1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 9 #include "builtin.h" 10 #include "check.h" 11 #include "elf.h" 12 #include "special.h" 13 #include "arch.h" 14 #include "warn.h" 15 16 #include <linux/hashtable.h> 17 #include <linux/kernel.h> 18 19 #define FAKE_JUMP_OFFSET -1 20 21 struct alternative { 22 struct list_head list; 23 struct instruction *insn; 24 bool skip_orig; 25 }; 26 27 const char *objname; 28 struct cfi_state initial_func_cfi; 29 30 struct instruction *find_insn(struct objtool_file *file, 31 struct section *sec, unsigned long offset) 32 { 33 struct instruction *insn; 34 35 hash_for_each_possible(file->insn_hash, insn, hash, offset) 36 if (insn->sec == sec && insn->offset == offset) 37 return insn; 38 39 return NULL; 40 } 41 42 static struct instruction *next_insn_same_sec(struct objtool_file *file, 43 struct instruction *insn) 44 { 45 struct instruction *next = list_next_entry(insn, list); 46 47 if (!next || &next->list == &file->insn_list || next->sec != insn->sec) 48 return NULL; 49 50 return next; 51 } 52 53 static struct instruction *next_insn_same_func(struct objtool_file *file, 54 struct instruction *insn) 55 { 56 struct instruction *next = list_next_entry(insn, list); 57 struct symbol *func = insn->func; 58 59 if (!func) 60 return NULL; 61 62 if (&next->list != &file->insn_list && next->func == func) 63 return next; 64 65 /* Check if we're already in the subfunction: */ 66 if (func == func->cfunc) 67 return NULL; 68 69 /* Move to the subfunction: */ 70 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 71 } 72 73 #define func_for_each_insn_all(file, func, insn) \ 74 for (insn = find_insn(file, func->sec, func->offset); \ 75 insn; \ 76 insn = next_insn_same_func(file, insn)) 77 78 #define func_for_each_insn(file, func, insn) \ 79 for (insn = find_insn(file, func->sec, func->offset); \ 80 insn && &insn->list != &file->insn_list && \ 81 insn->sec == func->sec && \ 82 insn->offset < func->offset + func->len; \ 83 insn = list_next_entry(insn, list)) 84 85 #define func_for_each_insn_continue_reverse(file, func, insn) \ 86 for (insn = list_prev_entry(insn, list); \ 87 &insn->list != &file->insn_list && \ 88 insn->sec == func->sec && insn->offset >= func->offset; \ 89 insn = list_prev_entry(insn, list)) 90 91 #define sec_for_each_insn_from(file, insn) \ 92 for (; insn; insn = next_insn_same_sec(file, insn)) 93 94 #define sec_for_each_insn_continue(file, insn) \ 95 for (insn = next_insn_same_sec(file, insn); insn; \ 96 insn = next_insn_same_sec(file, insn)) 97 98 /* 99 * This checks to see if the given function is a "noreturn" function. 100 * 101 * For global functions which are outside the scope of this object file, we 102 * have to keep a manual list of them. 103 * 104 * For local functions, we have to detect them manually by simply looking for 105 * the lack of a return instruction. 106 * 107 * Returns: 108 * -1: error 109 * 0: no dead end 110 * 1: dead end 111 */ 112 static int __dead_end_function(struct objtool_file *file, struct symbol *func, 113 int recursion) 114 { 115 int i; 116 struct instruction *insn; 117 bool empty = true; 118 119 /* 120 * Unfortunately these have to be hard coded because the noreturn 121 * attribute isn't provided in ELF data. 122 */ 123 static const char * const global_noreturns[] = { 124 "__stack_chk_fail", 125 "panic", 126 "do_exit", 127 "do_task_dead", 128 "__module_put_and_exit", 129 "complete_and_exit", 130 "kvm_spurious_fault", 131 "__reiserfs_panic", 132 "lbug_with_loc", 133 "fortify_panic", 134 "usercopy_abort", 135 "machine_real_restart", 136 "rewind_stack_do_exit", 137 }; 138 139 if (func->bind == STB_WEAK) 140 return 0; 141 142 if (func->bind == STB_GLOBAL) 143 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 144 if (!strcmp(func->name, global_noreturns[i])) 145 return 1; 146 147 if (!func->len) 148 return 0; 149 150 insn = find_insn(file, func->sec, func->offset); 151 if (!insn->func) 152 return 0; 153 154 func_for_each_insn_all(file, func, insn) { 155 empty = false; 156 157 if (insn->type == INSN_RETURN) 158 return 0; 159 } 160 161 if (empty) 162 return 0; 163 164 /* 165 * A function can have a sibling call instead of a return. In that 166 * case, the function's dead-end status depends on whether the target 167 * of the sibling call returns. 168 */ 169 func_for_each_insn_all(file, func, insn) { 170 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 171 struct instruction *dest = insn->jump_dest; 172 173 if (!dest) 174 /* sibling call to another file */ 175 return 0; 176 177 if (dest->func && dest->func->pfunc != insn->func->pfunc) { 178 179 /* local sibling call */ 180 if (recursion == 5) { 181 /* 182 * Infinite recursion: two functions 183 * have sibling calls to each other. 184 * This is a very rare case. It means 185 * they aren't dead ends. 186 */ 187 return 0; 188 } 189 190 return __dead_end_function(file, dest->func, 191 recursion + 1); 192 } 193 } 194 195 if (insn->type == INSN_JUMP_DYNAMIC && list_empty(&insn->alts)) 196 /* sibling call */ 197 return 0; 198 } 199 200 return 1; 201 } 202 203 static int dead_end_function(struct objtool_file *file, struct symbol *func) 204 { 205 return __dead_end_function(file, func, 0); 206 } 207 208 static void clear_insn_state(struct insn_state *state) 209 { 210 int i; 211 212 memset(state, 0, sizeof(*state)); 213 state->cfa.base = CFI_UNDEFINED; 214 for (i = 0; i < CFI_NUM_REGS; i++) { 215 state->regs[i].base = CFI_UNDEFINED; 216 state->vals[i].base = CFI_UNDEFINED; 217 } 218 state->drap_reg = CFI_UNDEFINED; 219 state->drap_offset = -1; 220 } 221 222 /* 223 * Call the arch-specific instruction decoder for all the instructions and add 224 * them to the global instruction list. 225 */ 226 static int decode_instructions(struct objtool_file *file) 227 { 228 struct section *sec; 229 struct symbol *func; 230 unsigned long offset; 231 struct instruction *insn; 232 int ret; 233 234 for_each_sec(file, sec) { 235 236 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 237 continue; 238 239 if (strcmp(sec->name, ".altinstr_replacement") && 240 strcmp(sec->name, ".altinstr_aux") && 241 strncmp(sec->name, ".discard.", 9)) 242 sec->text = true; 243 244 for (offset = 0; offset < sec->len; offset += insn->len) { 245 insn = malloc(sizeof(*insn)); 246 if (!insn) { 247 WARN("malloc failed"); 248 return -1; 249 } 250 memset(insn, 0, sizeof(*insn)); 251 INIT_LIST_HEAD(&insn->alts); 252 clear_insn_state(&insn->state); 253 254 insn->sec = sec; 255 insn->offset = offset; 256 257 ret = arch_decode_instruction(file->elf, sec, offset, 258 sec->len - offset, 259 &insn->len, &insn->type, 260 &insn->immediate, 261 &insn->stack_op); 262 if (ret) 263 goto err; 264 265 if (!insn->type || insn->type > INSN_LAST) { 266 WARN_FUNC("invalid instruction type %d", 267 insn->sec, insn->offset, insn->type); 268 ret = -1; 269 goto err; 270 } 271 272 hash_add(file->insn_hash, &insn->hash, insn->offset); 273 list_add_tail(&insn->list, &file->insn_list); 274 } 275 276 list_for_each_entry(func, &sec->symbol_list, list) { 277 if (func->type != STT_FUNC) 278 continue; 279 280 if (!find_insn(file, sec, func->offset)) { 281 WARN("%s(): can't find starting instruction", 282 func->name); 283 return -1; 284 } 285 286 func_for_each_insn(file, func, insn) 287 if (!insn->func) 288 insn->func = func; 289 } 290 } 291 292 return 0; 293 294 err: 295 free(insn); 296 return ret; 297 } 298 299 /* 300 * Mark "ud2" instructions and manually annotated dead ends. 301 */ 302 static int add_dead_ends(struct objtool_file *file) 303 { 304 struct section *sec; 305 struct rela *rela; 306 struct instruction *insn; 307 bool found; 308 309 /* 310 * By default, "ud2" is a dead end unless otherwise annotated, because 311 * GCC 7 inserts it for certain divide-by-zero cases. 312 */ 313 for_each_insn(file, insn) 314 if (insn->type == INSN_BUG) 315 insn->dead_end = true; 316 317 /* 318 * Check for manually annotated dead ends. 319 */ 320 sec = find_section_by_name(file->elf, ".rela.discard.unreachable"); 321 if (!sec) 322 goto reachable; 323 324 list_for_each_entry(rela, &sec->rela_list, list) { 325 if (rela->sym->type != STT_SECTION) { 326 WARN("unexpected relocation symbol type in %s", sec->name); 327 return -1; 328 } 329 insn = find_insn(file, rela->sym->sec, rela->addend); 330 if (insn) 331 insn = list_prev_entry(insn, list); 332 else if (rela->addend == rela->sym->sec->len) { 333 found = false; 334 list_for_each_entry_reverse(insn, &file->insn_list, list) { 335 if (insn->sec == rela->sym->sec) { 336 found = true; 337 break; 338 } 339 } 340 341 if (!found) { 342 WARN("can't find unreachable insn at %s+0x%x", 343 rela->sym->sec->name, rela->addend); 344 return -1; 345 } 346 } else { 347 WARN("can't find unreachable insn at %s+0x%x", 348 rela->sym->sec->name, rela->addend); 349 return -1; 350 } 351 352 insn->dead_end = true; 353 } 354 355 reachable: 356 /* 357 * These manually annotated reachable checks are needed for GCC 4.4, 358 * where the Linux unreachable() macro isn't supported. In that case 359 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's 360 * not a dead end. 361 */ 362 sec = find_section_by_name(file->elf, ".rela.discard.reachable"); 363 if (!sec) 364 return 0; 365 366 list_for_each_entry(rela, &sec->rela_list, list) { 367 if (rela->sym->type != STT_SECTION) { 368 WARN("unexpected relocation symbol type in %s", sec->name); 369 return -1; 370 } 371 insn = find_insn(file, rela->sym->sec, rela->addend); 372 if (insn) 373 insn = list_prev_entry(insn, list); 374 else if (rela->addend == rela->sym->sec->len) { 375 found = false; 376 list_for_each_entry_reverse(insn, &file->insn_list, list) { 377 if (insn->sec == rela->sym->sec) { 378 found = true; 379 break; 380 } 381 } 382 383 if (!found) { 384 WARN("can't find reachable insn at %s+0x%x", 385 rela->sym->sec->name, rela->addend); 386 return -1; 387 } 388 } else { 389 WARN("can't find reachable insn at %s+0x%x", 390 rela->sym->sec->name, rela->addend); 391 return -1; 392 } 393 394 insn->dead_end = false; 395 } 396 397 return 0; 398 } 399 400 /* 401 * Warnings shouldn't be reported for ignored functions. 402 */ 403 static void add_ignores(struct objtool_file *file) 404 { 405 struct instruction *insn; 406 struct section *sec; 407 struct symbol *func; 408 struct rela *rela; 409 410 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 411 if (!sec) 412 return; 413 414 list_for_each_entry(rela, &sec->rela_list, list) { 415 switch (rela->sym->type) { 416 case STT_FUNC: 417 func = rela->sym; 418 break; 419 420 case STT_SECTION: 421 func = find_symbol_by_offset(rela->sym->sec, rela->addend); 422 if (!func || func->type != STT_FUNC) 423 continue; 424 break; 425 426 default: 427 WARN("unexpected relocation symbol type in %s: %d", sec->name, rela->sym->type); 428 continue; 429 } 430 431 func_for_each_insn_all(file, func, insn) 432 insn->ignore = true; 433 } 434 } 435 436 /* 437 * This is a whitelist of functions that is allowed to be called with AC set. 438 * The list is meant to be minimal and only contains compiler instrumentation 439 * ABI and a few functions used to implement *_{to,from}_user() functions. 440 * 441 * These functions must not directly change AC, but may PUSHF/POPF. 442 */ 443 static const char *uaccess_safe_builtin[] = { 444 /* KASAN */ 445 "kasan_report", 446 "check_memory_region", 447 /* KASAN out-of-line */ 448 "__asan_loadN_noabort", 449 "__asan_load1_noabort", 450 "__asan_load2_noabort", 451 "__asan_load4_noabort", 452 "__asan_load8_noabort", 453 "__asan_load16_noabort", 454 "__asan_storeN_noabort", 455 "__asan_store1_noabort", 456 "__asan_store2_noabort", 457 "__asan_store4_noabort", 458 "__asan_store8_noabort", 459 "__asan_store16_noabort", 460 /* KASAN in-line */ 461 "__asan_report_load_n_noabort", 462 "__asan_report_load1_noabort", 463 "__asan_report_load2_noabort", 464 "__asan_report_load4_noabort", 465 "__asan_report_load8_noabort", 466 "__asan_report_load16_noabort", 467 "__asan_report_store_n_noabort", 468 "__asan_report_store1_noabort", 469 "__asan_report_store2_noabort", 470 "__asan_report_store4_noabort", 471 "__asan_report_store8_noabort", 472 "__asan_report_store16_noabort", 473 /* KCOV */ 474 "write_comp_data", 475 "__sanitizer_cov_trace_pc", 476 "__sanitizer_cov_trace_const_cmp1", 477 "__sanitizer_cov_trace_const_cmp2", 478 "__sanitizer_cov_trace_const_cmp4", 479 "__sanitizer_cov_trace_const_cmp8", 480 "__sanitizer_cov_trace_cmp1", 481 "__sanitizer_cov_trace_cmp2", 482 "__sanitizer_cov_trace_cmp4", 483 "__sanitizer_cov_trace_cmp8", 484 /* UBSAN */ 485 "ubsan_type_mismatch_common", 486 "__ubsan_handle_type_mismatch", 487 "__ubsan_handle_type_mismatch_v1", 488 /* misc */ 489 "csum_partial_copy_generic", 490 "__memcpy_mcsafe", 491 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 492 NULL 493 }; 494 495 static void add_uaccess_safe(struct objtool_file *file) 496 { 497 struct symbol *func; 498 const char **name; 499 500 if (!uaccess) 501 return; 502 503 for (name = uaccess_safe_builtin; *name; name++) { 504 func = find_symbol_by_name(file->elf, *name); 505 if (!func) 506 continue; 507 508 func->alias->uaccess_safe = true; 509 } 510 } 511 512 /* 513 * FIXME: For now, just ignore any alternatives which add retpolines. This is 514 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline. 515 * But it at least allows objtool to understand the control flow *around* the 516 * retpoline. 517 */ 518 static int add_ignore_alternatives(struct objtool_file *file) 519 { 520 struct section *sec; 521 struct rela *rela; 522 struct instruction *insn; 523 524 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts"); 525 if (!sec) 526 return 0; 527 528 list_for_each_entry(rela, &sec->rela_list, list) { 529 if (rela->sym->type != STT_SECTION) { 530 WARN("unexpected relocation symbol type in %s", sec->name); 531 return -1; 532 } 533 534 insn = find_insn(file, rela->sym->sec, rela->addend); 535 if (!insn) { 536 WARN("bad .discard.ignore_alts entry"); 537 return -1; 538 } 539 540 insn->ignore_alts = true; 541 } 542 543 return 0; 544 } 545 546 /* 547 * Find the destination instructions for all jumps. 548 */ 549 static int add_jump_destinations(struct objtool_file *file) 550 { 551 struct instruction *insn; 552 struct rela *rela; 553 struct section *dest_sec; 554 unsigned long dest_off; 555 556 for_each_insn(file, insn) { 557 if (insn->type != INSN_JUMP_CONDITIONAL && 558 insn->type != INSN_JUMP_UNCONDITIONAL) 559 continue; 560 561 if (insn->ignore || insn->offset == FAKE_JUMP_OFFSET) 562 continue; 563 564 rela = find_rela_by_dest_range(insn->sec, insn->offset, 565 insn->len); 566 if (!rela) { 567 dest_sec = insn->sec; 568 dest_off = insn->offset + insn->len + insn->immediate; 569 } else if (rela->sym->type == STT_SECTION) { 570 dest_sec = rela->sym->sec; 571 dest_off = rela->addend + 4; 572 } else if (rela->sym->sec->idx) { 573 dest_sec = rela->sym->sec; 574 dest_off = rela->sym->sym.st_value + rela->addend + 4; 575 } else if (strstr(rela->sym->name, "_indirect_thunk_")) { 576 /* 577 * Retpoline jumps are really dynamic jumps in 578 * disguise, so convert them accordingly. 579 */ 580 insn->type = INSN_JUMP_DYNAMIC; 581 insn->retpoline_safe = true; 582 continue; 583 } else { 584 /* sibling call */ 585 insn->call_dest = rela->sym; 586 insn->jump_dest = NULL; 587 continue; 588 } 589 590 insn->jump_dest = find_insn(file, dest_sec, dest_off); 591 if (!insn->jump_dest) { 592 593 /* 594 * This is a special case where an alt instruction 595 * jumps past the end of the section. These are 596 * handled later in handle_group_alt(). 597 */ 598 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 599 continue; 600 601 WARN_FUNC("can't find jump dest instruction at %s+0x%lx", 602 insn->sec, insn->offset, dest_sec->name, 603 dest_off); 604 return -1; 605 } 606 607 /* 608 * Cross-function jump. 609 */ 610 if (insn->func && insn->jump_dest->func && 611 insn->func != insn->jump_dest->func) { 612 613 /* 614 * For GCC 8+, create parent/child links for any cold 615 * subfunctions. This is _mostly_ redundant with a 616 * similar initialization in read_symbols(). 617 * 618 * If a function has aliases, we want the *first* such 619 * function in the symbol table to be the subfunction's 620 * parent. In that case we overwrite the 621 * initialization done in read_symbols(). 622 * 623 * However this code can't completely replace the 624 * read_symbols() code because this doesn't detect the 625 * case where the parent function's only reference to a 626 * subfunction is through a switch table. 627 */ 628 if (!strstr(insn->func->name, ".cold.") && 629 strstr(insn->jump_dest->func->name, ".cold.")) { 630 insn->func->cfunc = insn->jump_dest->func; 631 insn->jump_dest->func->pfunc = insn->func; 632 633 } else if (insn->jump_dest->func->pfunc != insn->func->pfunc && 634 insn->jump_dest->offset == insn->jump_dest->func->offset) { 635 636 /* sibling class */ 637 insn->call_dest = insn->jump_dest->func; 638 insn->jump_dest = NULL; 639 } 640 } 641 } 642 643 return 0; 644 } 645 646 /* 647 * Find the destination instructions for all calls. 648 */ 649 static int add_call_destinations(struct objtool_file *file) 650 { 651 struct instruction *insn; 652 unsigned long dest_off; 653 struct rela *rela; 654 655 for_each_insn(file, insn) { 656 if (insn->type != INSN_CALL) 657 continue; 658 659 rela = find_rela_by_dest_range(insn->sec, insn->offset, 660 insn->len); 661 if (!rela) { 662 dest_off = insn->offset + insn->len + insn->immediate; 663 insn->call_dest = find_symbol_by_offset(insn->sec, 664 dest_off); 665 666 if (!insn->call_dest && !insn->ignore) { 667 WARN_FUNC("unsupported intra-function call", 668 insn->sec, insn->offset); 669 if (retpoline) 670 WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); 671 return -1; 672 } 673 674 } else if (rela->sym->type == STT_SECTION) { 675 insn->call_dest = find_symbol_by_offset(rela->sym->sec, 676 rela->addend+4); 677 if (!insn->call_dest || 678 insn->call_dest->type != STT_FUNC) { 679 WARN_FUNC("can't find call dest symbol at %s+0x%x", 680 insn->sec, insn->offset, 681 rela->sym->sec->name, 682 rela->addend + 4); 683 return -1; 684 } 685 } else 686 insn->call_dest = rela->sym; 687 } 688 689 return 0; 690 } 691 692 /* 693 * The .alternatives section requires some extra special care, over and above 694 * what other special sections require: 695 * 696 * 1. Because alternatives are patched in-place, we need to insert a fake jump 697 * instruction at the end so that validate_branch() skips all the original 698 * replaced instructions when validating the new instruction path. 699 * 700 * 2. An added wrinkle is that the new instruction length might be zero. In 701 * that case the old instructions are replaced with noops. We simulate that 702 * by creating a fake jump as the only new instruction. 703 * 704 * 3. In some cases, the alternative section includes an instruction which 705 * conditionally jumps to the _end_ of the entry. We have to modify these 706 * jumps' destinations to point back to .text rather than the end of the 707 * entry in .altinstr_replacement. 708 */ 709 static int handle_group_alt(struct objtool_file *file, 710 struct special_alt *special_alt, 711 struct instruction *orig_insn, 712 struct instruction **new_insn) 713 { 714 struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump = NULL; 715 unsigned long dest_off; 716 717 last_orig_insn = NULL; 718 insn = orig_insn; 719 sec_for_each_insn_from(file, insn) { 720 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 721 break; 722 723 insn->alt_group = true; 724 last_orig_insn = insn; 725 } 726 727 if (next_insn_same_sec(file, last_orig_insn)) { 728 fake_jump = malloc(sizeof(*fake_jump)); 729 if (!fake_jump) { 730 WARN("malloc failed"); 731 return -1; 732 } 733 memset(fake_jump, 0, sizeof(*fake_jump)); 734 INIT_LIST_HEAD(&fake_jump->alts); 735 clear_insn_state(&fake_jump->state); 736 737 fake_jump->sec = special_alt->new_sec; 738 fake_jump->offset = FAKE_JUMP_OFFSET; 739 fake_jump->type = INSN_JUMP_UNCONDITIONAL; 740 fake_jump->jump_dest = list_next_entry(last_orig_insn, list); 741 fake_jump->func = orig_insn->func; 742 } 743 744 if (!special_alt->new_len) { 745 if (!fake_jump) { 746 WARN("%s: empty alternative at end of section", 747 special_alt->orig_sec->name); 748 return -1; 749 } 750 751 *new_insn = fake_jump; 752 return 0; 753 } 754 755 last_new_insn = NULL; 756 insn = *new_insn; 757 sec_for_each_insn_from(file, insn) { 758 if (insn->offset >= special_alt->new_off + special_alt->new_len) 759 break; 760 761 last_new_insn = insn; 762 763 insn->ignore = orig_insn->ignore_alts; 764 insn->func = orig_insn->func; 765 766 if (insn->type != INSN_JUMP_CONDITIONAL && 767 insn->type != INSN_JUMP_UNCONDITIONAL) 768 continue; 769 770 if (!insn->immediate) 771 continue; 772 773 dest_off = insn->offset + insn->len + insn->immediate; 774 if (dest_off == special_alt->new_off + special_alt->new_len) { 775 if (!fake_jump) { 776 WARN("%s: alternative jump to end of section", 777 special_alt->orig_sec->name); 778 return -1; 779 } 780 insn->jump_dest = fake_jump; 781 } 782 783 if (!insn->jump_dest) { 784 WARN_FUNC("can't find alternative jump destination", 785 insn->sec, insn->offset); 786 return -1; 787 } 788 } 789 790 if (!last_new_insn) { 791 WARN_FUNC("can't find last new alternative instruction", 792 special_alt->new_sec, special_alt->new_off); 793 return -1; 794 } 795 796 if (fake_jump) 797 list_add(&fake_jump->list, &last_new_insn->list); 798 799 return 0; 800 } 801 802 /* 803 * A jump table entry can either convert a nop to a jump or a jump to a nop. 804 * If the original instruction is a jump, make the alt entry an effective nop 805 * by just skipping the original instruction. 806 */ 807 static int handle_jump_alt(struct objtool_file *file, 808 struct special_alt *special_alt, 809 struct instruction *orig_insn, 810 struct instruction **new_insn) 811 { 812 if (orig_insn->type == INSN_NOP) 813 return 0; 814 815 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) { 816 WARN_FUNC("unsupported instruction at jump label", 817 orig_insn->sec, orig_insn->offset); 818 return -1; 819 } 820 821 *new_insn = list_next_entry(orig_insn, list); 822 return 0; 823 } 824 825 /* 826 * Read all the special sections which have alternate instructions which can be 827 * patched in or redirected to at runtime. Each instruction having alternate 828 * instruction(s) has them added to its insn->alts list, which will be 829 * traversed in validate_branch(). 830 */ 831 static int add_special_section_alts(struct objtool_file *file) 832 { 833 struct list_head special_alts; 834 struct instruction *orig_insn, *new_insn; 835 struct special_alt *special_alt, *tmp; 836 struct alternative *alt; 837 int ret; 838 839 ret = special_get_alts(file->elf, &special_alts); 840 if (ret) 841 return ret; 842 843 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 844 845 orig_insn = find_insn(file, special_alt->orig_sec, 846 special_alt->orig_off); 847 if (!orig_insn) { 848 WARN_FUNC("special: can't find orig instruction", 849 special_alt->orig_sec, special_alt->orig_off); 850 ret = -1; 851 goto out; 852 } 853 854 new_insn = NULL; 855 if (!special_alt->group || special_alt->new_len) { 856 new_insn = find_insn(file, special_alt->new_sec, 857 special_alt->new_off); 858 if (!new_insn) { 859 WARN_FUNC("special: can't find new instruction", 860 special_alt->new_sec, 861 special_alt->new_off); 862 ret = -1; 863 goto out; 864 } 865 } 866 867 if (special_alt->group) { 868 ret = handle_group_alt(file, special_alt, orig_insn, 869 &new_insn); 870 if (ret) 871 goto out; 872 } else if (special_alt->jump_or_nop) { 873 ret = handle_jump_alt(file, special_alt, orig_insn, 874 &new_insn); 875 if (ret) 876 goto out; 877 } 878 879 alt = malloc(sizeof(*alt)); 880 if (!alt) { 881 WARN("malloc failed"); 882 ret = -1; 883 goto out; 884 } 885 886 alt->insn = new_insn; 887 alt->skip_orig = special_alt->skip_orig; 888 orig_insn->ignore_alts |= special_alt->skip_alt; 889 list_add_tail(&alt->list, &orig_insn->alts); 890 891 list_del(&special_alt->list); 892 free(special_alt); 893 } 894 895 out: 896 return ret; 897 } 898 899 static int add_switch_table(struct objtool_file *file, struct instruction *insn, 900 struct rela *table, struct rela *next_table) 901 { 902 struct rela *rela = table; 903 struct instruction *alt_insn; 904 struct alternative *alt; 905 struct symbol *pfunc = insn->func->pfunc; 906 unsigned int prev_offset = 0; 907 908 list_for_each_entry_from(rela, &table->rela_sec->rela_list, list) { 909 if (rela == next_table) 910 break; 911 912 /* Make sure the switch table entries are consecutive: */ 913 if (prev_offset && rela->offset != prev_offset + 8) 914 break; 915 916 /* Detect function pointers from contiguous objects: */ 917 if (rela->sym->sec == pfunc->sec && 918 rela->addend == pfunc->offset) 919 break; 920 921 alt_insn = find_insn(file, rela->sym->sec, rela->addend); 922 if (!alt_insn) 923 break; 924 925 /* Make sure the jmp dest is in the function or subfunction: */ 926 if (alt_insn->func->pfunc != pfunc) 927 break; 928 929 alt = malloc(sizeof(*alt)); 930 if (!alt) { 931 WARN("malloc failed"); 932 return -1; 933 } 934 935 alt->insn = alt_insn; 936 list_add_tail(&alt->list, &insn->alts); 937 prev_offset = rela->offset; 938 } 939 940 if (!prev_offset) { 941 WARN_FUNC("can't find switch jump table", 942 insn->sec, insn->offset); 943 return -1; 944 } 945 946 return 0; 947 } 948 949 /* 950 * find_switch_table() - Given a dynamic jump, find the switch jump table in 951 * .rodata associated with it. 952 * 953 * There are 3 basic patterns: 954 * 955 * 1. jmpq *[rodata addr](,%reg,8) 956 * 957 * This is the most common case by far. It jumps to an address in a simple 958 * jump table which is stored in .rodata. 959 * 960 * 2. jmpq *[rodata addr](%rip) 961 * 962 * This is caused by a rare GCC quirk, currently only seen in three driver 963 * functions in the kernel, only with certain obscure non-distro configs. 964 * 965 * As part of an optimization, GCC makes a copy of an existing switch jump 966 * table, modifies it, and then hard-codes the jump (albeit with an indirect 967 * jump) to use a single entry in the table. The rest of the jump table and 968 * some of its jump targets remain as dead code. 969 * 970 * In such a case we can just crudely ignore all unreachable instruction 971 * warnings for the entire object file. Ideally we would just ignore them 972 * for the function, but that would require redesigning the code quite a 973 * bit. And honestly that's just not worth doing: unreachable instruction 974 * warnings are of questionable value anyway, and this is such a rare issue. 975 * 976 * 3. mov [rodata addr],%reg1 977 * ... some instructions ... 978 * jmpq *(%reg1,%reg2,8) 979 * 980 * This is a fairly uncommon pattern which is new for GCC 6. As of this 981 * writing, there are 11 occurrences of it in the allmodconfig kernel. 982 * 983 * As of GCC 7 there are quite a few more of these and the 'in between' code 984 * is significant. Esp. with KASAN enabled some of the code between the mov 985 * and jmpq uses .rodata itself, which can confuse things. 986 * 987 * TODO: Once we have DWARF CFI and smarter instruction decoding logic, 988 * ensure the same register is used in the mov and jump instructions. 989 * 990 * NOTE: RETPOLINE made it harder still to decode dynamic jumps. 991 */ 992 static struct rela *find_switch_table(struct objtool_file *file, 993 struct symbol *func, 994 struct instruction *insn) 995 { 996 struct rela *text_rela, *rodata_rela; 997 struct instruction *orig_insn = insn; 998 struct section *rodata_sec; 999 unsigned long table_offset; 1000 1001 /* 1002 * Backward search using the @first_jump_src links, these help avoid 1003 * much of the 'in between' code. Which avoids us getting confused by 1004 * it. 1005 */ 1006 for (; 1007 &insn->list != &file->insn_list && 1008 insn->sec == func->sec && 1009 insn->offset >= func->offset; 1010 1011 insn = insn->first_jump_src ?: list_prev_entry(insn, list)) { 1012 1013 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 1014 break; 1015 1016 /* allow small jumps within the range */ 1017 if (insn->type == INSN_JUMP_UNCONDITIONAL && 1018 insn->jump_dest && 1019 (insn->jump_dest->offset <= insn->offset || 1020 insn->jump_dest->offset > orig_insn->offset)) 1021 break; 1022 1023 /* look for a relocation which references .rodata */ 1024 text_rela = find_rela_by_dest_range(insn->sec, insn->offset, 1025 insn->len); 1026 if (!text_rela || text_rela->sym->type != STT_SECTION || 1027 !text_rela->sym->sec->rodata) 1028 continue; 1029 1030 table_offset = text_rela->addend; 1031 rodata_sec = text_rela->sym->sec; 1032 1033 if (text_rela->type == R_X86_64_PC32) 1034 table_offset += 4; 1035 1036 /* 1037 * Make sure the .rodata address isn't associated with a 1038 * symbol. gcc jump tables are anonymous data. 1039 */ 1040 if (find_symbol_containing(rodata_sec, table_offset)) 1041 continue; 1042 1043 rodata_rela = find_rela_by_dest(rodata_sec, table_offset); 1044 if (rodata_rela) { 1045 /* 1046 * Use of RIP-relative switch jumps is quite rare, and 1047 * indicates a rare GCC quirk/bug which can leave dead 1048 * code behind. 1049 */ 1050 if (text_rela->type == R_X86_64_PC32) 1051 file->ignore_unreachables = true; 1052 1053 return rodata_rela; 1054 } 1055 } 1056 1057 return NULL; 1058 } 1059 1060 1061 static int add_func_switch_tables(struct objtool_file *file, 1062 struct symbol *func) 1063 { 1064 struct instruction *insn, *last = NULL, *prev_jump = NULL; 1065 struct rela *rela, *prev_rela = NULL; 1066 int ret; 1067 1068 func_for_each_insn_all(file, func, insn) { 1069 if (!last) 1070 last = insn; 1071 1072 /* 1073 * Store back-pointers for unconditional forward jumps such 1074 * that find_switch_table() can back-track using those and 1075 * avoid some potentially confusing code. 1076 */ 1077 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 1078 insn->offset > last->offset && 1079 insn->jump_dest->offset > insn->offset && 1080 !insn->jump_dest->first_jump_src) { 1081 1082 insn->jump_dest->first_jump_src = insn; 1083 last = insn->jump_dest; 1084 } 1085 1086 if (insn->type != INSN_JUMP_DYNAMIC) 1087 continue; 1088 1089 rela = find_switch_table(file, func, insn); 1090 if (!rela) 1091 continue; 1092 1093 /* 1094 * We found a switch table, but we don't know yet how big it 1095 * is. Don't add it until we reach the end of the function or 1096 * the beginning of another switch table in the same function. 1097 */ 1098 if (prev_jump) { 1099 ret = add_switch_table(file, prev_jump, prev_rela, rela); 1100 if (ret) 1101 return ret; 1102 } 1103 1104 prev_jump = insn; 1105 prev_rela = rela; 1106 } 1107 1108 if (prev_jump) { 1109 ret = add_switch_table(file, prev_jump, prev_rela, NULL); 1110 if (ret) 1111 return ret; 1112 } 1113 1114 return 0; 1115 } 1116 1117 /* 1118 * For some switch statements, gcc generates a jump table in the .rodata 1119 * section which contains a list of addresses within the function to jump to. 1120 * This finds these jump tables and adds them to the insn->alts lists. 1121 */ 1122 static int add_switch_table_alts(struct objtool_file *file) 1123 { 1124 struct section *sec; 1125 struct symbol *func; 1126 int ret; 1127 1128 if (!file->rodata) 1129 return 0; 1130 1131 for_each_sec(file, sec) { 1132 list_for_each_entry(func, &sec->symbol_list, list) { 1133 if (func->type != STT_FUNC) 1134 continue; 1135 1136 ret = add_func_switch_tables(file, func); 1137 if (ret) 1138 return ret; 1139 } 1140 } 1141 1142 return 0; 1143 } 1144 1145 static int read_unwind_hints(struct objtool_file *file) 1146 { 1147 struct section *sec, *relasec; 1148 struct rela *rela; 1149 struct unwind_hint *hint; 1150 struct instruction *insn; 1151 struct cfi_reg *cfa; 1152 int i; 1153 1154 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 1155 if (!sec) 1156 return 0; 1157 1158 relasec = sec->rela; 1159 if (!relasec) { 1160 WARN("missing .rela.discard.unwind_hints section"); 1161 return -1; 1162 } 1163 1164 if (sec->len % sizeof(struct unwind_hint)) { 1165 WARN("struct unwind_hint size mismatch"); 1166 return -1; 1167 } 1168 1169 file->hints = true; 1170 1171 for (i = 0; i < sec->len / sizeof(struct unwind_hint); i++) { 1172 hint = (struct unwind_hint *)sec->data->d_buf + i; 1173 1174 rela = find_rela_by_dest(sec, i * sizeof(*hint)); 1175 if (!rela) { 1176 WARN("can't find rela for unwind_hints[%d]", i); 1177 return -1; 1178 } 1179 1180 insn = find_insn(file, rela->sym->sec, rela->addend); 1181 if (!insn) { 1182 WARN("can't find insn for unwind_hints[%d]", i); 1183 return -1; 1184 } 1185 1186 cfa = &insn->state.cfa; 1187 1188 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 1189 insn->save = true; 1190 continue; 1191 1192 } else if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 1193 insn->restore = true; 1194 insn->hint = true; 1195 continue; 1196 } 1197 1198 insn->hint = true; 1199 1200 switch (hint->sp_reg) { 1201 case ORC_REG_UNDEFINED: 1202 cfa->base = CFI_UNDEFINED; 1203 break; 1204 case ORC_REG_SP: 1205 cfa->base = CFI_SP; 1206 break; 1207 case ORC_REG_BP: 1208 cfa->base = CFI_BP; 1209 break; 1210 case ORC_REG_SP_INDIRECT: 1211 cfa->base = CFI_SP_INDIRECT; 1212 break; 1213 case ORC_REG_R10: 1214 cfa->base = CFI_R10; 1215 break; 1216 case ORC_REG_R13: 1217 cfa->base = CFI_R13; 1218 break; 1219 case ORC_REG_DI: 1220 cfa->base = CFI_DI; 1221 break; 1222 case ORC_REG_DX: 1223 cfa->base = CFI_DX; 1224 break; 1225 default: 1226 WARN_FUNC("unsupported unwind_hint sp base reg %d", 1227 insn->sec, insn->offset, hint->sp_reg); 1228 return -1; 1229 } 1230 1231 cfa->offset = hint->sp_offset; 1232 insn->state.type = hint->type; 1233 insn->state.end = hint->end; 1234 } 1235 1236 return 0; 1237 } 1238 1239 static int read_retpoline_hints(struct objtool_file *file) 1240 { 1241 struct section *sec; 1242 struct instruction *insn; 1243 struct rela *rela; 1244 1245 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); 1246 if (!sec) 1247 return 0; 1248 1249 list_for_each_entry(rela, &sec->rela_list, list) { 1250 if (rela->sym->type != STT_SECTION) { 1251 WARN("unexpected relocation symbol type in %s", sec->name); 1252 return -1; 1253 } 1254 1255 insn = find_insn(file, rela->sym->sec, rela->addend); 1256 if (!insn) { 1257 WARN("bad .discard.retpoline_safe entry"); 1258 return -1; 1259 } 1260 1261 if (insn->type != INSN_JUMP_DYNAMIC && 1262 insn->type != INSN_CALL_DYNAMIC) { 1263 WARN_FUNC("retpoline_safe hint not an indirect jump/call", 1264 insn->sec, insn->offset); 1265 return -1; 1266 } 1267 1268 insn->retpoline_safe = true; 1269 } 1270 1271 return 0; 1272 } 1273 1274 static void mark_rodata(struct objtool_file *file) 1275 { 1276 struct section *sec; 1277 bool found = false; 1278 1279 /* 1280 * This searches for the .rodata section or multiple .rodata.func_name 1281 * sections if -fdata-sections is being used. The .str.1.1 and .str.1.8 1282 * rodata sections are ignored as they don't contain jump tables. 1283 */ 1284 for_each_sec(file, sec) { 1285 if (!strncmp(sec->name, ".rodata", 7) && 1286 !strstr(sec->name, ".str1.")) { 1287 sec->rodata = true; 1288 found = true; 1289 } 1290 } 1291 1292 file->rodata = found; 1293 } 1294 1295 static int decode_sections(struct objtool_file *file) 1296 { 1297 int ret; 1298 1299 mark_rodata(file); 1300 1301 ret = decode_instructions(file); 1302 if (ret) 1303 return ret; 1304 1305 ret = add_dead_ends(file); 1306 if (ret) 1307 return ret; 1308 1309 add_ignores(file); 1310 add_uaccess_safe(file); 1311 1312 ret = add_ignore_alternatives(file); 1313 if (ret) 1314 return ret; 1315 1316 ret = add_jump_destinations(file); 1317 if (ret) 1318 return ret; 1319 1320 ret = add_special_section_alts(file); 1321 if (ret) 1322 return ret; 1323 1324 ret = add_call_destinations(file); 1325 if (ret) 1326 return ret; 1327 1328 ret = add_switch_table_alts(file); 1329 if (ret) 1330 return ret; 1331 1332 ret = read_unwind_hints(file); 1333 if (ret) 1334 return ret; 1335 1336 ret = read_retpoline_hints(file); 1337 if (ret) 1338 return ret; 1339 1340 return 0; 1341 } 1342 1343 static bool is_fentry_call(struct instruction *insn) 1344 { 1345 if (insn->type == INSN_CALL && 1346 insn->call_dest->type == STT_NOTYPE && 1347 !strcmp(insn->call_dest->name, "__fentry__")) 1348 return true; 1349 1350 return false; 1351 } 1352 1353 static bool has_modified_stack_frame(struct insn_state *state) 1354 { 1355 int i; 1356 1357 if (state->cfa.base != initial_func_cfi.cfa.base || 1358 state->cfa.offset != initial_func_cfi.cfa.offset || 1359 state->stack_size != initial_func_cfi.cfa.offset || 1360 state->drap) 1361 return true; 1362 1363 for (i = 0; i < CFI_NUM_REGS; i++) 1364 if (state->regs[i].base != initial_func_cfi.regs[i].base || 1365 state->regs[i].offset != initial_func_cfi.regs[i].offset) 1366 return true; 1367 1368 return false; 1369 } 1370 1371 static bool has_valid_stack_frame(struct insn_state *state) 1372 { 1373 if (state->cfa.base == CFI_BP && state->regs[CFI_BP].base == CFI_CFA && 1374 state->regs[CFI_BP].offset == -16) 1375 return true; 1376 1377 if (state->drap && state->regs[CFI_BP].base == CFI_BP) 1378 return true; 1379 1380 return false; 1381 } 1382 1383 static int update_insn_state_regs(struct instruction *insn, struct insn_state *state) 1384 { 1385 struct cfi_reg *cfa = &state->cfa; 1386 struct stack_op *op = &insn->stack_op; 1387 1388 if (cfa->base != CFI_SP) 1389 return 0; 1390 1391 /* push */ 1392 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 1393 cfa->offset += 8; 1394 1395 /* pop */ 1396 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 1397 cfa->offset -= 8; 1398 1399 /* add immediate to sp */ 1400 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 1401 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 1402 cfa->offset -= op->src.offset; 1403 1404 return 0; 1405 } 1406 1407 static void save_reg(struct insn_state *state, unsigned char reg, int base, 1408 int offset) 1409 { 1410 if (arch_callee_saved_reg(reg) && 1411 state->regs[reg].base == CFI_UNDEFINED) { 1412 state->regs[reg].base = base; 1413 state->regs[reg].offset = offset; 1414 } 1415 } 1416 1417 static void restore_reg(struct insn_state *state, unsigned char reg) 1418 { 1419 state->regs[reg].base = CFI_UNDEFINED; 1420 state->regs[reg].offset = 0; 1421 } 1422 1423 /* 1424 * A note about DRAP stack alignment: 1425 * 1426 * GCC has the concept of a DRAP register, which is used to help keep track of 1427 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 1428 * register. The typical DRAP pattern is: 1429 * 1430 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 1431 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 1432 * 41 ff 72 f8 pushq -0x8(%r10) 1433 * 55 push %rbp 1434 * 48 89 e5 mov %rsp,%rbp 1435 * (more pushes) 1436 * 41 52 push %r10 1437 * ... 1438 * 41 5a pop %r10 1439 * (more pops) 1440 * 5d pop %rbp 1441 * 49 8d 62 f8 lea -0x8(%r10),%rsp 1442 * c3 retq 1443 * 1444 * There are some variations in the epilogues, like: 1445 * 1446 * 5b pop %rbx 1447 * 41 5a pop %r10 1448 * 41 5c pop %r12 1449 * 41 5d pop %r13 1450 * 41 5e pop %r14 1451 * c9 leaveq 1452 * 49 8d 62 f8 lea -0x8(%r10),%rsp 1453 * c3 retq 1454 * 1455 * and: 1456 * 1457 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 1458 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 1459 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 1460 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 1461 * c9 leaveq 1462 * 49 8d 62 f8 lea -0x8(%r10),%rsp 1463 * c3 retq 1464 * 1465 * Sometimes r13 is used as the DRAP register, in which case it's saved and 1466 * restored beforehand: 1467 * 1468 * 41 55 push %r13 1469 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 1470 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 1471 * ... 1472 * 49 8d 65 f0 lea -0x10(%r13),%rsp 1473 * 41 5d pop %r13 1474 * c3 retq 1475 */ 1476 static int update_insn_state(struct instruction *insn, struct insn_state *state) 1477 { 1478 struct stack_op *op = &insn->stack_op; 1479 struct cfi_reg *cfa = &state->cfa; 1480 struct cfi_reg *regs = state->regs; 1481 1482 /* stack operations don't make sense with an undefined CFA */ 1483 if (cfa->base == CFI_UNDEFINED) { 1484 if (insn->func) { 1485 WARN_FUNC("undefined stack state", insn->sec, insn->offset); 1486 return -1; 1487 } 1488 return 0; 1489 } 1490 1491 if (state->type == ORC_TYPE_REGS || state->type == ORC_TYPE_REGS_IRET) 1492 return update_insn_state_regs(insn, state); 1493 1494 switch (op->dest.type) { 1495 1496 case OP_DEST_REG: 1497 switch (op->src.type) { 1498 1499 case OP_SRC_REG: 1500 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 1501 cfa->base == CFI_SP && 1502 regs[CFI_BP].base == CFI_CFA && 1503 regs[CFI_BP].offset == -cfa->offset) { 1504 1505 /* mov %rsp, %rbp */ 1506 cfa->base = op->dest.reg; 1507 state->bp_scratch = false; 1508 } 1509 1510 else if (op->src.reg == CFI_SP && 1511 op->dest.reg == CFI_BP && state->drap) { 1512 1513 /* drap: mov %rsp, %rbp */ 1514 regs[CFI_BP].base = CFI_BP; 1515 regs[CFI_BP].offset = -state->stack_size; 1516 state->bp_scratch = false; 1517 } 1518 1519 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 1520 1521 /* 1522 * mov %rsp, %reg 1523 * 1524 * This is needed for the rare case where GCC 1525 * does: 1526 * 1527 * mov %rsp, %rax 1528 * ... 1529 * mov %rax, %rsp 1530 */ 1531 state->vals[op->dest.reg].base = CFI_CFA; 1532 state->vals[op->dest.reg].offset = -state->stack_size; 1533 } 1534 1535 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 1536 cfa->base == CFI_BP) { 1537 1538 /* 1539 * mov %rbp, %rsp 1540 * 1541 * Restore the original stack pointer (Clang). 1542 */ 1543 state->stack_size = -state->regs[CFI_BP].offset; 1544 } 1545 1546 else if (op->dest.reg == cfa->base) { 1547 1548 /* mov %reg, %rsp */ 1549 if (cfa->base == CFI_SP && 1550 state->vals[op->src.reg].base == CFI_CFA) { 1551 1552 /* 1553 * This is needed for the rare case 1554 * where GCC does something dumb like: 1555 * 1556 * lea 0x8(%rsp), %rcx 1557 * ... 1558 * mov %rcx, %rsp 1559 */ 1560 cfa->offset = -state->vals[op->src.reg].offset; 1561 state->stack_size = cfa->offset; 1562 1563 } else { 1564 cfa->base = CFI_UNDEFINED; 1565 cfa->offset = 0; 1566 } 1567 } 1568 1569 break; 1570 1571 case OP_SRC_ADD: 1572 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 1573 1574 /* add imm, %rsp */ 1575 state->stack_size -= op->src.offset; 1576 if (cfa->base == CFI_SP) 1577 cfa->offset -= op->src.offset; 1578 break; 1579 } 1580 1581 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 1582 1583 /* lea disp(%rbp), %rsp */ 1584 state->stack_size = -(op->src.offset + regs[CFI_BP].offset); 1585 break; 1586 } 1587 1588 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 1589 1590 /* drap: lea disp(%rsp), %drap */ 1591 state->drap_reg = op->dest.reg; 1592 1593 /* 1594 * lea disp(%rsp), %reg 1595 * 1596 * This is needed for the rare case where GCC 1597 * does something dumb like: 1598 * 1599 * lea 0x8(%rsp), %rcx 1600 * ... 1601 * mov %rcx, %rsp 1602 */ 1603 state->vals[op->dest.reg].base = CFI_CFA; 1604 state->vals[op->dest.reg].offset = \ 1605 -state->stack_size + op->src.offset; 1606 1607 break; 1608 } 1609 1610 if (state->drap && op->dest.reg == CFI_SP && 1611 op->src.reg == state->drap_reg) { 1612 1613 /* drap: lea disp(%drap), %rsp */ 1614 cfa->base = CFI_SP; 1615 cfa->offset = state->stack_size = -op->src.offset; 1616 state->drap_reg = CFI_UNDEFINED; 1617 state->drap = false; 1618 break; 1619 } 1620 1621 if (op->dest.reg == state->cfa.base) { 1622 WARN_FUNC("unsupported stack register modification", 1623 insn->sec, insn->offset); 1624 return -1; 1625 } 1626 1627 break; 1628 1629 case OP_SRC_AND: 1630 if (op->dest.reg != CFI_SP || 1631 (state->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 1632 (state->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 1633 WARN_FUNC("unsupported stack pointer realignment", 1634 insn->sec, insn->offset); 1635 return -1; 1636 } 1637 1638 if (state->drap_reg != CFI_UNDEFINED) { 1639 /* drap: and imm, %rsp */ 1640 cfa->base = state->drap_reg; 1641 cfa->offset = state->stack_size = 0; 1642 state->drap = true; 1643 } 1644 1645 /* 1646 * Older versions of GCC (4.8ish) realign the stack 1647 * without DRAP, with a frame pointer. 1648 */ 1649 1650 break; 1651 1652 case OP_SRC_POP: 1653 case OP_SRC_POPF: 1654 if (!state->drap && op->dest.type == OP_DEST_REG && 1655 op->dest.reg == cfa->base) { 1656 1657 /* pop %rbp */ 1658 cfa->base = CFI_SP; 1659 } 1660 1661 if (state->drap && cfa->base == CFI_BP_INDIRECT && 1662 op->dest.type == OP_DEST_REG && 1663 op->dest.reg == state->drap_reg && 1664 state->drap_offset == -state->stack_size) { 1665 1666 /* drap: pop %drap */ 1667 cfa->base = state->drap_reg; 1668 cfa->offset = 0; 1669 state->drap_offset = -1; 1670 1671 } else if (regs[op->dest.reg].offset == -state->stack_size) { 1672 1673 /* pop %reg */ 1674 restore_reg(state, op->dest.reg); 1675 } 1676 1677 state->stack_size -= 8; 1678 if (cfa->base == CFI_SP) 1679 cfa->offset -= 8; 1680 1681 break; 1682 1683 case OP_SRC_REG_INDIRECT: 1684 if (state->drap && op->src.reg == CFI_BP && 1685 op->src.offset == state->drap_offset) { 1686 1687 /* drap: mov disp(%rbp), %drap */ 1688 cfa->base = state->drap_reg; 1689 cfa->offset = 0; 1690 state->drap_offset = -1; 1691 } 1692 1693 if (state->drap && op->src.reg == CFI_BP && 1694 op->src.offset == regs[op->dest.reg].offset) { 1695 1696 /* drap: mov disp(%rbp), %reg */ 1697 restore_reg(state, op->dest.reg); 1698 1699 } else if (op->src.reg == cfa->base && 1700 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 1701 1702 /* mov disp(%rbp), %reg */ 1703 /* mov disp(%rsp), %reg */ 1704 restore_reg(state, op->dest.reg); 1705 } 1706 1707 break; 1708 1709 default: 1710 WARN_FUNC("unknown stack-related instruction", 1711 insn->sec, insn->offset); 1712 return -1; 1713 } 1714 1715 break; 1716 1717 case OP_DEST_PUSH: 1718 case OP_DEST_PUSHF: 1719 state->stack_size += 8; 1720 if (cfa->base == CFI_SP) 1721 cfa->offset += 8; 1722 1723 if (op->src.type != OP_SRC_REG) 1724 break; 1725 1726 if (state->drap) { 1727 if (op->src.reg == cfa->base && op->src.reg == state->drap_reg) { 1728 1729 /* drap: push %drap */ 1730 cfa->base = CFI_BP_INDIRECT; 1731 cfa->offset = -state->stack_size; 1732 1733 /* save drap so we know when to restore it */ 1734 state->drap_offset = -state->stack_size; 1735 1736 } else if (op->src.reg == CFI_BP && cfa->base == state->drap_reg) { 1737 1738 /* drap: push %rbp */ 1739 state->stack_size = 0; 1740 1741 } else if (regs[op->src.reg].base == CFI_UNDEFINED) { 1742 1743 /* drap: push %reg */ 1744 save_reg(state, op->src.reg, CFI_BP, -state->stack_size); 1745 } 1746 1747 } else { 1748 1749 /* push %reg */ 1750 save_reg(state, op->src.reg, CFI_CFA, -state->stack_size); 1751 } 1752 1753 /* detect when asm code uses rbp as a scratch register */ 1754 if (!no_fp && insn->func && op->src.reg == CFI_BP && 1755 cfa->base != CFI_BP) 1756 state->bp_scratch = true; 1757 break; 1758 1759 case OP_DEST_REG_INDIRECT: 1760 1761 if (state->drap) { 1762 if (op->src.reg == cfa->base && op->src.reg == state->drap_reg) { 1763 1764 /* drap: mov %drap, disp(%rbp) */ 1765 cfa->base = CFI_BP_INDIRECT; 1766 cfa->offset = op->dest.offset; 1767 1768 /* save drap offset so we know when to restore it */ 1769 state->drap_offset = op->dest.offset; 1770 } 1771 1772 else if (regs[op->src.reg].base == CFI_UNDEFINED) { 1773 1774 /* drap: mov reg, disp(%rbp) */ 1775 save_reg(state, op->src.reg, CFI_BP, op->dest.offset); 1776 } 1777 1778 } else if (op->dest.reg == cfa->base) { 1779 1780 /* mov reg, disp(%rbp) */ 1781 /* mov reg, disp(%rsp) */ 1782 save_reg(state, op->src.reg, CFI_CFA, 1783 op->dest.offset - state->cfa.offset); 1784 } 1785 1786 break; 1787 1788 case OP_DEST_LEAVE: 1789 if ((!state->drap && cfa->base != CFI_BP) || 1790 (state->drap && cfa->base != state->drap_reg)) { 1791 WARN_FUNC("leave instruction with modified stack frame", 1792 insn->sec, insn->offset); 1793 return -1; 1794 } 1795 1796 /* leave (mov %rbp, %rsp; pop %rbp) */ 1797 1798 state->stack_size = -state->regs[CFI_BP].offset - 8; 1799 restore_reg(state, CFI_BP); 1800 1801 if (!state->drap) { 1802 cfa->base = CFI_SP; 1803 cfa->offset -= 8; 1804 } 1805 1806 break; 1807 1808 case OP_DEST_MEM: 1809 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 1810 WARN_FUNC("unknown stack-related memory operation", 1811 insn->sec, insn->offset); 1812 return -1; 1813 } 1814 1815 /* pop mem */ 1816 state->stack_size -= 8; 1817 if (cfa->base == CFI_SP) 1818 cfa->offset -= 8; 1819 1820 break; 1821 1822 default: 1823 WARN_FUNC("unknown stack-related instruction", 1824 insn->sec, insn->offset); 1825 return -1; 1826 } 1827 1828 return 0; 1829 } 1830 1831 static bool insn_state_match(struct instruction *insn, struct insn_state *state) 1832 { 1833 struct insn_state *state1 = &insn->state, *state2 = state; 1834 int i; 1835 1836 if (memcmp(&state1->cfa, &state2->cfa, sizeof(state1->cfa))) { 1837 WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 1838 insn->sec, insn->offset, 1839 state1->cfa.base, state1->cfa.offset, 1840 state2->cfa.base, state2->cfa.offset); 1841 1842 } else if (memcmp(&state1->regs, &state2->regs, sizeof(state1->regs))) { 1843 for (i = 0; i < CFI_NUM_REGS; i++) { 1844 if (!memcmp(&state1->regs[i], &state2->regs[i], 1845 sizeof(struct cfi_reg))) 1846 continue; 1847 1848 WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 1849 insn->sec, insn->offset, 1850 i, state1->regs[i].base, state1->regs[i].offset, 1851 i, state2->regs[i].base, state2->regs[i].offset); 1852 break; 1853 } 1854 1855 } else if (state1->type != state2->type) { 1856 WARN_FUNC("stack state mismatch: type1=%d type2=%d", 1857 insn->sec, insn->offset, state1->type, state2->type); 1858 1859 } else if (state1->drap != state2->drap || 1860 (state1->drap && state1->drap_reg != state2->drap_reg) || 1861 (state1->drap && state1->drap_offset != state2->drap_offset)) { 1862 WARN_FUNC("stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 1863 insn->sec, insn->offset, 1864 state1->drap, state1->drap_reg, state1->drap_offset, 1865 state2->drap, state2->drap_reg, state2->drap_offset); 1866 1867 } else 1868 return true; 1869 1870 return false; 1871 } 1872 1873 static inline bool func_uaccess_safe(struct symbol *func) 1874 { 1875 if (func) 1876 return func->alias->uaccess_safe; 1877 1878 return false; 1879 } 1880 1881 static inline const char *insn_dest_name(struct instruction *insn) 1882 { 1883 if (insn->call_dest) 1884 return insn->call_dest->name; 1885 1886 return "{dynamic}"; 1887 } 1888 1889 static int validate_call(struct instruction *insn, struct insn_state *state) 1890 { 1891 if (state->uaccess && !func_uaccess_safe(insn->call_dest)) { 1892 WARN_FUNC("call to %s() with UACCESS enabled", 1893 insn->sec, insn->offset, insn_dest_name(insn)); 1894 return 1; 1895 } 1896 1897 if (state->df) { 1898 WARN_FUNC("call to %s() with DF set", 1899 insn->sec, insn->offset, insn_dest_name(insn)); 1900 return 1; 1901 } 1902 1903 return 0; 1904 } 1905 1906 static int validate_sibling_call(struct instruction *insn, struct insn_state *state) 1907 { 1908 if (has_modified_stack_frame(state)) { 1909 WARN_FUNC("sibling call from callable instruction with modified stack frame", 1910 insn->sec, insn->offset); 1911 return 1; 1912 } 1913 1914 return validate_call(insn, state); 1915 } 1916 1917 /* 1918 * Follow the branch starting at the given instruction, and recursively follow 1919 * any other branches (jumps). Meanwhile, track the frame pointer state at 1920 * each instruction and validate all the rules described in 1921 * tools/objtool/Documentation/stack-validation.txt. 1922 */ 1923 static int validate_branch(struct objtool_file *file, struct instruction *first, 1924 struct insn_state state) 1925 { 1926 struct alternative *alt; 1927 struct instruction *insn, *next_insn; 1928 struct section *sec; 1929 struct symbol *func = NULL; 1930 int ret; 1931 1932 insn = first; 1933 sec = insn->sec; 1934 1935 if (insn->alt_group && list_empty(&insn->alts)) { 1936 WARN_FUNC("don't know how to handle branch to middle of alternative instruction group", 1937 sec, insn->offset); 1938 return 1; 1939 } 1940 1941 while (1) { 1942 next_insn = next_insn_same_sec(file, insn); 1943 1944 if (file->c_file && func && insn->func && func != insn->func->pfunc) { 1945 WARN("%s() falls through to next function %s()", 1946 func->name, insn->func->name); 1947 return 1; 1948 } 1949 1950 if (insn->func) 1951 func = insn->func->pfunc; 1952 1953 if (func && insn->ignore) { 1954 WARN_FUNC("BUG: why am I validating an ignored function?", 1955 sec, insn->offset); 1956 return 1; 1957 } 1958 1959 if (insn->visited) { 1960 if (!insn->hint && !insn_state_match(insn, &state)) 1961 return 1; 1962 1963 /* If we were here with AC=0, but now have AC=1, go again */ 1964 if (insn->state.uaccess || !state.uaccess) 1965 return 0; 1966 } 1967 1968 if (insn->hint) { 1969 if (insn->restore) { 1970 struct instruction *save_insn, *i; 1971 1972 i = insn; 1973 save_insn = NULL; 1974 func_for_each_insn_continue_reverse(file, insn->func, i) { 1975 if (i->save) { 1976 save_insn = i; 1977 break; 1978 } 1979 } 1980 1981 if (!save_insn) { 1982 WARN_FUNC("no corresponding CFI save for CFI restore", 1983 sec, insn->offset); 1984 return 1; 1985 } 1986 1987 if (!save_insn->visited) { 1988 /* 1989 * Oops, no state to copy yet. 1990 * Hopefully we can reach this 1991 * instruction from another branch 1992 * after the save insn has been 1993 * visited. 1994 */ 1995 if (insn == first) 1996 return 0; 1997 1998 WARN_FUNC("objtool isn't smart enough to handle this CFI save/restore combo", 1999 sec, insn->offset); 2000 return 1; 2001 } 2002 2003 insn->state = save_insn->state; 2004 } 2005 2006 state = insn->state; 2007 2008 } else 2009 insn->state = state; 2010 2011 insn->visited = true; 2012 2013 if (!insn->ignore_alts) { 2014 bool skip_orig = false; 2015 2016 list_for_each_entry(alt, &insn->alts, list) { 2017 if (alt->skip_orig) 2018 skip_orig = true; 2019 2020 ret = validate_branch(file, alt->insn, state); 2021 if (ret) { 2022 if (backtrace) 2023 BT_FUNC("(alt)", insn); 2024 return ret; 2025 } 2026 } 2027 2028 if (skip_orig) 2029 return 0; 2030 } 2031 2032 switch (insn->type) { 2033 2034 case INSN_RETURN: 2035 if (state.uaccess && !func_uaccess_safe(func)) { 2036 WARN_FUNC("return with UACCESS enabled", sec, insn->offset); 2037 return 1; 2038 } 2039 2040 if (!state.uaccess && func_uaccess_safe(func)) { 2041 WARN_FUNC("return with UACCESS disabled from a UACCESS-safe function", sec, insn->offset); 2042 return 1; 2043 } 2044 2045 if (state.df) { 2046 WARN_FUNC("return with DF set", sec, insn->offset); 2047 return 1; 2048 } 2049 2050 if (func && has_modified_stack_frame(&state)) { 2051 WARN_FUNC("return with modified stack frame", 2052 sec, insn->offset); 2053 return 1; 2054 } 2055 2056 if (state.bp_scratch) { 2057 WARN("%s uses BP as a scratch register", 2058 insn->func->name); 2059 return 1; 2060 } 2061 2062 return 0; 2063 2064 case INSN_CALL: 2065 case INSN_CALL_DYNAMIC: 2066 ret = validate_call(insn, &state); 2067 if (ret) 2068 return ret; 2069 2070 if (insn->type == INSN_CALL) { 2071 if (is_fentry_call(insn)) 2072 break; 2073 2074 ret = dead_end_function(file, insn->call_dest); 2075 if (ret == 1) 2076 return 0; 2077 if (ret == -1) 2078 return 1; 2079 } 2080 2081 if (!no_fp && func && !has_valid_stack_frame(&state)) { 2082 WARN_FUNC("call without frame pointer save/setup", 2083 sec, insn->offset); 2084 return 1; 2085 } 2086 break; 2087 2088 case INSN_JUMP_CONDITIONAL: 2089 case INSN_JUMP_UNCONDITIONAL: 2090 if (func && !insn->jump_dest) { 2091 ret = validate_sibling_call(insn, &state); 2092 if (ret) 2093 return ret; 2094 2095 } else if (insn->jump_dest && 2096 (!func || !insn->jump_dest->func || 2097 insn->jump_dest->func->pfunc == func)) { 2098 ret = validate_branch(file, insn->jump_dest, 2099 state); 2100 if (ret) { 2101 if (backtrace) 2102 BT_FUNC("(branch)", insn); 2103 return ret; 2104 } 2105 } 2106 2107 if (insn->type == INSN_JUMP_UNCONDITIONAL) 2108 return 0; 2109 2110 break; 2111 2112 case INSN_JUMP_DYNAMIC: 2113 if (func && list_empty(&insn->alts)) { 2114 ret = validate_sibling_call(insn, &state); 2115 if (ret) 2116 return ret; 2117 } 2118 2119 return 0; 2120 2121 case INSN_CONTEXT_SWITCH: 2122 if (func && (!next_insn || !next_insn->hint)) { 2123 WARN_FUNC("unsupported instruction in callable function", 2124 sec, insn->offset); 2125 return 1; 2126 } 2127 return 0; 2128 2129 case INSN_STACK: 2130 if (update_insn_state(insn, &state)) 2131 return 1; 2132 2133 if (insn->stack_op.dest.type == OP_DEST_PUSHF) { 2134 if (!state.uaccess_stack) { 2135 state.uaccess_stack = 1; 2136 } else if (state.uaccess_stack >> 31) { 2137 WARN_FUNC("PUSHF stack exhausted", sec, insn->offset); 2138 return 1; 2139 } 2140 state.uaccess_stack <<= 1; 2141 state.uaccess_stack |= state.uaccess; 2142 } 2143 2144 if (insn->stack_op.src.type == OP_SRC_POPF) { 2145 if (state.uaccess_stack) { 2146 state.uaccess = state.uaccess_stack & 1; 2147 state.uaccess_stack >>= 1; 2148 if (state.uaccess_stack == 1) 2149 state.uaccess_stack = 0; 2150 } 2151 } 2152 2153 break; 2154 2155 case INSN_STAC: 2156 if (state.uaccess) { 2157 WARN_FUNC("recursive UACCESS enable", sec, insn->offset); 2158 return 1; 2159 } 2160 2161 state.uaccess = true; 2162 break; 2163 2164 case INSN_CLAC: 2165 if (!state.uaccess && insn->func) { 2166 WARN_FUNC("redundant UACCESS disable", sec, insn->offset); 2167 return 1; 2168 } 2169 2170 if (func_uaccess_safe(func) && !state.uaccess_stack) { 2171 WARN_FUNC("UACCESS-safe disables UACCESS", sec, insn->offset); 2172 return 1; 2173 } 2174 2175 state.uaccess = false; 2176 break; 2177 2178 case INSN_STD: 2179 if (state.df) 2180 WARN_FUNC("recursive STD", sec, insn->offset); 2181 2182 state.df = true; 2183 break; 2184 2185 case INSN_CLD: 2186 if (!state.df && insn->func) 2187 WARN_FUNC("redundant CLD", sec, insn->offset); 2188 2189 state.df = false; 2190 break; 2191 2192 default: 2193 break; 2194 } 2195 2196 if (insn->dead_end) 2197 return 0; 2198 2199 if (!next_insn) { 2200 if (state.cfa.base == CFI_UNDEFINED) 2201 return 0; 2202 WARN("%s: unexpected end of section", sec->name); 2203 return 1; 2204 } 2205 2206 insn = next_insn; 2207 } 2208 2209 return 0; 2210 } 2211 2212 static int validate_unwind_hints(struct objtool_file *file) 2213 { 2214 struct instruction *insn; 2215 int ret, warnings = 0; 2216 struct insn_state state; 2217 2218 if (!file->hints) 2219 return 0; 2220 2221 clear_insn_state(&state); 2222 2223 for_each_insn(file, insn) { 2224 if (insn->hint && !insn->visited) { 2225 ret = validate_branch(file, insn, state); 2226 if (ret && backtrace) 2227 BT_FUNC("<=== (hint)", insn); 2228 warnings += ret; 2229 } 2230 } 2231 2232 return warnings; 2233 } 2234 2235 static int validate_retpoline(struct objtool_file *file) 2236 { 2237 struct instruction *insn; 2238 int warnings = 0; 2239 2240 for_each_insn(file, insn) { 2241 if (insn->type != INSN_JUMP_DYNAMIC && 2242 insn->type != INSN_CALL_DYNAMIC) 2243 continue; 2244 2245 if (insn->retpoline_safe) 2246 continue; 2247 2248 /* 2249 * .init.text code is ran before userspace and thus doesn't 2250 * strictly need retpolines, except for modules which are 2251 * loaded late, they very much do need retpoline in their 2252 * .init.text 2253 */ 2254 if (!strcmp(insn->sec->name, ".init.text") && !module) 2255 continue; 2256 2257 WARN_FUNC("indirect %s found in RETPOLINE build", 2258 insn->sec, insn->offset, 2259 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 2260 2261 warnings++; 2262 } 2263 2264 return warnings; 2265 } 2266 2267 static bool is_kasan_insn(struct instruction *insn) 2268 { 2269 return (insn->type == INSN_CALL && 2270 !strcmp(insn->call_dest->name, "__asan_handle_no_return")); 2271 } 2272 2273 static bool is_ubsan_insn(struct instruction *insn) 2274 { 2275 return (insn->type == INSN_CALL && 2276 !strcmp(insn->call_dest->name, 2277 "__ubsan_handle_builtin_unreachable")); 2278 } 2279 2280 static bool ignore_unreachable_insn(struct instruction *insn) 2281 { 2282 int i; 2283 2284 if (insn->ignore || insn->type == INSN_NOP) 2285 return true; 2286 2287 /* 2288 * Ignore any unused exceptions. This can happen when a whitelisted 2289 * function has an exception table entry. 2290 * 2291 * Also ignore alternative replacement instructions. This can happen 2292 * when a whitelisted function uses one of the ALTERNATIVE macros. 2293 */ 2294 if (!strcmp(insn->sec->name, ".fixup") || 2295 !strcmp(insn->sec->name, ".altinstr_replacement") || 2296 !strcmp(insn->sec->name, ".altinstr_aux")) 2297 return true; 2298 2299 /* 2300 * Check if this (or a subsequent) instruction is related to 2301 * CONFIG_UBSAN or CONFIG_KASAN. 2302 * 2303 * End the search at 5 instructions to avoid going into the weeds. 2304 */ 2305 if (!insn->func) 2306 return false; 2307 for (i = 0; i < 5; i++) { 2308 2309 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 2310 return true; 2311 2312 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 2313 if (insn->jump_dest && 2314 insn->jump_dest->func == insn->func) { 2315 insn = insn->jump_dest; 2316 continue; 2317 } 2318 2319 break; 2320 } 2321 2322 if (insn->offset + insn->len >= insn->func->offset + insn->func->len) 2323 break; 2324 2325 insn = list_next_entry(insn, list); 2326 } 2327 2328 return false; 2329 } 2330 2331 static int validate_functions(struct objtool_file *file) 2332 { 2333 struct section *sec; 2334 struct symbol *func; 2335 struct instruction *insn; 2336 struct insn_state state; 2337 int ret, warnings = 0; 2338 2339 clear_insn_state(&state); 2340 2341 state.cfa = initial_func_cfi.cfa; 2342 memcpy(&state.regs, &initial_func_cfi.regs, 2343 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2344 state.stack_size = initial_func_cfi.cfa.offset; 2345 2346 for_each_sec(file, sec) { 2347 list_for_each_entry(func, &sec->symbol_list, list) { 2348 if (func->type != STT_FUNC || func->pfunc != func) 2349 continue; 2350 2351 insn = find_insn(file, sec, func->offset); 2352 if (!insn || insn->ignore) 2353 continue; 2354 2355 state.uaccess = func->alias->uaccess_safe; 2356 2357 ret = validate_branch(file, insn, state); 2358 if (ret && backtrace) 2359 BT_FUNC("<=== (func)", insn); 2360 warnings += ret; 2361 } 2362 } 2363 2364 return warnings; 2365 } 2366 2367 static int validate_reachable_instructions(struct objtool_file *file) 2368 { 2369 struct instruction *insn; 2370 2371 if (file->ignore_unreachables) 2372 return 0; 2373 2374 for_each_insn(file, insn) { 2375 if (insn->visited || ignore_unreachable_insn(insn)) 2376 continue; 2377 2378 WARN_FUNC("unreachable instruction", insn->sec, insn->offset); 2379 return 1; 2380 } 2381 2382 return 0; 2383 } 2384 2385 static void cleanup(struct objtool_file *file) 2386 { 2387 struct instruction *insn, *tmpinsn; 2388 struct alternative *alt, *tmpalt; 2389 2390 list_for_each_entry_safe(insn, tmpinsn, &file->insn_list, list) { 2391 list_for_each_entry_safe(alt, tmpalt, &insn->alts, list) { 2392 list_del(&alt->list); 2393 free(alt); 2394 } 2395 list_del(&insn->list); 2396 hash_del(&insn->hash); 2397 free(insn); 2398 } 2399 elf_close(file->elf); 2400 } 2401 2402 static struct objtool_file file; 2403 2404 int check(const char *_objname, bool orc) 2405 { 2406 int ret, warnings = 0; 2407 2408 objname = _objname; 2409 2410 file.elf = elf_open(objname, orc ? O_RDWR : O_RDONLY); 2411 if (!file.elf) 2412 return 1; 2413 2414 INIT_LIST_HEAD(&file.insn_list); 2415 hash_init(file.insn_hash); 2416 file.c_file = find_section_by_name(file.elf, ".comment"); 2417 file.ignore_unreachables = no_unreachable; 2418 file.hints = false; 2419 2420 arch_initial_func_cfi_state(&initial_func_cfi); 2421 2422 ret = decode_sections(&file); 2423 if (ret < 0) 2424 goto out; 2425 warnings += ret; 2426 2427 if (list_empty(&file.insn_list)) 2428 goto out; 2429 2430 if (retpoline) { 2431 ret = validate_retpoline(&file); 2432 if (ret < 0) 2433 return ret; 2434 warnings += ret; 2435 } 2436 2437 ret = validate_functions(&file); 2438 if (ret < 0) 2439 goto out; 2440 warnings += ret; 2441 2442 ret = validate_unwind_hints(&file); 2443 if (ret < 0) 2444 goto out; 2445 warnings += ret; 2446 2447 if (!warnings) { 2448 ret = validate_reachable_instructions(&file); 2449 if (ret < 0) 2450 goto out; 2451 warnings += ret; 2452 } 2453 2454 if (orc) { 2455 ret = create_orc(&file); 2456 if (ret < 0) 2457 goto out; 2458 2459 ret = create_orc_sections(&file); 2460 if (ret < 0) 2461 goto out; 2462 2463 ret = elf_write(file.elf); 2464 if (ret < 0) 2465 goto out; 2466 } 2467 2468 out: 2469 cleanup(&file); 2470 2471 /* ignore warnings for now until we get all the code cleaned up */ 2472 if (ret || warnings) 2473 return 0; 2474 return 0; 2475 } 2476