1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6#include <string.h> 7#include <stdlib.h> 8#include <inttypes.h> 9#include <sys/mman.h> 10 11#include <objtool/builtin.h> 12#include <objtool/cfi.h> 13#include <objtool/arch.h> 14#include <objtool/check.h> 15#include <objtool/special.h> 16#include <objtool/warn.h> 17#include <objtool/endianness.h> 18 19#include <linux/objtool_types.h> 20#include <linux/hashtable.h> 21#include <linux/kernel.h> 22#include <linux/static_call_types.h> 23 24struct alternative { 25 struct alternative *next; 26 struct instruction *insn; 27 bool skip_orig; 28}; 29 30static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 31 32static struct cfi_init_state initial_func_cfi; 33static struct cfi_state init_cfi; 34static struct cfi_state func_cfi; 35static struct cfi_state force_undefined_cfi; 36 37struct instruction *find_insn(struct objtool_file *file, 38 struct section *sec, unsigned long offset) 39{ 40 struct instruction *insn; 41 42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 43 if (insn->sec == sec && insn->offset == offset) 44 return insn; 45 } 46 47 return NULL; 48} 49 50struct instruction *next_insn_same_sec(struct objtool_file *file, 51 struct instruction *insn) 52{ 53 if (insn->idx == INSN_CHUNK_MAX) 54 return find_insn(file, insn->sec, insn->offset + insn->len); 55 56 insn++; 57 if (!insn->len) 58 return NULL; 59 60 return insn; 61} 62 63static struct instruction *next_insn_same_func(struct objtool_file *file, 64 struct instruction *insn) 65{ 66 struct instruction *next = next_insn_same_sec(file, insn); 67 struct symbol *func = insn_func(insn); 68 69 if (!func) 70 return NULL; 71 72 if (next && insn_func(next) == func) 73 return next; 74 75 /* Check if we're already in the subfunction: */ 76 if (func == func->cfunc) 77 return NULL; 78 79 /* Move to the subfunction: */ 80 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 81} 82 83static struct instruction *prev_insn_same_sec(struct objtool_file *file, 84 struct instruction *insn) 85{ 86 if (insn->idx == 0) { 87 if (insn->prev_len) 88 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 89 return NULL; 90 } 91 92 return insn - 1; 93} 94 95static struct instruction *prev_insn_same_sym(struct objtool_file *file, 96 struct instruction *insn) 97{ 98 struct instruction *prev = prev_insn_same_sec(file, insn); 99 100 if (prev && insn_func(prev) == insn_func(insn)) 101 return prev; 102 103 return NULL; 104} 105 106#define for_each_insn(file, insn) \ 107 for (struct section *__sec, *__fake = (struct section *)1; \ 108 __fake; __fake = NULL) \ 109 for_each_sec(file, __sec) \ 110 sec_for_each_insn(file, __sec, insn) 111 112#define func_for_each_insn(file, func, insn) \ 113 for (insn = find_insn(file, func->sec, func->offset); \ 114 insn; \ 115 insn = next_insn_same_func(file, insn)) 116 117#define sym_for_each_insn(file, sym, insn) \ 118 for (insn = find_insn(file, sym->sec, sym->offset); \ 119 insn && insn->offset < sym->offset + sym->len; \ 120 insn = next_insn_same_sec(file, insn)) 121 122#define sym_for_each_insn_continue_reverse(file, sym, insn) \ 123 for (insn = prev_insn_same_sec(file, insn); \ 124 insn && insn->offset >= sym->offset; \ 125 insn = prev_insn_same_sec(file, insn)) 126 127#define sec_for_each_insn_from(file, insn) \ 128 for (; insn; insn = next_insn_same_sec(file, insn)) 129 130#define sec_for_each_insn_continue(file, insn) \ 131 for (insn = next_insn_same_sec(file, insn); insn; \ 132 insn = next_insn_same_sec(file, insn)) 133 134static inline struct symbol *insn_call_dest(struct instruction *insn) 135{ 136 if (insn->type == INSN_JUMP_DYNAMIC || 137 insn->type == INSN_CALL_DYNAMIC) 138 return NULL; 139 140 return insn->_call_dest; 141} 142 143static inline struct reloc *insn_jump_table(struct instruction *insn) 144{ 145 if (insn->type == INSN_JUMP_DYNAMIC || 146 insn->type == INSN_CALL_DYNAMIC) 147 return insn->_jump_table; 148 149 return NULL; 150} 151 152static bool is_jump_table_jump(struct instruction *insn) 153{ 154 struct alt_group *alt_group = insn->alt_group; 155 156 if (insn_jump_table(insn)) 157 return true; 158 159 /* Retpoline alternative for a jump table? */ 160 return alt_group && alt_group->orig_group && 161 insn_jump_table(alt_group->orig_group->first_insn); 162} 163 164static bool is_sibling_call(struct instruction *insn) 165{ 166 /* 167 * Assume only STT_FUNC calls have jump-tables. 168 */ 169 if (insn_func(insn)) { 170 /* An indirect jump is either a sibling call or a jump to a table. */ 171 if (insn->type == INSN_JUMP_DYNAMIC) 172 return !is_jump_table_jump(insn); 173 } 174 175 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 176 return (is_static_jump(insn) && insn_call_dest(insn)); 177} 178 179/* 180 * This checks to see if the given function is a "noreturn" function. 181 * 182 * For global functions which are outside the scope of this object file, we 183 * have to keep a manual list of them. 184 * 185 * For local functions, we have to detect them manually by simply looking for 186 * the lack of a return instruction. 187 */ 188static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 189 int recursion) 190{ 191 int i; 192 struct instruction *insn; 193 bool empty = true; 194 195#define NORETURN(func) __stringify(func), 196 static const char * const global_noreturns[] = { 197#include "noreturns.h" 198 }; 199#undef NORETURN 200 201 if (!func) 202 return false; 203 204 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) 205 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 206 if (!strcmp(func->name, global_noreturns[i])) 207 return true; 208 209 if (func->bind == STB_WEAK) 210 return false; 211 212 if (!func->len) 213 return false; 214 215 insn = find_insn(file, func->sec, func->offset); 216 if (!insn || !insn_func(insn)) 217 return false; 218 219 func_for_each_insn(file, func, insn) { 220 empty = false; 221 222 if (insn->type == INSN_RETURN) 223 return false; 224 } 225 226 if (empty) 227 return false; 228 229 /* 230 * A function can have a sibling call instead of a return. In that 231 * case, the function's dead-end status depends on whether the target 232 * of the sibling call returns. 233 */ 234 func_for_each_insn(file, func, insn) { 235 if (is_sibling_call(insn)) { 236 struct instruction *dest = insn->jump_dest; 237 238 if (!dest) 239 /* sibling call to another file */ 240 return false; 241 242 /* local sibling call */ 243 if (recursion == 5) { 244 /* 245 * Infinite recursion: two functions have 246 * sibling calls to each other. This is a very 247 * rare case. It means they aren't dead ends. 248 */ 249 return false; 250 } 251 252 return __dead_end_function(file, insn_func(dest), recursion+1); 253 } 254 } 255 256 return true; 257} 258 259static bool dead_end_function(struct objtool_file *file, struct symbol *func) 260{ 261 return __dead_end_function(file, func, 0); 262} 263 264static void init_cfi_state(struct cfi_state *cfi) 265{ 266 int i; 267 268 for (i = 0; i < CFI_NUM_REGS; i++) { 269 cfi->regs[i].base = CFI_UNDEFINED; 270 cfi->vals[i].base = CFI_UNDEFINED; 271 } 272 cfi->cfa.base = CFI_UNDEFINED; 273 cfi->drap_reg = CFI_UNDEFINED; 274 cfi->drap_offset = -1; 275} 276 277static void init_insn_state(struct objtool_file *file, struct insn_state *state, 278 struct section *sec) 279{ 280 memset(state, 0, sizeof(*state)); 281 init_cfi_state(&state->cfi); 282 283 /* 284 * We need the full vmlinux for noinstr validation, otherwise we can 285 * not correctly determine insn_call_dest(insn)->sec (external symbols 286 * do not have a section). 287 */ 288 if (opts.link && opts.noinstr && sec) 289 state->noinstr = sec->noinstr; 290} 291 292static struct cfi_state *cfi_alloc(void) 293{ 294 struct cfi_state *cfi = calloc(sizeof(struct cfi_state), 1); 295 if (!cfi) { 296 WARN("calloc failed"); 297 exit(1); 298 } 299 nr_cfi++; 300 return cfi; 301} 302 303static int cfi_bits; 304static struct hlist_head *cfi_hash; 305 306static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 307{ 308 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 309 (void *)cfi2 + sizeof(cfi2->hash), 310 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 311} 312 313static inline u32 cfi_key(struct cfi_state *cfi) 314{ 315 return jhash((void *)cfi + sizeof(cfi->hash), 316 sizeof(*cfi) - sizeof(cfi->hash), 0); 317} 318 319static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 320{ 321 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 322 struct cfi_state *obj; 323 324 hlist_for_each_entry(obj, head, hash) { 325 if (!cficmp(cfi, obj)) { 326 nr_cfi_cache++; 327 return obj; 328 } 329 } 330 331 obj = cfi_alloc(); 332 *obj = *cfi; 333 hlist_add_head(&obj->hash, head); 334 335 return obj; 336} 337 338static void cfi_hash_add(struct cfi_state *cfi) 339{ 340 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 341 342 hlist_add_head(&cfi->hash, head); 343} 344 345static void *cfi_hash_alloc(unsigned long size) 346{ 347 cfi_bits = max(10, ilog2(size)); 348 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 349 PROT_READ|PROT_WRITE, 350 MAP_PRIVATE|MAP_ANON, -1, 0); 351 if (cfi_hash == (void *)-1L) { 352 WARN("mmap fail cfi_hash"); 353 cfi_hash = NULL; 354 } else if (opts.stats) { 355 printf("cfi_bits: %d\n", cfi_bits); 356 } 357 358 return cfi_hash; 359} 360 361static unsigned long nr_insns; 362static unsigned long nr_insns_visited; 363 364/* 365 * Call the arch-specific instruction decoder for all the instructions and add 366 * them to the global instruction list. 367 */ 368static int decode_instructions(struct objtool_file *file) 369{ 370 struct section *sec; 371 struct symbol *func; 372 unsigned long offset; 373 struct instruction *insn; 374 int ret; 375 376 for_each_sec(file, sec) { 377 struct instruction *insns = NULL; 378 u8 prev_len = 0; 379 u8 idx = 0; 380 381 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 382 continue; 383 384 if (strcmp(sec->name, ".altinstr_replacement") && 385 strcmp(sec->name, ".altinstr_aux") && 386 strncmp(sec->name, ".discard.", 9)) 387 sec->text = true; 388 389 if (!strcmp(sec->name, ".noinstr.text") || 390 !strcmp(sec->name, ".entry.text") || 391 !strcmp(sec->name, ".cpuidle.text") || 392 !strncmp(sec->name, ".text..__x86.", 13)) 393 sec->noinstr = true; 394 395 /* 396 * .init.text code is ran before userspace and thus doesn't 397 * strictly need retpolines, except for modules which are 398 * loaded late, they very much do need retpoline in their 399 * .init.text 400 */ 401 if (!strcmp(sec->name, ".init.text") && !opts.module) 402 sec->init = true; 403 404 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 405 if (!insns || idx == INSN_CHUNK_MAX) { 406 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE); 407 if (!insns) { 408 WARN("malloc failed"); 409 return -1; 410 } 411 idx = 0; 412 } else { 413 idx++; 414 } 415 insn = &insns[idx]; 416 insn->idx = idx; 417 418 INIT_LIST_HEAD(&insn->call_node); 419 insn->sec = sec; 420 insn->offset = offset; 421 insn->prev_len = prev_len; 422 423 ret = arch_decode_instruction(file, sec, offset, 424 sec->sh.sh_size - offset, 425 insn); 426 if (ret) 427 return ret; 428 429 prev_len = insn->len; 430 431 /* 432 * By default, "ud2" is a dead end unless otherwise 433 * annotated, because GCC 7 inserts it for certain 434 * divide-by-zero cases. 435 */ 436 if (insn->type == INSN_BUG) 437 insn->dead_end = true; 438 439 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 440 nr_insns++; 441 } 442 443// printf("%s: last chunk used: %d\n", sec->name, (int)idx); 444 445 sec_for_each_sym(sec, func) { 446 if (func->type != STT_NOTYPE && func->type != STT_FUNC) 447 continue; 448 449 if (func->offset == sec->sh.sh_size) { 450 /* Heuristic: likely an "end" symbol */ 451 if (func->type == STT_NOTYPE) 452 continue; 453 WARN("%s(): STT_FUNC at end of section", 454 func->name); 455 return -1; 456 } 457 458 if (func->embedded_insn || func->alias != func) 459 continue; 460 461 if (!find_insn(file, sec, func->offset)) { 462 WARN("%s(): can't find starting instruction", 463 func->name); 464 return -1; 465 } 466 467 sym_for_each_insn(file, func, insn) { 468 insn->sym = func; 469 if (func->type == STT_FUNC && 470 insn->type == INSN_ENDBR && 471 list_empty(&insn->call_node)) { 472 if (insn->offset == func->offset) { 473 list_add_tail(&insn->call_node, &file->endbr_list); 474 file->nr_endbr++; 475 } else { 476 file->nr_endbr_int++; 477 } 478 } 479 } 480 } 481 } 482 483 if (opts.stats) 484 printf("nr_insns: %lu\n", nr_insns); 485 486 return 0; 487} 488 489/* 490 * Read the pv_ops[] .data table to find the static initialized values. 491 */ 492static int add_pv_ops(struct objtool_file *file, const char *symname) 493{ 494 struct symbol *sym, *func; 495 unsigned long off, end; 496 struct reloc *reloc; 497 int idx; 498 499 sym = find_symbol_by_name(file->elf, symname); 500 if (!sym) 501 return 0; 502 503 off = sym->offset; 504 end = off + sym->len; 505 for (;;) { 506 reloc = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 507 if (!reloc) 508 break; 509 510 func = reloc->sym; 511 if (func->type == STT_SECTION) 512 func = find_symbol_by_offset(reloc->sym->sec, 513 reloc_addend(reloc)); 514 515 idx = (reloc_offset(reloc) - sym->offset) / sizeof(unsigned long); 516 517 objtool_pv_add(file, idx, func); 518 519 off = reloc_offset(reloc) + 1; 520 if (off > end) 521 break; 522 } 523 524 return 0; 525} 526 527/* 528 * Allocate and initialize file->pv_ops[]. 529 */ 530static int init_pv_ops(struct objtool_file *file) 531{ 532 static const char *pv_ops_tables[] = { 533 "pv_ops", 534 "xen_cpu_ops", 535 "xen_irq_ops", 536 "xen_mmu_ops", 537 NULL, 538 }; 539 const char *pv_ops; 540 struct symbol *sym; 541 int idx, nr; 542 543 if (!opts.noinstr) 544 return 0; 545 546 file->pv_ops = NULL; 547 548 sym = find_symbol_by_name(file->elf, "pv_ops"); 549 if (!sym) 550 return 0; 551 552 nr = sym->len / sizeof(unsigned long); 553 file->pv_ops = calloc(sizeof(struct pv_state), nr); 554 if (!file->pv_ops) 555 return -1; 556 557 for (idx = 0; idx < nr; idx++) 558 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 559 560 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) 561 add_pv_ops(file, pv_ops); 562 563 return 0; 564} 565 566static struct instruction *find_last_insn(struct objtool_file *file, 567 struct section *sec) 568{ 569 struct instruction *insn = NULL; 570 unsigned int offset; 571 unsigned int end = (sec->sh.sh_size > 10) ? sec->sh.sh_size - 10 : 0; 572 573 for (offset = sec->sh.sh_size - 1; offset >= end && !insn; offset--) 574 insn = find_insn(file, sec, offset); 575 576 return insn; 577} 578 579/* 580 * Mark "ud2" instructions and manually annotated dead ends. 581 */ 582static int add_dead_ends(struct objtool_file *file) 583{ 584 struct section *rsec; 585 struct reloc *reloc; 586 struct instruction *insn; 587 s64 addend; 588 589 /* 590 * Check for manually annotated dead ends. 591 */ 592 rsec = find_section_by_name(file->elf, ".rela.discard.unreachable"); 593 if (!rsec) 594 goto reachable; 595 596 for_each_reloc(rsec, reloc) { 597 598 if (reloc->sym->type != STT_SECTION) { 599 WARN("unexpected relocation symbol type in %s", rsec->name); 600 return -1; 601 } 602 603 addend = reloc_addend(reloc); 604 605 insn = find_insn(file, reloc->sym->sec, addend); 606 if (insn) 607 insn = prev_insn_same_sec(file, insn); 608 else if (addend == reloc->sym->sec->sh.sh_size) { 609 insn = find_last_insn(file, reloc->sym->sec); 610 if (!insn) { 611 WARN("can't find unreachable insn at %s+0x%" PRIx64, 612 reloc->sym->sec->name, addend); 613 return -1; 614 } 615 } else { 616 WARN("can't find unreachable insn at %s+0x%" PRIx64, 617 reloc->sym->sec->name, addend); 618 return -1; 619 } 620 621 insn->dead_end = true; 622 } 623 624reachable: 625 /* 626 * These manually annotated reachable checks are needed for GCC 4.4, 627 * where the Linux unreachable() macro isn't supported. In that case 628 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's 629 * not a dead end. 630 */ 631 rsec = find_section_by_name(file->elf, ".rela.discard.reachable"); 632 if (!rsec) 633 return 0; 634 635 for_each_reloc(rsec, reloc) { 636 637 if (reloc->sym->type != STT_SECTION) { 638 WARN("unexpected relocation symbol type in %s", rsec->name); 639 return -1; 640 } 641 642 addend = reloc_addend(reloc); 643 644 insn = find_insn(file, reloc->sym->sec, addend); 645 if (insn) 646 insn = prev_insn_same_sec(file, insn); 647 else if (addend == reloc->sym->sec->sh.sh_size) { 648 insn = find_last_insn(file, reloc->sym->sec); 649 if (!insn) { 650 WARN("can't find reachable insn at %s+0x%" PRIx64, 651 reloc->sym->sec->name, addend); 652 return -1; 653 } 654 } else { 655 WARN("can't find reachable insn at %s+0x%" PRIx64, 656 reloc->sym->sec->name, addend); 657 return -1; 658 } 659 660 insn->dead_end = false; 661 } 662 663 return 0; 664} 665 666static int create_static_call_sections(struct objtool_file *file) 667{ 668 struct static_call_site *site; 669 struct section *sec; 670 struct instruction *insn; 671 struct symbol *key_sym; 672 char *key_name, *tmp; 673 int idx; 674 675 sec = find_section_by_name(file->elf, ".static_call_sites"); 676 if (sec) { 677 INIT_LIST_HEAD(&file->static_call_list); 678 WARN("file already has .static_call_sites section, skipping"); 679 return 0; 680 } 681 682 if (list_empty(&file->static_call_list)) 683 return 0; 684 685 idx = 0; 686 list_for_each_entry(insn, &file->static_call_list, call_node) 687 idx++; 688 689 sec = elf_create_section_pair(file->elf, ".static_call_sites", 690 sizeof(*site), idx, idx * 2); 691 if (!sec) 692 return -1; 693 694 /* Allow modules to modify the low bits of static_call_site::key */ 695 sec->sh.sh_flags |= SHF_WRITE; 696 697 idx = 0; 698 list_for_each_entry(insn, &file->static_call_list, call_node) { 699 700 /* populate reloc for 'addr' */ 701 if (!elf_init_reloc_text_sym(file->elf, sec, 702 idx * sizeof(*site), idx * 2, 703 insn->sec, insn->offset)) 704 return -1; 705 706 /* find key symbol */ 707 key_name = strdup(insn_call_dest(insn)->name); 708 if (!key_name) { 709 perror("strdup"); 710 return -1; 711 } 712 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 713 STATIC_CALL_TRAMP_PREFIX_LEN)) { 714 WARN("static_call: trampoline name malformed: %s", key_name); 715 free(key_name); 716 return -1; 717 } 718 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 719 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 720 721 key_sym = find_symbol_by_name(file->elf, tmp); 722 if (!key_sym) { 723 if (!opts.module) { 724 WARN("static_call: can't find static_call_key symbol: %s", tmp); 725 free(key_name); 726 return -1; 727 } 728 729 /* 730 * For modules(), the key might not be exported, which 731 * means the module can make static calls but isn't 732 * allowed to change them. 733 * 734 * In that case we temporarily set the key to be the 735 * trampoline address. This is fixed up in 736 * static_call_add_module(). 737 */ 738 key_sym = insn_call_dest(insn); 739 } 740 free(key_name); 741 742 /* populate reloc for 'key' */ 743 if (!elf_init_reloc_data_sym(file->elf, sec, 744 idx * sizeof(*site) + 4, 745 (idx * 2) + 1, key_sym, 746 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 747 return -1; 748 749 idx++; 750 } 751 752 return 0; 753} 754 755static int create_retpoline_sites_sections(struct objtool_file *file) 756{ 757 struct instruction *insn; 758 struct section *sec; 759 int idx; 760 761 sec = find_section_by_name(file->elf, ".retpoline_sites"); 762 if (sec) { 763 WARN("file already has .retpoline_sites, skipping"); 764 return 0; 765 } 766 767 idx = 0; 768 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 769 idx++; 770 771 if (!idx) 772 return 0; 773 774 sec = elf_create_section_pair(file->elf, ".retpoline_sites", 775 sizeof(int), idx, idx); 776 if (!sec) 777 return -1; 778 779 idx = 0; 780 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 781 782 if (!elf_init_reloc_text_sym(file->elf, sec, 783 idx * sizeof(int), idx, 784 insn->sec, insn->offset)) 785 return -1; 786 787 idx++; 788 } 789 790 return 0; 791} 792 793static int create_return_sites_sections(struct objtool_file *file) 794{ 795 struct instruction *insn; 796 struct section *sec; 797 int idx; 798 799 sec = find_section_by_name(file->elf, ".return_sites"); 800 if (sec) { 801 WARN("file already has .return_sites, skipping"); 802 return 0; 803 } 804 805 idx = 0; 806 list_for_each_entry(insn, &file->return_thunk_list, call_node) 807 idx++; 808 809 if (!idx) 810 return 0; 811 812 sec = elf_create_section_pair(file->elf, ".return_sites", 813 sizeof(int), idx, idx); 814 if (!sec) 815 return -1; 816 817 idx = 0; 818 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 819 820 if (!elf_init_reloc_text_sym(file->elf, sec, 821 idx * sizeof(int), idx, 822 insn->sec, insn->offset)) 823 return -1; 824 825 idx++; 826 } 827 828 return 0; 829} 830 831static int create_ibt_endbr_seal_sections(struct objtool_file *file) 832{ 833 struct instruction *insn; 834 struct section *sec; 835 int idx; 836 837 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 838 if (sec) { 839 WARN("file already has .ibt_endbr_seal, skipping"); 840 return 0; 841 } 842 843 idx = 0; 844 list_for_each_entry(insn, &file->endbr_list, call_node) 845 idx++; 846 847 if (opts.stats) { 848 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 849 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 850 printf("ibt: superfluous ENDBR: %d\n", idx); 851 } 852 853 if (!idx) 854 return 0; 855 856 sec = elf_create_section_pair(file->elf, ".ibt_endbr_seal", 857 sizeof(int), idx, idx); 858 if (!sec) 859 return -1; 860 861 idx = 0; 862 list_for_each_entry(insn, &file->endbr_list, call_node) { 863 864 int *site = (int *)sec->data->d_buf + idx; 865 struct symbol *sym = insn->sym; 866 *site = 0; 867 868 if (opts.module && sym && sym->type == STT_FUNC && 869 insn->offset == sym->offset && 870 (!strcmp(sym->name, "init_module") || 871 !strcmp(sym->name, "cleanup_module"))) 872 WARN("%s(): not an indirect call target", sym->name); 873 874 if (!elf_init_reloc_text_sym(file->elf, sec, 875 idx * sizeof(int), idx, 876 insn->sec, insn->offset)) 877 return -1; 878 879 idx++; 880 } 881 882 return 0; 883} 884 885static int create_cfi_sections(struct objtool_file *file) 886{ 887 struct section *sec; 888 struct symbol *sym; 889 int idx; 890 891 sec = find_section_by_name(file->elf, ".cfi_sites"); 892 if (sec) { 893 INIT_LIST_HEAD(&file->call_list); 894 WARN("file already has .cfi_sites section, skipping"); 895 return 0; 896 } 897 898 idx = 0; 899 for_each_sym(file, sym) { 900 if (sym->type != STT_FUNC) 901 continue; 902 903 if (strncmp(sym->name, "__cfi_", 6)) 904 continue; 905 906 idx++; 907 } 908 909 sec = elf_create_section_pair(file->elf, ".cfi_sites", 910 sizeof(unsigned int), idx, idx); 911 if (!sec) 912 return -1; 913 914 idx = 0; 915 for_each_sym(file, sym) { 916 if (sym->type != STT_FUNC) 917 continue; 918 919 if (strncmp(sym->name, "__cfi_", 6)) 920 continue; 921 922 if (!elf_init_reloc_text_sym(file->elf, sec, 923 idx * sizeof(unsigned int), idx, 924 sym->sec, sym->offset)) 925 return -1; 926 927 idx++; 928 } 929 930 return 0; 931} 932 933static int create_mcount_loc_sections(struct objtool_file *file) 934{ 935 size_t addr_size = elf_addr_size(file->elf); 936 struct instruction *insn; 937 struct section *sec; 938 int idx; 939 940 sec = find_section_by_name(file->elf, "__mcount_loc"); 941 if (sec) { 942 INIT_LIST_HEAD(&file->mcount_loc_list); 943 WARN("file already has __mcount_loc section, skipping"); 944 return 0; 945 } 946 947 if (list_empty(&file->mcount_loc_list)) 948 return 0; 949 950 idx = 0; 951 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 952 idx++; 953 954 sec = elf_create_section_pair(file->elf, "__mcount_loc", addr_size, 955 idx, idx); 956 if (!sec) 957 return -1; 958 959 sec->sh.sh_addralign = addr_size; 960 961 idx = 0; 962 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 963 964 struct reloc *reloc; 965 966 reloc = elf_init_reloc_text_sym(file->elf, sec, idx * addr_size, idx, 967 insn->sec, insn->offset); 968 if (!reloc) 969 return -1; 970 971 set_reloc_type(file->elf, reloc, addr_size == 8 ? R_ABS64 : R_ABS32); 972 973 idx++; 974 } 975 976 return 0; 977} 978 979static int create_direct_call_sections(struct objtool_file *file) 980{ 981 struct instruction *insn; 982 struct section *sec; 983 int idx; 984 985 sec = find_section_by_name(file->elf, ".call_sites"); 986 if (sec) { 987 INIT_LIST_HEAD(&file->call_list); 988 WARN("file already has .call_sites section, skipping"); 989 return 0; 990 } 991 992 if (list_empty(&file->call_list)) 993 return 0; 994 995 idx = 0; 996 list_for_each_entry(insn, &file->call_list, call_node) 997 idx++; 998 999 sec = elf_create_section_pair(file->elf, ".call_sites", 1000 sizeof(unsigned int), idx, idx); 1001 if (!sec) 1002 return -1; 1003 1004 idx = 0; 1005 list_for_each_entry(insn, &file->call_list, call_node) { 1006 1007 if (!elf_init_reloc_text_sym(file->elf, sec, 1008 idx * sizeof(unsigned int), idx, 1009 insn->sec, insn->offset)) 1010 return -1; 1011 1012 idx++; 1013 } 1014 1015 return 0; 1016} 1017 1018/* 1019 * Warnings shouldn't be reported for ignored functions. 1020 */ 1021static void add_ignores(struct objtool_file *file) 1022{ 1023 struct instruction *insn; 1024 struct section *rsec; 1025 struct symbol *func; 1026 struct reloc *reloc; 1027 1028 rsec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 1029 if (!rsec) 1030 return; 1031 1032 for_each_reloc(rsec, reloc) { 1033 switch (reloc->sym->type) { 1034 case STT_FUNC: 1035 func = reloc->sym; 1036 break; 1037 1038 case STT_SECTION: 1039 func = find_func_by_offset(reloc->sym->sec, reloc_addend(reloc)); 1040 if (!func) 1041 continue; 1042 break; 1043 1044 default: 1045 WARN("unexpected relocation symbol type in %s: %d", 1046 rsec->name, reloc->sym->type); 1047 continue; 1048 } 1049 1050 func_for_each_insn(file, func, insn) 1051 insn->ignore = true; 1052 } 1053} 1054 1055/* 1056 * This is a whitelist of functions that is allowed to be called with AC set. 1057 * The list is meant to be minimal and only contains compiler instrumentation 1058 * ABI and a few functions used to implement *_{to,from}_user() functions. 1059 * 1060 * These functions must not directly change AC, but may PUSHF/POPF. 1061 */ 1062static const char *uaccess_safe_builtin[] = { 1063 /* KASAN */ 1064 "kasan_report", 1065 "kasan_check_range", 1066 /* KASAN out-of-line */ 1067 "__asan_loadN_noabort", 1068 "__asan_load1_noabort", 1069 "__asan_load2_noabort", 1070 "__asan_load4_noabort", 1071 "__asan_load8_noabort", 1072 "__asan_load16_noabort", 1073 "__asan_storeN_noabort", 1074 "__asan_store1_noabort", 1075 "__asan_store2_noabort", 1076 "__asan_store4_noabort", 1077 "__asan_store8_noabort", 1078 "__asan_store16_noabort", 1079 "__kasan_check_read", 1080 "__kasan_check_write", 1081 /* KASAN in-line */ 1082 "__asan_report_load_n_noabort", 1083 "__asan_report_load1_noabort", 1084 "__asan_report_load2_noabort", 1085 "__asan_report_load4_noabort", 1086 "__asan_report_load8_noabort", 1087 "__asan_report_load16_noabort", 1088 "__asan_report_store_n_noabort", 1089 "__asan_report_store1_noabort", 1090 "__asan_report_store2_noabort", 1091 "__asan_report_store4_noabort", 1092 "__asan_report_store8_noabort", 1093 "__asan_report_store16_noabort", 1094 /* KCSAN */ 1095 "__kcsan_check_access", 1096 "__kcsan_mb", 1097 "__kcsan_wmb", 1098 "__kcsan_rmb", 1099 "__kcsan_release", 1100 "kcsan_found_watchpoint", 1101 "kcsan_setup_watchpoint", 1102 "kcsan_check_scoped_accesses", 1103 "kcsan_disable_current", 1104 "kcsan_enable_current_nowarn", 1105 /* KCSAN/TSAN */ 1106 "__tsan_func_entry", 1107 "__tsan_func_exit", 1108 "__tsan_read_range", 1109 "__tsan_write_range", 1110 "__tsan_read1", 1111 "__tsan_read2", 1112 "__tsan_read4", 1113 "__tsan_read8", 1114 "__tsan_read16", 1115 "__tsan_write1", 1116 "__tsan_write2", 1117 "__tsan_write4", 1118 "__tsan_write8", 1119 "__tsan_write16", 1120 "__tsan_read_write1", 1121 "__tsan_read_write2", 1122 "__tsan_read_write4", 1123 "__tsan_read_write8", 1124 "__tsan_read_write16", 1125 "__tsan_volatile_read1", 1126 "__tsan_volatile_read2", 1127 "__tsan_volatile_read4", 1128 "__tsan_volatile_read8", 1129 "__tsan_volatile_read16", 1130 "__tsan_volatile_write1", 1131 "__tsan_volatile_write2", 1132 "__tsan_volatile_write4", 1133 "__tsan_volatile_write8", 1134 "__tsan_volatile_write16", 1135 "__tsan_atomic8_load", 1136 "__tsan_atomic16_load", 1137 "__tsan_atomic32_load", 1138 "__tsan_atomic64_load", 1139 "__tsan_atomic8_store", 1140 "__tsan_atomic16_store", 1141 "__tsan_atomic32_store", 1142 "__tsan_atomic64_store", 1143 "__tsan_atomic8_exchange", 1144 "__tsan_atomic16_exchange", 1145 "__tsan_atomic32_exchange", 1146 "__tsan_atomic64_exchange", 1147 "__tsan_atomic8_fetch_add", 1148 "__tsan_atomic16_fetch_add", 1149 "__tsan_atomic32_fetch_add", 1150 "__tsan_atomic64_fetch_add", 1151 "__tsan_atomic8_fetch_sub", 1152 "__tsan_atomic16_fetch_sub", 1153 "__tsan_atomic32_fetch_sub", 1154 "__tsan_atomic64_fetch_sub", 1155 "__tsan_atomic8_fetch_and", 1156 "__tsan_atomic16_fetch_and", 1157 "__tsan_atomic32_fetch_and", 1158 "__tsan_atomic64_fetch_and", 1159 "__tsan_atomic8_fetch_or", 1160 "__tsan_atomic16_fetch_or", 1161 "__tsan_atomic32_fetch_or", 1162 "__tsan_atomic64_fetch_or", 1163 "__tsan_atomic8_fetch_xor", 1164 "__tsan_atomic16_fetch_xor", 1165 "__tsan_atomic32_fetch_xor", 1166 "__tsan_atomic64_fetch_xor", 1167 "__tsan_atomic8_fetch_nand", 1168 "__tsan_atomic16_fetch_nand", 1169 "__tsan_atomic32_fetch_nand", 1170 "__tsan_atomic64_fetch_nand", 1171 "__tsan_atomic8_compare_exchange_strong", 1172 "__tsan_atomic16_compare_exchange_strong", 1173 "__tsan_atomic32_compare_exchange_strong", 1174 "__tsan_atomic64_compare_exchange_strong", 1175 "__tsan_atomic8_compare_exchange_weak", 1176 "__tsan_atomic16_compare_exchange_weak", 1177 "__tsan_atomic32_compare_exchange_weak", 1178 "__tsan_atomic64_compare_exchange_weak", 1179 "__tsan_atomic8_compare_exchange_val", 1180 "__tsan_atomic16_compare_exchange_val", 1181 "__tsan_atomic32_compare_exchange_val", 1182 "__tsan_atomic64_compare_exchange_val", 1183 "__tsan_atomic_thread_fence", 1184 "__tsan_atomic_signal_fence", 1185 "__tsan_unaligned_read16", 1186 "__tsan_unaligned_write16", 1187 /* KCOV */ 1188 "write_comp_data", 1189 "check_kcov_mode", 1190 "__sanitizer_cov_trace_pc", 1191 "__sanitizer_cov_trace_const_cmp1", 1192 "__sanitizer_cov_trace_const_cmp2", 1193 "__sanitizer_cov_trace_const_cmp4", 1194 "__sanitizer_cov_trace_const_cmp8", 1195 "__sanitizer_cov_trace_cmp1", 1196 "__sanitizer_cov_trace_cmp2", 1197 "__sanitizer_cov_trace_cmp4", 1198 "__sanitizer_cov_trace_cmp8", 1199 "__sanitizer_cov_trace_switch", 1200 /* KMSAN */ 1201 "kmsan_copy_to_user", 1202 "kmsan_report", 1203 "kmsan_unpoison_entry_regs", 1204 "kmsan_unpoison_memory", 1205 "__msan_chain_origin", 1206 "__msan_get_context_state", 1207 "__msan_instrument_asm_store", 1208 "__msan_metadata_ptr_for_load_1", 1209 "__msan_metadata_ptr_for_load_2", 1210 "__msan_metadata_ptr_for_load_4", 1211 "__msan_metadata_ptr_for_load_8", 1212 "__msan_metadata_ptr_for_load_n", 1213 "__msan_metadata_ptr_for_store_1", 1214 "__msan_metadata_ptr_for_store_2", 1215 "__msan_metadata_ptr_for_store_4", 1216 "__msan_metadata_ptr_for_store_8", 1217 "__msan_metadata_ptr_for_store_n", 1218 "__msan_poison_alloca", 1219 "__msan_warning", 1220 /* UBSAN */ 1221 "ubsan_type_mismatch_common", 1222 "__ubsan_handle_type_mismatch", 1223 "__ubsan_handle_type_mismatch_v1", 1224 "__ubsan_handle_shift_out_of_bounds", 1225 "__ubsan_handle_load_invalid_value", 1226 /* STACKLEAK */ 1227 "stackleak_track_stack", 1228 /* misc */ 1229 "csum_partial_copy_generic", 1230 "copy_mc_fragile", 1231 "copy_mc_fragile_handle_tail", 1232 "copy_mc_enhanced_fast_string", 1233 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 1234 "rep_stos_alternative", 1235 "rep_movs_alternative", 1236 "__copy_user_nocache", 1237 NULL 1238}; 1239 1240static void add_uaccess_safe(struct objtool_file *file) 1241{ 1242 struct symbol *func; 1243 const char **name; 1244 1245 if (!opts.uaccess) 1246 return; 1247 1248 for (name = uaccess_safe_builtin; *name; name++) { 1249 func = find_symbol_by_name(file->elf, *name); 1250 if (!func) 1251 continue; 1252 1253 func->uaccess_safe = true; 1254 } 1255} 1256 1257/* 1258 * FIXME: For now, just ignore any alternatives which add retpolines. This is 1259 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline. 1260 * But it at least allows objtool to understand the control flow *around* the 1261 * retpoline. 1262 */ 1263static int add_ignore_alternatives(struct objtool_file *file) 1264{ 1265 struct section *rsec; 1266 struct reloc *reloc; 1267 struct instruction *insn; 1268 1269 rsec = find_section_by_name(file->elf, ".rela.discard.ignore_alts"); 1270 if (!rsec) 1271 return 0; 1272 1273 for_each_reloc(rsec, reloc) { 1274 if (reloc->sym->type != STT_SECTION) { 1275 WARN("unexpected relocation symbol type in %s", rsec->name); 1276 return -1; 1277 } 1278 1279 insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 1280 if (!insn) { 1281 WARN("bad .discard.ignore_alts entry"); 1282 return -1; 1283 } 1284 1285 insn->ignore_alts = true; 1286 } 1287 1288 return 0; 1289} 1290 1291/* 1292 * Symbols that replace INSN_CALL_DYNAMIC, every (tail) call to such a symbol 1293 * will be added to the .retpoline_sites section. 1294 */ 1295__weak bool arch_is_retpoline(struct symbol *sym) 1296{ 1297 return false; 1298} 1299 1300/* 1301 * Symbols that replace INSN_RETURN, every (tail) call to such a symbol 1302 * will be added to the .return_sites section. 1303 */ 1304__weak bool arch_is_rethunk(struct symbol *sym) 1305{ 1306 return false; 1307} 1308 1309/* 1310 * Symbols that are embedded inside other instructions, because sometimes crazy 1311 * code exists. These are mostly ignored for validation purposes. 1312 */ 1313__weak bool arch_is_embedded_insn(struct symbol *sym) 1314{ 1315 return false; 1316} 1317 1318static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1319{ 1320 struct reloc *reloc; 1321 1322 if (insn->no_reloc) 1323 return NULL; 1324 1325 if (!file) 1326 return NULL; 1327 1328 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1329 insn->offset, insn->len); 1330 if (!reloc) { 1331 insn->no_reloc = 1; 1332 return NULL; 1333 } 1334 1335 return reloc; 1336} 1337 1338static void remove_insn_ops(struct instruction *insn) 1339{ 1340 struct stack_op *op, *next; 1341 1342 for (op = insn->stack_ops; op; op = next) { 1343 next = op->next; 1344 free(op); 1345 } 1346 insn->stack_ops = NULL; 1347} 1348 1349static void annotate_call_site(struct objtool_file *file, 1350 struct instruction *insn, bool sibling) 1351{ 1352 struct reloc *reloc = insn_reloc(file, insn); 1353 struct symbol *sym = insn_call_dest(insn); 1354 1355 if (!sym) 1356 sym = reloc->sym; 1357 1358 /* 1359 * Alternative replacement code is just template code which is 1360 * sometimes copied to the original instruction. For now, don't 1361 * annotate it. (In the future we might consider annotating the 1362 * original instruction if/when it ever makes sense to do so.) 1363 */ 1364 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 1365 return; 1366 1367 if (sym->static_call_tramp) { 1368 list_add_tail(&insn->call_node, &file->static_call_list); 1369 return; 1370 } 1371 1372 if (sym->retpoline_thunk) { 1373 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1374 return; 1375 } 1376 1377 /* 1378 * Many compilers cannot disable KCOV or sanitizer calls with a function 1379 * attribute so they need a little help, NOP out any such calls from 1380 * noinstr text. 1381 */ 1382 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1383 if (reloc) 1384 set_reloc_type(file->elf, reloc, R_NONE); 1385 1386 elf_write_insn(file->elf, insn->sec, 1387 insn->offset, insn->len, 1388 sibling ? arch_ret_insn(insn->len) 1389 : arch_nop_insn(insn->len)); 1390 1391 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1392 1393 if (sibling) { 1394 /* 1395 * We've replaced the tail-call JMP insn by two new 1396 * insn: RET; INT3, except we only have a single struct 1397 * insn here. Mark it retpoline_safe to avoid the SLS 1398 * warning, instead of adding another insn. 1399 */ 1400 insn->retpoline_safe = true; 1401 } 1402 1403 return; 1404 } 1405 1406 if (opts.mcount && sym->fentry) { 1407 if (sibling) 1408 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1409 if (opts.mnop) { 1410 if (reloc) 1411 set_reloc_type(file->elf, reloc, R_NONE); 1412 1413 elf_write_insn(file->elf, insn->sec, 1414 insn->offset, insn->len, 1415 arch_nop_insn(insn->len)); 1416 1417 insn->type = INSN_NOP; 1418 } 1419 1420 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1421 return; 1422 } 1423 1424 if (insn->type == INSN_CALL && !insn->sec->init) 1425 list_add_tail(&insn->call_node, &file->call_list); 1426 1427 if (!sibling && dead_end_function(file, sym)) 1428 insn->dead_end = true; 1429} 1430 1431static void add_call_dest(struct objtool_file *file, struct instruction *insn, 1432 struct symbol *dest, bool sibling) 1433{ 1434 insn->_call_dest = dest; 1435 if (!dest) 1436 return; 1437 1438 /* 1439 * Whatever stack impact regular CALLs have, should be undone 1440 * by the RETURN of the called function. 1441 * 1442 * Annotated intra-function calls retain the stack_ops but 1443 * are converted to JUMP, see read_intra_function_calls(). 1444 */ 1445 remove_insn_ops(insn); 1446 1447 annotate_call_site(file, insn, sibling); 1448} 1449 1450static void add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1451{ 1452 /* 1453 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1454 * so convert them accordingly. 1455 */ 1456 switch (insn->type) { 1457 case INSN_CALL: 1458 insn->type = INSN_CALL_DYNAMIC; 1459 break; 1460 case INSN_JUMP_UNCONDITIONAL: 1461 insn->type = INSN_JUMP_DYNAMIC; 1462 break; 1463 case INSN_JUMP_CONDITIONAL: 1464 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1465 break; 1466 default: 1467 return; 1468 } 1469 1470 insn->retpoline_safe = true; 1471 1472 /* 1473 * Whatever stack impact regular CALLs have, should be undone 1474 * by the RETURN of the called function. 1475 * 1476 * Annotated intra-function calls retain the stack_ops but 1477 * are converted to JUMP, see read_intra_function_calls(). 1478 */ 1479 remove_insn_ops(insn); 1480 1481 annotate_call_site(file, insn, false); 1482} 1483 1484static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1485{ 1486 /* 1487 * Return thunk tail calls are really just returns in disguise, 1488 * so convert them accordingly. 1489 */ 1490 insn->type = INSN_RETURN; 1491 insn->retpoline_safe = true; 1492 1493 if (add) 1494 list_add_tail(&insn->call_node, &file->return_thunk_list); 1495} 1496 1497static bool is_first_func_insn(struct objtool_file *file, 1498 struct instruction *insn, struct symbol *sym) 1499{ 1500 if (insn->offset == sym->offset) 1501 return true; 1502 1503 /* Allow direct CALL/JMP past ENDBR */ 1504 if (opts.ibt) { 1505 struct instruction *prev = prev_insn_same_sym(file, insn); 1506 1507 if (prev && prev->type == INSN_ENDBR && 1508 insn->offset == sym->offset + prev->len) 1509 return true; 1510 } 1511 1512 return false; 1513} 1514 1515/* 1516 * A sibling call is a tail-call to another symbol -- to differentiate from a 1517 * recursive tail-call which is to the same symbol. 1518 */ 1519static bool jump_is_sibling_call(struct objtool_file *file, 1520 struct instruction *from, struct instruction *to) 1521{ 1522 struct symbol *fs = from->sym; 1523 struct symbol *ts = to->sym; 1524 1525 /* Not a sibling call if from/to a symbol hole */ 1526 if (!fs || !ts) 1527 return false; 1528 1529 /* Not a sibling call if not targeting the start of a symbol. */ 1530 if (!is_first_func_insn(file, to, ts)) 1531 return false; 1532 1533 /* Disallow sibling calls into STT_NOTYPE */ 1534 if (ts->type == STT_NOTYPE) 1535 return false; 1536 1537 /* Must not be self to be a sibling */ 1538 return fs->pfunc != ts->pfunc; 1539} 1540 1541/* 1542 * Find the destination instructions for all jumps. 1543 */ 1544static int add_jump_destinations(struct objtool_file *file) 1545{ 1546 struct instruction *insn, *jump_dest; 1547 struct reloc *reloc; 1548 struct section *dest_sec; 1549 unsigned long dest_off; 1550 1551 for_each_insn(file, insn) { 1552 if (insn->jump_dest) { 1553 /* 1554 * handle_group_alt() may have previously set 1555 * 'jump_dest' for some alternatives. 1556 */ 1557 continue; 1558 } 1559 if (!is_static_jump(insn)) 1560 continue; 1561 1562 reloc = insn_reloc(file, insn); 1563 if (!reloc) { 1564 dest_sec = insn->sec; 1565 dest_off = arch_jump_destination(insn); 1566 } else if (reloc->sym->type == STT_SECTION) { 1567 dest_sec = reloc->sym->sec; 1568 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1569 } else if (reloc->sym->retpoline_thunk) { 1570 add_retpoline_call(file, insn); 1571 continue; 1572 } else if (reloc->sym->return_thunk) { 1573 add_return_call(file, insn, true); 1574 continue; 1575 } else if (insn_func(insn)) { 1576 /* 1577 * External sibling call or internal sibling call with 1578 * STT_FUNC reloc. 1579 */ 1580 add_call_dest(file, insn, reloc->sym, true); 1581 continue; 1582 } else if (reloc->sym->sec->idx) { 1583 dest_sec = reloc->sym->sec; 1584 dest_off = reloc->sym->sym.st_value + 1585 arch_dest_reloc_offset(reloc_addend(reloc)); 1586 } else { 1587 /* non-func asm code jumping to another file */ 1588 continue; 1589 } 1590 1591 jump_dest = find_insn(file, dest_sec, dest_off); 1592 if (!jump_dest) { 1593 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1594 1595 /* 1596 * This is a special case for retbleed_untrain_ret(). 1597 * It jumps to __x86_return_thunk(), but objtool 1598 * can't find the thunk's starting RET 1599 * instruction, because the RET is also in the 1600 * middle of another instruction. Objtool only 1601 * knows about the outer instruction. 1602 */ 1603 if (sym && sym->embedded_insn) { 1604 add_return_call(file, insn, false); 1605 continue; 1606 } 1607 1608 WARN_INSN(insn, "can't find jump dest instruction at %s+0x%lx", 1609 dest_sec->name, dest_off); 1610 return -1; 1611 } 1612 1613 /* 1614 * Cross-function jump. 1615 */ 1616 if (insn_func(insn) && insn_func(jump_dest) && 1617 insn_func(insn) != insn_func(jump_dest)) { 1618 1619 /* 1620 * For GCC 8+, create parent/child links for any cold 1621 * subfunctions. This is _mostly_ redundant with a 1622 * similar initialization in read_symbols(). 1623 * 1624 * If a function has aliases, we want the *first* such 1625 * function in the symbol table to be the subfunction's 1626 * parent. In that case we overwrite the 1627 * initialization done in read_symbols(). 1628 * 1629 * However this code can't completely replace the 1630 * read_symbols() code because this doesn't detect the 1631 * case where the parent function's only reference to a 1632 * subfunction is through a jump table. 1633 */ 1634 if (!strstr(insn_func(insn)->name, ".cold") && 1635 strstr(insn_func(jump_dest)->name, ".cold")) { 1636 insn_func(insn)->cfunc = insn_func(jump_dest); 1637 insn_func(jump_dest)->pfunc = insn_func(insn); 1638 } 1639 } 1640 1641 if (jump_is_sibling_call(file, insn, jump_dest)) { 1642 /* 1643 * Internal sibling call without reloc or with 1644 * STT_SECTION reloc. 1645 */ 1646 add_call_dest(file, insn, insn_func(jump_dest), true); 1647 continue; 1648 } 1649 1650 insn->jump_dest = jump_dest; 1651 } 1652 1653 return 0; 1654} 1655 1656static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1657{ 1658 struct symbol *call_dest; 1659 1660 call_dest = find_func_by_offset(sec, offset); 1661 if (!call_dest) 1662 call_dest = find_symbol_by_offset(sec, offset); 1663 1664 return call_dest; 1665} 1666 1667/* 1668 * Find the destination instructions for all calls. 1669 */ 1670static int add_call_destinations(struct objtool_file *file) 1671{ 1672 struct instruction *insn; 1673 unsigned long dest_off; 1674 struct symbol *dest; 1675 struct reloc *reloc; 1676 1677 for_each_insn(file, insn) { 1678 if (insn->type != INSN_CALL) 1679 continue; 1680 1681 reloc = insn_reloc(file, insn); 1682 if (!reloc) { 1683 dest_off = arch_jump_destination(insn); 1684 dest = find_call_destination(insn->sec, dest_off); 1685 1686 add_call_dest(file, insn, dest, false); 1687 1688 if (insn->ignore) 1689 continue; 1690 1691 if (!insn_call_dest(insn)) { 1692 WARN_INSN(insn, "unannotated intra-function call"); 1693 return -1; 1694 } 1695 1696 if (insn_func(insn) && insn_call_dest(insn)->type != STT_FUNC) { 1697 WARN_INSN(insn, "unsupported call to non-function"); 1698 return -1; 1699 } 1700 1701 } else if (reloc->sym->type == STT_SECTION) { 1702 dest_off = arch_dest_reloc_offset(reloc_addend(reloc)); 1703 dest = find_call_destination(reloc->sym->sec, dest_off); 1704 if (!dest) { 1705 WARN_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1706 reloc->sym->sec->name, dest_off); 1707 return -1; 1708 } 1709 1710 add_call_dest(file, insn, dest, false); 1711 1712 } else if (reloc->sym->retpoline_thunk) { 1713 add_retpoline_call(file, insn); 1714 1715 } else 1716 add_call_dest(file, insn, reloc->sym, false); 1717 } 1718 1719 return 0; 1720} 1721 1722/* 1723 * The .alternatives section requires some extra special care over and above 1724 * other special sections because alternatives are patched in place. 1725 */ 1726static int handle_group_alt(struct objtool_file *file, 1727 struct special_alt *special_alt, 1728 struct instruction *orig_insn, 1729 struct instruction **new_insn) 1730{ 1731 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1732 struct alt_group *orig_alt_group, *new_alt_group; 1733 unsigned long dest_off; 1734 1735 orig_alt_group = orig_insn->alt_group; 1736 if (!orig_alt_group) { 1737 struct instruction *last_orig_insn = NULL; 1738 1739 orig_alt_group = malloc(sizeof(*orig_alt_group)); 1740 if (!orig_alt_group) { 1741 WARN("malloc failed"); 1742 return -1; 1743 } 1744 orig_alt_group->cfi = calloc(special_alt->orig_len, 1745 sizeof(struct cfi_state *)); 1746 if (!orig_alt_group->cfi) { 1747 WARN("calloc failed"); 1748 return -1; 1749 } 1750 1751 insn = orig_insn; 1752 sec_for_each_insn_from(file, insn) { 1753 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1754 break; 1755 1756 insn->alt_group = orig_alt_group; 1757 last_orig_insn = insn; 1758 } 1759 orig_alt_group->orig_group = NULL; 1760 orig_alt_group->first_insn = orig_insn; 1761 orig_alt_group->last_insn = last_orig_insn; 1762 orig_alt_group->nop = NULL; 1763 } else { 1764 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1765 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1766 WARN_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1767 orig_alt_group->last_insn->offset + 1768 orig_alt_group->last_insn->len - 1769 orig_alt_group->first_insn->offset, 1770 special_alt->orig_len); 1771 return -1; 1772 } 1773 } 1774 1775 new_alt_group = malloc(sizeof(*new_alt_group)); 1776 if (!new_alt_group) { 1777 WARN("malloc failed"); 1778 return -1; 1779 } 1780 1781 if (special_alt->new_len < special_alt->orig_len) { 1782 /* 1783 * Insert a fake nop at the end to make the replacement 1784 * alt_group the same size as the original. This is needed to 1785 * allow propagate_alt_cfi() to do its magic. When the last 1786 * instruction affects the stack, the instruction after it (the 1787 * nop) will propagate the new state to the shared CFI array. 1788 */ 1789 nop = malloc(sizeof(*nop)); 1790 if (!nop) { 1791 WARN("malloc failed"); 1792 return -1; 1793 } 1794 memset(nop, 0, sizeof(*nop)); 1795 1796 nop->sec = special_alt->new_sec; 1797 nop->offset = special_alt->new_off + special_alt->new_len; 1798 nop->len = special_alt->orig_len - special_alt->new_len; 1799 nop->type = INSN_NOP; 1800 nop->sym = orig_insn->sym; 1801 nop->alt_group = new_alt_group; 1802 nop->ignore = orig_insn->ignore_alts; 1803 } 1804 1805 if (!special_alt->new_len) { 1806 *new_insn = nop; 1807 goto end; 1808 } 1809 1810 insn = *new_insn; 1811 sec_for_each_insn_from(file, insn) { 1812 struct reloc *alt_reloc; 1813 1814 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1815 break; 1816 1817 last_new_insn = insn; 1818 1819 insn->ignore = orig_insn->ignore_alts; 1820 insn->sym = orig_insn->sym; 1821 insn->alt_group = new_alt_group; 1822 1823 /* 1824 * Since alternative replacement code is copy/pasted by the 1825 * kernel after applying relocations, generally such code can't 1826 * have relative-address relocation references to outside the 1827 * .altinstr_replacement section, unless the arch's 1828 * alternatives code can adjust the relative offsets 1829 * accordingly. 1830 */ 1831 alt_reloc = insn_reloc(file, insn); 1832 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1833 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1834 1835 WARN_INSN(insn, "unsupported relocation in alternatives section"); 1836 return -1; 1837 } 1838 1839 if (!is_static_jump(insn)) 1840 continue; 1841 1842 if (!insn->immediate) 1843 continue; 1844 1845 dest_off = arch_jump_destination(insn); 1846 if (dest_off == special_alt->new_off + special_alt->new_len) { 1847 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1848 if (!insn->jump_dest) { 1849 WARN_INSN(insn, "can't find alternative jump destination"); 1850 return -1; 1851 } 1852 } 1853 } 1854 1855 if (!last_new_insn) { 1856 WARN_FUNC("can't find last new alternative instruction", 1857 special_alt->new_sec, special_alt->new_off); 1858 return -1; 1859 } 1860 1861end: 1862 new_alt_group->orig_group = orig_alt_group; 1863 new_alt_group->first_insn = *new_insn; 1864 new_alt_group->last_insn = last_new_insn; 1865 new_alt_group->nop = nop; 1866 new_alt_group->cfi = orig_alt_group->cfi; 1867 return 0; 1868} 1869 1870/* 1871 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1872 * If the original instruction is a jump, make the alt entry an effective nop 1873 * by just skipping the original instruction. 1874 */ 1875static int handle_jump_alt(struct objtool_file *file, 1876 struct special_alt *special_alt, 1877 struct instruction *orig_insn, 1878 struct instruction **new_insn) 1879{ 1880 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1881 orig_insn->type != INSN_NOP) { 1882 1883 WARN_INSN(orig_insn, "unsupported instruction at jump label"); 1884 return -1; 1885 } 1886 1887 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1888 struct reloc *reloc = insn_reloc(file, orig_insn); 1889 1890 if (reloc) 1891 set_reloc_type(file->elf, reloc, R_NONE); 1892 elf_write_insn(file->elf, orig_insn->sec, 1893 orig_insn->offset, orig_insn->len, 1894 arch_nop_insn(orig_insn->len)); 1895 orig_insn->type = INSN_NOP; 1896 } 1897 1898 if (orig_insn->type == INSN_NOP) { 1899 if (orig_insn->len == 2) 1900 file->jl_nop_short++; 1901 else 1902 file->jl_nop_long++; 1903 1904 return 0; 1905 } 1906 1907 if (orig_insn->len == 2) 1908 file->jl_short++; 1909 else 1910 file->jl_long++; 1911 1912 *new_insn = next_insn_same_sec(file, orig_insn); 1913 return 0; 1914} 1915 1916/* 1917 * Read all the special sections which have alternate instructions which can be 1918 * patched in or redirected to at runtime. Each instruction having alternate 1919 * instruction(s) has them added to its insn->alts list, which will be 1920 * traversed in validate_branch(). 1921 */ 1922static int add_special_section_alts(struct objtool_file *file) 1923{ 1924 struct list_head special_alts; 1925 struct instruction *orig_insn, *new_insn; 1926 struct special_alt *special_alt, *tmp; 1927 struct alternative *alt; 1928 int ret; 1929 1930 ret = special_get_alts(file->elf, &special_alts); 1931 if (ret) 1932 return ret; 1933 1934 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1935 1936 orig_insn = find_insn(file, special_alt->orig_sec, 1937 special_alt->orig_off); 1938 if (!orig_insn) { 1939 WARN_FUNC("special: can't find orig instruction", 1940 special_alt->orig_sec, special_alt->orig_off); 1941 ret = -1; 1942 goto out; 1943 } 1944 1945 new_insn = NULL; 1946 if (!special_alt->group || special_alt->new_len) { 1947 new_insn = find_insn(file, special_alt->new_sec, 1948 special_alt->new_off); 1949 if (!new_insn) { 1950 WARN_FUNC("special: can't find new instruction", 1951 special_alt->new_sec, 1952 special_alt->new_off); 1953 ret = -1; 1954 goto out; 1955 } 1956 } 1957 1958 if (special_alt->group) { 1959 if (!special_alt->orig_len) { 1960 WARN_INSN(orig_insn, "empty alternative entry"); 1961 continue; 1962 } 1963 1964 ret = handle_group_alt(file, special_alt, orig_insn, 1965 &new_insn); 1966 if (ret) 1967 goto out; 1968 } else if (special_alt->jump_or_nop) { 1969 ret = handle_jump_alt(file, special_alt, orig_insn, 1970 &new_insn); 1971 if (ret) 1972 goto out; 1973 } 1974 1975 alt = malloc(sizeof(*alt)); 1976 if (!alt) { 1977 WARN("malloc failed"); 1978 ret = -1; 1979 goto out; 1980 } 1981 1982 alt->insn = new_insn; 1983 alt->skip_orig = special_alt->skip_orig; 1984 orig_insn->ignore_alts |= special_alt->skip_alt; 1985 alt->next = orig_insn->alts; 1986 orig_insn->alts = alt; 1987 1988 list_del(&special_alt->list); 1989 free(special_alt); 1990 } 1991 1992 if (opts.stats) { 1993 printf("jl\\\tNOP\tJMP\n"); 1994 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 1995 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 1996 } 1997 1998out: 1999 return ret; 2000} 2001 2002static int add_jump_table(struct objtool_file *file, struct instruction *insn, 2003 struct reloc *next_table) 2004{ 2005 struct symbol *pfunc = insn_func(insn)->pfunc; 2006 struct reloc *table = insn_jump_table(insn); 2007 struct instruction *dest_insn; 2008 unsigned int prev_offset = 0; 2009 struct reloc *reloc = table; 2010 struct alternative *alt; 2011 2012 /* 2013 * Each @reloc is a switch table relocation which points to the target 2014 * instruction. 2015 */ 2016 for_each_reloc_from(table->sec, reloc) { 2017 2018 /* Check for the end of the table: */ 2019 if (reloc != table && reloc == next_table) 2020 break; 2021 2022 /* Make sure the table entries are consecutive: */ 2023 if (prev_offset && reloc_offset(reloc) != prev_offset + 8) 2024 break; 2025 2026 /* Detect function pointers from contiguous objects: */ 2027 if (reloc->sym->sec == pfunc->sec && 2028 reloc_addend(reloc) == pfunc->offset) 2029 break; 2030 2031 dest_insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 2032 if (!dest_insn) 2033 break; 2034 2035 /* Make sure the destination is in the same function: */ 2036 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 2037 break; 2038 2039 alt = malloc(sizeof(*alt)); 2040 if (!alt) { 2041 WARN("malloc failed"); 2042 return -1; 2043 } 2044 2045 alt->insn = dest_insn; 2046 alt->next = insn->alts; 2047 insn->alts = alt; 2048 prev_offset = reloc_offset(reloc); 2049 } 2050 2051 if (!prev_offset) { 2052 WARN_INSN(insn, "can't find switch jump table"); 2053 return -1; 2054 } 2055 2056 return 0; 2057} 2058 2059/* 2060 * find_jump_table() - Given a dynamic jump, find the switch jump table 2061 * associated with it. 2062 */ 2063static struct reloc *find_jump_table(struct objtool_file *file, 2064 struct symbol *func, 2065 struct instruction *insn) 2066{ 2067 struct reloc *table_reloc; 2068 struct instruction *dest_insn, *orig_insn = insn; 2069 2070 /* 2071 * Backward search using the @first_jump_src links, these help avoid 2072 * much of the 'in between' code. Which avoids us getting confused by 2073 * it. 2074 */ 2075 for (; 2076 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2077 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2078 2079 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2080 break; 2081 2082 /* allow small jumps within the range */ 2083 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2084 insn->jump_dest && 2085 (insn->jump_dest->offset <= insn->offset || 2086 insn->jump_dest->offset > orig_insn->offset)) 2087 break; 2088 2089 table_reloc = arch_find_switch_table(file, insn); 2090 if (!table_reloc) 2091 continue; 2092 dest_insn = find_insn(file, table_reloc->sym->sec, reloc_addend(table_reloc)); 2093 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2094 continue; 2095 2096 return table_reloc; 2097 } 2098 2099 return NULL; 2100} 2101 2102/* 2103 * First pass: Mark the head of each jump table so that in the next pass, 2104 * we know when a given jump table ends and the next one starts. 2105 */ 2106static void mark_func_jump_tables(struct objtool_file *file, 2107 struct symbol *func) 2108{ 2109 struct instruction *insn, *last = NULL; 2110 struct reloc *reloc; 2111 2112 func_for_each_insn(file, func, insn) { 2113 if (!last) 2114 last = insn; 2115 2116 /* 2117 * Store back-pointers for unconditional forward jumps such 2118 * that find_jump_table() can back-track using those and 2119 * avoid some potentially confusing code. 2120 */ 2121 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2122 insn->offset > last->offset && 2123 insn->jump_dest->offset > insn->offset && 2124 !insn->jump_dest->first_jump_src) { 2125 2126 insn->jump_dest->first_jump_src = insn; 2127 last = insn->jump_dest; 2128 } 2129 2130 if (insn->type != INSN_JUMP_DYNAMIC) 2131 continue; 2132 2133 reloc = find_jump_table(file, func, insn); 2134 if (reloc) 2135 insn->_jump_table = reloc; 2136 } 2137} 2138 2139static int add_func_jump_tables(struct objtool_file *file, 2140 struct symbol *func) 2141{ 2142 struct instruction *insn, *insn_t1 = NULL, *insn_t2; 2143 int ret = 0; 2144 2145 func_for_each_insn(file, func, insn) { 2146 if (!insn_jump_table(insn)) 2147 continue; 2148 2149 if (!insn_t1) { 2150 insn_t1 = insn; 2151 continue; 2152 } 2153 2154 insn_t2 = insn; 2155 2156 ret = add_jump_table(file, insn_t1, insn_jump_table(insn_t2)); 2157 if (ret) 2158 return ret; 2159 2160 insn_t1 = insn_t2; 2161 } 2162 2163 if (insn_t1) 2164 ret = add_jump_table(file, insn_t1, NULL); 2165 2166 return ret; 2167} 2168 2169/* 2170 * For some switch statements, gcc generates a jump table in the .rodata 2171 * section which contains a list of addresses within the function to jump to. 2172 * This finds these jump tables and adds them to the insn->alts lists. 2173 */ 2174static int add_jump_table_alts(struct objtool_file *file) 2175{ 2176 struct symbol *func; 2177 int ret; 2178 2179 if (!file->rodata) 2180 return 0; 2181 2182 for_each_sym(file, func) { 2183 if (func->type != STT_FUNC) 2184 continue; 2185 2186 mark_func_jump_tables(file, func); 2187 ret = add_func_jump_tables(file, func); 2188 if (ret) 2189 return ret; 2190 } 2191 2192 return 0; 2193} 2194 2195static void set_func_state(struct cfi_state *state) 2196{ 2197 state->cfa = initial_func_cfi.cfa; 2198 memcpy(&state->regs, &initial_func_cfi.regs, 2199 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2200 state->stack_size = initial_func_cfi.cfa.offset; 2201 state->type = UNWIND_HINT_TYPE_CALL; 2202} 2203 2204static int read_unwind_hints(struct objtool_file *file) 2205{ 2206 struct cfi_state cfi = init_cfi; 2207 struct section *sec; 2208 struct unwind_hint *hint; 2209 struct instruction *insn; 2210 struct reloc *reloc; 2211 int i; 2212 2213 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2214 if (!sec) 2215 return 0; 2216 2217 if (!sec->rsec) { 2218 WARN("missing .rela.discard.unwind_hints section"); 2219 return -1; 2220 } 2221 2222 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2223 WARN("struct unwind_hint size mismatch"); 2224 return -1; 2225 } 2226 2227 file->hints = true; 2228 2229 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2230 hint = (struct unwind_hint *)sec->data->d_buf + i; 2231 2232 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2233 if (!reloc) { 2234 WARN("can't find reloc for unwind_hints[%d]", i); 2235 return -1; 2236 } 2237 2238 insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 2239 if (!insn) { 2240 WARN("can't find insn for unwind_hints[%d]", i); 2241 return -1; 2242 } 2243 2244 insn->hint = true; 2245 2246 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) { 2247 insn->cfi = &force_undefined_cfi; 2248 continue; 2249 } 2250 2251 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2252 insn->hint = false; 2253 insn->save = true; 2254 continue; 2255 } 2256 2257 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2258 insn->restore = true; 2259 continue; 2260 } 2261 2262 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2263 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2264 2265 if (sym && sym->bind == STB_GLOBAL) { 2266 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2267 WARN_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2268 } 2269 } 2270 } 2271 2272 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2273 insn->cfi = &func_cfi; 2274 continue; 2275 } 2276 2277 if (insn->cfi) 2278 cfi = *(insn->cfi); 2279 2280 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2281 WARN_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2282 return -1; 2283 } 2284 2285 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2286 cfi.type = hint->type; 2287 cfi.signal = hint->signal; 2288 2289 insn->cfi = cfi_hash_find_or_add(&cfi); 2290 } 2291 2292 return 0; 2293} 2294 2295static int read_noendbr_hints(struct objtool_file *file) 2296{ 2297 struct instruction *insn; 2298 struct section *rsec; 2299 struct reloc *reloc; 2300 2301 rsec = find_section_by_name(file->elf, ".rela.discard.noendbr"); 2302 if (!rsec) 2303 return 0; 2304 2305 for_each_reloc(rsec, reloc) { 2306 insn = find_insn(file, reloc->sym->sec, 2307 reloc->sym->offset + reloc_addend(reloc)); 2308 if (!insn) { 2309 WARN("bad .discard.noendbr entry"); 2310 return -1; 2311 } 2312 2313 insn->noendbr = 1; 2314 } 2315 2316 return 0; 2317} 2318 2319static int read_retpoline_hints(struct objtool_file *file) 2320{ 2321 struct section *rsec; 2322 struct instruction *insn; 2323 struct reloc *reloc; 2324 2325 rsec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); 2326 if (!rsec) 2327 return 0; 2328 2329 for_each_reloc(rsec, reloc) { 2330 if (reloc->sym->type != STT_SECTION) { 2331 WARN("unexpected relocation symbol type in %s", rsec->name); 2332 return -1; 2333 } 2334 2335 insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 2336 if (!insn) { 2337 WARN("bad .discard.retpoline_safe entry"); 2338 return -1; 2339 } 2340 2341 if (insn->type != INSN_JUMP_DYNAMIC && 2342 insn->type != INSN_CALL_DYNAMIC && 2343 insn->type != INSN_RETURN && 2344 insn->type != INSN_NOP) { 2345 WARN_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2346 return -1; 2347 } 2348 2349 insn->retpoline_safe = true; 2350 } 2351 2352 return 0; 2353} 2354 2355static int read_instr_hints(struct objtool_file *file) 2356{ 2357 struct section *rsec; 2358 struct instruction *insn; 2359 struct reloc *reloc; 2360 2361 rsec = find_section_by_name(file->elf, ".rela.discard.instr_end"); 2362 if (!rsec) 2363 return 0; 2364 2365 for_each_reloc(rsec, reloc) { 2366 if (reloc->sym->type != STT_SECTION) { 2367 WARN("unexpected relocation symbol type in %s", rsec->name); 2368 return -1; 2369 } 2370 2371 insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 2372 if (!insn) { 2373 WARN("bad .discard.instr_end entry"); 2374 return -1; 2375 } 2376 2377 insn->instr--; 2378 } 2379 2380 rsec = find_section_by_name(file->elf, ".rela.discard.instr_begin"); 2381 if (!rsec) 2382 return 0; 2383 2384 for_each_reloc(rsec, reloc) { 2385 if (reloc->sym->type != STT_SECTION) { 2386 WARN("unexpected relocation symbol type in %s", rsec->name); 2387 return -1; 2388 } 2389 2390 insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 2391 if (!insn) { 2392 WARN("bad .discard.instr_begin entry"); 2393 return -1; 2394 } 2395 2396 insn->instr++; 2397 } 2398 2399 return 0; 2400} 2401 2402static int read_validate_unret_hints(struct objtool_file *file) 2403{ 2404 struct section *rsec; 2405 struct instruction *insn; 2406 struct reloc *reloc; 2407 2408 rsec = find_section_by_name(file->elf, ".rela.discard.validate_unret"); 2409 if (!rsec) 2410 return 0; 2411 2412 for_each_reloc(rsec, reloc) { 2413 if (reloc->sym->type != STT_SECTION) { 2414 WARN("unexpected relocation symbol type in %s", rsec->name); 2415 return -1; 2416 } 2417 2418 insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 2419 if (!insn) { 2420 WARN("bad .discard.instr_end entry"); 2421 return -1; 2422 } 2423 insn->unret = 1; 2424 } 2425 2426 return 0; 2427} 2428 2429 2430static int read_intra_function_calls(struct objtool_file *file) 2431{ 2432 struct instruction *insn; 2433 struct section *rsec; 2434 struct reloc *reloc; 2435 2436 rsec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls"); 2437 if (!rsec) 2438 return 0; 2439 2440 for_each_reloc(rsec, reloc) { 2441 unsigned long dest_off; 2442 2443 if (reloc->sym->type != STT_SECTION) { 2444 WARN("unexpected relocation symbol type in %s", 2445 rsec->name); 2446 return -1; 2447 } 2448 2449 insn = find_insn(file, reloc->sym->sec, reloc_addend(reloc)); 2450 if (!insn) { 2451 WARN("bad .discard.intra_function_call entry"); 2452 return -1; 2453 } 2454 2455 if (insn->type != INSN_CALL) { 2456 WARN_INSN(insn, "intra_function_call not a direct call"); 2457 return -1; 2458 } 2459 2460 /* 2461 * Treat intra-function CALLs as JMPs, but with a stack_op. 2462 * See add_call_destinations(), which strips stack_ops from 2463 * normal CALLs. 2464 */ 2465 insn->type = INSN_JUMP_UNCONDITIONAL; 2466 2467 dest_off = arch_jump_destination(insn); 2468 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2469 if (!insn->jump_dest) { 2470 WARN_INSN(insn, "can't find call dest at %s+0x%lx", 2471 insn->sec->name, dest_off); 2472 return -1; 2473 } 2474 } 2475 2476 return 0; 2477} 2478 2479/* 2480 * Return true if name matches an instrumentation function, where calls to that 2481 * function from noinstr code can safely be removed, but compilers won't do so. 2482 */ 2483static bool is_profiling_func(const char *name) 2484{ 2485 /* 2486 * Many compilers cannot disable KCOV with a function attribute. 2487 */ 2488 if (!strncmp(name, "__sanitizer_cov_", 16)) 2489 return true; 2490 2491 /* 2492 * Some compilers currently do not remove __tsan_func_entry/exit nor 2493 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2494 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2495 * minimum Clang version is 14.0, this can be removed. 2496 */ 2497 if (!strncmp(name, "__tsan_func_", 12) || 2498 !strcmp(name, "__tsan_atomic_signal_fence")) 2499 return true; 2500 2501 return false; 2502} 2503 2504static int classify_symbols(struct objtool_file *file) 2505{ 2506 struct symbol *func; 2507 2508 for_each_sym(file, func) { 2509 if (func->bind != STB_GLOBAL) 2510 continue; 2511 2512 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2513 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2514 func->static_call_tramp = true; 2515 2516 if (arch_is_retpoline(func)) 2517 func->retpoline_thunk = true; 2518 2519 if (arch_is_rethunk(func)) 2520 func->return_thunk = true; 2521 2522 if (arch_is_embedded_insn(func)) 2523 func->embedded_insn = true; 2524 2525 if (arch_ftrace_match(func->name)) 2526 func->fentry = true; 2527 2528 if (is_profiling_func(func->name)) 2529 func->profiling_func = true; 2530 } 2531 2532 return 0; 2533} 2534 2535static void mark_rodata(struct objtool_file *file) 2536{ 2537 struct section *sec; 2538 bool found = false; 2539 2540 /* 2541 * Search for the following rodata sections, each of which can 2542 * potentially contain jump tables: 2543 * 2544 * - .rodata: can contain GCC switch tables 2545 * - .rodata.<func>: same, if -fdata-sections is being used 2546 * - .rodata..c_jump_table: contains C annotated jump tables 2547 * 2548 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2549 */ 2550 for_each_sec(file, sec) { 2551 if (!strncmp(sec->name, ".rodata", 7) && 2552 !strstr(sec->name, ".str1.")) { 2553 sec->rodata = true; 2554 found = true; 2555 } 2556 } 2557 2558 file->rodata = found; 2559} 2560 2561static int decode_sections(struct objtool_file *file) 2562{ 2563 int ret; 2564 2565 mark_rodata(file); 2566 2567 ret = init_pv_ops(file); 2568 if (ret) 2569 return ret; 2570 2571 /* 2572 * Must be before add_{jump_call}_destination. 2573 */ 2574 ret = classify_symbols(file); 2575 if (ret) 2576 return ret; 2577 2578 ret = decode_instructions(file); 2579 if (ret) 2580 return ret; 2581 2582 add_ignores(file); 2583 add_uaccess_safe(file); 2584 2585 ret = add_ignore_alternatives(file); 2586 if (ret) 2587 return ret; 2588 2589 /* 2590 * Must be before read_unwind_hints() since that needs insn->noendbr. 2591 */ 2592 ret = read_noendbr_hints(file); 2593 if (ret) 2594 return ret; 2595 2596 /* 2597 * Must be before add_jump_destinations(), which depends on 'func' 2598 * being set for alternatives, to enable proper sibling call detection. 2599 */ 2600 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) { 2601 ret = add_special_section_alts(file); 2602 if (ret) 2603 return ret; 2604 } 2605 2606 ret = add_jump_destinations(file); 2607 if (ret) 2608 return ret; 2609 2610 /* 2611 * Must be before add_call_destination(); it changes INSN_CALL to 2612 * INSN_JUMP. 2613 */ 2614 ret = read_intra_function_calls(file); 2615 if (ret) 2616 return ret; 2617 2618 ret = add_call_destinations(file); 2619 if (ret) 2620 return ret; 2621 2622 /* 2623 * Must be after add_call_destinations() such that it can override 2624 * dead_end_function() marks. 2625 */ 2626 ret = add_dead_ends(file); 2627 if (ret) 2628 return ret; 2629 2630 ret = add_jump_table_alts(file); 2631 if (ret) 2632 return ret; 2633 2634 ret = read_unwind_hints(file); 2635 if (ret) 2636 return ret; 2637 2638 ret = read_retpoline_hints(file); 2639 if (ret) 2640 return ret; 2641 2642 ret = read_instr_hints(file); 2643 if (ret) 2644 return ret; 2645 2646 ret = read_validate_unret_hints(file); 2647 if (ret) 2648 return ret; 2649 2650 return 0; 2651} 2652 2653static bool is_special_call(struct instruction *insn) 2654{ 2655 if (insn->type == INSN_CALL) { 2656 struct symbol *dest = insn_call_dest(insn); 2657 2658 if (!dest) 2659 return false; 2660 2661 if (dest->fentry || dest->embedded_insn) 2662 return true; 2663 } 2664 2665 return false; 2666} 2667 2668static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2669{ 2670 struct cfi_state *cfi = &state->cfi; 2671 int i; 2672 2673 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2674 return true; 2675 2676 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2677 return true; 2678 2679 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2680 return true; 2681 2682 for (i = 0; i < CFI_NUM_REGS; i++) { 2683 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2684 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2685 return true; 2686 } 2687 2688 return false; 2689} 2690 2691static bool check_reg_frame_pos(const struct cfi_reg *reg, 2692 int expected_offset) 2693{ 2694 return reg->base == CFI_CFA && 2695 reg->offset == expected_offset; 2696} 2697 2698static bool has_valid_stack_frame(struct insn_state *state) 2699{ 2700 struct cfi_state *cfi = &state->cfi; 2701 2702 if (cfi->cfa.base == CFI_BP && 2703 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2704 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2705 return true; 2706 2707 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2708 return true; 2709 2710 return false; 2711} 2712 2713static int update_cfi_state_regs(struct instruction *insn, 2714 struct cfi_state *cfi, 2715 struct stack_op *op) 2716{ 2717 struct cfi_reg *cfa = &cfi->cfa; 2718 2719 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2720 return 0; 2721 2722 /* push */ 2723 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2724 cfa->offset += 8; 2725 2726 /* pop */ 2727 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2728 cfa->offset -= 8; 2729 2730 /* add immediate to sp */ 2731 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2732 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2733 cfa->offset -= op->src.offset; 2734 2735 return 0; 2736} 2737 2738static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2739{ 2740 if (arch_callee_saved_reg(reg) && 2741 cfi->regs[reg].base == CFI_UNDEFINED) { 2742 cfi->regs[reg].base = base; 2743 cfi->regs[reg].offset = offset; 2744 } 2745} 2746 2747static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2748{ 2749 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2750 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2751} 2752 2753/* 2754 * A note about DRAP stack alignment: 2755 * 2756 * GCC has the concept of a DRAP register, which is used to help keep track of 2757 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2758 * register. The typical DRAP pattern is: 2759 * 2760 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2761 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2762 * 41 ff 72 f8 pushq -0x8(%r10) 2763 * 55 push %rbp 2764 * 48 89 e5 mov %rsp,%rbp 2765 * (more pushes) 2766 * 41 52 push %r10 2767 * ... 2768 * 41 5a pop %r10 2769 * (more pops) 2770 * 5d pop %rbp 2771 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2772 * c3 retq 2773 * 2774 * There are some variations in the epilogues, like: 2775 * 2776 * 5b pop %rbx 2777 * 41 5a pop %r10 2778 * 41 5c pop %r12 2779 * 41 5d pop %r13 2780 * 41 5e pop %r14 2781 * c9 leaveq 2782 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2783 * c3 retq 2784 * 2785 * and: 2786 * 2787 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2788 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2789 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2790 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2791 * c9 leaveq 2792 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2793 * c3 retq 2794 * 2795 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2796 * restored beforehand: 2797 * 2798 * 41 55 push %r13 2799 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2800 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2801 * ... 2802 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2803 * 41 5d pop %r13 2804 * c3 retq 2805 */ 2806static int update_cfi_state(struct instruction *insn, 2807 struct instruction *next_insn, 2808 struct cfi_state *cfi, struct stack_op *op) 2809{ 2810 struct cfi_reg *cfa = &cfi->cfa; 2811 struct cfi_reg *regs = cfi->regs; 2812 2813 /* ignore UNWIND_HINT_UNDEFINED regions */ 2814 if (cfi->force_undefined) 2815 return 0; 2816 2817 /* stack operations don't make sense with an undefined CFA */ 2818 if (cfa->base == CFI_UNDEFINED) { 2819 if (insn_func(insn)) { 2820 WARN_INSN(insn, "undefined stack state"); 2821 return -1; 2822 } 2823 return 0; 2824 } 2825 2826 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2827 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2828 return update_cfi_state_regs(insn, cfi, op); 2829 2830 switch (op->dest.type) { 2831 2832 case OP_DEST_REG: 2833 switch (op->src.type) { 2834 2835 case OP_SRC_REG: 2836 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2837 cfa->base == CFI_SP && 2838 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2839 2840 /* mov %rsp, %rbp */ 2841 cfa->base = op->dest.reg; 2842 cfi->bp_scratch = false; 2843 } 2844 2845 else if (op->src.reg == CFI_SP && 2846 op->dest.reg == CFI_BP && cfi->drap) { 2847 2848 /* drap: mov %rsp, %rbp */ 2849 regs[CFI_BP].base = CFI_BP; 2850 regs[CFI_BP].offset = -cfi->stack_size; 2851 cfi->bp_scratch = false; 2852 } 2853 2854 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2855 2856 /* 2857 * mov %rsp, %reg 2858 * 2859 * This is needed for the rare case where GCC 2860 * does: 2861 * 2862 * mov %rsp, %rax 2863 * ... 2864 * mov %rax, %rsp 2865 */ 2866 cfi->vals[op->dest.reg].base = CFI_CFA; 2867 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2868 } 2869 2870 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2871 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2872 2873 /* 2874 * mov %rbp, %rsp 2875 * 2876 * Restore the original stack pointer (Clang). 2877 */ 2878 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2879 } 2880 2881 else if (op->dest.reg == cfa->base) { 2882 2883 /* mov %reg, %rsp */ 2884 if (cfa->base == CFI_SP && 2885 cfi->vals[op->src.reg].base == CFI_CFA) { 2886 2887 /* 2888 * This is needed for the rare case 2889 * where GCC does something dumb like: 2890 * 2891 * lea 0x8(%rsp), %rcx 2892 * ... 2893 * mov %rcx, %rsp 2894 */ 2895 cfa->offset = -cfi->vals[op->src.reg].offset; 2896 cfi->stack_size = cfa->offset; 2897 2898 } else if (cfa->base == CFI_SP && 2899 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2900 cfi->vals[op->src.reg].offset == cfa->offset) { 2901 2902 /* 2903 * Stack swizzle: 2904 * 2905 * 1: mov %rsp, (%[tos]) 2906 * 2: mov %[tos], %rsp 2907 * ... 2908 * 3: pop %rsp 2909 * 2910 * Where: 2911 * 2912 * 1 - places a pointer to the previous 2913 * stack at the Top-of-Stack of the 2914 * new stack. 2915 * 2916 * 2 - switches to the new stack. 2917 * 2918 * 3 - pops the Top-of-Stack to restore 2919 * the original stack. 2920 * 2921 * Note: we set base to SP_INDIRECT 2922 * here and preserve offset. Therefore 2923 * when the unwinder reaches ToS it 2924 * will dereference SP and then add the 2925 * offset to find the next frame, IOW: 2926 * (%rsp) + offset. 2927 */ 2928 cfa->base = CFI_SP_INDIRECT; 2929 2930 } else { 2931 cfa->base = CFI_UNDEFINED; 2932 cfa->offset = 0; 2933 } 2934 } 2935 2936 else if (op->dest.reg == CFI_SP && 2937 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2938 cfi->vals[op->src.reg].offset == cfa->offset) { 2939 2940 /* 2941 * The same stack swizzle case 2) as above. But 2942 * because we can't change cfa->base, case 3) 2943 * will become a regular POP. Pretend we're a 2944 * PUSH so things don't go unbalanced. 2945 */ 2946 cfi->stack_size += 8; 2947 } 2948 2949 2950 break; 2951 2952 case OP_SRC_ADD: 2953 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2954 2955 /* add imm, %rsp */ 2956 cfi->stack_size -= op->src.offset; 2957 if (cfa->base == CFI_SP) 2958 cfa->offset -= op->src.offset; 2959 break; 2960 } 2961 2962 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2963 2964 /* lea disp(%rbp), %rsp */ 2965 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2966 break; 2967 } 2968 2969 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2970 2971 /* drap: lea disp(%rsp), %drap */ 2972 cfi->drap_reg = op->dest.reg; 2973 2974 /* 2975 * lea disp(%rsp), %reg 2976 * 2977 * This is needed for the rare case where GCC 2978 * does something dumb like: 2979 * 2980 * lea 0x8(%rsp), %rcx 2981 * ... 2982 * mov %rcx, %rsp 2983 */ 2984 cfi->vals[op->dest.reg].base = CFI_CFA; 2985 cfi->vals[op->dest.reg].offset = \ 2986 -cfi->stack_size + op->src.offset; 2987 2988 break; 2989 } 2990 2991 if (cfi->drap && op->dest.reg == CFI_SP && 2992 op->src.reg == cfi->drap_reg) { 2993 2994 /* drap: lea disp(%drap), %rsp */ 2995 cfa->base = CFI_SP; 2996 cfa->offset = cfi->stack_size = -op->src.offset; 2997 cfi->drap_reg = CFI_UNDEFINED; 2998 cfi->drap = false; 2999 break; 3000 } 3001 3002 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 3003 WARN_INSN(insn, "unsupported stack register modification"); 3004 return -1; 3005 } 3006 3007 break; 3008 3009 case OP_SRC_AND: 3010 if (op->dest.reg != CFI_SP || 3011 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 3012 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 3013 WARN_INSN(insn, "unsupported stack pointer realignment"); 3014 return -1; 3015 } 3016 3017 if (cfi->drap_reg != CFI_UNDEFINED) { 3018 /* drap: and imm, %rsp */ 3019 cfa->base = cfi->drap_reg; 3020 cfa->offset = cfi->stack_size = 0; 3021 cfi->drap = true; 3022 } 3023 3024 /* 3025 * Older versions of GCC (4.8ish) realign the stack 3026 * without DRAP, with a frame pointer. 3027 */ 3028 3029 break; 3030 3031 case OP_SRC_POP: 3032 case OP_SRC_POPF: 3033 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 3034 3035 /* pop %rsp; # restore from a stack swizzle */ 3036 cfa->base = CFI_SP; 3037 break; 3038 } 3039 3040 if (!cfi->drap && op->dest.reg == cfa->base) { 3041 3042 /* pop %rbp */ 3043 cfa->base = CFI_SP; 3044 } 3045 3046 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 3047 op->dest.reg == cfi->drap_reg && 3048 cfi->drap_offset == -cfi->stack_size) { 3049 3050 /* drap: pop %drap */ 3051 cfa->base = cfi->drap_reg; 3052 cfa->offset = 0; 3053 cfi->drap_offset = -1; 3054 3055 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 3056 3057 /* pop %reg */ 3058 restore_reg(cfi, op->dest.reg); 3059 } 3060 3061 cfi->stack_size -= 8; 3062 if (cfa->base == CFI_SP) 3063 cfa->offset -= 8; 3064 3065 break; 3066 3067 case OP_SRC_REG_INDIRECT: 3068 if (!cfi->drap && op->dest.reg == cfa->base && 3069 op->dest.reg == CFI_BP) { 3070 3071 /* mov disp(%rsp), %rbp */ 3072 cfa->base = CFI_SP; 3073 cfa->offset = cfi->stack_size; 3074 } 3075 3076 if (cfi->drap && op->src.reg == CFI_BP && 3077 op->src.offset == cfi->drap_offset) { 3078 3079 /* drap: mov disp(%rbp), %drap */ 3080 cfa->base = cfi->drap_reg; 3081 cfa->offset = 0; 3082 cfi->drap_offset = -1; 3083 } 3084 3085 if (cfi->drap && op->src.reg == CFI_BP && 3086 op->src.offset == regs[op->dest.reg].offset) { 3087 3088 /* drap: mov disp(%rbp), %reg */ 3089 restore_reg(cfi, op->dest.reg); 3090 3091 } else if (op->src.reg == cfa->base && 3092 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3093 3094 /* mov disp(%rbp), %reg */ 3095 /* mov disp(%rsp), %reg */ 3096 restore_reg(cfi, op->dest.reg); 3097 3098 } else if (op->src.reg == CFI_SP && 3099 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3100 3101 /* mov disp(%rsp), %reg */ 3102 restore_reg(cfi, op->dest.reg); 3103 } 3104 3105 break; 3106 3107 default: 3108 WARN_INSN(insn, "unknown stack-related instruction"); 3109 return -1; 3110 } 3111 3112 break; 3113 3114 case OP_DEST_PUSH: 3115 case OP_DEST_PUSHF: 3116 cfi->stack_size += 8; 3117 if (cfa->base == CFI_SP) 3118 cfa->offset += 8; 3119 3120 if (op->src.type != OP_SRC_REG) 3121 break; 3122 3123 if (cfi->drap) { 3124 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3125 3126 /* drap: push %drap */ 3127 cfa->base = CFI_BP_INDIRECT; 3128 cfa->offset = -cfi->stack_size; 3129 3130 /* save drap so we know when to restore it */ 3131 cfi->drap_offset = -cfi->stack_size; 3132 3133 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3134 3135 /* drap: push %rbp */ 3136 cfi->stack_size = 0; 3137 3138 } else { 3139 3140 /* drap: push %reg */ 3141 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3142 } 3143 3144 } else { 3145 3146 /* push %reg */ 3147 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3148 } 3149 3150 /* detect when asm code uses rbp as a scratch register */ 3151 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3152 cfa->base != CFI_BP) 3153 cfi->bp_scratch = true; 3154 break; 3155 3156 case OP_DEST_REG_INDIRECT: 3157 3158 if (cfi->drap) { 3159 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3160 3161 /* drap: mov %drap, disp(%rbp) */ 3162 cfa->base = CFI_BP_INDIRECT; 3163 cfa->offset = op->dest.offset; 3164 3165 /* save drap offset so we know when to restore it */ 3166 cfi->drap_offset = op->dest.offset; 3167 } else { 3168 3169 /* drap: mov reg, disp(%rbp) */ 3170 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3171 } 3172 3173 } else if (op->dest.reg == cfa->base) { 3174 3175 /* mov reg, disp(%rbp) */ 3176 /* mov reg, disp(%rsp) */ 3177 save_reg(cfi, op->src.reg, CFI_CFA, 3178 op->dest.offset - cfi->cfa.offset); 3179 3180 } else if (op->dest.reg == CFI_SP) { 3181 3182 /* mov reg, disp(%rsp) */ 3183 save_reg(cfi, op->src.reg, CFI_CFA, 3184 op->dest.offset - cfi->stack_size); 3185 3186 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3187 3188 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3189 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3190 cfi->vals[op->dest.reg].offset = cfa->offset; 3191 } 3192 3193 break; 3194 3195 case OP_DEST_MEM: 3196 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3197 WARN_INSN(insn, "unknown stack-related memory operation"); 3198 return -1; 3199 } 3200 3201 /* pop mem */ 3202 cfi->stack_size -= 8; 3203 if (cfa->base == CFI_SP) 3204 cfa->offset -= 8; 3205 3206 break; 3207 3208 default: 3209 WARN_INSN(insn, "unknown stack-related instruction"); 3210 return -1; 3211 } 3212 3213 return 0; 3214} 3215 3216/* 3217 * The stack layouts of alternatives instructions can sometimes diverge when 3218 * they have stack modifications. That's fine as long as the potential stack 3219 * layouts don't conflict at any given potential instruction boundary. 3220 * 3221 * Flatten the CFIs of the different alternative code streams (both original 3222 * and replacement) into a single shared CFI array which can be used to detect 3223 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3224 */ 3225static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3226{ 3227 struct cfi_state **alt_cfi; 3228 int group_off; 3229 3230 if (!insn->alt_group) 3231 return 0; 3232 3233 if (!insn->cfi) { 3234 WARN("CFI missing"); 3235 return -1; 3236 } 3237 3238 alt_cfi = insn->alt_group->cfi; 3239 group_off = insn->offset - insn->alt_group->first_insn->offset; 3240 3241 if (!alt_cfi[group_off]) { 3242 alt_cfi[group_off] = insn->cfi; 3243 } else { 3244 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3245 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3246 struct instruction *orig = orig_group->first_insn; 3247 char *where = offstr(insn->sec, insn->offset); 3248 WARN_INSN(orig, "stack layout conflict in alternatives: %s", where); 3249 free(where); 3250 return -1; 3251 } 3252 } 3253 3254 return 0; 3255} 3256 3257static int handle_insn_ops(struct instruction *insn, 3258 struct instruction *next_insn, 3259 struct insn_state *state) 3260{ 3261 struct stack_op *op; 3262 3263 for (op = insn->stack_ops; op; op = op->next) { 3264 3265 if (update_cfi_state(insn, next_insn, &state->cfi, op)) 3266 return 1; 3267 3268 if (!insn->alt_group) 3269 continue; 3270 3271 if (op->dest.type == OP_DEST_PUSHF) { 3272 if (!state->uaccess_stack) { 3273 state->uaccess_stack = 1; 3274 } else if (state->uaccess_stack >> 31) { 3275 WARN_INSN(insn, "PUSHF stack exhausted"); 3276 return 1; 3277 } 3278 state->uaccess_stack <<= 1; 3279 state->uaccess_stack |= state->uaccess; 3280 } 3281 3282 if (op->src.type == OP_SRC_POPF) { 3283 if (state->uaccess_stack) { 3284 state->uaccess = state->uaccess_stack & 1; 3285 state->uaccess_stack >>= 1; 3286 if (state->uaccess_stack == 1) 3287 state->uaccess_stack = 0; 3288 } 3289 } 3290 } 3291 3292 return 0; 3293} 3294 3295static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3296{ 3297 struct cfi_state *cfi1 = insn->cfi; 3298 int i; 3299 3300 if (!cfi1) { 3301 WARN("CFI missing"); 3302 return false; 3303 } 3304 3305 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3306 3307 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3308 cfi1->cfa.base, cfi1->cfa.offset, 3309 cfi2->cfa.base, cfi2->cfa.offset); 3310 3311 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3312 for (i = 0; i < CFI_NUM_REGS; i++) { 3313 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], 3314 sizeof(struct cfi_reg))) 3315 continue; 3316 3317 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3318 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3319 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3320 break; 3321 } 3322 3323 } else if (cfi1->type != cfi2->type) { 3324 3325 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3326 cfi1->type, cfi2->type); 3327 3328 } else if (cfi1->drap != cfi2->drap || 3329 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3330 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3331 3332 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3333 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3334 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3335 3336 } else 3337 return true; 3338 3339 return false; 3340} 3341 3342static inline bool func_uaccess_safe(struct symbol *func) 3343{ 3344 if (func) 3345 return func->uaccess_safe; 3346 3347 return false; 3348} 3349 3350static inline const char *call_dest_name(struct instruction *insn) 3351{ 3352 static char pvname[19]; 3353 struct reloc *reloc; 3354 int idx; 3355 3356 if (insn_call_dest(insn)) 3357 return insn_call_dest(insn)->name; 3358 3359 reloc = insn_reloc(NULL, insn); 3360 if (reloc && !strcmp(reloc->sym->name, "pv_ops")) { 3361 idx = (reloc_addend(reloc) / sizeof(void *)); 3362 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3363 return pvname; 3364 } 3365 3366 return "{dynamic}"; 3367} 3368 3369static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3370{ 3371 struct symbol *target; 3372 struct reloc *reloc; 3373 int idx; 3374 3375 reloc = insn_reloc(file, insn); 3376 if (!reloc || strcmp(reloc->sym->name, "pv_ops")) 3377 return false; 3378 3379 idx = (arch_dest_reloc_offset(reloc_addend(reloc)) / sizeof(void *)); 3380 3381 if (file->pv_ops[idx].clean) 3382 return true; 3383 3384 file->pv_ops[idx].clean = true; 3385 3386 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3387 if (!target->sec->noinstr) { 3388 WARN("pv_ops[%d]: %s", idx, target->name); 3389 file->pv_ops[idx].clean = false; 3390 } 3391 } 3392 3393 return file->pv_ops[idx].clean; 3394} 3395 3396static inline bool noinstr_call_dest(struct objtool_file *file, 3397 struct instruction *insn, 3398 struct symbol *func) 3399{ 3400 /* 3401 * We can't deal with indirect function calls at present; 3402 * assume they're instrumented. 3403 */ 3404 if (!func) { 3405 if (file->pv_ops) 3406 return pv_call_dest(file, insn); 3407 3408 return false; 3409 } 3410 3411 /* 3412 * If the symbol is from a noinstr section; we good. 3413 */ 3414 if (func->sec->noinstr) 3415 return true; 3416 3417 /* 3418 * If the symbol is a static_call trampoline, we can't tell. 3419 */ 3420 if (func->static_call_tramp) 3421 return true; 3422 3423 /* 3424 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3425 * something 'BAD' happened. At the risk of taking the machine down, 3426 * let them proceed to get the message out. 3427 */ 3428 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3429 return true; 3430 3431 return false; 3432} 3433 3434static int validate_call(struct objtool_file *file, 3435 struct instruction *insn, 3436 struct insn_state *state) 3437{ 3438 if (state->noinstr && state->instr <= 0 && 3439 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3440 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3441 return 1; 3442 } 3443 3444 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3445 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3446 return 1; 3447 } 3448 3449 if (state->df) { 3450 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3451 return 1; 3452 } 3453 3454 return 0; 3455} 3456 3457static int validate_sibling_call(struct objtool_file *file, 3458 struct instruction *insn, 3459 struct insn_state *state) 3460{ 3461 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3462 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3463 return 1; 3464 } 3465 3466 return validate_call(file, insn, state); 3467} 3468 3469static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3470{ 3471 if (state->noinstr && state->instr > 0) { 3472 WARN_INSN(insn, "return with instrumentation enabled"); 3473 return 1; 3474 } 3475 3476 if (state->uaccess && !func_uaccess_safe(func)) { 3477 WARN_INSN(insn, "return with UACCESS enabled"); 3478 return 1; 3479 } 3480 3481 if (!state->uaccess && func_uaccess_safe(func)) { 3482 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3483 return 1; 3484 } 3485 3486 if (state->df) { 3487 WARN_INSN(insn, "return with DF set"); 3488 return 1; 3489 } 3490 3491 if (func && has_modified_stack_frame(insn, state)) { 3492 WARN_INSN(insn, "return with modified stack frame"); 3493 return 1; 3494 } 3495 3496 if (state->cfi.bp_scratch) { 3497 WARN_INSN(insn, "BP used as a scratch register"); 3498 return 1; 3499 } 3500 3501 return 0; 3502} 3503 3504static struct instruction *next_insn_to_validate(struct objtool_file *file, 3505 struct instruction *insn) 3506{ 3507 struct alt_group *alt_group = insn->alt_group; 3508 3509 /* 3510 * Simulate the fact that alternatives are patched in-place. When the 3511 * end of a replacement alt_group is reached, redirect objtool flow to 3512 * the end of the original alt_group. 3513 * 3514 * insn->alts->insn -> alt_group->first_insn 3515 * ... 3516 * alt_group->last_insn 3517 * [alt_group->nop] -> next(orig_group->last_insn) 3518 */ 3519 if (alt_group) { 3520 if (alt_group->nop) { 3521 /* ->nop implies ->orig_group */ 3522 if (insn == alt_group->last_insn) 3523 return alt_group->nop; 3524 if (insn == alt_group->nop) 3525 goto next_orig; 3526 } 3527 if (insn == alt_group->last_insn && alt_group->orig_group) 3528 goto next_orig; 3529 } 3530 3531 return next_insn_same_sec(file, insn); 3532 3533next_orig: 3534 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3535} 3536 3537/* 3538 * Follow the branch starting at the given instruction, and recursively follow 3539 * any other branches (jumps). Meanwhile, track the frame pointer state at 3540 * each instruction and validate all the rules described in 3541 * tools/objtool/Documentation/objtool.txt. 3542 */ 3543static int validate_branch(struct objtool_file *file, struct symbol *func, 3544 struct instruction *insn, struct insn_state state) 3545{ 3546 struct alternative *alt; 3547 struct instruction *next_insn, *prev_insn = NULL; 3548 struct section *sec; 3549 u8 visited; 3550 int ret; 3551 3552 sec = insn->sec; 3553 3554 while (1) { 3555 next_insn = next_insn_to_validate(file, insn); 3556 3557 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3558 /* Ignore KCFI type preambles, which always fall through */ 3559 if (!strncmp(func->name, "__cfi_", 6) || 3560 !strncmp(func->name, "__pfx_", 6)) 3561 return 0; 3562 3563 WARN("%s() falls through to next function %s()", 3564 func->name, insn_func(insn)->name); 3565 return 1; 3566 } 3567 3568 if (func && insn->ignore) { 3569 WARN_INSN(insn, "BUG: why am I validating an ignored function?"); 3570 return 1; 3571 } 3572 3573 visited = VISITED_BRANCH << state.uaccess; 3574 if (insn->visited & VISITED_BRANCH_MASK) { 3575 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3576 return 1; 3577 3578 if (insn->visited & visited) 3579 return 0; 3580 } else { 3581 nr_insns_visited++; 3582 } 3583 3584 if (state.noinstr) 3585 state.instr += insn->instr; 3586 3587 if (insn->hint) { 3588 if (insn->restore) { 3589 struct instruction *save_insn, *i; 3590 3591 i = insn; 3592 save_insn = NULL; 3593 3594 sym_for_each_insn_continue_reverse(file, func, i) { 3595 if (i->save) { 3596 save_insn = i; 3597 break; 3598 } 3599 } 3600 3601 if (!save_insn) { 3602 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3603 return 1; 3604 } 3605 3606 if (!save_insn->visited) { 3607 /* 3608 * If the restore hint insn is at the 3609 * beginning of a basic block and was 3610 * branched to from elsewhere, and the 3611 * save insn hasn't been visited yet, 3612 * defer following this branch for now. 3613 * It will be seen later via the 3614 * straight-line path. 3615 */ 3616 if (!prev_insn) 3617 return 0; 3618 3619 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3620 return 1; 3621 } 3622 3623 insn->cfi = save_insn->cfi; 3624 nr_cfi_reused++; 3625 } 3626 3627 state.cfi = *insn->cfi; 3628 } else { 3629 /* XXX track if we actually changed state.cfi */ 3630 3631 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3632 insn->cfi = prev_insn->cfi; 3633 nr_cfi_reused++; 3634 } else { 3635 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3636 } 3637 } 3638 3639 insn->visited |= visited; 3640 3641 if (propagate_alt_cfi(file, insn)) 3642 return 1; 3643 3644 if (!insn->ignore_alts && insn->alts) { 3645 bool skip_orig = false; 3646 3647 for (alt = insn->alts; alt; alt = alt->next) { 3648 if (alt->skip_orig) 3649 skip_orig = true; 3650 3651 ret = validate_branch(file, func, alt->insn, state); 3652 if (ret) { 3653 BT_INSN(insn, "(alt)"); 3654 return ret; 3655 } 3656 } 3657 3658 if (skip_orig) 3659 return 0; 3660 } 3661 3662 if (handle_insn_ops(insn, next_insn, &state)) 3663 return 1; 3664 3665 switch (insn->type) { 3666 3667 case INSN_RETURN: 3668 return validate_return(func, insn, &state); 3669 3670 case INSN_CALL: 3671 case INSN_CALL_DYNAMIC: 3672 ret = validate_call(file, insn, &state); 3673 if (ret) 3674 return ret; 3675 3676 if (opts.stackval && func && !is_special_call(insn) && 3677 !has_valid_stack_frame(&state)) { 3678 WARN_INSN(insn, "call without frame pointer save/setup"); 3679 return 1; 3680 } 3681 3682 if (insn->dead_end) 3683 return 0; 3684 3685 break; 3686 3687 case INSN_JUMP_CONDITIONAL: 3688 case INSN_JUMP_UNCONDITIONAL: 3689 if (is_sibling_call(insn)) { 3690 ret = validate_sibling_call(file, insn, &state); 3691 if (ret) 3692 return ret; 3693 3694 } else if (insn->jump_dest) { 3695 ret = validate_branch(file, func, 3696 insn->jump_dest, state); 3697 if (ret) { 3698 BT_INSN(insn, "(branch)"); 3699 return ret; 3700 } 3701 } 3702 3703 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3704 return 0; 3705 3706 break; 3707 3708 case INSN_JUMP_DYNAMIC: 3709 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3710 if (is_sibling_call(insn)) { 3711 ret = validate_sibling_call(file, insn, &state); 3712 if (ret) 3713 return ret; 3714 } 3715 3716 if (insn->type == INSN_JUMP_DYNAMIC) 3717 return 0; 3718 3719 break; 3720 3721 case INSN_CONTEXT_SWITCH: 3722 if (func && (!next_insn || !next_insn->hint)) { 3723 WARN_INSN(insn, "unsupported instruction in callable function"); 3724 return 1; 3725 } 3726 return 0; 3727 3728 case INSN_STAC: 3729 if (state.uaccess) { 3730 WARN_INSN(insn, "recursive UACCESS enable"); 3731 return 1; 3732 } 3733 3734 state.uaccess = true; 3735 break; 3736 3737 case INSN_CLAC: 3738 if (!state.uaccess && func) { 3739 WARN_INSN(insn, "redundant UACCESS disable"); 3740 return 1; 3741 } 3742 3743 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3744 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3745 return 1; 3746 } 3747 3748 state.uaccess = false; 3749 break; 3750 3751 case INSN_STD: 3752 if (state.df) { 3753 WARN_INSN(insn, "recursive STD"); 3754 return 1; 3755 } 3756 3757 state.df = true; 3758 break; 3759 3760 case INSN_CLD: 3761 if (!state.df && func) { 3762 WARN_INSN(insn, "redundant CLD"); 3763 return 1; 3764 } 3765 3766 state.df = false; 3767 break; 3768 3769 default: 3770 break; 3771 } 3772 3773 if (insn->dead_end) 3774 return 0; 3775 3776 if (!next_insn) { 3777 if (state.cfi.cfa.base == CFI_UNDEFINED) 3778 return 0; 3779 WARN("%s: unexpected end of section", sec->name); 3780 return 1; 3781 } 3782 3783 prev_insn = insn; 3784 insn = next_insn; 3785 } 3786 3787 return 0; 3788} 3789 3790static int validate_unwind_hint(struct objtool_file *file, 3791 struct instruction *insn, 3792 struct insn_state *state) 3793{ 3794 if (insn->hint && !insn->visited && !insn->ignore) { 3795 int ret = validate_branch(file, insn_func(insn), insn, *state); 3796 if (ret) 3797 BT_INSN(insn, "<=== (hint)"); 3798 return ret; 3799 } 3800 3801 return 0; 3802} 3803 3804static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3805{ 3806 struct instruction *insn; 3807 struct insn_state state; 3808 int warnings = 0; 3809 3810 if (!file->hints) 3811 return 0; 3812 3813 init_insn_state(file, &state, sec); 3814 3815 if (sec) { 3816 sec_for_each_insn(file, sec, insn) 3817 warnings += validate_unwind_hint(file, insn, &state); 3818 } else { 3819 for_each_insn(file, insn) 3820 warnings += validate_unwind_hint(file, insn, &state); 3821 } 3822 3823 return warnings; 3824} 3825 3826/* 3827 * Validate rethunk entry constraint: must untrain RET before the first RET. 3828 * 3829 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 3830 * before an actual RET instruction. 3831 */ 3832static int validate_unret(struct objtool_file *file, struct instruction *insn) 3833{ 3834 struct instruction *next, *dest; 3835 int ret; 3836 3837 for (;;) { 3838 next = next_insn_to_validate(file, insn); 3839 3840 if (insn->visited & VISITED_UNRET) 3841 return 0; 3842 3843 insn->visited |= VISITED_UNRET; 3844 3845 if (!insn->ignore_alts && insn->alts) { 3846 struct alternative *alt; 3847 bool skip_orig = false; 3848 3849 for (alt = insn->alts; alt; alt = alt->next) { 3850 if (alt->skip_orig) 3851 skip_orig = true; 3852 3853 ret = validate_unret(file, alt->insn); 3854 if (ret) { 3855 BT_INSN(insn, "(alt)"); 3856 return ret; 3857 } 3858 } 3859 3860 if (skip_orig) 3861 return 0; 3862 } 3863 3864 switch (insn->type) { 3865 3866 case INSN_CALL_DYNAMIC: 3867 case INSN_JUMP_DYNAMIC: 3868 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3869 WARN_INSN(insn, "early indirect call"); 3870 return 1; 3871 3872 case INSN_JUMP_UNCONDITIONAL: 3873 case INSN_JUMP_CONDITIONAL: 3874 if (!is_sibling_call(insn)) { 3875 if (!insn->jump_dest) { 3876 WARN_INSN(insn, "unresolved jump target after linking?!?"); 3877 return -1; 3878 } 3879 ret = validate_unret(file, insn->jump_dest); 3880 if (ret) { 3881 BT_INSN(insn, "(branch%s)", 3882 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3883 return ret; 3884 } 3885 3886 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3887 return 0; 3888 3889 break; 3890 } 3891 3892 /* fallthrough */ 3893 case INSN_CALL: 3894 dest = find_insn(file, insn_call_dest(insn)->sec, 3895 insn_call_dest(insn)->offset); 3896 if (!dest) { 3897 WARN("Unresolved function after linking!?: %s", 3898 insn_call_dest(insn)->name); 3899 return -1; 3900 } 3901 3902 ret = validate_unret(file, dest); 3903 if (ret) { 3904 BT_INSN(insn, "(call)"); 3905 return ret; 3906 } 3907 /* 3908 * If a call returns without error, it must have seen UNTRAIN_RET. 3909 * Therefore any non-error return is a success. 3910 */ 3911 return 0; 3912 3913 case INSN_RETURN: 3914 WARN_INSN(insn, "RET before UNTRAIN"); 3915 return 1; 3916 3917 case INSN_NOP: 3918 if (insn->retpoline_safe) 3919 return 0; 3920 break; 3921 3922 default: 3923 break; 3924 } 3925 3926 if (!next) { 3927 WARN_INSN(insn, "teh end!"); 3928 return -1; 3929 } 3930 insn = next; 3931 } 3932 3933 return 0; 3934} 3935 3936/* 3937 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 3938 * VALIDATE_UNRET_END before RET. 3939 */ 3940static int validate_unrets(struct objtool_file *file) 3941{ 3942 struct instruction *insn; 3943 int ret, warnings = 0; 3944 3945 for_each_insn(file, insn) { 3946 if (!insn->unret) 3947 continue; 3948 3949 ret = validate_unret(file, insn); 3950 if (ret < 0) { 3951 WARN_INSN(insn, "Failed UNRET validation"); 3952 return ret; 3953 } 3954 warnings += ret; 3955 } 3956 3957 return warnings; 3958} 3959 3960static int validate_retpoline(struct objtool_file *file) 3961{ 3962 struct instruction *insn; 3963 int warnings = 0; 3964 3965 for_each_insn(file, insn) { 3966 if (insn->type != INSN_JUMP_DYNAMIC && 3967 insn->type != INSN_CALL_DYNAMIC && 3968 insn->type != INSN_RETURN) 3969 continue; 3970 3971 if (insn->retpoline_safe) 3972 continue; 3973 3974 if (insn->sec->init) 3975 continue; 3976 3977 if (insn->type == INSN_RETURN) { 3978 if (opts.rethunk) { 3979 WARN_INSN(insn, "'naked' return found in RETHUNK build"); 3980 } else 3981 continue; 3982 } else { 3983 WARN_INSN(insn, "indirect %s found in RETPOLINE build", 3984 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3985 } 3986 3987 warnings++; 3988 } 3989 3990 return warnings; 3991} 3992 3993static bool is_kasan_insn(struct instruction *insn) 3994{ 3995 return (insn->type == INSN_CALL && 3996 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 3997} 3998 3999static bool is_ubsan_insn(struct instruction *insn) 4000{ 4001 return (insn->type == INSN_CALL && 4002 !strcmp(insn_call_dest(insn)->name, 4003 "__ubsan_handle_builtin_unreachable")); 4004} 4005 4006static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 4007{ 4008 int i; 4009 struct instruction *prev_insn; 4010 4011 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) 4012 return true; 4013 4014 /* 4015 * Ignore alternative replacement instructions. This can happen 4016 * when a whitelisted function uses one of the ALTERNATIVE macros. 4017 */ 4018 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 4019 !strcmp(insn->sec->name, ".altinstr_aux")) 4020 return true; 4021 4022 /* 4023 * Whole archive runs might encounter dead code from weak symbols. 4024 * This is where the linker will have dropped the weak symbol in 4025 * favour of a regular symbol, but leaves the code in place. 4026 * 4027 * In this case we'll find a piece of code (whole function) that is not 4028 * covered by a !section symbol. Ignore them. 4029 */ 4030 if (opts.link && !insn_func(insn)) { 4031 int size = find_symbol_hole_containing(insn->sec, insn->offset); 4032 unsigned long end = insn->offset + size; 4033 4034 if (!size) /* not a hole */ 4035 return false; 4036 4037 if (size < 0) /* hole until the end */ 4038 return true; 4039 4040 sec_for_each_insn_continue(file, insn) { 4041 /* 4042 * If we reach a visited instruction at or before the 4043 * end of the hole, ignore the unreachable. 4044 */ 4045 if (insn->visited) 4046 return true; 4047 4048 if (insn->offset >= end) 4049 break; 4050 4051 /* 4052 * If this hole jumps to a .cold function, mark it ignore too. 4053 */ 4054 if (insn->jump_dest && insn_func(insn->jump_dest) && 4055 strstr(insn_func(insn->jump_dest)->name, ".cold")) { 4056 struct instruction *dest = insn->jump_dest; 4057 func_for_each_insn(file, insn_func(dest), dest) 4058 dest->ignore = true; 4059 } 4060 } 4061 4062 return false; 4063 } 4064 4065 if (!insn_func(insn)) 4066 return false; 4067 4068 if (insn_func(insn)->static_call_tramp) 4069 return true; 4070 4071 /* 4072 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4073 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4074 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4075 * (or occasionally a JMP to UD2). 4076 * 4077 * It may also insert a UD2 after calling a __noreturn function. 4078 */ 4079 prev_insn = prev_insn_same_sec(file, insn); 4080 if (prev_insn->dead_end && 4081 (insn->type == INSN_BUG || 4082 (insn->type == INSN_JUMP_UNCONDITIONAL && 4083 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4084 return true; 4085 4086 /* 4087 * Check if this (or a subsequent) instruction is related to 4088 * CONFIG_UBSAN or CONFIG_KASAN. 4089 * 4090 * End the search at 5 instructions to avoid going into the weeds. 4091 */ 4092 for (i = 0; i < 5; i++) { 4093 4094 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4095 return true; 4096 4097 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4098 if (insn->jump_dest && 4099 insn_func(insn->jump_dest) == insn_func(insn)) { 4100 insn = insn->jump_dest; 4101 continue; 4102 } 4103 4104 break; 4105 } 4106 4107 if (insn->offset + insn->len >= insn_func(insn)->offset + insn_func(insn)->len) 4108 break; 4109 4110 insn = next_insn_same_sec(file, insn); 4111 } 4112 4113 return false; 4114} 4115 4116static int add_prefix_symbol(struct objtool_file *file, struct symbol *func) 4117{ 4118 struct instruction *insn, *prev; 4119 struct cfi_state *cfi; 4120 4121 insn = find_insn(file, func->sec, func->offset); 4122 if (!insn) 4123 return -1; 4124 4125 for (prev = prev_insn_same_sec(file, insn); 4126 prev; 4127 prev = prev_insn_same_sec(file, prev)) { 4128 u64 offset; 4129 4130 if (prev->type != INSN_NOP) 4131 return -1; 4132 4133 offset = func->offset - prev->offset; 4134 4135 if (offset > opts.prefix) 4136 return -1; 4137 4138 if (offset < opts.prefix) 4139 continue; 4140 4141 elf_create_prefix_symbol(file->elf, func, opts.prefix); 4142 break; 4143 } 4144 4145 if (!prev) 4146 return -1; 4147 4148 if (!insn->cfi) { 4149 /* 4150 * This can happen if stack validation isn't enabled or the 4151 * function is annotated with STACK_FRAME_NON_STANDARD. 4152 */ 4153 return 0; 4154 } 4155 4156 /* Propagate insn->cfi to the prefix code */ 4157 cfi = cfi_hash_find_or_add(insn->cfi); 4158 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4159 prev->cfi = cfi; 4160 4161 return 0; 4162} 4163 4164static int add_prefix_symbols(struct objtool_file *file) 4165{ 4166 struct section *sec; 4167 struct symbol *func; 4168 4169 for_each_sec(file, sec) { 4170 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4171 continue; 4172 4173 sec_for_each_sym(sec, func) { 4174 if (func->type != STT_FUNC) 4175 continue; 4176 4177 add_prefix_symbol(file, func); 4178 } 4179 } 4180 4181 return 0; 4182} 4183 4184static int validate_symbol(struct objtool_file *file, struct section *sec, 4185 struct symbol *sym, struct insn_state *state) 4186{ 4187 struct instruction *insn; 4188 int ret; 4189 4190 if (!sym->len) { 4191 WARN("%s() is missing an ELF size annotation", sym->name); 4192 return 1; 4193 } 4194 4195 if (sym->pfunc != sym || sym->alias != sym) 4196 return 0; 4197 4198 insn = find_insn(file, sec, sym->offset); 4199 if (!insn || insn->ignore || insn->visited) 4200 return 0; 4201 4202 state->uaccess = sym->uaccess_safe; 4203 4204 ret = validate_branch(file, insn_func(insn), insn, *state); 4205 if (ret) 4206 BT_INSN(insn, "<=== (sym)"); 4207 return ret; 4208} 4209 4210static int validate_section(struct objtool_file *file, struct section *sec) 4211{ 4212 struct insn_state state; 4213 struct symbol *func; 4214 int warnings = 0; 4215 4216 sec_for_each_sym(sec, func) { 4217 if (func->type != STT_FUNC) 4218 continue; 4219 4220 init_insn_state(file, &state, sec); 4221 set_func_state(&state.cfi); 4222 4223 warnings += validate_symbol(file, sec, func, &state); 4224 } 4225 4226 return warnings; 4227} 4228 4229static int validate_noinstr_sections(struct objtool_file *file) 4230{ 4231 struct section *sec; 4232 int warnings = 0; 4233 4234 sec = find_section_by_name(file->elf, ".noinstr.text"); 4235 if (sec) { 4236 warnings += validate_section(file, sec); 4237 warnings += validate_unwind_hints(file, sec); 4238 } 4239 4240 sec = find_section_by_name(file->elf, ".entry.text"); 4241 if (sec) { 4242 warnings += validate_section(file, sec); 4243 warnings += validate_unwind_hints(file, sec); 4244 } 4245 4246 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4247 if (sec) { 4248 warnings += validate_section(file, sec); 4249 warnings += validate_unwind_hints(file, sec); 4250 } 4251 4252 return warnings; 4253} 4254 4255static int validate_functions(struct objtool_file *file) 4256{ 4257 struct section *sec; 4258 int warnings = 0; 4259 4260 for_each_sec(file, sec) { 4261 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4262 continue; 4263 4264 warnings += validate_section(file, sec); 4265 } 4266 4267 return warnings; 4268} 4269 4270static void mark_endbr_used(struct instruction *insn) 4271{ 4272 if (!list_empty(&insn->call_node)) 4273 list_del_init(&insn->call_node); 4274} 4275 4276static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4277{ 4278 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4279 struct instruction *first; 4280 4281 if (!sym) 4282 return false; 4283 4284 first = find_insn(file, sym->sec, sym->offset); 4285 if (!first) 4286 return false; 4287 4288 if (first->type != INSN_ENDBR && !first->noendbr) 4289 return false; 4290 4291 return insn->offset == sym->offset + sym->len; 4292} 4293 4294static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4295{ 4296 struct instruction *dest; 4297 struct reloc *reloc; 4298 unsigned long off; 4299 int warnings = 0; 4300 4301 /* 4302 * Looking for function pointer load relocations. Ignore 4303 * direct/indirect branches: 4304 */ 4305 switch (insn->type) { 4306 case INSN_CALL: 4307 case INSN_CALL_DYNAMIC: 4308 case INSN_JUMP_CONDITIONAL: 4309 case INSN_JUMP_UNCONDITIONAL: 4310 case INSN_JUMP_DYNAMIC: 4311 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4312 case INSN_RETURN: 4313 case INSN_NOP: 4314 return 0; 4315 default: 4316 break; 4317 } 4318 4319 for (reloc = insn_reloc(file, insn); 4320 reloc; 4321 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4322 reloc_offset(reloc) + 1, 4323 (insn->offset + insn->len) - (reloc_offset(reloc) + 1))) { 4324 4325 /* 4326 * static_call_update() references the trampoline, which 4327 * doesn't have (or need) ENDBR. Skip warning in that case. 4328 */ 4329 if (reloc->sym->static_call_tramp) 4330 continue; 4331 4332 off = reloc->sym->offset; 4333 if (reloc_type(reloc) == R_X86_64_PC32 || 4334 reloc_type(reloc) == R_X86_64_PLT32) 4335 off += arch_dest_reloc_offset(reloc_addend(reloc)); 4336 else 4337 off += reloc_addend(reloc); 4338 4339 dest = find_insn(file, reloc->sym->sec, off); 4340 if (!dest) 4341 continue; 4342 4343 if (dest->type == INSN_ENDBR) { 4344 mark_endbr_used(dest); 4345 continue; 4346 } 4347 4348 if (insn_func(dest) && insn_func(insn) && 4349 insn_func(dest)->pfunc == insn_func(insn)->pfunc) { 4350 /* 4351 * Anything from->to self is either _THIS_IP_ or 4352 * IRET-to-self. 4353 * 4354 * There is no sane way to annotate _THIS_IP_ since the 4355 * compiler treats the relocation as a constant and is 4356 * happy to fold in offsets, skewing any annotation we 4357 * do, leading to vast amounts of false-positives. 4358 * 4359 * There's also compiler generated _THIS_IP_ through 4360 * KCOV and such which we have no hope of annotating. 4361 * 4362 * As such, blanket accept self-references without 4363 * issue. 4364 */ 4365 continue; 4366 } 4367 4368 /* 4369 * Accept anything ANNOTATE_NOENDBR. 4370 */ 4371 if (dest->noendbr) 4372 continue; 4373 4374 /* 4375 * Accept if this is the instruction after a symbol 4376 * that is (no)endbr -- typical code-range usage. 4377 */ 4378 if (noendbr_range(file, dest)) 4379 continue; 4380 4381 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4382 4383 warnings++; 4384 } 4385 4386 return warnings; 4387} 4388 4389static int validate_ibt_data_reloc(struct objtool_file *file, 4390 struct reloc *reloc) 4391{ 4392 struct instruction *dest; 4393 4394 dest = find_insn(file, reloc->sym->sec, 4395 reloc->sym->offset + reloc_addend(reloc)); 4396 if (!dest) 4397 return 0; 4398 4399 if (dest->type == INSN_ENDBR) { 4400 mark_endbr_used(dest); 4401 return 0; 4402 } 4403 4404 if (dest->noendbr) 4405 return 0; 4406 4407 WARN_FUNC("data relocation to !ENDBR: %s", 4408 reloc->sec->base, reloc_offset(reloc), 4409 offstr(dest->sec, dest->offset)); 4410 4411 return 1; 4412} 4413 4414/* 4415 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4416 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4417 * NOPs) later, in create_ibt_endbr_seal_sections(). 4418 */ 4419static int validate_ibt(struct objtool_file *file) 4420{ 4421 struct section *sec; 4422 struct reloc *reloc; 4423 struct instruction *insn; 4424 int warnings = 0; 4425 4426 for_each_insn(file, insn) 4427 warnings += validate_ibt_insn(file, insn); 4428 4429 for_each_sec(file, sec) { 4430 4431 /* Already done by validate_ibt_insn() */ 4432 if (sec->sh.sh_flags & SHF_EXECINSTR) 4433 continue; 4434 4435 if (!sec->rsec) 4436 continue; 4437 4438 /* 4439 * These sections can reference text addresses, but not with 4440 * the intent to indirect branch to them. 4441 */ 4442 if ((!strncmp(sec->name, ".discard", 8) && 4443 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4444 !strncmp(sec->name, ".debug", 6) || 4445 !strcmp(sec->name, ".altinstructions") || 4446 !strcmp(sec->name, ".ibt_endbr_seal") || 4447 !strcmp(sec->name, ".orc_unwind_ip") || 4448 !strcmp(sec->name, ".parainstructions") || 4449 !strcmp(sec->name, ".retpoline_sites") || 4450 !strcmp(sec->name, ".smp_locks") || 4451 !strcmp(sec->name, ".static_call_sites") || 4452 !strcmp(sec->name, "_error_injection_whitelist") || 4453 !strcmp(sec->name, "_kprobe_blacklist") || 4454 !strcmp(sec->name, "__bug_table") || 4455 !strcmp(sec->name, "__ex_table") || 4456 !strcmp(sec->name, "__jump_table") || 4457 !strcmp(sec->name, "__mcount_loc") || 4458 !strcmp(sec->name, ".kcfi_traps") || 4459 strstr(sec->name, "__patchable_function_entries")) 4460 continue; 4461 4462 for_each_reloc(sec->rsec, reloc) 4463 warnings += validate_ibt_data_reloc(file, reloc); 4464 } 4465 4466 return warnings; 4467} 4468 4469static int validate_sls(struct objtool_file *file) 4470{ 4471 struct instruction *insn, *next_insn; 4472 int warnings = 0; 4473 4474 for_each_insn(file, insn) { 4475 next_insn = next_insn_same_sec(file, insn); 4476 4477 if (insn->retpoline_safe) 4478 continue; 4479 4480 switch (insn->type) { 4481 case INSN_RETURN: 4482 if (!next_insn || next_insn->type != INSN_TRAP) { 4483 WARN_INSN(insn, "missing int3 after ret"); 4484 warnings++; 4485 } 4486 4487 break; 4488 case INSN_JUMP_DYNAMIC: 4489 if (!next_insn || next_insn->type != INSN_TRAP) { 4490 WARN_INSN(insn, "missing int3 after indirect jump"); 4491 warnings++; 4492 } 4493 break; 4494 default: 4495 break; 4496 } 4497 } 4498 4499 return warnings; 4500} 4501 4502static bool ignore_noreturn_call(struct instruction *insn) 4503{ 4504 struct symbol *call_dest = insn_call_dest(insn); 4505 4506 /* 4507 * FIXME: hack, we need a real noreturn solution 4508 * 4509 * Problem is, exc_double_fault() may or may not return, depending on 4510 * whether CONFIG_X86_ESPFIX64 is set. But objtool has no visibility 4511 * to the kernel config. 4512 * 4513 * Other potential ways to fix it: 4514 * 4515 * - have compiler communicate __noreturn functions somehow 4516 * - remove CONFIG_X86_ESPFIX64 4517 * - read the .config file 4518 * - add a cmdline option 4519 * - create a generic objtool annotation format (vs a bunch of custom 4520 * formats) and annotate it 4521 */ 4522 if (!strcmp(call_dest->name, "exc_double_fault")) { 4523 /* prevent further unreachable warnings for the caller */ 4524 insn->sym->warned = 1; 4525 return true; 4526 } 4527 4528 return false; 4529} 4530 4531static int validate_reachable_instructions(struct objtool_file *file) 4532{ 4533 struct instruction *insn, *prev_insn; 4534 struct symbol *call_dest; 4535 int warnings = 0; 4536 4537 if (file->ignore_unreachables) 4538 return 0; 4539 4540 for_each_insn(file, insn) { 4541 if (insn->visited || ignore_unreachable_insn(file, insn)) 4542 continue; 4543 4544 prev_insn = prev_insn_same_sec(file, insn); 4545 if (prev_insn && prev_insn->dead_end) { 4546 call_dest = insn_call_dest(prev_insn); 4547 if (call_dest && !ignore_noreturn_call(prev_insn)) { 4548 WARN_INSN(insn, "%s() is missing a __noreturn annotation", 4549 call_dest->name); 4550 warnings++; 4551 continue; 4552 } 4553 } 4554 4555 WARN_INSN(insn, "unreachable instruction"); 4556 warnings++; 4557 } 4558 4559 return warnings; 4560} 4561 4562/* 'funcs' is a space-separated list of function names */ 4563static int disas_funcs(const char *funcs) 4564{ 4565 const char *objdump_str, *cross_compile; 4566 int size, ret; 4567 char *cmd; 4568 4569 cross_compile = getenv("CROSS_COMPILE"); 4570 4571 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '" 4572 "BEGIN { split(_funcs, funcs); }" 4573 "/^$/ { func_match = 0; }" 4574 "/<.*>:/ { " 4575 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);" 4576 "for (i in funcs) {" 4577 "if (funcs[i] == f) {" 4578 "func_match = 1;" 4579 "base = strtonum(\"0x\" $1);" 4580 "break;" 4581 "}" 4582 "}" 4583 "}" 4584 "{" 4585 "if (func_match) {" 4586 "addr = strtonum(\"0x\" $1);" 4587 "printf(\"%%04x \", addr - base);" 4588 "print;" 4589 "}" 4590 "}' 1>&2"; 4591 4592 /* fake snprintf() to calculate the size */ 4593 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1; 4594 if (size <= 0) { 4595 WARN("objdump string size calculation failed"); 4596 return -1; 4597 } 4598 4599 cmd = malloc(size); 4600 4601 /* real snprintf() */ 4602 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs); 4603 ret = system(cmd); 4604 if (ret) { 4605 WARN("disassembly failed: %d", ret); 4606 return -1; 4607 } 4608 4609 return 0; 4610} 4611 4612static int disas_warned_funcs(struct objtool_file *file) 4613{ 4614 struct symbol *sym; 4615 char *funcs = NULL, *tmp; 4616 4617 for_each_sym(file, sym) { 4618 if (sym->warned) { 4619 if (!funcs) { 4620 funcs = malloc(strlen(sym->name) + 1); 4621 strcpy(funcs, sym->name); 4622 } else { 4623 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2); 4624 sprintf(tmp, "%s %s", funcs, sym->name); 4625 free(funcs); 4626 funcs = tmp; 4627 } 4628 } 4629 } 4630 4631 if (funcs) 4632 disas_funcs(funcs); 4633 4634 return 0; 4635} 4636 4637struct insn_chunk { 4638 void *addr; 4639 struct insn_chunk *next; 4640}; 4641 4642/* 4643 * Reduce peak RSS usage by freeing insns memory before writing the ELF file, 4644 * which can trigger more allocations for .debug_* sections whose data hasn't 4645 * been read yet. 4646 */ 4647static void free_insns(struct objtool_file *file) 4648{ 4649 struct instruction *insn; 4650 struct insn_chunk *chunks = NULL, *chunk; 4651 4652 for_each_insn(file, insn) { 4653 if (!insn->idx) { 4654 chunk = malloc(sizeof(*chunk)); 4655 chunk->addr = insn; 4656 chunk->next = chunks; 4657 chunks = chunk; 4658 } 4659 } 4660 4661 for (chunk = chunks; chunk; chunk = chunk->next) 4662 free(chunk->addr); 4663} 4664 4665int check(struct objtool_file *file) 4666{ 4667 int ret, warnings = 0; 4668 4669 arch_initial_func_cfi_state(&initial_func_cfi); 4670 init_cfi_state(&init_cfi); 4671 init_cfi_state(&func_cfi); 4672 set_func_state(&func_cfi); 4673 init_cfi_state(&force_undefined_cfi); 4674 force_undefined_cfi.force_undefined = true; 4675 4676 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) 4677 goto out; 4678 4679 cfi_hash_add(&init_cfi); 4680 cfi_hash_add(&func_cfi); 4681 4682 ret = decode_sections(file); 4683 if (ret < 0) 4684 goto out; 4685 4686 warnings += ret; 4687 4688 if (!nr_insns) 4689 goto out; 4690 4691 if (opts.retpoline) { 4692 ret = validate_retpoline(file); 4693 if (ret < 0) 4694 return ret; 4695 warnings += ret; 4696 } 4697 4698 if (opts.stackval || opts.orc || opts.uaccess) { 4699 ret = validate_functions(file); 4700 if (ret < 0) 4701 goto out; 4702 warnings += ret; 4703 4704 ret = validate_unwind_hints(file, NULL); 4705 if (ret < 0) 4706 goto out; 4707 warnings += ret; 4708 4709 if (!warnings) { 4710 ret = validate_reachable_instructions(file); 4711 if (ret < 0) 4712 goto out; 4713 warnings += ret; 4714 } 4715 4716 } else if (opts.noinstr) { 4717 ret = validate_noinstr_sections(file); 4718 if (ret < 0) 4719 goto out; 4720 warnings += ret; 4721 } 4722 4723 if (opts.unret) { 4724 /* 4725 * Must be after validate_branch() and friends, it plays 4726 * further games with insn->visited. 4727 */ 4728 ret = validate_unrets(file); 4729 if (ret < 0) 4730 return ret; 4731 warnings += ret; 4732 } 4733 4734 if (opts.ibt) { 4735 ret = validate_ibt(file); 4736 if (ret < 0) 4737 goto out; 4738 warnings += ret; 4739 } 4740 4741 if (opts.sls) { 4742 ret = validate_sls(file); 4743 if (ret < 0) 4744 goto out; 4745 warnings += ret; 4746 } 4747 4748 if (opts.static_call) { 4749 ret = create_static_call_sections(file); 4750 if (ret < 0) 4751 goto out; 4752 warnings += ret; 4753 } 4754 4755 if (opts.retpoline) { 4756 ret = create_retpoline_sites_sections(file); 4757 if (ret < 0) 4758 goto out; 4759 warnings += ret; 4760 } 4761 4762 if (opts.cfi) { 4763 ret = create_cfi_sections(file); 4764 if (ret < 0) 4765 goto out; 4766 warnings += ret; 4767 } 4768 4769 if (opts.rethunk) { 4770 ret = create_return_sites_sections(file); 4771 if (ret < 0) 4772 goto out; 4773 warnings += ret; 4774 4775 if (opts.hack_skylake) { 4776 ret = create_direct_call_sections(file); 4777 if (ret < 0) 4778 goto out; 4779 warnings += ret; 4780 } 4781 } 4782 4783 if (opts.mcount) { 4784 ret = create_mcount_loc_sections(file); 4785 if (ret < 0) 4786 goto out; 4787 warnings += ret; 4788 } 4789 4790 if (opts.prefix) { 4791 ret = add_prefix_symbols(file); 4792 if (ret < 0) 4793 return ret; 4794 warnings += ret; 4795 } 4796 4797 if (opts.ibt) { 4798 ret = create_ibt_endbr_seal_sections(file); 4799 if (ret < 0) 4800 goto out; 4801 warnings += ret; 4802 } 4803 4804 if (opts.orc && nr_insns) { 4805 ret = orc_create(file); 4806 if (ret < 0) 4807 goto out; 4808 warnings += ret; 4809 } 4810 4811 free_insns(file); 4812 4813 if (opts.verbose) 4814 disas_warned_funcs(file); 4815 4816 if (opts.stats) { 4817 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4818 printf("nr_cfi: %ld\n", nr_cfi); 4819 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4820 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4821 } 4822 4823out: 4824 /* 4825 * For now, don't fail the kernel build on fatal warnings. These 4826 * errors are still fairly common due to the growing matrix of 4827 * supported toolchains and their recent pace of change. 4828 */ 4829 return 0; 4830} 4831