1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
4 */
5
6 #include <string.h>
7 #include <stdlib.h>
8 #include <inttypes.h>
9 #include <sys/mman.h>
10
11 #include <objtool/builtin.h>
12 #include <objtool/cfi.h>
13 #include <objtool/arch.h>
14 #include <objtool/check.h>
15 #include <objtool/special.h>
16 #include <objtool/warn.h>
17 #include <objtool/endianness.h>
18
19 #include <linux/objtool_types.h>
20 #include <linux/hashtable.h>
21 #include <linux/kernel.h>
22 #include <linux/static_call_types.h>
23 #include <linux/string.h>
24
25 struct alternative {
26 struct alternative *next;
27 struct instruction *insn;
28 };
29
30 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache;
31
32 static struct cfi_init_state initial_func_cfi;
33 static struct cfi_state init_cfi;
34 static struct cfi_state func_cfi;
35 static struct cfi_state force_undefined_cfi;
36
find_insn(struct objtool_file * file,struct section * sec,unsigned long offset)37 struct instruction *find_insn(struct objtool_file *file,
38 struct section *sec, unsigned long offset)
39 {
40 struct instruction *insn;
41
42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) {
43 if (insn->sec == sec && insn->offset == offset)
44 return insn;
45 }
46
47 return NULL;
48 }
49
next_insn_same_sec(struct objtool_file * file,struct instruction * insn)50 struct instruction *next_insn_same_sec(struct objtool_file *file,
51 struct instruction *insn)
52 {
53 if (insn->idx == INSN_CHUNK_MAX)
54 return find_insn(file, insn->sec, insn->offset + insn->len);
55
56 insn++;
57 if (!insn->len)
58 return NULL;
59
60 return insn;
61 }
62
next_insn_same_func(struct objtool_file * file,struct instruction * insn)63 static struct instruction *next_insn_same_func(struct objtool_file *file,
64 struct instruction *insn)
65 {
66 struct instruction *next = next_insn_same_sec(file, insn);
67 struct symbol *func = insn_func(insn);
68
69 if (!func)
70 return NULL;
71
72 if (next && insn_func(next) == func)
73 return next;
74
75 /* Check if we're already in the subfunction: */
76 if (func == func->cfunc)
77 return NULL;
78
79 /* Move to the subfunction: */
80 return find_insn(file, func->cfunc->sec, func->cfunc->offset);
81 }
82
prev_insn_same_sec(struct objtool_file * file,struct instruction * insn)83 static struct instruction *prev_insn_same_sec(struct objtool_file *file,
84 struct instruction *insn)
85 {
86 if (insn->idx == 0) {
87 if (insn->prev_len)
88 return find_insn(file, insn->sec, insn->offset - insn->prev_len);
89 return NULL;
90 }
91
92 return insn - 1;
93 }
94
prev_insn_same_sym(struct objtool_file * file,struct instruction * insn)95 static struct instruction *prev_insn_same_sym(struct objtool_file *file,
96 struct instruction *insn)
97 {
98 struct instruction *prev = prev_insn_same_sec(file, insn);
99
100 if (prev && insn_func(prev) == insn_func(insn))
101 return prev;
102
103 return NULL;
104 }
105
106 #define for_each_insn(file, insn) \
107 for (struct section *__sec, *__fake = (struct section *)1; \
108 __fake; __fake = NULL) \
109 for_each_sec(file, __sec) \
110 sec_for_each_insn(file, __sec, insn)
111
112 #define func_for_each_insn(file, func, insn) \
113 for (insn = find_insn(file, func->sec, func->offset); \
114 insn; \
115 insn = next_insn_same_func(file, insn))
116
117 #define sym_for_each_insn(file, sym, insn) \
118 for (insn = find_insn(file, sym->sec, sym->offset); \
119 insn && insn->offset < sym->offset + sym->len; \
120 insn = next_insn_same_sec(file, insn))
121
122 #define sym_for_each_insn_continue_reverse(file, sym, insn) \
123 for (insn = prev_insn_same_sec(file, insn); \
124 insn && insn->offset >= sym->offset; \
125 insn = prev_insn_same_sec(file, insn))
126
127 #define sec_for_each_insn_from(file, insn) \
128 for (; insn; insn = next_insn_same_sec(file, insn))
129
130 #define sec_for_each_insn_continue(file, insn) \
131 for (insn = next_insn_same_sec(file, insn); insn; \
132 insn = next_insn_same_sec(file, insn))
133
insn_call_dest(struct instruction * insn)134 static inline struct symbol *insn_call_dest(struct instruction *insn)
135 {
136 if (insn->type == INSN_JUMP_DYNAMIC ||
137 insn->type == INSN_CALL_DYNAMIC)
138 return NULL;
139
140 return insn->_call_dest;
141 }
142
insn_jump_table(struct instruction * insn)143 static inline struct reloc *insn_jump_table(struct instruction *insn)
144 {
145 if (insn->type == INSN_JUMP_DYNAMIC ||
146 insn->type == INSN_CALL_DYNAMIC)
147 return insn->_jump_table;
148
149 return NULL;
150 }
151
insn_jump_table_size(struct instruction * insn)152 static inline unsigned long insn_jump_table_size(struct instruction *insn)
153 {
154 if (insn->type == INSN_JUMP_DYNAMIC ||
155 insn->type == INSN_CALL_DYNAMIC)
156 return insn->_jump_table_size;
157
158 return 0;
159 }
160
is_jump_table_jump(struct instruction * insn)161 static bool is_jump_table_jump(struct instruction *insn)
162 {
163 struct alt_group *alt_group = insn->alt_group;
164
165 if (insn_jump_table(insn))
166 return true;
167
168 /* Retpoline alternative for a jump table? */
169 return alt_group && alt_group->orig_group &&
170 insn_jump_table(alt_group->orig_group->first_insn);
171 }
172
is_sibling_call(struct instruction * insn)173 static bool is_sibling_call(struct instruction *insn)
174 {
175 /*
176 * Assume only STT_FUNC calls have jump-tables.
177 */
178 if (insn_func(insn)) {
179 /* An indirect jump is either a sibling call or a jump to a table. */
180 if (insn->type == INSN_JUMP_DYNAMIC)
181 return !is_jump_table_jump(insn);
182 }
183
184 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */
185 return (is_static_jump(insn) && insn_call_dest(insn));
186 }
187
188 /*
189 * Checks if a string ends with another.
190 */
str_ends_with(const char * s,const char * sub)191 static bool str_ends_with(const char *s, const char *sub)
192 {
193 const int slen = strlen(s);
194 const int sublen = strlen(sub);
195
196 if (sublen > slen)
197 return 0;
198
199 return !memcmp(s + slen - sublen, sub, sublen);
200 }
201
202 /*
203 * Checks if a function is a Rust "noreturn" one.
204 */
is_rust_noreturn(const struct symbol * func)205 static bool is_rust_noreturn(const struct symbol *func)
206 {
207 /*
208 * If it does not start with "_R", then it is not a Rust symbol.
209 */
210 if (strncmp(func->name, "_R", 2))
211 return false;
212
213 /*
214 * These are just heuristics -- we do not control the precise symbol
215 * name, due to the crate disambiguators (which depend on the compiler)
216 * as well as changes to the source code itself between versions (since
217 * these come from the Rust standard library).
218 */
219 return str_ends_with(func->name, "_4core5sliceSp15copy_from_slice17len_mismatch_fail") ||
220 str_ends_with(func->name, "_4core6option13unwrap_failed") ||
221 str_ends_with(func->name, "_4core6result13unwrap_failed") ||
222 str_ends_with(func->name, "_4core9panicking5panic") ||
223 str_ends_with(func->name, "_4core9panicking9panic_fmt") ||
224 str_ends_with(func->name, "_4core9panicking14panic_explicit") ||
225 str_ends_with(func->name, "_4core9panicking14panic_nounwind") ||
226 str_ends_with(func->name, "_4core9panicking18panic_bounds_check") ||
227 str_ends_with(func->name, "_4core9panicking19assert_failed_inner") ||
228 str_ends_with(func->name, "_4core9panicking30panic_null_pointer_dereference") ||
229 str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") ||
230 str_ends_with(func->name, "_7___rustc17rust_begin_unwind") ||
231 strstr(func->name, "_4core9panicking13assert_failed") ||
232 strstr(func->name, "_4core9panicking11panic_const24panic_const_") ||
233 (strstr(func->name, "_4core5slice5index24slice_") &&
234 str_ends_with(func->name, "_fail"));
235 }
236
237 /*
238 * This checks to see if the given function is a "noreturn" function.
239 *
240 * For global functions which are outside the scope of this object file, we
241 * have to keep a manual list of them.
242 *
243 * For local functions, we have to detect them manually by simply looking for
244 * the lack of a return instruction.
245 */
__dead_end_function(struct objtool_file * file,struct symbol * func,int recursion)246 static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
247 int recursion)
248 {
249 int i;
250 struct instruction *insn;
251 bool empty = true;
252
253 #define NORETURN(func) __stringify(func),
254 static const char * const global_noreturns[] = {
255 #include "noreturns.h"
256 };
257 #undef NORETURN
258
259 if (!func)
260 return false;
261
262 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) {
263 if (is_rust_noreturn(func))
264 return true;
265
266 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
267 if (!strcmp(func->name, global_noreturns[i]))
268 return true;
269 }
270
271 if (func->bind == STB_WEAK)
272 return false;
273
274 if (!func->len)
275 return false;
276
277 insn = find_insn(file, func->sec, func->offset);
278 if (!insn || !insn_func(insn))
279 return false;
280
281 func_for_each_insn(file, func, insn) {
282 empty = false;
283
284 if (insn->type == INSN_RETURN)
285 return false;
286 }
287
288 if (empty)
289 return false;
290
291 /*
292 * A function can have a sibling call instead of a return. In that
293 * case, the function's dead-end status depends on whether the target
294 * of the sibling call returns.
295 */
296 func_for_each_insn(file, func, insn) {
297 if (is_sibling_call(insn)) {
298 struct instruction *dest = insn->jump_dest;
299
300 if (!dest)
301 /* sibling call to another file */
302 return false;
303
304 /* local sibling call */
305 if (recursion == 5) {
306 /*
307 * Infinite recursion: two functions have
308 * sibling calls to each other. This is a very
309 * rare case. It means they aren't dead ends.
310 */
311 return false;
312 }
313
314 return __dead_end_function(file, insn_func(dest), recursion+1);
315 }
316 }
317
318 return true;
319 }
320
dead_end_function(struct objtool_file * file,struct symbol * func)321 static bool dead_end_function(struct objtool_file *file, struct symbol *func)
322 {
323 return __dead_end_function(file, func, 0);
324 }
325
init_cfi_state(struct cfi_state * cfi)326 static void init_cfi_state(struct cfi_state *cfi)
327 {
328 int i;
329
330 for (i = 0; i < CFI_NUM_REGS; i++) {
331 cfi->regs[i].base = CFI_UNDEFINED;
332 cfi->vals[i].base = CFI_UNDEFINED;
333 }
334 cfi->cfa.base = CFI_UNDEFINED;
335 cfi->drap_reg = CFI_UNDEFINED;
336 cfi->drap_offset = -1;
337 }
338
init_insn_state(struct objtool_file * file,struct insn_state * state,struct section * sec)339 static void init_insn_state(struct objtool_file *file, struct insn_state *state,
340 struct section *sec)
341 {
342 memset(state, 0, sizeof(*state));
343 init_cfi_state(&state->cfi);
344
345 if (opts.noinstr && sec)
346 state->noinstr = sec->noinstr;
347 }
348
cfi_alloc(void)349 static struct cfi_state *cfi_alloc(void)
350 {
351 struct cfi_state *cfi = calloc(1, sizeof(struct cfi_state));
352 if (!cfi) {
353 ERROR_GLIBC("calloc");
354 exit(1);
355 }
356 nr_cfi++;
357 return cfi;
358 }
359
360 static int cfi_bits;
361 static struct hlist_head *cfi_hash;
362
cficmp(struct cfi_state * cfi1,struct cfi_state * cfi2)363 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2)
364 {
365 return memcmp((void *)cfi1 + sizeof(cfi1->hash),
366 (void *)cfi2 + sizeof(cfi2->hash),
367 sizeof(struct cfi_state) - sizeof(struct hlist_node));
368 }
369
cfi_key(struct cfi_state * cfi)370 static inline u32 cfi_key(struct cfi_state *cfi)
371 {
372 return jhash((void *)cfi + sizeof(cfi->hash),
373 sizeof(*cfi) - sizeof(cfi->hash), 0);
374 }
375
cfi_hash_find_or_add(struct cfi_state * cfi)376 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi)
377 {
378 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)];
379 struct cfi_state *obj;
380
381 hlist_for_each_entry(obj, head, hash) {
382 if (!cficmp(cfi, obj)) {
383 nr_cfi_cache++;
384 return obj;
385 }
386 }
387
388 obj = cfi_alloc();
389 *obj = *cfi;
390 hlist_add_head(&obj->hash, head);
391
392 return obj;
393 }
394
cfi_hash_add(struct cfi_state * cfi)395 static void cfi_hash_add(struct cfi_state *cfi)
396 {
397 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)];
398
399 hlist_add_head(&cfi->hash, head);
400 }
401
cfi_hash_alloc(unsigned long size)402 static void *cfi_hash_alloc(unsigned long size)
403 {
404 cfi_bits = max(10, ilog2(size));
405 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits,
406 PROT_READ|PROT_WRITE,
407 MAP_PRIVATE|MAP_ANON, -1, 0);
408 if (cfi_hash == (void *)-1L) {
409 ERROR_GLIBC("mmap fail cfi_hash");
410 cfi_hash = NULL;
411 } else if (opts.stats) {
412 printf("cfi_bits: %d\n", cfi_bits);
413 }
414
415 return cfi_hash;
416 }
417
418 static unsigned long nr_insns;
419 static unsigned long nr_insns_visited;
420
421 /*
422 * Call the arch-specific instruction decoder for all the instructions and add
423 * them to the global instruction list.
424 */
decode_instructions(struct objtool_file * file)425 static int decode_instructions(struct objtool_file *file)
426 {
427 struct section *sec;
428 struct symbol *func;
429 unsigned long offset;
430 struct instruction *insn;
431 int ret;
432
433 for_each_sec(file, sec) {
434 struct instruction *insns = NULL;
435 u8 prev_len = 0;
436 u8 idx = 0;
437
438 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
439 continue;
440
441 if (strcmp(sec->name, ".altinstr_replacement") &&
442 strcmp(sec->name, ".altinstr_aux") &&
443 strncmp(sec->name, ".discard.", 9))
444 sec->text = true;
445
446 if (!strcmp(sec->name, ".noinstr.text") ||
447 !strcmp(sec->name, ".entry.text") ||
448 !strcmp(sec->name, ".cpuidle.text") ||
449 !strncmp(sec->name, ".text..__x86.", 13))
450 sec->noinstr = true;
451
452 /*
453 * .init.text code is ran before userspace and thus doesn't
454 * strictly need retpolines, except for modules which are
455 * loaded late, they very much do need retpoline in their
456 * .init.text
457 */
458 if (!strcmp(sec->name, ".init.text") && !opts.module)
459 sec->init = true;
460
461 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) {
462 if (!insns || idx == INSN_CHUNK_MAX) {
463 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE);
464 if (!insns) {
465 ERROR_GLIBC("calloc");
466 return -1;
467 }
468 idx = 0;
469 } else {
470 idx++;
471 }
472 insn = &insns[idx];
473 insn->idx = idx;
474
475 INIT_LIST_HEAD(&insn->call_node);
476 insn->sec = sec;
477 insn->offset = offset;
478 insn->prev_len = prev_len;
479
480 ret = arch_decode_instruction(file, sec, offset,
481 sec->sh.sh_size - offset,
482 insn);
483 if (ret)
484 return ret;
485
486 prev_len = insn->len;
487
488 /*
489 * By default, "ud2" is a dead end unless otherwise
490 * annotated, because GCC 7 inserts it for certain
491 * divide-by-zero cases.
492 */
493 if (insn->type == INSN_BUG)
494 insn->dead_end = true;
495
496 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset));
497 nr_insns++;
498 }
499
500 sec_for_each_sym(sec, func) {
501 if (func->type != STT_NOTYPE && func->type != STT_FUNC)
502 continue;
503
504 if (func->offset == sec->sh.sh_size) {
505 /* Heuristic: likely an "end" symbol */
506 if (func->type == STT_NOTYPE)
507 continue;
508 ERROR("%s(): STT_FUNC at end of section", func->name);
509 return -1;
510 }
511
512 if (func->embedded_insn || func->alias != func)
513 continue;
514
515 if (!find_insn(file, sec, func->offset)) {
516 ERROR("%s(): can't find starting instruction", func->name);
517 return -1;
518 }
519
520 sym_for_each_insn(file, func, insn) {
521 insn->sym = func;
522 if (func->type == STT_FUNC &&
523 insn->type == INSN_ENDBR &&
524 list_empty(&insn->call_node)) {
525 if (insn->offset == func->offset) {
526 list_add_tail(&insn->call_node, &file->endbr_list);
527 file->nr_endbr++;
528 } else {
529 file->nr_endbr_int++;
530 }
531 }
532 }
533 }
534 }
535
536 if (opts.stats)
537 printf("nr_insns: %lu\n", nr_insns);
538
539 return 0;
540 }
541
542 /*
543 * Read the pv_ops[] .data table to find the static initialized values.
544 */
add_pv_ops(struct objtool_file * file,const char * symname)545 static int add_pv_ops(struct objtool_file *file, const char *symname)
546 {
547 struct symbol *sym, *func;
548 unsigned long off, end;
549 struct reloc *reloc;
550 int idx;
551
552 sym = find_symbol_by_name(file->elf, symname);
553 if (!sym)
554 return 0;
555
556 off = sym->offset;
557 end = off + sym->len;
558 for (;;) {
559 reloc = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off);
560 if (!reloc)
561 break;
562
563 idx = (reloc_offset(reloc) - sym->offset) / sizeof(unsigned long);
564
565 func = reloc->sym;
566 if (func->type == STT_SECTION)
567 func = find_symbol_by_offset(reloc->sym->sec,
568 reloc_addend(reloc));
569 if (!func) {
570 ERROR_FUNC(reloc->sym->sec, reloc_addend(reloc),
571 "can't find func at %s[%d]", symname, idx);
572 return -1;
573 }
574
575 if (objtool_pv_add(file, idx, func))
576 return -1;
577
578 off = reloc_offset(reloc) + 1;
579 if (off > end)
580 break;
581 }
582
583 return 0;
584 }
585
586 /*
587 * Allocate and initialize file->pv_ops[].
588 */
init_pv_ops(struct objtool_file * file)589 static int init_pv_ops(struct objtool_file *file)
590 {
591 static const char *pv_ops_tables[] = {
592 "pv_ops",
593 "xen_cpu_ops",
594 "xen_irq_ops",
595 "xen_mmu_ops",
596 NULL,
597 };
598 const char *pv_ops;
599 struct symbol *sym;
600 int idx, nr, ret;
601
602 if (!opts.noinstr)
603 return 0;
604
605 file->pv_ops = NULL;
606
607 sym = find_symbol_by_name(file->elf, "pv_ops");
608 if (!sym)
609 return 0;
610
611 nr = sym->len / sizeof(unsigned long);
612 file->pv_ops = calloc(sizeof(struct pv_state), nr);
613 if (!file->pv_ops) {
614 ERROR_GLIBC("calloc");
615 return -1;
616 }
617
618 for (idx = 0; idx < nr; idx++)
619 INIT_LIST_HEAD(&file->pv_ops[idx].targets);
620
621 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) {
622 ret = add_pv_ops(file, pv_ops);
623 if (ret)
624 return ret;
625 }
626
627 return 0;
628 }
629
create_static_call_sections(struct objtool_file * file)630 static int create_static_call_sections(struct objtool_file *file)
631 {
632 struct static_call_site *site;
633 struct section *sec;
634 struct instruction *insn;
635 struct symbol *key_sym;
636 char *key_name, *tmp;
637 int idx;
638
639 sec = find_section_by_name(file->elf, ".static_call_sites");
640 if (sec) {
641 INIT_LIST_HEAD(&file->static_call_list);
642 WARN("file already has .static_call_sites section, skipping");
643 return 0;
644 }
645
646 if (list_empty(&file->static_call_list))
647 return 0;
648
649 idx = 0;
650 list_for_each_entry(insn, &file->static_call_list, call_node)
651 idx++;
652
653 sec = elf_create_section_pair(file->elf, ".static_call_sites",
654 sizeof(*site), idx, idx * 2);
655 if (!sec)
656 return -1;
657
658 /* Allow modules to modify the low bits of static_call_site::key */
659 sec->sh.sh_flags |= SHF_WRITE;
660
661 idx = 0;
662 list_for_each_entry(insn, &file->static_call_list, call_node) {
663
664 /* populate reloc for 'addr' */
665 if (!elf_init_reloc_text_sym(file->elf, sec,
666 idx * sizeof(*site), idx * 2,
667 insn->sec, insn->offset))
668 return -1;
669
670 /* find key symbol */
671 key_name = strdup(insn_call_dest(insn)->name);
672 if (!key_name) {
673 ERROR_GLIBC("strdup");
674 return -1;
675 }
676 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR,
677 STATIC_CALL_TRAMP_PREFIX_LEN)) {
678 ERROR("static_call: trampoline name malformed: %s", key_name);
679 return -1;
680 }
681 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN;
682 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN);
683
684 key_sym = find_symbol_by_name(file->elf, tmp);
685 if (!key_sym) {
686 if (!opts.module) {
687 ERROR("static_call: can't find static_call_key symbol: %s", tmp);
688 return -1;
689 }
690
691 /*
692 * For modules(), the key might not be exported, which
693 * means the module can make static calls but isn't
694 * allowed to change them.
695 *
696 * In that case we temporarily set the key to be the
697 * trampoline address. This is fixed up in
698 * static_call_add_module().
699 */
700 key_sym = insn_call_dest(insn);
701 }
702
703 /* populate reloc for 'key' */
704 if (!elf_init_reloc_data_sym(file->elf, sec,
705 idx * sizeof(*site) + 4,
706 (idx * 2) + 1, key_sym,
707 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL))
708 return -1;
709
710 idx++;
711 }
712
713 return 0;
714 }
715
create_retpoline_sites_sections(struct objtool_file * file)716 static int create_retpoline_sites_sections(struct objtool_file *file)
717 {
718 struct instruction *insn;
719 struct section *sec;
720 int idx;
721
722 sec = find_section_by_name(file->elf, ".retpoline_sites");
723 if (sec) {
724 WARN("file already has .retpoline_sites, skipping");
725 return 0;
726 }
727
728 idx = 0;
729 list_for_each_entry(insn, &file->retpoline_call_list, call_node)
730 idx++;
731
732 if (!idx)
733 return 0;
734
735 sec = elf_create_section_pair(file->elf, ".retpoline_sites",
736 sizeof(int), idx, idx);
737 if (!sec)
738 return -1;
739
740 idx = 0;
741 list_for_each_entry(insn, &file->retpoline_call_list, call_node) {
742
743 if (!elf_init_reloc_text_sym(file->elf, sec,
744 idx * sizeof(int), idx,
745 insn->sec, insn->offset))
746 return -1;
747
748 idx++;
749 }
750
751 return 0;
752 }
753
create_return_sites_sections(struct objtool_file * file)754 static int create_return_sites_sections(struct objtool_file *file)
755 {
756 struct instruction *insn;
757 struct section *sec;
758 int idx;
759
760 sec = find_section_by_name(file->elf, ".return_sites");
761 if (sec) {
762 WARN("file already has .return_sites, skipping");
763 return 0;
764 }
765
766 idx = 0;
767 list_for_each_entry(insn, &file->return_thunk_list, call_node)
768 idx++;
769
770 if (!idx)
771 return 0;
772
773 sec = elf_create_section_pair(file->elf, ".return_sites",
774 sizeof(int), idx, idx);
775 if (!sec)
776 return -1;
777
778 idx = 0;
779 list_for_each_entry(insn, &file->return_thunk_list, call_node) {
780
781 if (!elf_init_reloc_text_sym(file->elf, sec,
782 idx * sizeof(int), idx,
783 insn->sec, insn->offset))
784 return -1;
785
786 idx++;
787 }
788
789 return 0;
790 }
791
create_ibt_endbr_seal_sections(struct objtool_file * file)792 static int create_ibt_endbr_seal_sections(struct objtool_file *file)
793 {
794 struct instruction *insn;
795 struct section *sec;
796 int idx;
797
798 sec = find_section_by_name(file->elf, ".ibt_endbr_seal");
799 if (sec) {
800 WARN("file already has .ibt_endbr_seal, skipping");
801 return 0;
802 }
803
804 idx = 0;
805 list_for_each_entry(insn, &file->endbr_list, call_node)
806 idx++;
807
808 if (opts.stats) {
809 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr);
810 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int);
811 printf("ibt: superfluous ENDBR: %d\n", idx);
812 }
813
814 if (!idx)
815 return 0;
816
817 sec = elf_create_section_pair(file->elf, ".ibt_endbr_seal",
818 sizeof(int), idx, idx);
819 if (!sec)
820 return -1;
821
822 idx = 0;
823 list_for_each_entry(insn, &file->endbr_list, call_node) {
824
825 int *site = (int *)sec->data->d_buf + idx;
826 struct symbol *sym = insn->sym;
827 *site = 0;
828
829 if (opts.module && sym && sym->type == STT_FUNC &&
830 insn->offset == sym->offset &&
831 (!strcmp(sym->name, "init_module") ||
832 !strcmp(sym->name, "cleanup_module"))) {
833 ERROR("%s(): Magic init_module() function name is deprecated, use module_init(fn) instead",
834 sym->name);
835 return -1;
836 }
837
838 if (!elf_init_reloc_text_sym(file->elf, sec,
839 idx * sizeof(int), idx,
840 insn->sec, insn->offset))
841 return -1;
842
843 idx++;
844 }
845
846 return 0;
847 }
848
create_cfi_sections(struct objtool_file * file)849 static int create_cfi_sections(struct objtool_file *file)
850 {
851 struct section *sec;
852 struct symbol *sym;
853 int idx;
854
855 sec = find_section_by_name(file->elf, ".cfi_sites");
856 if (sec) {
857 INIT_LIST_HEAD(&file->call_list);
858 WARN("file already has .cfi_sites section, skipping");
859 return 0;
860 }
861
862 idx = 0;
863 for_each_sym(file, sym) {
864 if (sym->type != STT_FUNC)
865 continue;
866
867 if (strncmp(sym->name, "__cfi_", 6))
868 continue;
869
870 idx++;
871 }
872
873 sec = elf_create_section_pair(file->elf, ".cfi_sites",
874 sizeof(unsigned int), idx, idx);
875 if (!sec)
876 return -1;
877
878 idx = 0;
879 for_each_sym(file, sym) {
880 if (sym->type != STT_FUNC)
881 continue;
882
883 if (strncmp(sym->name, "__cfi_", 6))
884 continue;
885
886 if (!elf_init_reloc_text_sym(file->elf, sec,
887 idx * sizeof(unsigned int), idx,
888 sym->sec, sym->offset))
889 return -1;
890
891 idx++;
892 }
893
894 return 0;
895 }
896
create_mcount_loc_sections(struct objtool_file * file)897 static int create_mcount_loc_sections(struct objtool_file *file)
898 {
899 size_t addr_size = elf_addr_size(file->elf);
900 struct instruction *insn;
901 struct section *sec;
902 int idx;
903
904 sec = find_section_by_name(file->elf, "__mcount_loc");
905 if (sec) {
906 INIT_LIST_HEAD(&file->mcount_loc_list);
907 WARN("file already has __mcount_loc section, skipping");
908 return 0;
909 }
910
911 if (list_empty(&file->mcount_loc_list))
912 return 0;
913
914 idx = 0;
915 list_for_each_entry(insn, &file->mcount_loc_list, call_node)
916 idx++;
917
918 sec = elf_create_section_pair(file->elf, "__mcount_loc", addr_size,
919 idx, idx);
920 if (!sec)
921 return -1;
922
923 sec->sh.sh_addralign = addr_size;
924
925 idx = 0;
926 list_for_each_entry(insn, &file->mcount_loc_list, call_node) {
927
928 struct reloc *reloc;
929
930 reloc = elf_init_reloc_text_sym(file->elf, sec, idx * addr_size, idx,
931 insn->sec, insn->offset);
932 if (!reloc)
933 return -1;
934
935 set_reloc_type(file->elf, reloc, addr_size == 8 ? R_ABS64 : R_ABS32);
936
937 idx++;
938 }
939
940 return 0;
941 }
942
create_direct_call_sections(struct objtool_file * file)943 static int create_direct_call_sections(struct objtool_file *file)
944 {
945 struct instruction *insn;
946 struct section *sec;
947 int idx;
948
949 sec = find_section_by_name(file->elf, ".call_sites");
950 if (sec) {
951 INIT_LIST_HEAD(&file->call_list);
952 WARN("file already has .call_sites section, skipping");
953 return 0;
954 }
955
956 if (list_empty(&file->call_list))
957 return 0;
958
959 idx = 0;
960 list_for_each_entry(insn, &file->call_list, call_node)
961 idx++;
962
963 sec = elf_create_section_pair(file->elf, ".call_sites",
964 sizeof(unsigned int), idx, idx);
965 if (!sec)
966 return -1;
967
968 idx = 0;
969 list_for_each_entry(insn, &file->call_list, call_node) {
970
971 if (!elf_init_reloc_text_sym(file->elf, sec,
972 idx * sizeof(unsigned int), idx,
973 insn->sec, insn->offset))
974 return -1;
975
976 idx++;
977 }
978
979 return 0;
980 }
981
982 /*
983 * Warnings shouldn't be reported for ignored functions.
984 */
add_ignores(struct objtool_file * file)985 static int add_ignores(struct objtool_file *file)
986 {
987 struct section *rsec;
988 struct symbol *func;
989 struct reloc *reloc;
990
991 rsec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard");
992 if (!rsec)
993 return 0;
994
995 for_each_reloc(rsec, reloc) {
996 switch (reloc->sym->type) {
997 case STT_FUNC:
998 func = reloc->sym;
999 break;
1000
1001 case STT_SECTION:
1002 func = find_func_by_offset(reloc->sym->sec, reloc_addend(reloc));
1003 if (!func)
1004 continue;
1005 break;
1006
1007 default:
1008 ERROR("unexpected relocation symbol type in %s: %d",
1009 rsec->name, reloc->sym->type);
1010 return -1;
1011 }
1012
1013 func->ignore = true;
1014 if (func->cfunc)
1015 func->cfunc->ignore = true;
1016 }
1017
1018 return 0;
1019 }
1020
1021 /*
1022 * This is a whitelist of functions that is allowed to be called with AC set.
1023 * The list is meant to be minimal and only contains compiler instrumentation
1024 * ABI and a few functions used to implement *_{to,from}_user() functions.
1025 *
1026 * These functions must not directly change AC, but may PUSHF/POPF.
1027 */
1028 static const char *uaccess_safe_builtin[] = {
1029 /* KASAN */
1030 "kasan_report",
1031 "kasan_check_range",
1032 /* KASAN out-of-line */
1033 "__asan_loadN_noabort",
1034 "__asan_load1_noabort",
1035 "__asan_load2_noabort",
1036 "__asan_load4_noabort",
1037 "__asan_load8_noabort",
1038 "__asan_load16_noabort",
1039 "__asan_storeN_noabort",
1040 "__asan_store1_noabort",
1041 "__asan_store2_noabort",
1042 "__asan_store4_noabort",
1043 "__asan_store8_noabort",
1044 "__asan_store16_noabort",
1045 "__kasan_check_read",
1046 "__kasan_check_write",
1047 /* KASAN in-line */
1048 "__asan_report_load_n_noabort",
1049 "__asan_report_load1_noabort",
1050 "__asan_report_load2_noabort",
1051 "__asan_report_load4_noabort",
1052 "__asan_report_load8_noabort",
1053 "__asan_report_load16_noabort",
1054 "__asan_report_store_n_noabort",
1055 "__asan_report_store1_noabort",
1056 "__asan_report_store2_noabort",
1057 "__asan_report_store4_noabort",
1058 "__asan_report_store8_noabort",
1059 "__asan_report_store16_noabort",
1060 /* KCSAN */
1061 "__kcsan_check_access",
1062 "__kcsan_mb",
1063 "__kcsan_wmb",
1064 "__kcsan_rmb",
1065 "__kcsan_release",
1066 "kcsan_found_watchpoint",
1067 "kcsan_setup_watchpoint",
1068 "kcsan_check_scoped_accesses",
1069 "kcsan_disable_current",
1070 "kcsan_enable_current_nowarn",
1071 /* KCSAN/TSAN */
1072 "__tsan_func_entry",
1073 "__tsan_func_exit",
1074 "__tsan_read_range",
1075 "__tsan_write_range",
1076 "__tsan_read1",
1077 "__tsan_read2",
1078 "__tsan_read4",
1079 "__tsan_read8",
1080 "__tsan_read16",
1081 "__tsan_write1",
1082 "__tsan_write2",
1083 "__tsan_write4",
1084 "__tsan_write8",
1085 "__tsan_write16",
1086 "__tsan_read_write1",
1087 "__tsan_read_write2",
1088 "__tsan_read_write4",
1089 "__tsan_read_write8",
1090 "__tsan_read_write16",
1091 "__tsan_volatile_read1",
1092 "__tsan_volatile_read2",
1093 "__tsan_volatile_read4",
1094 "__tsan_volatile_read8",
1095 "__tsan_volatile_read16",
1096 "__tsan_volatile_write1",
1097 "__tsan_volatile_write2",
1098 "__tsan_volatile_write4",
1099 "__tsan_volatile_write8",
1100 "__tsan_volatile_write16",
1101 "__tsan_atomic8_load",
1102 "__tsan_atomic16_load",
1103 "__tsan_atomic32_load",
1104 "__tsan_atomic64_load",
1105 "__tsan_atomic8_store",
1106 "__tsan_atomic16_store",
1107 "__tsan_atomic32_store",
1108 "__tsan_atomic64_store",
1109 "__tsan_atomic8_exchange",
1110 "__tsan_atomic16_exchange",
1111 "__tsan_atomic32_exchange",
1112 "__tsan_atomic64_exchange",
1113 "__tsan_atomic8_fetch_add",
1114 "__tsan_atomic16_fetch_add",
1115 "__tsan_atomic32_fetch_add",
1116 "__tsan_atomic64_fetch_add",
1117 "__tsan_atomic8_fetch_sub",
1118 "__tsan_atomic16_fetch_sub",
1119 "__tsan_atomic32_fetch_sub",
1120 "__tsan_atomic64_fetch_sub",
1121 "__tsan_atomic8_fetch_and",
1122 "__tsan_atomic16_fetch_and",
1123 "__tsan_atomic32_fetch_and",
1124 "__tsan_atomic64_fetch_and",
1125 "__tsan_atomic8_fetch_or",
1126 "__tsan_atomic16_fetch_or",
1127 "__tsan_atomic32_fetch_or",
1128 "__tsan_atomic64_fetch_or",
1129 "__tsan_atomic8_fetch_xor",
1130 "__tsan_atomic16_fetch_xor",
1131 "__tsan_atomic32_fetch_xor",
1132 "__tsan_atomic64_fetch_xor",
1133 "__tsan_atomic8_fetch_nand",
1134 "__tsan_atomic16_fetch_nand",
1135 "__tsan_atomic32_fetch_nand",
1136 "__tsan_atomic64_fetch_nand",
1137 "__tsan_atomic8_compare_exchange_strong",
1138 "__tsan_atomic16_compare_exchange_strong",
1139 "__tsan_atomic32_compare_exchange_strong",
1140 "__tsan_atomic64_compare_exchange_strong",
1141 "__tsan_atomic8_compare_exchange_weak",
1142 "__tsan_atomic16_compare_exchange_weak",
1143 "__tsan_atomic32_compare_exchange_weak",
1144 "__tsan_atomic64_compare_exchange_weak",
1145 "__tsan_atomic8_compare_exchange_val",
1146 "__tsan_atomic16_compare_exchange_val",
1147 "__tsan_atomic32_compare_exchange_val",
1148 "__tsan_atomic64_compare_exchange_val",
1149 "__tsan_atomic_thread_fence",
1150 "__tsan_atomic_signal_fence",
1151 "__tsan_unaligned_read16",
1152 "__tsan_unaligned_write16",
1153 /* KCOV */
1154 "write_comp_data",
1155 "check_kcov_mode",
1156 "__sanitizer_cov_trace_pc",
1157 "__sanitizer_cov_trace_const_cmp1",
1158 "__sanitizer_cov_trace_const_cmp2",
1159 "__sanitizer_cov_trace_const_cmp4",
1160 "__sanitizer_cov_trace_const_cmp8",
1161 "__sanitizer_cov_trace_cmp1",
1162 "__sanitizer_cov_trace_cmp2",
1163 "__sanitizer_cov_trace_cmp4",
1164 "__sanitizer_cov_trace_cmp8",
1165 "__sanitizer_cov_trace_switch",
1166 /* KMSAN */
1167 "kmsan_copy_to_user",
1168 "kmsan_disable_current",
1169 "kmsan_enable_current",
1170 "kmsan_report",
1171 "kmsan_unpoison_entry_regs",
1172 "kmsan_unpoison_memory",
1173 "__msan_chain_origin",
1174 "__msan_get_context_state",
1175 "__msan_instrument_asm_store",
1176 "__msan_metadata_ptr_for_load_1",
1177 "__msan_metadata_ptr_for_load_2",
1178 "__msan_metadata_ptr_for_load_4",
1179 "__msan_metadata_ptr_for_load_8",
1180 "__msan_metadata_ptr_for_load_n",
1181 "__msan_metadata_ptr_for_store_1",
1182 "__msan_metadata_ptr_for_store_2",
1183 "__msan_metadata_ptr_for_store_4",
1184 "__msan_metadata_ptr_for_store_8",
1185 "__msan_metadata_ptr_for_store_n",
1186 "__msan_poison_alloca",
1187 "__msan_warning",
1188 /* UBSAN */
1189 "ubsan_type_mismatch_common",
1190 "__ubsan_handle_type_mismatch",
1191 "__ubsan_handle_type_mismatch_v1",
1192 "__ubsan_handle_shift_out_of_bounds",
1193 "__ubsan_handle_load_invalid_value",
1194 /* STACKLEAK */
1195 "stackleak_track_stack",
1196 /* TRACE_BRANCH_PROFILING */
1197 "ftrace_likely_update",
1198 /* STACKPROTECTOR */
1199 "__stack_chk_fail",
1200 /* misc */
1201 "csum_partial_copy_generic",
1202 "copy_mc_fragile",
1203 "copy_mc_fragile_handle_tail",
1204 "copy_mc_enhanced_fast_string",
1205 "rep_stos_alternative",
1206 "rep_movs_alternative",
1207 "__copy_user_nocache",
1208 NULL
1209 };
1210
add_uaccess_safe(struct objtool_file * file)1211 static void add_uaccess_safe(struct objtool_file *file)
1212 {
1213 struct symbol *func;
1214 const char **name;
1215
1216 if (!opts.uaccess)
1217 return;
1218
1219 for (name = uaccess_safe_builtin; *name; name++) {
1220 func = find_symbol_by_name(file->elf, *name);
1221 if (!func)
1222 continue;
1223
1224 func->uaccess_safe = true;
1225 }
1226 }
1227
1228 /*
1229 * Symbols that replace INSN_CALL_DYNAMIC, every (tail) call to such a symbol
1230 * will be added to the .retpoline_sites section.
1231 */
arch_is_retpoline(struct symbol * sym)1232 __weak bool arch_is_retpoline(struct symbol *sym)
1233 {
1234 return false;
1235 }
1236
1237 /*
1238 * Symbols that replace INSN_RETURN, every (tail) call to such a symbol
1239 * will be added to the .return_sites section.
1240 */
arch_is_rethunk(struct symbol * sym)1241 __weak bool arch_is_rethunk(struct symbol *sym)
1242 {
1243 return false;
1244 }
1245
1246 /*
1247 * Symbols that are embedded inside other instructions, because sometimes crazy
1248 * code exists. These are mostly ignored for validation purposes.
1249 */
arch_is_embedded_insn(struct symbol * sym)1250 __weak bool arch_is_embedded_insn(struct symbol *sym)
1251 {
1252 return false;
1253 }
1254
insn_reloc(struct objtool_file * file,struct instruction * insn)1255 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn)
1256 {
1257 struct reloc *reloc;
1258
1259 if (insn->no_reloc)
1260 return NULL;
1261
1262 if (!file)
1263 return NULL;
1264
1265 reloc = find_reloc_by_dest_range(file->elf, insn->sec,
1266 insn->offset, insn->len);
1267 if (!reloc) {
1268 insn->no_reloc = 1;
1269 return NULL;
1270 }
1271
1272 return reloc;
1273 }
1274
remove_insn_ops(struct instruction * insn)1275 static void remove_insn_ops(struct instruction *insn)
1276 {
1277 struct stack_op *op, *next;
1278
1279 for (op = insn->stack_ops; op; op = next) {
1280 next = op->next;
1281 free(op);
1282 }
1283 insn->stack_ops = NULL;
1284 }
1285
annotate_call_site(struct objtool_file * file,struct instruction * insn,bool sibling)1286 static int annotate_call_site(struct objtool_file *file,
1287 struct instruction *insn, bool sibling)
1288 {
1289 struct reloc *reloc = insn_reloc(file, insn);
1290 struct symbol *sym = insn_call_dest(insn);
1291
1292 if (!sym)
1293 sym = reloc->sym;
1294
1295 if (sym->static_call_tramp) {
1296 list_add_tail(&insn->call_node, &file->static_call_list);
1297 return 0;
1298 }
1299
1300 if (sym->retpoline_thunk) {
1301 list_add_tail(&insn->call_node, &file->retpoline_call_list);
1302 return 0;
1303 }
1304
1305 /*
1306 * Many compilers cannot disable KCOV or sanitizer calls with a function
1307 * attribute so they need a little help, NOP out any such calls from
1308 * noinstr text.
1309 */
1310 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) {
1311 if (reloc)
1312 set_reloc_type(file->elf, reloc, R_NONE);
1313
1314 if (elf_write_insn(file->elf, insn->sec,
1315 insn->offset, insn->len,
1316 sibling ? arch_ret_insn(insn->len)
1317 : arch_nop_insn(insn->len))) {
1318 return -1;
1319 }
1320
1321 insn->type = sibling ? INSN_RETURN : INSN_NOP;
1322
1323 if (sibling) {
1324 /*
1325 * We've replaced the tail-call JMP insn by two new
1326 * insn: RET; INT3, except we only have a single struct
1327 * insn here. Mark it retpoline_safe to avoid the SLS
1328 * warning, instead of adding another insn.
1329 */
1330 insn->retpoline_safe = true;
1331 }
1332
1333 return 0;
1334 }
1335
1336 if (opts.mcount && sym->fentry) {
1337 if (sibling)
1338 WARN_INSN(insn, "tail call to __fentry__ !?!?");
1339 if (opts.mnop) {
1340 if (reloc)
1341 set_reloc_type(file->elf, reloc, R_NONE);
1342
1343 if (elf_write_insn(file->elf, insn->sec,
1344 insn->offset, insn->len,
1345 arch_nop_insn(insn->len))) {
1346 return -1;
1347 }
1348
1349 insn->type = INSN_NOP;
1350 }
1351
1352 list_add_tail(&insn->call_node, &file->mcount_loc_list);
1353 return 0;
1354 }
1355
1356 if (insn->type == INSN_CALL && !insn->sec->init &&
1357 !insn->_call_dest->embedded_insn)
1358 list_add_tail(&insn->call_node, &file->call_list);
1359
1360 if (!sibling && dead_end_function(file, sym))
1361 insn->dead_end = true;
1362
1363 return 0;
1364 }
1365
add_call_dest(struct objtool_file * file,struct instruction * insn,struct symbol * dest,bool sibling)1366 static int add_call_dest(struct objtool_file *file, struct instruction *insn,
1367 struct symbol *dest, bool sibling)
1368 {
1369 insn->_call_dest = dest;
1370 if (!dest)
1371 return 0;
1372
1373 /*
1374 * Whatever stack impact regular CALLs have, should be undone
1375 * by the RETURN of the called function.
1376 *
1377 * Annotated intra-function calls retain the stack_ops but
1378 * are converted to JUMP, see read_intra_function_calls().
1379 */
1380 remove_insn_ops(insn);
1381
1382 return annotate_call_site(file, insn, sibling);
1383 }
1384
add_retpoline_call(struct objtool_file * file,struct instruction * insn)1385 static int add_retpoline_call(struct objtool_file *file, struct instruction *insn)
1386 {
1387 /*
1388 * Retpoline calls/jumps are really dynamic calls/jumps in disguise,
1389 * so convert them accordingly.
1390 */
1391 switch (insn->type) {
1392 case INSN_CALL:
1393 insn->type = INSN_CALL_DYNAMIC;
1394 break;
1395 case INSN_JUMP_UNCONDITIONAL:
1396 insn->type = INSN_JUMP_DYNAMIC;
1397 break;
1398 case INSN_JUMP_CONDITIONAL:
1399 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL;
1400 break;
1401 default:
1402 return 0;
1403 }
1404
1405 insn->retpoline_safe = true;
1406
1407 /*
1408 * Whatever stack impact regular CALLs have, should be undone
1409 * by the RETURN of the called function.
1410 *
1411 * Annotated intra-function calls retain the stack_ops but
1412 * are converted to JUMP, see read_intra_function_calls().
1413 */
1414 remove_insn_ops(insn);
1415
1416 return annotate_call_site(file, insn, false);
1417 }
1418
add_return_call(struct objtool_file * file,struct instruction * insn,bool add)1419 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add)
1420 {
1421 /*
1422 * Return thunk tail calls are really just returns in disguise,
1423 * so convert them accordingly.
1424 */
1425 insn->type = INSN_RETURN;
1426 insn->retpoline_safe = true;
1427
1428 if (add)
1429 list_add_tail(&insn->call_node, &file->return_thunk_list);
1430 }
1431
is_first_func_insn(struct objtool_file * file,struct instruction * insn,struct symbol * sym)1432 static bool is_first_func_insn(struct objtool_file *file,
1433 struct instruction *insn, struct symbol *sym)
1434 {
1435 if (insn->offset == sym->offset)
1436 return true;
1437
1438 /* Allow direct CALL/JMP past ENDBR */
1439 if (opts.ibt) {
1440 struct instruction *prev = prev_insn_same_sym(file, insn);
1441
1442 if (prev && prev->type == INSN_ENDBR &&
1443 insn->offset == sym->offset + prev->len)
1444 return true;
1445 }
1446
1447 return false;
1448 }
1449
1450 /*
1451 * A sibling call is a tail-call to another symbol -- to differentiate from a
1452 * recursive tail-call which is to the same symbol.
1453 */
jump_is_sibling_call(struct objtool_file * file,struct instruction * from,struct instruction * to)1454 static bool jump_is_sibling_call(struct objtool_file *file,
1455 struct instruction *from, struct instruction *to)
1456 {
1457 struct symbol *fs = from->sym;
1458 struct symbol *ts = to->sym;
1459
1460 /* Not a sibling call if from/to a symbol hole */
1461 if (!fs || !ts)
1462 return false;
1463
1464 /* Not a sibling call if not targeting the start of a symbol. */
1465 if (!is_first_func_insn(file, to, ts))
1466 return false;
1467
1468 /* Disallow sibling calls into STT_NOTYPE */
1469 if (ts->type == STT_NOTYPE)
1470 return false;
1471
1472 /* Must not be self to be a sibling */
1473 return fs->pfunc != ts->pfunc;
1474 }
1475
1476 /*
1477 * Find the destination instructions for all jumps.
1478 */
add_jump_destinations(struct objtool_file * file)1479 static int add_jump_destinations(struct objtool_file *file)
1480 {
1481 struct instruction *insn, *jump_dest;
1482 struct reloc *reloc;
1483 struct section *dest_sec;
1484 unsigned long dest_off;
1485 int ret;
1486
1487 for_each_insn(file, insn) {
1488 struct symbol *func = insn_func(insn);
1489
1490 if (insn->jump_dest) {
1491 /*
1492 * handle_group_alt() may have previously set
1493 * 'jump_dest' for some alternatives.
1494 */
1495 continue;
1496 }
1497 if (!is_static_jump(insn))
1498 continue;
1499
1500 reloc = insn_reloc(file, insn);
1501 if (!reloc) {
1502 dest_sec = insn->sec;
1503 dest_off = arch_jump_destination(insn);
1504 } else if (reloc->sym->type == STT_SECTION) {
1505 dest_sec = reloc->sym->sec;
1506 dest_off = arch_dest_reloc_offset(reloc_addend(reloc));
1507 } else if (reloc->sym->retpoline_thunk) {
1508 ret = add_retpoline_call(file, insn);
1509 if (ret)
1510 return ret;
1511 continue;
1512 } else if (reloc->sym->return_thunk) {
1513 add_return_call(file, insn, true);
1514 continue;
1515 } else if (func) {
1516 /*
1517 * External sibling call or internal sibling call with
1518 * STT_FUNC reloc.
1519 */
1520 ret = add_call_dest(file, insn, reloc->sym, true);
1521 if (ret)
1522 return ret;
1523 continue;
1524 } else if (reloc->sym->sec->idx) {
1525 dest_sec = reloc->sym->sec;
1526 dest_off = reloc->sym->sym.st_value +
1527 arch_dest_reloc_offset(reloc_addend(reloc));
1528 } else {
1529 /* non-func asm code jumping to another file */
1530 continue;
1531 }
1532
1533 jump_dest = find_insn(file, dest_sec, dest_off);
1534 if (!jump_dest) {
1535 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off);
1536
1537 /*
1538 * This is a special case for retbleed_untrain_ret().
1539 * It jumps to __x86_return_thunk(), but objtool
1540 * can't find the thunk's starting RET
1541 * instruction, because the RET is also in the
1542 * middle of another instruction. Objtool only
1543 * knows about the outer instruction.
1544 */
1545 if (sym && sym->embedded_insn) {
1546 add_return_call(file, insn, false);
1547 continue;
1548 }
1549
1550 /*
1551 * GCOV/KCOV dead code can jump to the end of the
1552 * function/section.
1553 */
1554 if (file->ignore_unreachables && func &&
1555 dest_sec == insn->sec &&
1556 dest_off == func->offset + func->len)
1557 continue;
1558
1559 ERROR_INSN(insn, "can't find jump dest instruction at %s+0x%lx",
1560 dest_sec->name, dest_off);
1561 return -1;
1562 }
1563
1564 /*
1565 * An intra-TU jump in retpoline.o might not have a relocation
1566 * for its jump dest, in which case the above
1567 * add_{retpoline,return}_call() didn't happen.
1568 */
1569 if (jump_dest->sym && jump_dest->offset == jump_dest->sym->offset) {
1570 if (jump_dest->sym->retpoline_thunk) {
1571 ret = add_retpoline_call(file, insn);
1572 if (ret)
1573 return ret;
1574 continue;
1575 }
1576 if (jump_dest->sym->return_thunk) {
1577 add_return_call(file, insn, true);
1578 continue;
1579 }
1580 }
1581
1582 /*
1583 * Cross-function jump.
1584 */
1585 if (func && insn_func(jump_dest) && func != insn_func(jump_dest)) {
1586
1587 /*
1588 * For GCC 8+, create parent/child links for any cold
1589 * subfunctions. This is _mostly_ redundant with a
1590 * similar initialization in read_symbols().
1591 *
1592 * If a function has aliases, we want the *first* such
1593 * function in the symbol table to be the subfunction's
1594 * parent. In that case we overwrite the
1595 * initialization done in read_symbols().
1596 *
1597 * However this code can't completely replace the
1598 * read_symbols() code because this doesn't detect the
1599 * case where the parent function's only reference to a
1600 * subfunction is through a jump table.
1601 */
1602 if (!strstr(func->name, ".cold") &&
1603 strstr(insn_func(jump_dest)->name, ".cold")) {
1604 func->cfunc = insn_func(jump_dest);
1605 insn_func(jump_dest)->pfunc = func;
1606 }
1607 }
1608
1609 if (jump_is_sibling_call(file, insn, jump_dest)) {
1610 /*
1611 * Internal sibling call without reloc or with
1612 * STT_SECTION reloc.
1613 */
1614 ret = add_call_dest(file, insn, insn_func(jump_dest), true);
1615 if (ret)
1616 return ret;
1617 continue;
1618 }
1619
1620 insn->jump_dest = jump_dest;
1621 }
1622
1623 return 0;
1624 }
1625
find_call_destination(struct section * sec,unsigned long offset)1626 static struct symbol *find_call_destination(struct section *sec, unsigned long offset)
1627 {
1628 struct symbol *call_dest;
1629
1630 call_dest = find_func_by_offset(sec, offset);
1631 if (!call_dest)
1632 call_dest = find_symbol_by_offset(sec, offset);
1633
1634 return call_dest;
1635 }
1636
1637 /*
1638 * Find the destination instructions for all calls.
1639 */
add_call_destinations(struct objtool_file * file)1640 static int add_call_destinations(struct objtool_file *file)
1641 {
1642 struct instruction *insn;
1643 unsigned long dest_off;
1644 struct symbol *dest;
1645 struct reloc *reloc;
1646 int ret;
1647
1648 for_each_insn(file, insn) {
1649 struct symbol *func = insn_func(insn);
1650 if (insn->type != INSN_CALL)
1651 continue;
1652
1653 reloc = insn_reloc(file, insn);
1654 if (!reloc) {
1655 dest_off = arch_jump_destination(insn);
1656 dest = find_call_destination(insn->sec, dest_off);
1657
1658 ret = add_call_dest(file, insn, dest, false);
1659 if (ret)
1660 return ret;
1661
1662 if (func && func->ignore)
1663 continue;
1664
1665 if (!insn_call_dest(insn)) {
1666 ERROR_INSN(insn, "unannotated intra-function call");
1667 return -1;
1668 }
1669
1670 if (func && insn_call_dest(insn)->type != STT_FUNC) {
1671 ERROR_INSN(insn, "unsupported call to non-function");
1672 return -1;
1673 }
1674
1675 } else if (reloc->sym->type == STT_SECTION) {
1676 dest_off = arch_dest_reloc_offset(reloc_addend(reloc));
1677 dest = find_call_destination(reloc->sym->sec, dest_off);
1678 if (!dest) {
1679 ERROR_INSN(insn, "can't find call dest symbol at %s+0x%lx",
1680 reloc->sym->sec->name, dest_off);
1681 return -1;
1682 }
1683
1684 ret = add_call_dest(file, insn, dest, false);
1685 if (ret)
1686 return ret;
1687
1688 } else if (reloc->sym->retpoline_thunk) {
1689 ret = add_retpoline_call(file, insn);
1690 if (ret)
1691 return ret;
1692
1693 } else {
1694 ret = add_call_dest(file, insn, reloc->sym, false);
1695 if (ret)
1696 return ret;
1697 }
1698 }
1699
1700 return 0;
1701 }
1702
1703 /*
1704 * The .alternatives section requires some extra special care over and above
1705 * other special sections because alternatives are patched in place.
1706 */
handle_group_alt(struct objtool_file * file,struct special_alt * special_alt,struct instruction * orig_insn,struct instruction ** new_insn)1707 static int handle_group_alt(struct objtool_file *file,
1708 struct special_alt *special_alt,
1709 struct instruction *orig_insn,
1710 struct instruction **new_insn)
1711 {
1712 struct instruction *last_new_insn = NULL, *insn, *nop = NULL;
1713 struct alt_group *orig_alt_group, *new_alt_group;
1714 unsigned long dest_off;
1715
1716 orig_alt_group = orig_insn->alt_group;
1717 if (!orig_alt_group) {
1718 struct instruction *last_orig_insn = NULL;
1719
1720 orig_alt_group = calloc(1, sizeof(*orig_alt_group));
1721 if (!orig_alt_group) {
1722 ERROR_GLIBC("calloc");
1723 return -1;
1724 }
1725 orig_alt_group->cfi = calloc(special_alt->orig_len,
1726 sizeof(struct cfi_state *));
1727 if (!orig_alt_group->cfi) {
1728 ERROR_GLIBC("calloc");
1729 return -1;
1730 }
1731
1732 insn = orig_insn;
1733 sec_for_each_insn_from(file, insn) {
1734 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
1735 break;
1736
1737 insn->alt_group = orig_alt_group;
1738 last_orig_insn = insn;
1739 }
1740 orig_alt_group->orig_group = NULL;
1741 orig_alt_group->first_insn = orig_insn;
1742 orig_alt_group->last_insn = last_orig_insn;
1743 orig_alt_group->nop = NULL;
1744 orig_alt_group->ignore = orig_insn->ignore_alts;
1745 } else {
1746 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len -
1747 orig_alt_group->first_insn->offset != special_alt->orig_len) {
1748 ERROR_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d",
1749 orig_alt_group->last_insn->offset +
1750 orig_alt_group->last_insn->len -
1751 orig_alt_group->first_insn->offset,
1752 special_alt->orig_len);
1753 return -1;
1754 }
1755 }
1756
1757 new_alt_group = calloc(1, sizeof(*new_alt_group));
1758 if (!new_alt_group) {
1759 ERROR_GLIBC("calloc");
1760 return -1;
1761 }
1762
1763 if (special_alt->new_len < special_alt->orig_len) {
1764 /*
1765 * Insert a fake nop at the end to make the replacement
1766 * alt_group the same size as the original. This is needed to
1767 * allow propagate_alt_cfi() to do its magic. When the last
1768 * instruction affects the stack, the instruction after it (the
1769 * nop) will propagate the new state to the shared CFI array.
1770 */
1771 nop = calloc(1, sizeof(*nop));
1772 if (!nop) {
1773 ERROR_GLIBC("calloc");
1774 return -1;
1775 }
1776 memset(nop, 0, sizeof(*nop));
1777
1778 nop->sec = special_alt->new_sec;
1779 nop->offset = special_alt->new_off + special_alt->new_len;
1780 nop->len = special_alt->orig_len - special_alt->new_len;
1781 nop->type = INSN_NOP;
1782 nop->sym = orig_insn->sym;
1783 nop->alt_group = new_alt_group;
1784 }
1785
1786 if (!special_alt->new_len) {
1787 *new_insn = nop;
1788 goto end;
1789 }
1790
1791 insn = *new_insn;
1792 sec_for_each_insn_from(file, insn) {
1793 struct reloc *alt_reloc;
1794
1795 if (insn->offset >= special_alt->new_off + special_alt->new_len)
1796 break;
1797
1798 last_new_insn = insn;
1799
1800 insn->sym = orig_insn->sym;
1801 insn->alt_group = new_alt_group;
1802
1803 /*
1804 * Since alternative replacement code is copy/pasted by the
1805 * kernel after applying relocations, generally such code can't
1806 * have relative-address relocation references to outside the
1807 * .altinstr_replacement section, unless the arch's
1808 * alternatives code can adjust the relative offsets
1809 * accordingly.
1810 */
1811 alt_reloc = insn_reloc(file, insn);
1812 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) &&
1813 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) {
1814
1815 ERROR_INSN(insn, "unsupported relocation in alternatives section");
1816 return -1;
1817 }
1818
1819 if (!is_static_jump(insn))
1820 continue;
1821
1822 if (!insn->immediate)
1823 continue;
1824
1825 dest_off = arch_jump_destination(insn);
1826 if (dest_off == special_alt->new_off + special_alt->new_len) {
1827 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn);
1828 if (!insn->jump_dest) {
1829 ERROR_INSN(insn, "can't find alternative jump destination");
1830 return -1;
1831 }
1832 }
1833 }
1834
1835 if (!last_new_insn) {
1836 ERROR_FUNC(special_alt->new_sec, special_alt->new_off,
1837 "can't find last new alternative instruction");
1838 return -1;
1839 }
1840
1841 end:
1842 new_alt_group->orig_group = orig_alt_group;
1843 new_alt_group->first_insn = *new_insn;
1844 new_alt_group->last_insn = last_new_insn;
1845 new_alt_group->nop = nop;
1846 new_alt_group->ignore = (*new_insn)->ignore_alts;
1847 new_alt_group->cfi = orig_alt_group->cfi;
1848 return 0;
1849 }
1850
1851 /*
1852 * A jump table entry can either convert a nop to a jump or a jump to a nop.
1853 * If the original instruction is a jump, make the alt entry an effective nop
1854 * by just skipping the original instruction.
1855 */
handle_jump_alt(struct objtool_file * file,struct special_alt * special_alt,struct instruction * orig_insn,struct instruction ** new_insn)1856 static int handle_jump_alt(struct objtool_file *file,
1857 struct special_alt *special_alt,
1858 struct instruction *orig_insn,
1859 struct instruction **new_insn)
1860 {
1861 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL &&
1862 orig_insn->type != INSN_NOP) {
1863
1864 ERROR_INSN(orig_insn, "unsupported instruction at jump label");
1865 return -1;
1866 }
1867
1868 if (opts.hack_jump_label && special_alt->key_addend & 2) {
1869 struct reloc *reloc = insn_reloc(file, orig_insn);
1870
1871 if (reloc)
1872 set_reloc_type(file->elf, reloc, R_NONE);
1873
1874 if (elf_write_insn(file->elf, orig_insn->sec,
1875 orig_insn->offset, orig_insn->len,
1876 arch_nop_insn(orig_insn->len))) {
1877 return -1;
1878 }
1879
1880 orig_insn->type = INSN_NOP;
1881 }
1882
1883 if (orig_insn->type == INSN_NOP) {
1884 if (orig_insn->len == 2)
1885 file->jl_nop_short++;
1886 else
1887 file->jl_nop_long++;
1888
1889 return 0;
1890 }
1891
1892 if (orig_insn->len == 2)
1893 file->jl_short++;
1894 else
1895 file->jl_long++;
1896
1897 *new_insn = next_insn_same_sec(file, orig_insn);
1898 return 0;
1899 }
1900
1901 /*
1902 * Read all the special sections which have alternate instructions which can be
1903 * patched in or redirected to at runtime. Each instruction having alternate
1904 * instruction(s) has them added to its insn->alts list, which will be
1905 * traversed in validate_branch().
1906 */
add_special_section_alts(struct objtool_file * file)1907 static int add_special_section_alts(struct objtool_file *file)
1908 {
1909 struct list_head special_alts;
1910 struct instruction *orig_insn, *new_insn;
1911 struct special_alt *special_alt, *tmp;
1912 struct alternative *alt;
1913 int ret;
1914
1915 if (special_get_alts(file->elf, &special_alts))
1916 return -1;
1917
1918 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
1919
1920 orig_insn = find_insn(file, special_alt->orig_sec,
1921 special_alt->orig_off);
1922 if (!orig_insn) {
1923 ERROR_FUNC(special_alt->orig_sec, special_alt->orig_off,
1924 "special: can't find orig instruction");
1925 return -1;
1926 }
1927
1928 new_insn = NULL;
1929 if (!special_alt->group || special_alt->new_len) {
1930 new_insn = find_insn(file, special_alt->new_sec,
1931 special_alt->new_off);
1932 if (!new_insn) {
1933 ERROR_FUNC(special_alt->new_sec, special_alt->new_off,
1934 "special: can't find new instruction");
1935 return -1;
1936 }
1937 }
1938
1939 if (special_alt->group) {
1940 if (!special_alt->orig_len) {
1941 ERROR_INSN(orig_insn, "empty alternative entry");
1942 continue;
1943 }
1944
1945 ret = handle_group_alt(file, special_alt, orig_insn,
1946 &new_insn);
1947 if (ret)
1948 return ret;
1949
1950 } else if (special_alt->jump_or_nop) {
1951 ret = handle_jump_alt(file, special_alt, orig_insn,
1952 &new_insn);
1953 if (ret)
1954 return ret;
1955 }
1956
1957 alt = calloc(1, sizeof(*alt));
1958 if (!alt) {
1959 ERROR_GLIBC("calloc");
1960 return -1;
1961 }
1962
1963 alt->insn = new_insn;
1964 alt->next = orig_insn->alts;
1965 orig_insn->alts = alt;
1966
1967 list_del(&special_alt->list);
1968 free(special_alt);
1969 }
1970
1971 if (opts.stats) {
1972 printf("jl\\\tNOP\tJMP\n");
1973 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short);
1974 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long);
1975 }
1976
1977 return 0;
1978 }
1979
arch_jump_table_sym_offset(struct reloc * reloc,struct reloc * table)1980 __weak unsigned long arch_jump_table_sym_offset(struct reloc *reloc, struct reloc *table)
1981 {
1982 return reloc->sym->offset + reloc_addend(reloc);
1983 }
1984
add_jump_table(struct objtool_file * file,struct instruction * insn)1985 static int add_jump_table(struct objtool_file *file, struct instruction *insn)
1986 {
1987 unsigned long table_size = insn_jump_table_size(insn);
1988 struct symbol *pfunc = insn_func(insn)->pfunc;
1989 struct reloc *table = insn_jump_table(insn);
1990 struct instruction *dest_insn;
1991 unsigned int prev_offset = 0;
1992 struct reloc *reloc = table;
1993 struct alternative *alt;
1994 unsigned long sym_offset;
1995
1996 /*
1997 * Each @reloc is a switch table relocation which points to the target
1998 * instruction.
1999 */
2000 for_each_reloc_from(table->sec, reloc) {
2001
2002 /* Check for the end of the table: */
2003 if (table_size && reloc_offset(reloc) - reloc_offset(table) >= table_size)
2004 break;
2005 if (reloc != table && is_jump_table(reloc))
2006 break;
2007
2008 /* Make sure the table entries are consecutive: */
2009 if (prev_offset && reloc_offset(reloc) != prev_offset + arch_reloc_size(reloc))
2010 break;
2011
2012 sym_offset = arch_jump_table_sym_offset(reloc, table);
2013
2014 /* Detect function pointers from contiguous objects: */
2015 if (reloc->sym->sec == pfunc->sec && sym_offset == pfunc->offset)
2016 break;
2017
2018 /*
2019 * Clang sometimes leaves dangling unused jump table entries
2020 * which point to the end of the function. Ignore them.
2021 */
2022 if (reloc->sym->sec == pfunc->sec &&
2023 sym_offset == pfunc->offset + pfunc->len)
2024 goto next;
2025
2026 dest_insn = find_insn(file, reloc->sym->sec, sym_offset);
2027 if (!dest_insn)
2028 break;
2029
2030 /* Make sure the destination is in the same function: */
2031 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc)
2032 break;
2033
2034 alt = calloc(1, sizeof(*alt));
2035 if (!alt) {
2036 ERROR_GLIBC("calloc");
2037 return -1;
2038 }
2039
2040 alt->insn = dest_insn;
2041 alt->next = insn->alts;
2042 insn->alts = alt;
2043 next:
2044 prev_offset = reloc_offset(reloc);
2045 }
2046
2047 if (!prev_offset) {
2048 ERROR_INSN(insn, "can't find switch jump table");
2049 return -1;
2050 }
2051
2052 return 0;
2053 }
2054
2055 /*
2056 * find_jump_table() - Given a dynamic jump, find the switch jump table
2057 * associated with it.
2058 */
find_jump_table(struct objtool_file * file,struct symbol * func,struct instruction * insn)2059 static void find_jump_table(struct objtool_file *file, struct symbol *func,
2060 struct instruction *insn)
2061 {
2062 struct reloc *table_reloc;
2063 struct instruction *dest_insn, *orig_insn = insn;
2064 unsigned long table_size;
2065 unsigned long sym_offset;
2066
2067 /*
2068 * Backward search using the @first_jump_src links, these help avoid
2069 * much of the 'in between' code. Which avoids us getting confused by
2070 * it.
2071 */
2072 for (;
2073 insn && insn_func(insn) && insn_func(insn)->pfunc == func;
2074 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) {
2075
2076 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC)
2077 break;
2078
2079 /* allow small jumps within the range */
2080 if (insn->type == INSN_JUMP_UNCONDITIONAL &&
2081 insn->jump_dest &&
2082 (insn->jump_dest->offset <= insn->offset ||
2083 insn->jump_dest->offset > orig_insn->offset))
2084 break;
2085
2086 table_reloc = arch_find_switch_table(file, insn, &table_size);
2087 if (!table_reloc)
2088 continue;
2089
2090 sym_offset = table_reloc->sym->offset + reloc_addend(table_reloc);
2091
2092 dest_insn = find_insn(file, table_reloc->sym->sec, sym_offset);
2093 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func)
2094 continue;
2095
2096 set_jump_table(table_reloc);
2097 orig_insn->_jump_table = table_reloc;
2098 orig_insn->_jump_table_size = table_size;
2099
2100 break;
2101 }
2102 }
2103
2104 /*
2105 * First pass: Mark the head of each jump table so that in the next pass,
2106 * we know when a given jump table ends and the next one starts.
2107 */
mark_func_jump_tables(struct objtool_file * file,struct symbol * func)2108 static void mark_func_jump_tables(struct objtool_file *file,
2109 struct symbol *func)
2110 {
2111 struct instruction *insn, *last = NULL;
2112
2113 func_for_each_insn(file, func, insn) {
2114 if (!last)
2115 last = insn;
2116
2117 /*
2118 * Store back-pointers for unconditional forward jumps such
2119 * that find_jump_table() can back-track using those and
2120 * avoid some potentially confusing code.
2121 */
2122 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest &&
2123 insn->offset > last->offset &&
2124 insn->jump_dest->offset > insn->offset &&
2125 !insn->jump_dest->first_jump_src) {
2126
2127 insn->jump_dest->first_jump_src = insn;
2128 last = insn->jump_dest;
2129 }
2130
2131 if (insn->type != INSN_JUMP_DYNAMIC)
2132 continue;
2133
2134 find_jump_table(file, func, insn);
2135 }
2136 }
2137
add_func_jump_tables(struct objtool_file * file,struct symbol * func)2138 static int add_func_jump_tables(struct objtool_file *file,
2139 struct symbol *func)
2140 {
2141 struct instruction *insn;
2142 int ret;
2143
2144 func_for_each_insn(file, func, insn) {
2145 if (!insn_jump_table(insn))
2146 continue;
2147
2148 ret = add_jump_table(file, insn);
2149 if (ret)
2150 return ret;
2151 }
2152
2153 return 0;
2154 }
2155
2156 /*
2157 * For some switch statements, gcc generates a jump table in the .rodata
2158 * section which contains a list of addresses within the function to jump to.
2159 * This finds these jump tables and adds them to the insn->alts lists.
2160 */
add_jump_table_alts(struct objtool_file * file)2161 static int add_jump_table_alts(struct objtool_file *file)
2162 {
2163 struct symbol *func;
2164 int ret;
2165
2166 if (!file->rodata)
2167 return 0;
2168
2169 for_each_sym(file, func) {
2170 if (func->type != STT_FUNC)
2171 continue;
2172
2173 mark_func_jump_tables(file, func);
2174 ret = add_func_jump_tables(file, func);
2175 if (ret)
2176 return ret;
2177 }
2178
2179 return 0;
2180 }
2181
set_func_state(struct cfi_state * state)2182 static void set_func_state(struct cfi_state *state)
2183 {
2184 state->cfa = initial_func_cfi.cfa;
2185 memcpy(&state->regs, &initial_func_cfi.regs,
2186 CFI_NUM_REGS * sizeof(struct cfi_reg));
2187 state->stack_size = initial_func_cfi.cfa.offset;
2188 state->type = UNWIND_HINT_TYPE_CALL;
2189 }
2190
read_unwind_hints(struct objtool_file * file)2191 static int read_unwind_hints(struct objtool_file *file)
2192 {
2193 struct cfi_state cfi = init_cfi;
2194 struct section *sec;
2195 struct unwind_hint *hint;
2196 struct instruction *insn;
2197 struct reloc *reloc;
2198 unsigned long offset;
2199 int i;
2200
2201 sec = find_section_by_name(file->elf, ".discard.unwind_hints");
2202 if (!sec)
2203 return 0;
2204
2205 if (!sec->rsec) {
2206 ERROR("missing .rela.discard.unwind_hints section");
2207 return -1;
2208 }
2209
2210 if (sec->sh.sh_size % sizeof(struct unwind_hint)) {
2211 ERROR("struct unwind_hint size mismatch");
2212 return -1;
2213 }
2214
2215 file->hints = true;
2216
2217 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) {
2218 hint = (struct unwind_hint *)sec->data->d_buf + i;
2219
2220 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint));
2221 if (!reloc) {
2222 ERROR("can't find reloc for unwind_hints[%d]", i);
2223 return -1;
2224 }
2225
2226 if (reloc->sym->type == STT_SECTION) {
2227 offset = reloc_addend(reloc);
2228 } else if (reloc->sym->local_label) {
2229 offset = reloc->sym->offset;
2230 } else {
2231 ERROR("unexpected relocation symbol type in %s", sec->rsec->name);
2232 return -1;
2233 }
2234
2235 insn = find_insn(file, reloc->sym->sec, offset);
2236 if (!insn) {
2237 ERROR("can't find insn for unwind_hints[%d]", i);
2238 return -1;
2239 }
2240
2241 insn->hint = true;
2242
2243 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) {
2244 insn->cfi = &force_undefined_cfi;
2245 continue;
2246 }
2247
2248 if (hint->type == UNWIND_HINT_TYPE_SAVE) {
2249 insn->hint = false;
2250 insn->save = true;
2251 continue;
2252 }
2253
2254 if (hint->type == UNWIND_HINT_TYPE_RESTORE) {
2255 insn->restore = true;
2256 continue;
2257 }
2258
2259 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) {
2260 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset);
2261
2262 if (sym && sym->bind == STB_GLOBAL) {
2263 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) {
2264 ERROR_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR");
2265 return -1;
2266 }
2267 }
2268 }
2269
2270 if (hint->type == UNWIND_HINT_TYPE_FUNC) {
2271 insn->cfi = &func_cfi;
2272 continue;
2273 }
2274
2275 if (insn->cfi)
2276 cfi = *(insn->cfi);
2277
2278 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) {
2279 ERROR_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg);
2280 return -1;
2281 }
2282
2283 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset);
2284 cfi.type = hint->type;
2285 cfi.signal = hint->signal;
2286
2287 insn->cfi = cfi_hash_find_or_add(&cfi);
2288 }
2289
2290 return 0;
2291 }
2292
read_annotate(struct objtool_file * file,int (* func)(struct objtool_file * file,int type,struct instruction * insn))2293 static int read_annotate(struct objtool_file *file,
2294 int (*func)(struct objtool_file *file, int type, struct instruction *insn))
2295 {
2296 struct section *sec;
2297 struct instruction *insn;
2298 struct reloc *reloc;
2299 uint64_t offset;
2300 int type, ret;
2301
2302 sec = find_section_by_name(file->elf, ".discard.annotate_insn");
2303 if (!sec)
2304 return 0;
2305
2306 if (!sec->rsec)
2307 return 0;
2308
2309 if (sec->sh.sh_entsize != 8) {
2310 static bool warned = false;
2311 if (!warned && opts.verbose) {
2312 WARN("%s: dodgy linker, sh_entsize != 8", sec->name);
2313 warned = true;
2314 }
2315 sec->sh.sh_entsize = 8;
2316 }
2317
2318 for_each_reloc(sec->rsec, reloc) {
2319 type = *(u32 *)(sec->data->d_buf + (reloc_idx(reloc) * sec->sh.sh_entsize) + 4);
2320
2321 offset = reloc->sym->offset + reloc_addend(reloc);
2322 insn = find_insn(file, reloc->sym->sec, offset);
2323
2324 if (!insn) {
2325 ERROR("bad .discard.annotate_insn entry: %d of type %d", reloc_idx(reloc), type);
2326 return -1;
2327 }
2328
2329 ret = func(file, type, insn);
2330 if (ret < 0)
2331 return ret;
2332 }
2333
2334 return 0;
2335 }
2336
__annotate_early(struct objtool_file * file,int type,struct instruction * insn)2337 static int __annotate_early(struct objtool_file *file, int type, struct instruction *insn)
2338 {
2339 switch (type) {
2340
2341 /* Must be before add_special_section_alts() */
2342 case ANNOTYPE_IGNORE_ALTS:
2343 insn->ignore_alts = true;
2344 break;
2345
2346 /*
2347 * Must be before read_unwind_hints() since that needs insn->noendbr.
2348 */
2349 case ANNOTYPE_NOENDBR:
2350 insn->noendbr = 1;
2351 break;
2352
2353 default:
2354 break;
2355 }
2356
2357 return 0;
2358 }
2359
__annotate_ifc(struct objtool_file * file,int type,struct instruction * insn)2360 static int __annotate_ifc(struct objtool_file *file, int type, struct instruction *insn)
2361 {
2362 unsigned long dest_off;
2363
2364 if (type != ANNOTYPE_INTRA_FUNCTION_CALL)
2365 return 0;
2366
2367 if (insn->type != INSN_CALL) {
2368 ERROR_INSN(insn, "intra_function_call not a direct call");
2369 return -1;
2370 }
2371
2372 /*
2373 * Treat intra-function CALLs as JMPs, but with a stack_op.
2374 * See add_call_destinations(), which strips stack_ops from
2375 * normal CALLs.
2376 */
2377 insn->type = INSN_JUMP_UNCONDITIONAL;
2378
2379 dest_off = arch_jump_destination(insn);
2380 insn->jump_dest = find_insn(file, insn->sec, dest_off);
2381 if (!insn->jump_dest) {
2382 ERROR_INSN(insn, "can't find call dest at %s+0x%lx",
2383 insn->sec->name, dest_off);
2384 return -1;
2385 }
2386
2387 return 0;
2388 }
2389
__annotate_late(struct objtool_file * file,int type,struct instruction * insn)2390 static int __annotate_late(struct objtool_file *file, int type, struct instruction *insn)
2391 {
2392 switch (type) {
2393 case ANNOTYPE_NOENDBR:
2394 /* early */
2395 break;
2396
2397 case ANNOTYPE_RETPOLINE_SAFE:
2398 if (insn->type != INSN_JUMP_DYNAMIC &&
2399 insn->type != INSN_CALL_DYNAMIC &&
2400 insn->type != INSN_RETURN &&
2401 insn->type != INSN_NOP) {
2402 ERROR_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop");
2403 return -1;
2404 }
2405
2406 insn->retpoline_safe = true;
2407 break;
2408
2409 case ANNOTYPE_INSTR_BEGIN:
2410 insn->instr++;
2411 break;
2412
2413 case ANNOTYPE_INSTR_END:
2414 insn->instr--;
2415 break;
2416
2417 case ANNOTYPE_UNRET_BEGIN:
2418 insn->unret = 1;
2419 break;
2420
2421 case ANNOTYPE_IGNORE_ALTS:
2422 /* early */
2423 break;
2424
2425 case ANNOTYPE_INTRA_FUNCTION_CALL:
2426 /* ifc */
2427 break;
2428
2429 case ANNOTYPE_REACHABLE:
2430 insn->dead_end = false;
2431 break;
2432
2433 default:
2434 ERROR_INSN(insn, "Unknown annotation type: %d", type);
2435 return -1;
2436 }
2437
2438 return 0;
2439 }
2440
2441 /*
2442 * Return true if name matches an instrumentation function, where calls to that
2443 * function from noinstr code can safely be removed, but compilers won't do so.
2444 */
is_profiling_func(const char * name)2445 static bool is_profiling_func(const char *name)
2446 {
2447 /*
2448 * Many compilers cannot disable KCOV with a function attribute.
2449 */
2450 if (!strncmp(name, "__sanitizer_cov_", 16))
2451 return true;
2452
2453 /*
2454 * Some compilers currently do not remove __tsan_func_entry/exit nor
2455 * __tsan_atomic_signal_fence (used for barrier instrumentation) with
2456 * the __no_sanitize_thread attribute, remove them. Once the kernel's
2457 * minimum Clang version is 14.0, this can be removed.
2458 */
2459 if (!strncmp(name, "__tsan_func_", 12) ||
2460 !strcmp(name, "__tsan_atomic_signal_fence"))
2461 return true;
2462
2463 return false;
2464 }
2465
classify_symbols(struct objtool_file * file)2466 static int classify_symbols(struct objtool_file *file)
2467 {
2468 struct symbol *func;
2469
2470 for_each_sym(file, func) {
2471 if (func->type == STT_NOTYPE && strstarts(func->name, ".L"))
2472 func->local_label = true;
2473
2474 if (func->bind != STB_GLOBAL)
2475 continue;
2476
2477 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR,
2478 strlen(STATIC_CALL_TRAMP_PREFIX_STR)))
2479 func->static_call_tramp = true;
2480
2481 if (arch_is_retpoline(func))
2482 func->retpoline_thunk = true;
2483
2484 if (arch_is_rethunk(func))
2485 func->return_thunk = true;
2486
2487 if (arch_is_embedded_insn(func))
2488 func->embedded_insn = true;
2489
2490 if (arch_ftrace_match(func->name))
2491 func->fentry = true;
2492
2493 if (is_profiling_func(func->name))
2494 func->profiling_func = true;
2495 }
2496
2497 return 0;
2498 }
2499
mark_rodata(struct objtool_file * file)2500 static void mark_rodata(struct objtool_file *file)
2501 {
2502 struct section *sec;
2503 bool found = false;
2504
2505 /*
2506 * Search for the following rodata sections, each of which can
2507 * potentially contain jump tables:
2508 *
2509 * - .rodata: can contain GCC switch tables
2510 * - .rodata.<func>: same, if -fdata-sections is being used
2511 * - .data.rel.ro.c_jump_table: contains C annotated jump tables
2512 *
2513 * .rodata.str1.* sections are ignored; they don't contain jump tables.
2514 */
2515 for_each_sec(file, sec) {
2516 if ((!strncmp(sec->name, ".rodata", 7) &&
2517 !strstr(sec->name, ".str1.")) ||
2518 !strncmp(sec->name, ".data.rel.ro", 12)) {
2519 sec->rodata = true;
2520 found = true;
2521 }
2522 }
2523
2524 file->rodata = found;
2525 }
2526
decode_sections(struct objtool_file * file)2527 static int decode_sections(struct objtool_file *file)
2528 {
2529 int ret;
2530
2531 mark_rodata(file);
2532
2533 ret = init_pv_ops(file);
2534 if (ret)
2535 return ret;
2536
2537 /*
2538 * Must be before add_{jump_call}_destination.
2539 */
2540 ret = classify_symbols(file);
2541 if (ret)
2542 return ret;
2543
2544 ret = decode_instructions(file);
2545 if (ret)
2546 return ret;
2547
2548 ret = add_ignores(file);
2549 if (ret)
2550 return ret;
2551
2552 add_uaccess_safe(file);
2553
2554 ret = read_annotate(file, __annotate_early);
2555 if (ret)
2556 return ret;
2557
2558 /*
2559 * Must be before add_jump_destinations(), which depends on 'func'
2560 * being set for alternatives, to enable proper sibling call detection.
2561 */
2562 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) {
2563 ret = add_special_section_alts(file);
2564 if (ret)
2565 return ret;
2566 }
2567
2568 ret = add_jump_destinations(file);
2569 if (ret)
2570 return ret;
2571
2572 /*
2573 * Must be before add_call_destination(); it changes INSN_CALL to
2574 * INSN_JUMP.
2575 */
2576 ret = read_annotate(file, __annotate_ifc);
2577 if (ret)
2578 return ret;
2579
2580 ret = add_call_destinations(file);
2581 if (ret)
2582 return ret;
2583
2584 ret = add_jump_table_alts(file);
2585 if (ret)
2586 return ret;
2587
2588 ret = read_unwind_hints(file);
2589 if (ret)
2590 return ret;
2591
2592 /*
2593 * Must be after add_call_destinations() such that it can override
2594 * dead_end_function() marks.
2595 */
2596 ret = read_annotate(file, __annotate_late);
2597 if (ret)
2598 return ret;
2599
2600 return 0;
2601 }
2602
is_special_call(struct instruction * insn)2603 static bool is_special_call(struct instruction *insn)
2604 {
2605 if (insn->type == INSN_CALL) {
2606 struct symbol *dest = insn_call_dest(insn);
2607
2608 if (!dest)
2609 return false;
2610
2611 if (dest->fentry || dest->embedded_insn)
2612 return true;
2613 }
2614
2615 return false;
2616 }
2617
has_modified_stack_frame(struct instruction * insn,struct insn_state * state)2618 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state)
2619 {
2620 struct cfi_state *cfi = &state->cfi;
2621 int i;
2622
2623 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap)
2624 return true;
2625
2626 if (cfi->cfa.offset != initial_func_cfi.cfa.offset)
2627 return true;
2628
2629 if (cfi->stack_size != initial_func_cfi.cfa.offset)
2630 return true;
2631
2632 for (i = 0; i < CFI_NUM_REGS; i++) {
2633 if (cfi->regs[i].base != initial_func_cfi.regs[i].base ||
2634 cfi->regs[i].offset != initial_func_cfi.regs[i].offset)
2635 return true;
2636 }
2637
2638 return false;
2639 }
2640
check_reg_frame_pos(const struct cfi_reg * reg,int expected_offset)2641 static bool check_reg_frame_pos(const struct cfi_reg *reg,
2642 int expected_offset)
2643 {
2644 return reg->base == CFI_CFA &&
2645 reg->offset == expected_offset;
2646 }
2647
has_valid_stack_frame(struct insn_state * state)2648 static bool has_valid_stack_frame(struct insn_state *state)
2649 {
2650 struct cfi_state *cfi = &state->cfi;
2651
2652 if (cfi->cfa.base == CFI_BP &&
2653 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) &&
2654 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8))
2655 return true;
2656
2657 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP)
2658 return true;
2659
2660 return false;
2661 }
2662
update_cfi_state_regs(struct instruction * insn,struct cfi_state * cfi,struct stack_op * op)2663 static int update_cfi_state_regs(struct instruction *insn,
2664 struct cfi_state *cfi,
2665 struct stack_op *op)
2666 {
2667 struct cfi_reg *cfa = &cfi->cfa;
2668
2669 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT)
2670 return 0;
2671
2672 /* push */
2673 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF)
2674 cfa->offset += 8;
2675
2676 /* pop */
2677 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF)
2678 cfa->offset -= 8;
2679
2680 /* add immediate to sp */
2681 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD &&
2682 op->dest.reg == CFI_SP && op->src.reg == CFI_SP)
2683 cfa->offset -= op->src.offset;
2684
2685 return 0;
2686 }
2687
save_reg(struct cfi_state * cfi,unsigned char reg,int base,int offset)2688 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset)
2689 {
2690 if (arch_callee_saved_reg(reg) &&
2691 cfi->regs[reg].base == CFI_UNDEFINED) {
2692 cfi->regs[reg].base = base;
2693 cfi->regs[reg].offset = offset;
2694 }
2695 }
2696
restore_reg(struct cfi_state * cfi,unsigned char reg)2697 static void restore_reg(struct cfi_state *cfi, unsigned char reg)
2698 {
2699 cfi->regs[reg].base = initial_func_cfi.regs[reg].base;
2700 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset;
2701 }
2702
2703 /*
2704 * A note about DRAP stack alignment:
2705 *
2706 * GCC has the concept of a DRAP register, which is used to help keep track of
2707 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP
2708 * register. The typical DRAP pattern is:
2709 *
2710 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10
2711 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
2712 * 41 ff 72 f8 pushq -0x8(%r10)
2713 * 55 push %rbp
2714 * 48 89 e5 mov %rsp,%rbp
2715 * (more pushes)
2716 * 41 52 push %r10
2717 * ...
2718 * 41 5a pop %r10
2719 * (more pops)
2720 * 5d pop %rbp
2721 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2722 * c3 retq
2723 *
2724 * There are some variations in the epilogues, like:
2725 *
2726 * 5b pop %rbx
2727 * 41 5a pop %r10
2728 * 41 5c pop %r12
2729 * 41 5d pop %r13
2730 * 41 5e pop %r14
2731 * c9 leaveq
2732 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2733 * c3 retq
2734 *
2735 * and:
2736 *
2737 * 4c 8b 55 e8 mov -0x18(%rbp),%r10
2738 * 48 8b 5d e0 mov -0x20(%rbp),%rbx
2739 * 4c 8b 65 f0 mov -0x10(%rbp),%r12
2740 * 4c 8b 6d f8 mov -0x8(%rbp),%r13
2741 * c9 leaveq
2742 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2743 * c3 retq
2744 *
2745 * Sometimes r13 is used as the DRAP register, in which case it's saved and
2746 * restored beforehand:
2747 *
2748 * 41 55 push %r13
2749 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13
2750 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
2751 * ...
2752 * 49 8d 65 f0 lea -0x10(%r13),%rsp
2753 * 41 5d pop %r13
2754 * c3 retq
2755 */
update_cfi_state(struct instruction * insn,struct instruction * next_insn,struct cfi_state * cfi,struct stack_op * op)2756 static int update_cfi_state(struct instruction *insn,
2757 struct instruction *next_insn,
2758 struct cfi_state *cfi, struct stack_op *op)
2759 {
2760 struct cfi_reg *cfa = &cfi->cfa;
2761 struct cfi_reg *regs = cfi->regs;
2762
2763 /* ignore UNWIND_HINT_UNDEFINED regions */
2764 if (cfi->force_undefined)
2765 return 0;
2766
2767 /* stack operations don't make sense with an undefined CFA */
2768 if (cfa->base == CFI_UNDEFINED) {
2769 if (insn_func(insn)) {
2770 WARN_INSN(insn, "undefined stack state");
2771 return 1;
2772 }
2773 return 0;
2774 }
2775
2776 if (cfi->type == UNWIND_HINT_TYPE_REGS ||
2777 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL)
2778 return update_cfi_state_regs(insn, cfi, op);
2779
2780 switch (op->dest.type) {
2781
2782 case OP_DEST_REG:
2783 switch (op->src.type) {
2784
2785 case OP_SRC_REG:
2786 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP &&
2787 cfa->base == CFI_SP &&
2788 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) {
2789
2790 /* mov %rsp, %rbp */
2791 cfa->base = op->dest.reg;
2792 cfi->bp_scratch = false;
2793 }
2794
2795 else if (op->src.reg == CFI_SP &&
2796 op->dest.reg == CFI_BP && cfi->drap) {
2797
2798 /* drap: mov %rsp, %rbp */
2799 regs[CFI_BP].base = CFI_BP;
2800 regs[CFI_BP].offset = -cfi->stack_size;
2801 cfi->bp_scratch = false;
2802 }
2803
2804 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
2805
2806 /*
2807 * mov %rsp, %reg
2808 *
2809 * This is needed for the rare case where GCC
2810 * does:
2811 *
2812 * mov %rsp, %rax
2813 * ...
2814 * mov %rax, %rsp
2815 */
2816 cfi->vals[op->dest.reg].base = CFI_CFA;
2817 cfi->vals[op->dest.reg].offset = -cfi->stack_size;
2818 }
2819
2820 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP &&
2821 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) {
2822
2823 /*
2824 * mov %rbp, %rsp
2825 *
2826 * Restore the original stack pointer (Clang).
2827 */
2828 cfi->stack_size = -cfi->regs[CFI_BP].offset;
2829 }
2830
2831 else if (op->dest.reg == cfa->base) {
2832
2833 /* mov %reg, %rsp */
2834 if (cfa->base == CFI_SP &&
2835 cfi->vals[op->src.reg].base == CFI_CFA) {
2836
2837 /*
2838 * This is needed for the rare case
2839 * where GCC does something dumb like:
2840 *
2841 * lea 0x8(%rsp), %rcx
2842 * ...
2843 * mov %rcx, %rsp
2844 */
2845 cfa->offset = -cfi->vals[op->src.reg].offset;
2846 cfi->stack_size = cfa->offset;
2847
2848 } else if (cfa->base == CFI_SP &&
2849 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT &&
2850 cfi->vals[op->src.reg].offset == cfa->offset) {
2851
2852 /*
2853 * Stack swizzle:
2854 *
2855 * 1: mov %rsp, (%[tos])
2856 * 2: mov %[tos], %rsp
2857 * ...
2858 * 3: pop %rsp
2859 *
2860 * Where:
2861 *
2862 * 1 - places a pointer to the previous
2863 * stack at the Top-of-Stack of the
2864 * new stack.
2865 *
2866 * 2 - switches to the new stack.
2867 *
2868 * 3 - pops the Top-of-Stack to restore
2869 * the original stack.
2870 *
2871 * Note: we set base to SP_INDIRECT
2872 * here and preserve offset. Therefore
2873 * when the unwinder reaches ToS it
2874 * will dereference SP and then add the
2875 * offset to find the next frame, IOW:
2876 * (%rsp) + offset.
2877 */
2878 cfa->base = CFI_SP_INDIRECT;
2879
2880 } else {
2881 cfa->base = CFI_UNDEFINED;
2882 cfa->offset = 0;
2883 }
2884 }
2885
2886 else if (op->dest.reg == CFI_SP &&
2887 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT &&
2888 cfi->vals[op->src.reg].offset == cfa->offset) {
2889
2890 /*
2891 * The same stack swizzle case 2) as above. But
2892 * because we can't change cfa->base, case 3)
2893 * will become a regular POP. Pretend we're a
2894 * PUSH so things don't go unbalanced.
2895 */
2896 cfi->stack_size += 8;
2897 }
2898
2899
2900 break;
2901
2902 case OP_SRC_ADD:
2903 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) {
2904
2905 /* add imm, %rsp */
2906 cfi->stack_size -= op->src.offset;
2907 if (cfa->base == CFI_SP)
2908 cfa->offset -= op->src.offset;
2909 break;
2910 }
2911
2912 if (op->dest.reg == CFI_BP && op->src.reg == CFI_SP &&
2913 insn->sym->frame_pointer) {
2914 /* addi.d fp,sp,imm on LoongArch */
2915 if (cfa->base == CFI_SP && cfa->offset == op->src.offset) {
2916 cfa->base = CFI_BP;
2917 cfa->offset = 0;
2918 }
2919 break;
2920 }
2921
2922 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) {
2923 /* addi.d sp,fp,imm on LoongArch */
2924 if (cfa->base == CFI_BP && cfa->offset == 0) {
2925 if (insn->sym->frame_pointer) {
2926 cfa->base = CFI_SP;
2927 cfa->offset = -op->src.offset;
2928 }
2929 } else {
2930 /* lea disp(%rbp), %rsp */
2931 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset);
2932 }
2933 break;
2934 }
2935
2936 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
2937
2938 /* drap: lea disp(%rsp), %drap */
2939 cfi->drap_reg = op->dest.reg;
2940
2941 /*
2942 * lea disp(%rsp), %reg
2943 *
2944 * This is needed for the rare case where GCC
2945 * does something dumb like:
2946 *
2947 * lea 0x8(%rsp), %rcx
2948 * ...
2949 * mov %rcx, %rsp
2950 */
2951 cfi->vals[op->dest.reg].base = CFI_CFA;
2952 cfi->vals[op->dest.reg].offset = \
2953 -cfi->stack_size + op->src.offset;
2954
2955 break;
2956 }
2957
2958 if (cfi->drap && op->dest.reg == CFI_SP &&
2959 op->src.reg == cfi->drap_reg) {
2960
2961 /* drap: lea disp(%drap), %rsp */
2962 cfa->base = CFI_SP;
2963 cfa->offset = cfi->stack_size = -op->src.offset;
2964 cfi->drap_reg = CFI_UNDEFINED;
2965 cfi->drap = false;
2966 break;
2967 }
2968
2969 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) {
2970 WARN_INSN(insn, "unsupported stack register modification");
2971 return -1;
2972 }
2973
2974 break;
2975
2976 case OP_SRC_AND:
2977 if (op->dest.reg != CFI_SP ||
2978 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) ||
2979 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) {
2980 WARN_INSN(insn, "unsupported stack pointer realignment");
2981 return -1;
2982 }
2983
2984 if (cfi->drap_reg != CFI_UNDEFINED) {
2985 /* drap: and imm, %rsp */
2986 cfa->base = cfi->drap_reg;
2987 cfa->offset = cfi->stack_size = 0;
2988 cfi->drap = true;
2989 }
2990
2991 /*
2992 * Older versions of GCC (4.8ish) realign the stack
2993 * without DRAP, with a frame pointer.
2994 */
2995
2996 break;
2997
2998 case OP_SRC_POP:
2999 case OP_SRC_POPF:
3000 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) {
3001
3002 /* pop %rsp; # restore from a stack swizzle */
3003 cfa->base = CFI_SP;
3004 break;
3005 }
3006
3007 if (!cfi->drap && op->dest.reg == cfa->base) {
3008
3009 /* pop %rbp */
3010 cfa->base = CFI_SP;
3011 }
3012
3013 if (cfi->drap && cfa->base == CFI_BP_INDIRECT &&
3014 op->dest.reg == cfi->drap_reg &&
3015 cfi->drap_offset == -cfi->stack_size) {
3016
3017 /* drap: pop %drap */
3018 cfa->base = cfi->drap_reg;
3019 cfa->offset = 0;
3020 cfi->drap_offset = -1;
3021
3022 } else if (cfi->stack_size == -regs[op->dest.reg].offset) {
3023
3024 /* pop %reg */
3025 restore_reg(cfi, op->dest.reg);
3026 }
3027
3028 cfi->stack_size -= 8;
3029 if (cfa->base == CFI_SP)
3030 cfa->offset -= 8;
3031
3032 break;
3033
3034 case OP_SRC_REG_INDIRECT:
3035 if (!cfi->drap && op->dest.reg == cfa->base &&
3036 op->dest.reg == CFI_BP) {
3037
3038 /* mov disp(%rsp), %rbp */
3039 cfa->base = CFI_SP;
3040 cfa->offset = cfi->stack_size;
3041 }
3042
3043 if (cfi->drap && op->src.reg == CFI_BP &&
3044 op->src.offset == cfi->drap_offset) {
3045
3046 /* drap: mov disp(%rbp), %drap */
3047 cfa->base = cfi->drap_reg;
3048 cfa->offset = 0;
3049 cfi->drap_offset = -1;
3050 }
3051
3052 if (cfi->drap && op->src.reg == CFI_BP &&
3053 op->src.offset == regs[op->dest.reg].offset) {
3054
3055 /* drap: mov disp(%rbp), %reg */
3056 restore_reg(cfi, op->dest.reg);
3057
3058 } else if (op->src.reg == cfa->base &&
3059 op->src.offset == regs[op->dest.reg].offset + cfa->offset) {
3060
3061 /* mov disp(%rbp), %reg */
3062 /* mov disp(%rsp), %reg */
3063 restore_reg(cfi, op->dest.reg);
3064
3065 } else if (op->src.reg == CFI_SP &&
3066 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) {
3067
3068 /* mov disp(%rsp), %reg */
3069 restore_reg(cfi, op->dest.reg);
3070 }
3071
3072 break;
3073
3074 default:
3075 WARN_INSN(insn, "unknown stack-related instruction");
3076 return -1;
3077 }
3078
3079 break;
3080
3081 case OP_DEST_PUSH:
3082 case OP_DEST_PUSHF:
3083 cfi->stack_size += 8;
3084 if (cfa->base == CFI_SP)
3085 cfa->offset += 8;
3086
3087 if (op->src.type != OP_SRC_REG)
3088 break;
3089
3090 if (cfi->drap) {
3091 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
3092
3093 /* drap: push %drap */
3094 cfa->base = CFI_BP_INDIRECT;
3095 cfa->offset = -cfi->stack_size;
3096
3097 /* save drap so we know when to restore it */
3098 cfi->drap_offset = -cfi->stack_size;
3099
3100 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) {
3101
3102 /* drap: push %rbp */
3103 cfi->stack_size = 0;
3104
3105 } else {
3106
3107 /* drap: push %reg */
3108 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size);
3109 }
3110
3111 } else {
3112
3113 /* push %reg */
3114 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size);
3115 }
3116
3117 /* detect when asm code uses rbp as a scratch register */
3118 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP &&
3119 cfa->base != CFI_BP)
3120 cfi->bp_scratch = true;
3121 break;
3122
3123 case OP_DEST_REG_INDIRECT:
3124
3125 if (cfi->drap) {
3126 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
3127
3128 /* drap: mov %drap, disp(%rbp) */
3129 cfa->base = CFI_BP_INDIRECT;
3130 cfa->offset = op->dest.offset;
3131
3132 /* save drap offset so we know when to restore it */
3133 cfi->drap_offset = op->dest.offset;
3134 } else {
3135
3136 /* drap: mov reg, disp(%rbp) */
3137 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset);
3138 }
3139
3140 } else if (op->dest.reg == cfa->base) {
3141
3142 /* mov reg, disp(%rbp) */
3143 /* mov reg, disp(%rsp) */
3144 save_reg(cfi, op->src.reg, CFI_CFA,
3145 op->dest.offset - cfi->cfa.offset);
3146
3147 } else if (op->dest.reg == CFI_SP) {
3148
3149 /* mov reg, disp(%rsp) */
3150 save_reg(cfi, op->src.reg, CFI_CFA,
3151 op->dest.offset - cfi->stack_size);
3152
3153 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) {
3154
3155 /* mov %rsp, (%reg); # setup a stack swizzle. */
3156 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT;
3157 cfi->vals[op->dest.reg].offset = cfa->offset;
3158 }
3159
3160 break;
3161
3162 case OP_DEST_MEM:
3163 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) {
3164 WARN_INSN(insn, "unknown stack-related memory operation");
3165 return -1;
3166 }
3167
3168 /* pop mem */
3169 cfi->stack_size -= 8;
3170 if (cfa->base == CFI_SP)
3171 cfa->offset -= 8;
3172
3173 break;
3174
3175 default:
3176 WARN_INSN(insn, "unknown stack-related instruction");
3177 return -1;
3178 }
3179
3180 return 0;
3181 }
3182
3183 /*
3184 * The stack layouts of alternatives instructions can sometimes diverge when
3185 * they have stack modifications. That's fine as long as the potential stack
3186 * layouts don't conflict at any given potential instruction boundary.
3187 *
3188 * Flatten the CFIs of the different alternative code streams (both original
3189 * and replacement) into a single shared CFI array which can be used to detect
3190 * conflicts and nicely feed a linear array of ORC entries to the unwinder.
3191 */
propagate_alt_cfi(struct objtool_file * file,struct instruction * insn)3192 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn)
3193 {
3194 struct cfi_state **alt_cfi;
3195 int group_off;
3196
3197 if (!insn->alt_group)
3198 return 0;
3199
3200 if (!insn->cfi) {
3201 WARN("CFI missing");
3202 return -1;
3203 }
3204
3205 alt_cfi = insn->alt_group->cfi;
3206 group_off = insn->offset - insn->alt_group->first_insn->offset;
3207
3208 if (!alt_cfi[group_off]) {
3209 alt_cfi[group_off] = insn->cfi;
3210 } else {
3211 if (cficmp(alt_cfi[group_off], insn->cfi)) {
3212 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group;
3213 struct instruction *orig = orig_group->first_insn;
3214 WARN_INSN(orig, "stack layout conflict in alternatives: %s",
3215 offstr(insn->sec, insn->offset));
3216 return -1;
3217 }
3218 }
3219
3220 return 0;
3221 }
3222
handle_insn_ops(struct instruction * insn,struct instruction * next_insn,struct insn_state * state)3223 static int handle_insn_ops(struct instruction *insn,
3224 struct instruction *next_insn,
3225 struct insn_state *state)
3226 {
3227 struct stack_op *op;
3228 int ret;
3229
3230 for (op = insn->stack_ops; op; op = op->next) {
3231
3232 ret = update_cfi_state(insn, next_insn, &state->cfi, op);
3233 if (ret)
3234 return ret;
3235
3236 if (!opts.uaccess || !insn->alt_group)
3237 continue;
3238
3239 if (op->dest.type == OP_DEST_PUSHF) {
3240 if (!state->uaccess_stack) {
3241 state->uaccess_stack = 1;
3242 } else if (state->uaccess_stack >> 31) {
3243 WARN_INSN(insn, "PUSHF stack exhausted");
3244 return 1;
3245 }
3246 state->uaccess_stack <<= 1;
3247 state->uaccess_stack |= state->uaccess;
3248 }
3249
3250 if (op->src.type == OP_SRC_POPF) {
3251 if (state->uaccess_stack) {
3252 state->uaccess = state->uaccess_stack & 1;
3253 state->uaccess_stack >>= 1;
3254 if (state->uaccess_stack == 1)
3255 state->uaccess_stack = 0;
3256 }
3257 }
3258 }
3259
3260 return 0;
3261 }
3262
insn_cfi_match(struct instruction * insn,struct cfi_state * cfi2)3263 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2)
3264 {
3265 struct cfi_state *cfi1 = insn->cfi;
3266 int i;
3267
3268 if (!cfi1) {
3269 WARN("CFI missing");
3270 return false;
3271 }
3272
3273 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) {
3274
3275 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d",
3276 cfi1->cfa.base, cfi1->cfa.offset,
3277 cfi2->cfa.base, cfi2->cfa.offset);
3278 return false;
3279
3280 }
3281
3282 if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) {
3283 for (i = 0; i < CFI_NUM_REGS; i++) {
3284
3285 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], sizeof(struct cfi_reg)))
3286 continue;
3287
3288 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d",
3289 i, cfi1->regs[i].base, cfi1->regs[i].offset,
3290 i, cfi2->regs[i].base, cfi2->regs[i].offset);
3291 }
3292 return false;
3293 }
3294
3295 if (cfi1->type != cfi2->type) {
3296
3297 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d",
3298 cfi1->type, cfi2->type);
3299 return false;
3300 }
3301
3302 if (cfi1->drap != cfi2->drap ||
3303 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) ||
3304 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) {
3305
3306 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)",
3307 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset,
3308 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset);
3309 return false;
3310 }
3311
3312 return true;
3313 }
3314
func_uaccess_safe(struct symbol * func)3315 static inline bool func_uaccess_safe(struct symbol *func)
3316 {
3317 if (func)
3318 return func->uaccess_safe;
3319
3320 return false;
3321 }
3322
call_dest_name(struct instruction * insn)3323 static inline const char *call_dest_name(struct instruction *insn)
3324 {
3325 static char pvname[19];
3326 struct reloc *reloc;
3327 int idx;
3328
3329 if (insn_call_dest(insn))
3330 return insn_call_dest(insn)->name;
3331
3332 reloc = insn_reloc(NULL, insn);
3333 if (reloc && !strcmp(reloc->sym->name, "pv_ops")) {
3334 idx = (reloc_addend(reloc) / sizeof(void *));
3335 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx);
3336 return pvname;
3337 }
3338
3339 return "{dynamic}";
3340 }
3341
pv_call_dest(struct objtool_file * file,struct instruction * insn)3342 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn)
3343 {
3344 struct symbol *target;
3345 struct reloc *reloc;
3346 int idx;
3347
3348 reloc = insn_reloc(file, insn);
3349 if (!reloc || strcmp(reloc->sym->name, "pv_ops"))
3350 return false;
3351
3352 idx = (arch_dest_reloc_offset(reloc_addend(reloc)) / sizeof(void *));
3353
3354 if (file->pv_ops[idx].clean)
3355 return true;
3356
3357 file->pv_ops[idx].clean = true;
3358
3359 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) {
3360 if (!target->sec->noinstr) {
3361 WARN("pv_ops[%d]: %s", idx, target->name);
3362 file->pv_ops[idx].clean = false;
3363 }
3364 }
3365
3366 return file->pv_ops[idx].clean;
3367 }
3368
noinstr_call_dest(struct objtool_file * file,struct instruction * insn,struct symbol * func)3369 static inline bool noinstr_call_dest(struct objtool_file *file,
3370 struct instruction *insn,
3371 struct symbol *func)
3372 {
3373 /*
3374 * We can't deal with indirect function calls at present;
3375 * assume they're instrumented.
3376 */
3377 if (!func) {
3378 if (file->pv_ops)
3379 return pv_call_dest(file, insn);
3380
3381 return false;
3382 }
3383
3384 /*
3385 * If the symbol is from a noinstr section; we good.
3386 */
3387 if (func->sec->noinstr)
3388 return true;
3389
3390 /*
3391 * If the symbol is a static_call trampoline, we can't tell.
3392 */
3393 if (func->static_call_tramp)
3394 return true;
3395
3396 /*
3397 * The __ubsan_handle_*() calls are like WARN(), they only happen when
3398 * something 'BAD' happened. At the risk of taking the machine down,
3399 * let them proceed to get the message out.
3400 */
3401 if (!strncmp(func->name, "__ubsan_handle_", 15))
3402 return true;
3403
3404 return false;
3405 }
3406
validate_call(struct objtool_file * file,struct instruction * insn,struct insn_state * state)3407 static int validate_call(struct objtool_file *file,
3408 struct instruction *insn,
3409 struct insn_state *state)
3410 {
3411 if (state->noinstr && state->instr <= 0 &&
3412 !noinstr_call_dest(file, insn, insn_call_dest(insn))) {
3413 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn));
3414 return 1;
3415 }
3416
3417 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) {
3418 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn));
3419 return 1;
3420 }
3421
3422 if (state->df) {
3423 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn));
3424 return 1;
3425 }
3426
3427 return 0;
3428 }
3429
validate_sibling_call(struct objtool_file * file,struct instruction * insn,struct insn_state * state)3430 static int validate_sibling_call(struct objtool_file *file,
3431 struct instruction *insn,
3432 struct insn_state *state)
3433 {
3434 if (insn_func(insn) && has_modified_stack_frame(insn, state)) {
3435 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame");
3436 return 1;
3437 }
3438
3439 return validate_call(file, insn, state);
3440 }
3441
validate_return(struct symbol * func,struct instruction * insn,struct insn_state * state)3442 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state)
3443 {
3444 if (state->noinstr && state->instr > 0) {
3445 WARN_INSN(insn, "return with instrumentation enabled");
3446 return 1;
3447 }
3448
3449 if (state->uaccess && !func_uaccess_safe(func)) {
3450 WARN_INSN(insn, "return with UACCESS enabled");
3451 return 1;
3452 }
3453
3454 if (!state->uaccess && func_uaccess_safe(func)) {
3455 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function");
3456 return 1;
3457 }
3458
3459 if (state->df) {
3460 WARN_INSN(insn, "return with DF set");
3461 return 1;
3462 }
3463
3464 if (func && has_modified_stack_frame(insn, state)) {
3465 WARN_INSN(insn, "return with modified stack frame");
3466 return 1;
3467 }
3468
3469 if (state->cfi.bp_scratch) {
3470 WARN_INSN(insn, "BP used as a scratch register");
3471 return 1;
3472 }
3473
3474 return 0;
3475 }
3476
next_insn_to_validate(struct objtool_file * file,struct instruction * insn)3477 static struct instruction *next_insn_to_validate(struct objtool_file *file,
3478 struct instruction *insn)
3479 {
3480 struct alt_group *alt_group = insn->alt_group;
3481
3482 /*
3483 * Simulate the fact that alternatives are patched in-place. When the
3484 * end of a replacement alt_group is reached, redirect objtool flow to
3485 * the end of the original alt_group.
3486 *
3487 * insn->alts->insn -> alt_group->first_insn
3488 * ...
3489 * alt_group->last_insn
3490 * [alt_group->nop] -> next(orig_group->last_insn)
3491 */
3492 if (alt_group) {
3493 if (alt_group->nop) {
3494 /* ->nop implies ->orig_group */
3495 if (insn == alt_group->last_insn)
3496 return alt_group->nop;
3497 if (insn == alt_group->nop)
3498 goto next_orig;
3499 }
3500 if (insn == alt_group->last_insn && alt_group->orig_group)
3501 goto next_orig;
3502 }
3503
3504 return next_insn_same_sec(file, insn);
3505
3506 next_orig:
3507 return next_insn_same_sec(file, alt_group->orig_group->last_insn);
3508 }
3509
skip_alt_group(struct instruction * insn)3510 static bool skip_alt_group(struct instruction *insn)
3511 {
3512 struct instruction *alt_insn = insn->alts ? insn->alts->insn : NULL;
3513
3514 /* ANNOTATE_IGNORE_ALTERNATIVE */
3515 if (insn->alt_group && insn->alt_group->ignore)
3516 return true;
3517
3518 /*
3519 * For NOP patched with CLAC/STAC, only follow the latter to avoid
3520 * impossible code paths combining patched CLAC with unpatched STAC
3521 * or vice versa.
3522 *
3523 * ANNOTATE_IGNORE_ALTERNATIVE could have been used here, but Linus
3524 * requested not to do that to avoid hurting .s file readability
3525 * around CLAC/STAC alternative sites.
3526 */
3527
3528 if (!alt_insn)
3529 return false;
3530
3531 /* Don't override ASM_{CLAC,STAC}_UNSAFE */
3532 if (alt_insn->alt_group && alt_insn->alt_group->ignore)
3533 return false;
3534
3535 return alt_insn->type == INSN_CLAC || alt_insn->type == INSN_STAC;
3536 }
3537
3538 /*
3539 * Follow the branch starting at the given instruction, and recursively follow
3540 * any other branches (jumps). Meanwhile, track the frame pointer state at
3541 * each instruction and validate all the rules described in
3542 * tools/objtool/Documentation/objtool.txt.
3543 */
validate_branch(struct objtool_file * file,struct symbol * func,struct instruction * insn,struct insn_state state)3544 static int validate_branch(struct objtool_file *file, struct symbol *func,
3545 struct instruction *insn, struct insn_state state)
3546 {
3547 struct alternative *alt;
3548 struct instruction *next_insn, *prev_insn = NULL;
3549 struct section *sec;
3550 u8 visited;
3551 int ret;
3552
3553 if (func && func->ignore)
3554 return 0;
3555
3556 sec = insn->sec;
3557
3558 while (1) {
3559 next_insn = next_insn_to_validate(file, insn);
3560
3561 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) {
3562 /* Ignore KCFI type preambles, which always fall through */
3563 if (!strncmp(func->name, "__cfi_", 6) ||
3564 !strncmp(func->name, "__pfx_", 6))
3565 return 0;
3566
3567 if (file->ignore_unreachables)
3568 return 0;
3569
3570 WARN("%s() falls through to next function %s()",
3571 func->name, insn_func(insn)->name);
3572 func->warned = 1;
3573
3574 return 1;
3575 }
3576
3577 visited = VISITED_BRANCH << state.uaccess;
3578 if (insn->visited & VISITED_BRANCH_MASK) {
3579 if (!insn->hint && !insn_cfi_match(insn, &state.cfi))
3580 return 1;
3581
3582 if (insn->visited & visited)
3583 return 0;
3584 } else {
3585 nr_insns_visited++;
3586 }
3587
3588 if (state.noinstr)
3589 state.instr += insn->instr;
3590
3591 if (insn->hint) {
3592 if (insn->restore) {
3593 struct instruction *save_insn, *i;
3594
3595 i = insn;
3596 save_insn = NULL;
3597
3598 sym_for_each_insn_continue_reverse(file, func, i) {
3599 if (i->save) {
3600 save_insn = i;
3601 break;
3602 }
3603 }
3604
3605 if (!save_insn) {
3606 WARN_INSN(insn, "no corresponding CFI save for CFI restore");
3607 return 1;
3608 }
3609
3610 if (!save_insn->visited) {
3611 /*
3612 * If the restore hint insn is at the
3613 * beginning of a basic block and was
3614 * branched to from elsewhere, and the
3615 * save insn hasn't been visited yet,
3616 * defer following this branch for now.
3617 * It will be seen later via the
3618 * straight-line path.
3619 */
3620 if (!prev_insn)
3621 return 0;
3622
3623 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo");
3624 return 1;
3625 }
3626
3627 insn->cfi = save_insn->cfi;
3628 nr_cfi_reused++;
3629 }
3630
3631 state.cfi = *insn->cfi;
3632 } else {
3633 /* XXX track if we actually changed state.cfi */
3634
3635 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) {
3636 insn->cfi = prev_insn->cfi;
3637 nr_cfi_reused++;
3638 } else {
3639 insn->cfi = cfi_hash_find_or_add(&state.cfi);
3640 }
3641 }
3642
3643 insn->visited |= visited;
3644
3645 if (propagate_alt_cfi(file, insn))
3646 return 1;
3647
3648 if (insn->alts) {
3649 for (alt = insn->alts; alt; alt = alt->next) {
3650 ret = validate_branch(file, func, alt->insn, state);
3651 if (ret) {
3652 BT_INSN(insn, "(alt)");
3653 return ret;
3654 }
3655 }
3656 }
3657
3658 if (skip_alt_group(insn))
3659 return 0;
3660
3661 if (handle_insn_ops(insn, next_insn, &state))
3662 return 1;
3663
3664 switch (insn->type) {
3665
3666 case INSN_RETURN:
3667 return validate_return(func, insn, &state);
3668
3669 case INSN_CALL:
3670 case INSN_CALL_DYNAMIC:
3671 ret = validate_call(file, insn, &state);
3672 if (ret)
3673 return ret;
3674
3675 if (opts.stackval && func && !is_special_call(insn) &&
3676 !has_valid_stack_frame(&state)) {
3677 WARN_INSN(insn, "call without frame pointer save/setup");
3678 return 1;
3679 }
3680
3681 break;
3682
3683 case INSN_JUMP_CONDITIONAL:
3684 case INSN_JUMP_UNCONDITIONAL:
3685 if (is_sibling_call(insn)) {
3686 ret = validate_sibling_call(file, insn, &state);
3687 if (ret)
3688 return ret;
3689
3690 } else if (insn->jump_dest) {
3691 ret = validate_branch(file, func,
3692 insn->jump_dest, state);
3693 if (ret) {
3694 BT_INSN(insn, "(branch)");
3695 return ret;
3696 }
3697 }
3698
3699 if (insn->type == INSN_JUMP_UNCONDITIONAL)
3700 return 0;
3701
3702 break;
3703
3704 case INSN_JUMP_DYNAMIC:
3705 case INSN_JUMP_DYNAMIC_CONDITIONAL:
3706 if (is_sibling_call(insn)) {
3707 ret = validate_sibling_call(file, insn, &state);
3708 if (ret)
3709 return ret;
3710 }
3711
3712 if (insn->type == INSN_JUMP_DYNAMIC)
3713 return 0;
3714
3715 break;
3716
3717 case INSN_SYSCALL:
3718 if (func && (!next_insn || !next_insn->hint)) {
3719 WARN_INSN(insn, "unsupported instruction in callable function");
3720 return 1;
3721 }
3722
3723 break;
3724
3725 case INSN_SYSRET:
3726 if (func && (!next_insn || !next_insn->hint)) {
3727 WARN_INSN(insn, "unsupported instruction in callable function");
3728 return 1;
3729 }
3730
3731 return 0;
3732
3733 case INSN_STAC:
3734 if (!opts.uaccess)
3735 break;
3736
3737 if (state.uaccess) {
3738 WARN_INSN(insn, "recursive UACCESS enable");
3739 return 1;
3740 }
3741
3742 state.uaccess = true;
3743 break;
3744
3745 case INSN_CLAC:
3746 if (!opts.uaccess)
3747 break;
3748
3749 if (!state.uaccess && func) {
3750 WARN_INSN(insn, "redundant UACCESS disable");
3751 return 1;
3752 }
3753
3754 if (func_uaccess_safe(func) && !state.uaccess_stack) {
3755 WARN_INSN(insn, "UACCESS-safe disables UACCESS");
3756 return 1;
3757 }
3758
3759 state.uaccess = false;
3760 break;
3761
3762 case INSN_STD:
3763 if (state.df) {
3764 WARN_INSN(insn, "recursive STD");
3765 return 1;
3766 }
3767
3768 state.df = true;
3769 break;
3770
3771 case INSN_CLD:
3772 if (!state.df && func) {
3773 WARN_INSN(insn, "redundant CLD");
3774 return 1;
3775 }
3776
3777 state.df = false;
3778 break;
3779
3780 default:
3781 break;
3782 }
3783
3784 if (insn->dead_end)
3785 return 0;
3786
3787 if (!next_insn) {
3788 if (state.cfi.cfa.base == CFI_UNDEFINED)
3789 return 0;
3790 if (file->ignore_unreachables)
3791 return 0;
3792
3793 WARN("%s%sunexpected end of section %s",
3794 func ? func->name : "", func ? "(): " : "",
3795 sec->name);
3796 return 1;
3797 }
3798
3799 prev_insn = insn;
3800 insn = next_insn;
3801 }
3802
3803 return 0;
3804 }
3805
validate_unwind_hint(struct objtool_file * file,struct instruction * insn,struct insn_state * state)3806 static int validate_unwind_hint(struct objtool_file *file,
3807 struct instruction *insn,
3808 struct insn_state *state)
3809 {
3810 if (insn->hint && !insn->visited) {
3811 int ret = validate_branch(file, insn_func(insn), insn, *state);
3812 if (ret)
3813 BT_INSN(insn, "<=== (hint)");
3814 return ret;
3815 }
3816
3817 return 0;
3818 }
3819
validate_unwind_hints(struct objtool_file * file,struct section * sec)3820 static int validate_unwind_hints(struct objtool_file *file, struct section *sec)
3821 {
3822 struct instruction *insn;
3823 struct insn_state state;
3824 int warnings = 0;
3825
3826 if (!file->hints)
3827 return 0;
3828
3829 init_insn_state(file, &state, sec);
3830
3831 if (sec) {
3832 sec_for_each_insn(file, sec, insn)
3833 warnings += validate_unwind_hint(file, insn, &state);
3834 } else {
3835 for_each_insn(file, insn)
3836 warnings += validate_unwind_hint(file, insn, &state);
3837 }
3838
3839 return warnings;
3840 }
3841
3842 /*
3843 * Validate rethunk entry constraint: must untrain RET before the first RET.
3844 *
3845 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes
3846 * before an actual RET instruction.
3847 */
validate_unret(struct objtool_file * file,struct instruction * insn)3848 static int validate_unret(struct objtool_file *file, struct instruction *insn)
3849 {
3850 struct instruction *next, *dest;
3851 int ret;
3852
3853 for (;;) {
3854 next = next_insn_to_validate(file, insn);
3855
3856 if (insn->visited & VISITED_UNRET)
3857 return 0;
3858
3859 insn->visited |= VISITED_UNRET;
3860
3861 if (insn->alts) {
3862 struct alternative *alt;
3863 for (alt = insn->alts; alt; alt = alt->next) {
3864 ret = validate_unret(file, alt->insn);
3865 if (ret) {
3866 BT_INSN(insn, "(alt)");
3867 return ret;
3868 }
3869 }
3870 }
3871
3872 switch (insn->type) {
3873
3874 case INSN_CALL_DYNAMIC:
3875 case INSN_JUMP_DYNAMIC:
3876 case INSN_JUMP_DYNAMIC_CONDITIONAL:
3877 WARN_INSN(insn, "early indirect call");
3878 return 1;
3879
3880 case INSN_JUMP_UNCONDITIONAL:
3881 case INSN_JUMP_CONDITIONAL:
3882 if (!is_sibling_call(insn)) {
3883 if (!insn->jump_dest) {
3884 WARN_INSN(insn, "unresolved jump target after linking?!?");
3885 return 1;
3886 }
3887 ret = validate_unret(file, insn->jump_dest);
3888 if (ret) {
3889 BT_INSN(insn, "(branch%s)",
3890 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : "");
3891 return ret;
3892 }
3893
3894 if (insn->type == INSN_JUMP_UNCONDITIONAL)
3895 return 0;
3896
3897 break;
3898 }
3899
3900 /* fallthrough */
3901 case INSN_CALL:
3902 dest = find_insn(file, insn_call_dest(insn)->sec,
3903 insn_call_dest(insn)->offset);
3904 if (!dest) {
3905 WARN("Unresolved function after linking!?: %s",
3906 insn_call_dest(insn)->name);
3907 return 1;
3908 }
3909
3910 ret = validate_unret(file, dest);
3911 if (ret) {
3912 BT_INSN(insn, "(call)");
3913 return ret;
3914 }
3915 /*
3916 * If a call returns without error, it must have seen UNTRAIN_RET.
3917 * Therefore any non-error return is a success.
3918 */
3919 return 0;
3920
3921 case INSN_RETURN:
3922 WARN_INSN(insn, "RET before UNTRAIN");
3923 return 1;
3924
3925 case INSN_SYSCALL:
3926 break;
3927
3928 case INSN_SYSRET:
3929 return 0;
3930
3931 case INSN_NOP:
3932 if (insn->retpoline_safe)
3933 return 0;
3934 break;
3935
3936 default:
3937 break;
3938 }
3939
3940 if (insn->dead_end)
3941 return 0;
3942
3943 if (!next) {
3944 WARN_INSN(insn, "teh end!");
3945 return 1;
3946 }
3947 insn = next;
3948 }
3949
3950 return 0;
3951 }
3952
3953 /*
3954 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter
3955 * VALIDATE_UNRET_END before RET.
3956 */
validate_unrets(struct objtool_file * file)3957 static int validate_unrets(struct objtool_file *file)
3958 {
3959 struct instruction *insn;
3960 int warnings = 0;
3961
3962 for_each_insn(file, insn) {
3963 if (!insn->unret)
3964 continue;
3965
3966 warnings += validate_unret(file, insn);
3967 }
3968
3969 return warnings;
3970 }
3971
validate_retpoline(struct objtool_file * file)3972 static int validate_retpoline(struct objtool_file *file)
3973 {
3974 struct instruction *insn;
3975 int warnings = 0;
3976
3977 for_each_insn(file, insn) {
3978 if (insn->type != INSN_JUMP_DYNAMIC &&
3979 insn->type != INSN_CALL_DYNAMIC &&
3980 insn->type != INSN_RETURN)
3981 continue;
3982
3983 if (insn->retpoline_safe)
3984 continue;
3985
3986 if (insn->sec->init)
3987 continue;
3988
3989 if (insn->type == INSN_RETURN) {
3990 if (opts.rethunk) {
3991 WARN_INSN(insn, "'naked' return found in MITIGATION_RETHUNK build");
3992 warnings++;
3993 }
3994 continue;
3995 }
3996
3997 WARN_INSN(insn, "indirect %s found in MITIGATION_RETPOLINE build",
3998 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");
3999 warnings++;
4000 }
4001
4002 return warnings;
4003 }
4004
is_kasan_insn(struct instruction * insn)4005 static bool is_kasan_insn(struct instruction *insn)
4006 {
4007 return (insn->type == INSN_CALL &&
4008 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return"));
4009 }
4010
is_ubsan_insn(struct instruction * insn)4011 static bool is_ubsan_insn(struct instruction *insn)
4012 {
4013 return (insn->type == INSN_CALL &&
4014 !strcmp(insn_call_dest(insn)->name,
4015 "__ubsan_handle_builtin_unreachable"));
4016 }
4017
ignore_unreachable_insn(struct objtool_file * file,struct instruction * insn)4018 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn)
4019 {
4020 struct symbol *func = insn_func(insn);
4021 struct instruction *prev_insn;
4022 int i;
4023
4024 if (insn->type == INSN_NOP || insn->type == INSN_TRAP || (func && func->ignore))
4025 return true;
4026
4027 /*
4028 * Ignore alternative replacement instructions. This can happen
4029 * when a whitelisted function uses one of the ALTERNATIVE macros.
4030 */
4031 if (!strcmp(insn->sec->name, ".altinstr_replacement") ||
4032 !strcmp(insn->sec->name, ".altinstr_aux"))
4033 return true;
4034
4035 /*
4036 * Whole archive runs might encounter dead code from weak symbols.
4037 * This is where the linker will have dropped the weak symbol in
4038 * favour of a regular symbol, but leaves the code in place.
4039 *
4040 * In this case we'll find a piece of code (whole function) that is not
4041 * covered by a !section symbol. Ignore them.
4042 */
4043 if (opts.link && !func) {
4044 int size = find_symbol_hole_containing(insn->sec, insn->offset);
4045 unsigned long end = insn->offset + size;
4046
4047 if (!size) /* not a hole */
4048 return false;
4049
4050 if (size < 0) /* hole until the end */
4051 return true;
4052
4053 sec_for_each_insn_continue(file, insn) {
4054 /*
4055 * If we reach a visited instruction at or before the
4056 * end of the hole, ignore the unreachable.
4057 */
4058 if (insn->visited)
4059 return true;
4060
4061 if (insn->offset >= end)
4062 break;
4063
4064 /*
4065 * If this hole jumps to a .cold function, mark it ignore too.
4066 */
4067 if (insn->jump_dest && insn_func(insn->jump_dest) &&
4068 strstr(insn_func(insn->jump_dest)->name, ".cold")) {
4069 insn_func(insn->jump_dest)->ignore = true;
4070 }
4071 }
4072
4073 return false;
4074 }
4075
4076 if (!func)
4077 return false;
4078
4079 if (func->static_call_tramp)
4080 return true;
4081
4082 /*
4083 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees
4084 * __builtin_unreachable(). The BUG() macro has an unreachable() after
4085 * the UD2, which causes GCC's undefined trap logic to emit another UD2
4086 * (or occasionally a JMP to UD2).
4087 *
4088 * It may also insert a UD2 after calling a __noreturn function.
4089 */
4090 prev_insn = prev_insn_same_sec(file, insn);
4091 if (prev_insn && prev_insn->dead_end &&
4092 (insn->type == INSN_BUG ||
4093 (insn->type == INSN_JUMP_UNCONDITIONAL &&
4094 insn->jump_dest && insn->jump_dest->type == INSN_BUG)))
4095 return true;
4096
4097 /*
4098 * Check if this (or a subsequent) instruction is related to
4099 * CONFIG_UBSAN or CONFIG_KASAN.
4100 *
4101 * End the search at 5 instructions to avoid going into the weeds.
4102 */
4103 for (i = 0; i < 5; i++) {
4104
4105 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
4106 return true;
4107
4108 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
4109 if (insn->jump_dest &&
4110 insn_func(insn->jump_dest) == func) {
4111 insn = insn->jump_dest;
4112 continue;
4113 }
4114
4115 break;
4116 }
4117
4118 if (insn->offset + insn->len >= func->offset + func->len)
4119 break;
4120
4121 insn = next_insn_same_sec(file, insn);
4122 }
4123
4124 return false;
4125 }
4126
add_prefix_symbol(struct objtool_file * file,struct symbol * func)4127 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func)
4128 {
4129 struct instruction *insn, *prev;
4130 struct cfi_state *cfi;
4131
4132 insn = find_insn(file, func->sec, func->offset);
4133 if (!insn)
4134 return -1;
4135
4136 for (prev = prev_insn_same_sec(file, insn);
4137 prev;
4138 prev = prev_insn_same_sec(file, prev)) {
4139 u64 offset;
4140
4141 if (prev->type != INSN_NOP)
4142 return -1;
4143
4144 offset = func->offset - prev->offset;
4145
4146 if (offset > opts.prefix)
4147 return -1;
4148
4149 if (offset < opts.prefix)
4150 continue;
4151
4152 elf_create_prefix_symbol(file->elf, func, opts.prefix);
4153 break;
4154 }
4155
4156 if (!prev)
4157 return -1;
4158
4159 if (!insn->cfi) {
4160 /*
4161 * This can happen if stack validation isn't enabled or the
4162 * function is annotated with STACK_FRAME_NON_STANDARD.
4163 */
4164 return 0;
4165 }
4166
4167 /* Propagate insn->cfi to the prefix code */
4168 cfi = cfi_hash_find_or_add(insn->cfi);
4169 for (; prev != insn; prev = next_insn_same_sec(file, prev))
4170 prev->cfi = cfi;
4171
4172 return 0;
4173 }
4174
add_prefix_symbols(struct objtool_file * file)4175 static int add_prefix_symbols(struct objtool_file *file)
4176 {
4177 struct section *sec;
4178 struct symbol *func;
4179
4180 for_each_sec(file, sec) {
4181 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
4182 continue;
4183
4184 sec_for_each_sym(sec, func) {
4185 if (func->type != STT_FUNC)
4186 continue;
4187
4188 add_prefix_symbol(file, func);
4189 }
4190 }
4191
4192 return 0;
4193 }
4194
validate_symbol(struct objtool_file * file,struct section * sec,struct symbol * sym,struct insn_state * state)4195 static int validate_symbol(struct objtool_file *file, struct section *sec,
4196 struct symbol *sym, struct insn_state *state)
4197 {
4198 struct instruction *insn;
4199 int ret;
4200
4201 if (!sym->len) {
4202 WARN("%s() is missing an ELF size annotation", sym->name);
4203 return 1;
4204 }
4205
4206 if (sym->pfunc != sym || sym->alias != sym)
4207 return 0;
4208
4209 insn = find_insn(file, sec, sym->offset);
4210 if (!insn || insn->visited)
4211 return 0;
4212
4213 if (opts.uaccess)
4214 state->uaccess = sym->uaccess_safe;
4215
4216 ret = validate_branch(file, insn_func(insn), insn, *state);
4217 if (ret)
4218 BT_INSN(insn, "<=== (sym)");
4219 return ret;
4220 }
4221
validate_section(struct objtool_file * file,struct section * sec)4222 static int validate_section(struct objtool_file *file, struct section *sec)
4223 {
4224 struct insn_state state;
4225 struct symbol *func;
4226 int warnings = 0;
4227
4228 sec_for_each_sym(sec, func) {
4229 if (func->type != STT_FUNC)
4230 continue;
4231
4232 init_insn_state(file, &state, sec);
4233 set_func_state(&state.cfi);
4234
4235 warnings += validate_symbol(file, sec, func, &state);
4236 }
4237
4238 return warnings;
4239 }
4240
validate_noinstr_sections(struct objtool_file * file)4241 static int validate_noinstr_sections(struct objtool_file *file)
4242 {
4243 struct section *sec;
4244 int warnings = 0;
4245
4246 sec = find_section_by_name(file->elf, ".noinstr.text");
4247 if (sec) {
4248 warnings += validate_section(file, sec);
4249 warnings += validate_unwind_hints(file, sec);
4250 }
4251
4252 sec = find_section_by_name(file->elf, ".entry.text");
4253 if (sec) {
4254 warnings += validate_section(file, sec);
4255 warnings += validate_unwind_hints(file, sec);
4256 }
4257
4258 sec = find_section_by_name(file->elf, ".cpuidle.text");
4259 if (sec) {
4260 warnings += validate_section(file, sec);
4261 warnings += validate_unwind_hints(file, sec);
4262 }
4263
4264 return warnings;
4265 }
4266
validate_functions(struct objtool_file * file)4267 static int validate_functions(struct objtool_file *file)
4268 {
4269 struct section *sec;
4270 int warnings = 0;
4271
4272 for_each_sec(file, sec) {
4273 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
4274 continue;
4275
4276 warnings += validate_section(file, sec);
4277 }
4278
4279 return warnings;
4280 }
4281
mark_endbr_used(struct instruction * insn)4282 static void mark_endbr_used(struct instruction *insn)
4283 {
4284 if (!list_empty(&insn->call_node))
4285 list_del_init(&insn->call_node);
4286 }
4287
noendbr_range(struct objtool_file * file,struct instruction * insn)4288 static bool noendbr_range(struct objtool_file *file, struct instruction *insn)
4289 {
4290 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1);
4291 struct instruction *first;
4292
4293 if (!sym)
4294 return false;
4295
4296 first = find_insn(file, sym->sec, sym->offset);
4297 if (!first)
4298 return false;
4299
4300 if (first->type != INSN_ENDBR && !first->noendbr)
4301 return false;
4302
4303 return insn->offset == sym->offset + sym->len;
4304 }
4305
__validate_ibt_insn(struct objtool_file * file,struct instruction * insn,struct instruction * dest)4306 static int __validate_ibt_insn(struct objtool_file *file, struct instruction *insn,
4307 struct instruction *dest)
4308 {
4309 if (dest->type == INSN_ENDBR) {
4310 mark_endbr_used(dest);
4311 return 0;
4312 }
4313
4314 if (insn_func(dest) && insn_func(insn) &&
4315 insn_func(dest)->pfunc == insn_func(insn)->pfunc) {
4316 /*
4317 * Anything from->to self is either _THIS_IP_ or
4318 * IRET-to-self.
4319 *
4320 * There is no sane way to annotate _THIS_IP_ since the
4321 * compiler treats the relocation as a constant and is
4322 * happy to fold in offsets, skewing any annotation we
4323 * do, leading to vast amounts of false-positives.
4324 *
4325 * There's also compiler generated _THIS_IP_ through
4326 * KCOV and such which we have no hope of annotating.
4327 *
4328 * As such, blanket accept self-references without
4329 * issue.
4330 */
4331 return 0;
4332 }
4333
4334 /*
4335 * Accept anything ANNOTATE_NOENDBR.
4336 */
4337 if (dest->noendbr)
4338 return 0;
4339
4340 /*
4341 * Accept if this is the instruction after a symbol
4342 * that is (no)endbr -- typical code-range usage.
4343 */
4344 if (noendbr_range(file, dest))
4345 return 0;
4346
4347 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset));
4348 return 1;
4349 }
4350
validate_ibt_insn(struct objtool_file * file,struct instruction * insn)4351 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn)
4352 {
4353 struct instruction *dest;
4354 struct reloc *reloc;
4355 unsigned long off;
4356 int warnings = 0;
4357
4358 /*
4359 * Looking for function pointer load relocations. Ignore
4360 * direct/indirect branches:
4361 */
4362 switch (insn->type) {
4363
4364 case INSN_CALL:
4365 case INSN_CALL_DYNAMIC:
4366 case INSN_JUMP_CONDITIONAL:
4367 case INSN_JUMP_UNCONDITIONAL:
4368 case INSN_JUMP_DYNAMIC:
4369 case INSN_JUMP_DYNAMIC_CONDITIONAL:
4370 case INSN_RETURN:
4371 case INSN_NOP:
4372 return 0;
4373
4374 case INSN_LEA_RIP:
4375 if (!insn_reloc(file, insn)) {
4376 /* local function pointer reference without reloc */
4377
4378 off = arch_jump_destination(insn);
4379
4380 dest = find_insn(file, insn->sec, off);
4381 if (!dest) {
4382 WARN_INSN(insn, "corrupt function pointer reference");
4383 return 1;
4384 }
4385
4386 return __validate_ibt_insn(file, insn, dest);
4387 }
4388 break;
4389
4390 default:
4391 break;
4392 }
4393
4394 for (reloc = insn_reloc(file, insn);
4395 reloc;
4396 reloc = find_reloc_by_dest_range(file->elf, insn->sec,
4397 reloc_offset(reloc) + 1,
4398 (insn->offset + insn->len) - (reloc_offset(reloc) + 1))) {
4399
4400 off = reloc->sym->offset;
4401 if (reloc_type(reloc) == R_X86_64_PC32 ||
4402 reloc_type(reloc) == R_X86_64_PLT32)
4403 off += arch_dest_reloc_offset(reloc_addend(reloc));
4404 else
4405 off += reloc_addend(reloc);
4406
4407 dest = find_insn(file, reloc->sym->sec, off);
4408 if (!dest)
4409 continue;
4410
4411 warnings += __validate_ibt_insn(file, insn, dest);
4412 }
4413
4414 return warnings;
4415 }
4416
validate_ibt_data_reloc(struct objtool_file * file,struct reloc * reloc)4417 static int validate_ibt_data_reloc(struct objtool_file *file,
4418 struct reloc *reloc)
4419 {
4420 struct instruction *dest;
4421
4422 dest = find_insn(file, reloc->sym->sec,
4423 reloc->sym->offset + reloc_addend(reloc));
4424 if (!dest)
4425 return 0;
4426
4427 if (dest->type == INSN_ENDBR) {
4428 mark_endbr_used(dest);
4429 return 0;
4430 }
4431
4432 if (dest->noendbr)
4433 return 0;
4434
4435 WARN_FUNC(reloc->sec->base, reloc_offset(reloc),
4436 "data relocation to !ENDBR: %s", offstr(dest->sec, dest->offset));
4437
4438 return 1;
4439 }
4440
4441 /*
4442 * Validate IBT rules and remove used ENDBR instructions from the seal list.
4443 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with
4444 * NOPs) later, in create_ibt_endbr_seal_sections().
4445 */
validate_ibt(struct objtool_file * file)4446 static int validate_ibt(struct objtool_file *file)
4447 {
4448 struct section *sec;
4449 struct reloc *reloc;
4450 struct instruction *insn;
4451 int warnings = 0;
4452
4453 for_each_insn(file, insn)
4454 warnings += validate_ibt_insn(file, insn);
4455
4456 for_each_sec(file, sec) {
4457
4458 /* Already done by validate_ibt_insn() */
4459 if (sec->sh.sh_flags & SHF_EXECINSTR)
4460 continue;
4461
4462 if (!sec->rsec)
4463 continue;
4464
4465 /*
4466 * These sections can reference text addresses, but not with
4467 * the intent to indirect branch to them.
4468 */
4469 if ((!strncmp(sec->name, ".discard", 8) &&
4470 strcmp(sec->name, ".discard.ibt_endbr_noseal")) ||
4471 !strncmp(sec->name, ".debug", 6) ||
4472 !strcmp(sec->name, ".altinstructions") ||
4473 !strcmp(sec->name, ".ibt_endbr_seal") ||
4474 !strcmp(sec->name, ".orc_unwind_ip") ||
4475 !strcmp(sec->name, ".parainstructions") ||
4476 !strcmp(sec->name, ".retpoline_sites") ||
4477 !strcmp(sec->name, ".smp_locks") ||
4478 !strcmp(sec->name, ".static_call_sites") ||
4479 !strcmp(sec->name, "_error_injection_whitelist") ||
4480 !strcmp(sec->name, "_kprobe_blacklist") ||
4481 !strcmp(sec->name, "__bug_table") ||
4482 !strcmp(sec->name, "__ex_table") ||
4483 !strcmp(sec->name, "__jump_table") ||
4484 !strcmp(sec->name, "__mcount_loc") ||
4485 !strcmp(sec->name, ".kcfi_traps") ||
4486 !strcmp(sec->name, ".llvm.call-graph-profile") ||
4487 !strcmp(sec->name, ".llvm_bb_addr_map") ||
4488 !strcmp(sec->name, "__tracepoints") ||
4489 strstr(sec->name, "__patchable_function_entries"))
4490 continue;
4491
4492 for_each_reloc(sec->rsec, reloc)
4493 warnings += validate_ibt_data_reloc(file, reloc);
4494 }
4495
4496 return warnings;
4497 }
4498
validate_sls(struct objtool_file * file)4499 static int validate_sls(struct objtool_file *file)
4500 {
4501 struct instruction *insn, *next_insn;
4502 int warnings = 0;
4503
4504 for_each_insn(file, insn) {
4505 next_insn = next_insn_same_sec(file, insn);
4506
4507 if (insn->retpoline_safe)
4508 continue;
4509
4510 switch (insn->type) {
4511 case INSN_RETURN:
4512 if (!next_insn || next_insn->type != INSN_TRAP) {
4513 WARN_INSN(insn, "missing int3 after ret");
4514 warnings++;
4515 }
4516
4517 break;
4518 case INSN_JUMP_DYNAMIC:
4519 if (!next_insn || next_insn->type != INSN_TRAP) {
4520 WARN_INSN(insn, "missing int3 after indirect jump");
4521 warnings++;
4522 }
4523 break;
4524 default:
4525 break;
4526 }
4527 }
4528
4529 return warnings;
4530 }
4531
validate_reachable_instructions(struct objtool_file * file)4532 static int validate_reachable_instructions(struct objtool_file *file)
4533 {
4534 struct instruction *insn, *prev_insn;
4535 struct symbol *call_dest;
4536 int warnings = 0;
4537
4538 if (file->ignore_unreachables)
4539 return 0;
4540
4541 for_each_insn(file, insn) {
4542 if (insn->visited || ignore_unreachable_insn(file, insn))
4543 continue;
4544
4545 prev_insn = prev_insn_same_sec(file, insn);
4546 if (prev_insn && prev_insn->dead_end) {
4547 call_dest = insn_call_dest(prev_insn);
4548 if (call_dest) {
4549 WARN_INSN(insn, "%s() missing __noreturn in .c/.h or NORETURN() in noreturns.h",
4550 call_dest->name);
4551 warnings++;
4552 continue;
4553 }
4554 }
4555
4556 WARN_INSN(insn, "unreachable instruction");
4557 warnings++;
4558 }
4559
4560 return warnings;
4561 }
4562
4563 /* 'funcs' is a space-separated list of function names */
disas_funcs(const char * funcs)4564 static void disas_funcs(const char *funcs)
4565 {
4566 const char *objdump_str, *cross_compile;
4567 int size, ret;
4568 char *cmd;
4569
4570 cross_compile = getenv("CROSS_COMPILE");
4571 if (!cross_compile)
4572 cross_compile = "";
4573
4574 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '"
4575 "BEGIN { split(_funcs, funcs); }"
4576 "/^$/ { func_match = 0; }"
4577 "/<.*>:/ { "
4578 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);"
4579 "for (i in funcs) {"
4580 "if (funcs[i] == f) {"
4581 "func_match = 1;"
4582 "base = strtonum(\"0x\" $1);"
4583 "break;"
4584 "}"
4585 "}"
4586 "}"
4587 "{"
4588 "if (func_match) {"
4589 "addr = strtonum(\"0x\" $1);"
4590 "printf(\"%%04x \", addr - base);"
4591 "print;"
4592 "}"
4593 "}' 1>&2";
4594
4595 /* fake snprintf() to calculate the size */
4596 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1;
4597 if (size <= 0) {
4598 WARN("objdump string size calculation failed");
4599 return;
4600 }
4601
4602 cmd = malloc(size);
4603
4604 /* real snprintf() */
4605 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs);
4606 ret = system(cmd);
4607 if (ret) {
4608 WARN("disassembly failed: %d", ret);
4609 return;
4610 }
4611 }
4612
disas_warned_funcs(struct objtool_file * file)4613 static void disas_warned_funcs(struct objtool_file *file)
4614 {
4615 struct symbol *sym;
4616 char *funcs = NULL, *tmp;
4617
4618 for_each_sym(file, sym) {
4619 if (sym->warned) {
4620 if (!funcs) {
4621 funcs = malloc(strlen(sym->name) + 1);
4622 if (!funcs) {
4623 ERROR_GLIBC("malloc");
4624 return;
4625 }
4626 strcpy(funcs, sym->name);
4627 } else {
4628 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2);
4629 if (!tmp) {
4630 ERROR_GLIBC("malloc");
4631 return;
4632 }
4633 sprintf(tmp, "%s %s", funcs, sym->name);
4634 free(funcs);
4635 funcs = tmp;
4636 }
4637 }
4638 }
4639
4640 if (funcs)
4641 disas_funcs(funcs);
4642 }
4643
4644 struct insn_chunk {
4645 void *addr;
4646 struct insn_chunk *next;
4647 };
4648
4649 /*
4650 * Reduce peak RSS usage by freeing insns memory before writing the ELF file,
4651 * which can trigger more allocations for .debug_* sections whose data hasn't
4652 * been read yet.
4653 */
free_insns(struct objtool_file * file)4654 static void free_insns(struct objtool_file *file)
4655 {
4656 struct instruction *insn;
4657 struct insn_chunk *chunks = NULL, *chunk;
4658
4659 for_each_insn(file, insn) {
4660 if (!insn->idx) {
4661 chunk = malloc(sizeof(*chunk));
4662 chunk->addr = insn;
4663 chunk->next = chunks;
4664 chunks = chunk;
4665 }
4666 }
4667
4668 for (chunk = chunks; chunk; chunk = chunk->next)
4669 free(chunk->addr);
4670 }
4671
check(struct objtool_file * file)4672 int check(struct objtool_file *file)
4673 {
4674 int ret = 0, warnings = 0;
4675
4676 arch_initial_func_cfi_state(&initial_func_cfi);
4677 init_cfi_state(&init_cfi);
4678 init_cfi_state(&func_cfi);
4679 set_func_state(&func_cfi);
4680 init_cfi_state(&force_undefined_cfi);
4681 force_undefined_cfi.force_undefined = true;
4682
4683 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) {
4684 ret = -1;
4685 goto out;
4686 }
4687
4688 cfi_hash_add(&init_cfi);
4689 cfi_hash_add(&func_cfi);
4690
4691 ret = decode_sections(file);
4692 if (ret)
4693 goto out;
4694
4695 if (!nr_insns)
4696 goto out;
4697
4698 if (opts.retpoline)
4699 warnings += validate_retpoline(file);
4700
4701 if (opts.stackval || opts.orc || opts.uaccess) {
4702 int w = 0;
4703
4704 w += validate_functions(file);
4705 w += validate_unwind_hints(file, NULL);
4706 if (!w)
4707 w += validate_reachable_instructions(file);
4708
4709 warnings += w;
4710
4711 } else if (opts.noinstr) {
4712 warnings += validate_noinstr_sections(file);
4713 }
4714
4715 if (opts.unret) {
4716 /*
4717 * Must be after validate_branch() and friends, it plays
4718 * further games with insn->visited.
4719 */
4720 warnings += validate_unrets(file);
4721 }
4722
4723 if (opts.ibt)
4724 warnings += validate_ibt(file);
4725
4726 if (opts.sls)
4727 warnings += validate_sls(file);
4728
4729 if (opts.static_call) {
4730 ret = create_static_call_sections(file);
4731 if (ret)
4732 goto out;
4733 }
4734
4735 if (opts.retpoline) {
4736 ret = create_retpoline_sites_sections(file);
4737 if (ret)
4738 goto out;
4739 }
4740
4741 if (opts.cfi) {
4742 ret = create_cfi_sections(file);
4743 if (ret)
4744 goto out;
4745 }
4746
4747 if (opts.rethunk) {
4748 ret = create_return_sites_sections(file);
4749 if (ret)
4750 goto out;
4751
4752 if (opts.hack_skylake) {
4753 ret = create_direct_call_sections(file);
4754 if (ret)
4755 goto out;
4756 }
4757 }
4758
4759 if (opts.mcount) {
4760 ret = create_mcount_loc_sections(file);
4761 if (ret)
4762 goto out;
4763 }
4764
4765 if (opts.prefix) {
4766 ret = add_prefix_symbols(file);
4767 if (ret)
4768 goto out;
4769 }
4770
4771 if (opts.ibt) {
4772 ret = create_ibt_endbr_seal_sections(file);
4773 if (ret)
4774 goto out;
4775 }
4776
4777 if (opts.orc && nr_insns) {
4778 ret = orc_create(file);
4779 if (ret)
4780 goto out;
4781 }
4782
4783 free_insns(file);
4784
4785 if (opts.stats) {
4786 printf("nr_insns_visited: %ld\n", nr_insns_visited);
4787 printf("nr_cfi: %ld\n", nr_cfi);
4788 printf("nr_cfi_reused: %ld\n", nr_cfi_reused);
4789 printf("nr_cfi_cache: %ld\n", nr_cfi_cache);
4790 }
4791
4792 out:
4793 if (!ret && !warnings)
4794 return 0;
4795
4796 if (opts.werror && warnings)
4797 ret = 1;
4798
4799 if (opts.verbose) {
4800 if (opts.werror && warnings)
4801 WARN("%d warning(s) upgraded to errors", warnings);
4802 print_args();
4803 disas_warned_funcs(file);
4804 }
4805
4806 return ret;
4807 }
4808