1 /* 2 * AArch64 loadable module support. 3 * 4 * Copyright (C) 2012 ARM Limited 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 * Author: Will Deacon <will.deacon@arm.com> 19 */ 20 21 #include <linux/bitops.h> 22 #include <linux/elf.h> 23 #include <linux/gfp.h> 24 #include <linux/kernel.h> 25 #include <linux/mm.h> 26 #include <linux/moduleloader.h> 27 #include <linux/vmalloc.h> 28 29 void *module_alloc(unsigned long size) 30 { 31 return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END, 32 GFP_KERNEL, PAGE_KERNEL_EXEC, NUMA_NO_NODE, 33 __builtin_return_address(0)); 34 } 35 36 enum aarch64_reloc_op { 37 RELOC_OP_NONE, 38 RELOC_OP_ABS, 39 RELOC_OP_PREL, 40 RELOC_OP_PAGE, 41 }; 42 43 static u64 do_reloc(enum aarch64_reloc_op reloc_op, void *place, u64 val) 44 { 45 switch (reloc_op) { 46 case RELOC_OP_ABS: 47 return val; 48 case RELOC_OP_PREL: 49 return val - (u64)place; 50 case RELOC_OP_PAGE: 51 return (val & ~0xfff) - ((u64)place & ~0xfff); 52 case RELOC_OP_NONE: 53 return 0; 54 } 55 56 pr_err("do_reloc: unknown relocation operation %d\n", reloc_op); 57 return 0; 58 } 59 60 static int reloc_data(enum aarch64_reloc_op op, void *place, u64 val, int len) 61 { 62 u64 imm_mask = (1 << len) - 1; 63 s64 sval = do_reloc(op, place, val); 64 65 switch (len) { 66 case 16: 67 *(s16 *)place = sval; 68 break; 69 case 32: 70 *(s32 *)place = sval; 71 break; 72 case 64: 73 *(s64 *)place = sval; 74 break; 75 default: 76 pr_err("Invalid length (%d) for data relocation\n", len); 77 return 0; 78 } 79 80 /* 81 * Extract the upper value bits (including the sign bit) and 82 * shift them to bit 0. 83 */ 84 sval = (s64)(sval & ~(imm_mask >> 1)) >> (len - 1); 85 86 /* 87 * Overflow has occurred if the value is not representable in 88 * len bits (i.e the bottom len bits are not sign-extended and 89 * the top bits are not all zero). 90 */ 91 if ((u64)(sval + 1) > 2) 92 return -ERANGE; 93 94 return 0; 95 } 96 97 enum aarch64_imm_type { 98 INSN_IMM_MOVNZ, 99 INSN_IMM_MOVK, 100 INSN_IMM_ADR, 101 INSN_IMM_26, 102 INSN_IMM_19, 103 INSN_IMM_16, 104 INSN_IMM_14, 105 INSN_IMM_12, 106 INSN_IMM_9, 107 }; 108 109 static u32 encode_insn_immediate(enum aarch64_imm_type type, u32 insn, u64 imm) 110 { 111 u32 immlo, immhi, lomask, himask, mask; 112 int shift; 113 114 /* The instruction stream is always little endian. */ 115 insn = le32_to_cpu(insn); 116 117 switch (type) { 118 case INSN_IMM_MOVNZ: 119 /* 120 * For signed MOVW relocations, we have to manipulate the 121 * instruction encoding depending on whether or not the 122 * immediate is less than zero. 123 */ 124 insn &= ~(3 << 29); 125 if ((s64)imm >= 0) { 126 /* >=0: Set the instruction to MOVZ (opcode 10b). */ 127 insn |= 2 << 29; 128 } else { 129 /* 130 * <0: Set the instruction to MOVN (opcode 00b). 131 * Since we've masked the opcode already, we 132 * don't need to do anything other than 133 * inverting the new immediate field. 134 */ 135 imm = ~imm; 136 } 137 case INSN_IMM_MOVK: 138 mask = BIT(16) - 1; 139 shift = 5; 140 break; 141 case INSN_IMM_ADR: 142 lomask = 0x3; 143 himask = 0x7ffff; 144 immlo = imm & lomask; 145 imm >>= 2; 146 immhi = imm & himask; 147 imm = (immlo << 24) | (immhi); 148 mask = (lomask << 24) | (himask); 149 shift = 5; 150 break; 151 case INSN_IMM_26: 152 mask = BIT(26) - 1; 153 shift = 0; 154 break; 155 case INSN_IMM_19: 156 mask = BIT(19) - 1; 157 shift = 5; 158 break; 159 case INSN_IMM_16: 160 mask = BIT(16) - 1; 161 shift = 5; 162 break; 163 case INSN_IMM_14: 164 mask = BIT(14) - 1; 165 shift = 5; 166 break; 167 case INSN_IMM_12: 168 mask = BIT(12) - 1; 169 shift = 10; 170 break; 171 case INSN_IMM_9: 172 mask = BIT(9) - 1; 173 shift = 12; 174 break; 175 default: 176 pr_err("encode_insn_immediate: unknown immediate encoding %d\n", 177 type); 178 return 0; 179 } 180 181 /* Update the immediate field. */ 182 insn &= ~(mask << shift); 183 insn |= (imm & mask) << shift; 184 185 return cpu_to_le32(insn); 186 } 187 188 static int reloc_insn_movw(enum aarch64_reloc_op op, void *place, u64 val, 189 int lsb, enum aarch64_imm_type imm_type) 190 { 191 u64 imm, limit = 0; 192 s64 sval; 193 u32 insn = *(u32 *)place; 194 195 sval = do_reloc(op, place, val); 196 sval >>= lsb; 197 imm = sval & 0xffff; 198 199 /* Update the instruction with the new encoding. */ 200 *(u32 *)place = encode_insn_immediate(imm_type, insn, imm); 201 202 /* Shift out the immediate field. */ 203 sval >>= 16; 204 205 /* 206 * For unsigned immediates, the overflow check is straightforward. 207 * For signed immediates, the sign bit is actually the bit past the 208 * most significant bit of the field. 209 * The INSN_IMM_16 immediate type is unsigned. 210 */ 211 if (imm_type != INSN_IMM_16) { 212 sval++; 213 limit++; 214 } 215 216 /* Check the upper bits depending on the sign of the immediate. */ 217 if ((u64)sval > limit) 218 return -ERANGE; 219 220 return 0; 221 } 222 223 static int reloc_insn_imm(enum aarch64_reloc_op op, void *place, u64 val, 224 int lsb, int len, enum aarch64_imm_type imm_type) 225 { 226 u64 imm, imm_mask; 227 s64 sval; 228 u32 insn = *(u32 *)place; 229 230 /* Calculate the relocation value. */ 231 sval = do_reloc(op, place, val); 232 sval >>= lsb; 233 234 /* Extract the value bits and shift them to bit 0. */ 235 imm_mask = (BIT(lsb + len) - 1) >> lsb; 236 imm = sval & imm_mask; 237 238 /* Update the instruction's immediate field. */ 239 *(u32 *)place = encode_insn_immediate(imm_type, insn, imm); 240 241 /* 242 * Extract the upper value bits (including the sign bit) and 243 * shift them to bit 0. 244 */ 245 sval = (s64)(sval & ~(imm_mask >> 1)) >> (len - 1); 246 247 /* 248 * Overflow has occurred if the upper bits are not all equal to 249 * the sign bit of the value. 250 */ 251 if ((u64)(sval + 1) >= 2) 252 return -ERANGE; 253 254 return 0; 255 } 256 257 int apply_relocate_add(Elf64_Shdr *sechdrs, 258 const char *strtab, 259 unsigned int symindex, 260 unsigned int relsec, 261 struct module *me) 262 { 263 unsigned int i; 264 int ovf; 265 bool overflow_check; 266 Elf64_Sym *sym; 267 void *loc; 268 u64 val; 269 Elf64_Rela *rel = (void *)sechdrs[relsec].sh_addr; 270 271 for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) { 272 /* loc corresponds to P in the AArch64 ELF document. */ 273 loc = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr 274 + rel[i].r_offset; 275 276 /* sym is the ELF symbol we're referring to. */ 277 sym = (Elf64_Sym *)sechdrs[symindex].sh_addr 278 + ELF64_R_SYM(rel[i].r_info); 279 280 /* val corresponds to (S + A) in the AArch64 ELF document. */ 281 val = sym->st_value + rel[i].r_addend; 282 283 /* Check for overflow by default. */ 284 overflow_check = true; 285 286 /* Perform the static relocation. */ 287 switch (ELF64_R_TYPE(rel[i].r_info)) { 288 /* Null relocations. */ 289 case R_ARM_NONE: 290 case R_AARCH64_NONE: 291 ovf = 0; 292 break; 293 294 /* Data relocations. */ 295 case R_AARCH64_ABS64: 296 overflow_check = false; 297 ovf = reloc_data(RELOC_OP_ABS, loc, val, 64); 298 break; 299 case R_AARCH64_ABS32: 300 ovf = reloc_data(RELOC_OP_ABS, loc, val, 32); 301 break; 302 case R_AARCH64_ABS16: 303 ovf = reloc_data(RELOC_OP_ABS, loc, val, 16); 304 break; 305 case R_AARCH64_PREL64: 306 overflow_check = false; 307 ovf = reloc_data(RELOC_OP_PREL, loc, val, 64); 308 break; 309 case R_AARCH64_PREL32: 310 ovf = reloc_data(RELOC_OP_PREL, loc, val, 32); 311 break; 312 case R_AARCH64_PREL16: 313 ovf = reloc_data(RELOC_OP_PREL, loc, val, 16); 314 break; 315 316 /* MOVW instruction relocations. */ 317 case R_AARCH64_MOVW_UABS_G0_NC: 318 overflow_check = false; 319 case R_AARCH64_MOVW_UABS_G0: 320 ovf = reloc_insn_movw(RELOC_OP_ABS, loc, val, 0, 321 INSN_IMM_16); 322 break; 323 case R_AARCH64_MOVW_UABS_G1_NC: 324 overflow_check = false; 325 case R_AARCH64_MOVW_UABS_G1: 326 ovf = reloc_insn_movw(RELOC_OP_ABS, loc, val, 16, 327 INSN_IMM_16); 328 break; 329 case R_AARCH64_MOVW_UABS_G2_NC: 330 overflow_check = false; 331 case R_AARCH64_MOVW_UABS_G2: 332 ovf = reloc_insn_movw(RELOC_OP_ABS, loc, val, 32, 333 INSN_IMM_16); 334 break; 335 case R_AARCH64_MOVW_UABS_G3: 336 /* We're using the top bits so we can't overflow. */ 337 overflow_check = false; 338 ovf = reloc_insn_movw(RELOC_OP_ABS, loc, val, 48, 339 INSN_IMM_16); 340 break; 341 case R_AARCH64_MOVW_SABS_G0: 342 ovf = reloc_insn_movw(RELOC_OP_ABS, loc, val, 0, 343 INSN_IMM_MOVNZ); 344 break; 345 case R_AARCH64_MOVW_SABS_G1: 346 ovf = reloc_insn_movw(RELOC_OP_ABS, loc, val, 16, 347 INSN_IMM_MOVNZ); 348 break; 349 case R_AARCH64_MOVW_SABS_G2: 350 ovf = reloc_insn_movw(RELOC_OP_ABS, loc, val, 32, 351 INSN_IMM_MOVNZ); 352 break; 353 case R_AARCH64_MOVW_PREL_G0_NC: 354 overflow_check = false; 355 ovf = reloc_insn_movw(RELOC_OP_PREL, loc, val, 0, 356 INSN_IMM_MOVK); 357 break; 358 case R_AARCH64_MOVW_PREL_G0: 359 ovf = reloc_insn_movw(RELOC_OP_PREL, loc, val, 0, 360 INSN_IMM_MOVNZ); 361 break; 362 case R_AARCH64_MOVW_PREL_G1_NC: 363 overflow_check = false; 364 ovf = reloc_insn_movw(RELOC_OP_PREL, loc, val, 16, 365 INSN_IMM_MOVK); 366 break; 367 case R_AARCH64_MOVW_PREL_G1: 368 ovf = reloc_insn_movw(RELOC_OP_PREL, loc, val, 16, 369 INSN_IMM_MOVNZ); 370 break; 371 case R_AARCH64_MOVW_PREL_G2_NC: 372 overflow_check = false; 373 ovf = reloc_insn_movw(RELOC_OP_PREL, loc, val, 32, 374 INSN_IMM_MOVK); 375 break; 376 case R_AARCH64_MOVW_PREL_G2: 377 ovf = reloc_insn_movw(RELOC_OP_PREL, loc, val, 32, 378 INSN_IMM_MOVNZ); 379 break; 380 case R_AARCH64_MOVW_PREL_G3: 381 /* We're using the top bits so we can't overflow. */ 382 overflow_check = false; 383 ovf = reloc_insn_movw(RELOC_OP_PREL, loc, val, 48, 384 INSN_IMM_MOVNZ); 385 break; 386 387 /* Immediate instruction relocations. */ 388 case R_AARCH64_LD_PREL_LO19: 389 ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 2, 19, 390 INSN_IMM_19); 391 break; 392 case R_AARCH64_ADR_PREL_LO21: 393 ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 0, 21, 394 INSN_IMM_ADR); 395 break; 396 case R_AARCH64_ADR_PREL_PG_HI21_NC: 397 overflow_check = false; 398 case R_AARCH64_ADR_PREL_PG_HI21: 399 ovf = reloc_insn_imm(RELOC_OP_PAGE, loc, val, 12, 21, 400 INSN_IMM_ADR); 401 break; 402 case R_AARCH64_ADD_ABS_LO12_NC: 403 case R_AARCH64_LDST8_ABS_LO12_NC: 404 overflow_check = false; 405 ovf = reloc_insn_imm(RELOC_OP_ABS, loc, val, 0, 12, 406 INSN_IMM_12); 407 break; 408 case R_AARCH64_LDST16_ABS_LO12_NC: 409 overflow_check = false; 410 ovf = reloc_insn_imm(RELOC_OP_ABS, loc, val, 1, 11, 411 INSN_IMM_12); 412 break; 413 case R_AARCH64_LDST32_ABS_LO12_NC: 414 overflow_check = false; 415 ovf = reloc_insn_imm(RELOC_OP_ABS, loc, val, 2, 10, 416 INSN_IMM_12); 417 break; 418 case R_AARCH64_LDST64_ABS_LO12_NC: 419 overflow_check = false; 420 ovf = reloc_insn_imm(RELOC_OP_ABS, loc, val, 3, 9, 421 INSN_IMM_12); 422 break; 423 case R_AARCH64_LDST128_ABS_LO12_NC: 424 overflow_check = false; 425 ovf = reloc_insn_imm(RELOC_OP_ABS, loc, val, 4, 8, 426 INSN_IMM_12); 427 break; 428 case R_AARCH64_TSTBR14: 429 ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 2, 14, 430 INSN_IMM_14); 431 break; 432 case R_AARCH64_CONDBR19: 433 ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 2, 19, 434 INSN_IMM_19); 435 break; 436 case R_AARCH64_JUMP26: 437 case R_AARCH64_CALL26: 438 ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 2, 26, 439 INSN_IMM_26); 440 break; 441 442 default: 443 pr_err("module %s: unsupported RELA relocation: %llu\n", 444 me->name, ELF64_R_TYPE(rel[i].r_info)); 445 return -ENOEXEC; 446 } 447 448 if (overflow_check && ovf == -ERANGE) 449 goto overflow; 450 451 } 452 453 return 0; 454 455 overflow: 456 pr_err("module %s: overflow in relocation type %d val %Lx\n", 457 me->name, (int)ELF64_R_TYPE(rel[i].r_info), val); 458 return -ENOEXEC; 459 } 460