1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 #include <inttypes.h> 9 #include <sys/mman.h> 10 11 #include <arch/elf.h> 12 #include <objtool/builtin.h> 13 #include <objtool/cfi.h> 14 #include <objtool/arch.h> 15 #include <objtool/check.h> 16 #include <objtool/special.h> 17 #include <objtool/warn.h> 18 #include <objtool/endianness.h> 19 20 #include <linux/objtool.h> 21 #include <linux/hashtable.h> 22 #include <linux/kernel.h> 23 #include <linux/static_call_types.h> 24 25 struct alternative { 26 struct list_head list; 27 struct instruction *insn; 28 bool skip_orig; 29 }; 30 31 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 32 33 static struct cfi_init_state initial_func_cfi; 34 static struct cfi_state init_cfi; 35 static struct cfi_state func_cfi; 36 37 struct instruction *find_insn(struct objtool_file *file, 38 struct section *sec, unsigned long offset) 39 { 40 struct instruction *insn; 41 42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 43 if (insn->sec == sec && insn->offset == offset) 44 return insn; 45 } 46 47 return NULL; 48 } 49 50 static struct instruction *next_insn_same_sec(struct objtool_file *file, 51 struct instruction *insn) 52 { 53 struct instruction *next = list_next_entry(insn, list); 54 55 if (!next || &next->list == &file->insn_list || next->sec != insn->sec) 56 return NULL; 57 58 return next; 59 } 60 61 static struct instruction *next_insn_same_func(struct objtool_file *file, 62 struct instruction *insn) 63 { 64 struct instruction *next = list_next_entry(insn, list); 65 struct symbol *func = insn->func; 66 67 if (!func) 68 return NULL; 69 70 if (&next->list != &file->insn_list && next->func == func) 71 return next; 72 73 /* Check if we're already in the subfunction: */ 74 if (func == func->cfunc) 75 return NULL; 76 77 /* Move to the subfunction: */ 78 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 79 } 80 81 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 82 struct instruction *insn) 83 { 84 struct instruction *prev = list_prev_entry(insn, list); 85 86 if (&prev->list != &file->insn_list && prev->func == insn->func) 87 return prev; 88 89 return NULL; 90 } 91 92 #define func_for_each_insn(file, func, insn) \ 93 for (insn = find_insn(file, func->sec, func->offset); \ 94 insn; \ 95 insn = next_insn_same_func(file, insn)) 96 97 #define sym_for_each_insn(file, sym, insn) \ 98 for (insn = find_insn(file, sym->sec, sym->offset); \ 99 insn && &insn->list != &file->insn_list && \ 100 insn->sec == sym->sec && \ 101 insn->offset < sym->offset + sym->len; \ 102 insn = list_next_entry(insn, list)) 103 104 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 105 for (insn = list_prev_entry(insn, list); \ 106 &insn->list != &file->insn_list && \ 107 insn->sec == sym->sec && insn->offset >= sym->offset; \ 108 insn = list_prev_entry(insn, list)) 109 110 #define sec_for_each_insn_from(file, insn) \ 111 for (; insn; insn = next_insn_same_sec(file, insn)) 112 113 #define sec_for_each_insn_continue(file, insn) \ 114 for (insn = next_insn_same_sec(file, insn); insn; \ 115 insn = next_insn_same_sec(file, insn)) 116 117 static bool is_jump_table_jump(struct instruction *insn) 118 { 119 struct alt_group *alt_group = insn->alt_group; 120 121 if (insn->jump_table) 122 return true; 123 124 /* Retpoline alternative for a jump table? */ 125 return alt_group && alt_group->orig_group && 126 alt_group->orig_group->first_insn->jump_table; 127 } 128 129 static bool is_sibling_call(struct instruction *insn) 130 { 131 /* 132 * Assume only ELF functions can make sibling calls. This ensures 133 * sibling call detection consistency between vmlinux.o and individual 134 * objects. 135 */ 136 if (!insn->func) 137 return false; 138 139 /* An indirect jump is either a sibling call or a jump to a table. */ 140 if (insn->type == INSN_JUMP_DYNAMIC) 141 return !is_jump_table_jump(insn); 142 143 /* add_jump_destinations() sets insn->call_dest for sibling calls. */ 144 return (is_static_jump(insn) && insn->call_dest); 145 } 146 147 /* 148 * This checks to see if the given function is a "noreturn" function. 149 * 150 * For global functions which are outside the scope of this object file, we 151 * have to keep a manual list of them. 152 * 153 * For local functions, we have to detect them manually by simply looking for 154 * the lack of a return instruction. 155 */ 156 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 157 int recursion) 158 { 159 int i; 160 struct instruction *insn; 161 bool empty = true; 162 163 /* 164 * Unfortunately these have to be hard coded because the noreturn 165 * attribute isn't provided in ELF data. 166 */ 167 static const char * const global_noreturns[] = { 168 "__stack_chk_fail", 169 "panic", 170 "do_exit", 171 "do_task_dead", 172 "kthread_exit", 173 "make_task_dead", 174 "__module_put_and_kthread_exit", 175 "kthread_complete_and_exit", 176 "__reiserfs_panic", 177 "lbug_with_loc", 178 "fortify_panic", 179 "usercopy_abort", 180 "machine_real_restart", 181 "rewind_stack_and_make_dead", 182 "kunit_try_catch_throw", 183 "xen_start_kernel", 184 "cpu_bringup_and_idle", 185 "do_group_exit", 186 "stop_this_cpu", 187 "__invalid_creds", 188 "cpu_startup_entry", 189 "__ubsan_handle_builtin_unreachable", 190 "ex_handler_msr_mce", 191 }; 192 193 if (!func) 194 return false; 195 196 if (func->bind == STB_WEAK) 197 return false; 198 199 if (func->bind == STB_GLOBAL) 200 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 201 if (!strcmp(func->name, global_noreturns[i])) 202 return true; 203 204 if (!func->len) 205 return false; 206 207 insn = find_insn(file, func->sec, func->offset); 208 if (!insn->func) 209 return false; 210 211 func_for_each_insn(file, func, insn) { 212 empty = false; 213 214 if (insn->type == INSN_RETURN) 215 return false; 216 } 217 218 if (empty) 219 return false; 220 221 /* 222 * A function can have a sibling call instead of a return. In that 223 * case, the function's dead-end status depends on whether the target 224 * of the sibling call returns. 225 */ 226 func_for_each_insn(file, func, insn) { 227 if (is_sibling_call(insn)) { 228 struct instruction *dest = insn->jump_dest; 229 230 if (!dest) 231 /* sibling call to another file */ 232 return false; 233 234 /* local sibling call */ 235 if (recursion == 5) { 236 /* 237 * Infinite recursion: two functions have 238 * sibling calls to each other. This is a very 239 * rare case. It means they aren't dead ends. 240 */ 241 return false; 242 } 243 244 return __dead_end_function(file, dest->func, recursion+1); 245 } 246 } 247 248 return true; 249 } 250 251 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 252 { 253 return __dead_end_function(file, func, 0); 254 } 255 256 static void init_cfi_state(struct cfi_state *cfi) 257 { 258 int i; 259 260 for (i = 0; i < CFI_NUM_REGS; i++) { 261 cfi->regs[i].base = CFI_UNDEFINED; 262 cfi->vals[i].base = CFI_UNDEFINED; 263 } 264 cfi->cfa.base = CFI_UNDEFINED; 265 cfi->drap_reg = CFI_UNDEFINED; 266 cfi->drap_offset = -1; 267 } 268 269 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 270 struct section *sec) 271 { 272 memset(state, 0, sizeof(*state)); 273 init_cfi_state(&state->cfi); 274 275 /* 276 * We need the full vmlinux for noinstr validation, otherwise we can 277 * not correctly determine insn->call_dest->sec (external symbols do 278 * not have a section). 279 */ 280 if (opts.link && opts.noinstr && sec) 281 state->noinstr = sec->noinstr; 282 } 283 284 static struct cfi_state *cfi_alloc(void) 285 { 286 struct cfi_state *cfi = calloc(sizeof(struct cfi_state), 1); 287 if (!cfi) { 288 WARN("calloc failed"); 289 exit(1); 290 } 291 nr_cfi++; 292 return cfi; 293 } 294 295 static int cfi_bits; 296 static struct hlist_head *cfi_hash; 297 298 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 299 { 300 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 301 (void *)cfi2 + sizeof(cfi2->hash), 302 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 303 } 304 305 static inline u32 cfi_key(struct cfi_state *cfi) 306 { 307 return jhash((void *)cfi + sizeof(cfi->hash), 308 sizeof(*cfi) - sizeof(cfi->hash), 0); 309 } 310 311 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 312 { 313 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 314 struct cfi_state *obj; 315 316 hlist_for_each_entry(obj, head, hash) { 317 if (!cficmp(cfi, obj)) { 318 nr_cfi_cache++; 319 return obj; 320 } 321 } 322 323 obj = cfi_alloc(); 324 *obj = *cfi; 325 hlist_add_head(&obj->hash, head); 326 327 return obj; 328 } 329 330 static void cfi_hash_add(struct cfi_state *cfi) 331 { 332 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 333 334 hlist_add_head(&cfi->hash, head); 335 } 336 337 static void *cfi_hash_alloc(unsigned long size) 338 { 339 cfi_bits = max(10, ilog2(size)); 340 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 341 PROT_READ|PROT_WRITE, 342 MAP_PRIVATE|MAP_ANON, -1, 0); 343 if (cfi_hash == (void *)-1L) { 344 WARN("mmap fail cfi_hash"); 345 cfi_hash = NULL; 346 } else if (opts.stats) { 347 printf("cfi_bits: %d\n", cfi_bits); 348 } 349 350 return cfi_hash; 351 } 352 353 static unsigned long nr_insns; 354 static unsigned long nr_insns_visited; 355 356 /* 357 * Call the arch-specific instruction decoder for all the instructions and add 358 * them to the global instruction list. 359 */ 360 static int decode_instructions(struct objtool_file *file) 361 { 362 struct section *sec; 363 struct symbol *func; 364 unsigned long offset; 365 struct instruction *insn; 366 int ret; 367 368 for_each_sec(file, sec) { 369 370 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 371 continue; 372 373 if (strcmp(sec->name, ".altinstr_replacement") && 374 strcmp(sec->name, ".altinstr_aux") && 375 strncmp(sec->name, ".discard.", 9)) 376 sec->text = true; 377 378 if (!strcmp(sec->name, ".noinstr.text") || 379 !strcmp(sec->name, ".entry.text") || 380 !strncmp(sec->name, ".text.__x86.", 12)) 381 sec->noinstr = true; 382 383 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 384 insn = malloc(sizeof(*insn)); 385 if (!insn) { 386 WARN("malloc failed"); 387 return -1; 388 } 389 memset(insn, 0, sizeof(*insn)); 390 INIT_LIST_HEAD(&insn->alts); 391 INIT_LIST_HEAD(&insn->stack_ops); 392 INIT_LIST_HEAD(&insn->call_node); 393 394 insn->sec = sec; 395 insn->offset = offset; 396 397 ret = arch_decode_instruction(file, sec, offset, 398 sec->sh.sh_size - offset, 399 &insn->len, &insn->type, 400 &insn->immediate, 401 &insn->stack_ops); 402 if (ret) 403 goto err; 404 405 /* 406 * By default, "ud2" is a dead end unless otherwise 407 * annotated, because GCC 7 inserts it for certain 408 * divide-by-zero cases. 409 */ 410 if (insn->type == INSN_BUG) 411 insn->dead_end = true; 412 413 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 414 list_add_tail(&insn->list, &file->insn_list); 415 nr_insns++; 416 } 417 418 list_for_each_entry(func, &sec->symbol_list, list) { 419 if (func->type != STT_FUNC || func->alias != func) 420 continue; 421 422 if (!find_insn(file, sec, func->offset)) { 423 WARN("%s(): can't find starting instruction", 424 func->name); 425 return -1; 426 } 427 428 sym_for_each_insn(file, func, insn) { 429 insn->func = func; 430 if (insn->type == INSN_ENDBR && list_empty(&insn->call_node)) { 431 if (insn->offset == insn->func->offset) { 432 list_add_tail(&insn->call_node, &file->endbr_list); 433 file->nr_endbr++; 434 } else { 435 file->nr_endbr_int++; 436 } 437 } 438 } 439 } 440 } 441 442 if (opts.stats) 443 printf("nr_insns: %lu\n", nr_insns); 444 445 return 0; 446 447 err: 448 free(insn); 449 return ret; 450 } 451 452 /* 453 * Read the pv_ops[] .data table to find the static initialized values. 454 */ 455 static int add_pv_ops(struct objtool_file *file, const char *symname) 456 { 457 struct symbol *sym, *func; 458 unsigned long off, end; 459 struct reloc *rel; 460 int idx; 461 462 sym = find_symbol_by_name(file->elf, symname); 463 if (!sym) 464 return 0; 465 466 off = sym->offset; 467 end = off + sym->len; 468 for (;;) { 469 rel = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 470 if (!rel) 471 break; 472 473 func = rel->sym; 474 if (func->type == STT_SECTION) 475 func = find_symbol_by_offset(rel->sym->sec, rel->addend); 476 477 idx = (rel->offset - sym->offset) / sizeof(unsigned long); 478 479 objtool_pv_add(file, idx, func); 480 481 off = rel->offset + 1; 482 if (off > end) 483 break; 484 } 485 486 return 0; 487 } 488 489 /* 490 * Allocate and initialize file->pv_ops[]. 491 */ 492 static int init_pv_ops(struct objtool_file *file) 493 { 494 static const char *pv_ops_tables[] = { 495 "pv_ops", 496 "xen_cpu_ops", 497 "xen_irq_ops", 498 "xen_mmu_ops", 499 NULL, 500 }; 501 const char *pv_ops; 502 struct symbol *sym; 503 int idx, nr; 504 505 if (!opts.noinstr) 506 return 0; 507 508 file->pv_ops = NULL; 509 510 sym = find_symbol_by_name(file->elf, "pv_ops"); 511 if (!sym) 512 return 0; 513 514 nr = sym->len / sizeof(unsigned long); 515 file->pv_ops = calloc(sizeof(struct pv_state), nr); 516 if (!file->pv_ops) 517 return -1; 518 519 for (idx = 0; idx < nr; idx++) 520 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 521 522 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) 523 add_pv_ops(file, pv_ops); 524 525 return 0; 526 } 527 528 static struct instruction *find_last_insn(struct objtool_file *file, 529 struct section *sec) 530 { 531 struct instruction *insn = NULL; 532 unsigned int offset; 533 unsigned int end = (sec->sh.sh_size > 10) ? sec->sh.sh_size - 10 : 0; 534 535 for (offset = sec->sh.sh_size - 1; offset >= end && !insn; offset--) 536 insn = find_insn(file, sec, offset); 537 538 return insn; 539 } 540 541 /* 542 * Mark "ud2" instructions and manually annotated dead ends. 543 */ 544 static int add_dead_ends(struct objtool_file *file) 545 { 546 struct section *sec; 547 struct reloc *reloc; 548 struct instruction *insn; 549 550 /* 551 * Check for manually annotated dead ends. 552 */ 553 sec = find_section_by_name(file->elf, ".rela.discard.unreachable"); 554 if (!sec) 555 goto reachable; 556 557 list_for_each_entry(reloc, &sec->reloc_list, list) { 558 if (reloc->sym->type != STT_SECTION) { 559 WARN("unexpected relocation symbol type in %s", sec->name); 560 return -1; 561 } 562 insn = find_insn(file, reloc->sym->sec, reloc->addend); 563 if (insn) 564 insn = list_prev_entry(insn, list); 565 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 566 insn = find_last_insn(file, reloc->sym->sec); 567 if (!insn) { 568 WARN("can't find unreachable insn at %s+0x%" PRIx64, 569 reloc->sym->sec->name, reloc->addend); 570 return -1; 571 } 572 } else { 573 WARN("can't find unreachable insn at %s+0x%" PRIx64, 574 reloc->sym->sec->name, reloc->addend); 575 return -1; 576 } 577 578 insn->dead_end = true; 579 } 580 581 reachable: 582 /* 583 * These manually annotated reachable checks are needed for GCC 4.4, 584 * where the Linux unreachable() macro isn't supported. In that case 585 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's 586 * not a dead end. 587 */ 588 sec = find_section_by_name(file->elf, ".rela.discard.reachable"); 589 if (!sec) 590 return 0; 591 592 list_for_each_entry(reloc, &sec->reloc_list, list) { 593 if (reloc->sym->type != STT_SECTION) { 594 WARN("unexpected relocation symbol type in %s", sec->name); 595 return -1; 596 } 597 insn = find_insn(file, reloc->sym->sec, reloc->addend); 598 if (insn) 599 insn = list_prev_entry(insn, list); 600 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 601 insn = find_last_insn(file, reloc->sym->sec); 602 if (!insn) { 603 WARN("can't find reachable insn at %s+0x%" PRIx64, 604 reloc->sym->sec->name, reloc->addend); 605 return -1; 606 } 607 } else { 608 WARN("can't find reachable insn at %s+0x%" PRIx64, 609 reloc->sym->sec->name, reloc->addend); 610 return -1; 611 } 612 613 insn->dead_end = false; 614 } 615 616 return 0; 617 } 618 619 static int create_static_call_sections(struct objtool_file *file) 620 { 621 struct section *sec; 622 struct static_call_site *site; 623 struct instruction *insn; 624 struct symbol *key_sym; 625 char *key_name, *tmp; 626 int idx; 627 628 sec = find_section_by_name(file->elf, ".static_call_sites"); 629 if (sec) { 630 INIT_LIST_HEAD(&file->static_call_list); 631 WARN("file already has .static_call_sites section, skipping"); 632 return 0; 633 } 634 635 if (list_empty(&file->static_call_list)) 636 return 0; 637 638 idx = 0; 639 list_for_each_entry(insn, &file->static_call_list, call_node) 640 idx++; 641 642 sec = elf_create_section(file->elf, ".static_call_sites", SHF_WRITE, 643 sizeof(struct static_call_site), idx); 644 if (!sec) 645 return -1; 646 647 idx = 0; 648 list_for_each_entry(insn, &file->static_call_list, call_node) { 649 650 site = (struct static_call_site *)sec->data->d_buf + idx; 651 memset(site, 0, sizeof(struct static_call_site)); 652 653 /* populate reloc for 'addr' */ 654 if (elf_add_reloc_to_insn(file->elf, sec, 655 idx * sizeof(struct static_call_site), 656 R_X86_64_PC32, 657 insn->sec, insn->offset)) 658 return -1; 659 660 /* find key symbol */ 661 key_name = strdup(insn->call_dest->name); 662 if (!key_name) { 663 perror("strdup"); 664 return -1; 665 } 666 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 667 STATIC_CALL_TRAMP_PREFIX_LEN)) { 668 WARN("static_call: trampoline name malformed: %s", key_name); 669 return -1; 670 } 671 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 672 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 673 674 key_sym = find_symbol_by_name(file->elf, tmp); 675 if (!key_sym) { 676 if (!opts.module) { 677 WARN("static_call: can't find static_call_key symbol: %s", tmp); 678 return -1; 679 } 680 681 /* 682 * For modules(), the key might not be exported, which 683 * means the module can make static calls but isn't 684 * allowed to change them. 685 * 686 * In that case we temporarily set the key to be the 687 * trampoline address. This is fixed up in 688 * static_call_add_module(). 689 */ 690 key_sym = insn->call_dest; 691 } 692 free(key_name); 693 694 /* populate reloc for 'key' */ 695 if (elf_add_reloc(file->elf, sec, 696 idx * sizeof(struct static_call_site) + 4, 697 R_X86_64_PC32, key_sym, 698 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 699 return -1; 700 701 idx++; 702 } 703 704 return 0; 705 } 706 707 static int create_retpoline_sites_sections(struct objtool_file *file) 708 { 709 struct instruction *insn; 710 struct section *sec; 711 int idx; 712 713 sec = find_section_by_name(file->elf, ".retpoline_sites"); 714 if (sec) { 715 WARN("file already has .retpoline_sites, skipping"); 716 return 0; 717 } 718 719 idx = 0; 720 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 721 idx++; 722 723 if (!idx) 724 return 0; 725 726 sec = elf_create_section(file->elf, ".retpoline_sites", 0, 727 sizeof(int), idx); 728 if (!sec) { 729 WARN("elf_create_section: .retpoline_sites"); 730 return -1; 731 } 732 733 idx = 0; 734 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 735 736 int *site = (int *)sec->data->d_buf + idx; 737 *site = 0; 738 739 if (elf_add_reloc_to_insn(file->elf, sec, 740 idx * sizeof(int), 741 R_X86_64_PC32, 742 insn->sec, insn->offset)) { 743 WARN("elf_add_reloc_to_insn: .retpoline_sites"); 744 return -1; 745 } 746 747 idx++; 748 } 749 750 return 0; 751 } 752 753 static int create_return_sites_sections(struct objtool_file *file) 754 { 755 struct instruction *insn; 756 struct section *sec; 757 int idx; 758 759 sec = find_section_by_name(file->elf, ".return_sites"); 760 if (sec) { 761 WARN("file already has .return_sites, skipping"); 762 return 0; 763 } 764 765 idx = 0; 766 list_for_each_entry(insn, &file->return_thunk_list, call_node) 767 idx++; 768 769 if (!idx) 770 return 0; 771 772 sec = elf_create_section(file->elf, ".return_sites", 0, 773 sizeof(int), idx); 774 if (!sec) { 775 WARN("elf_create_section: .return_sites"); 776 return -1; 777 } 778 779 idx = 0; 780 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 781 782 int *site = (int *)sec->data->d_buf + idx; 783 *site = 0; 784 785 if (elf_add_reloc_to_insn(file->elf, sec, 786 idx * sizeof(int), 787 R_X86_64_PC32, 788 insn->sec, insn->offset)) { 789 WARN("elf_add_reloc_to_insn: .return_sites"); 790 return -1; 791 } 792 793 idx++; 794 } 795 796 return 0; 797 } 798 799 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 800 { 801 struct instruction *insn; 802 struct section *sec; 803 int idx; 804 805 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 806 if (sec) { 807 WARN("file already has .ibt_endbr_seal, skipping"); 808 return 0; 809 } 810 811 idx = 0; 812 list_for_each_entry(insn, &file->endbr_list, call_node) 813 idx++; 814 815 if (opts.stats) { 816 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 817 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 818 printf("ibt: superfluous ENDBR: %d\n", idx); 819 } 820 821 if (!idx) 822 return 0; 823 824 sec = elf_create_section(file->elf, ".ibt_endbr_seal", 0, 825 sizeof(int), idx); 826 if (!sec) { 827 WARN("elf_create_section: .ibt_endbr_seal"); 828 return -1; 829 } 830 831 idx = 0; 832 list_for_each_entry(insn, &file->endbr_list, call_node) { 833 834 int *site = (int *)sec->data->d_buf + idx; 835 *site = 0; 836 837 if (elf_add_reloc_to_insn(file->elf, sec, 838 idx * sizeof(int), 839 R_X86_64_PC32, 840 insn->sec, insn->offset)) { 841 WARN("elf_add_reloc_to_insn: .ibt_endbr_seal"); 842 return -1; 843 } 844 845 idx++; 846 } 847 848 return 0; 849 } 850 851 static int create_mcount_loc_sections(struct objtool_file *file) 852 { 853 struct section *sec; 854 unsigned long *loc; 855 struct instruction *insn; 856 int idx; 857 858 sec = find_section_by_name(file->elf, "__mcount_loc"); 859 if (sec) { 860 INIT_LIST_HEAD(&file->mcount_loc_list); 861 WARN("file already has __mcount_loc section, skipping"); 862 return 0; 863 } 864 865 if (list_empty(&file->mcount_loc_list)) 866 return 0; 867 868 idx = 0; 869 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 870 idx++; 871 872 sec = elf_create_section(file->elf, "__mcount_loc", 0, sizeof(unsigned long), idx); 873 if (!sec) 874 return -1; 875 876 idx = 0; 877 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 878 879 loc = (unsigned long *)sec->data->d_buf + idx; 880 memset(loc, 0, sizeof(unsigned long)); 881 882 if (elf_add_reloc_to_insn(file->elf, sec, 883 idx * sizeof(unsigned long), 884 R_X86_64_64, 885 insn->sec, insn->offset)) 886 return -1; 887 888 idx++; 889 } 890 891 return 0; 892 } 893 894 /* 895 * Warnings shouldn't be reported for ignored functions. 896 */ 897 static void add_ignores(struct objtool_file *file) 898 { 899 struct instruction *insn; 900 struct section *sec; 901 struct symbol *func; 902 struct reloc *reloc; 903 904 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 905 if (!sec) 906 return; 907 908 list_for_each_entry(reloc, &sec->reloc_list, list) { 909 switch (reloc->sym->type) { 910 case STT_FUNC: 911 func = reloc->sym; 912 break; 913 914 case STT_SECTION: 915 func = find_func_by_offset(reloc->sym->sec, reloc->addend); 916 if (!func) 917 continue; 918 break; 919 920 default: 921 WARN("unexpected relocation symbol type in %s: %d", sec->name, reloc->sym->type); 922 continue; 923 } 924 925 func_for_each_insn(file, func, insn) 926 insn->ignore = true; 927 } 928 } 929 930 /* 931 * This is a whitelist of functions that is allowed to be called with AC set. 932 * The list is meant to be minimal and only contains compiler instrumentation 933 * ABI and a few functions used to implement *_{to,from}_user() functions. 934 * 935 * These functions must not directly change AC, but may PUSHF/POPF. 936 */ 937 static const char *uaccess_safe_builtin[] = { 938 /* KASAN */ 939 "kasan_report", 940 "kasan_check_range", 941 /* KASAN out-of-line */ 942 "__asan_loadN_noabort", 943 "__asan_load1_noabort", 944 "__asan_load2_noabort", 945 "__asan_load4_noabort", 946 "__asan_load8_noabort", 947 "__asan_load16_noabort", 948 "__asan_storeN_noabort", 949 "__asan_store1_noabort", 950 "__asan_store2_noabort", 951 "__asan_store4_noabort", 952 "__asan_store8_noabort", 953 "__asan_store16_noabort", 954 "__kasan_check_read", 955 "__kasan_check_write", 956 /* KASAN in-line */ 957 "__asan_report_load_n_noabort", 958 "__asan_report_load1_noabort", 959 "__asan_report_load2_noabort", 960 "__asan_report_load4_noabort", 961 "__asan_report_load8_noabort", 962 "__asan_report_load16_noabort", 963 "__asan_report_store_n_noabort", 964 "__asan_report_store1_noabort", 965 "__asan_report_store2_noabort", 966 "__asan_report_store4_noabort", 967 "__asan_report_store8_noabort", 968 "__asan_report_store16_noabort", 969 /* KCSAN */ 970 "__kcsan_check_access", 971 "__kcsan_mb", 972 "__kcsan_wmb", 973 "__kcsan_rmb", 974 "__kcsan_release", 975 "kcsan_found_watchpoint", 976 "kcsan_setup_watchpoint", 977 "kcsan_check_scoped_accesses", 978 "kcsan_disable_current", 979 "kcsan_enable_current_nowarn", 980 /* KCSAN/TSAN */ 981 "__tsan_func_entry", 982 "__tsan_func_exit", 983 "__tsan_read_range", 984 "__tsan_write_range", 985 "__tsan_read1", 986 "__tsan_read2", 987 "__tsan_read4", 988 "__tsan_read8", 989 "__tsan_read16", 990 "__tsan_write1", 991 "__tsan_write2", 992 "__tsan_write4", 993 "__tsan_write8", 994 "__tsan_write16", 995 "__tsan_read_write1", 996 "__tsan_read_write2", 997 "__tsan_read_write4", 998 "__tsan_read_write8", 999 "__tsan_read_write16", 1000 "__tsan_atomic8_load", 1001 "__tsan_atomic16_load", 1002 "__tsan_atomic32_load", 1003 "__tsan_atomic64_load", 1004 "__tsan_atomic8_store", 1005 "__tsan_atomic16_store", 1006 "__tsan_atomic32_store", 1007 "__tsan_atomic64_store", 1008 "__tsan_atomic8_exchange", 1009 "__tsan_atomic16_exchange", 1010 "__tsan_atomic32_exchange", 1011 "__tsan_atomic64_exchange", 1012 "__tsan_atomic8_fetch_add", 1013 "__tsan_atomic16_fetch_add", 1014 "__tsan_atomic32_fetch_add", 1015 "__tsan_atomic64_fetch_add", 1016 "__tsan_atomic8_fetch_sub", 1017 "__tsan_atomic16_fetch_sub", 1018 "__tsan_atomic32_fetch_sub", 1019 "__tsan_atomic64_fetch_sub", 1020 "__tsan_atomic8_fetch_and", 1021 "__tsan_atomic16_fetch_and", 1022 "__tsan_atomic32_fetch_and", 1023 "__tsan_atomic64_fetch_and", 1024 "__tsan_atomic8_fetch_or", 1025 "__tsan_atomic16_fetch_or", 1026 "__tsan_atomic32_fetch_or", 1027 "__tsan_atomic64_fetch_or", 1028 "__tsan_atomic8_fetch_xor", 1029 "__tsan_atomic16_fetch_xor", 1030 "__tsan_atomic32_fetch_xor", 1031 "__tsan_atomic64_fetch_xor", 1032 "__tsan_atomic8_fetch_nand", 1033 "__tsan_atomic16_fetch_nand", 1034 "__tsan_atomic32_fetch_nand", 1035 "__tsan_atomic64_fetch_nand", 1036 "__tsan_atomic8_compare_exchange_strong", 1037 "__tsan_atomic16_compare_exchange_strong", 1038 "__tsan_atomic32_compare_exchange_strong", 1039 "__tsan_atomic64_compare_exchange_strong", 1040 "__tsan_atomic8_compare_exchange_weak", 1041 "__tsan_atomic16_compare_exchange_weak", 1042 "__tsan_atomic32_compare_exchange_weak", 1043 "__tsan_atomic64_compare_exchange_weak", 1044 "__tsan_atomic8_compare_exchange_val", 1045 "__tsan_atomic16_compare_exchange_val", 1046 "__tsan_atomic32_compare_exchange_val", 1047 "__tsan_atomic64_compare_exchange_val", 1048 "__tsan_atomic_thread_fence", 1049 "__tsan_atomic_signal_fence", 1050 /* KCOV */ 1051 "write_comp_data", 1052 "check_kcov_mode", 1053 "__sanitizer_cov_trace_pc", 1054 "__sanitizer_cov_trace_const_cmp1", 1055 "__sanitizer_cov_trace_const_cmp2", 1056 "__sanitizer_cov_trace_const_cmp4", 1057 "__sanitizer_cov_trace_const_cmp8", 1058 "__sanitizer_cov_trace_cmp1", 1059 "__sanitizer_cov_trace_cmp2", 1060 "__sanitizer_cov_trace_cmp4", 1061 "__sanitizer_cov_trace_cmp8", 1062 "__sanitizer_cov_trace_switch", 1063 /* UBSAN */ 1064 "ubsan_type_mismatch_common", 1065 "__ubsan_handle_type_mismatch", 1066 "__ubsan_handle_type_mismatch_v1", 1067 "__ubsan_handle_shift_out_of_bounds", 1068 /* misc */ 1069 "csum_partial_copy_generic", 1070 "copy_mc_fragile", 1071 "copy_mc_fragile_handle_tail", 1072 "copy_mc_enhanced_fast_string", 1073 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 1074 NULL 1075 }; 1076 1077 static void add_uaccess_safe(struct objtool_file *file) 1078 { 1079 struct symbol *func; 1080 const char **name; 1081 1082 if (!opts.uaccess) 1083 return; 1084 1085 for (name = uaccess_safe_builtin; *name; name++) { 1086 func = find_symbol_by_name(file->elf, *name); 1087 if (!func) 1088 continue; 1089 1090 func->uaccess_safe = true; 1091 } 1092 } 1093 1094 /* 1095 * FIXME: For now, just ignore any alternatives which add retpolines. This is 1096 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline. 1097 * But it at least allows objtool to understand the control flow *around* the 1098 * retpoline. 1099 */ 1100 static int add_ignore_alternatives(struct objtool_file *file) 1101 { 1102 struct section *sec; 1103 struct reloc *reloc; 1104 struct instruction *insn; 1105 1106 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts"); 1107 if (!sec) 1108 return 0; 1109 1110 list_for_each_entry(reloc, &sec->reloc_list, list) { 1111 if (reloc->sym->type != STT_SECTION) { 1112 WARN("unexpected relocation symbol type in %s", sec->name); 1113 return -1; 1114 } 1115 1116 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1117 if (!insn) { 1118 WARN("bad .discard.ignore_alts entry"); 1119 return -1; 1120 } 1121 1122 insn->ignore_alts = true; 1123 } 1124 1125 return 0; 1126 } 1127 1128 __weak bool arch_is_retpoline(struct symbol *sym) 1129 { 1130 return false; 1131 } 1132 1133 __weak bool arch_is_rethunk(struct symbol *sym) 1134 { 1135 return false; 1136 } 1137 1138 #define NEGATIVE_RELOC ((void *)-1L) 1139 1140 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1141 { 1142 if (insn->reloc == NEGATIVE_RELOC) 1143 return NULL; 1144 1145 if (!insn->reloc) { 1146 if (!file) 1147 return NULL; 1148 1149 insn->reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1150 insn->offset, insn->len); 1151 if (!insn->reloc) { 1152 insn->reloc = NEGATIVE_RELOC; 1153 return NULL; 1154 } 1155 } 1156 1157 return insn->reloc; 1158 } 1159 1160 static void remove_insn_ops(struct instruction *insn) 1161 { 1162 struct stack_op *op, *tmp; 1163 1164 list_for_each_entry_safe(op, tmp, &insn->stack_ops, list) { 1165 list_del(&op->list); 1166 free(op); 1167 } 1168 } 1169 1170 static void annotate_call_site(struct objtool_file *file, 1171 struct instruction *insn, bool sibling) 1172 { 1173 struct reloc *reloc = insn_reloc(file, insn); 1174 struct symbol *sym = insn->call_dest; 1175 1176 if (!sym) 1177 sym = reloc->sym; 1178 1179 /* 1180 * Alternative replacement code is just template code which is 1181 * sometimes copied to the original instruction. For now, don't 1182 * annotate it. (In the future we might consider annotating the 1183 * original instruction if/when it ever makes sense to do so.) 1184 */ 1185 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 1186 return; 1187 1188 if (sym->static_call_tramp) { 1189 list_add_tail(&insn->call_node, &file->static_call_list); 1190 return; 1191 } 1192 1193 if (sym->retpoline_thunk) { 1194 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1195 return; 1196 } 1197 1198 /* 1199 * Many compilers cannot disable KCOV or sanitizer calls with a function 1200 * attribute so they need a little help, NOP out any such calls from 1201 * noinstr text. 1202 */ 1203 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1204 if (reloc) { 1205 reloc->type = R_NONE; 1206 elf_write_reloc(file->elf, reloc); 1207 } 1208 1209 elf_write_insn(file->elf, insn->sec, 1210 insn->offset, insn->len, 1211 sibling ? arch_ret_insn(insn->len) 1212 : arch_nop_insn(insn->len)); 1213 1214 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1215 1216 if (sibling) { 1217 /* 1218 * We've replaced the tail-call JMP insn by two new 1219 * insn: RET; INT3, except we only have a single struct 1220 * insn here. Mark it retpoline_safe to avoid the SLS 1221 * warning, instead of adding another insn. 1222 */ 1223 insn->retpoline_safe = true; 1224 } 1225 1226 return; 1227 } 1228 1229 if (opts.mcount && sym->fentry) { 1230 if (sibling) 1231 WARN_FUNC("Tail call to __fentry__ !?!?", insn->sec, insn->offset); 1232 1233 if (reloc) { 1234 reloc->type = R_NONE; 1235 elf_write_reloc(file->elf, reloc); 1236 } 1237 1238 elf_write_insn(file->elf, insn->sec, 1239 insn->offset, insn->len, 1240 arch_nop_insn(insn->len)); 1241 1242 insn->type = INSN_NOP; 1243 1244 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1245 return; 1246 } 1247 1248 if (!sibling && dead_end_function(file, sym)) 1249 insn->dead_end = true; 1250 } 1251 1252 static void add_call_dest(struct objtool_file *file, struct instruction *insn, 1253 struct symbol *dest, bool sibling) 1254 { 1255 insn->call_dest = dest; 1256 if (!dest) 1257 return; 1258 1259 /* 1260 * Whatever stack impact regular CALLs have, should be undone 1261 * by the RETURN of the called function. 1262 * 1263 * Annotated intra-function calls retain the stack_ops but 1264 * are converted to JUMP, see read_intra_function_calls(). 1265 */ 1266 remove_insn_ops(insn); 1267 1268 annotate_call_site(file, insn, sibling); 1269 } 1270 1271 static void add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1272 { 1273 /* 1274 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1275 * so convert them accordingly. 1276 */ 1277 switch (insn->type) { 1278 case INSN_CALL: 1279 insn->type = INSN_CALL_DYNAMIC; 1280 break; 1281 case INSN_JUMP_UNCONDITIONAL: 1282 insn->type = INSN_JUMP_DYNAMIC; 1283 break; 1284 case INSN_JUMP_CONDITIONAL: 1285 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1286 break; 1287 default: 1288 return; 1289 } 1290 1291 insn->retpoline_safe = true; 1292 1293 /* 1294 * Whatever stack impact regular CALLs have, should be undone 1295 * by the RETURN of the called function. 1296 * 1297 * Annotated intra-function calls retain the stack_ops but 1298 * are converted to JUMP, see read_intra_function_calls(). 1299 */ 1300 remove_insn_ops(insn); 1301 1302 annotate_call_site(file, insn, false); 1303 } 1304 1305 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1306 { 1307 /* 1308 * Return thunk tail calls are really just returns in disguise, 1309 * so convert them accordingly. 1310 */ 1311 insn->type = INSN_RETURN; 1312 insn->retpoline_safe = true; 1313 1314 if (add) 1315 list_add_tail(&insn->call_node, &file->return_thunk_list); 1316 } 1317 1318 static bool same_function(struct instruction *insn1, struct instruction *insn2) 1319 { 1320 return insn1->func->pfunc == insn2->func->pfunc; 1321 } 1322 1323 static bool is_first_func_insn(struct objtool_file *file, struct instruction *insn) 1324 { 1325 if (insn->offset == insn->func->offset) 1326 return true; 1327 1328 if (opts.ibt) { 1329 struct instruction *prev = prev_insn_same_sym(file, insn); 1330 1331 if (prev && prev->type == INSN_ENDBR && 1332 insn->offset == insn->func->offset + prev->len) 1333 return true; 1334 } 1335 1336 return false; 1337 } 1338 1339 /* 1340 * Find the destination instructions for all jumps. 1341 */ 1342 static int add_jump_destinations(struct objtool_file *file) 1343 { 1344 struct instruction *insn, *jump_dest; 1345 struct reloc *reloc; 1346 struct section *dest_sec; 1347 unsigned long dest_off; 1348 1349 for_each_insn(file, insn) { 1350 if (insn->jump_dest) { 1351 /* 1352 * handle_group_alt() may have previously set 1353 * 'jump_dest' for some alternatives. 1354 */ 1355 continue; 1356 } 1357 if (!is_static_jump(insn)) 1358 continue; 1359 1360 reloc = insn_reloc(file, insn); 1361 if (!reloc) { 1362 dest_sec = insn->sec; 1363 dest_off = arch_jump_destination(insn); 1364 } else if (reloc->sym->type == STT_SECTION) { 1365 dest_sec = reloc->sym->sec; 1366 dest_off = arch_dest_reloc_offset(reloc->addend); 1367 } else if (reloc->sym->retpoline_thunk) { 1368 add_retpoline_call(file, insn); 1369 continue; 1370 } else if (reloc->sym->return_thunk) { 1371 add_return_call(file, insn, true); 1372 continue; 1373 } else if (insn->func) { 1374 /* 1375 * External sibling call or internal sibling call with 1376 * STT_FUNC reloc. 1377 */ 1378 add_call_dest(file, insn, reloc->sym, true); 1379 continue; 1380 } else if (reloc->sym->sec->idx) { 1381 dest_sec = reloc->sym->sec; 1382 dest_off = reloc->sym->sym.st_value + 1383 arch_dest_reloc_offset(reloc->addend); 1384 } else { 1385 /* non-func asm code jumping to another file */ 1386 continue; 1387 } 1388 1389 jump_dest = find_insn(file, dest_sec, dest_off); 1390 if (!jump_dest) { 1391 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1392 1393 /* 1394 * This is a special case for zen_untrain_ret(). 1395 * It jumps to __x86_return_thunk(), but objtool 1396 * can't find the thunk's starting RET 1397 * instruction, because the RET is also in the 1398 * middle of another instruction. Objtool only 1399 * knows about the outer instruction. 1400 */ 1401 if (sym && sym->return_thunk) { 1402 add_return_call(file, insn, false); 1403 continue; 1404 } 1405 1406 WARN_FUNC("can't find jump dest instruction at %s+0x%lx", 1407 insn->sec, insn->offset, dest_sec->name, 1408 dest_off); 1409 return -1; 1410 } 1411 1412 /* 1413 * Cross-function jump. 1414 */ 1415 if (insn->func && jump_dest->func && 1416 insn->func != jump_dest->func) { 1417 1418 /* 1419 * For GCC 8+, create parent/child links for any cold 1420 * subfunctions. This is _mostly_ redundant with a 1421 * similar initialization in read_symbols(). 1422 * 1423 * If a function has aliases, we want the *first* such 1424 * function in the symbol table to be the subfunction's 1425 * parent. In that case we overwrite the 1426 * initialization done in read_symbols(). 1427 * 1428 * However this code can't completely replace the 1429 * read_symbols() code because this doesn't detect the 1430 * case where the parent function's only reference to a 1431 * subfunction is through a jump table. 1432 */ 1433 if (!strstr(insn->func->name, ".cold") && 1434 strstr(jump_dest->func->name, ".cold")) { 1435 insn->func->cfunc = jump_dest->func; 1436 jump_dest->func->pfunc = insn->func; 1437 1438 } else if (!same_function(insn, jump_dest) && 1439 is_first_func_insn(file, jump_dest)) { 1440 /* 1441 * Internal sibling call without reloc or with 1442 * STT_SECTION reloc. 1443 */ 1444 add_call_dest(file, insn, jump_dest->func, true); 1445 continue; 1446 } 1447 } 1448 1449 insn->jump_dest = jump_dest; 1450 } 1451 1452 return 0; 1453 } 1454 1455 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1456 { 1457 struct symbol *call_dest; 1458 1459 call_dest = find_func_by_offset(sec, offset); 1460 if (!call_dest) 1461 call_dest = find_symbol_by_offset(sec, offset); 1462 1463 return call_dest; 1464 } 1465 1466 /* 1467 * Find the destination instructions for all calls. 1468 */ 1469 static int add_call_destinations(struct objtool_file *file) 1470 { 1471 struct instruction *insn; 1472 unsigned long dest_off; 1473 struct symbol *dest; 1474 struct reloc *reloc; 1475 1476 for_each_insn(file, insn) { 1477 if (insn->type != INSN_CALL) 1478 continue; 1479 1480 reloc = insn_reloc(file, insn); 1481 if (!reloc) { 1482 dest_off = arch_jump_destination(insn); 1483 dest = find_call_destination(insn->sec, dest_off); 1484 1485 add_call_dest(file, insn, dest, false); 1486 1487 if (insn->ignore) 1488 continue; 1489 1490 if (!insn->call_dest) { 1491 WARN_FUNC("unannotated intra-function call", insn->sec, insn->offset); 1492 return -1; 1493 } 1494 1495 if (insn->func && insn->call_dest->type != STT_FUNC) { 1496 WARN_FUNC("unsupported call to non-function", 1497 insn->sec, insn->offset); 1498 return -1; 1499 } 1500 1501 } else if (reloc->sym->type == STT_SECTION) { 1502 dest_off = arch_dest_reloc_offset(reloc->addend); 1503 dest = find_call_destination(reloc->sym->sec, dest_off); 1504 if (!dest) { 1505 WARN_FUNC("can't find call dest symbol at %s+0x%lx", 1506 insn->sec, insn->offset, 1507 reloc->sym->sec->name, 1508 dest_off); 1509 return -1; 1510 } 1511 1512 add_call_dest(file, insn, dest, false); 1513 1514 } else if (reloc->sym->retpoline_thunk) { 1515 add_retpoline_call(file, insn); 1516 1517 } else 1518 add_call_dest(file, insn, reloc->sym, false); 1519 } 1520 1521 return 0; 1522 } 1523 1524 /* 1525 * The .alternatives section requires some extra special care over and above 1526 * other special sections because alternatives are patched in place. 1527 */ 1528 static int handle_group_alt(struct objtool_file *file, 1529 struct special_alt *special_alt, 1530 struct instruction *orig_insn, 1531 struct instruction **new_insn) 1532 { 1533 struct instruction *last_orig_insn, *last_new_insn = NULL, *insn, *nop = NULL; 1534 struct alt_group *orig_alt_group, *new_alt_group; 1535 unsigned long dest_off; 1536 1537 1538 orig_alt_group = malloc(sizeof(*orig_alt_group)); 1539 if (!orig_alt_group) { 1540 WARN("malloc failed"); 1541 return -1; 1542 } 1543 orig_alt_group->cfi = calloc(special_alt->orig_len, 1544 sizeof(struct cfi_state *)); 1545 if (!orig_alt_group->cfi) { 1546 WARN("calloc failed"); 1547 return -1; 1548 } 1549 1550 last_orig_insn = NULL; 1551 insn = orig_insn; 1552 sec_for_each_insn_from(file, insn) { 1553 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1554 break; 1555 1556 insn->alt_group = orig_alt_group; 1557 last_orig_insn = insn; 1558 } 1559 orig_alt_group->orig_group = NULL; 1560 orig_alt_group->first_insn = orig_insn; 1561 orig_alt_group->last_insn = last_orig_insn; 1562 1563 1564 new_alt_group = malloc(sizeof(*new_alt_group)); 1565 if (!new_alt_group) { 1566 WARN("malloc failed"); 1567 return -1; 1568 } 1569 1570 if (special_alt->new_len < special_alt->orig_len) { 1571 /* 1572 * Insert a fake nop at the end to make the replacement 1573 * alt_group the same size as the original. This is needed to 1574 * allow propagate_alt_cfi() to do its magic. When the last 1575 * instruction affects the stack, the instruction after it (the 1576 * nop) will propagate the new state to the shared CFI array. 1577 */ 1578 nop = malloc(sizeof(*nop)); 1579 if (!nop) { 1580 WARN("malloc failed"); 1581 return -1; 1582 } 1583 memset(nop, 0, sizeof(*nop)); 1584 INIT_LIST_HEAD(&nop->alts); 1585 INIT_LIST_HEAD(&nop->stack_ops); 1586 1587 nop->sec = special_alt->new_sec; 1588 nop->offset = special_alt->new_off + special_alt->new_len; 1589 nop->len = special_alt->orig_len - special_alt->new_len; 1590 nop->type = INSN_NOP; 1591 nop->func = orig_insn->func; 1592 nop->alt_group = new_alt_group; 1593 nop->ignore = orig_insn->ignore_alts; 1594 } 1595 1596 if (!special_alt->new_len) { 1597 *new_insn = nop; 1598 goto end; 1599 } 1600 1601 insn = *new_insn; 1602 sec_for_each_insn_from(file, insn) { 1603 struct reloc *alt_reloc; 1604 1605 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1606 break; 1607 1608 last_new_insn = insn; 1609 1610 insn->ignore = orig_insn->ignore_alts; 1611 insn->func = orig_insn->func; 1612 insn->alt_group = new_alt_group; 1613 1614 /* 1615 * Since alternative replacement code is copy/pasted by the 1616 * kernel after applying relocations, generally such code can't 1617 * have relative-address relocation references to outside the 1618 * .altinstr_replacement section, unless the arch's 1619 * alternatives code can adjust the relative offsets 1620 * accordingly. 1621 */ 1622 alt_reloc = insn_reloc(file, insn); 1623 if (alt_reloc && 1624 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1625 1626 WARN_FUNC("unsupported relocation in alternatives section", 1627 insn->sec, insn->offset); 1628 return -1; 1629 } 1630 1631 if (!is_static_jump(insn)) 1632 continue; 1633 1634 if (!insn->immediate) 1635 continue; 1636 1637 dest_off = arch_jump_destination(insn); 1638 if (dest_off == special_alt->new_off + special_alt->new_len) { 1639 insn->jump_dest = next_insn_same_sec(file, last_orig_insn); 1640 if (!insn->jump_dest) { 1641 WARN_FUNC("can't find alternative jump destination", 1642 insn->sec, insn->offset); 1643 return -1; 1644 } 1645 } 1646 } 1647 1648 if (!last_new_insn) { 1649 WARN_FUNC("can't find last new alternative instruction", 1650 special_alt->new_sec, special_alt->new_off); 1651 return -1; 1652 } 1653 1654 if (nop) 1655 list_add(&nop->list, &last_new_insn->list); 1656 end: 1657 new_alt_group->orig_group = orig_alt_group; 1658 new_alt_group->first_insn = *new_insn; 1659 new_alt_group->last_insn = nop ? : last_new_insn; 1660 new_alt_group->cfi = orig_alt_group->cfi; 1661 return 0; 1662 } 1663 1664 /* 1665 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1666 * If the original instruction is a jump, make the alt entry an effective nop 1667 * by just skipping the original instruction. 1668 */ 1669 static int handle_jump_alt(struct objtool_file *file, 1670 struct special_alt *special_alt, 1671 struct instruction *orig_insn, 1672 struct instruction **new_insn) 1673 { 1674 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1675 orig_insn->type != INSN_NOP) { 1676 1677 WARN_FUNC("unsupported instruction at jump label", 1678 orig_insn->sec, orig_insn->offset); 1679 return -1; 1680 } 1681 1682 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1683 struct reloc *reloc = insn_reloc(file, orig_insn); 1684 1685 if (reloc) { 1686 reloc->type = R_NONE; 1687 elf_write_reloc(file->elf, reloc); 1688 } 1689 elf_write_insn(file->elf, orig_insn->sec, 1690 orig_insn->offset, orig_insn->len, 1691 arch_nop_insn(orig_insn->len)); 1692 orig_insn->type = INSN_NOP; 1693 } 1694 1695 if (orig_insn->type == INSN_NOP) { 1696 if (orig_insn->len == 2) 1697 file->jl_nop_short++; 1698 else 1699 file->jl_nop_long++; 1700 1701 return 0; 1702 } 1703 1704 if (orig_insn->len == 2) 1705 file->jl_short++; 1706 else 1707 file->jl_long++; 1708 1709 *new_insn = list_next_entry(orig_insn, list); 1710 return 0; 1711 } 1712 1713 /* 1714 * Read all the special sections which have alternate instructions which can be 1715 * patched in or redirected to at runtime. Each instruction having alternate 1716 * instruction(s) has them added to its insn->alts list, which will be 1717 * traversed in validate_branch(). 1718 */ 1719 static int add_special_section_alts(struct objtool_file *file) 1720 { 1721 struct list_head special_alts; 1722 struct instruction *orig_insn, *new_insn; 1723 struct special_alt *special_alt, *tmp; 1724 struct alternative *alt; 1725 int ret; 1726 1727 ret = special_get_alts(file->elf, &special_alts); 1728 if (ret) 1729 return ret; 1730 1731 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1732 1733 orig_insn = find_insn(file, special_alt->orig_sec, 1734 special_alt->orig_off); 1735 if (!orig_insn) { 1736 WARN_FUNC("special: can't find orig instruction", 1737 special_alt->orig_sec, special_alt->orig_off); 1738 ret = -1; 1739 goto out; 1740 } 1741 1742 new_insn = NULL; 1743 if (!special_alt->group || special_alt->new_len) { 1744 new_insn = find_insn(file, special_alt->new_sec, 1745 special_alt->new_off); 1746 if (!new_insn) { 1747 WARN_FUNC("special: can't find new instruction", 1748 special_alt->new_sec, 1749 special_alt->new_off); 1750 ret = -1; 1751 goto out; 1752 } 1753 } 1754 1755 if (special_alt->group) { 1756 if (!special_alt->orig_len) { 1757 WARN_FUNC("empty alternative entry", 1758 orig_insn->sec, orig_insn->offset); 1759 continue; 1760 } 1761 1762 ret = handle_group_alt(file, special_alt, orig_insn, 1763 &new_insn); 1764 if (ret) 1765 goto out; 1766 } else if (special_alt->jump_or_nop) { 1767 ret = handle_jump_alt(file, special_alt, orig_insn, 1768 &new_insn); 1769 if (ret) 1770 goto out; 1771 } 1772 1773 alt = malloc(sizeof(*alt)); 1774 if (!alt) { 1775 WARN("malloc failed"); 1776 ret = -1; 1777 goto out; 1778 } 1779 1780 alt->insn = new_insn; 1781 alt->skip_orig = special_alt->skip_orig; 1782 orig_insn->ignore_alts |= special_alt->skip_alt; 1783 list_add_tail(&alt->list, &orig_insn->alts); 1784 1785 list_del(&special_alt->list); 1786 free(special_alt); 1787 } 1788 1789 if (opts.stats) { 1790 printf("jl\\\tNOP\tJMP\n"); 1791 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 1792 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 1793 } 1794 1795 out: 1796 return ret; 1797 } 1798 1799 static int add_jump_table(struct objtool_file *file, struct instruction *insn, 1800 struct reloc *table) 1801 { 1802 struct reloc *reloc = table; 1803 struct instruction *dest_insn; 1804 struct alternative *alt; 1805 struct symbol *pfunc = insn->func->pfunc; 1806 unsigned int prev_offset = 0; 1807 1808 /* 1809 * Each @reloc is a switch table relocation which points to the target 1810 * instruction. 1811 */ 1812 list_for_each_entry_from(reloc, &table->sec->reloc_list, list) { 1813 1814 /* Check for the end of the table: */ 1815 if (reloc != table && reloc->jump_table_start) 1816 break; 1817 1818 /* Make sure the table entries are consecutive: */ 1819 if (prev_offset && reloc->offset != prev_offset + 8) 1820 break; 1821 1822 /* Detect function pointers from contiguous objects: */ 1823 if (reloc->sym->sec == pfunc->sec && 1824 reloc->addend == pfunc->offset) 1825 break; 1826 1827 dest_insn = find_insn(file, reloc->sym->sec, reloc->addend); 1828 if (!dest_insn) 1829 break; 1830 1831 /* Make sure the destination is in the same function: */ 1832 if (!dest_insn->func || dest_insn->func->pfunc != pfunc) 1833 break; 1834 1835 alt = malloc(sizeof(*alt)); 1836 if (!alt) { 1837 WARN("malloc failed"); 1838 return -1; 1839 } 1840 1841 alt->insn = dest_insn; 1842 list_add_tail(&alt->list, &insn->alts); 1843 prev_offset = reloc->offset; 1844 } 1845 1846 if (!prev_offset) { 1847 WARN_FUNC("can't find switch jump table", 1848 insn->sec, insn->offset); 1849 return -1; 1850 } 1851 1852 return 0; 1853 } 1854 1855 /* 1856 * find_jump_table() - Given a dynamic jump, find the switch jump table 1857 * associated with it. 1858 */ 1859 static struct reloc *find_jump_table(struct objtool_file *file, 1860 struct symbol *func, 1861 struct instruction *insn) 1862 { 1863 struct reloc *table_reloc; 1864 struct instruction *dest_insn, *orig_insn = insn; 1865 1866 /* 1867 * Backward search using the @first_jump_src links, these help avoid 1868 * much of the 'in between' code. Which avoids us getting confused by 1869 * it. 1870 */ 1871 for (; 1872 insn && insn->func && insn->func->pfunc == func; 1873 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 1874 1875 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 1876 break; 1877 1878 /* allow small jumps within the range */ 1879 if (insn->type == INSN_JUMP_UNCONDITIONAL && 1880 insn->jump_dest && 1881 (insn->jump_dest->offset <= insn->offset || 1882 insn->jump_dest->offset > orig_insn->offset)) 1883 break; 1884 1885 table_reloc = arch_find_switch_table(file, insn); 1886 if (!table_reloc) 1887 continue; 1888 dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend); 1889 if (!dest_insn || !dest_insn->func || dest_insn->func->pfunc != func) 1890 continue; 1891 1892 return table_reloc; 1893 } 1894 1895 return NULL; 1896 } 1897 1898 /* 1899 * First pass: Mark the head of each jump table so that in the next pass, 1900 * we know when a given jump table ends and the next one starts. 1901 */ 1902 static void mark_func_jump_tables(struct objtool_file *file, 1903 struct symbol *func) 1904 { 1905 struct instruction *insn, *last = NULL; 1906 struct reloc *reloc; 1907 1908 func_for_each_insn(file, func, insn) { 1909 if (!last) 1910 last = insn; 1911 1912 /* 1913 * Store back-pointers for unconditional forward jumps such 1914 * that find_jump_table() can back-track using those and 1915 * avoid some potentially confusing code. 1916 */ 1917 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 1918 insn->offset > last->offset && 1919 insn->jump_dest->offset > insn->offset && 1920 !insn->jump_dest->first_jump_src) { 1921 1922 insn->jump_dest->first_jump_src = insn; 1923 last = insn->jump_dest; 1924 } 1925 1926 if (insn->type != INSN_JUMP_DYNAMIC) 1927 continue; 1928 1929 reloc = find_jump_table(file, func, insn); 1930 if (reloc) { 1931 reloc->jump_table_start = true; 1932 insn->jump_table = reloc; 1933 } 1934 } 1935 } 1936 1937 static int add_func_jump_tables(struct objtool_file *file, 1938 struct symbol *func) 1939 { 1940 struct instruction *insn; 1941 int ret; 1942 1943 func_for_each_insn(file, func, insn) { 1944 if (!insn->jump_table) 1945 continue; 1946 1947 ret = add_jump_table(file, insn, insn->jump_table); 1948 if (ret) 1949 return ret; 1950 } 1951 1952 return 0; 1953 } 1954 1955 /* 1956 * For some switch statements, gcc generates a jump table in the .rodata 1957 * section which contains a list of addresses within the function to jump to. 1958 * This finds these jump tables and adds them to the insn->alts lists. 1959 */ 1960 static int add_jump_table_alts(struct objtool_file *file) 1961 { 1962 struct section *sec; 1963 struct symbol *func; 1964 int ret; 1965 1966 if (!file->rodata) 1967 return 0; 1968 1969 for_each_sec(file, sec) { 1970 list_for_each_entry(func, &sec->symbol_list, list) { 1971 if (func->type != STT_FUNC) 1972 continue; 1973 1974 mark_func_jump_tables(file, func); 1975 ret = add_func_jump_tables(file, func); 1976 if (ret) 1977 return ret; 1978 } 1979 } 1980 1981 return 0; 1982 } 1983 1984 static void set_func_state(struct cfi_state *state) 1985 { 1986 state->cfa = initial_func_cfi.cfa; 1987 memcpy(&state->regs, &initial_func_cfi.regs, 1988 CFI_NUM_REGS * sizeof(struct cfi_reg)); 1989 state->stack_size = initial_func_cfi.cfa.offset; 1990 } 1991 1992 static int read_unwind_hints(struct objtool_file *file) 1993 { 1994 struct cfi_state cfi = init_cfi; 1995 struct section *sec, *relocsec; 1996 struct unwind_hint *hint; 1997 struct instruction *insn; 1998 struct reloc *reloc; 1999 int i; 2000 2001 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2002 if (!sec) 2003 return 0; 2004 2005 relocsec = sec->reloc; 2006 if (!relocsec) { 2007 WARN("missing .rela.discard.unwind_hints section"); 2008 return -1; 2009 } 2010 2011 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2012 WARN("struct unwind_hint size mismatch"); 2013 return -1; 2014 } 2015 2016 file->hints = true; 2017 2018 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2019 hint = (struct unwind_hint *)sec->data->d_buf + i; 2020 2021 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2022 if (!reloc) { 2023 WARN("can't find reloc for unwind_hints[%d]", i); 2024 return -1; 2025 } 2026 2027 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2028 if (!insn) { 2029 WARN("can't find insn for unwind_hints[%d]", i); 2030 return -1; 2031 } 2032 2033 insn->hint = true; 2034 2035 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2036 insn->hint = false; 2037 insn->save = true; 2038 continue; 2039 } 2040 2041 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2042 insn->restore = true; 2043 continue; 2044 } 2045 2046 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2047 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2048 2049 if (sym && sym->bind == STB_GLOBAL) { 2050 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2051 WARN_FUNC("UNWIND_HINT_IRET_REGS without ENDBR", 2052 insn->sec, insn->offset); 2053 } 2054 2055 insn->entry = 1; 2056 } 2057 } 2058 2059 if (hint->type == UNWIND_HINT_TYPE_ENTRY) { 2060 hint->type = UNWIND_HINT_TYPE_CALL; 2061 insn->entry = 1; 2062 } 2063 2064 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2065 insn->cfi = &func_cfi; 2066 continue; 2067 } 2068 2069 if (insn->cfi) 2070 cfi = *(insn->cfi); 2071 2072 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2073 WARN_FUNC("unsupported unwind_hint sp base reg %d", 2074 insn->sec, insn->offset, hint->sp_reg); 2075 return -1; 2076 } 2077 2078 cfi.cfa.offset = bswap_if_needed(hint->sp_offset); 2079 cfi.type = hint->type; 2080 cfi.end = hint->end; 2081 2082 insn->cfi = cfi_hash_find_or_add(&cfi); 2083 } 2084 2085 return 0; 2086 } 2087 2088 static int read_noendbr_hints(struct objtool_file *file) 2089 { 2090 struct section *sec; 2091 struct instruction *insn; 2092 struct reloc *reloc; 2093 2094 sec = find_section_by_name(file->elf, ".rela.discard.noendbr"); 2095 if (!sec) 2096 return 0; 2097 2098 list_for_each_entry(reloc, &sec->reloc_list, list) { 2099 insn = find_insn(file, reloc->sym->sec, reloc->sym->offset + reloc->addend); 2100 if (!insn) { 2101 WARN("bad .discard.noendbr entry"); 2102 return -1; 2103 } 2104 2105 if (insn->type == INSN_ENDBR) 2106 WARN_FUNC("ANNOTATE_NOENDBR on ENDBR", insn->sec, insn->offset); 2107 2108 insn->noendbr = 1; 2109 } 2110 2111 return 0; 2112 } 2113 2114 static int read_retpoline_hints(struct objtool_file *file) 2115 { 2116 struct section *sec; 2117 struct instruction *insn; 2118 struct reloc *reloc; 2119 2120 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); 2121 if (!sec) 2122 return 0; 2123 2124 list_for_each_entry(reloc, &sec->reloc_list, list) { 2125 if (reloc->sym->type != STT_SECTION) { 2126 WARN("unexpected relocation symbol type in %s", sec->name); 2127 return -1; 2128 } 2129 2130 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2131 if (!insn) { 2132 WARN("bad .discard.retpoline_safe entry"); 2133 return -1; 2134 } 2135 2136 if (insn->type != INSN_JUMP_DYNAMIC && 2137 insn->type != INSN_CALL_DYNAMIC && 2138 insn->type != INSN_RETURN && 2139 insn->type != INSN_NOP) { 2140 WARN_FUNC("retpoline_safe hint not an indirect jump/call/ret/nop", 2141 insn->sec, insn->offset); 2142 return -1; 2143 } 2144 2145 insn->retpoline_safe = true; 2146 } 2147 2148 return 0; 2149 } 2150 2151 static int read_instr_hints(struct objtool_file *file) 2152 { 2153 struct section *sec; 2154 struct instruction *insn; 2155 struct reloc *reloc; 2156 2157 sec = find_section_by_name(file->elf, ".rela.discard.instr_end"); 2158 if (!sec) 2159 return 0; 2160 2161 list_for_each_entry(reloc, &sec->reloc_list, list) { 2162 if (reloc->sym->type != STT_SECTION) { 2163 WARN("unexpected relocation symbol type in %s", sec->name); 2164 return -1; 2165 } 2166 2167 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2168 if (!insn) { 2169 WARN("bad .discard.instr_end entry"); 2170 return -1; 2171 } 2172 2173 insn->instr--; 2174 } 2175 2176 sec = find_section_by_name(file->elf, ".rela.discard.instr_begin"); 2177 if (!sec) 2178 return 0; 2179 2180 list_for_each_entry(reloc, &sec->reloc_list, list) { 2181 if (reloc->sym->type != STT_SECTION) { 2182 WARN("unexpected relocation symbol type in %s", sec->name); 2183 return -1; 2184 } 2185 2186 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2187 if (!insn) { 2188 WARN("bad .discard.instr_begin entry"); 2189 return -1; 2190 } 2191 2192 insn->instr++; 2193 } 2194 2195 return 0; 2196 } 2197 2198 static int read_intra_function_calls(struct objtool_file *file) 2199 { 2200 struct instruction *insn; 2201 struct section *sec; 2202 struct reloc *reloc; 2203 2204 sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls"); 2205 if (!sec) 2206 return 0; 2207 2208 list_for_each_entry(reloc, &sec->reloc_list, list) { 2209 unsigned long dest_off; 2210 2211 if (reloc->sym->type != STT_SECTION) { 2212 WARN("unexpected relocation symbol type in %s", 2213 sec->name); 2214 return -1; 2215 } 2216 2217 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2218 if (!insn) { 2219 WARN("bad .discard.intra_function_call entry"); 2220 return -1; 2221 } 2222 2223 if (insn->type != INSN_CALL) { 2224 WARN_FUNC("intra_function_call not a direct call", 2225 insn->sec, insn->offset); 2226 return -1; 2227 } 2228 2229 /* 2230 * Treat intra-function CALLs as JMPs, but with a stack_op. 2231 * See add_call_destinations(), which strips stack_ops from 2232 * normal CALLs. 2233 */ 2234 insn->type = INSN_JUMP_UNCONDITIONAL; 2235 2236 dest_off = insn->offset + insn->len + insn->immediate; 2237 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2238 if (!insn->jump_dest) { 2239 WARN_FUNC("can't find call dest at %s+0x%lx", 2240 insn->sec, insn->offset, 2241 insn->sec->name, dest_off); 2242 return -1; 2243 } 2244 } 2245 2246 return 0; 2247 } 2248 2249 /* 2250 * Return true if name matches an instrumentation function, where calls to that 2251 * function from noinstr code can safely be removed, but compilers won't do so. 2252 */ 2253 static bool is_profiling_func(const char *name) 2254 { 2255 /* 2256 * Many compilers cannot disable KCOV with a function attribute. 2257 */ 2258 if (!strncmp(name, "__sanitizer_cov_", 16)) 2259 return true; 2260 2261 /* 2262 * Some compilers currently do not remove __tsan_func_entry/exit nor 2263 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2264 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2265 * minimum Clang version is 14.0, this can be removed. 2266 */ 2267 if (!strncmp(name, "__tsan_func_", 12) || 2268 !strcmp(name, "__tsan_atomic_signal_fence")) 2269 return true; 2270 2271 return false; 2272 } 2273 2274 static int classify_symbols(struct objtool_file *file) 2275 { 2276 struct section *sec; 2277 struct symbol *func; 2278 2279 for_each_sec(file, sec) { 2280 list_for_each_entry(func, &sec->symbol_list, list) { 2281 if (func->bind != STB_GLOBAL) 2282 continue; 2283 2284 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2285 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2286 func->static_call_tramp = true; 2287 2288 if (arch_is_retpoline(func)) 2289 func->retpoline_thunk = true; 2290 2291 if (arch_is_rethunk(func)) 2292 func->return_thunk = true; 2293 2294 if (!strcmp(func->name, "__fentry__")) 2295 func->fentry = true; 2296 2297 if (is_profiling_func(func->name)) 2298 func->profiling_func = true; 2299 } 2300 } 2301 2302 return 0; 2303 } 2304 2305 static void mark_rodata(struct objtool_file *file) 2306 { 2307 struct section *sec; 2308 bool found = false; 2309 2310 /* 2311 * Search for the following rodata sections, each of which can 2312 * potentially contain jump tables: 2313 * 2314 * - .rodata: can contain GCC switch tables 2315 * - .rodata.<func>: same, if -fdata-sections is being used 2316 * - .rodata..c_jump_table: contains C annotated jump tables 2317 * 2318 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2319 */ 2320 for_each_sec(file, sec) { 2321 if (!strncmp(sec->name, ".rodata", 7) && 2322 !strstr(sec->name, ".str1.")) { 2323 sec->rodata = true; 2324 found = true; 2325 } 2326 } 2327 2328 file->rodata = found; 2329 } 2330 2331 static int decode_sections(struct objtool_file *file) 2332 { 2333 int ret; 2334 2335 mark_rodata(file); 2336 2337 ret = init_pv_ops(file); 2338 if (ret) 2339 return ret; 2340 2341 ret = decode_instructions(file); 2342 if (ret) 2343 return ret; 2344 2345 add_ignores(file); 2346 add_uaccess_safe(file); 2347 2348 ret = add_ignore_alternatives(file); 2349 if (ret) 2350 return ret; 2351 2352 /* 2353 * Must be before read_unwind_hints() since that needs insn->noendbr. 2354 */ 2355 ret = read_noendbr_hints(file); 2356 if (ret) 2357 return ret; 2358 2359 /* 2360 * Must be before add_{jump_call}_destination. 2361 */ 2362 ret = classify_symbols(file); 2363 if (ret) 2364 return ret; 2365 2366 /* 2367 * Must be before add_jump_destinations(), which depends on 'func' 2368 * being set for alternatives, to enable proper sibling call detection. 2369 */ 2370 ret = add_special_section_alts(file); 2371 if (ret) 2372 return ret; 2373 2374 ret = add_jump_destinations(file); 2375 if (ret) 2376 return ret; 2377 2378 /* 2379 * Must be before add_call_destination(); it changes INSN_CALL to 2380 * INSN_JUMP. 2381 */ 2382 ret = read_intra_function_calls(file); 2383 if (ret) 2384 return ret; 2385 2386 ret = add_call_destinations(file); 2387 if (ret) 2388 return ret; 2389 2390 /* 2391 * Must be after add_call_destinations() such that it can override 2392 * dead_end_function() marks. 2393 */ 2394 ret = add_dead_ends(file); 2395 if (ret) 2396 return ret; 2397 2398 ret = add_jump_table_alts(file); 2399 if (ret) 2400 return ret; 2401 2402 ret = read_unwind_hints(file); 2403 if (ret) 2404 return ret; 2405 2406 ret = read_retpoline_hints(file); 2407 if (ret) 2408 return ret; 2409 2410 ret = read_instr_hints(file); 2411 if (ret) 2412 return ret; 2413 2414 return 0; 2415 } 2416 2417 static bool is_fentry_call(struct instruction *insn) 2418 { 2419 if (insn->type == INSN_CALL && 2420 insn->call_dest && 2421 insn->call_dest->fentry) 2422 return true; 2423 2424 return false; 2425 } 2426 2427 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2428 { 2429 struct cfi_state *cfi = &state->cfi; 2430 int i; 2431 2432 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2433 return true; 2434 2435 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2436 return true; 2437 2438 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2439 return true; 2440 2441 for (i = 0; i < CFI_NUM_REGS; i++) { 2442 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2443 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2444 return true; 2445 } 2446 2447 return false; 2448 } 2449 2450 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2451 int expected_offset) 2452 { 2453 return reg->base == CFI_CFA && 2454 reg->offset == expected_offset; 2455 } 2456 2457 static bool has_valid_stack_frame(struct insn_state *state) 2458 { 2459 struct cfi_state *cfi = &state->cfi; 2460 2461 if (cfi->cfa.base == CFI_BP && 2462 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2463 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2464 return true; 2465 2466 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2467 return true; 2468 2469 return false; 2470 } 2471 2472 static int update_cfi_state_regs(struct instruction *insn, 2473 struct cfi_state *cfi, 2474 struct stack_op *op) 2475 { 2476 struct cfi_reg *cfa = &cfi->cfa; 2477 2478 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2479 return 0; 2480 2481 /* push */ 2482 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2483 cfa->offset += 8; 2484 2485 /* pop */ 2486 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2487 cfa->offset -= 8; 2488 2489 /* add immediate to sp */ 2490 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2491 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2492 cfa->offset -= op->src.offset; 2493 2494 return 0; 2495 } 2496 2497 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2498 { 2499 if (arch_callee_saved_reg(reg) && 2500 cfi->regs[reg].base == CFI_UNDEFINED) { 2501 cfi->regs[reg].base = base; 2502 cfi->regs[reg].offset = offset; 2503 } 2504 } 2505 2506 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2507 { 2508 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2509 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2510 } 2511 2512 /* 2513 * A note about DRAP stack alignment: 2514 * 2515 * GCC has the concept of a DRAP register, which is used to help keep track of 2516 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2517 * register. The typical DRAP pattern is: 2518 * 2519 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2520 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2521 * 41 ff 72 f8 pushq -0x8(%r10) 2522 * 55 push %rbp 2523 * 48 89 e5 mov %rsp,%rbp 2524 * (more pushes) 2525 * 41 52 push %r10 2526 * ... 2527 * 41 5a pop %r10 2528 * (more pops) 2529 * 5d pop %rbp 2530 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2531 * c3 retq 2532 * 2533 * There are some variations in the epilogues, like: 2534 * 2535 * 5b pop %rbx 2536 * 41 5a pop %r10 2537 * 41 5c pop %r12 2538 * 41 5d pop %r13 2539 * 41 5e pop %r14 2540 * c9 leaveq 2541 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2542 * c3 retq 2543 * 2544 * and: 2545 * 2546 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2547 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2548 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2549 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2550 * c9 leaveq 2551 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2552 * c3 retq 2553 * 2554 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2555 * restored beforehand: 2556 * 2557 * 41 55 push %r13 2558 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2559 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2560 * ... 2561 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2562 * 41 5d pop %r13 2563 * c3 retq 2564 */ 2565 static int update_cfi_state(struct instruction *insn, 2566 struct instruction *next_insn, 2567 struct cfi_state *cfi, struct stack_op *op) 2568 { 2569 struct cfi_reg *cfa = &cfi->cfa; 2570 struct cfi_reg *regs = cfi->regs; 2571 2572 /* stack operations don't make sense with an undefined CFA */ 2573 if (cfa->base == CFI_UNDEFINED) { 2574 if (insn->func) { 2575 WARN_FUNC("undefined stack state", insn->sec, insn->offset); 2576 return -1; 2577 } 2578 return 0; 2579 } 2580 2581 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2582 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2583 return update_cfi_state_regs(insn, cfi, op); 2584 2585 switch (op->dest.type) { 2586 2587 case OP_DEST_REG: 2588 switch (op->src.type) { 2589 2590 case OP_SRC_REG: 2591 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2592 cfa->base == CFI_SP && 2593 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2594 2595 /* mov %rsp, %rbp */ 2596 cfa->base = op->dest.reg; 2597 cfi->bp_scratch = false; 2598 } 2599 2600 else if (op->src.reg == CFI_SP && 2601 op->dest.reg == CFI_BP && cfi->drap) { 2602 2603 /* drap: mov %rsp, %rbp */ 2604 regs[CFI_BP].base = CFI_BP; 2605 regs[CFI_BP].offset = -cfi->stack_size; 2606 cfi->bp_scratch = false; 2607 } 2608 2609 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2610 2611 /* 2612 * mov %rsp, %reg 2613 * 2614 * This is needed for the rare case where GCC 2615 * does: 2616 * 2617 * mov %rsp, %rax 2618 * ... 2619 * mov %rax, %rsp 2620 */ 2621 cfi->vals[op->dest.reg].base = CFI_CFA; 2622 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2623 } 2624 2625 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2626 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2627 2628 /* 2629 * mov %rbp, %rsp 2630 * 2631 * Restore the original stack pointer (Clang). 2632 */ 2633 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2634 } 2635 2636 else if (op->dest.reg == cfa->base) { 2637 2638 /* mov %reg, %rsp */ 2639 if (cfa->base == CFI_SP && 2640 cfi->vals[op->src.reg].base == CFI_CFA) { 2641 2642 /* 2643 * This is needed for the rare case 2644 * where GCC does something dumb like: 2645 * 2646 * lea 0x8(%rsp), %rcx 2647 * ... 2648 * mov %rcx, %rsp 2649 */ 2650 cfa->offset = -cfi->vals[op->src.reg].offset; 2651 cfi->stack_size = cfa->offset; 2652 2653 } else if (cfa->base == CFI_SP && 2654 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2655 cfi->vals[op->src.reg].offset == cfa->offset) { 2656 2657 /* 2658 * Stack swizzle: 2659 * 2660 * 1: mov %rsp, (%[tos]) 2661 * 2: mov %[tos], %rsp 2662 * ... 2663 * 3: pop %rsp 2664 * 2665 * Where: 2666 * 2667 * 1 - places a pointer to the previous 2668 * stack at the Top-of-Stack of the 2669 * new stack. 2670 * 2671 * 2 - switches to the new stack. 2672 * 2673 * 3 - pops the Top-of-Stack to restore 2674 * the original stack. 2675 * 2676 * Note: we set base to SP_INDIRECT 2677 * here and preserve offset. Therefore 2678 * when the unwinder reaches ToS it 2679 * will dereference SP and then add the 2680 * offset to find the next frame, IOW: 2681 * (%rsp) + offset. 2682 */ 2683 cfa->base = CFI_SP_INDIRECT; 2684 2685 } else { 2686 cfa->base = CFI_UNDEFINED; 2687 cfa->offset = 0; 2688 } 2689 } 2690 2691 else if (op->dest.reg == CFI_SP && 2692 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2693 cfi->vals[op->src.reg].offset == cfa->offset) { 2694 2695 /* 2696 * The same stack swizzle case 2) as above. But 2697 * because we can't change cfa->base, case 3) 2698 * will become a regular POP. Pretend we're a 2699 * PUSH so things don't go unbalanced. 2700 */ 2701 cfi->stack_size += 8; 2702 } 2703 2704 2705 break; 2706 2707 case OP_SRC_ADD: 2708 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2709 2710 /* add imm, %rsp */ 2711 cfi->stack_size -= op->src.offset; 2712 if (cfa->base == CFI_SP) 2713 cfa->offset -= op->src.offset; 2714 break; 2715 } 2716 2717 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2718 2719 /* lea disp(%rbp), %rsp */ 2720 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2721 break; 2722 } 2723 2724 if (!cfi->drap && op->src.reg == CFI_SP && 2725 op->dest.reg == CFI_BP && cfa->base == CFI_SP && 2726 check_reg_frame_pos(®s[CFI_BP], -cfa->offset + op->src.offset)) { 2727 2728 /* lea disp(%rsp), %rbp */ 2729 cfa->base = CFI_BP; 2730 cfa->offset -= op->src.offset; 2731 cfi->bp_scratch = false; 2732 break; 2733 } 2734 2735 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2736 2737 /* drap: lea disp(%rsp), %drap */ 2738 cfi->drap_reg = op->dest.reg; 2739 2740 /* 2741 * lea disp(%rsp), %reg 2742 * 2743 * This is needed for the rare case where GCC 2744 * does something dumb like: 2745 * 2746 * lea 0x8(%rsp), %rcx 2747 * ... 2748 * mov %rcx, %rsp 2749 */ 2750 cfi->vals[op->dest.reg].base = CFI_CFA; 2751 cfi->vals[op->dest.reg].offset = \ 2752 -cfi->stack_size + op->src.offset; 2753 2754 break; 2755 } 2756 2757 if (cfi->drap && op->dest.reg == CFI_SP && 2758 op->src.reg == cfi->drap_reg) { 2759 2760 /* drap: lea disp(%drap), %rsp */ 2761 cfa->base = CFI_SP; 2762 cfa->offset = cfi->stack_size = -op->src.offset; 2763 cfi->drap_reg = CFI_UNDEFINED; 2764 cfi->drap = false; 2765 break; 2766 } 2767 2768 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 2769 WARN_FUNC("unsupported stack register modification", 2770 insn->sec, insn->offset); 2771 return -1; 2772 } 2773 2774 break; 2775 2776 case OP_SRC_AND: 2777 if (op->dest.reg != CFI_SP || 2778 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 2779 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 2780 WARN_FUNC("unsupported stack pointer realignment", 2781 insn->sec, insn->offset); 2782 return -1; 2783 } 2784 2785 if (cfi->drap_reg != CFI_UNDEFINED) { 2786 /* drap: and imm, %rsp */ 2787 cfa->base = cfi->drap_reg; 2788 cfa->offset = cfi->stack_size = 0; 2789 cfi->drap = true; 2790 } 2791 2792 /* 2793 * Older versions of GCC (4.8ish) realign the stack 2794 * without DRAP, with a frame pointer. 2795 */ 2796 2797 break; 2798 2799 case OP_SRC_POP: 2800 case OP_SRC_POPF: 2801 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 2802 2803 /* pop %rsp; # restore from a stack swizzle */ 2804 cfa->base = CFI_SP; 2805 break; 2806 } 2807 2808 if (!cfi->drap && op->dest.reg == cfa->base) { 2809 2810 /* pop %rbp */ 2811 cfa->base = CFI_SP; 2812 } 2813 2814 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 2815 op->dest.reg == cfi->drap_reg && 2816 cfi->drap_offset == -cfi->stack_size) { 2817 2818 /* drap: pop %drap */ 2819 cfa->base = cfi->drap_reg; 2820 cfa->offset = 0; 2821 cfi->drap_offset = -1; 2822 2823 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 2824 2825 /* pop %reg */ 2826 restore_reg(cfi, op->dest.reg); 2827 } 2828 2829 cfi->stack_size -= 8; 2830 if (cfa->base == CFI_SP) 2831 cfa->offset -= 8; 2832 2833 break; 2834 2835 case OP_SRC_REG_INDIRECT: 2836 if (!cfi->drap && op->dest.reg == cfa->base && 2837 op->dest.reg == CFI_BP) { 2838 2839 /* mov disp(%rsp), %rbp */ 2840 cfa->base = CFI_SP; 2841 cfa->offset = cfi->stack_size; 2842 } 2843 2844 if (cfi->drap && op->src.reg == CFI_BP && 2845 op->src.offset == cfi->drap_offset) { 2846 2847 /* drap: mov disp(%rbp), %drap */ 2848 cfa->base = cfi->drap_reg; 2849 cfa->offset = 0; 2850 cfi->drap_offset = -1; 2851 } 2852 2853 if (cfi->drap && op->src.reg == CFI_BP && 2854 op->src.offset == regs[op->dest.reg].offset) { 2855 2856 /* drap: mov disp(%rbp), %reg */ 2857 restore_reg(cfi, op->dest.reg); 2858 2859 } else if (op->src.reg == cfa->base && 2860 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 2861 2862 /* mov disp(%rbp), %reg */ 2863 /* mov disp(%rsp), %reg */ 2864 restore_reg(cfi, op->dest.reg); 2865 2866 } else if (op->src.reg == CFI_SP && 2867 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 2868 2869 /* mov disp(%rsp), %reg */ 2870 restore_reg(cfi, op->dest.reg); 2871 } 2872 2873 break; 2874 2875 default: 2876 WARN_FUNC("unknown stack-related instruction", 2877 insn->sec, insn->offset); 2878 return -1; 2879 } 2880 2881 break; 2882 2883 case OP_DEST_PUSH: 2884 case OP_DEST_PUSHF: 2885 cfi->stack_size += 8; 2886 if (cfa->base == CFI_SP) 2887 cfa->offset += 8; 2888 2889 if (op->src.type != OP_SRC_REG) 2890 break; 2891 2892 if (cfi->drap) { 2893 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 2894 2895 /* drap: push %drap */ 2896 cfa->base = CFI_BP_INDIRECT; 2897 cfa->offset = -cfi->stack_size; 2898 2899 /* save drap so we know when to restore it */ 2900 cfi->drap_offset = -cfi->stack_size; 2901 2902 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 2903 2904 /* drap: push %rbp */ 2905 cfi->stack_size = 0; 2906 2907 } else { 2908 2909 /* drap: push %reg */ 2910 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 2911 } 2912 2913 } else { 2914 2915 /* push %reg */ 2916 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 2917 } 2918 2919 /* detect when asm code uses rbp as a scratch register */ 2920 if (opts.stackval && insn->func && op->src.reg == CFI_BP && 2921 cfa->base != CFI_BP) 2922 cfi->bp_scratch = true; 2923 break; 2924 2925 case OP_DEST_REG_INDIRECT: 2926 2927 if (cfi->drap) { 2928 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 2929 2930 /* drap: mov %drap, disp(%rbp) */ 2931 cfa->base = CFI_BP_INDIRECT; 2932 cfa->offset = op->dest.offset; 2933 2934 /* save drap offset so we know when to restore it */ 2935 cfi->drap_offset = op->dest.offset; 2936 } else { 2937 2938 /* drap: mov reg, disp(%rbp) */ 2939 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 2940 } 2941 2942 } else if (op->dest.reg == cfa->base) { 2943 2944 /* mov reg, disp(%rbp) */ 2945 /* mov reg, disp(%rsp) */ 2946 save_reg(cfi, op->src.reg, CFI_CFA, 2947 op->dest.offset - cfi->cfa.offset); 2948 2949 } else if (op->dest.reg == CFI_SP) { 2950 2951 /* mov reg, disp(%rsp) */ 2952 save_reg(cfi, op->src.reg, CFI_CFA, 2953 op->dest.offset - cfi->stack_size); 2954 2955 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 2956 2957 /* mov %rsp, (%reg); # setup a stack swizzle. */ 2958 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 2959 cfi->vals[op->dest.reg].offset = cfa->offset; 2960 } 2961 2962 break; 2963 2964 case OP_DEST_MEM: 2965 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 2966 WARN_FUNC("unknown stack-related memory operation", 2967 insn->sec, insn->offset); 2968 return -1; 2969 } 2970 2971 /* pop mem */ 2972 cfi->stack_size -= 8; 2973 if (cfa->base == CFI_SP) 2974 cfa->offset -= 8; 2975 2976 break; 2977 2978 default: 2979 WARN_FUNC("unknown stack-related instruction", 2980 insn->sec, insn->offset); 2981 return -1; 2982 } 2983 2984 return 0; 2985 } 2986 2987 /* 2988 * The stack layouts of alternatives instructions can sometimes diverge when 2989 * they have stack modifications. That's fine as long as the potential stack 2990 * layouts don't conflict at any given potential instruction boundary. 2991 * 2992 * Flatten the CFIs of the different alternative code streams (both original 2993 * and replacement) into a single shared CFI array which can be used to detect 2994 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 2995 */ 2996 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 2997 { 2998 struct cfi_state **alt_cfi; 2999 int group_off; 3000 3001 if (!insn->alt_group) 3002 return 0; 3003 3004 if (!insn->cfi) { 3005 WARN("CFI missing"); 3006 return -1; 3007 } 3008 3009 alt_cfi = insn->alt_group->cfi; 3010 group_off = insn->offset - insn->alt_group->first_insn->offset; 3011 3012 if (!alt_cfi[group_off]) { 3013 alt_cfi[group_off] = insn->cfi; 3014 } else { 3015 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3016 WARN_FUNC("stack layout conflict in alternatives", 3017 insn->sec, insn->offset); 3018 return -1; 3019 } 3020 } 3021 3022 return 0; 3023 } 3024 3025 static int handle_insn_ops(struct instruction *insn, 3026 struct instruction *next_insn, 3027 struct insn_state *state) 3028 { 3029 struct stack_op *op; 3030 3031 list_for_each_entry(op, &insn->stack_ops, list) { 3032 3033 if (update_cfi_state(insn, next_insn, &state->cfi, op)) 3034 return 1; 3035 3036 if (!insn->alt_group) 3037 continue; 3038 3039 if (op->dest.type == OP_DEST_PUSHF) { 3040 if (!state->uaccess_stack) { 3041 state->uaccess_stack = 1; 3042 } else if (state->uaccess_stack >> 31) { 3043 WARN_FUNC("PUSHF stack exhausted", 3044 insn->sec, insn->offset); 3045 return 1; 3046 } 3047 state->uaccess_stack <<= 1; 3048 state->uaccess_stack |= state->uaccess; 3049 } 3050 3051 if (op->src.type == OP_SRC_POPF) { 3052 if (state->uaccess_stack) { 3053 state->uaccess = state->uaccess_stack & 1; 3054 state->uaccess_stack >>= 1; 3055 if (state->uaccess_stack == 1) 3056 state->uaccess_stack = 0; 3057 } 3058 } 3059 } 3060 3061 return 0; 3062 } 3063 3064 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3065 { 3066 struct cfi_state *cfi1 = insn->cfi; 3067 int i; 3068 3069 if (!cfi1) { 3070 WARN("CFI missing"); 3071 return false; 3072 } 3073 3074 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3075 3076 WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3077 insn->sec, insn->offset, 3078 cfi1->cfa.base, cfi1->cfa.offset, 3079 cfi2->cfa.base, cfi2->cfa.offset); 3080 3081 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3082 for (i = 0; i < CFI_NUM_REGS; i++) { 3083 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], 3084 sizeof(struct cfi_reg))) 3085 continue; 3086 3087 WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3088 insn->sec, insn->offset, 3089 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3090 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3091 break; 3092 } 3093 3094 } else if (cfi1->type != cfi2->type) { 3095 3096 WARN_FUNC("stack state mismatch: type1=%d type2=%d", 3097 insn->sec, insn->offset, cfi1->type, cfi2->type); 3098 3099 } else if (cfi1->drap != cfi2->drap || 3100 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3101 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3102 3103 WARN_FUNC("stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3104 insn->sec, insn->offset, 3105 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3106 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3107 3108 } else 3109 return true; 3110 3111 return false; 3112 } 3113 3114 static inline bool func_uaccess_safe(struct symbol *func) 3115 { 3116 if (func) 3117 return func->uaccess_safe; 3118 3119 return false; 3120 } 3121 3122 static inline const char *call_dest_name(struct instruction *insn) 3123 { 3124 static char pvname[19]; 3125 struct reloc *rel; 3126 int idx; 3127 3128 if (insn->call_dest) 3129 return insn->call_dest->name; 3130 3131 rel = insn_reloc(NULL, insn); 3132 if (rel && !strcmp(rel->sym->name, "pv_ops")) { 3133 idx = (rel->addend / sizeof(void *)); 3134 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3135 return pvname; 3136 } 3137 3138 return "{dynamic}"; 3139 } 3140 3141 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3142 { 3143 struct symbol *target; 3144 struct reloc *rel; 3145 int idx; 3146 3147 rel = insn_reloc(file, insn); 3148 if (!rel || strcmp(rel->sym->name, "pv_ops")) 3149 return false; 3150 3151 idx = (arch_dest_reloc_offset(rel->addend) / sizeof(void *)); 3152 3153 if (file->pv_ops[idx].clean) 3154 return true; 3155 3156 file->pv_ops[idx].clean = true; 3157 3158 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3159 if (!target->sec->noinstr) { 3160 WARN("pv_ops[%d]: %s", idx, target->name); 3161 file->pv_ops[idx].clean = false; 3162 } 3163 } 3164 3165 return file->pv_ops[idx].clean; 3166 } 3167 3168 static inline bool noinstr_call_dest(struct objtool_file *file, 3169 struct instruction *insn, 3170 struct symbol *func) 3171 { 3172 /* 3173 * We can't deal with indirect function calls at present; 3174 * assume they're instrumented. 3175 */ 3176 if (!func) { 3177 if (file->pv_ops) 3178 return pv_call_dest(file, insn); 3179 3180 return false; 3181 } 3182 3183 /* 3184 * If the symbol is from a noinstr section; we good. 3185 */ 3186 if (func->sec->noinstr) 3187 return true; 3188 3189 /* 3190 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3191 * something 'BAD' happened. At the risk of taking the machine down, 3192 * let them proceed to get the message out. 3193 */ 3194 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3195 return true; 3196 3197 return false; 3198 } 3199 3200 static int validate_call(struct objtool_file *file, 3201 struct instruction *insn, 3202 struct insn_state *state) 3203 { 3204 if (state->noinstr && state->instr <= 0 && 3205 !noinstr_call_dest(file, insn, insn->call_dest)) { 3206 WARN_FUNC("call to %s() leaves .noinstr.text section", 3207 insn->sec, insn->offset, call_dest_name(insn)); 3208 return 1; 3209 } 3210 3211 if (state->uaccess && !func_uaccess_safe(insn->call_dest)) { 3212 WARN_FUNC("call to %s() with UACCESS enabled", 3213 insn->sec, insn->offset, call_dest_name(insn)); 3214 return 1; 3215 } 3216 3217 if (state->df) { 3218 WARN_FUNC("call to %s() with DF set", 3219 insn->sec, insn->offset, call_dest_name(insn)); 3220 return 1; 3221 } 3222 3223 return 0; 3224 } 3225 3226 static int validate_sibling_call(struct objtool_file *file, 3227 struct instruction *insn, 3228 struct insn_state *state) 3229 { 3230 if (has_modified_stack_frame(insn, state)) { 3231 WARN_FUNC("sibling call from callable instruction with modified stack frame", 3232 insn->sec, insn->offset); 3233 return 1; 3234 } 3235 3236 return validate_call(file, insn, state); 3237 } 3238 3239 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3240 { 3241 if (state->noinstr && state->instr > 0) { 3242 WARN_FUNC("return with instrumentation enabled", 3243 insn->sec, insn->offset); 3244 return 1; 3245 } 3246 3247 if (state->uaccess && !func_uaccess_safe(func)) { 3248 WARN_FUNC("return with UACCESS enabled", 3249 insn->sec, insn->offset); 3250 return 1; 3251 } 3252 3253 if (!state->uaccess && func_uaccess_safe(func)) { 3254 WARN_FUNC("return with UACCESS disabled from a UACCESS-safe function", 3255 insn->sec, insn->offset); 3256 return 1; 3257 } 3258 3259 if (state->df) { 3260 WARN_FUNC("return with DF set", 3261 insn->sec, insn->offset); 3262 return 1; 3263 } 3264 3265 if (func && has_modified_stack_frame(insn, state)) { 3266 WARN_FUNC("return with modified stack frame", 3267 insn->sec, insn->offset); 3268 return 1; 3269 } 3270 3271 if (state->cfi.bp_scratch) { 3272 WARN_FUNC("BP used as a scratch register", 3273 insn->sec, insn->offset); 3274 return 1; 3275 } 3276 3277 return 0; 3278 } 3279 3280 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3281 struct instruction *insn) 3282 { 3283 struct alt_group *alt_group = insn->alt_group; 3284 3285 /* 3286 * Simulate the fact that alternatives are patched in-place. When the 3287 * end of a replacement alt_group is reached, redirect objtool flow to 3288 * the end of the original alt_group. 3289 */ 3290 if (alt_group && insn == alt_group->last_insn && alt_group->orig_group) 3291 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3292 3293 return next_insn_same_sec(file, insn); 3294 } 3295 3296 /* 3297 * Follow the branch starting at the given instruction, and recursively follow 3298 * any other branches (jumps). Meanwhile, track the frame pointer state at 3299 * each instruction and validate all the rules described in 3300 * tools/objtool/Documentation/objtool.txt. 3301 */ 3302 static int validate_branch(struct objtool_file *file, struct symbol *func, 3303 struct instruction *insn, struct insn_state state) 3304 { 3305 struct alternative *alt; 3306 struct instruction *next_insn, *prev_insn = NULL; 3307 struct section *sec; 3308 u8 visited; 3309 int ret; 3310 3311 sec = insn->sec; 3312 3313 while (1) { 3314 next_insn = next_insn_to_validate(file, insn); 3315 3316 if (func && insn->func && func != insn->func->pfunc) { 3317 WARN("%s() falls through to next function %s()", 3318 func->name, insn->func->name); 3319 return 1; 3320 } 3321 3322 if (func && insn->ignore) { 3323 WARN_FUNC("BUG: why am I validating an ignored function?", 3324 sec, insn->offset); 3325 return 1; 3326 } 3327 3328 visited = VISITED_BRANCH << state.uaccess; 3329 if (insn->visited & VISITED_BRANCH_MASK) { 3330 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3331 return 1; 3332 3333 if (insn->visited & visited) 3334 return 0; 3335 } else { 3336 nr_insns_visited++; 3337 } 3338 3339 if (state.noinstr) 3340 state.instr += insn->instr; 3341 3342 if (insn->hint) { 3343 if (insn->restore) { 3344 struct instruction *save_insn, *i; 3345 3346 i = insn; 3347 save_insn = NULL; 3348 3349 sym_for_each_insn_continue_reverse(file, func, i) { 3350 if (i->save) { 3351 save_insn = i; 3352 break; 3353 } 3354 } 3355 3356 if (!save_insn) { 3357 WARN_FUNC("no corresponding CFI save for CFI restore", 3358 sec, insn->offset); 3359 return 1; 3360 } 3361 3362 if (!save_insn->visited) { 3363 WARN_FUNC("objtool isn't smart enough to handle this CFI save/restore combo", 3364 sec, insn->offset); 3365 return 1; 3366 } 3367 3368 insn->cfi = save_insn->cfi; 3369 nr_cfi_reused++; 3370 } 3371 3372 state.cfi = *insn->cfi; 3373 } else { 3374 /* XXX track if we actually changed state.cfi */ 3375 3376 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3377 insn->cfi = prev_insn->cfi; 3378 nr_cfi_reused++; 3379 } else { 3380 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3381 } 3382 } 3383 3384 insn->visited |= visited; 3385 3386 if (propagate_alt_cfi(file, insn)) 3387 return 1; 3388 3389 if (!insn->ignore_alts && !list_empty(&insn->alts)) { 3390 bool skip_orig = false; 3391 3392 list_for_each_entry(alt, &insn->alts, list) { 3393 if (alt->skip_orig) 3394 skip_orig = true; 3395 3396 ret = validate_branch(file, func, alt->insn, state); 3397 if (ret) { 3398 if (opts.backtrace) 3399 BT_FUNC("(alt)", insn); 3400 return ret; 3401 } 3402 } 3403 3404 if (skip_orig) 3405 return 0; 3406 } 3407 3408 if (handle_insn_ops(insn, next_insn, &state)) 3409 return 1; 3410 3411 switch (insn->type) { 3412 3413 case INSN_RETURN: 3414 return validate_return(func, insn, &state); 3415 3416 case INSN_CALL: 3417 case INSN_CALL_DYNAMIC: 3418 ret = validate_call(file, insn, &state); 3419 if (ret) 3420 return ret; 3421 3422 if (opts.stackval && func && !is_fentry_call(insn) && 3423 !has_valid_stack_frame(&state)) { 3424 WARN_FUNC("call without frame pointer save/setup", 3425 sec, insn->offset); 3426 return 1; 3427 } 3428 3429 if (insn->dead_end) 3430 return 0; 3431 3432 break; 3433 3434 case INSN_JUMP_CONDITIONAL: 3435 case INSN_JUMP_UNCONDITIONAL: 3436 if (is_sibling_call(insn)) { 3437 ret = validate_sibling_call(file, insn, &state); 3438 if (ret) 3439 return ret; 3440 3441 } else if (insn->jump_dest) { 3442 ret = validate_branch(file, func, 3443 insn->jump_dest, state); 3444 if (ret) { 3445 if (opts.backtrace) 3446 BT_FUNC("(branch)", insn); 3447 return ret; 3448 } 3449 } 3450 3451 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3452 return 0; 3453 3454 break; 3455 3456 case INSN_JUMP_DYNAMIC: 3457 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3458 if (is_sibling_call(insn)) { 3459 ret = validate_sibling_call(file, insn, &state); 3460 if (ret) 3461 return ret; 3462 } 3463 3464 if (insn->type == INSN_JUMP_DYNAMIC) 3465 return 0; 3466 3467 break; 3468 3469 case INSN_CONTEXT_SWITCH: 3470 if (func && (!next_insn || !next_insn->hint)) { 3471 WARN_FUNC("unsupported instruction in callable function", 3472 sec, insn->offset); 3473 return 1; 3474 } 3475 return 0; 3476 3477 case INSN_STAC: 3478 if (state.uaccess) { 3479 WARN_FUNC("recursive UACCESS enable", sec, insn->offset); 3480 return 1; 3481 } 3482 3483 state.uaccess = true; 3484 break; 3485 3486 case INSN_CLAC: 3487 if (!state.uaccess && func) { 3488 WARN_FUNC("redundant UACCESS disable", sec, insn->offset); 3489 return 1; 3490 } 3491 3492 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3493 WARN_FUNC("UACCESS-safe disables UACCESS", sec, insn->offset); 3494 return 1; 3495 } 3496 3497 state.uaccess = false; 3498 break; 3499 3500 case INSN_STD: 3501 if (state.df) { 3502 WARN_FUNC("recursive STD", sec, insn->offset); 3503 return 1; 3504 } 3505 3506 state.df = true; 3507 break; 3508 3509 case INSN_CLD: 3510 if (!state.df && func) { 3511 WARN_FUNC("redundant CLD", sec, insn->offset); 3512 return 1; 3513 } 3514 3515 state.df = false; 3516 break; 3517 3518 default: 3519 break; 3520 } 3521 3522 if (insn->dead_end) 3523 return 0; 3524 3525 if (!next_insn) { 3526 if (state.cfi.cfa.base == CFI_UNDEFINED) 3527 return 0; 3528 WARN("%s: unexpected end of section", sec->name); 3529 return 1; 3530 } 3531 3532 prev_insn = insn; 3533 insn = next_insn; 3534 } 3535 3536 return 0; 3537 } 3538 3539 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3540 { 3541 struct instruction *insn; 3542 struct insn_state state; 3543 int ret, warnings = 0; 3544 3545 if (!file->hints) 3546 return 0; 3547 3548 init_insn_state(file, &state, sec); 3549 3550 if (sec) { 3551 insn = find_insn(file, sec, 0); 3552 if (!insn) 3553 return 0; 3554 } else { 3555 insn = list_first_entry(&file->insn_list, typeof(*insn), list); 3556 } 3557 3558 while (&insn->list != &file->insn_list && (!sec || insn->sec == sec)) { 3559 if (insn->hint && !insn->visited && !insn->ignore) { 3560 ret = validate_branch(file, insn->func, insn, state); 3561 if (ret && opts.backtrace) 3562 BT_FUNC("<=== (hint)", insn); 3563 warnings += ret; 3564 } 3565 3566 insn = list_next_entry(insn, list); 3567 } 3568 3569 return warnings; 3570 } 3571 3572 /* 3573 * Validate rethunk entry constraint: must untrain RET before the first RET. 3574 * 3575 * Follow every branch (intra-function) and ensure ANNOTATE_UNRET_END comes 3576 * before an actual RET instruction. 3577 */ 3578 static int validate_entry(struct objtool_file *file, struct instruction *insn) 3579 { 3580 struct instruction *next, *dest; 3581 int ret, warnings = 0; 3582 3583 for (;;) { 3584 next = next_insn_to_validate(file, insn); 3585 3586 if (insn->visited & VISITED_ENTRY) 3587 return 0; 3588 3589 insn->visited |= VISITED_ENTRY; 3590 3591 if (!insn->ignore_alts && !list_empty(&insn->alts)) { 3592 struct alternative *alt; 3593 bool skip_orig = false; 3594 3595 list_for_each_entry(alt, &insn->alts, list) { 3596 if (alt->skip_orig) 3597 skip_orig = true; 3598 3599 ret = validate_entry(file, alt->insn); 3600 if (ret) { 3601 if (opts.backtrace) 3602 BT_FUNC("(alt)", insn); 3603 return ret; 3604 } 3605 } 3606 3607 if (skip_orig) 3608 return 0; 3609 } 3610 3611 switch (insn->type) { 3612 3613 case INSN_CALL_DYNAMIC: 3614 case INSN_JUMP_DYNAMIC: 3615 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3616 WARN_FUNC("early indirect call", insn->sec, insn->offset); 3617 return 1; 3618 3619 case INSN_JUMP_UNCONDITIONAL: 3620 case INSN_JUMP_CONDITIONAL: 3621 if (!is_sibling_call(insn)) { 3622 if (!insn->jump_dest) { 3623 WARN_FUNC("unresolved jump target after linking?!?", 3624 insn->sec, insn->offset); 3625 return -1; 3626 } 3627 ret = validate_entry(file, insn->jump_dest); 3628 if (ret) { 3629 if (opts.backtrace) { 3630 BT_FUNC("(branch%s)", insn, 3631 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3632 } 3633 return ret; 3634 } 3635 3636 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3637 return 0; 3638 3639 break; 3640 } 3641 3642 /* fallthrough */ 3643 case INSN_CALL: 3644 dest = find_insn(file, insn->call_dest->sec, 3645 insn->call_dest->offset); 3646 if (!dest) { 3647 WARN("Unresolved function after linking!?: %s", 3648 insn->call_dest->name); 3649 return -1; 3650 } 3651 3652 ret = validate_entry(file, dest); 3653 if (ret) { 3654 if (opts.backtrace) 3655 BT_FUNC("(call)", insn); 3656 return ret; 3657 } 3658 /* 3659 * If a call returns without error, it must have seen UNTRAIN_RET. 3660 * Therefore any non-error return is a success. 3661 */ 3662 return 0; 3663 3664 case INSN_RETURN: 3665 WARN_FUNC("RET before UNTRAIN", insn->sec, insn->offset); 3666 return 1; 3667 3668 case INSN_NOP: 3669 if (insn->retpoline_safe) 3670 return 0; 3671 break; 3672 3673 default: 3674 break; 3675 } 3676 3677 if (!next) { 3678 WARN_FUNC("teh end!", insn->sec, insn->offset); 3679 return -1; 3680 } 3681 insn = next; 3682 } 3683 3684 return warnings; 3685 } 3686 3687 /* 3688 * Validate that all branches starting at 'insn->entry' encounter UNRET_END 3689 * before RET. 3690 */ 3691 static int validate_unret(struct objtool_file *file) 3692 { 3693 struct instruction *insn; 3694 int ret, warnings = 0; 3695 3696 for_each_insn(file, insn) { 3697 if (!insn->entry) 3698 continue; 3699 3700 ret = validate_entry(file, insn); 3701 if (ret < 0) { 3702 WARN_FUNC("Failed UNRET validation", insn->sec, insn->offset); 3703 return ret; 3704 } 3705 warnings += ret; 3706 } 3707 3708 return warnings; 3709 } 3710 3711 static int validate_retpoline(struct objtool_file *file) 3712 { 3713 struct instruction *insn; 3714 int warnings = 0; 3715 3716 for_each_insn(file, insn) { 3717 if (insn->type != INSN_JUMP_DYNAMIC && 3718 insn->type != INSN_CALL_DYNAMIC && 3719 insn->type != INSN_RETURN) 3720 continue; 3721 3722 if (insn->retpoline_safe) 3723 continue; 3724 3725 /* 3726 * .init.text code is ran before userspace and thus doesn't 3727 * strictly need retpolines, except for modules which are 3728 * loaded late, they very much do need retpoline in their 3729 * .init.text 3730 */ 3731 if (!strcmp(insn->sec->name, ".init.text") && !opts.module) 3732 continue; 3733 3734 if (insn->type == INSN_RETURN) { 3735 if (opts.rethunk) { 3736 WARN_FUNC("'naked' return found in RETHUNK build", 3737 insn->sec, insn->offset); 3738 } else 3739 continue; 3740 } else { 3741 WARN_FUNC("indirect %s found in RETPOLINE build", 3742 insn->sec, insn->offset, 3743 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3744 } 3745 3746 warnings++; 3747 } 3748 3749 return warnings; 3750 } 3751 3752 static bool is_kasan_insn(struct instruction *insn) 3753 { 3754 return (insn->type == INSN_CALL && 3755 !strcmp(insn->call_dest->name, "__asan_handle_no_return")); 3756 } 3757 3758 static bool is_ubsan_insn(struct instruction *insn) 3759 { 3760 return (insn->type == INSN_CALL && 3761 !strcmp(insn->call_dest->name, 3762 "__ubsan_handle_builtin_unreachable")); 3763 } 3764 3765 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 3766 { 3767 int i; 3768 struct instruction *prev_insn; 3769 3770 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) 3771 return true; 3772 3773 /* 3774 * Ignore alternative replacement instructions. This can happen 3775 * when a whitelisted function uses one of the ALTERNATIVE macros. 3776 */ 3777 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 3778 !strcmp(insn->sec->name, ".altinstr_aux")) 3779 return true; 3780 3781 /* 3782 * Whole archive runs might encounter dead code from weak symbols. 3783 * This is where the linker will have dropped the weak symbol in 3784 * favour of a regular symbol, but leaves the code in place. 3785 * 3786 * In this case we'll find a piece of code (whole function) that is not 3787 * covered by a !section symbol. Ignore them. 3788 */ 3789 if (opts.link && !insn->func) { 3790 int size = find_symbol_hole_containing(insn->sec, insn->offset); 3791 unsigned long end = insn->offset + size; 3792 3793 if (!size) /* not a hole */ 3794 return false; 3795 3796 if (size < 0) /* hole until the end */ 3797 return true; 3798 3799 sec_for_each_insn_continue(file, insn) { 3800 /* 3801 * If we reach a visited instruction at or before the 3802 * end of the hole, ignore the unreachable. 3803 */ 3804 if (insn->visited) 3805 return true; 3806 3807 if (insn->offset >= end) 3808 break; 3809 3810 /* 3811 * If this hole jumps to a .cold function, mark it ignore too. 3812 */ 3813 if (insn->jump_dest && insn->jump_dest->func && 3814 strstr(insn->jump_dest->func->name, ".cold")) { 3815 struct instruction *dest = insn->jump_dest; 3816 func_for_each_insn(file, dest->func, dest) 3817 dest->ignore = true; 3818 } 3819 } 3820 3821 return false; 3822 } 3823 3824 if (!insn->func) 3825 return false; 3826 3827 if (insn->func->static_call_tramp) 3828 return true; 3829 3830 /* 3831 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 3832 * __builtin_unreachable(). The BUG() macro has an unreachable() after 3833 * the UD2, which causes GCC's undefined trap logic to emit another UD2 3834 * (or occasionally a JMP to UD2). 3835 * 3836 * It may also insert a UD2 after calling a __noreturn function. 3837 */ 3838 prev_insn = list_prev_entry(insn, list); 3839 if ((prev_insn->dead_end || dead_end_function(file, prev_insn->call_dest)) && 3840 (insn->type == INSN_BUG || 3841 (insn->type == INSN_JUMP_UNCONDITIONAL && 3842 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 3843 return true; 3844 3845 /* 3846 * Check if this (or a subsequent) instruction is related to 3847 * CONFIG_UBSAN or CONFIG_KASAN. 3848 * 3849 * End the search at 5 instructions to avoid going into the weeds. 3850 */ 3851 for (i = 0; i < 5; i++) { 3852 3853 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 3854 return true; 3855 3856 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 3857 if (insn->jump_dest && 3858 insn->jump_dest->func == insn->func) { 3859 insn = insn->jump_dest; 3860 continue; 3861 } 3862 3863 break; 3864 } 3865 3866 if (insn->offset + insn->len >= insn->func->offset + insn->func->len) 3867 break; 3868 3869 insn = list_next_entry(insn, list); 3870 } 3871 3872 return false; 3873 } 3874 3875 static int validate_symbol(struct objtool_file *file, struct section *sec, 3876 struct symbol *sym, struct insn_state *state) 3877 { 3878 struct instruction *insn; 3879 int ret; 3880 3881 if (!sym->len) { 3882 WARN("%s() is missing an ELF size annotation", sym->name); 3883 return 1; 3884 } 3885 3886 if (sym->pfunc != sym || sym->alias != sym) 3887 return 0; 3888 3889 insn = find_insn(file, sec, sym->offset); 3890 if (!insn || insn->ignore || insn->visited) 3891 return 0; 3892 3893 state->uaccess = sym->uaccess_safe; 3894 3895 ret = validate_branch(file, insn->func, insn, *state); 3896 if (ret && opts.backtrace) 3897 BT_FUNC("<=== (sym)", insn); 3898 return ret; 3899 } 3900 3901 static int validate_section(struct objtool_file *file, struct section *sec) 3902 { 3903 struct insn_state state; 3904 struct symbol *func; 3905 int warnings = 0; 3906 3907 list_for_each_entry(func, &sec->symbol_list, list) { 3908 if (func->type != STT_FUNC) 3909 continue; 3910 3911 init_insn_state(file, &state, sec); 3912 set_func_state(&state.cfi); 3913 3914 warnings += validate_symbol(file, sec, func, &state); 3915 } 3916 3917 return warnings; 3918 } 3919 3920 static int validate_noinstr_sections(struct objtool_file *file) 3921 { 3922 struct section *sec; 3923 int warnings = 0; 3924 3925 sec = find_section_by_name(file->elf, ".noinstr.text"); 3926 if (sec) { 3927 warnings += validate_section(file, sec); 3928 warnings += validate_unwind_hints(file, sec); 3929 } 3930 3931 sec = find_section_by_name(file->elf, ".entry.text"); 3932 if (sec) { 3933 warnings += validate_section(file, sec); 3934 warnings += validate_unwind_hints(file, sec); 3935 } 3936 3937 return warnings; 3938 } 3939 3940 static int validate_functions(struct objtool_file *file) 3941 { 3942 struct section *sec; 3943 int warnings = 0; 3944 3945 for_each_sec(file, sec) { 3946 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 3947 continue; 3948 3949 warnings += validate_section(file, sec); 3950 } 3951 3952 return warnings; 3953 } 3954 3955 static void mark_endbr_used(struct instruction *insn) 3956 { 3957 if (!list_empty(&insn->call_node)) 3958 list_del_init(&insn->call_node); 3959 } 3960 3961 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 3962 { 3963 struct instruction *dest; 3964 struct reloc *reloc; 3965 unsigned long off; 3966 int warnings = 0; 3967 3968 /* 3969 * Looking for function pointer load relocations. Ignore 3970 * direct/indirect branches: 3971 */ 3972 switch (insn->type) { 3973 case INSN_CALL: 3974 case INSN_CALL_DYNAMIC: 3975 case INSN_JUMP_CONDITIONAL: 3976 case INSN_JUMP_UNCONDITIONAL: 3977 case INSN_JUMP_DYNAMIC: 3978 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3979 case INSN_RETURN: 3980 case INSN_NOP: 3981 return 0; 3982 default: 3983 break; 3984 } 3985 3986 for (reloc = insn_reloc(file, insn); 3987 reloc; 3988 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 3989 reloc->offset + 1, 3990 (insn->offset + insn->len) - (reloc->offset + 1))) { 3991 3992 /* 3993 * static_call_update() references the trampoline, which 3994 * doesn't have (or need) ENDBR. Skip warning in that case. 3995 */ 3996 if (reloc->sym->static_call_tramp) 3997 continue; 3998 3999 off = reloc->sym->offset; 4000 if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32) 4001 off += arch_dest_reloc_offset(reloc->addend); 4002 else 4003 off += reloc->addend; 4004 4005 dest = find_insn(file, reloc->sym->sec, off); 4006 if (!dest) 4007 continue; 4008 4009 if (dest->type == INSN_ENDBR) { 4010 mark_endbr_used(dest); 4011 continue; 4012 } 4013 4014 if (dest->func && dest->func == insn->func) { 4015 /* 4016 * Anything from->to self is either _THIS_IP_ or 4017 * IRET-to-self. 4018 * 4019 * There is no sane way to annotate _THIS_IP_ since the 4020 * compiler treats the relocation as a constant and is 4021 * happy to fold in offsets, skewing any annotation we 4022 * do, leading to vast amounts of false-positives. 4023 * 4024 * There's also compiler generated _THIS_IP_ through 4025 * KCOV and such which we have no hope of annotating. 4026 * 4027 * As such, blanket accept self-references without 4028 * issue. 4029 */ 4030 continue; 4031 } 4032 4033 if (dest->noendbr) 4034 continue; 4035 4036 WARN_FUNC("relocation to !ENDBR: %s", 4037 insn->sec, insn->offset, 4038 offstr(dest->sec, dest->offset)); 4039 4040 warnings++; 4041 } 4042 4043 return warnings; 4044 } 4045 4046 static int validate_ibt_data_reloc(struct objtool_file *file, 4047 struct reloc *reloc) 4048 { 4049 struct instruction *dest; 4050 4051 dest = find_insn(file, reloc->sym->sec, 4052 reloc->sym->offset + reloc->addend); 4053 if (!dest) 4054 return 0; 4055 4056 if (dest->type == INSN_ENDBR) { 4057 mark_endbr_used(dest); 4058 return 0; 4059 } 4060 4061 if (dest->noendbr) 4062 return 0; 4063 4064 WARN_FUNC("data relocation to !ENDBR: %s", 4065 reloc->sec->base, reloc->offset, 4066 offstr(dest->sec, dest->offset)); 4067 4068 return 1; 4069 } 4070 4071 /* 4072 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4073 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4074 * NOPs) later, in create_ibt_endbr_seal_sections(). 4075 */ 4076 static int validate_ibt(struct objtool_file *file) 4077 { 4078 struct section *sec; 4079 struct reloc *reloc; 4080 struct instruction *insn; 4081 int warnings = 0; 4082 4083 for_each_insn(file, insn) 4084 warnings += validate_ibt_insn(file, insn); 4085 4086 for_each_sec(file, sec) { 4087 4088 /* Already done by validate_ibt_insn() */ 4089 if (sec->sh.sh_flags & SHF_EXECINSTR) 4090 continue; 4091 4092 if (!sec->reloc) 4093 continue; 4094 4095 /* 4096 * These sections can reference text addresses, but not with 4097 * the intent to indirect branch to them. 4098 */ 4099 if ((!strncmp(sec->name, ".discard", 8) && 4100 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4101 !strncmp(sec->name, ".debug", 6) || 4102 !strcmp(sec->name, ".altinstructions") || 4103 !strcmp(sec->name, ".ibt_endbr_seal") || 4104 !strcmp(sec->name, ".orc_unwind_ip") || 4105 !strcmp(sec->name, ".parainstructions") || 4106 !strcmp(sec->name, ".retpoline_sites") || 4107 !strcmp(sec->name, ".smp_locks") || 4108 !strcmp(sec->name, ".static_call_sites") || 4109 !strcmp(sec->name, "_error_injection_whitelist") || 4110 !strcmp(sec->name, "_kprobe_blacklist") || 4111 !strcmp(sec->name, "__bug_table") || 4112 !strcmp(sec->name, "__ex_table") || 4113 !strcmp(sec->name, "__jump_table") || 4114 !strcmp(sec->name, "__mcount_loc")) 4115 continue; 4116 4117 list_for_each_entry(reloc, &sec->reloc->reloc_list, list) 4118 warnings += validate_ibt_data_reloc(file, reloc); 4119 } 4120 4121 return warnings; 4122 } 4123 4124 static int validate_sls(struct objtool_file *file) 4125 { 4126 struct instruction *insn, *next_insn; 4127 int warnings = 0; 4128 4129 for_each_insn(file, insn) { 4130 next_insn = next_insn_same_sec(file, insn); 4131 4132 if (insn->retpoline_safe) 4133 continue; 4134 4135 switch (insn->type) { 4136 case INSN_RETURN: 4137 if (!next_insn || next_insn->type != INSN_TRAP) { 4138 WARN_FUNC("missing int3 after ret", 4139 insn->sec, insn->offset); 4140 warnings++; 4141 } 4142 4143 break; 4144 case INSN_JUMP_DYNAMIC: 4145 if (!next_insn || next_insn->type != INSN_TRAP) { 4146 WARN_FUNC("missing int3 after indirect jump", 4147 insn->sec, insn->offset); 4148 warnings++; 4149 } 4150 break; 4151 default: 4152 break; 4153 } 4154 } 4155 4156 return warnings; 4157 } 4158 4159 static int validate_reachable_instructions(struct objtool_file *file) 4160 { 4161 struct instruction *insn; 4162 4163 if (file->ignore_unreachables) 4164 return 0; 4165 4166 for_each_insn(file, insn) { 4167 if (insn->visited || ignore_unreachable_insn(file, insn)) 4168 continue; 4169 4170 WARN_FUNC("unreachable instruction", insn->sec, insn->offset); 4171 return 1; 4172 } 4173 4174 return 0; 4175 } 4176 4177 int check(struct objtool_file *file) 4178 { 4179 int ret, warnings = 0; 4180 4181 arch_initial_func_cfi_state(&initial_func_cfi); 4182 init_cfi_state(&init_cfi); 4183 init_cfi_state(&func_cfi); 4184 set_func_state(&func_cfi); 4185 4186 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) 4187 goto out; 4188 4189 cfi_hash_add(&init_cfi); 4190 cfi_hash_add(&func_cfi); 4191 4192 ret = decode_sections(file); 4193 if (ret < 0) 4194 goto out; 4195 4196 warnings += ret; 4197 4198 if (list_empty(&file->insn_list)) 4199 goto out; 4200 4201 if (opts.retpoline) { 4202 ret = validate_retpoline(file); 4203 if (ret < 0) 4204 return ret; 4205 warnings += ret; 4206 } 4207 4208 if (opts.stackval || opts.orc || opts.uaccess) { 4209 ret = validate_functions(file); 4210 if (ret < 0) 4211 goto out; 4212 warnings += ret; 4213 4214 ret = validate_unwind_hints(file, NULL); 4215 if (ret < 0) 4216 goto out; 4217 warnings += ret; 4218 4219 if (!warnings) { 4220 ret = validate_reachable_instructions(file); 4221 if (ret < 0) 4222 goto out; 4223 warnings += ret; 4224 } 4225 4226 } else if (opts.noinstr) { 4227 ret = validate_noinstr_sections(file); 4228 if (ret < 0) 4229 goto out; 4230 warnings += ret; 4231 } 4232 4233 if (opts.unret) { 4234 /* 4235 * Must be after validate_branch() and friends, it plays 4236 * further games with insn->visited. 4237 */ 4238 ret = validate_unret(file); 4239 if (ret < 0) 4240 return ret; 4241 warnings += ret; 4242 } 4243 4244 if (opts.ibt) { 4245 ret = validate_ibt(file); 4246 if (ret < 0) 4247 goto out; 4248 warnings += ret; 4249 } 4250 4251 if (opts.sls) { 4252 ret = validate_sls(file); 4253 if (ret < 0) 4254 goto out; 4255 warnings += ret; 4256 } 4257 4258 if (opts.static_call) { 4259 ret = create_static_call_sections(file); 4260 if (ret < 0) 4261 goto out; 4262 warnings += ret; 4263 } 4264 4265 if (opts.retpoline) { 4266 ret = create_retpoline_sites_sections(file); 4267 if (ret < 0) 4268 goto out; 4269 warnings += ret; 4270 } 4271 4272 if (opts.rethunk) { 4273 ret = create_return_sites_sections(file); 4274 if (ret < 0) 4275 goto out; 4276 warnings += ret; 4277 } 4278 4279 if (opts.mcount) { 4280 ret = create_mcount_loc_sections(file); 4281 if (ret < 0) 4282 goto out; 4283 warnings += ret; 4284 } 4285 4286 if (opts.ibt) { 4287 ret = create_ibt_endbr_seal_sections(file); 4288 if (ret < 0) 4289 goto out; 4290 warnings += ret; 4291 } 4292 4293 if (opts.orc && !list_empty(&file->insn_list)) { 4294 ret = orc_create(file); 4295 if (ret < 0) 4296 goto out; 4297 warnings += ret; 4298 } 4299 4300 4301 if (opts.stats) { 4302 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4303 printf("nr_cfi: %ld\n", nr_cfi); 4304 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4305 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4306 } 4307 4308 out: 4309 /* 4310 * For now, don't fail the kernel build on fatal warnings. These 4311 * errors are still fairly common due to the growing matrix of 4312 * supported toolchains and their recent pace of change. 4313 */ 4314 return 0; 4315 } 4316