int (*func)(struct objtool_file *file, int type, struct instruction *insn)) 2293 { 2294 struct section *sec; 2295 struct instruction *insn; 2296 struct reloc *reloc; 2297 uint64_t offset; 2298 int type, ret; 2299 2300 sec = find_section_by_name(file->elf, ".discard.annotate_insn"); 2301 if (!sec) 2302 return 0; 2303 2304 if (!sec->rsec) 2305 return 0; 2306 2307 if (sec->sh.sh_entsize != 8) { 2308 static bool warned = false; 2309 if (!warned && opts.verbose) { 2310 WARN("%s: dodgy linker, sh_entsize != 8", sec->name); 2311 warned = true; 2312 } 2313 sec->sh.sh_entsize = 8; 2314 } 2315 2316 for_each_reloc(sec->rsec, reloc) { 2317 type = *(u32 *)(sec->data->d_buf + (reloc_idx(reloc) * sec->sh.sh_entsize) + 4); 2318 2319 offset = reloc->sym->offset + reloc_addend(reloc); 2320 insn = find_insn(file, reloc->sym->sec, offset); 2321 2322 if (!insn) { 2323 ERROR("bad .discard.annotate_insn entry: %d of type %d", reloc_idx(reloc), type); 2324 return -1; 2325 } 2326 2327 ret = func(file, type, insn); 2328 if (ret < 0) 2329 return ret; 2330 } 2331 2332 return 0; 2333 } 2334 2335 static int __annotate_early(struct objtool_file *file, int type, struct instruction *insn) 2336 { 2337 switch (type) { 2338 2339 /* Must be before add_special_section_alts() */ 2340 case ANNOTYPE_IGNORE_ALTS: 2341 insn->ignore_alts = true; 2342 break; 2343 2344 /* 2345 * Must be before read_unwind_hints() since that needs insn->noendbr. 2346 */ 2347 case ANNOTYPE_NOENDBR: 2348 insn->noendbr = 1; 2349 break; 2350 2351 default: 2352 break; 2353 } 2354 2355 return 0; 2356 } 2357 2358 static int __annotate_ifc(struct objtool_file *file, int type, struct instruction *insn) 2359 { 2360 unsigned long dest_off; 2361 2362 if (type != ANNOTYPE_INTRA_FUNCTION_CALL) 2363 return 0; 2364 2365 if (insn->type != INSN_CALL) { 2366 ERROR_INSN(insn, "intra_function_call not a direct call"); 2367 return -1; 2368 } 2369 2370 /* 2371 * Treat intra-function CALLs as JMPs, but with a stack_op. 2372 * See add_call_destinations(), which strips stack_ops from 2373 * normal CALLs. 2374 */ 2375 insn->type = INSN_JUMP_UNCONDITIONAL; 2376 2377 dest_off = arch_jump_destination(insn); 2378 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2379 if (!insn->jump_dest) { 2380 ERROR_INSN(insn, "can't find call dest at %s+0x%lx", 2381 insn->sec->name, dest_off); 2382 return -1; 2383 } 2384 2385 return 0; 2386 } 2387 2388 static int __annotate_late(struct objtool_file *file, int type, struct instruction *insn) 2389 { 2390 switch (type) { 2391 case ANNOTYPE_NOENDBR: 2392 /* early */ 2393 break; 2394 2395 case ANNOTYPE_RETPOLINE_SAFE: 2396 if (insn->type != INSN_JUMP_DYNAMIC && 2397 insn->type != INSN_CALL_DYNAMIC && 2398 insn->type != INSN_RETURN && 2399 insn->type != INSN_NOP) { 2400 ERROR_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2401 return -1; 2402 } 2403 2404 insn->retpoline_safe = true; 2405 break; 2406 2407 case ANNOTYPE_INSTR_BEGIN: 2408 insn->instr++; 2409 break; 2410 2411 case ANNOTYPE_INSTR_END: 2412 insn->instr--; 2413 break; 2414 2415 case ANNOTYPE_UNRET_BEGIN: 2416 insn->unret = 1; 2417 break; 2418 2419 case ANNOTYPE_IGNORE_ALTS: 2420 /* early */ 2421 break; 2422 2423 case ANNOTYPE_INTRA_FUNCTION_CALL: 2424 /* ifc */ 2425 break; 2426 2427 case ANNOTYPE_REACHABLE: 2428 insn->dead_end = false; 2429 break; 2430 2431 default: 2432 ERROR_INSN(insn, "Unknown annotation type: %d", type); 2433 return -1; 2434 } 2435 2436 return 0; 2437 } 2438 2439 /* 2440 * Return true if name matches an instrumentation function, where calls to that 2441 * function from noinstr code can safely be removed, but compilers won't do so. 2442 */ 2443 static bool is_profiling_func(const char *name) 2444 { 2445 /* 2446 * Many compilers cannot disable KCOV with a function attribute. 2447 */ 2448 if (!strncmp(name, "__sanitizer_cov_", 16)) 2449 return true; 2450 2451 /* 2452 * Some compilers currently do not remove __tsan_func_entry/exit nor 2453 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2454 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2455 * minimum Clang version is 14.0, this can be removed. 2456 */ 2457 if (!strncmp(name, "__tsan_func_", 12) || 2458 !strcmp(name, "__tsan_atomic_signal_fence")) 2459 return true; 2460 2461 return false; 2462 } 2463 2464 static int classify_symbols(struct objtool_file *file) 2465 { 2466 struct symbol *func; 2467 2468 for_each_sym(file, func) { 2469 if (func->type == STT_NOTYPE && strstarts(func->name, ".L")) 2470 func->local_label = true; 2471 2472 if (func->bind != STB_GLOBAL) 2473 continue; 2474 2475 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2476 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2477 func->static_call_tramp = true; 2478 2479 if (arch_is_retpoline(func)) 2480 func->retpoline_thunk = true; 2481 2482 if (arch_is_rethunk(func)) 2483 func->return_thunk = true; 2484 2485 if (arch_is_embedded_insn(func)) 2486 func->embedded_insn = true; 2487 2488 if (arch_ftrace_match(func->name)) 2489 func->fentry = true; 2490 2491 if (is_profiling_func(func->name)) 2492 func->profiling_func = true; 2493 } 2494 2495 return 0; 2496 } 2497 2498 static void mark_rodata(struct objtool_file *file) 2499 { 2500 struct section *sec; 2501 bool found = false; 2502 2503 /* 2504 * Search for the following rodata sections, each of which can 2505 * potentially contain jump tables: 2506 * 2507 * - .rodata: can contain GCC switch tables 2508 * - .rodata.<func>: same, if -fdata-sections is being used 2509 * - .data.rel.ro.c_jump_table: contains C annotated jump tables 2510 * 2511 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2512 */ 2513 for_each_sec(file, sec) { 2514 if ((!strncmp(sec->name, ".rodata", 7) && 2515 !strstr(sec->name, ".str1.")) || 2516 !strncmp(sec->name, ".data.rel.ro", 12)) { 2517 sec->rodata = true; 2518 found = true; 2519 } 2520 } 2521 2522 file->rodata = found; 2523 } 2524 2525 static int decode_sections(struct objtool_file *file) 2526 { 2527 int ret; 2528 2529 mark_rodata(file); 2530 2531 ret = init_pv_ops(file); 2532 if (ret) 2533 return ret; 2534 2535 /* 2536 * Must be before add_{jump_call}_destination. 2537 */ 2538 ret = classify_symbols(file); 2539 if (ret) 2540 return ret; 2541 2542 ret = decode_instructions(file); 2543 if (ret) 2544 return ret; 2545 2546 ret = add_ignores(file); 2547 if (ret) 2548 return ret; 2549 2550 add_uaccess_safe(file); 2551 2552 ret = read_annotate(file, __annotate_early); 2553 if (ret) 2554 return ret; 2555 2556 /* 2557 * Must be before add_jump_destinations(), which depends on 'func' 2558 * being set for alternatives, to enable proper sibling call detection. 2559 */ 2560 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) { 2561 ret = add_special_section_alts(file); 2562 if (ret) 2563 return ret; 2564 } 2565 2566 ret = add_jump_destinations(file); 2567 if (ret) 2568 return ret; 2569 2570 /* 2571 * Must be before add_call_destination(); it changes INSN_CALL to 2572 * INSN_JUMP. 2573 */ 2574 ret = read_annotate(file, __annotate_ifc); 2575 if (ret) 2576 return ret; 2577 2578 ret = add_call_destinations(file); 2579 if (ret) 2580 return ret; 2581 2582 ret = add_jump_table_alts(file); 2583 if (ret) 2584 return ret; 2585 2586 ret = read_unwind_hints(file); 2587 if (ret) 2588 return ret; 2589 2590 /* 2591 * Must be after add_call_destinations() such that it can override 2592 * dead_end_function() marks. 2593 */ 2594 ret = read_annotate(file, __annotate_late); 2595 if (ret) 2596 return ret; 2597 2598 return 0; 2599 } 2600 2601 static bool is_special_call(struct instruction *insn) 2602 { 2603 if (insn->type == INSN_CALL) { 2604 struct symbol *dest = insn_call_dest(insn); 2605 2606 if (!dest) 2607 return false; 2608 2609 if (dest->fentry || dest->embedded_insn) 2610 return true; 2611 } 2612 2613 return false; 2614 } 2615 2616 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2617 { 2618 struct cfi_state *cfi = &state->cfi; 2619 int i; 2620 2621 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2622 return true; 2623 2624 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2625 return true; 2626 2627 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2628 return true; 2629 2630 for (i = 0; i < CFI_NUM_REGS; i++) { 2631 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2632 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2633 return true; 2634 } 2635 2636 return false; 2637 } 2638 2639 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2640 int expected_offset) 2641 { 2642 return reg->base == CFI_CFA && 2643 reg->offset == expected_offset; 2644 } 2645 2646 static bool has_valid_stack_frame(struct insn_state *state) 2647 { 2648 struct cfi_state *cfi = &state->cfi; 2649 2650 if (cfi->cfa.base == CFI_BP && 2651 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2652 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2653 return true; 2654 2655 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2656 return true; 2657 2658 return false; 2659 } 2660 2661 static int update_cfi_state_regs(struct instruction *insn, 2662 struct cfi_state *cfi, 2663 struct stack_op *op) 2664 { 2665 struct cfi_reg *cfa = &cfi->cfa; 2666 2667 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2668 return 0; 2669 2670 /* push */ 2671 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2672 cfa->offset += 8; 2673 2674 /* pop */ 2675 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2676 cfa->offset -= 8; 2677 2678 /* add immediate to sp */ 2679 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2680 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2681 cfa->offset -= op->src.offset; 2682 2683 return 0; 2684 } 2685 2686 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2687 { 2688 if (arch_callee_saved_reg(reg) && 2689 cfi->regs[reg].base == CFI_UNDEFINED) { 2690 cfi->regs[reg].base = base; 2691 cfi->regs[reg].offset = offset; 2692 } 2693 } 2694 2695 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2696 { 2697 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2698 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2699 } 2700 2701 /* 2702 * A note about DRAP stack alignment: 2703 * 2704 * GCC has the concept of a DRAP register, which is used to help keep track of 2705 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2706 * register. The typical DRAP pattern is: 2707 * 2708 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2709 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2710 * 41 ff 72 f8 pushq -0x8(%r10) 2711 * 55 push %rbp 2712 * 48 89 e5 mov %rsp,%rbp 2713 * (more pushes) 2714 * 41 52 push %r10 2715 * ... 2716 * 41 5a pop %r10 2717 * (more pops) 2718 * 5d pop %rbp 2719 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2720 * c3 retq 2721 * 2722 * There are some variations in the epilogues, like: 2723 * 2724 * 5b pop %rbx 2725 * 41 5a pop %r10 2726 * 41 5c pop %r12 2727 * 41 5d pop %r13 2728 * 41 5e pop %r14 2729 * c9 leaveq 2730 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2731 * c3 retq 2732 * 2733 * and: 2734 * 2735 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2736 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2737 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2738 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2739 * c9 leaveq 2740 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2741 * c3 retq 2742 * 2743 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2744 * restored beforehand: 2745 * 2746 * 41 55 push %r13 2747 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2748 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2749 * ... 2750 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2751 * 41 5d pop %r13 2752 * c3 retq 2753 */ 2754 static int update_cfi_state(struct instruction *insn, 2755 struct instruction *next_insn, 2756 struct cfi_state *cfi, struct stack_op *op) 2757 { 2758 struct cfi_reg *cfa = &cfi->cfa; 2759 struct cfi_reg *regs = cfi->regs; 2760 2761 /* ignore UNWIND_HINT_UNDEFINED regions */ 2762 if (cfi->force_undefined) 2763 return 0; 2764 2765 /* stack operations don't make sense with an undefined CFA */ 2766 if (cfa->base == CFI_UNDEFINED) { 2767 if (insn_func(insn)) { 2768 WARN_INSN(insn, "undefined stack state"); 2769 return 1; 2770 } 2771 return 0; 2772 } 2773 2774 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2775 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2776 return update_cfi_state_regs(insn, cfi, op); 2777 2778 switch (op->dest.type) { 2779 2780 case OP_DEST_REG: 2781 switch (op->src.type) { 2782 2783 case OP_SRC_REG: 2784 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2785 cfa->base == CFI_SP && 2786 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2787 2788 /* mov %rsp, %rbp */ 2789 cfa->base = op->dest.reg; 2790 cfi->bp_scratch = false; 2791 } 2792 2793 else if (op->src.reg == CFI_SP && 2794 op->dest.reg == CFI_BP && cfi->drap) { 2795 2796 /* drap: mov %rsp, %rbp */ 2797 regs[CFI_BP].base = CFI_BP; 2798 regs[CFI_BP].offset = -cfi->stack_size; 2799 cfi->bp_scratch = false; 2800 } 2801 2802 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2803 2804 /* 2805 * mov %rsp, %reg 2806 * 2807 * This is needed for the rare case where GCC 2808 * does: 2809 * 2810 * mov %rsp, %rax 2811 * ... 2812 * mov %rax, %rsp 2813 */ 2814 cfi->vals[op->dest.reg].base = CFI_CFA; 2815 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2816 } 2817 2818 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2819 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2820 2821 /* 2822 * mov %rbp, %rsp 2823 * 2824 * Restore the original stack pointer (Clang). 2825 */ 2826 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2827 } 2828 2829 else if (op->dest.reg == cfa->base) { 2830 2831 /* mov %reg, %rsp */ 2832 if (cfa->base == CFI_SP && 2833 cfi->vals[op->src.reg].base == CFI_CFA) { 2834 2835 /* 2836 * This is needed for the rare case 2837 * where GCC does something dumb like: 2838 * 2839 * lea 0x8(%rsp), %rcx 2840 * ... 2841 * mov %rcx, %rsp 2842 */ 2843 cfa->offset = -cfi->vals[op->src.reg].offset; 2844 cfi->stack_size = cfa->offset; 2845 2846 } else if (cfa->base == CFI_SP && 2847 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2848 cfi->vals[op->src.reg].offset == cfa->offset) { 2849 2850 /* 2851 * Stack swizzle: 2852 * 2853 * 1: mov %rsp, (%[tos]) 2854 * 2: mov %[tos], %rsp 2855 * ... 2856 * 3: pop %rsp 2857 * 2858 * Where: 2859 * 2860 * 1 - places a pointer to the previous 2861 * stack at the Top-of-Stack of the 2862 * new stack. 2863 * 2864 * 2 - switches to the new stack. 2865 * 2866 * 3 - pops the Top-of-Stack to restore 2867 * the original stack. 2868 * 2869 * Note: we set base to SP_INDIRECT 2870 * here and preserve offset. Therefore 2871 * when the unwinder reaches ToS it 2872 * will dereference SP and then add the 2873 * offset to find the next frame, IOW: 2874 * (%rsp) + offset. 2875 */ 2876 cfa->base = CFI_SP_INDIRECT; 2877 2878 } else { 2879 cfa->base = CFI_UNDEFINED; 2880 cfa->offset = 0; 2881 } 2882 } 2883 2884 else if (op->dest.reg == CFI_SP && 2885 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2886 cfi->vals[op->src.reg].offset == cfa->offset) { 2887 2888 /* 2889 * The same stack swizzle case 2) as above. But 2890 * because we can't change cfa->base, case 3) 2891 * will become a regular POP. Pretend we're a 2892 * PUSH so things don't go unbalanced. 2893 */ 2894 cfi->stack_size += 8; 2895 } 2896 2897 2898 break; 2899 2900 case OP_SRC_ADD: 2901 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2902 2903 /* add imm, %rsp */ 2904 cfi->stack_size -= op->src.offset; 2905 if (cfa->base == CFI_SP) 2906 cfa->offset -= op->src.offset; 2907 break; 2908 } 2909 2910 if (op->dest.reg == CFI_BP && op->src.reg == CFI_SP && 2911 insn->sym->frame_pointer) { 2912 /* addi.d fp,sp,imm on LoongArch */ 2913 if (cfa->base == CFI_SP && cfa->offset == op->src.offset) { 2914 cfa->base = CFI_BP; 2915 cfa->offset = 0; 2916 } 2917 break; 2918 } 2919 2920 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2921 /* addi.d sp,fp,imm on LoongArch */ 2922 if (cfa->base == CFI_BP && cfa->offset == 0) { 2923 if (insn->sym->frame_pointer) { 2924 cfa->base = CFI_SP; 2925 cfa->offset = -op->src.offset; 2926 } 2927 } else { 2928 /* lea disp(%rbp), %rsp */ 2929 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2930 } 2931 break; 2932 } 2933 2934 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2935 2936 /* drap: lea disp(%rsp), %drap */ 2937 cfi->drap_reg = op->dest.reg; 2938 2939 /* 2940 * lea disp(%rsp), %reg 2941 * 2942 * This is needed for the rare case where GCC 2943 * does something dumb like: 2944 * 2945 * lea 0x8(%rsp), %rcx 2946 * ... 2947 * mov %rcx, %rsp 2948 */ 2949 cfi->vals[op->dest.reg].base = CFI_CFA; 2950 cfi->vals[op->dest.reg].offset = \ 2951 -cfi->stack_size + op->src.offset; 2952 2953 break; 2954 } 2955 2956 if (cfi->drap && op->dest.reg == CFI_SP && 2957 op->src.reg == cfi->drap_reg) { 2958 2959 /* drap: lea disp(%drap), %rsp */ 2960 cfa->base = CFI_SP; 2961 cfa->offset = cfi->stack_size = -op->src.offset; 2962 cfi->drap_reg = CFI_UNDEFINED; 2963 cfi->drap = false; 2964 break; 2965 } 2966 2967 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 2968 WARN_INSN(insn, "unsupported stack register modification"); 2969 return -1; 2970 } 2971 2972 break; 2973 2974 case OP_SRC_AND: 2975 if (op->dest.reg != CFI_SP || 2976 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 2977 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 2978 WARN_INSN(insn, "unsupported stack pointer realignment"); 2979 return -1; 2980 } 2981 2982 if (cfi->drap_reg != CFI_UNDEFINED) { 2983 /* drap: and imm, %rsp */ 2984 cfa->base = cfi->drap_reg; 2985 cfa->offset = cfi->stack_size = 0; 2986 cfi->drap = true; 2987 } 2988 2989 /* 2990 * Older versions of GCC (4.8ish) realign the stack 2991 * without DRAP, with a frame pointer. 2992 */ 2993 2994 break; 2995 2996 case OP_SRC_POP: 2997 case OP_SRC_POPF: 2998 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 2999 3000 /* pop %rsp; # restore from a stack swizzle */ 3001 cfa->base = CFI_SP; 3002 break; 3003 } 3004 3005 if (!cfi->drap && op->dest.reg == cfa->base) { 3006 3007 /* pop %rbp */ 3008 cfa->base = CFI_SP; 3009 } 3010 3011 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 3012 op->dest.reg == cfi->drap_reg && 3013 cfi->drap_offset == -cfi->stack_size) { 3014 3015 /* drap: pop %drap */ 3016 cfa->base = cfi->drap_reg; 3017 cfa->offset = 0; 3018 cfi->drap_offset = -1; 3019 3020 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 3021 3022 /* pop %reg */ 3023 restore_reg(cfi, op->dest.reg); 3024 } 3025 3026 cfi->stack_size -= 8; 3027 if (cfa->base == CFI_SP) 3028 cfa->offset -= 8; 3029 3030 break; 3031 3032 case OP_SRC_REG_INDIRECT: 3033 if (!cfi->drap && op->dest.reg == cfa->base && 3034 op->dest.reg == CFI_BP) { 3035 3036 /* mov disp(%rsp), %rbp */ 3037 cfa->base = CFI_SP; 3038 cfa->offset = cfi->stack_size; 3039 } 3040 3041 if (cfi->drap && op->src.reg == CFI_BP && 3042 op->src.offset == cfi->drap_offset) { 3043 3044 /* drap: mov disp(%rbp), %drap */ 3045 cfa->base = cfi->drap_reg; 3046 cfa->offset = 0; 3047 cfi->drap_offset = -1; 3048 } 3049 3050 if (cfi->drap && op->src.reg == CFI_BP && 3051 op->src.offset == regs[op->dest.reg].offset) { 3052 3053 /* drap: mov disp(%rbp), %reg */ 3054 restore_reg(cfi, op->dest.reg); 3055 3056 } else if (op->src.reg == cfa->base && 3057 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3058 3059 /* mov disp(%rbp), %reg */ 3060 /* mov disp(%rsp), %reg */ 3061 restore_reg(cfi, op->dest.reg); 3062 3063 } else if (op->src.reg == CFI_SP && 3064 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3065 3066 /* mov disp(%rsp), %reg */ 3067 restore_reg(cfi, op->dest.reg); 3068 } 3069 3070 break; 3071 3072 default: 3073 WARN_INSN(insn, "unknown stack-related instruction"); 3074 return -1; 3075 } 3076 3077 break; 3078 3079 case OP_DEST_PUSH: 3080 case OP_DEST_PUSHF: 3081 cfi->stack_size += 8; 3082 if (cfa->base == CFI_SP) 3083 cfa->offset += 8; 3084 3085 if (op->src.type != OP_SRC_REG) 3086 break; 3087 3088 if (cfi->drap) { 3089 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3090 3091 /* drap: push %drap */ 3092 cfa->base = CFI_BP_INDIRECT; 3093 cfa->offset = -cfi->stack_size; 3094 3095 /* save drap so we know when to restore it */ 3096 cfi->drap_offset = -cfi->stack_size; 3097 3098 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3099 3100 /* drap: push %rbp */ 3101 cfi->stack_size = 0; 3102 3103 } else { 3104 3105 /* drap: push %reg */ 3106 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3107 } 3108 3109 } else { 3110 3111 /* push %reg */ 3112 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3113 } 3114 3115 /* detect when asm code uses rbp as a scratch register */ 3116 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3117 cfa->base != CFI_BP) 3118 cfi->bp_scratch = true; 3119 break; 3120 3121 case OP_DEST_REG_INDIRECT: 3122 3123 if (cfi->drap) { 3124 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3125 3126 /* drap: mov %drap, disp(%rbp) */ 3127 cfa->base = CFI_BP_INDIRECT; 3128 cfa->offset = op->dest.offset; 3129 3130 /* save drap offset so we know when to restore it */ 3131 cfi->drap_offset = op->dest.offset; 3132 } else { 3133 3134 /* drap: mov reg, disp(%rbp) */ 3135 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3136 } 3137 3138 } else if (op->dest.reg == cfa->base) { 3139 3140 /* mov reg, disp(%rbp) */ 3141 /* mov reg, disp(%rsp) */ 3142 save_reg(cfi, op->src.reg, CFI_CFA, 3143 op->dest.offset - cfi->cfa.offset); 3144 3145 } else if (op->dest.reg == CFI_SP) { 3146 3147 /* mov reg, disp(%rsp) */ 3148 save_reg(cfi, op->src.reg, CFI_CFA, 3149 op->dest.offset - cfi->stack_size); 3150 3151 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3152 3153 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3154 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3155 cfi->vals[op->dest.reg].offset = cfa->offset; 3156 } 3157 3158 break; 3159 3160 case OP_DEST_MEM: 3161 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3162 WARN_INSN(insn, "unknown stack-related memory operation"); 3163 return -1; 3164 } 3165 3166 /* pop mem */ 3167 cfi->stack_size -= 8; 3168 if (cfa->base == CFI_SP) 3169 cfa->offset -= 8; 3170 3171 break; 3172 3173 default: 3174 WARN_INSN(insn, "unknown stack-related instruction"); 3175 return -1; 3176 } 3177 3178 return 0; 3179 } 3180 3181 /* 3182 * The stack layouts of alternatives instructions can sometimes diverge when 3183 * they have stack modifications. That's fine as long as the potential stack 3184 * layouts don't conflict at any given potential instruction boundary. 3185 * 3186 * Flatten the CFIs of the different alternative code streams (both original 3187 * and replacement) into a single shared CFI array which can be used to detect 3188 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3189 */ 3190 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3191 { 3192 struct cfi_state **alt_cfi; 3193 int group_off; 3194 3195 if (!insn->alt_group) 3196 return 0; 3197 3198 if (!insn->cfi) { 3199 WARN("CFI missing"); 3200 return -1; 3201 } 3202 3203 alt_cfi = insn->alt_group->cfi; 3204 group_off = insn->offset - insn->alt_group->first_insn->offset; 3205 3206 if (!alt_cfi[group_off]) { 3207 alt_cfi[group_off] = insn->cfi; 3208 } else { 3209 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3210 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3211 struct instruction *orig = orig_group->first_insn; 3212 WARN_INSN(orig, "stack layout conflict in alternatives: %s", 3213 offstr(insn->sec, insn->offset)); 3214 return -1; 3215 } 3216 } 3217 3218 return 0; 3219 } 3220 3221 static int handle_insn_ops(struct instruction *insn, 3222 struct instruction *next_insn, 3223 struct insn_state *state) 3224 { 3225 struct stack_op *op; 3226 int ret; 3227 3228 for (op = insn->stack_ops; op; op = op->next) { 3229 3230 ret = update_cfi_state(insn, next_insn, &state->cfi, op); 3231 if (ret) 3232 return ret; 3233 3234 if (!opts.uaccess || !insn->alt_group) 3235 continue; 3236 3237 if (op->dest.type == OP_DEST_PUSHF) { 3238 if (!state->uaccess_stack) { 3239 state->uaccess_stack = 1; 3240 } else if (state->uaccess_stack >> 31) { 3241 WARN_INSN(insn, "PUSHF stack exhausted"); 3242 return 1; 3243 } 3244 state->uaccess_stack <<= 1; 3245 state->uaccess_stack |= state->uaccess; 3246 } 3247 3248 if (op->src.type == OP_SRC_POPF) { 3249 if (state->uaccess_stack) { 3250 state->uaccess = state->uaccess_stack & 1; 3251 state->uaccess_stack >>= 1; 3252 if (state->uaccess_stack == 1) 3253 state->uaccess_stack = 0; 3254 } 3255 } 3256 } 3257 3258 return 0; 3259 } 3260 3261 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3262 { 3263 struct cfi_state *cfi1 = insn->cfi; 3264 int i; 3265 3266 if (!cfi1) { 3267 WARN("CFI missing"); 3268 return false; 3269 } 3270 3271 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3272 3273 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3274 cfi1->cfa.base, cfi1->cfa.offset, 3275 cfi2->cfa.base, cfi2->cfa.offset); 3276 return false; 3277 3278 } 3279 3280 if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3281 for (i = 0; i < CFI_NUM_REGS; i++) { 3282 3283 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], sizeof(struct cfi_reg))) 3284 continue; 3285 3286 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3287 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3288 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3289 } 3290 return false; 3291 } 3292 3293 if (cfi1->type != cfi2->type) { 3294 3295 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3296 cfi1->type, cfi2->type); 3297 return false; 3298 } 3299 3300 if (cfi1->drap != cfi2->drap || 3301 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3302 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3303 3304 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3305 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3306 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3307 return false; 3308 } 3309 3310 return true; 3311 } 3312 3313 static inline bool func_uaccess_safe(struct symbol *func) 3314 { 3315 if (func) 3316 return func->uaccess_safe; 3317 3318 return false; 3319 } 3320 3321 static inline const char *call_dest_name(struct instruction *insn) 3322 { 3323 static char pvname[19]; 3324 struct reloc *reloc; 3325 int idx; 3326 3327 if (insn_call_dest(insn)) 3328 return insn_call_dest(insn)->name; 3329 3330 reloc = insn_reloc(NULL, insn); 3331 if (reloc && !strcmp(reloc->sym->name, "pv_ops")) { 3332 idx = (reloc_addend(reloc) / sizeof(void *)); 3333 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3334 return pvname; 3335 } 3336 3337 return "{dynamic}"; 3338 } 3339 3340 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3341 { 3342 struct symbol *target; 3343 struct reloc *reloc; 3344 int idx; 3345 3346 reloc = insn_reloc(file, insn); 3347 if (!reloc || strcmp(reloc->sym->name, "pv_ops")) 3348 return false; 3349 3350 idx = (arch_dest_reloc_offset(reloc_addend(reloc)) / sizeof(void *)); 3351 3352 if (file->pv_ops[idx].clean) 3353 return true; 3354 3355 file->pv_ops[idx].clean = true; 3356 3357 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3358 if (!target->sec->noinstr) { 3359 WARN("pv_ops[%d]: %s", idx, target->name); 3360 file->pv_ops[idx].clean = false; 3361 } 3362 } 3363 3364 return file->pv_ops[idx].clean; 3365 } 3366 3367 static inline bool noinstr_call_dest(struct objtool_file *file, 3368 struct instruction *insn, 3369 struct symbol *func) 3370 { 3371 /* 3372 * We can't deal with indirect function calls at present; 3373 * assume they're instrumented. 3374 */ 3375 if (!func) { 3376 if (file->pv_ops) 3377 return pv_call_dest(file, insn); 3378 3379 return false; 3380 } 3381 3382 /* 3383 * If the symbol is from a noinstr section; we good. 3384 */ 3385 if (func->sec->noinstr) 3386 return true; 3387 3388 /* 3389 * If the symbol is a static_call trampoline, we can't tell. 3390 */ 3391 if (func->static_call_tramp) 3392 return true; 3393 3394 /* 3395 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3396 * something 'BAD' happened. At the risk of taking the machine down, 3397 * let them proceed to get the message out. 3398 */ 3399 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3400 return true; 3401 3402 return false; 3403 } 3404 3405 static int validate_call(struct objtool_file *file, 3406 struct instruction *insn, 3407 struct insn_state *state) 3408 { 3409 if (state->noinstr && state->instr <= 0 && 3410 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3411 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3412 return 1; 3413 } 3414 3415 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3416 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3417 return 1; 3418 } 3419 3420 if (state->df) { 3421 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3422 return 1; 3423 } 3424 3425 return 0; 3426 } 3427 3428 static int validate_sibling_call(struct objtool_file *file, 3429 struct instruction *insn, 3430 struct insn_state *state) 3431 { 3432 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3433 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3434 return 1; 3435 } 3436 3437 return validate_call(file, insn, state); 3438 } 3439 3440 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3441 { 3442 if (state->noinstr && state->instr > 0) { 3443 WARN_INSN(insn, "return with instrumentation enabled"); 3444 return 1; 3445 } 3446 3447 if (state->uaccess && !func_uaccess_safe(func)) { 3448 WARN_INSN(insn, "return with UACCESS enabled"); 3449 return 1; 3450 } 3451 3452 if (!state->uaccess && func_uaccess_safe(func)) { 3453 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3454 return 1; 3455 } 3456 3457 if (state->df) { 3458 WARN_INSN(insn, "return with DF set"); 3459 return 1; 3460 } 3461 3462 if (func && has_modified_stack_frame(insn, state)) { 3463 WARN_INSN(insn, "return with modified stack frame"); 3464 return 1; 3465 } 3466 3467 if (state->cfi.bp_scratch) { 3468 WARN_INSN(insn, "BP used as a scratch register"); 3469 return 1; 3470 } 3471 3472 return 0; 3473 } 3474 3475 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3476 struct instruction *insn) 3477 { 3478 struct alt_group *alt_group = insn->alt_group; 3479 3480 /* 3481 * Simulate the fact that alternatives are patched in-place. When the 3482 * end of a replacement alt_group is reached, redirect objtool flow to 3483 * the end of the original alt_group. 3484 * 3485 * insn->alts->insn -> alt_group->first_insn 3486 * ... 3487 * alt_group->last_insn 3488 * [alt_group->nop] -> next(orig_group->last_insn) 3489 */ 3490 if (alt_group) { 3491 if (alt_group->nop) { 3492 /* ->nop implies ->orig_group */ 3493 if (insn == alt_group->last_insn) 3494 return alt_group->nop; 3495 if (insn == alt_group->nop) 3496 goto next_orig; 3497 } 3498 if (insn == alt_group->last_insn && alt_group->orig_group) 3499 goto next_orig; 3500 } 3501 3502 return next_insn_same_sec(file, insn); 3503 3504 next_orig: 3505 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3506 } 3507 3508 static bool skip_alt_group(struct instruction *insn) 3509 { 3510 struct instruction *alt_insn = insn->alts ? insn->alts->insn : NULL; 3511 3512 /* ANNOTATE_IGNORE_ALTERNATIVE */ 3513 if (insn->alt_group && insn->alt_group->ignore) 3514 return true; 3515 3516 /* 3517 * For NOP patched with CLAC/STAC, only follow the latter to avoid 3518 * impossible code paths combining patched CLAC with unpatched STAC 3519 * or vice versa. 3520 * 3521 * ANNOTATE_IGNORE_ALTERNATIVE could have been used here, but Linus 3522 * requested not to do that to avoid hurting .s file readability 3523 * around CLAC/STAC alternative sites. 3524 */ 3525 3526 if (!alt_insn) 3527 return false; 3528 3529 /* Don't override ASM_{CLAC,STAC}_UNSAFE */ 3530 if (alt_insn->alt_group && alt_insn->alt_group->ignore) 3531 return false; 3532 3533 return alt_insn->type == INSN_CLAC || alt_insn->type == INSN_STAC; 3534 } 3535 3536 /* 3537 * Follow the branch starting at the given instruction, and recursively follow 3538 * any other branches (jumps). Meanwhile, track the frame pointer state at 3539 * each instruction and validate all the rules described in 3540 * tools/objtool/Documentation/objtool.txt. 3541 */ 3542 static int validate_branch(struct objtool_file *file, struct symbol *func, 3543 struct instruction *insn, struct insn_state state) 3544 { 3545 struct alternative *alt; 3546 struct instruction *next_insn, *prev_insn = NULL; 3547 struct section *sec; 3548 u8 visited; 3549 int ret; 3550 3551 if (func && func->ignore) 3552 return 0; 3553 3554 sec = insn->sec; 3555 3556 while (1) { 3557 next_insn = next_insn_to_validate(file, insn); 3558 3559 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3560 /* Ignore KCFI type preambles, which always fall through */ 3561 if (!strncmp(func->name, "__cfi_", 6) || 3562 !strncmp(func->name, "__pfx_", 6)) 3563 return 0; 3564 3565 if (file->ignore_unreachables) 3566 return 0; 3567 3568 WARN("%s() falls through to next function %s()", 3569 func->name, insn_func(insn)->name); 3570 func->warned = 1; 3571 3572 return 1; 3573 } 3574 3575 visited = VISITED_BRANCH << state.uaccess; 3576 if (insn->visited & VISITED_BRANCH_MASK) { 3577 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3578 return 1; 3579 3580 if (insn->visited & visited) 3581 return 0; 3582 } else { 3583 nr_insns_visited++; 3584 } 3585 3586 if (state.noinstr) 3587 state.instr += insn->instr; 3588 3589 if (insn->hint) { 3590 if (insn->restore) { 3591 struct instruction *save_insn, *i; 3592 3593 i = insn; 3594 save_insn = NULL; 3595 3596 sym_for_each_insn_continue_reverse(file, func, i) { 3597 if (i->save) { 3598 save_insn = i; 3599 break; 3600 } 3601 } 3602 3603 if (!save_insn) { 3604 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3605 return 1; 3606 } 3607 3608 if (!save_insn->visited) { 3609 /* 3610 * If the restore hint insn is at the 3611 * beginning of a basic block and was 3612 * branched to from elsewhere, and the 3613 * save insn hasn't been visited yet, 3614 * defer following this branch for now. 3615 * It will be seen later via the 3616 * straight-line path. 3617 */ 3618 if (!prev_insn) 3619 return 0; 3620 3621 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3622 return 1; 3623 } 3624 3625 insn->cfi = save_insn->cfi; 3626 nr_cfi_reused++; 3627 } 3628 3629 state.cfi = *insn->cfi; 3630 } else { 3631 /* XXX track if we actually changed state.cfi */ 3632 3633 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3634 insn->cfi = prev_insn->cfi; 3635 nr_cfi_reused++; 3636 } else { 3637 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3638 } 3639 } 3640 3641 insn->visited |= visited; 3642 3643 if (propagate_alt_cfi(file, insn)) 3644 return 1; 3645 3646 if (insn->alts) { 3647 for (alt = insn->alts; alt; alt = alt->next) { 3648 ret = validate_branch(file, func, alt->insn, state); 3649 if (ret) { 3650 BT_INSN(insn, "(alt)"); 3651 return ret; 3652 } 3653 } 3654 } 3655 3656 if (skip_alt_group(insn)) 3657 return 0; 3658 3659 if (handle_insn_ops(insn, next_insn, &state)) 3660 return 1; 3661 3662 switch (insn->type) { 3663 3664 case INSN_RETURN: 3665 return validate_return(func, insn, &state); 3666 3667 case INSN_CALL: 3668 case INSN_CALL_DYNAMIC: 3669 ret = validate_call(file, insn, &state); 3670 if (ret) 3671 return ret; 3672 3673 if (opts.stackval && func && !is_special_call(insn) && 3674 !has_valid_stack_frame(&state)) { 3675 WARN_INSN(insn, "call without frame pointer save/setup"); 3676 return 1; 3677 } 3678 3679 break; 3680 3681 case INSN_JUMP_CONDITIONAL: 3682 case INSN_JUMP_UNCONDITIONAL: 3683 if (is_sibling_call(insn)) { 3684 ret = validate_sibling_call(file, insn, &state); 3685 if (ret) 3686 return ret; 3687 3688 } else if (insn->jump_dest) { 3689 ret = validate_branch(file, func, 3690 insn->jump_dest, state); 3691 if (ret) { 3692 BT_INSN(insn, "(branch)"); 3693 return ret; 3694 } 3695 } 3696 3697 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3698 return 0; 3699 3700 break; 3701 3702 case INSN_JUMP_DYNAMIC: 3703 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3704 if (is_sibling_call(insn)) { 3705 ret = validate_sibling_call(file, insn, &state); 3706 if (ret) 3707 return ret; 3708 } 3709 3710 if (insn->type == INSN_JUMP_DYNAMIC) 3711 return 0; 3712 3713 break; 3714 3715 case INSN_SYSCALL: 3716 if (func && (!next_insn || !next_insn->hint)) { 3717 WARN_INSN(insn, "unsupported instruction in callable function"); 3718 return 1; 3719 } 3720 3721 break; 3722 3723 case INSN_SYSRET: 3724 if (func && (!next_insn || !next_insn->hint)) { 3725 WARN_INSN(insn, "unsupported instruction in callable function"); 3726 return 1; 3727 } 3728 3729 return 0; 3730 3731 case INSN_STAC: 3732 if (!opts.uaccess) 3733 break; 3734 3735 if (state.uaccess) { 3736 WARN_INSN(insn, "recursive UACCESS enable"); 3737 return 1; 3738 } 3739 3740 state.uaccess = true; 3741 break; 3742 3743 case INSN_CLAC: 3744 if (!opts.uaccess) 3745 break; 3746 3747 if (!state.uaccess && func) { 3748 WARN_INSN(insn, "redundant UACCESS disable"); 3749 return 1; 3750 } 3751 3752 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3753 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3754 return 1; 3755 } 3756 3757 state.uaccess = false; 3758 break; 3759 3760 case INSN_STD: 3761 if (state.df) { 3762 WARN_INSN(insn, "recursive STD"); 3763 return 1; 3764 } 3765 3766 state.df = true; 3767 break; 3768 3769 case INSN_CLD: 3770 if (!state.df && func) { 3771 WARN_INSN(insn, "redundant CLD"); 3772 return 1; 3773 } 3774 3775 state.df = false; 3776 break; 3777 3778 default: 3779 break; 3780 } 3781 3782 if (insn->dead_end) 3783 return 0; 3784 3785 if (!next_insn) { 3786 if (state.cfi.cfa.base == CFI_UNDEFINED) 3787 return 0; 3788 if (file->ignore_unreachables) 3789 return 0; 3790 3791 WARN("%s%sunexpected end of section %s", 3792 func ? func->name : "", func ? "(): " : "", 3793 sec->name); 3794 return 1; 3795 } 3796 3797 prev_insn = insn; 3798 insn = next_insn; 3799 } 3800 3801 return 0; 3802 } 3803 3804 static int validate_unwind_hint(struct objtool_file *file, 3805 struct instruction *insn, 3806 struct insn_state *state) 3807 { 3808 if (insn->hint && !insn->visited) { 3809 int ret = validate_branch(file, insn_func(insn), insn, *state); 3810 if (ret) 3811 BT_INSN(insn, "<=== (hint)"); 3812 return ret; 3813 } 3814 3815 return 0; 3816 } 3817 3818 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3819 { 3820 struct instruction *insn; 3821 struct insn_state state; 3822 int warnings = 0; 3823 3824 if (!file->hints) 3825 return 0; 3826 3827 init_insn_state(file, &state, sec); 3828 3829 if (sec) { 3830 sec_for_each_insn(file, sec, insn) 3831 warnings += validate_unwind_hint(file, insn, &state); 3832 } else { 3833 for_each_insn(file, insn) 3834 warnings += validate_unwind_hint(file, insn, &state); 3835 } 3836 3837 return warnings; 3838 } 3839 3840 /* 3841 * Validate rethunk entry constraint: must untrain RET before the first RET. 3842 * 3843 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 3844 * before an actual RET instruction. 3845 */ 3846 static int validate_unret(struct objtool_file *file, struct instruction *insn) 3847 { 3848 struct instruction *next, *dest; 3849 int ret; 3850 3851 for (;;) { 3852 next = next_insn_to_validate(file, insn); 3853 3854 if (insn->visited & VISITED_UNRET) 3855 return 0; 3856 3857 insn->visited |= VISITED_UNRET; 3858 3859 if (insn->alts) { 3860 struct alternative *alt; 3861 for (alt = insn->alts; alt; alt = alt->next) { 3862 ret = validate_unret(file, alt->insn); 3863 if (ret) { 3864 BT_INSN(insn, "(alt)"); 3865 return ret; 3866 } 3867 } 3868 } 3869 3870 switch (insn->type) { 3871 3872 case INSN_CALL_DYNAMIC: 3873 case INSN_JUMP_DYNAMIC: 3874 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3875 WARN_INSN(insn, "early indirect call"); 3876 return 1; 3877 3878 case INSN_JUMP_UNCONDITIONAL: 3879 case INSN_JUMP_CONDITIONAL: 3880 if (!is_sibling_call(insn)) { 3881 if (!insn->jump_dest) { 3882 WARN_INSN(insn, "unresolved jump target after linking?!?"); 3883 return 1; 3884 } 3885 ret = validate_unret(file, insn->jump_dest); 3886 if (ret) { 3887 BT_INSN(insn, "(branch%s)", 3888 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3889 return ret; 3890 } 3891 3892 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3893 return 0; 3894 3895 break; 3896 } 3897 3898 /* fallthrough */ 3899 case INSN_CALL: 3900 dest = find_insn(file, insn_call_dest(insn)->sec, 3901 insn_call_dest(insn)->offset); 3902 if (!dest) { 3903 WARN("Unresolved function after linking!?: %s", 3904 insn_call_dest(insn)->name); 3905 return 1; 3906 } 3907 3908 ret = validate_unret(file, dest); 3909 if (ret) { 3910 BT_INSN(insn, "(call)"); 3911 return ret; 3912 } 3913 /* 3914 * If a call returns without error, it must have seen UNTRAIN_RET. 3915 * Therefore any non-error return is a success. 3916 */ 3917 return 0; 3918 3919 case INSN_RETURN: 3920 WARN_INSN(insn, "RET before UNTRAIN"); 3921 return 1; 3922 3923 case INSN_SYSCALL: 3924 break; 3925 3926 case INSN_SYSRET: 3927 return 0; 3928 3929 case INSN_NOP: 3930 if (insn->retpoline_safe) 3931 return 0; 3932 break; 3933 3934 default: 3935 break; 3936 } 3937 3938 if (insn->dead_end) 3939 return 0; 3940 3941 if (!next) { 3942 WARN_INSN(insn, "teh end!"); 3943 return 1; 3944 } 3945 insn = next; 3946 } 3947 3948 return 0; 3949 } 3950 3951 /* 3952 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 3953 * VALIDATE_UNRET_END before RET. 3954 */ 3955 static int validate_unrets(struct objtool_file *file) 3956 { 3957 struct instruction *insn; 3958 int warnings = 0; 3959 3960 for_each_insn(file, insn) { 3961 if (!insn->unret) 3962 continue; 3963 3964 warnings += validate_unret(file, insn); 3965 } 3966 3967 return warnings; 3968 } 3969 3970 static int validate_retpoline(struct objtool_file *file) 3971 { 3972 struct instruction *insn; 3973 int warnings = 0; 3974 3975 for_each_insn(file, insn) { 3976 if (insn->type != INSN_JUMP_DYNAMIC && 3977 insn->type != INSN_CALL_DYNAMIC && 3978 insn->type != INSN_RETURN) 3979 continue; 3980 3981 if (insn->retpoline_safe) 3982 continue; 3983 3984 if (insn->sec->init) 3985 continue; 3986 3987 if (insn->type == INSN_RETURN) { 3988 if (opts.rethunk) { 3989 WARN_INSN(insn, "'naked' return found in MITIGATION_RETHUNK build"); 3990 warnings++; 3991 } 3992 continue; 3993 } 3994 3995 WARN_INSN(insn, "indirect %s found in MITIGATION_RETPOLINE build", 3996 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3997 warnings++; 3998 } 3999 4000 return warnings; 4001 } 4002 4003 static bool is_kasan_insn(struct instruction *insn) 4004 { 4005 return (insn->type == INSN_CALL && 4006 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 4007 } 4008 4009 static bool is_ubsan_insn(struct instruction *insn) 4010 { 4011 return (insn->type == INSN_CALL && 4012 !strcmp(insn_call_dest(insn)->name, 4013 "__ubsan_handle_builtin_unreachable")); 4014 } 4015 4016 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 4017 { 4018 struct symbol *func = insn_func(insn); 4019 struct instruction *prev_insn; 4020 int i; 4021 4022 if (insn->type == INSN_NOP || insn->type == INSN_TRAP || (func && func->ignore)) 4023 return true; 4024 4025 /* 4026 * Ignore alternative replacement instructions. This can happen 4027 * when a whitelisted function uses one of the ALTERNATIVE macros. 4028 */ 4029 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 4030 !strcmp(insn->sec->name, ".altinstr_aux")) 4031 return true; 4032 4033 /* 4034 * Whole archive runs might encounter dead code from weak symbols. 4035 * This is where the linker will have dropped the weak symbol in 4036 * favour of a regular symbol, but leaves the code in place. 4037 * 4038 * In this case we'll find a piece of code (whole function) that is not 4039 * covered by a !section symbol. Ignore them. 4040 */ 4041 if (opts.link && !func) { 4042 int size = find_symbol_hole_containing(insn->sec, insn->offset); 4043 unsigned long end = insn->offset + size; 4044 4045 if (!size) /* not a hole */ 4046 return false; 4047 4048 if (size < 0) /* hole until the end */ 4049 return true; 4050 4051 sec_for_each_insn_continue(file, insn) { 4052 /* 4053 * If we reach a visited instruction at or before the 4054 * end of the hole, ignore the unreachable. 4055 */ 4056 if (insn->visited) 4057 return true; 4058 4059 if (insn->offset >= end) 4060 break; 4061 4062 /* 4063 * If this hole jumps to a .cold function, mark it ignore too. 4064 */ 4065 if (insn->jump_dest && insn_func(insn->jump_dest) && 4066 strstr(insn_func(insn->jump_dest)->name, ".cold")) { 4067 insn_func(insn->jump_dest)->ignore = true; 4068 } 4069 } 4070 4071 return false; 4072 } 4073 4074 if (!func) 4075 return false; 4076 4077 if (func->static_call_tramp) 4078 return true; 4079 4080 /* 4081 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4082 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4083 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4084 * (or occasionally a JMP to UD2). 4085 * 4086 * It may also insert a UD2 after calling a __noreturn function. 4087 */ 4088 prev_insn = prev_insn_same_sec(file, insn); 4089 if (prev_insn && prev_insn->dead_end && 4090 (insn->type == INSN_BUG || 4091 (insn->type == INSN_JUMP_UNCONDITIONAL && 4092 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4093 return true; 4094 4095 /* 4096 * Check if this (or a subsequent) instruction is related to 4097 * CONFIG_UBSAN or CONFIG_KASAN. 4098 * 4099 * End the search at 5 instructions to avoid going into the weeds. 4100 */ 4101 for (i = 0; i < 5; i++) { 4102 4103 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4104 return true; 4105 4106 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4107 if (insn->jump_dest && 4108 insn_func(insn->jump_dest) == func) { 4109 insn = insn->jump_dest; 4110 continue; 4111 } 4112 4113 break; 4114 } 4115 4116 if (insn->offset + insn->len >= func->offset + func->len) 4117 break; 4118 4119 insn = next_insn_same_sec(file, insn); 4120 } 4121 4122 return false; 4123 } 4124 4125 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func) 4126 { 4127 struct instruction *insn, *prev; 4128 struct cfi_state *cfi; 4129 4130 insn = find_insn(file, func->sec, func->offset); 4131 if (!insn) 4132 return -1; 4133 4134 for (prev = prev_insn_same_sec(file, insn); 4135 prev; 4136 prev = prev_insn_same_sec(file, prev)) { 4137 u64 offset; 4138 4139 if (prev->type != INSN_NOP) 4140 return -1; 4141 4142 offset = func->offset - prev->offset; 4143 4144 if (offset > opts.prefix) 4145 return -1; 4146 4147 if (offset < opts.prefix) 4148 continue; 4149 4150 elf_create_prefix_symbol(file->elf, func, opts.prefix); 4151 break; 4152 } 4153 4154 if (!prev) 4155 return -1; 4156 4157 if (!insn->cfi) { 4158 /* 4159 * This can happen if stack validation isn't enabled or the 4160 * function is annotated with STACK_FRAME_NON_STANDARD. 4161 */ 4162 return 0; 4163 } 4164 4165 /* Propagate insn->cfi to the prefix code */ 4166 cfi = cfi_hash_find_or_add(insn->cfi); 4167 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4168 prev->cfi = cfi; 4169 4170 return 0; 4171 } 4172 4173 static int add_prefix_symbols(struct objtool_file *file) 4174 { 4175 struct section *sec; 4176 struct symbol *func; 4177 4178 for_each_sec(file, sec) { 4179 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4180 continue; 4181 4182 sec_for_each_sym(sec, func) { 4183 if (func->type != STT_FUNC) 4184 continue; 4185 4186 add_prefix_symbol(file, func); 4187 } 4188 } 4189 4190 return 0; 4191 } 4192 4193 static int validate_symbol(struct objtool_file *file, struct section *sec, 4194 struct symbol *sym, struct insn_state *state) 4195 { 4196 struct instruction *insn; 4197 int ret; 4198 4199 if (!sym->len) { 4200 WARN("%s() is missing an ELF size annotation", sym->name); 4201 return 1; 4202 } 4203 4204 if (sym->pfunc != sym || sym->alias != sym) 4205 return 0; 4206 4207 insn = find_insn(file, sec, sym->offset); 4208 if (!insn || insn->visited) 4209 return 0; 4210 4211 if (opts.uaccess) 4212 state->uaccess = sym->uaccess_safe; 4213 4214 ret = validate_branch(file, insn_func(insn), insn, *state); 4215 if (ret) 4216 BT_INSN(insn, "<=== (sym)"); 4217 return ret; 4218 } 4219 4220 static int validate_section(struct objtool_file *file, struct section *sec) 4221 { 4222 struct insn_state state; 4223 struct symbol *func; 4224 int warnings = 0; 4225 4226 sec_for_each_sym(sec, func) { 4227 if (func->type != STT_FUNC) 4228 continue; 4229 4230 init_insn_state(file, &state, sec); 4231 set_func_state(&state.cfi); 4232 4233 warnings += validate_symbol(file, sec, func, &state); 4234 } 4235 4236 return warnings; 4237 } 4238 4239 static int validate_noinstr_sections(struct objtool_file *file) 4240 { 4241 struct section *sec; 4242 int warnings = 0; 4243 4244 sec = find_section_by_name(file->elf, ".noinstr.text"); 4245 if (sec) { 4246 warnings += validate_section(file, sec); 4247 warnings += validate_unwind_hints(file, sec); 4248 } 4249 4250 sec = find_section_by_name(file->elf, ".entry.text"); 4251 if (sec) { 4252 warnings += validate_section(file, sec); 4253 warnings += validate_unwind_hints(file, sec); 4254 } 4255 4256 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4257 if (sec) { 4258 warnings += validate_section(file, sec); 4259 warnings += validate_unwind_hints(file, sec); 4260 } 4261 4262 return warnings; 4263 } 4264 4265 static int validate_functions(struct objtool_file *file) 4266 { 4267 struct section *sec; 4268 int warnings = 0; 4269 4270 for_each_sec(file, sec) { 4271 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4272 continue; 4273 4274 warnings += validate_section(file, sec); 4275 } 4276 4277 return warnings; 4278 } 4279 4280 static void mark_endbr_used(struct instruction *insn) 4281 { 4282 if (!list_empty(&insn->call_node)) 4283 list_del_init(&insn->call_node); 4284 } 4285 4286 static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4287 { 4288 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4289 struct instruction *first; 4290 4291 if (!sym) 4292 return false; 4293 4294 first = find_insn(file, sym->sec, sym->offset); 4295 if (!first) 4296 return false; 4297 4298 if (first->type != INSN_ENDBR && !first->noendbr) 4299 return false; 4300 4301 return insn->offset == sym->offset + sym->len; 4302 } 4303 4304 static int __validate_ibt_insn(struct objtool_file *file, struct instruction *insn, 4305 struct instruction *dest) 4306 { 4307 if (dest->type == INSN_ENDBR) { 4308 mark_endbr_used(dest); 4309 return 0; 4310 } 4311 4312 if (insn_func(dest) && insn_func(insn) && 4313 insn_func(dest)->pfunc == insn_func(insn)->pfunc) { 4314 /* 4315 * Anything from->to self is either _THIS_IP_ or 4316 * IRET-to-self. 4317 * 4318 * There is no sane way to annotate _THIS_IP_ since the 4319 * compiler treats the relocation as a constant and is 4320 * happy to fold in offsets, skewing any annotation we 4321 * do, leading to vast amounts of false-positives. 4322 * 4323 * There's also compiler generated _THIS_IP_ through 4324 * KCOV and such which we have no hope of annotating. 4325 * 4326 * As such, blanket accept self-references without 4327 * issue. 4328 */ 4329 return 0; 4330 } 4331 4332 /* 4333 * Accept anything ANNOTATE_NOENDBR. 4334 */ 4335 if (dest->noendbr) 4336 return 0; 4337 4338 /* 4339 * Accept if this is the instruction after a symbol 4340 * that is (no)endbr -- typical code-range usage. 4341 */ 4342 if (noendbr_range(file, dest)) 4343 return 0; 4344 4345 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4346 return 1; 4347 } 4348 4349 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4350 { 4351 struct instruction *dest; 4352 struct reloc *reloc; 4353 unsigned long off; 4354 int warnings = 0; 4355 4356 /* 4357 * Looking for function pointer load relocations. Ignore 4358 * direct/indirect branches: 4359 */ 4360 switch (insn->type) { 4361 4362 case INSN_CALL: 4363 case INSN_CALL_DYNAMIC: 4364 case INSN_JUMP_CONDITIONAL: 4365 case INSN_JUMP_UNCONDITIONAL: 4366 case INSN_JUMP_DYNAMIC: 4367 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4368 case INSN_RETURN: 4369 case INSN_NOP: 4370 return 0; 4371 4372 case INSN_LEA_RIP: 4373 if (!insn_reloc(file, insn)) { 4374 /* local function pointer reference without reloc */ 4375 4376 off = arch_jump_destination(insn); 4377 4378 dest = find_insn(file, insn->sec, off); 4379 if (!dest) { 4380 WARN_INSN(insn, "corrupt function pointer reference"); 4381 return 1; 4382 } 4383 4384 return __validate_ibt_insn(file, insn, dest); 4385 } 4386 break; 4387 4388 default: 4389 break; 4390 } 4391 4392 for (reloc = insn_reloc(file, insn); 4393 reloc; 4394 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4395 reloc_offset(reloc) + 1, 4396 (insn->offset + insn->len) - (reloc_offset(reloc) + 1))) { 4397 4398 off = reloc->sym->offset; 4399 if (reloc_type(reloc) == R_X86_64_PC32 || 4400 reloc_type(reloc) == R_X86_64_PLT32) 4401 off += arch_dest_reloc_offset(reloc_addend(reloc)); 4402 else 4403 off += reloc_addend(reloc); 4404 4405 dest = find_insn(file, reloc->sym->sec, off); 4406 if (!dest) 4407 continue; 4408 4409 warnings += __validate_ibt_insn(file, insn, dest); 4410 } 4411 4412 return warnings; 4413 } 4414 4415 static int validate_ibt_data_reloc(struct objtool_file *file, 4416 struct reloc *reloc) 4417 { 4418 struct instruction *dest; 4419 4420 dest = find_insn(file, reloc->sym->sec, 4421 reloc->sym->offset + reloc_addend(reloc)); 4422 if (!dest) 4423 return 0; 4424 4425 if (dest->type == INSN_ENDBR) { 4426 mark_endbr_used(dest); 4427 return 0; 4428 } 4429 4430 if (dest->noendbr) 4431 return 0; 4432 4433 WARN_FUNC(reloc->sec->base, reloc_offset(reloc), 4434 "data relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4435 4436 return 1; 4437 } 4438 4439 /* 4440 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4441 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4442 * NOPs) later, in create_ibt_endbr_seal_sections(). 4443 */ 4444 static int validate_ibt(struct objtool_file *file) 4445 { 4446 struct section *sec; 4447 struct reloc *reloc; 4448 struct instruction *insn; 4449 int warnings = 0; 4450 4451 for_each_insn(file, insn) 4452 warnings += validate_ibt_insn(file, insn); 4453 4454 for_each_sec(file, sec) { 4455 4456 /* Already done by validate_ibt_insn() */ 4457 if (sec->sh.sh_flags & SHF_EXECINSTR) 4458 continue; 4459 4460 if (!sec->rsec) 4461 continue; 4462 4463 /* 4464 * These sections can reference text addresses, but not with 4465 * the intent to indirect branch to them. 4466 */ 4467 if ((!strncmp(sec->name, ".discard", 8) && 4468 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4469 !strncmp(sec->name, ".debug", 6) || 4470 !strcmp(sec->name, ".altinstructions") || 4471 !strcmp(sec->name, ".ibt_endbr_seal") || 4472 !strcmp(sec->name, ".orc_unwind_ip") || 4473 !strcmp(sec->name, ".parainstructions") || 4474 !strcmp(sec->name, ".retpoline_sites") || 4475 !strcmp(sec->name, ".smp_locks") || 4476 !strcmp(sec->name, ".static_call_sites") || 4477 !strcmp(sec->name, "_error_injection_whitelist") || 4478 !strcmp(sec->name, "_kprobe_blacklist") || 4479 !strcmp(sec->name, "__bug_table") || 4480 !strcmp(sec->name, "__ex_table") || 4481 !strcmp(sec->name, "__jump_table") || 4482 !strcmp(sec->name, "__mcount_loc") || 4483 !strcmp(sec->name, ".kcfi_traps") || 4484 !strcmp(sec->name, ".llvm.call-graph-profile") || 4485 !strcmp(sec->name, ".llvm_bb_addr_map") || 4486 !strcmp(sec->name, "__tracepoints") || 4487 strstr(sec->name, "__patchable_function_entries")) 4488 continue; 4489 4490 for_each_reloc(sec->rsec, reloc) 4491 warnings += validate_ibt_data_reloc(file, reloc); 4492 } 4493 4494 return warnings; 4495 } 4496 4497 static int validate_sls(struct objtool_file *file) 4498 { 4499 struct instruction *insn, *next_insn; 4500 int warnings = 0; 4501 4502 for_each_insn(file, insn) { 4503 next_insn = next_insn_same_sec(file, insn); 4504 4505 if (insn->retpoline_safe) 4506 continue; 4507 4508 switch (insn->type) { 4509 case INSN_RETURN: 4510 if (!next_insn || next_insn->type != INSN_TRAP) { 4511 WARN_INSN(insn, "missing int3 after ret"); 4512 warnings++; 4513 } 4514 4515 break; 4516 case INSN_JUMP_DYNAMIC: 4517 if (!next_insn || next_insn->type != INSN_TRAP) { 4518 WARN_INSN(insn, "missing int3 after indirect jump"); 4519 warnings++; 4520 } 4521 break; 4522 default: 4523 break; 4524 } 4525 } 4526 4527 return warnings; 4528 } 4529 4530 static int validate_reachable_instructions(struct objtool_file *file) 4531 { 4532 struct instruction *insn, *prev_insn; 4533 struct symbol *call_dest; 4534 int warnings = 0; 4535 4536 if (file->ignore_unreachables) 4537 return 0; 4538 4539 for_each_insn(file, insn) { 4540 if (insn->visited || ignore_unreachable_insn(file, insn)) 4541 continue; 4542 4543 prev_insn = prev_insn_same_sec(file, insn); 4544 if (prev_insn && prev_insn->dead_end) { 4545 call_dest = insn_call_dest(prev_insn); 4546 if (call_dest) { 4547 WARN_INSN(insn, "%s() missing __noreturn in .c/.h or NORETURN() in noreturns.h", 4548 call_dest->name); 4549 warnings++; 4550 continue; 4551 } 4552 } 4553 4554 WARN_INSN(insn, "unreachable instruction"); 4555 warnings++; 4556 } 4557 4558 return warnings; 4559 } 4560 4561 /* 'funcs' is a space-separated list of function names */ 4562 static void disas_funcs(const char *funcs) 4563 { 4564 const char *objdump_str, *cross_compile; 4565 int size, ret; 4566 char *cmd; 4567 4568 cross_compile = getenv("CROSS_COMPILE"); 4569 if (!cross_compile) 4570 cross_compile = ""; 4571 4572 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '" 4573 "BEGIN { split(_funcs, funcs); }" 4574 "/^$/ { func_match = 0; }" 4575 "/<.*>:/ { " 4576 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);" 4577 "for (i in funcs) {" 4578 "if (funcs[i] == f) {" 4579 "func_match = 1;" 4580 "base = strtonum(\"0x\" $1);" 4581 "break;" 4582 "}" 4583 "}" 4584 "}" 4585 "{" 4586 "if (func_match) {" 4587 "addr = strtonum(\"0x\" $1);" 4588 "printf(\"%%04x \", addr - base);" 4589 "print;" 4590 "}" 4591 "}' 1>&2"; 4592 4593 /* fake snprintf() to calculate the size */ 4594 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1; 4595 if (size <= 0) { 4596 WARN("objdump string size calculation failed"); 4597 return; 4598 } 4599 4600 cmd = malloc(size); 4601 4602 /* real snprintf() */ 4603 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs); 4604 ret = system(cmd); 4605 if (ret) { 4606 WARN("disassembly failed: %d", ret); 4607 return; 4608 } 4609 } 4610 4611 static void disas_warned_funcs(struct objtool_file *file) 4612 { 4613 struct symbol *sym; 4614 char *funcs = NULL, *tmp; 4615 4616 for_each_sym(file, sym) { 4617 if (sym->warned) { 4618 if (!funcs) { 4619 funcs = malloc(strlen(sym->name) + 1); 4620 if (!funcs) { 4621 ERROR_GLIBC("malloc"); 4622 return; 4623 } 4624 strcpy(funcs, sym->name); 4625 } else { 4626 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2); 4627 if (!tmp) { 4628 ERROR_GLIBC("malloc"); 4629 return; 4630 } 4631 sprintf(tmp, "%s %s", funcs, sym->name); 4632 free(funcs); 4633 funcs = tmp; 4634 } 4635 } 4636 } 4637 4638 if (funcs) 4639 disas_funcs(funcs); 4640 } 4641 4642 struct insn_chunk { 4643 void *addr; 4644 struct insn_chunk *next; 4645 }; 4646 4647 /* 4648 * Reduce peak RSS usage by freeing insns memory before writing the ELF file, 4649 * which can trigger more allocations for .debug_* sections whose data hasn't 4650 * been read yet. 4651 */ 4652 static void free_insns(struct objtool_file *file) 4653 { 4654 struct instruction *insn; 4655 struct insn_chunk *chunks = NULL, *chunk; 4656 4657 for_each_insn(file, insn) { 4658 if (!insn->idx) { 4659 chunk = malloc(sizeof(*chunk)); 4660 chunk->addr = insn; 4661 chunk->next = chunks; 4662 chunks = chunk; 4663 } 4664 } 4665 4666 for (chunk = chunks; chunk; chunk = chunk->next) 4667 free(chunk->addr); 4668 } 4669 4670 int check(struct objtool_file *file) 4671 { 4672 int ret = 0, warnings = 0; 4673 4674 arch_initial_func_cfi_state(&initial_func_cfi); 4675 init_cfi_state(&init_cfi); 4676 init_cfi_state(&func_cfi); 4677 set_func_state(&func_cfi); 4678 init_cfi_state(&force_undefined_cfi); 4679 force_undefined_cfi.force_undefined = true; 4680 4681 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) { 4682 ret = -1; 4683 goto out; 4684 } 4685 4686 cfi_hash_add(&init_cfi); 4687 cfi_hash_add(&func_cfi); 4688 4689 ret = decode_sections(file); 4690 if (ret) 4691 goto out; 4692 4693 if (!nr_insns) 4694 goto out; 4695 4696 if (opts.retpoline) 4697 warnings += validate_retpoline(file); 4698 4699 if (opts.stackval || opts.orc || opts.uaccess) { 4700 int w = 0; 4701 4702 w += validate_functions(file); 4703 w += validate_unwind_hints(file, NULL); 4704 if (!w) 4705 w += validate_reachable_instructions(file); 4706 4707 warnings += w; 4708 4709 } else if (opts.noinstr) { 4710 warnings += validate_noinstr_sections(file); 4711 } 4712 4713 if (opts.unret) { 4714 /* 4715 * Must be after validate_branch() and friends, it plays 4716 * further games with insn->visited. 4717 */ 4718 warnings += validate_unrets(file); 4719 } 4720 4721 if (opts.ibt) 4722 warnings += validate_ibt(file); 4723 4724 if (opts.sls) 4725 warnings += validate_sls(file); 4726 4727 if (opts.static_call) { 4728 ret = create_static_call_sections(file); 4729 if (ret) 4730 goto out; 4731 } 4732 4733 if (opts.retpoline) { 4734 ret = create_retpoline_sites_sections(file); 4735 if (ret) 4736 goto out; 4737 } 4738 4739 if (opts.cfi) { 4740 ret = create_cfi_sections(file); 4741 if (ret) 4742 goto out; 4743 } 4744 4745 if (opts.rethunk) { 4746 ret = create_return_sites_sections(file); 4747 if (ret) 4748 goto out; 4749 4750 if (opts.hack_skylake) { 4751 ret = create_direct_call_sections(file); 4752 if (ret) 4753 goto out; 4754 } 4755 } 4756 4757 if (opts.mcount) { 4758 ret = create_mcount_loc_sections(file); 4759 if (ret) 4760 goto out; 4761 } 4762 4763 if (opts.prefix) { 4764 ret = add_prefix_symbols(file); 4765 if (ret) 4766 goto out; 4767 } 4768 4769 if (opts.ibt) { 4770 ret = create_ibt_endbr_seal_sections(file); 4771 if (ret) 4772 goto out; 4773 } 4774 4775 if (opts.orc && nr_insns) { 4776 ret = orc_create(file); 4777 if (ret) 4778 goto out; 4779 } 4780 4781 free_insns(file); 4782 4783 if (opts.stats) { 4784 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4785 printf("nr_cfi: %ld\n", nr_cfi); 4786 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4787 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4788 } 4789 4790 out: 4791 if (!ret && !warnings) 4792 return 0; 4793 4794 if (opts.werror && warnings) 4795 ret = 1; 4796 4797 if (opts.verbose) { 4798 if (opts.werror && warnings) 4799 WARN("%d warning(s) upgraded to errors", warnings); 4800 print_args(); 4801 disas_warned_funcs(file); 4802 } 4803 4804 return ret; 4805 } 4806