1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2015-2017 Josh Poimboeuf <[email protected]> 4 */ 5 6 #include <string.h> 7 #include <stdlib.h> 8 #include <inttypes.h> 9 #include <sys/mman.h> 10 11 #include <arch/elf.h> 12 #include <objtool/builtin.h> 13 #include <objtool/cfi.h> 14 #include <objtool/arch.h> 15 #include <objtool/check.h> 16 #include <objtool/special.h> 17 #include <objtool/warn.h> 18 #include <objtool/endianness.h> 19 20 #include <linux/objtool_types.h> 21 #include <linux/hashtable.h> 22 #include <linux/kernel.h> 23 #include <linux/static_call_types.h> 24 25 struct alternative { 26 struct alternative *next; 27 struct instruction *insn; 28 bool skip_orig; 29 }; 30 31 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache; 32 33 static struct cfi_init_state initial_func_cfi; 34 static struct cfi_state init_cfi; 35 static struct cfi_state func_cfi; 36 37 struct instruction *find_insn(struct objtool_file *file, 38 struct section *sec, unsigned long offset) 39 { 40 struct instruction *insn; 41 42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) { 43 if (insn->sec == sec && insn->offset == offset) 44 return insn; 45 } 46 47 return NULL; 48 } 49 50 struct instruction *next_insn_same_sec(struct objtool_file *file, 51 struct instruction *insn) 52 { 53 if (insn->idx == INSN_CHUNK_MAX) 54 return find_insn(file, insn->sec, insn->offset + insn->len); 55 56 insn++; 57 if (!insn->len) 58 return NULL; 59 60 return insn; 61 } 62 63 static struct instruction *next_insn_same_func(struct objtool_file *file, 64 struct instruction *insn) 65 { 66 struct instruction *next = next_insn_same_sec(file, insn); 67 struct symbol *func = insn_func(insn); 68 69 if (!func) 70 return NULL; 71 72 if (next && insn_func(next) == func) 73 return next; 74 75 /* Check if we're already in the subfunction: */ 76 if (func == func->cfunc) 77 return NULL; 78 79 /* Move to the subfunction: */ 80 return find_insn(file, func->cfunc->sec, func->cfunc->offset); 81 } 82 83 static struct instruction *prev_insn_same_sec(struct objtool_file *file, 84 struct instruction *insn) 85 { 86 if (insn->idx == 0) { 87 if (insn->prev_len) 88 return find_insn(file, insn->sec, insn->offset - insn->prev_len); 89 return NULL; 90 } 91 92 return insn - 1; 93 } 94 95 static struct instruction *prev_insn_same_sym(struct objtool_file *file, 96 struct instruction *insn) 97 { 98 struct instruction *prev = prev_insn_same_sec(file, insn); 99 100 if (prev && insn_func(prev) == insn_func(insn)) 101 return prev; 102 103 return NULL; 104 } 105 106 #define for_each_insn(file, insn) \ 107 for (struct section *__sec, *__fake = (struct section *)1; \ 108 __fake; __fake = NULL) \ 109 for_each_sec(file, __sec) \ 110 sec_for_each_insn(file, __sec, insn) 111 112 #define func_for_each_insn(file, func, insn) \ 113 for (insn = find_insn(file, func->sec, func->offset); \ 114 insn; \ 115 insn = next_insn_same_func(file, insn)) 116 117 #define sym_for_each_insn(file, sym, insn) \ 118 for (insn = find_insn(file, sym->sec, sym->offset); \ 119 insn && insn->offset < sym->offset + sym->len; \ 120 insn = next_insn_same_sec(file, insn)) 121 122 #define sym_for_each_insn_continue_reverse(file, sym, insn) \ 123 for (insn = prev_insn_same_sec(file, insn); \ 124 insn && insn->offset >= sym->offset; \ 125 insn = prev_insn_same_sec(file, insn)) 126 127 #define sec_for_each_insn_from(file, insn) \ 128 for (; insn; insn = next_insn_same_sec(file, insn)) 129 130 #define sec_for_each_insn_continue(file, insn) \ 131 for (insn = next_insn_same_sec(file, insn); insn; \ 132 insn = next_insn_same_sec(file, insn)) 133 134 static inline struct symbol *insn_call_dest(struct instruction *insn) 135 { 136 if (insn->type == INSN_JUMP_DYNAMIC || 137 insn->type == INSN_CALL_DYNAMIC) 138 return NULL; 139 140 return insn->_call_dest; 141 } 142 143 static inline struct reloc *insn_jump_table(struct instruction *insn) 144 { 145 if (insn->type == INSN_JUMP_DYNAMIC || 146 insn->type == INSN_CALL_DYNAMIC) 147 return insn->_jump_table; 148 149 return NULL; 150 } 151 152 static bool is_jump_table_jump(struct instruction *insn) 153 { 154 struct alt_group *alt_group = insn->alt_group; 155 156 if (insn_jump_table(insn)) 157 return true; 158 159 /* Retpoline alternative for a jump table? */ 160 return alt_group && alt_group->orig_group && 161 insn_jump_table(alt_group->orig_group->first_insn); 162 } 163 164 static bool is_sibling_call(struct instruction *insn) 165 { 166 /* 167 * Assume only STT_FUNC calls have jump-tables. 168 */ 169 if (insn_func(insn)) { 170 /* An indirect jump is either a sibling call or a jump to a table. */ 171 if (insn->type == INSN_JUMP_DYNAMIC) 172 return !is_jump_table_jump(insn); 173 } 174 175 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */ 176 return (is_static_jump(insn) && insn_call_dest(insn)); 177 } 178 179 /* 180 * This checks to see if the given function is a "noreturn" function. 181 * 182 * For global functions which are outside the scope of this object file, we 183 * have to keep a manual list of them. 184 * 185 * For local functions, we have to detect them manually by simply looking for 186 * the lack of a return instruction. 187 */ 188 static bool __dead_end_function(struct objtool_file *file, struct symbol *func, 189 int recursion) 190 { 191 int i; 192 struct instruction *insn; 193 bool empty = true; 194 195 /* 196 * Unfortunately these have to be hard coded because the noreturn 197 * attribute isn't provided in ELF data. Keep 'em sorted. 198 */ 199 static const char * const global_noreturns[] = { 200 "__invalid_creds", 201 "__module_put_and_kthread_exit", 202 "__reiserfs_panic", 203 "__stack_chk_fail", 204 "__ubsan_handle_builtin_unreachable", 205 "arch_call_rest_init", 206 "arch_cpu_idle_dead", 207 "cpu_bringup_and_idle", 208 "cpu_startup_entry", 209 "do_exit", 210 "do_group_exit", 211 "do_task_dead", 212 "ex_handler_msr_mce", 213 "fortify_panic", 214 "hlt_play_dead", 215 "hv_ghcb_terminate", 216 "kthread_complete_and_exit", 217 "kthread_exit", 218 "kunit_try_catch_throw", 219 "lbug_with_loc", 220 "machine_real_restart", 221 "make_task_dead", 222 "mpt_halt_firmware", 223 "nmi_panic_self_stop", 224 "panic", 225 "panic_smp_self_stop", 226 "rest_init", 227 "resume_play_dead", 228 "rewind_stack_and_make_dead", 229 "sev_es_terminate", 230 "snp_abort", 231 "start_kernel", 232 "stop_this_cpu", 233 "usercopy_abort", 234 "x86_64_start_kernel", 235 "x86_64_start_reservations", 236 "xen_cpu_bringup_again", 237 "xen_start_kernel", 238 }; 239 240 if (!func) 241 return false; 242 243 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) 244 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++) 245 if (!strcmp(func->name, global_noreturns[i])) 246 return true; 247 248 if (func->bind == STB_WEAK) 249 return false; 250 251 if (!func->len) 252 return false; 253 254 insn = find_insn(file, func->sec, func->offset); 255 if (!insn || !insn_func(insn)) 256 return false; 257 258 func_for_each_insn(file, func, insn) { 259 empty = false; 260 261 if (insn->type == INSN_RETURN) 262 return false; 263 } 264 265 if (empty) 266 return false; 267 268 /* 269 * A function can have a sibling call instead of a return. In that 270 * case, the function's dead-end status depends on whether the target 271 * of the sibling call returns. 272 */ 273 func_for_each_insn(file, func, insn) { 274 if (is_sibling_call(insn)) { 275 struct instruction *dest = insn->jump_dest; 276 277 if (!dest) 278 /* sibling call to another file */ 279 return false; 280 281 /* local sibling call */ 282 if (recursion == 5) { 283 /* 284 * Infinite recursion: two functions have 285 * sibling calls to each other. This is a very 286 * rare case. It means they aren't dead ends. 287 */ 288 return false; 289 } 290 291 return __dead_end_function(file, insn_func(dest), recursion+1); 292 } 293 } 294 295 return true; 296 } 297 298 static bool dead_end_function(struct objtool_file *file, struct symbol *func) 299 { 300 return __dead_end_function(file, func, 0); 301 } 302 303 static void init_cfi_state(struct cfi_state *cfi) 304 { 305 int i; 306 307 for (i = 0; i < CFI_NUM_REGS; i++) { 308 cfi->regs[i].base = CFI_UNDEFINED; 309 cfi->vals[i].base = CFI_UNDEFINED; 310 } 311 cfi->cfa.base = CFI_UNDEFINED; 312 cfi->drap_reg = CFI_UNDEFINED; 313 cfi->drap_offset = -1; 314 } 315 316 static void init_insn_state(struct objtool_file *file, struct insn_state *state, 317 struct section *sec) 318 { 319 memset(state, 0, sizeof(*state)); 320 init_cfi_state(&state->cfi); 321 322 /* 323 * We need the full vmlinux for noinstr validation, otherwise we can 324 * not correctly determine insn_call_dest(insn)->sec (external symbols 325 * do not have a section). 326 */ 327 if (opts.link && opts.noinstr && sec) 328 state->noinstr = sec->noinstr; 329 } 330 331 static struct cfi_state *cfi_alloc(void) 332 { 333 struct cfi_state *cfi = calloc(sizeof(struct cfi_state), 1); 334 if (!cfi) { 335 WARN("calloc failed"); 336 exit(1); 337 } 338 nr_cfi++; 339 return cfi; 340 } 341 342 static int cfi_bits; 343 static struct hlist_head *cfi_hash; 344 345 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2) 346 { 347 return memcmp((void *)cfi1 + sizeof(cfi1->hash), 348 (void *)cfi2 + sizeof(cfi2->hash), 349 sizeof(struct cfi_state) - sizeof(struct hlist_node)); 350 } 351 352 static inline u32 cfi_key(struct cfi_state *cfi) 353 { 354 return jhash((void *)cfi + sizeof(cfi->hash), 355 sizeof(*cfi) - sizeof(cfi->hash), 0); 356 } 357 358 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi) 359 { 360 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 361 struct cfi_state *obj; 362 363 hlist_for_each_entry(obj, head, hash) { 364 if (!cficmp(cfi, obj)) { 365 nr_cfi_cache++; 366 return obj; 367 } 368 } 369 370 obj = cfi_alloc(); 371 *obj = *cfi; 372 hlist_add_head(&obj->hash, head); 373 374 return obj; 375 } 376 377 static void cfi_hash_add(struct cfi_state *cfi) 378 { 379 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)]; 380 381 hlist_add_head(&cfi->hash, head); 382 } 383 384 static void *cfi_hash_alloc(unsigned long size) 385 { 386 cfi_bits = max(10, ilog2(size)); 387 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits, 388 PROT_READ|PROT_WRITE, 389 MAP_PRIVATE|MAP_ANON, -1, 0); 390 if (cfi_hash == (void *)-1L) { 391 WARN("mmap fail cfi_hash"); 392 cfi_hash = NULL; 393 } else if (opts.stats) { 394 printf("cfi_bits: %d\n", cfi_bits); 395 } 396 397 return cfi_hash; 398 } 399 400 static unsigned long nr_insns; 401 static unsigned long nr_insns_visited; 402 403 /* 404 * Call the arch-specific instruction decoder for all the instructions and add 405 * them to the global instruction list. 406 */ 407 static int decode_instructions(struct objtool_file *file) 408 { 409 struct section *sec; 410 struct symbol *func; 411 unsigned long offset; 412 struct instruction *insn; 413 int ret; 414 415 for_each_sec(file, sec) { 416 struct instruction *insns = NULL; 417 u8 prev_len = 0; 418 u8 idx = 0; 419 420 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 421 continue; 422 423 if (strcmp(sec->name, ".altinstr_replacement") && 424 strcmp(sec->name, ".altinstr_aux") && 425 strncmp(sec->name, ".discard.", 9)) 426 sec->text = true; 427 428 if (!strcmp(sec->name, ".noinstr.text") || 429 !strcmp(sec->name, ".entry.text") || 430 !strcmp(sec->name, ".cpuidle.text") || 431 !strncmp(sec->name, ".text.__x86.", 12)) 432 sec->noinstr = true; 433 434 /* 435 * .init.text code is ran before userspace and thus doesn't 436 * strictly need retpolines, except for modules which are 437 * loaded late, they very much do need retpoline in their 438 * .init.text 439 */ 440 if (!strcmp(sec->name, ".init.text") && !opts.module) 441 sec->init = true; 442 443 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) { 444 if (!insns || idx == INSN_CHUNK_MAX) { 445 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE); 446 if (!insns) { 447 WARN("malloc failed"); 448 return -1; 449 } 450 idx = 0; 451 } else { 452 idx++; 453 } 454 insn = &insns[idx]; 455 insn->idx = idx; 456 457 INIT_LIST_HEAD(&insn->call_node); 458 insn->sec = sec; 459 insn->offset = offset; 460 insn->prev_len = prev_len; 461 462 ret = arch_decode_instruction(file, sec, offset, 463 sec->sh.sh_size - offset, 464 insn); 465 if (ret) 466 return ret; 467 468 prev_len = insn->len; 469 470 /* 471 * By default, "ud2" is a dead end unless otherwise 472 * annotated, because GCC 7 inserts it for certain 473 * divide-by-zero cases. 474 */ 475 if (insn->type == INSN_BUG) 476 insn->dead_end = true; 477 478 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset)); 479 nr_insns++; 480 } 481 482 // printf("%s: last chunk used: %d\n", sec->name, (int)idx); 483 484 sec_for_each_sym(sec, func) { 485 if (func->type != STT_NOTYPE && func->type != STT_FUNC) 486 continue; 487 488 if (func->offset == sec->sh.sh_size) { 489 /* Heuristic: likely an "end" symbol */ 490 if (func->type == STT_NOTYPE) 491 continue; 492 WARN("%s(): STT_FUNC at end of section", 493 func->name); 494 return -1; 495 } 496 497 if (func->return_thunk || func->alias != func) 498 continue; 499 500 if (!find_insn(file, sec, func->offset)) { 501 WARN("%s(): can't find starting instruction", 502 func->name); 503 return -1; 504 } 505 506 sym_for_each_insn(file, func, insn) { 507 insn->sym = func; 508 if (func->type == STT_FUNC && 509 insn->type == INSN_ENDBR && 510 list_empty(&insn->call_node)) { 511 if (insn->offset == func->offset) { 512 list_add_tail(&insn->call_node, &file->endbr_list); 513 file->nr_endbr++; 514 } else { 515 file->nr_endbr_int++; 516 } 517 } 518 } 519 } 520 } 521 522 if (opts.stats) 523 printf("nr_insns: %lu\n", nr_insns); 524 525 return 0; 526 } 527 528 /* 529 * Read the pv_ops[] .data table to find the static initialized values. 530 */ 531 static int add_pv_ops(struct objtool_file *file, const char *symname) 532 { 533 struct symbol *sym, *func; 534 unsigned long off, end; 535 struct reloc *rel; 536 int idx; 537 538 sym = find_symbol_by_name(file->elf, symname); 539 if (!sym) 540 return 0; 541 542 off = sym->offset; 543 end = off + sym->len; 544 for (;;) { 545 rel = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off); 546 if (!rel) 547 break; 548 549 func = rel->sym; 550 if (func->type == STT_SECTION) 551 func = find_symbol_by_offset(rel->sym->sec, rel->addend); 552 553 idx = (rel->offset - sym->offset) / sizeof(unsigned long); 554 555 objtool_pv_add(file, idx, func); 556 557 off = rel->offset + 1; 558 if (off > end) 559 break; 560 } 561 562 return 0; 563 } 564 565 /* 566 * Allocate and initialize file->pv_ops[]. 567 */ 568 static int init_pv_ops(struct objtool_file *file) 569 { 570 static const char *pv_ops_tables[] = { 571 "pv_ops", 572 "xen_cpu_ops", 573 "xen_irq_ops", 574 "xen_mmu_ops", 575 NULL, 576 }; 577 const char *pv_ops; 578 struct symbol *sym; 579 int idx, nr; 580 581 if (!opts.noinstr) 582 return 0; 583 584 file->pv_ops = NULL; 585 586 sym = find_symbol_by_name(file->elf, "pv_ops"); 587 if (!sym) 588 return 0; 589 590 nr = sym->len / sizeof(unsigned long); 591 file->pv_ops = calloc(sizeof(struct pv_state), nr); 592 if (!file->pv_ops) 593 return -1; 594 595 for (idx = 0; idx < nr; idx++) 596 INIT_LIST_HEAD(&file->pv_ops[idx].targets); 597 598 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++) 599 add_pv_ops(file, pv_ops); 600 601 return 0; 602 } 603 604 static struct instruction *find_last_insn(struct objtool_file *file, 605 struct section *sec) 606 { 607 struct instruction *insn = NULL; 608 unsigned int offset; 609 unsigned int end = (sec->sh.sh_size > 10) ? sec->sh.sh_size - 10 : 0; 610 611 for (offset = sec->sh.sh_size - 1; offset >= end && !insn; offset--) 612 insn = find_insn(file, sec, offset); 613 614 return insn; 615 } 616 617 /* 618 * Mark "ud2" instructions and manually annotated dead ends. 619 */ 620 static int add_dead_ends(struct objtool_file *file) 621 { 622 struct section *sec; 623 struct reloc *reloc; 624 struct instruction *insn; 625 626 /* 627 * Check for manually annotated dead ends. 628 */ 629 sec = find_section_by_name(file->elf, ".rela.discard.unreachable"); 630 if (!sec) 631 goto reachable; 632 633 list_for_each_entry(reloc, &sec->reloc_list, list) { 634 if (reloc->sym->type != STT_SECTION) { 635 WARN("unexpected relocation symbol type in %s", sec->name); 636 return -1; 637 } 638 insn = find_insn(file, reloc->sym->sec, reloc->addend); 639 if (insn) 640 insn = prev_insn_same_sec(file, insn); 641 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 642 insn = find_last_insn(file, reloc->sym->sec); 643 if (!insn) { 644 WARN("can't find unreachable insn at %s+0x%" PRIx64, 645 reloc->sym->sec->name, reloc->addend); 646 return -1; 647 } 648 } else { 649 WARN("can't find unreachable insn at %s+0x%" PRIx64, 650 reloc->sym->sec->name, reloc->addend); 651 return -1; 652 } 653 654 insn->dead_end = true; 655 } 656 657 reachable: 658 /* 659 * These manually annotated reachable checks are needed for GCC 4.4, 660 * where the Linux unreachable() macro isn't supported. In that case 661 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's 662 * not a dead end. 663 */ 664 sec = find_section_by_name(file->elf, ".rela.discard.reachable"); 665 if (!sec) 666 return 0; 667 668 list_for_each_entry(reloc, &sec->reloc_list, list) { 669 if (reloc->sym->type != STT_SECTION) { 670 WARN("unexpected relocation symbol type in %s", sec->name); 671 return -1; 672 } 673 insn = find_insn(file, reloc->sym->sec, reloc->addend); 674 if (insn) 675 insn = prev_insn_same_sec(file, insn); 676 else if (reloc->addend == reloc->sym->sec->sh.sh_size) { 677 insn = find_last_insn(file, reloc->sym->sec); 678 if (!insn) { 679 WARN("can't find reachable insn at %s+0x%" PRIx64, 680 reloc->sym->sec->name, reloc->addend); 681 return -1; 682 } 683 } else { 684 WARN("can't find reachable insn at %s+0x%" PRIx64, 685 reloc->sym->sec->name, reloc->addend); 686 return -1; 687 } 688 689 insn->dead_end = false; 690 } 691 692 return 0; 693 } 694 695 static int create_static_call_sections(struct objtool_file *file) 696 { 697 struct section *sec; 698 struct static_call_site *site; 699 struct instruction *insn; 700 struct symbol *key_sym; 701 char *key_name, *tmp; 702 int idx; 703 704 sec = find_section_by_name(file->elf, ".static_call_sites"); 705 if (sec) { 706 INIT_LIST_HEAD(&file->static_call_list); 707 WARN("file already has .static_call_sites section, skipping"); 708 return 0; 709 } 710 711 if (list_empty(&file->static_call_list)) 712 return 0; 713 714 idx = 0; 715 list_for_each_entry(insn, &file->static_call_list, call_node) 716 idx++; 717 718 sec = elf_create_section(file->elf, ".static_call_sites", SHF_WRITE, 719 sizeof(struct static_call_site), idx); 720 if (!sec) 721 return -1; 722 723 idx = 0; 724 list_for_each_entry(insn, &file->static_call_list, call_node) { 725 726 site = (struct static_call_site *)sec->data->d_buf + idx; 727 memset(site, 0, sizeof(struct static_call_site)); 728 729 /* populate reloc for 'addr' */ 730 if (elf_add_reloc_to_insn(file->elf, sec, 731 idx * sizeof(struct static_call_site), 732 R_X86_64_PC32, 733 insn->sec, insn->offset)) 734 return -1; 735 736 /* find key symbol */ 737 key_name = strdup(insn_call_dest(insn)->name); 738 if (!key_name) { 739 perror("strdup"); 740 return -1; 741 } 742 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR, 743 STATIC_CALL_TRAMP_PREFIX_LEN)) { 744 WARN("static_call: trampoline name malformed: %s", key_name); 745 free(key_name); 746 return -1; 747 } 748 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN; 749 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN); 750 751 key_sym = find_symbol_by_name(file->elf, tmp); 752 if (!key_sym) { 753 if (!opts.module) { 754 WARN("static_call: can't find static_call_key symbol: %s", tmp); 755 free(key_name); 756 return -1; 757 } 758 759 /* 760 * For modules(), the key might not be exported, which 761 * means the module can make static calls but isn't 762 * allowed to change them. 763 * 764 * In that case we temporarily set the key to be the 765 * trampoline address. This is fixed up in 766 * static_call_add_module(). 767 */ 768 key_sym = insn_call_dest(insn); 769 } 770 free(key_name); 771 772 /* populate reloc for 'key' */ 773 if (elf_add_reloc(file->elf, sec, 774 idx * sizeof(struct static_call_site) + 4, 775 R_X86_64_PC32, key_sym, 776 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL)) 777 return -1; 778 779 idx++; 780 } 781 782 return 0; 783 } 784 785 static int create_retpoline_sites_sections(struct objtool_file *file) 786 { 787 struct instruction *insn; 788 struct section *sec; 789 int idx; 790 791 sec = find_section_by_name(file->elf, ".retpoline_sites"); 792 if (sec) { 793 WARN("file already has .retpoline_sites, skipping"); 794 return 0; 795 } 796 797 idx = 0; 798 list_for_each_entry(insn, &file->retpoline_call_list, call_node) 799 idx++; 800 801 if (!idx) 802 return 0; 803 804 sec = elf_create_section(file->elf, ".retpoline_sites", 0, 805 sizeof(int), idx); 806 if (!sec) { 807 WARN("elf_create_section: .retpoline_sites"); 808 return -1; 809 } 810 811 idx = 0; 812 list_for_each_entry(insn, &file->retpoline_call_list, call_node) { 813 814 int *site = (int *)sec->data->d_buf + idx; 815 *site = 0; 816 817 if (elf_add_reloc_to_insn(file->elf, sec, 818 idx * sizeof(int), 819 R_X86_64_PC32, 820 insn->sec, insn->offset)) { 821 WARN("elf_add_reloc_to_insn: .retpoline_sites"); 822 return -1; 823 } 824 825 idx++; 826 } 827 828 return 0; 829 } 830 831 static int create_return_sites_sections(struct objtool_file *file) 832 { 833 struct instruction *insn; 834 struct section *sec; 835 int idx; 836 837 sec = find_section_by_name(file->elf, ".return_sites"); 838 if (sec) { 839 WARN("file already has .return_sites, skipping"); 840 return 0; 841 } 842 843 idx = 0; 844 list_for_each_entry(insn, &file->return_thunk_list, call_node) 845 idx++; 846 847 if (!idx) 848 return 0; 849 850 sec = elf_create_section(file->elf, ".return_sites", 0, 851 sizeof(int), idx); 852 if (!sec) { 853 WARN("elf_create_section: .return_sites"); 854 return -1; 855 } 856 857 idx = 0; 858 list_for_each_entry(insn, &file->return_thunk_list, call_node) { 859 860 int *site = (int *)sec->data->d_buf + idx; 861 *site = 0; 862 863 if (elf_add_reloc_to_insn(file->elf, sec, 864 idx * sizeof(int), 865 R_X86_64_PC32, 866 insn->sec, insn->offset)) { 867 WARN("elf_add_reloc_to_insn: .return_sites"); 868 return -1; 869 } 870 871 idx++; 872 } 873 874 return 0; 875 } 876 877 static int create_ibt_endbr_seal_sections(struct objtool_file *file) 878 { 879 struct instruction *insn; 880 struct section *sec; 881 int idx; 882 883 sec = find_section_by_name(file->elf, ".ibt_endbr_seal"); 884 if (sec) { 885 WARN("file already has .ibt_endbr_seal, skipping"); 886 return 0; 887 } 888 889 idx = 0; 890 list_for_each_entry(insn, &file->endbr_list, call_node) 891 idx++; 892 893 if (opts.stats) { 894 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr); 895 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int); 896 printf("ibt: superfluous ENDBR: %d\n", idx); 897 } 898 899 if (!idx) 900 return 0; 901 902 sec = elf_create_section(file->elf, ".ibt_endbr_seal", 0, 903 sizeof(int), idx); 904 if (!sec) { 905 WARN("elf_create_section: .ibt_endbr_seal"); 906 return -1; 907 } 908 909 idx = 0; 910 list_for_each_entry(insn, &file->endbr_list, call_node) { 911 912 int *site = (int *)sec->data->d_buf + idx; 913 struct symbol *sym = insn->sym; 914 *site = 0; 915 916 if (opts.module && sym && sym->type == STT_FUNC && 917 insn->offset == sym->offset && 918 (!strcmp(sym->name, "init_module") || 919 !strcmp(sym->name, "cleanup_module"))) 920 WARN("%s(): not an indirect call target", sym->name); 921 922 if (elf_add_reloc_to_insn(file->elf, sec, 923 idx * sizeof(int), 924 R_X86_64_PC32, 925 insn->sec, insn->offset)) { 926 WARN("elf_add_reloc_to_insn: .ibt_endbr_seal"); 927 return -1; 928 } 929 930 idx++; 931 } 932 933 return 0; 934 } 935 936 static int create_cfi_sections(struct objtool_file *file) 937 { 938 struct section *sec; 939 struct symbol *sym; 940 unsigned int *loc; 941 int idx; 942 943 sec = find_section_by_name(file->elf, ".cfi_sites"); 944 if (sec) { 945 INIT_LIST_HEAD(&file->call_list); 946 WARN("file already has .cfi_sites section, skipping"); 947 return 0; 948 } 949 950 idx = 0; 951 for_each_sym(file, sym) { 952 if (sym->type != STT_FUNC) 953 continue; 954 955 if (strncmp(sym->name, "__cfi_", 6)) 956 continue; 957 958 idx++; 959 } 960 961 sec = elf_create_section(file->elf, ".cfi_sites", 0, sizeof(unsigned int), idx); 962 if (!sec) 963 return -1; 964 965 idx = 0; 966 for_each_sym(file, sym) { 967 if (sym->type != STT_FUNC) 968 continue; 969 970 if (strncmp(sym->name, "__cfi_", 6)) 971 continue; 972 973 loc = (unsigned int *)sec->data->d_buf + idx; 974 memset(loc, 0, sizeof(unsigned int)); 975 976 if (elf_add_reloc_to_insn(file->elf, sec, 977 idx * sizeof(unsigned int), 978 R_X86_64_PC32, 979 sym->sec, sym->offset)) 980 return -1; 981 982 idx++; 983 } 984 985 return 0; 986 } 987 988 static int create_mcount_loc_sections(struct objtool_file *file) 989 { 990 int addrsize = elf_class_addrsize(file->elf); 991 struct instruction *insn; 992 struct section *sec; 993 int idx; 994 995 sec = find_section_by_name(file->elf, "__mcount_loc"); 996 if (sec) { 997 INIT_LIST_HEAD(&file->mcount_loc_list); 998 WARN("file already has __mcount_loc section, skipping"); 999 return 0; 1000 } 1001 1002 if (list_empty(&file->mcount_loc_list)) 1003 return 0; 1004 1005 idx = 0; 1006 list_for_each_entry(insn, &file->mcount_loc_list, call_node) 1007 idx++; 1008 1009 sec = elf_create_section(file->elf, "__mcount_loc", 0, addrsize, idx); 1010 if (!sec) 1011 return -1; 1012 1013 sec->sh.sh_addralign = addrsize; 1014 1015 idx = 0; 1016 list_for_each_entry(insn, &file->mcount_loc_list, call_node) { 1017 void *loc; 1018 1019 loc = sec->data->d_buf + idx; 1020 memset(loc, 0, addrsize); 1021 1022 if (elf_add_reloc_to_insn(file->elf, sec, idx, 1023 addrsize == sizeof(u64) ? R_ABS64 : R_ABS32, 1024 insn->sec, insn->offset)) 1025 return -1; 1026 1027 idx += addrsize; 1028 } 1029 1030 return 0; 1031 } 1032 1033 static int create_direct_call_sections(struct objtool_file *file) 1034 { 1035 struct instruction *insn; 1036 struct section *sec; 1037 unsigned int *loc; 1038 int idx; 1039 1040 sec = find_section_by_name(file->elf, ".call_sites"); 1041 if (sec) { 1042 INIT_LIST_HEAD(&file->call_list); 1043 WARN("file already has .call_sites section, skipping"); 1044 return 0; 1045 } 1046 1047 if (list_empty(&file->call_list)) 1048 return 0; 1049 1050 idx = 0; 1051 list_for_each_entry(insn, &file->call_list, call_node) 1052 idx++; 1053 1054 sec = elf_create_section(file->elf, ".call_sites", 0, sizeof(unsigned int), idx); 1055 if (!sec) 1056 return -1; 1057 1058 idx = 0; 1059 list_for_each_entry(insn, &file->call_list, call_node) { 1060 1061 loc = (unsigned int *)sec->data->d_buf + idx; 1062 memset(loc, 0, sizeof(unsigned int)); 1063 1064 if (elf_add_reloc_to_insn(file->elf, sec, 1065 idx * sizeof(unsigned int), 1066 R_X86_64_PC32, 1067 insn->sec, insn->offset)) 1068 return -1; 1069 1070 idx++; 1071 } 1072 1073 return 0; 1074 } 1075 1076 /* 1077 * Warnings shouldn't be reported for ignored functions. 1078 */ 1079 static void add_ignores(struct objtool_file *file) 1080 { 1081 struct instruction *insn; 1082 struct section *sec; 1083 struct symbol *func; 1084 struct reloc *reloc; 1085 1086 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard"); 1087 if (!sec) 1088 return; 1089 1090 list_for_each_entry(reloc, &sec->reloc_list, list) { 1091 switch (reloc->sym->type) { 1092 case STT_FUNC: 1093 func = reloc->sym; 1094 break; 1095 1096 case STT_SECTION: 1097 func = find_func_by_offset(reloc->sym->sec, reloc->addend); 1098 if (!func) 1099 continue; 1100 break; 1101 1102 default: 1103 WARN("unexpected relocation symbol type in %s: %d", sec->name, reloc->sym->type); 1104 continue; 1105 } 1106 1107 func_for_each_insn(file, func, insn) 1108 insn->ignore = true; 1109 } 1110 } 1111 1112 /* 1113 * This is a whitelist of functions that is allowed to be called with AC set. 1114 * The list is meant to be minimal and only contains compiler instrumentation 1115 * ABI and a few functions used to implement *_{to,from}_user() functions. 1116 * 1117 * These functions must not directly change AC, but may PUSHF/POPF. 1118 */ 1119 static const char *uaccess_safe_builtin[] = { 1120 /* KASAN */ 1121 "kasan_report", 1122 "kasan_check_range", 1123 /* KASAN out-of-line */ 1124 "__asan_loadN_noabort", 1125 "__asan_load1_noabort", 1126 "__asan_load2_noabort", 1127 "__asan_load4_noabort", 1128 "__asan_load8_noabort", 1129 "__asan_load16_noabort", 1130 "__asan_storeN_noabort", 1131 "__asan_store1_noabort", 1132 "__asan_store2_noabort", 1133 "__asan_store4_noabort", 1134 "__asan_store8_noabort", 1135 "__asan_store16_noabort", 1136 "__kasan_check_read", 1137 "__kasan_check_write", 1138 /* KASAN in-line */ 1139 "__asan_report_load_n_noabort", 1140 "__asan_report_load1_noabort", 1141 "__asan_report_load2_noabort", 1142 "__asan_report_load4_noabort", 1143 "__asan_report_load8_noabort", 1144 "__asan_report_load16_noabort", 1145 "__asan_report_store_n_noabort", 1146 "__asan_report_store1_noabort", 1147 "__asan_report_store2_noabort", 1148 "__asan_report_store4_noabort", 1149 "__asan_report_store8_noabort", 1150 "__asan_report_store16_noabort", 1151 /* KCSAN */ 1152 "__kcsan_check_access", 1153 "__kcsan_mb", 1154 "__kcsan_wmb", 1155 "__kcsan_rmb", 1156 "__kcsan_release", 1157 "kcsan_found_watchpoint", 1158 "kcsan_setup_watchpoint", 1159 "kcsan_check_scoped_accesses", 1160 "kcsan_disable_current", 1161 "kcsan_enable_current_nowarn", 1162 /* KCSAN/TSAN */ 1163 "__tsan_func_entry", 1164 "__tsan_func_exit", 1165 "__tsan_read_range", 1166 "__tsan_write_range", 1167 "__tsan_read1", 1168 "__tsan_read2", 1169 "__tsan_read4", 1170 "__tsan_read8", 1171 "__tsan_read16", 1172 "__tsan_write1", 1173 "__tsan_write2", 1174 "__tsan_write4", 1175 "__tsan_write8", 1176 "__tsan_write16", 1177 "__tsan_read_write1", 1178 "__tsan_read_write2", 1179 "__tsan_read_write4", 1180 "__tsan_read_write8", 1181 "__tsan_read_write16", 1182 "__tsan_volatile_read1", 1183 "__tsan_volatile_read2", 1184 "__tsan_volatile_read4", 1185 "__tsan_volatile_read8", 1186 "__tsan_volatile_read16", 1187 "__tsan_volatile_write1", 1188 "__tsan_volatile_write2", 1189 "__tsan_volatile_write4", 1190 "__tsan_volatile_write8", 1191 "__tsan_volatile_write16", 1192 "__tsan_atomic8_load", 1193 "__tsan_atomic16_load", 1194 "__tsan_atomic32_load", 1195 "__tsan_atomic64_load", 1196 "__tsan_atomic8_store", 1197 "__tsan_atomic16_store", 1198 "__tsan_atomic32_store", 1199 "__tsan_atomic64_store", 1200 "__tsan_atomic8_exchange", 1201 "__tsan_atomic16_exchange", 1202 "__tsan_atomic32_exchange", 1203 "__tsan_atomic64_exchange", 1204 "__tsan_atomic8_fetch_add", 1205 "__tsan_atomic16_fetch_add", 1206 "__tsan_atomic32_fetch_add", 1207 "__tsan_atomic64_fetch_add", 1208 "__tsan_atomic8_fetch_sub", 1209 "__tsan_atomic16_fetch_sub", 1210 "__tsan_atomic32_fetch_sub", 1211 "__tsan_atomic64_fetch_sub", 1212 "__tsan_atomic8_fetch_and", 1213 "__tsan_atomic16_fetch_and", 1214 "__tsan_atomic32_fetch_and", 1215 "__tsan_atomic64_fetch_and", 1216 "__tsan_atomic8_fetch_or", 1217 "__tsan_atomic16_fetch_or", 1218 "__tsan_atomic32_fetch_or", 1219 "__tsan_atomic64_fetch_or", 1220 "__tsan_atomic8_fetch_xor", 1221 "__tsan_atomic16_fetch_xor", 1222 "__tsan_atomic32_fetch_xor", 1223 "__tsan_atomic64_fetch_xor", 1224 "__tsan_atomic8_fetch_nand", 1225 "__tsan_atomic16_fetch_nand", 1226 "__tsan_atomic32_fetch_nand", 1227 "__tsan_atomic64_fetch_nand", 1228 "__tsan_atomic8_compare_exchange_strong", 1229 "__tsan_atomic16_compare_exchange_strong", 1230 "__tsan_atomic32_compare_exchange_strong", 1231 "__tsan_atomic64_compare_exchange_strong", 1232 "__tsan_atomic8_compare_exchange_weak", 1233 "__tsan_atomic16_compare_exchange_weak", 1234 "__tsan_atomic32_compare_exchange_weak", 1235 "__tsan_atomic64_compare_exchange_weak", 1236 "__tsan_atomic8_compare_exchange_val", 1237 "__tsan_atomic16_compare_exchange_val", 1238 "__tsan_atomic32_compare_exchange_val", 1239 "__tsan_atomic64_compare_exchange_val", 1240 "__tsan_atomic_thread_fence", 1241 "__tsan_atomic_signal_fence", 1242 "__tsan_unaligned_read16", 1243 "__tsan_unaligned_write16", 1244 /* KCOV */ 1245 "write_comp_data", 1246 "check_kcov_mode", 1247 "__sanitizer_cov_trace_pc", 1248 "__sanitizer_cov_trace_const_cmp1", 1249 "__sanitizer_cov_trace_const_cmp2", 1250 "__sanitizer_cov_trace_const_cmp4", 1251 "__sanitizer_cov_trace_const_cmp8", 1252 "__sanitizer_cov_trace_cmp1", 1253 "__sanitizer_cov_trace_cmp2", 1254 "__sanitizer_cov_trace_cmp4", 1255 "__sanitizer_cov_trace_cmp8", 1256 "__sanitizer_cov_trace_switch", 1257 /* KMSAN */ 1258 "kmsan_copy_to_user", 1259 "kmsan_report", 1260 "kmsan_unpoison_entry_regs", 1261 "kmsan_unpoison_memory", 1262 "__msan_chain_origin", 1263 "__msan_get_context_state", 1264 "__msan_instrument_asm_store", 1265 "__msan_metadata_ptr_for_load_1", 1266 "__msan_metadata_ptr_for_load_2", 1267 "__msan_metadata_ptr_for_load_4", 1268 "__msan_metadata_ptr_for_load_8", 1269 "__msan_metadata_ptr_for_load_n", 1270 "__msan_metadata_ptr_for_store_1", 1271 "__msan_metadata_ptr_for_store_2", 1272 "__msan_metadata_ptr_for_store_4", 1273 "__msan_metadata_ptr_for_store_8", 1274 "__msan_metadata_ptr_for_store_n", 1275 "__msan_poison_alloca", 1276 "__msan_warning", 1277 /* UBSAN */ 1278 "ubsan_type_mismatch_common", 1279 "__ubsan_handle_type_mismatch", 1280 "__ubsan_handle_type_mismatch_v1", 1281 "__ubsan_handle_shift_out_of_bounds", 1282 "__ubsan_handle_load_invalid_value", 1283 /* STACKLEAK */ 1284 "stackleak_track_stack", 1285 /* misc */ 1286 "csum_partial_copy_generic", 1287 "copy_mc_fragile", 1288 "copy_mc_fragile_handle_tail", 1289 "copy_mc_enhanced_fast_string", 1290 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */ 1291 "rep_stos_alternative", 1292 "rep_movs_alternative", 1293 "__copy_user_nocache", 1294 NULL 1295 }; 1296 1297 static void add_uaccess_safe(struct objtool_file *file) 1298 { 1299 struct symbol *func; 1300 const char **name; 1301 1302 if (!opts.uaccess) 1303 return; 1304 1305 for (name = uaccess_safe_builtin; *name; name++) { 1306 func = find_symbol_by_name(file->elf, *name); 1307 if (!func) 1308 continue; 1309 1310 func->uaccess_safe = true; 1311 } 1312 } 1313 1314 /* 1315 * FIXME: For now, just ignore any alternatives which add retpolines. This is 1316 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline. 1317 * But it at least allows objtool to understand the control flow *around* the 1318 * retpoline. 1319 */ 1320 static int add_ignore_alternatives(struct objtool_file *file) 1321 { 1322 struct section *sec; 1323 struct reloc *reloc; 1324 struct instruction *insn; 1325 1326 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts"); 1327 if (!sec) 1328 return 0; 1329 1330 list_for_each_entry(reloc, &sec->reloc_list, list) { 1331 if (reloc->sym->type != STT_SECTION) { 1332 WARN("unexpected relocation symbol type in %s", sec->name); 1333 return -1; 1334 } 1335 1336 insn = find_insn(file, reloc->sym->sec, reloc->addend); 1337 if (!insn) { 1338 WARN("bad .discard.ignore_alts entry"); 1339 return -1; 1340 } 1341 1342 insn->ignore_alts = true; 1343 } 1344 1345 return 0; 1346 } 1347 1348 __weak bool arch_is_retpoline(struct symbol *sym) 1349 { 1350 return false; 1351 } 1352 1353 __weak bool arch_is_rethunk(struct symbol *sym) 1354 { 1355 return false; 1356 } 1357 1358 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn) 1359 { 1360 struct reloc *reloc; 1361 1362 if (insn->no_reloc) 1363 return NULL; 1364 1365 if (!file) 1366 return NULL; 1367 1368 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 1369 insn->offset, insn->len); 1370 if (!reloc) { 1371 insn->no_reloc = 1; 1372 return NULL; 1373 } 1374 1375 return reloc; 1376 } 1377 1378 static void remove_insn_ops(struct instruction *insn) 1379 { 1380 struct stack_op *op, *next; 1381 1382 for (op = insn->stack_ops; op; op = next) { 1383 next = op->next; 1384 free(op); 1385 } 1386 insn->stack_ops = NULL; 1387 } 1388 1389 static void annotate_call_site(struct objtool_file *file, 1390 struct instruction *insn, bool sibling) 1391 { 1392 struct reloc *reloc = insn_reloc(file, insn); 1393 struct symbol *sym = insn_call_dest(insn); 1394 1395 if (!sym) 1396 sym = reloc->sym; 1397 1398 /* 1399 * Alternative replacement code is just template code which is 1400 * sometimes copied to the original instruction. For now, don't 1401 * annotate it. (In the future we might consider annotating the 1402 * original instruction if/when it ever makes sense to do so.) 1403 */ 1404 if (!strcmp(insn->sec->name, ".altinstr_replacement")) 1405 return; 1406 1407 if (sym->static_call_tramp) { 1408 list_add_tail(&insn->call_node, &file->static_call_list); 1409 return; 1410 } 1411 1412 if (sym->retpoline_thunk) { 1413 list_add_tail(&insn->call_node, &file->retpoline_call_list); 1414 return; 1415 } 1416 1417 /* 1418 * Many compilers cannot disable KCOV or sanitizer calls with a function 1419 * attribute so they need a little help, NOP out any such calls from 1420 * noinstr text. 1421 */ 1422 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) { 1423 if (reloc) { 1424 reloc->type = R_NONE; 1425 elf_write_reloc(file->elf, reloc); 1426 } 1427 1428 elf_write_insn(file->elf, insn->sec, 1429 insn->offset, insn->len, 1430 sibling ? arch_ret_insn(insn->len) 1431 : arch_nop_insn(insn->len)); 1432 1433 insn->type = sibling ? INSN_RETURN : INSN_NOP; 1434 1435 if (sibling) { 1436 /* 1437 * We've replaced the tail-call JMP insn by two new 1438 * insn: RET; INT3, except we only have a single struct 1439 * insn here. Mark it retpoline_safe to avoid the SLS 1440 * warning, instead of adding another insn. 1441 */ 1442 insn->retpoline_safe = true; 1443 } 1444 1445 return; 1446 } 1447 1448 if (opts.mcount && sym->fentry) { 1449 if (sibling) 1450 WARN_INSN(insn, "tail call to __fentry__ !?!?"); 1451 if (opts.mnop) { 1452 if (reloc) { 1453 reloc->type = R_NONE; 1454 elf_write_reloc(file->elf, reloc); 1455 } 1456 1457 elf_write_insn(file->elf, insn->sec, 1458 insn->offset, insn->len, 1459 arch_nop_insn(insn->len)); 1460 1461 insn->type = INSN_NOP; 1462 } 1463 1464 list_add_tail(&insn->call_node, &file->mcount_loc_list); 1465 return; 1466 } 1467 1468 if (insn->type == INSN_CALL && !insn->sec->init) 1469 list_add_tail(&insn->call_node, &file->call_list); 1470 1471 if (!sibling && dead_end_function(file, sym)) 1472 insn->dead_end = true; 1473 } 1474 1475 static void add_call_dest(struct objtool_file *file, struct instruction *insn, 1476 struct symbol *dest, bool sibling) 1477 { 1478 insn->_call_dest = dest; 1479 if (!dest) 1480 return; 1481 1482 /* 1483 * Whatever stack impact regular CALLs have, should be undone 1484 * by the RETURN of the called function. 1485 * 1486 * Annotated intra-function calls retain the stack_ops but 1487 * are converted to JUMP, see read_intra_function_calls(). 1488 */ 1489 remove_insn_ops(insn); 1490 1491 annotate_call_site(file, insn, sibling); 1492 } 1493 1494 static void add_retpoline_call(struct objtool_file *file, struct instruction *insn) 1495 { 1496 /* 1497 * Retpoline calls/jumps are really dynamic calls/jumps in disguise, 1498 * so convert them accordingly. 1499 */ 1500 switch (insn->type) { 1501 case INSN_CALL: 1502 insn->type = INSN_CALL_DYNAMIC; 1503 break; 1504 case INSN_JUMP_UNCONDITIONAL: 1505 insn->type = INSN_JUMP_DYNAMIC; 1506 break; 1507 case INSN_JUMP_CONDITIONAL: 1508 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL; 1509 break; 1510 default: 1511 return; 1512 } 1513 1514 insn->retpoline_safe = true; 1515 1516 /* 1517 * Whatever stack impact regular CALLs have, should be undone 1518 * by the RETURN of the called function. 1519 * 1520 * Annotated intra-function calls retain the stack_ops but 1521 * are converted to JUMP, see read_intra_function_calls(). 1522 */ 1523 remove_insn_ops(insn); 1524 1525 annotate_call_site(file, insn, false); 1526 } 1527 1528 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add) 1529 { 1530 /* 1531 * Return thunk tail calls are really just returns in disguise, 1532 * so convert them accordingly. 1533 */ 1534 insn->type = INSN_RETURN; 1535 insn->retpoline_safe = true; 1536 1537 if (add) 1538 list_add_tail(&insn->call_node, &file->return_thunk_list); 1539 } 1540 1541 static bool is_first_func_insn(struct objtool_file *file, 1542 struct instruction *insn, struct symbol *sym) 1543 { 1544 if (insn->offset == sym->offset) 1545 return true; 1546 1547 /* Allow direct CALL/JMP past ENDBR */ 1548 if (opts.ibt) { 1549 struct instruction *prev = prev_insn_same_sym(file, insn); 1550 1551 if (prev && prev->type == INSN_ENDBR && 1552 insn->offset == sym->offset + prev->len) 1553 return true; 1554 } 1555 1556 return false; 1557 } 1558 1559 /* 1560 * A sibling call is a tail-call to another symbol -- to differentiate from a 1561 * recursive tail-call which is to the same symbol. 1562 */ 1563 static bool jump_is_sibling_call(struct objtool_file *file, 1564 struct instruction *from, struct instruction *to) 1565 { 1566 struct symbol *fs = from->sym; 1567 struct symbol *ts = to->sym; 1568 1569 /* Not a sibling call if from/to a symbol hole */ 1570 if (!fs || !ts) 1571 return false; 1572 1573 /* Not a sibling call if not targeting the start of a symbol. */ 1574 if (!is_first_func_insn(file, to, ts)) 1575 return false; 1576 1577 /* Disallow sibling calls into STT_NOTYPE */ 1578 if (ts->type == STT_NOTYPE) 1579 return false; 1580 1581 /* Must not be self to be a sibling */ 1582 return fs->pfunc != ts->pfunc; 1583 } 1584 1585 /* 1586 * Find the destination instructions for all jumps. 1587 */ 1588 static int add_jump_destinations(struct objtool_file *file) 1589 { 1590 struct instruction *insn, *jump_dest; 1591 struct reloc *reloc; 1592 struct section *dest_sec; 1593 unsigned long dest_off; 1594 1595 for_each_insn(file, insn) { 1596 if (insn->jump_dest) { 1597 /* 1598 * handle_group_alt() may have previously set 1599 * 'jump_dest' for some alternatives. 1600 */ 1601 continue; 1602 } 1603 if (!is_static_jump(insn)) 1604 continue; 1605 1606 reloc = insn_reloc(file, insn); 1607 if (!reloc) { 1608 dest_sec = insn->sec; 1609 dest_off = arch_jump_destination(insn); 1610 } else if (reloc->sym->type == STT_SECTION) { 1611 dest_sec = reloc->sym->sec; 1612 dest_off = arch_dest_reloc_offset(reloc->addend); 1613 } else if (reloc->sym->retpoline_thunk) { 1614 add_retpoline_call(file, insn); 1615 continue; 1616 } else if (reloc->sym->return_thunk) { 1617 add_return_call(file, insn, true); 1618 continue; 1619 } else if (insn_func(insn)) { 1620 /* 1621 * External sibling call or internal sibling call with 1622 * STT_FUNC reloc. 1623 */ 1624 add_call_dest(file, insn, reloc->sym, true); 1625 continue; 1626 } else if (reloc->sym->sec->idx) { 1627 dest_sec = reloc->sym->sec; 1628 dest_off = reloc->sym->sym.st_value + 1629 arch_dest_reloc_offset(reloc->addend); 1630 } else { 1631 /* non-func asm code jumping to another file */ 1632 continue; 1633 } 1634 1635 jump_dest = find_insn(file, dest_sec, dest_off); 1636 if (!jump_dest) { 1637 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off); 1638 1639 /* 1640 * This is a special case for zen_untrain_ret(). 1641 * It jumps to __x86_return_thunk(), but objtool 1642 * can't find the thunk's starting RET 1643 * instruction, because the RET is also in the 1644 * middle of another instruction. Objtool only 1645 * knows about the outer instruction. 1646 */ 1647 if (sym && sym->return_thunk) { 1648 add_return_call(file, insn, false); 1649 continue; 1650 } 1651 1652 WARN_INSN(insn, "can't find jump dest instruction at %s+0x%lx", 1653 dest_sec->name, dest_off); 1654 return -1; 1655 } 1656 1657 /* 1658 * Cross-function jump. 1659 */ 1660 if (insn_func(insn) && insn_func(jump_dest) && 1661 insn_func(insn) != insn_func(jump_dest)) { 1662 1663 /* 1664 * For GCC 8+, create parent/child links for any cold 1665 * subfunctions. This is _mostly_ redundant with a 1666 * similar initialization in read_symbols(). 1667 * 1668 * If a function has aliases, we want the *first* such 1669 * function in the symbol table to be the subfunction's 1670 * parent. In that case we overwrite the 1671 * initialization done in read_symbols(). 1672 * 1673 * However this code can't completely replace the 1674 * read_symbols() code because this doesn't detect the 1675 * case where the parent function's only reference to a 1676 * subfunction is through a jump table. 1677 */ 1678 if (!strstr(insn_func(insn)->name, ".cold") && 1679 strstr(insn_func(jump_dest)->name, ".cold")) { 1680 insn_func(insn)->cfunc = insn_func(jump_dest); 1681 insn_func(jump_dest)->pfunc = insn_func(insn); 1682 } 1683 } 1684 1685 if (jump_is_sibling_call(file, insn, jump_dest)) { 1686 /* 1687 * Internal sibling call without reloc or with 1688 * STT_SECTION reloc. 1689 */ 1690 add_call_dest(file, insn, insn_func(jump_dest), true); 1691 continue; 1692 } 1693 1694 insn->jump_dest = jump_dest; 1695 } 1696 1697 return 0; 1698 } 1699 1700 static struct symbol *find_call_destination(struct section *sec, unsigned long offset) 1701 { 1702 struct symbol *call_dest; 1703 1704 call_dest = find_func_by_offset(sec, offset); 1705 if (!call_dest) 1706 call_dest = find_symbol_by_offset(sec, offset); 1707 1708 return call_dest; 1709 } 1710 1711 /* 1712 * Find the destination instructions for all calls. 1713 */ 1714 static int add_call_destinations(struct objtool_file *file) 1715 { 1716 struct instruction *insn; 1717 unsigned long dest_off; 1718 struct symbol *dest; 1719 struct reloc *reloc; 1720 1721 for_each_insn(file, insn) { 1722 if (insn->type != INSN_CALL) 1723 continue; 1724 1725 reloc = insn_reloc(file, insn); 1726 if (!reloc) { 1727 dest_off = arch_jump_destination(insn); 1728 dest = find_call_destination(insn->sec, dest_off); 1729 1730 add_call_dest(file, insn, dest, false); 1731 1732 if (insn->ignore) 1733 continue; 1734 1735 if (!insn_call_dest(insn)) { 1736 WARN_INSN(insn, "unannotated intra-function call"); 1737 return -1; 1738 } 1739 1740 if (insn_func(insn) && insn_call_dest(insn)->type != STT_FUNC) { 1741 WARN_INSN(insn, "unsupported call to non-function"); 1742 return -1; 1743 } 1744 1745 } else if (reloc->sym->type == STT_SECTION) { 1746 dest_off = arch_dest_reloc_offset(reloc->addend); 1747 dest = find_call_destination(reloc->sym->sec, dest_off); 1748 if (!dest) { 1749 WARN_INSN(insn, "can't find call dest symbol at %s+0x%lx", 1750 reloc->sym->sec->name, dest_off); 1751 return -1; 1752 } 1753 1754 add_call_dest(file, insn, dest, false); 1755 1756 } else if (reloc->sym->retpoline_thunk) { 1757 add_retpoline_call(file, insn); 1758 1759 } else 1760 add_call_dest(file, insn, reloc->sym, false); 1761 } 1762 1763 return 0; 1764 } 1765 1766 /* 1767 * The .alternatives section requires some extra special care over and above 1768 * other special sections because alternatives are patched in place. 1769 */ 1770 static int handle_group_alt(struct objtool_file *file, 1771 struct special_alt *special_alt, 1772 struct instruction *orig_insn, 1773 struct instruction **new_insn) 1774 { 1775 struct instruction *last_new_insn = NULL, *insn, *nop = NULL; 1776 struct alt_group *orig_alt_group, *new_alt_group; 1777 unsigned long dest_off; 1778 1779 orig_alt_group = orig_insn->alt_group; 1780 if (!orig_alt_group) { 1781 struct instruction *last_orig_insn = NULL; 1782 1783 orig_alt_group = malloc(sizeof(*orig_alt_group)); 1784 if (!orig_alt_group) { 1785 WARN("malloc failed"); 1786 return -1; 1787 } 1788 orig_alt_group->cfi = calloc(special_alt->orig_len, 1789 sizeof(struct cfi_state *)); 1790 if (!orig_alt_group->cfi) { 1791 WARN("calloc failed"); 1792 return -1; 1793 } 1794 1795 insn = orig_insn; 1796 sec_for_each_insn_from(file, insn) { 1797 if (insn->offset >= special_alt->orig_off + special_alt->orig_len) 1798 break; 1799 1800 insn->alt_group = orig_alt_group; 1801 last_orig_insn = insn; 1802 } 1803 orig_alt_group->orig_group = NULL; 1804 orig_alt_group->first_insn = orig_insn; 1805 orig_alt_group->last_insn = last_orig_insn; 1806 orig_alt_group->nop = NULL; 1807 } else { 1808 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len - 1809 orig_alt_group->first_insn->offset != special_alt->orig_len) { 1810 WARN_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d", 1811 orig_alt_group->last_insn->offset + 1812 orig_alt_group->last_insn->len - 1813 orig_alt_group->first_insn->offset, 1814 special_alt->orig_len); 1815 return -1; 1816 } 1817 } 1818 1819 new_alt_group = malloc(sizeof(*new_alt_group)); 1820 if (!new_alt_group) { 1821 WARN("malloc failed"); 1822 return -1; 1823 } 1824 1825 if (special_alt->new_len < special_alt->orig_len) { 1826 /* 1827 * Insert a fake nop at the end to make the replacement 1828 * alt_group the same size as the original. This is needed to 1829 * allow propagate_alt_cfi() to do its magic. When the last 1830 * instruction affects the stack, the instruction after it (the 1831 * nop) will propagate the new state to the shared CFI array. 1832 */ 1833 nop = malloc(sizeof(*nop)); 1834 if (!nop) { 1835 WARN("malloc failed"); 1836 return -1; 1837 } 1838 memset(nop, 0, sizeof(*nop)); 1839 1840 nop->sec = special_alt->new_sec; 1841 nop->offset = special_alt->new_off + special_alt->new_len; 1842 nop->len = special_alt->orig_len - special_alt->new_len; 1843 nop->type = INSN_NOP; 1844 nop->sym = orig_insn->sym; 1845 nop->alt_group = new_alt_group; 1846 nop->ignore = orig_insn->ignore_alts; 1847 } 1848 1849 if (!special_alt->new_len) { 1850 *new_insn = nop; 1851 goto end; 1852 } 1853 1854 insn = *new_insn; 1855 sec_for_each_insn_from(file, insn) { 1856 struct reloc *alt_reloc; 1857 1858 if (insn->offset >= special_alt->new_off + special_alt->new_len) 1859 break; 1860 1861 last_new_insn = insn; 1862 1863 insn->ignore = orig_insn->ignore_alts; 1864 insn->sym = orig_insn->sym; 1865 insn->alt_group = new_alt_group; 1866 1867 /* 1868 * Since alternative replacement code is copy/pasted by the 1869 * kernel after applying relocations, generally such code can't 1870 * have relative-address relocation references to outside the 1871 * .altinstr_replacement section, unless the arch's 1872 * alternatives code can adjust the relative offsets 1873 * accordingly. 1874 */ 1875 alt_reloc = insn_reloc(file, insn); 1876 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) && 1877 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) { 1878 1879 WARN_INSN(insn, "unsupported relocation in alternatives section"); 1880 return -1; 1881 } 1882 1883 if (!is_static_jump(insn)) 1884 continue; 1885 1886 if (!insn->immediate) 1887 continue; 1888 1889 dest_off = arch_jump_destination(insn); 1890 if (dest_off == special_alt->new_off + special_alt->new_len) { 1891 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn); 1892 if (!insn->jump_dest) { 1893 WARN_INSN(insn, "can't find alternative jump destination"); 1894 return -1; 1895 } 1896 } 1897 } 1898 1899 if (!last_new_insn) { 1900 WARN_FUNC("can't find last new alternative instruction", 1901 special_alt->new_sec, special_alt->new_off); 1902 return -1; 1903 } 1904 1905 end: 1906 new_alt_group->orig_group = orig_alt_group; 1907 new_alt_group->first_insn = *new_insn; 1908 new_alt_group->last_insn = last_new_insn; 1909 new_alt_group->nop = nop; 1910 new_alt_group->cfi = orig_alt_group->cfi; 1911 return 0; 1912 } 1913 1914 /* 1915 * A jump table entry can either convert a nop to a jump or a jump to a nop. 1916 * If the original instruction is a jump, make the alt entry an effective nop 1917 * by just skipping the original instruction. 1918 */ 1919 static int handle_jump_alt(struct objtool_file *file, 1920 struct special_alt *special_alt, 1921 struct instruction *orig_insn, 1922 struct instruction **new_insn) 1923 { 1924 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL && 1925 orig_insn->type != INSN_NOP) { 1926 1927 WARN_INSN(orig_insn, "unsupported instruction at jump label"); 1928 return -1; 1929 } 1930 1931 if (opts.hack_jump_label && special_alt->key_addend & 2) { 1932 struct reloc *reloc = insn_reloc(file, orig_insn); 1933 1934 if (reloc) { 1935 reloc->type = R_NONE; 1936 elf_write_reloc(file->elf, reloc); 1937 } 1938 elf_write_insn(file->elf, orig_insn->sec, 1939 orig_insn->offset, orig_insn->len, 1940 arch_nop_insn(orig_insn->len)); 1941 orig_insn->type = INSN_NOP; 1942 } 1943 1944 if (orig_insn->type == INSN_NOP) { 1945 if (orig_insn->len == 2) 1946 file->jl_nop_short++; 1947 else 1948 file->jl_nop_long++; 1949 1950 return 0; 1951 } 1952 1953 if (orig_insn->len == 2) 1954 file->jl_short++; 1955 else 1956 file->jl_long++; 1957 1958 *new_insn = next_insn_same_sec(file, orig_insn); 1959 return 0; 1960 } 1961 1962 /* 1963 * Read all the special sections which have alternate instructions which can be 1964 * patched in or redirected to at runtime. Each instruction having alternate 1965 * instruction(s) has them added to its insn->alts list, which will be 1966 * traversed in validate_branch(). 1967 */ 1968 static int add_special_section_alts(struct objtool_file *file) 1969 { 1970 struct list_head special_alts; 1971 struct instruction *orig_insn, *new_insn; 1972 struct special_alt *special_alt, *tmp; 1973 struct alternative *alt; 1974 int ret; 1975 1976 ret = special_get_alts(file->elf, &special_alts); 1977 if (ret) 1978 return ret; 1979 1980 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) { 1981 1982 orig_insn = find_insn(file, special_alt->orig_sec, 1983 special_alt->orig_off); 1984 if (!orig_insn) { 1985 WARN_FUNC("special: can't find orig instruction", 1986 special_alt->orig_sec, special_alt->orig_off); 1987 ret = -1; 1988 goto out; 1989 } 1990 1991 new_insn = NULL; 1992 if (!special_alt->group || special_alt->new_len) { 1993 new_insn = find_insn(file, special_alt->new_sec, 1994 special_alt->new_off); 1995 if (!new_insn) { 1996 WARN_FUNC("special: can't find new instruction", 1997 special_alt->new_sec, 1998 special_alt->new_off); 1999 ret = -1; 2000 goto out; 2001 } 2002 } 2003 2004 if (special_alt->group) { 2005 if (!special_alt->orig_len) { 2006 WARN_INSN(orig_insn, "empty alternative entry"); 2007 continue; 2008 } 2009 2010 ret = handle_group_alt(file, special_alt, orig_insn, 2011 &new_insn); 2012 if (ret) 2013 goto out; 2014 } else if (special_alt->jump_or_nop) { 2015 ret = handle_jump_alt(file, special_alt, orig_insn, 2016 &new_insn); 2017 if (ret) 2018 goto out; 2019 } 2020 2021 alt = malloc(sizeof(*alt)); 2022 if (!alt) { 2023 WARN("malloc failed"); 2024 ret = -1; 2025 goto out; 2026 } 2027 2028 alt->insn = new_insn; 2029 alt->skip_orig = special_alt->skip_orig; 2030 orig_insn->ignore_alts |= special_alt->skip_alt; 2031 alt->next = orig_insn->alts; 2032 orig_insn->alts = alt; 2033 2034 list_del(&special_alt->list); 2035 free(special_alt); 2036 } 2037 2038 if (opts.stats) { 2039 printf("jl\\\tNOP\tJMP\n"); 2040 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short); 2041 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long); 2042 } 2043 2044 out: 2045 return ret; 2046 } 2047 2048 static int add_jump_table(struct objtool_file *file, struct instruction *insn, 2049 struct reloc *table) 2050 { 2051 struct reloc *reloc = table; 2052 struct instruction *dest_insn; 2053 struct alternative *alt; 2054 struct symbol *pfunc = insn_func(insn)->pfunc; 2055 unsigned int prev_offset = 0; 2056 2057 /* 2058 * Each @reloc is a switch table relocation which points to the target 2059 * instruction. 2060 */ 2061 list_for_each_entry_from(reloc, &table->sec->reloc_list, list) { 2062 2063 /* Check for the end of the table: */ 2064 if (reloc != table && reloc->jump_table_start) 2065 break; 2066 2067 /* Make sure the table entries are consecutive: */ 2068 if (prev_offset && reloc->offset != prev_offset + 8) 2069 break; 2070 2071 /* Detect function pointers from contiguous objects: */ 2072 if (reloc->sym->sec == pfunc->sec && 2073 reloc->addend == pfunc->offset) 2074 break; 2075 2076 dest_insn = find_insn(file, reloc->sym->sec, reloc->addend); 2077 if (!dest_insn) 2078 break; 2079 2080 /* Make sure the destination is in the same function: */ 2081 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc) 2082 break; 2083 2084 alt = malloc(sizeof(*alt)); 2085 if (!alt) { 2086 WARN("malloc failed"); 2087 return -1; 2088 } 2089 2090 alt->insn = dest_insn; 2091 alt->next = insn->alts; 2092 insn->alts = alt; 2093 prev_offset = reloc->offset; 2094 } 2095 2096 if (!prev_offset) { 2097 WARN_INSN(insn, "can't find switch jump table"); 2098 return -1; 2099 } 2100 2101 return 0; 2102 } 2103 2104 /* 2105 * find_jump_table() - Given a dynamic jump, find the switch jump table 2106 * associated with it. 2107 */ 2108 static struct reloc *find_jump_table(struct objtool_file *file, 2109 struct symbol *func, 2110 struct instruction *insn) 2111 { 2112 struct reloc *table_reloc; 2113 struct instruction *dest_insn, *orig_insn = insn; 2114 2115 /* 2116 * Backward search using the @first_jump_src links, these help avoid 2117 * much of the 'in between' code. Which avoids us getting confused by 2118 * it. 2119 */ 2120 for (; 2121 insn && insn_func(insn) && insn_func(insn)->pfunc == func; 2122 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { 2123 2124 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC) 2125 break; 2126 2127 /* allow small jumps within the range */ 2128 if (insn->type == INSN_JUMP_UNCONDITIONAL && 2129 insn->jump_dest && 2130 (insn->jump_dest->offset <= insn->offset || 2131 insn->jump_dest->offset > orig_insn->offset)) 2132 break; 2133 2134 table_reloc = arch_find_switch_table(file, insn); 2135 if (!table_reloc) 2136 continue; 2137 dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend); 2138 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func) 2139 continue; 2140 2141 return table_reloc; 2142 } 2143 2144 return NULL; 2145 } 2146 2147 /* 2148 * First pass: Mark the head of each jump table so that in the next pass, 2149 * we know when a given jump table ends and the next one starts. 2150 */ 2151 static void mark_func_jump_tables(struct objtool_file *file, 2152 struct symbol *func) 2153 { 2154 struct instruction *insn, *last = NULL; 2155 struct reloc *reloc; 2156 2157 func_for_each_insn(file, func, insn) { 2158 if (!last) 2159 last = insn; 2160 2161 /* 2162 * Store back-pointers for unconditional forward jumps such 2163 * that find_jump_table() can back-track using those and 2164 * avoid some potentially confusing code. 2165 */ 2166 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest && 2167 insn->offset > last->offset && 2168 insn->jump_dest->offset > insn->offset && 2169 !insn->jump_dest->first_jump_src) { 2170 2171 insn->jump_dest->first_jump_src = insn; 2172 last = insn->jump_dest; 2173 } 2174 2175 if (insn->type != INSN_JUMP_DYNAMIC) 2176 continue; 2177 2178 reloc = find_jump_table(file, func, insn); 2179 if (reloc) { 2180 reloc->jump_table_start = true; 2181 insn->_jump_table = reloc; 2182 } 2183 } 2184 } 2185 2186 static int add_func_jump_tables(struct objtool_file *file, 2187 struct symbol *func) 2188 { 2189 struct instruction *insn; 2190 int ret; 2191 2192 func_for_each_insn(file, func, insn) { 2193 if (!insn_jump_table(insn)) 2194 continue; 2195 2196 ret = add_jump_table(file, insn, insn_jump_table(insn)); 2197 if (ret) 2198 return ret; 2199 } 2200 2201 return 0; 2202 } 2203 2204 /* 2205 * For some switch statements, gcc generates a jump table in the .rodata 2206 * section which contains a list of addresses within the function to jump to. 2207 * This finds these jump tables and adds them to the insn->alts lists. 2208 */ 2209 static int add_jump_table_alts(struct objtool_file *file) 2210 { 2211 struct symbol *func; 2212 int ret; 2213 2214 if (!file->rodata) 2215 return 0; 2216 2217 for_each_sym(file, func) { 2218 if (func->type != STT_FUNC) 2219 continue; 2220 2221 mark_func_jump_tables(file, func); 2222 ret = add_func_jump_tables(file, func); 2223 if (ret) 2224 return ret; 2225 } 2226 2227 return 0; 2228 } 2229 2230 static void set_func_state(struct cfi_state *state) 2231 { 2232 state->cfa = initial_func_cfi.cfa; 2233 memcpy(&state->regs, &initial_func_cfi.regs, 2234 CFI_NUM_REGS * sizeof(struct cfi_reg)); 2235 state->stack_size = initial_func_cfi.cfa.offset; 2236 state->type = UNWIND_HINT_TYPE_CALL; 2237 } 2238 2239 static int read_unwind_hints(struct objtool_file *file) 2240 { 2241 struct cfi_state cfi = init_cfi; 2242 struct section *sec, *relocsec; 2243 struct unwind_hint *hint; 2244 struct instruction *insn; 2245 struct reloc *reloc; 2246 int i; 2247 2248 sec = find_section_by_name(file->elf, ".discard.unwind_hints"); 2249 if (!sec) 2250 return 0; 2251 2252 relocsec = sec->reloc; 2253 if (!relocsec) { 2254 WARN("missing .rela.discard.unwind_hints section"); 2255 return -1; 2256 } 2257 2258 if (sec->sh.sh_size % sizeof(struct unwind_hint)) { 2259 WARN("struct unwind_hint size mismatch"); 2260 return -1; 2261 } 2262 2263 file->hints = true; 2264 2265 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) { 2266 hint = (struct unwind_hint *)sec->data->d_buf + i; 2267 2268 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint)); 2269 if (!reloc) { 2270 WARN("can't find reloc for unwind_hints[%d]", i); 2271 return -1; 2272 } 2273 2274 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2275 if (!insn) { 2276 WARN("can't find insn for unwind_hints[%d]", i); 2277 return -1; 2278 } 2279 2280 insn->hint = true; 2281 2282 if (hint->type == UNWIND_HINT_TYPE_SAVE) { 2283 insn->hint = false; 2284 insn->save = true; 2285 continue; 2286 } 2287 2288 if (hint->type == UNWIND_HINT_TYPE_RESTORE) { 2289 insn->restore = true; 2290 continue; 2291 } 2292 2293 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) { 2294 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset); 2295 2296 if (sym && sym->bind == STB_GLOBAL) { 2297 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) { 2298 WARN_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR"); 2299 } 2300 } 2301 } 2302 2303 if (hint->type == UNWIND_HINT_TYPE_FUNC) { 2304 insn->cfi = &func_cfi; 2305 continue; 2306 } 2307 2308 if (insn->cfi) 2309 cfi = *(insn->cfi); 2310 2311 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) { 2312 WARN_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg); 2313 return -1; 2314 } 2315 2316 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset); 2317 cfi.type = hint->type; 2318 cfi.signal = hint->signal; 2319 2320 insn->cfi = cfi_hash_find_or_add(&cfi); 2321 } 2322 2323 return 0; 2324 } 2325 2326 static int read_noendbr_hints(struct objtool_file *file) 2327 { 2328 struct section *sec; 2329 struct instruction *insn; 2330 struct reloc *reloc; 2331 2332 sec = find_section_by_name(file->elf, ".rela.discard.noendbr"); 2333 if (!sec) 2334 return 0; 2335 2336 list_for_each_entry(reloc, &sec->reloc_list, list) { 2337 insn = find_insn(file, reloc->sym->sec, reloc->sym->offset + reloc->addend); 2338 if (!insn) { 2339 WARN("bad .discard.noendbr entry"); 2340 return -1; 2341 } 2342 2343 insn->noendbr = 1; 2344 } 2345 2346 return 0; 2347 } 2348 2349 static int read_retpoline_hints(struct objtool_file *file) 2350 { 2351 struct section *sec; 2352 struct instruction *insn; 2353 struct reloc *reloc; 2354 2355 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe"); 2356 if (!sec) 2357 return 0; 2358 2359 list_for_each_entry(reloc, &sec->reloc_list, list) { 2360 if (reloc->sym->type != STT_SECTION) { 2361 WARN("unexpected relocation symbol type in %s", sec->name); 2362 return -1; 2363 } 2364 2365 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2366 if (!insn) { 2367 WARN("bad .discard.retpoline_safe entry"); 2368 return -1; 2369 } 2370 2371 if (insn->type != INSN_JUMP_DYNAMIC && 2372 insn->type != INSN_CALL_DYNAMIC && 2373 insn->type != INSN_RETURN && 2374 insn->type != INSN_NOP) { 2375 WARN_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop"); 2376 return -1; 2377 } 2378 2379 insn->retpoline_safe = true; 2380 } 2381 2382 return 0; 2383 } 2384 2385 static int read_instr_hints(struct objtool_file *file) 2386 { 2387 struct section *sec; 2388 struct instruction *insn; 2389 struct reloc *reloc; 2390 2391 sec = find_section_by_name(file->elf, ".rela.discard.instr_end"); 2392 if (!sec) 2393 return 0; 2394 2395 list_for_each_entry(reloc, &sec->reloc_list, list) { 2396 if (reloc->sym->type != STT_SECTION) { 2397 WARN("unexpected relocation symbol type in %s", sec->name); 2398 return -1; 2399 } 2400 2401 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2402 if (!insn) { 2403 WARN("bad .discard.instr_end entry"); 2404 return -1; 2405 } 2406 2407 insn->instr--; 2408 } 2409 2410 sec = find_section_by_name(file->elf, ".rela.discard.instr_begin"); 2411 if (!sec) 2412 return 0; 2413 2414 list_for_each_entry(reloc, &sec->reloc_list, list) { 2415 if (reloc->sym->type != STT_SECTION) { 2416 WARN("unexpected relocation symbol type in %s", sec->name); 2417 return -1; 2418 } 2419 2420 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2421 if (!insn) { 2422 WARN("bad .discard.instr_begin entry"); 2423 return -1; 2424 } 2425 2426 insn->instr++; 2427 } 2428 2429 return 0; 2430 } 2431 2432 static int read_validate_unret_hints(struct objtool_file *file) 2433 { 2434 struct section *sec; 2435 struct instruction *insn; 2436 struct reloc *reloc; 2437 2438 sec = find_section_by_name(file->elf, ".rela.discard.validate_unret"); 2439 if (!sec) 2440 return 0; 2441 2442 list_for_each_entry(reloc, &sec->reloc_list, list) { 2443 if (reloc->sym->type != STT_SECTION) { 2444 WARN("unexpected relocation symbol type in %s", sec->name); 2445 return -1; 2446 } 2447 2448 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2449 if (!insn) { 2450 WARN("bad .discard.instr_end entry"); 2451 return -1; 2452 } 2453 insn->unret = 1; 2454 } 2455 2456 return 0; 2457 } 2458 2459 2460 static int read_intra_function_calls(struct objtool_file *file) 2461 { 2462 struct instruction *insn; 2463 struct section *sec; 2464 struct reloc *reloc; 2465 2466 sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls"); 2467 if (!sec) 2468 return 0; 2469 2470 list_for_each_entry(reloc, &sec->reloc_list, list) { 2471 unsigned long dest_off; 2472 2473 if (reloc->sym->type != STT_SECTION) { 2474 WARN("unexpected relocation symbol type in %s", 2475 sec->name); 2476 return -1; 2477 } 2478 2479 insn = find_insn(file, reloc->sym->sec, reloc->addend); 2480 if (!insn) { 2481 WARN("bad .discard.intra_function_call entry"); 2482 return -1; 2483 } 2484 2485 if (insn->type != INSN_CALL) { 2486 WARN_INSN(insn, "intra_function_call not a direct call"); 2487 return -1; 2488 } 2489 2490 /* 2491 * Treat intra-function CALLs as JMPs, but with a stack_op. 2492 * See add_call_destinations(), which strips stack_ops from 2493 * normal CALLs. 2494 */ 2495 insn->type = INSN_JUMP_UNCONDITIONAL; 2496 2497 dest_off = arch_jump_destination(insn); 2498 insn->jump_dest = find_insn(file, insn->sec, dest_off); 2499 if (!insn->jump_dest) { 2500 WARN_INSN(insn, "can't find call dest at %s+0x%lx", 2501 insn->sec->name, dest_off); 2502 return -1; 2503 } 2504 } 2505 2506 return 0; 2507 } 2508 2509 /* 2510 * Return true if name matches an instrumentation function, where calls to that 2511 * function from noinstr code can safely be removed, but compilers won't do so. 2512 */ 2513 static bool is_profiling_func(const char *name) 2514 { 2515 /* 2516 * Many compilers cannot disable KCOV with a function attribute. 2517 */ 2518 if (!strncmp(name, "__sanitizer_cov_", 16)) 2519 return true; 2520 2521 /* 2522 * Some compilers currently do not remove __tsan_func_entry/exit nor 2523 * __tsan_atomic_signal_fence (used for barrier instrumentation) with 2524 * the __no_sanitize_thread attribute, remove them. Once the kernel's 2525 * minimum Clang version is 14.0, this can be removed. 2526 */ 2527 if (!strncmp(name, "__tsan_func_", 12) || 2528 !strcmp(name, "__tsan_atomic_signal_fence")) 2529 return true; 2530 2531 return false; 2532 } 2533 2534 static int classify_symbols(struct objtool_file *file) 2535 { 2536 struct symbol *func; 2537 2538 for_each_sym(file, func) { 2539 if (func->bind != STB_GLOBAL) 2540 continue; 2541 2542 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR, 2543 strlen(STATIC_CALL_TRAMP_PREFIX_STR))) 2544 func->static_call_tramp = true; 2545 2546 if (arch_is_retpoline(func)) 2547 func->retpoline_thunk = true; 2548 2549 if (arch_is_rethunk(func)) 2550 func->return_thunk = true; 2551 2552 if (arch_ftrace_match(func->name)) 2553 func->fentry = true; 2554 2555 if (is_profiling_func(func->name)) 2556 func->profiling_func = true; 2557 } 2558 2559 return 0; 2560 } 2561 2562 static void mark_rodata(struct objtool_file *file) 2563 { 2564 struct section *sec; 2565 bool found = false; 2566 2567 /* 2568 * Search for the following rodata sections, each of which can 2569 * potentially contain jump tables: 2570 * 2571 * - .rodata: can contain GCC switch tables 2572 * - .rodata.<func>: same, if -fdata-sections is being used 2573 * - .rodata..c_jump_table: contains C annotated jump tables 2574 * 2575 * .rodata.str1.* sections are ignored; they don't contain jump tables. 2576 */ 2577 for_each_sec(file, sec) { 2578 if (!strncmp(sec->name, ".rodata", 7) && 2579 !strstr(sec->name, ".str1.")) { 2580 sec->rodata = true; 2581 found = true; 2582 } 2583 } 2584 2585 file->rodata = found; 2586 } 2587 2588 static int decode_sections(struct objtool_file *file) 2589 { 2590 int ret; 2591 2592 mark_rodata(file); 2593 2594 ret = init_pv_ops(file); 2595 if (ret) 2596 return ret; 2597 2598 /* 2599 * Must be before add_{jump_call}_destination. 2600 */ 2601 ret = classify_symbols(file); 2602 if (ret) 2603 return ret; 2604 2605 ret = decode_instructions(file); 2606 if (ret) 2607 return ret; 2608 2609 add_ignores(file); 2610 add_uaccess_safe(file); 2611 2612 ret = add_ignore_alternatives(file); 2613 if (ret) 2614 return ret; 2615 2616 /* 2617 * Must be before read_unwind_hints() since that needs insn->noendbr. 2618 */ 2619 ret = read_noendbr_hints(file); 2620 if (ret) 2621 return ret; 2622 2623 /* 2624 * Must be before add_jump_destinations(), which depends on 'func' 2625 * being set for alternatives, to enable proper sibling call detection. 2626 */ 2627 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) { 2628 ret = add_special_section_alts(file); 2629 if (ret) 2630 return ret; 2631 } 2632 2633 ret = add_jump_destinations(file); 2634 if (ret) 2635 return ret; 2636 2637 /* 2638 * Must be before add_call_destination(); it changes INSN_CALL to 2639 * INSN_JUMP. 2640 */ 2641 ret = read_intra_function_calls(file); 2642 if (ret) 2643 return ret; 2644 2645 ret = add_call_destinations(file); 2646 if (ret) 2647 return ret; 2648 2649 /* 2650 * Must be after add_call_destinations() such that it can override 2651 * dead_end_function() marks. 2652 */ 2653 ret = add_dead_ends(file); 2654 if (ret) 2655 return ret; 2656 2657 ret = add_jump_table_alts(file); 2658 if (ret) 2659 return ret; 2660 2661 ret = read_unwind_hints(file); 2662 if (ret) 2663 return ret; 2664 2665 ret = read_retpoline_hints(file); 2666 if (ret) 2667 return ret; 2668 2669 ret = read_instr_hints(file); 2670 if (ret) 2671 return ret; 2672 2673 ret = read_validate_unret_hints(file); 2674 if (ret) 2675 return ret; 2676 2677 return 0; 2678 } 2679 2680 static bool is_fentry_call(struct instruction *insn) 2681 { 2682 if (insn->type == INSN_CALL && 2683 insn_call_dest(insn) && 2684 insn_call_dest(insn)->fentry) 2685 return true; 2686 2687 return false; 2688 } 2689 2690 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state) 2691 { 2692 struct cfi_state *cfi = &state->cfi; 2693 int i; 2694 2695 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap) 2696 return true; 2697 2698 if (cfi->cfa.offset != initial_func_cfi.cfa.offset) 2699 return true; 2700 2701 if (cfi->stack_size != initial_func_cfi.cfa.offset) 2702 return true; 2703 2704 for (i = 0; i < CFI_NUM_REGS; i++) { 2705 if (cfi->regs[i].base != initial_func_cfi.regs[i].base || 2706 cfi->regs[i].offset != initial_func_cfi.regs[i].offset) 2707 return true; 2708 } 2709 2710 return false; 2711 } 2712 2713 static bool check_reg_frame_pos(const struct cfi_reg *reg, 2714 int expected_offset) 2715 { 2716 return reg->base == CFI_CFA && 2717 reg->offset == expected_offset; 2718 } 2719 2720 static bool has_valid_stack_frame(struct insn_state *state) 2721 { 2722 struct cfi_state *cfi = &state->cfi; 2723 2724 if (cfi->cfa.base == CFI_BP && 2725 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) && 2726 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8)) 2727 return true; 2728 2729 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP) 2730 return true; 2731 2732 return false; 2733 } 2734 2735 static int update_cfi_state_regs(struct instruction *insn, 2736 struct cfi_state *cfi, 2737 struct stack_op *op) 2738 { 2739 struct cfi_reg *cfa = &cfi->cfa; 2740 2741 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) 2742 return 0; 2743 2744 /* push */ 2745 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF) 2746 cfa->offset += 8; 2747 2748 /* pop */ 2749 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF) 2750 cfa->offset -= 8; 2751 2752 /* add immediate to sp */ 2753 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD && 2754 op->dest.reg == CFI_SP && op->src.reg == CFI_SP) 2755 cfa->offset -= op->src.offset; 2756 2757 return 0; 2758 } 2759 2760 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset) 2761 { 2762 if (arch_callee_saved_reg(reg) && 2763 cfi->regs[reg].base == CFI_UNDEFINED) { 2764 cfi->regs[reg].base = base; 2765 cfi->regs[reg].offset = offset; 2766 } 2767 } 2768 2769 static void restore_reg(struct cfi_state *cfi, unsigned char reg) 2770 { 2771 cfi->regs[reg].base = initial_func_cfi.regs[reg].base; 2772 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset; 2773 } 2774 2775 /* 2776 * A note about DRAP stack alignment: 2777 * 2778 * GCC has the concept of a DRAP register, which is used to help keep track of 2779 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP 2780 * register. The typical DRAP pattern is: 2781 * 2782 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10 2783 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp 2784 * 41 ff 72 f8 pushq -0x8(%r10) 2785 * 55 push %rbp 2786 * 48 89 e5 mov %rsp,%rbp 2787 * (more pushes) 2788 * 41 52 push %r10 2789 * ... 2790 * 41 5a pop %r10 2791 * (more pops) 2792 * 5d pop %rbp 2793 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2794 * c3 retq 2795 * 2796 * There are some variations in the epilogues, like: 2797 * 2798 * 5b pop %rbx 2799 * 41 5a pop %r10 2800 * 41 5c pop %r12 2801 * 41 5d pop %r13 2802 * 41 5e pop %r14 2803 * c9 leaveq 2804 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2805 * c3 retq 2806 * 2807 * and: 2808 * 2809 * 4c 8b 55 e8 mov -0x18(%rbp),%r10 2810 * 48 8b 5d e0 mov -0x20(%rbp),%rbx 2811 * 4c 8b 65 f0 mov -0x10(%rbp),%r12 2812 * 4c 8b 6d f8 mov -0x8(%rbp),%r13 2813 * c9 leaveq 2814 * 49 8d 62 f8 lea -0x8(%r10),%rsp 2815 * c3 retq 2816 * 2817 * Sometimes r13 is used as the DRAP register, in which case it's saved and 2818 * restored beforehand: 2819 * 2820 * 41 55 push %r13 2821 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13 2822 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 2823 * ... 2824 * 49 8d 65 f0 lea -0x10(%r13),%rsp 2825 * 41 5d pop %r13 2826 * c3 retq 2827 */ 2828 static int update_cfi_state(struct instruction *insn, 2829 struct instruction *next_insn, 2830 struct cfi_state *cfi, struct stack_op *op) 2831 { 2832 struct cfi_reg *cfa = &cfi->cfa; 2833 struct cfi_reg *regs = cfi->regs; 2834 2835 /* stack operations don't make sense with an undefined CFA */ 2836 if (cfa->base == CFI_UNDEFINED) { 2837 if (insn_func(insn)) { 2838 WARN_INSN(insn, "undefined stack state"); 2839 return -1; 2840 } 2841 return 0; 2842 } 2843 2844 if (cfi->type == UNWIND_HINT_TYPE_REGS || 2845 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL) 2846 return update_cfi_state_regs(insn, cfi, op); 2847 2848 switch (op->dest.type) { 2849 2850 case OP_DEST_REG: 2851 switch (op->src.type) { 2852 2853 case OP_SRC_REG: 2854 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP && 2855 cfa->base == CFI_SP && 2856 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) { 2857 2858 /* mov %rsp, %rbp */ 2859 cfa->base = op->dest.reg; 2860 cfi->bp_scratch = false; 2861 } 2862 2863 else if (op->src.reg == CFI_SP && 2864 op->dest.reg == CFI_BP && cfi->drap) { 2865 2866 /* drap: mov %rsp, %rbp */ 2867 regs[CFI_BP].base = CFI_BP; 2868 regs[CFI_BP].offset = -cfi->stack_size; 2869 cfi->bp_scratch = false; 2870 } 2871 2872 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2873 2874 /* 2875 * mov %rsp, %reg 2876 * 2877 * This is needed for the rare case where GCC 2878 * does: 2879 * 2880 * mov %rsp, %rax 2881 * ... 2882 * mov %rax, %rsp 2883 */ 2884 cfi->vals[op->dest.reg].base = CFI_CFA; 2885 cfi->vals[op->dest.reg].offset = -cfi->stack_size; 2886 } 2887 2888 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP && 2889 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) { 2890 2891 /* 2892 * mov %rbp, %rsp 2893 * 2894 * Restore the original stack pointer (Clang). 2895 */ 2896 cfi->stack_size = -cfi->regs[CFI_BP].offset; 2897 } 2898 2899 else if (op->dest.reg == cfa->base) { 2900 2901 /* mov %reg, %rsp */ 2902 if (cfa->base == CFI_SP && 2903 cfi->vals[op->src.reg].base == CFI_CFA) { 2904 2905 /* 2906 * This is needed for the rare case 2907 * where GCC does something dumb like: 2908 * 2909 * lea 0x8(%rsp), %rcx 2910 * ... 2911 * mov %rcx, %rsp 2912 */ 2913 cfa->offset = -cfi->vals[op->src.reg].offset; 2914 cfi->stack_size = cfa->offset; 2915 2916 } else if (cfa->base == CFI_SP && 2917 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2918 cfi->vals[op->src.reg].offset == cfa->offset) { 2919 2920 /* 2921 * Stack swizzle: 2922 * 2923 * 1: mov %rsp, (%[tos]) 2924 * 2: mov %[tos], %rsp 2925 * ... 2926 * 3: pop %rsp 2927 * 2928 * Where: 2929 * 2930 * 1 - places a pointer to the previous 2931 * stack at the Top-of-Stack of the 2932 * new stack. 2933 * 2934 * 2 - switches to the new stack. 2935 * 2936 * 3 - pops the Top-of-Stack to restore 2937 * the original stack. 2938 * 2939 * Note: we set base to SP_INDIRECT 2940 * here and preserve offset. Therefore 2941 * when the unwinder reaches ToS it 2942 * will dereference SP and then add the 2943 * offset to find the next frame, IOW: 2944 * (%rsp) + offset. 2945 */ 2946 cfa->base = CFI_SP_INDIRECT; 2947 2948 } else { 2949 cfa->base = CFI_UNDEFINED; 2950 cfa->offset = 0; 2951 } 2952 } 2953 2954 else if (op->dest.reg == CFI_SP && 2955 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT && 2956 cfi->vals[op->src.reg].offset == cfa->offset) { 2957 2958 /* 2959 * The same stack swizzle case 2) as above. But 2960 * because we can't change cfa->base, case 3) 2961 * will become a regular POP. Pretend we're a 2962 * PUSH so things don't go unbalanced. 2963 */ 2964 cfi->stack_size += 8; 2965 } 2966 2967 2968 break; 2969 2970 case OP_SRC_ADD: 2971 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) { 2972 2973 /* add imm, %rsp */ 2974 cfi->stack_size -= op->src.offset; 2975 if (cfa->base == CFI_SP) 2976 cfa->offset -= op->src.offset; 2977 break; 2978 } 2979 2980 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) { 2981 2982 /* lea disp(%rbp), %rsp */ 2983 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset); 2984 break; 2985 } 2986 2987 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) { 2988 2989 /* drap: lea disp(%rsp), %drap */ 2990 cfi->drap_reg = op->dest.reg; 2991 2992 /* 2993 * lea disp(%rsp), %reg 2994 * 2995 * This is needed for the rare case where GCC 2996 * does something dumb like: 2997 * 2998 * lea 0x8(%rsp), %rcx 2999 * ... 3000 * mov %rcx, %rsp 3001 */ 3002 cfi->vals[op->dest.reg].base = CFI_CFA; 3003 cfi->vals[op->dest.reg].offset = \ 3004 -cfi->stack_size + op->src.offset; 3005 3006 break; 3007 } 3008 3009 if (cfi->drap && op->dest.reg == CFI_SP && 3010 op->src.reg == cfi->drap_reg) { 3011 3012 /* drap: lea disp(%drap), %rsp */ 3013 cfa->base = CFI_SP; 3014 cfa->offset = cfi->stack_size = -op->src.offset; 3015 cfi->drap_reg = CFI_UNDEFINED; 3016 cfi->drap = false; 3017 break; 3018 } 3019 3020 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) { 3021 WARN_INSN(insn, "unsupported stack register modification"); 3022 return -1; 3023 } 3024 3025 break; 3026 3027 case OP_SRC_AND: 3028 if (op->dest.reg != CFI_SP || 3029 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) || 3030 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) { 3031 WARN_INSN(insn, "unsupported stack pointer realignment"); 3032 return -1; 3033 } 3034 3035 if (cfi->drap_reg != CFI_UNDEFINED) { 3036 /* drap: and imm, %rsp */ 3037 cfa->base = cfi->drap_reg; 3038 cfa->offset = cfi->stack_size = 0; 3039 cfi->drap = true; 3040 } 3041 3042 /* 3043 * Older versions of GCC (4.8ish) realign the stack 3044 * without DRAP, with a frame pointer. 3045 */ 3046 3047 break; 3048 3049 case OP_SRC_POP: 3050 case OP_SRC_POPF: 3051 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) { 3052 3053 /* pop %rsp; # restore from a stack swizzle */ 3054 cfa->base = CFI_SP; 3055 break; 3056 } 3057 3058 if (!cfi->drap && op->dest.reg == cfa->base) { 3059 3060 /* pop %rbp */ 3061 cfa->base = CFI_SP; 3062 } 3063 3064 if (cfi->drap && cfa->base == CFI_BP_INDIRECT && 3065 op->dest.reg == cfi->drap_reg && 3066 cfi->drap_offset == -cfi->stack_size) { 3067 3068 /* drap: pop %drap */ 3069 cfa->base = cfi->drap_reg; 3070 cfa->offset = 0; 3071 cfi->drap_offset = -1; 3072 3073 } else if (cfi->stack_size == -regs[op->dest.reg].offset) { 3074 3075 /* pop %reg */ 3076 restore_reg(cfi, op->dest.reg); 3077 } 3078 3079 cfi->stack_size -= 8; 3080 if (cfa->base == CFI_SP) 3081 cfa->offset -= 8; 3082 3083 break; 3084 3085 case OP_SRC_REG_INDIRECT: 3086 if (!cfi->drap && op->dest.reg == cfa->base && 3087 op->dest.reg == CFI_BP) { 3088 3089 /* mov disp(%rsp), %rbp */ 3090 cfa->base = CFI_SP; 3091 cfa->offset = cfi->stack_size; 3092 } 3093 3094 if (cfi->drap && op->src.reg == CFI_BP && 3095 op->src.offset == cfi->drap_offset) { 3096 3097 /* drap: mov disp(%rbp), %drap */ 3098 cfa->base = cfi->drap_reg; 3099 cfa->offset = 0; 3100 cfi->drap_offset = -1; 3101 } 3102 3103 if (cfi->drap && op->src.reg == CFI_BP && 3104 op->src.offset == regs[op->dest.reg].offset) { 3105 3106 /* drap: mov disp(%rbp), %reg */ 3107 restore_reg(cfi, op->dest.reg); 3108 3109 } else if (op->src.reg == cfa->base && 3110 op->src.offset == regs[op->dest.reg].offset + cfa->offset) { 3111 3112 /* mov disp(%rbp), %reg */ 3113 /* mov disp(%rsp), %reg */ 3114 restore_reg(cfi, op->dest.reg); 3115 3116 } else if (op->src.reg == CFI_SP && 3117 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) { 3118 3119 /* mov disp(%rsp), %reg */ 3120 restore_reg(cfi, op->dest.reg); 3121 } 3122 3123 break; 3124 3125 default: 3126 WARN_INSN(insn, "unknown stack-related instruction"); 3127 return -1; 3128 } 3129 3130 break; 3131 3132 case OP_DEST_PUSH: 3133 case OP_DEST_PUSHF: 3134 cfi->stack_size += 8; 3135 if (cfa->base == CFI_SP) 3136 cfa->offset += 8; 3137 3138 if (op->src.type != OP_SRC_REG) 3139 break; 3140 3141 if (cfi->drap) { 3142 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3143 3144 /* drap: push %drap */ 3145 cfa->base = CFI_BP_INDIRECT; 3146 cfa->offset = -cfi->stack_size; 3147 3148 /* save drap so we know when to restore it */ 3149 cfi->drap_offset = -cfi->stack_size; 3150 3151 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) { 3152 3153 /* drap: push %rbp */ 3154 cfi->stack_size = 0; 3155 3156 } else { 3157 3158 /* drap: push %reg */ 3159 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size); 3160 } 3161 3162 } else { 3163 3164 /* push %reg */ 3165 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size); 3166 } 3167 3168 /* detect when asm code uses rbp as a scratch register */ 3169 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP && 3170 cfa->base != CFI_BP) 3171 cfi->bp_scratch = true; 3172 break; 3173 3174 case OP_DEST_REG_INDIRECT: 3175 3176 if (cfi->drap) { 3177 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) { 3178 3179 /* drap: mov %drap, disp(%rbp) */ 3180 cfa->base = CFI_BP_INDIRECT; 3181 cfa->offset = op->dest.offset; 3182 3183 /* save drap offset so we know when to restore it */ 3184 cfi->drap_offset = op->dest.offset; 3185 } else { 3186 3187 /* drap: mov reg, disp(%rbp) */ 3188 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset); 3189 } 3190 3191 } else if (op->dest.reg == cfa->base) { 3192 3193 /* mov reg, disp(%rbp) */ 3194 /* mov reg, disp(%rsp) */ 3195 save_reg(cfi, op->src.reg, CFI_CFA, 3196 op->dest.offset - cfi->cfa.offset); 3197 3198 } else if (op->dest.reg == CFI_SP) { 3199 3200 /* mov reg, disp(%rsp) */ 3201 save_reg(cfi, op->src.reg, CFI_CFA, 3202 op->dest.offset - cfi->stack_size); 3203 3204 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) { 3205 3206 /* mov %rsp, (%reg); # setup a stack swizzle. */ 3207 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT; 3208 cfi->vals[op->dest.reg].offset = cfa->offset; 3209 } 3210 3211 break; 3212 3213 case OP_DEST_MEM: 3214 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) { 3215 WARN_INSN(insn, "unknown stack-related memory operation"); 3216 return -1; 3217 } 3218 3219 /* pop mem */ 3220 cfi->stack_size -= 8; 3221 if (cfa->base == CFI_SP) 3222 cfa->offset -= 8; 3223 3224 break; 3225 3226 default: 3227 WARN_INSN(insn, "unknown stack-related instruction"); 3228 return -1; 3229 } 3230 3231 return 0; 3232 } 3233 3234 /* 3235 * The stack layouts of alternatives instructions can sometimes diverge when 3236 * they have stack modifications. That's fine as long as the potential stack 3237 * layouts don't conflict at any given potential instruction boundary. 3238 * 3239 * Flatten the CFIs of the different alternative code streams (both original 3240 * and replacement) into a single shared CFI array which can be used to detect 3241 * conflicts and nicely feed a linear array of ORC entries to the unwinder. 3242 */ 3243 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn) 3244 { 3245 struct cfi_state **alt_cfi; 3246 int group_off; 3247 3248 if (!insn->alt_group) 3249 return 0; 3250 3251 if (!insn->cfi) { 3252 WARN("CFI missing"); 3253 return -1; 3254 } 3255 3256 alt_cfi = insn->alt_group->cfi; 3257 group_off = insn->offset - insn->alt_group->first_insn->offset; 3258 3259 if (!alt_cfi[group_off]) { 3260 alt_cfi[group_off] = insn->cfi; 3261 } else { 3262 if (cficmp(alt_cfi[group_off], insn->cfi)) { 3263 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group; 3264 struct instruction *orig = orig_group->first_insn; 3265 char *where = offstr(insn->sec, insn->offset); 3266 WARN_INSN(orig, "stack layout conflict in alternatives: %s", where); 3267 free(where); 3268 return -1; 3269 } 3270 } 3271 3272 return 0; 3273 } 3274 3275 static int handle_insn_ops(struct instruction *insn, 3276 struct instruction *next_insn, 3277 struct insn_state *state) 3278 { 3279 struct stack_op *op; 3280 3281 for (op = insn->stack_ops; op; op = op->next) { 3282 3283 if (update_cfi_state(insn, next_insn, &state->cfi, op)) 3284 return 1; 3285 3286 if (!insn->alt_group) 3287 continue; 3288 3289 if (op->dest.type == OP_DEST_PUSHF) { 3290 if (!state->uaccess_stack) { 3291 state->uaccess_stack = 1; 3292 } else if (state->uaccess_stack >> 31) { 3293 WARN_INSN(insn, "PUSHF stack exhausted"); 3294 return 1; 3295 } 3296 state->uaccess_stack <<= 1; 3297 state->uaccess_stack |= state->uaccess; 3298 } 3299 3300 if (op->src.type == OP_SRC_POPF) { 3301 if (state->uaccess_stack) { 3302 state->uaccess = state->uaccess_stack & 1; 3303 state->uaccess_stack >>= 1; 3304 if (state->uaccess_stack == 1) 3305 state->uaccess_stack = 0; 3306 } 3307 } 3308 } 3309 3310 return 0; 3311 } 3312 3313 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2) 3314 { 3315 struct cfi_state *cfi1 = insn->cfi; 3316 int i; 3317 3318 if (!cfi1) { 3319 WARN("CFI missing"); 3320 return false; 3321 } 3322 3323 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) { 3324 3325 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d", 3326 cfi1->cfa.base, cfi1->cfa.offset, 3327 cfi2->cfa.base, cfi2->cfa.offset); 3328 3329 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) { 3330 for (i = 0; i < CFI_NUM_REGS; i++) { 3331 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i], 3332 sizeof(struct cfi_reg))) 3333 continue; 3334 3335 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d", 3336 i, cfi1->regs[i].base, cfi1->regs[i].offset, 3337 i, cfi2->regs[i].base, cfi2->regs[i].offset); 3338 break; 3339 } 3340 3341 } else if (cfi1->type != cfi2->type) { 3342 3343 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d", 3344 cfi1->type, cfi2->type); 3345 3346 } else if (cfi1->drap != cfi2->drap || 3347 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) || 3348 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) { 3349 3350 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)", 3351 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset, 3352 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset); 3353 3354 } else 3355 return true; 3356 3357 return false; 3358 } 3359 3360 static inline bool func_uaccess_safe(struct symbol *func) 3361 { 3362 if (func) 3363 return func->uaccess_safe; 3364 3365 return false; 3366 } 3367 3368 static inline const char *call_dest_name(struct instruction *insn) 3369 { 3370 static char pvname[19]; 3371 struct reloc *rel; 3372 int idx; 3373 3374 if (insn_call_dest(insn)) 3375 return insn_call_dest(insn)->name; 3376 3377 rel = insn_reloc(NULL, insn); 3378 if (rel && !strcmp(rel->sym->name, "pv_ops")) { 3379 idx = (rel->addend / sizeof(void *)); 3380 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); 3381 return pvname; 3382 } 3383 3384 return "{dynamic}"; 3385 } 3386 3387 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn) 3388 { 3389 struct symbol *target; 3390 struct reloc *rel; 3391 int idx; 3392 3393 rel = insn_reloc(file, insn); 3394 if (!rel || strcmp(rel->sym->name, "pv_ops")) 3395 return false; 3396 3397 idx = (arch_dest_reloc_offset(rel->addend) / sizeof(void *)); 3398 3399 if (file->pv_ops[idx].clean) 3400 return true; 3401 3402 file->pv_ops[idx].clean = true; 3403 3404 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) { 3405 if (!target->sec->noinstr) { 3406 WARN("pv_ops[%d]: %s", idx, target->name); 3407 file->pv_ops[idx].clean = false; 3408 } 3409 } 3410 3411 return file->pv_ops[idx].clean; 3412 } 3413 3414 static inline bool noinstr_call_dest(struct objtool_file *file, 3415 struct instruction *insn, 3416 struct symbol *func) 3417 { 3418 /* 3419 * We can't deal with indirect function calls at present; 3420 * assume they're instrumented. 3421 */ 3422 if (!func) { 3423 if (file->pv_ops) 3424 return pv_call_dest(file, insn); 3425 3426 return false; 3427 } 3428 3429 /* 3430 * If the symbol is from a noinstr section; we good. 3431 */ 3432 if (func->sec->noinstr) 3433 return true; 3434 3435 /* 3436 * If the symbol is a static_call trampoline, we can't tell. 3437 */ 3438 if (func->static_call_tramp) 3439 return true; 3440 3441 /* 3442 * The __ubsan_handle_*() calls are like WARN(), they only happen when 3443 * something 'BAD' happened. At the risk of taking the machine down, 3444 * let them proceed to get the message out. 3445 */ 3446 if (!strncmp(func->name, "__ubsan_handle_", 15)) 3447 return true; 3448 3449 return false; 3450 } 3451 3452 static int validate_call(struct objtool_file *file, 3453 struct instruction *insn, 3454 struct insn_state *state) 3455 { 3456 if (state->noinstr && state->instr <= 0 && 3457 !noinstr_call_dest(file, insn, insn_call_dest(insn))) { 3458 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn)); 3459 return 1; 3460 } 3461 3462 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) { 3463 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn)); 3464 return 1; 3465 } 3466 3467 if (state->df) { 3468 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn)); 3469 return 1; 3470 } 3471 3472 return 0; 3473 } 3474 3475 static int validate_sibling_call(struct objtool_file *file, 3476 struct instruction *insn, 3477 struct insn_state *state) 3478 { 3479 if (insn_func(insn) && has_modified_stack_frame(insn, state)) { 3480 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame"); 3481 return 1; 3482 } 3483 3484 return validate_call(file, insn, state); 3485 } 3486 3487 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state) 3488 { 3489 if (state->noinstr && state->instr > 0) { 3490 WARN_INSN(insn, "return with instrumentation enabled"); 3491 return 1; 3492 } 3493 3494 if (state->uaccess && !func_uaccess_safe(func)) { 3495 WARN_INSN(insn, "return with UACCESS enabled"); 3496 return 1; 3497 } 3498 3499 if (!state->uaccess && func_uaccess_safe(func)) { 3500 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function"); 3501 return 1; 3502 } 3503 3504 if (state->df) { 3505 WARN_INSN(insn, "return with DF set"); 3506 return 1; 3507 } 3508 3509 if (func && has_modified_stack_frame(insn, state)) { 3510 WARN_INSN(insn, "return with modified stack frame"); 3511 return 1; 3512 } 3513 3514 if (state->cfi.bp_scratch) { 3515 WARN_INSN(insn, "BP used as a scratch register"); 3516 return 1; 3517 } 3518 3519 return 0; 3520 } 3521 3522 static struct instruction *next_insn_to_validate(struct objtool_file *file, 3523 struct instruction *insn) 3524 { 3525 struct alt_group *alt_group = insn->alt_group; 3526 3527 /* 3528 * Simulate the fact that alternatives are patched in-place. When the 3529 * end of a replacement alt_group is reached, redirect objtool flow to 3530 * the end of the original alt_group. 3531 * 3532 * insn->alts->insn -> alt_group->first_insn 3533 * ... 3534 * alt_group->last_insn 3535 * [alt_group->nop] -> next(orig_group->last_insn) 3536 */ 3537 if (alt_group) { 3538 if (alt_group->nop) { 3539 /* ->nop implies ->orig_group */ 3540 if (insn == alt_group->last_insn) 3541 return alt_group->nop; 3542 if (insn == alt_group->nop) 3543 goto next_orig; 3544 } 3545 if (insn == alt_group->last_insn && alt_group->orig_group) 3546 goto next_orig; 3547 } 3548 3549 return next_insn_same_sec(file, insn); 3550 3551 next_orig: 3552 return next_insn_same_sec(file, alt_group->orig_group->last_insn); 3553 } 3554 3555 /* 3556 * Follow the branch starting at the given instruction, and recursively follow 3557 * any other branches (jumps). Meanwhile, track the frame pointer state at 3558 * each instruction and validate all the rules described in 3559 * tools/objtool/Documentation/objtool.txt. 3560 */ 3561 static int validate_branch(struct objtool_file *file, struct symbol *func, 3562 struct instruction *insn, struct insn_state state) 3563 { 3564 struct alternative *alt; 3565 struct instruction *next_insn, *prev_insn = NULL; 3566 struct section *sec; 3567 u8 visited; 3568 int ret; 3569 3570 sec = insn->sec; 3571 3572 while (1) { 3573 next_insn = next_insn_to_validate(file, insn); 3574 3575 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) { 3576 /* Ignore KCFI type preambles, which always fall through */ 3577 if (!strncmp(func->name, "__cfi_", 6) || 3578 !strncmp(func->name, "__pfx_", 6)) 3579 return 0; 3580 3581 WARN("%s() falls through to next function %s()", 3582 func->name, insn_func(insn)->name); 3583 return 1; 3584 } 3585 3586 if (func && insn->ignore) { 3587 WARN_INSN(insn, "BUG: why am I validating an ignored function?"); 3588 return 1; 3589 } 3590 3591 visited = VISITED_BRANCH << state.uaccess; 3592 if (insn->visited & VISITED_BRANCH_MASK) { 3593 if (!insn->hint && !insn_cfi_match(insn, &state.cfi)) 3594 return 1; 3595 3596 if (insn->visited & visited) 3597 return 0; 3598 } else { 3599 nr_insns_visited++; 3600 } 3601 3602 if (state.noinstr) 3603 state.instr += insn->instr; 3604 3605 if (insn->hint) { 3606 if (insn->restore) { 3607 struct instruction *save_insn, *i; 3608 3609 i = insn; 3610 save_insn = NULL; 3611 3612 sym_for_each_insn_continue_reverse(file, func, i) { 3613 if (i->save) { 3614 save_insn = i; 3615 break; 3616 } 3617 } 3618 3619 if (!save_insn) { 3620 WARN_INSN(insn, "no corresponding CFI save for CFI restore"); 3621 return 1; 3622 } 3623 3624 if (!save_insn->visited) { 3625 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo"); 3626 return 1; 3627 } 3628 3629 insn->cfi = save_insn->cfi; 3630 nr_cfi_reused++; 3631 } 3632 3633 state.cfi = *insn->cfi; 3634 } else { 3635 /* XXX track if we actually changed state.cfi */ 3636 3637 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) { 3638 insn->cfi = prev_insn->cfi; 3639 nr_cfi_reused++; 3640 } else { 3641 insn->cfi = cfi_hash_find_or_add(&state.cfi); 3642 } 3643 } 3644 3645 insn->visited |= visited; 3646 3647 if (propagate_alt_cfi(file, insn)) 3648 return 1; 3649 3650 if (!insn->ignore_alts && insn->alts) { 3651 bool skip_orig = false; 3652 3653 for (alt = insn->alts; alt; alt = alt->next) { 3654 if (alt->skip_orig) 3655 skip_orig = true; 3656 3657 ret = validate_branch(file, func, alt->insn, state); 3658 if (ret) { 3659 if (opts.backtrace) 3660 BT_FUNC("(alt)", insn); 3661 return ret; 3662 } 3663 } 3664 3665 if (skip_orig) 3666 return 0; 3667 } 3668 3669 if (handle_insn_ops(insn, next_insn, &state)) 3670 return 1; 3671 3672 switch (insn->type) { 3673 3674 case INSN_RETURN: 3675 return validate_return(func, insn, &state); 3676 3677 case INSN_CALL: 3678 case INSN_CALL_DYNAMIC: 3679 ret = validate_call(file, insn, &state); 3680 if (ret) 3681 return ret; 3682 3683 if (opts.stackval && func && !is_fentry_call(insn) && 3684 !has_valid_stack_frame(&state)) { 3685 WARN_INSN(insn, "call without frame pointer save/setup"); 3686 return 1; 3687 } 3688 3689 if (insn->dead_end) 3690 return 0; 3691 3692 break; 3693 3694 case INSN_JUMP_CONDITIONAL: 3695 case INSN_JUMP_UNCONDITIONAL: 3696 if (is_sibling_call(insn)) { 3697 ret = validate_sibling_call(file, insn, &state); 3698 if (ret) 3699 return ret; 3700 3701 } else if (insn->jump_dest) { 3702 ret = validate_branch(file, func, 3703 insn->jump_dest, state); 3704 if (ret) { 3705 if (opts.backtrace) 3706 BT_FUNC("(branch)", insn); 3707 return ret; 3708 } 3709 } 3710 3711 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3712 return 0; 3713 3714 break; 3715 3716 case INSN_JUMP_DYNAMIC: 3717 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3718 if (is_sibling_call(insn)) { 3719 ret = validate_sibling_call(file, insn, &state); 3720 if (ret) 3721 return ret; 3722 } 3723 3724 if (insn->type == INSN_JUMP_DYNAMIC) 3725 return 0; 3726 3727 break; 3728 3729 case INSN_CONTEXT_SWITCH: 3730 if (func && (!next_insn || !next_insn->hint)) { 3731 WARN_INSN(insn, "unsupported instruction in callable function"); 3732 return 1; 3733 } 3734 return 0; 3735 3736 case INSN_STAC: 3737 if (state.uaccess) { 3738 WARN_INSN(insn, "recursive UACCESS enable"); 3739 return 1; 3740 } 3741 3742 state.uaccess = true; 3743 break; 3744 3745 case INSN_CLAC: 3746 if (!state.uaccess && func) { 3747 WARN_INSN(insn, "redundant UACCESS disable"); 3748 return 1; 3749 } 3750 3751 if (func_uaccess_safe(func) && !state.uaccess_stack) { 3752 WARN_INSN(insn, "UACCESS-safe disables UACCESS"); 3753 return 1; 3754 } 3755 3756 state.uaccess = false; 3757 break; 3758 3759 case INSN_STD: 3760 if (state.df) { 3761 WARN_INSN(insn, "recursive STD"); 3762 return 1; 3763 } 3764 3765 state.df = true; 3766 break; 3767 3768 case INSN_CLD: 3769 if (!state.df && func) { 3770 WARN_INSN(insn, "redundant CLD"); 3771 return 1; 3772 } 3773 3774 state.df = false; 3775 break; 3776 3777 default: 3778 break; 3779 } 3780 3781 if (insn->dead_end) 3782 return 0; 3783 3784 if (!next_insn) { 3785 if (state.cfi.cfa.base == CFI_UNDEFINED) 3786 return 0; 3787 WARN("%s: unexpected end of section", sec->name); 3788 return 1; 3789 } 3790 3791 prev_insn = insn; 3792 insn = next_insn; 3793 } 3794 3795 return 0; 3796 } 3797 3798 static int validate_unwind_hint(struct objtool_file *file, 3799 struct instruction *insn, 3800 struct insn_state *state) 3801 { 3802 if (insn->hint && !insn->visited && !insn->ignore) { 3803 int ret = validate_branch(file, insn_func(insn), insn, *state); 3804 if (ret && opts.backtrace) 3805 BT_FUNC("<=== (hint)", insn); 3806 return ret; 3807 } 3808 3809 return 0; 3810 } 3811 3812 static int validate_unwind_hints(struct objtool_file *file, struct section *sec) 3813 { 3814 struct instruction *insn; 3815 struct insn_state state; 3816 int warnings = 0; 3817 3818 if (!file->hints) 3819 return 0; 3820 3821 init_insn_state(file, &state, sec); 3822 3823 if (sec) { 3824 sec_for_each_insn(file, sec, insn) 3825 warnings += validate_unwind_hint(file, insn, &state); 3826 } else { 3827 for_each_insn(file, insn) 3828 warnings += validate_unwind_hint(file, insn, &state); 3829 } 3830 3831 return warnings; 3832 } 3833 3834 /* 3835 * Validate rethunk entry constraint: must untrain RET before the first RET. 3836 * 3837 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes 3838 * before an actual RET instruction. 3839 */ 3840 static int validate_unret(struct objtool_file *file, struct instruction *insn) 3841 { 3842 struct instruction *next, *dest; 3843 int ret, warnings = 0; 3844 3845 for (;;) { 3846 next = next_insn_to_validate(file, insn); 3847 3848 if (insn->visited & VISITED_UNRET) 3849 return 0; 3850 3851 insn->visited |= VISITED_UNRET; 3852 3853 if (!insn->ignore_alts && insn->alts) { 3854 struct alternative *alt; 3855 bool skip_orig = false; 3856 3857 for (alt = insn->alts; alt; alt = alt->next) { 3858 if (alt->skip_orig) 3859 skip_orig = true; 3860 3861 ret = validate_unret(file, alt->insn); 3862 if (ret) { 3863 if (opts.backtrace) 3864 BT_FUNC("(alt)", insn); 3865 return ret; 3866 } 3867 } 3868 3869 if (skip_orig) 3870 return 0; 3871 } 3872 3873 switch (insn->type) { 3874 3875 case INSN_CALL_DYNAMIC: 3876 case INSN_JUMP_DYNAMIC: 3877 case INSN_JUMP_DYNAMIC_CONDITIONAL: 3878 WARN_INSN(insn, "early indirect call"); 3879 return 1; 3880 3881 case INSN_JUMP_UNCONDITIONAL: 3882 case INSN_JUMP_CONDITIONAL: 3883 if (!is_sibling_call(insn)) { 3884 if (!insn->jump_dest) { 3885 WARN_INSN(insn, "unresolved jump target after linking?!?"); 3886 return -1; 3887 } 3888 ret = validate_unret(file, insn->jump_dest); 3889 if (ret) { 3890 if (opts.backtrace) { 3891 BT_FUNC("(branch%s)", insn, 3892 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : ""); 3893 } 3894 return ret; 3895 } 3896 3897 if (insn->type == INSN_JUMP_UNCONDITIONAL) 3898 return 0; 3899 3900 break; 3901 } 3902 3903 /* fallthrough */ 3904 case INSN_CALL: 3905 dest = find_insn(file, insn_call_dest(insn)->sec, 3906 insn_call_dest(insn)->offset); 3907 if (!dest) { 3908 WARN("Unresolved function after linking!?: %s", 3909 insn_call_dest(insn)->name); 3910 return -1; 3911 } 3912 3913 ret = validate_unret(file, dest); 3914 if (ret) { 3915 if (opts.backtrace) 3916 BT_FUNC("(call)", insn); 3917 return ret; 3918 } 3919 /* 3920 * If a call returns without error, it must have seen UNTRAIN_RET. 3921 * Therefore any non-error return is a success. 3922 */ 3923 return 0; 3924 3925 case INSN_RETURN: 3926 WARN_INSN(insn, "RET before UNTRAIN"); 3927 return 1; 3928 3929 case INSN_NOP: 3930 if (insn->retpoline_safe) 3931 return 0; 3932 break; 3933 3934 default: 3935 break; 3936 } 3937 3938 if (!next) { 3939 WARN_INSN(insn, "teh end!"); 3940 return -1; 3941 } 3942 insn = next; 3943 } 3944 3945 return warnings; 3946 } 3947 3948 /* 3949 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter 3950 * VALIDATE_UNRET_END before RET. 3951 */ 3952 static int validate_unrets(struct objtool_file *file) 3953 { 3954 struct instruction *insn; 3955 int ret, warnings = 0; 3956 3957 for_each_insn(file, insn) { 3958 if (!insn->unret) 3959 continue; 3960 3961 ret = validate_unret(file, insn); 3962 if (ret < 0) { 3963 WARN_INSN(insn, "Failed UNRET validation"); 3964 return ret; 3965 } 3966 warnings += ret; 3967 } 3968 3969 return warnings; 3970 } 3971 3972 static int validate_retpoline(struct objtool_file *file) 3973 { 3974 struct instruction *insn; 3975 int warnings = 0; 3976 3977 for_each_insn(file, insn) { 3978 if (insn->type != INSN_JUMP_DYNAMIC && 3979 insn->type != INSN_CALL_DYNAMIC && 3980 insn->type != INSN_RETURN) 3981 continue; 3982 3983 if (insn->retpoline_safe) 3984 continue; 3985 3986 if (insn->sec->init) 3987 continue; 3988 3989 if (insn->type == INSN_RETURN) { 3990 if (opts.rethunk) { 3991 WARN_INSN(insn, "'naked' return found in RETHUNK build"); 3992 } else 3993 continue; 3994 } else { 3995 WARN_INSN(insn, "indirect %s found in RETPOLINE build", 3996 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call"); 3997 } 3998 3999 warnings++; 4000 } 4001 4002 return warnings; 4003 } 4004 4005 static bool is_kasan_insn(struct instruction *insn) 4006 { 4007 return (insn->type == INSN_CALL && 4008 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return")); 4009 } 4010 4011 static bool is_ubsan_insn(struct instruction *insn) 4012 { 4013 return (insn->type == INSN_CALL && 4014 !strcmp(insn_call_dest(insn)->name, 4015 "__ubsan_handle_builtin_unreachable")); 4016 } 4017 4018 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn) 4019 { 4020 int i; 4021 struct instruction *prev_insn; 4022 4023 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP) 4024 return true; 4025 4026 /* 4027 * Ignore alternative replacement instructions. This can happen 4028 * when a whitelisted function uses one of the ALTERNATIVE macros. 4029 */ 4030 if (!strcmp(insn->sec->name, ".altinstr_replacement") || 4031 !strcmp(insn->sec->name, ".altinstr_aux")) 4032 return true; 4033 4034 /* 4035 * Whole archive runs might encounter dead code from weak symbols. 4036 * This is where the linker will have dropped the weak symbol in 4037 * favour of a regular symbol, but leaves the code in place. 4038 * 4039 * In this case we'll find a piece of code (whole function) that is not 4040 * covered by a !section symbol. Ignore them. 4041 */ 4042 if (opts.link && !insn_func(insn)) { 4043 int size = find_symbol_hole_containing(insn->sec, insn->offset); 4044 unsigned long end = insn->offset + size; 4045 4046 if (!size) /* not a hole */ 4047 return false; 4048 4049 if (size < 0) /* hole until the end */ 4050 return true; 4051 4052 sec_for_each_insn_continue(file, insn) { 4053 /* 4054 * If we reach a visited instruction at or before the 4055 * end of the hole, ignore the unreachable. 4056 */ 4057 if (insn->visited) 4058 return true; 4059 4060 if (insn->offset >= end) 4061 break; 4062 4063 /* 4064 * If this hole jumps to a .cold function, mark it ignore too. 4065 */ 4066 if (insn->jump_dest && insn_func(insn->jump_dest) && 4067 strstr(insn_func(insn->jump_dest)->name, ".cold")) { 4068 struct instruction *dest = insn->jump_dest; 4069 func_for_each_insn(file, insn_func(dest), dest) 4070 dest->ignore = true; 4071 } 4072 } 4073 4074 return false; 4075 } 4076 4077 if (!insn_func(insn)) 4078 return false; 4079 4080 if (insn_func(insn)->static_call_tramp) 4081 return true; 4082 4083 /* 4084 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees 4085 * __builtin_unreachable(). The BUG() macro has an unreachable() after 4086 * the UD2, which causes GCC's undefined trap logic to emit another UD2 4087 * (or occasionally a JMP to UD2). 4088 * 4089 * It may also insert a UD2 after calling a __noreturn function. 4090 */ 4091 prev_insn = prev_insn_same_sec(file, insn); 4092 if (prev_insn->dead_end && 4093 (insn->type == INSN_BUG || 4094 (insn->type == INSN_JUMP_UNCONDITIONAL && 4095 insn->jump_dest && insn->jump_dest->type == INSN_BUG))) 4096 return true; 4097 4098 /* 4099 * Check if this (or a subsequent) instruction is related to 4100 * CONFIG_UBSAN or CONFIG_KASAN. 4101 * 4102 * End the search at 5 instructions to avoid going into the weeds. 4103 */ 4104 for (i = 0; i < 5; i++) { 4105 4106 if (is_kasan_insn(insn) || is_ubsan_insn(insn)) 4107 return true; 4108 4109 if (insn->type == INSN_JUMP_UNCONDITIONAL) { 4110 if (insn->jump_dest && 4111 insn_func(insn->jump_dest) == insn_func(insn)) { 4112 insn = insn->jump_dest; 4113 continue; 4114 } 4115 4116 break; 4117 } 4118 4119 if (insn->offset + insn->len >= insn_func(insn)->offset + insn_func(insn)->len) 4120 break; 4121 4122 insn = next_insn_same_sec(file, insn); 4123 } 4124 4125 return false; 4126 } 4127 4128 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func) 4129 { 4130 struct instruction *insn, *prev; 4131 struct cfi_state *cfi; 4132 4133 insn = find_insn(file, func->sec, func->offset); 4134 if (!insn) 4135 return -1; 4136 4137 for (prev = prev_insn_same_sec(file, insn); 4138 prev; 4139 prev = prev_insn_same_sec(file, prev)) { 4140 u64 offset; 4141 4142 if (prev->type != INSN_NOP) 4143 return -1; 4144 4145 offset = func->offset - prev->offset; 4146 4147 if (offset > opts.prefix) 4148 return -1; 4149 4150 if (offset < opts.prefix) 4151 continue; 4152 4153 elf_create_prefix_symbol(file->elf, func, opts.prefix); 4154 break; 4155 } 4156 4157 if (!prev) 4158 return -1; 4159 4160 if (!insn->cfi) { 4161 /* 4162 * This can happen if stack validation isn't enabled or the 4163 * function is annotated with STACK_FRAME_NON_STANDARD. 4164 */ 4165 return 0; 4166 } 4167 4168 /* Propagate insn->cfi to the prefix code */ 4169 cfi = cfi_hash_find_or_add(insn->cfi); 4170 for (; prev != insn; prev = next_insn_same_sec(file, prev)) 4171 prev->cfi = cfi; 4172 4173 return 0; 4174 } 4175 4176 static int add_prefix_symbols(struct objtool_file *file) 4177 { 4178 struct section *sec; 4179 struct symbol *func; 4180 int warnings = 0; 4181 4182 for_each_sec(file, sec) { 4183 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4184 continue; 4185 4186 sec_for_each_sym(sec, func) { 4187 if (func->type != STT_FUNC) 4188 continue; 4189 4190 add_prefix_symbol(file, func); 4191 } 4192 } 4193 4194 return warnings; 4195 } 4196 4197 static int validate_symbol(struct objtool_file *file, struct section *sec, 4198 struct symbol *sym, struct insn_state *state) 4199 { 4200 struct instruction *insn; 4201 int ret; 4202 4203 if (!sym->len) { 4204 WARN("%s() is missing an ELF size annotation", sym->name); 4205 return 1; 4206 } 4207 4208 if (sym->pfunc != sym || sym->alias != sym) 4209 return 0; 4210 4211 insn = find_insn(file, sec, sym->offset); 4212 if (!insn || insn->ignore || insn->visited) 4213 return 0; 4214 4215 state->uaccess = sym->uaccess_safe; 4216 4217 ret = validate_branch(file, insn_func(insn), insn, *state); 4218 if (ret && opts.backtrace) 4219 BT_FUNC("<=== (sym)", insn); 4220 return ret; 4221 } 4222 4223 static int validate_section(struct objtool_file *file, struct section *sec) 4224 { 4225 struct insn_state state; 4226 struct symbol *func; 4227 int warnings = 0; 4228 4229 sec_for_each_sym(sec, func) { 4230 if (func->type != STT_FUNC) 4231 continue; 4232 4233 init_insn_state(file, &state, sec); 4234 set_func_state(&state.cfi); 4235 4236 warnings += validate_symbol(file, sec, func, &state); 4237 } 4238 4239 return warnings; 4240 } 4241 4242 static int validate_noinstr_sections(struct objtool_file *file) 4243 { 4244 struct section *sec; 4245 int warnings = 0; 4246 4247 sec = find_section_by_name(file->elf, ".noinstr.text"); 4248 if (sec) { 4249 warnings += validate_section(file, sec); 4250 warnings += validate_unwind_hints(file, sec); 4251 } 4252 4253 sec = find_section_by_name(file->elf, ".entry.text"); 4254 if (sec) { 4255 warnings += validate_section(file, sec); 4256 warnings += validate_unwind_hints(file, sec); 4257 } 4258 4259 sec = find_section_by_name(file->elf, ".cpuidle.text"); 4260 if (sec) { 4261 warnings += validate_section(file, sec); 4262 warnings += validate_unwind_hints(file, sec); 4263 } 4264 4265 return warnings; 4266 } 4267 4268 static int validate_functions(struct objtool_file *file) 4269 { 4270 struct section *sec; 4271 int warnings = 0; 4272 4273 for_each_sec(file, sec) { 4274 if (!(sec->sh.sh_flags & SHF_EXECINSTR)) 4275 continue; 4276 4277 warnings += validate_section(file, sec); 4278 } 4279 4280 return warnings; 4281 } 4282 4283 static void mark_endbr_used(struct instruction *insn) 4284 { 4285 if (!list_empty(&insn->call_node)) 4286 list_del_init(&insn->call_node); 4287 } 4288 4289 static bool noendbr_range(struct objtool_file *file, struct instruction *insn) 4290 { 4291 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1); 4292 struct instruction *first; 4293 4294 if (!sym) 4295 return false; 4296 4297 first = find_insn(file, sym->sec, sym->offset); 4298 if (!first) 4299 return false; 4300 4301 if (first->type != INSN_ENDBR && !first->noendbr) 4302 return false; 4303 4304 return insn->offset == sym->offset + sym->len; 4305 } 4306 4307 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn) 4308 { 4309 struct instruction *dest; 4310 struct reloc *reloc; 4311 unsigned long off; 4312 int warnings = 0; 4313 4314 /* 4315 * Looking for function pointer load relocations. Ignore 4316 * direct/indirect branches: 4317 */ 4318 switch (insn->type) { 4319 case INSN_CALL: 4320 case INSN_CALL_DYNAMIC: 4321 case INSN_JUMP_CONDITIONAL: 4322 case INSN_JUMP_UNCONDITIONAL: 4323 case INSN_JUMP_DYNAMIC: 4324 case INSN_JUMP_DYNAMIC_CONDITIONAL: 4325 case INSN_RETURN: 4326 case INSN_NOP: 4327 return 0; 4328 default: 4329 break; 4330 } 4331 4332 for (reloc = insn_reloc(file, insn); 4333 reloc; 4334 reloc = find_reloc_by_dest_range(file->elf, insn->sec, 4335 reloc->offset + 1, 4336 (insn->offset + insn->len) - (reloc->offset + 1))) { 4337 4338 /* 4339 * static_call_update() references the trampoline, which 4340 * doesn't have (or need) ENDBR. Skip warning in that case. 4341 */ 4342 if (reloc->sym->static_call_tramp) 4343 continue; 4344 4345 off = reloc->sym->offset; 4346 if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32) 4347 off += arch_dest_reloc_offset(reloc->addend); 4348 else 4349 off += reloc->addend; 4350 4351 dest = find_insn(file, reloc->sym->sec, off); 4352 if (!dest) 4353 continue; 4354 4355 if (dest->type == INSN_ENDBR) { 4356 mark_endbr_used(dest); 4357 continue; 4358 } 4359 4360 if (insn_func(dest) && insn_func(dest) == insn_func(insn)) { 4361 /* 4362 * Anything from->to self is either _THIS_IP_ or 4363 * IRET-to-self. 4364 * 4365 * There is no sane way to annotate _THIS_IP_ since the 4366 * compiler treats the relocation as a constant and is 4367 * happy to fold in offsets, skewing any annotation we 4368 * do, leading to vast amounts of false-positives. 4369 * 4370 * There's also compiler generated _THIS_IP_ through 4371 * KCOV and such which we have no hope of annotating. 4372 * 4373 * As such, blanket accept self-references without 4374 * issue. 4375 */ 4376 continue; 4377 } 4378 4379 /* 4380 * Accept anything ANNOTATE_NOENDBR. 4381 */ 4382 if (dest->noendbr) 4383 continue; 4384 4385 /* 4386 * Accept if this is the instruction after a symbol 4387 * that is (no)endbr -- typical code-range usage. 4388 */ 4389 if (noendbr_range(file, dest)) 4390 continue; 4391 4392 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset)); 4393 4394 warnings++; 4395 } 4396 4397 return warnings; 4398 } 4399 4400 static int validate_ibt_data_reloc(struct objtool_file *file, 4401 struct reloc *reloc) 4402 { 4403 struct instruction *dest; 4404 4405 dest = find_insn(file, reloc->sym->sec, 4406 reloc->sym->offset + reloc->addend); 4407 if (!dest) 4408 return 0; 4409 4410 if (dest->type == INSN_ENDBR) { 4411 mark_endbr_used(dest); 4412 return 0; 4413 } 4414 4415 if (dest->noendbr) 4416 return 0; 4417 4418 WARN_FUNC("data relocation to !ENDBR: %s", 4419 reloc->sec->base, reloc->offset, 4420 offstr(dest->sec, dest->offset)); 4421 4422 return 1; 4423 } 4424 4425 /* 4426 * Validate IBT rules and remove used ENDBR instructions from the seal list. 4427 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with 4428 * NOPs) later, in create_ibt_endbr_seal_sections(). 4429 */ 4430 static int validate_ibt(struct objtool_file *file) 4431 { 4432 struct section *sec; 4433 struct reloc *reloc; 4434 struct instruction *insn; 4435 int warnings = 0; 4436 4437 for_each_insn(file, insn) 4438 warnings += validate_ibt_insn(file, insn); 4439 4440 for_each_sec(file, sec) { 4441 4442 /* Already done by validate_ibt_insn() */ 4443 if (sec->sh.sh_flags & SHF_EXECINSTR) 4444 continue; 4445 4446 if (!sec->reloc) 4447 continue; 4448 4449 /* 4450 * These sections can reference text addresses, but not with 4451 * the intent to indirect branch to them. 4452 */ 4453 if ((!strncmp(sec->name, ".discard", 8) && 4454 strcmp(sec->name, ".discard.ibt_endbr_noseal")) || 4455 !strncmp(sec->name, ".debug", 6) || 4456 !strcmp(sec->name, ".altinstructions") || 4457 !strcmp(sec->name, ".ibt_endbr_seal") || 4458 !strcmp(sec->name, ".orc_unwind_ip") || 4459 !strcmp(sec->name, ".parainstructions") || 4460 !strcmp(sec->name, ".retpoline_sites") || 4461 !strcmp(sec->name, ".smp_locks") || 4462 !strcmp(sec->name, ".static_call_sites") || 4463 !strcmp(sec->name, "_error_injection_whitelist") || 4464 !strcmp(sec->name, "_kprobe_blacklist") || 4465 !strcmp(sec->name, "__bug_table") || 4466 !strcmp(sec->name, "__ex_table") || 4467 !strcmp(sec->name, "__jump_table") || 4468 !strcmp(sec->name, "__mcount_loc") || 4469 !strcmp(sec->name, ".kcfi_traps") || 4470 strstr(sec->name, "__patchable_function_entries")) 4471 continue; 4472 4473 list_for_each_entry(reloc, &sec->reloc->reloc_list, list) 4474 warnings += validate_ibt_data_reloc(file, reloc); 4475 } 4476 4477 return warnings; 4478 } 4479 4480 static int validate_sls(struct objtool_file *file) 4481 { 4482 struct instruction *insn, *next_insn; 4483 int warnings = 0; 4484 4485 for_each_insn(file, insn) { 4486 next_insn = next_insn_same_sec(file, insn); 4487 4488 if (insn->retpoline_safe) 4489 continue; 4490 4491 switch (insn->type) { 4492 case INSN_RETURN: 4493 if (!next_insn || next_insn->type != INSN_TRAP) { 4494 WARN_INSN(insn, "missing int3 after ret"); 4495 warnings++; 4496 } 4497 4498 break; 4499 case INSN_JUMP_DYNAMIC: 4500 if (!next_insn || next_insn->type != INSN_TRAP) { 4501 WARN_INSN(insn, "missing int3 after indirect jump"); 4502 warnings++; 4503 } 4504 break; 4505 default: 4506 break; 4507 } 4508 } 4509 4510 return warnings; 4511 } 4512 4513 static int validate_reachable_instructions(struct objtool_file *file) 4514 { 4515 struct instruction *insn; 4516 4517 if (file->ignore_unreachables) 4518 return 0; 4519 4520 for_each_insn(file, insn) { 4521 if (insn->visited || ignore_unreachable_insn(file, insn)) 4522 continue; 4523 4524 WARN_INSN(insn, "unreachable instruction"); 4525 return 1; 4526 } 4527 4528 return 0; 4529 } 4530 4531 int check(struct objtool_file *file) 4532 { 4533 int ret, warnings = 0; 4534 4535 arch_initial_func_cfi_state(&initial_func_cfi); 4536 init_cfi_state(&init_cfi); 4537 init_cfi_state(&func_cfi); 4538 set_func_state(&func_cfi); 4539 4540 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) 4541 goto out; 4542 4543 cfi_hash_add(&init_cfi); 4544 cfi_hash_add(&func_cfi); 4545 4546 ret = decode_sections(file); 4547 if (ret < 0) 4548 goto out; 4549 4550 warnings += ret; 4551 4552 if (!nr_insns) 4553 goto out; 4554 4555 if (opts.retpoline) { 4556 ret = validate_retpoline(file); 4557 if (ret < 0) 4558 return ret; 4559 warnings += ret; 4560 } 4561 4562 if (opts.stackval || opts.orc || opts.uaccess) { 4563 ret = validate_functions(file); 4564 if (ret < 0) 4565 goto out; 4566 warnings += ret; 4567 4568 ret = validate_unwind_hints(file, NULL); 4569 if (ret < 0) 4570 goto out; 4571 warnings += ret; 4572 4573 if (!warnings) { 4574 ret = validate_reachable_instructions(file); 4575 if (ret < 0) 4576 goto out; 4577 warnings += ret; 4578 } 4579 4580 } else if (opts.noinstr) { 4581 ret = validate_noinstr_sections(file); 4582 if (ret < 0) 4583 goto out; 4584 warnings += ret; 4585 } 4586 4587 if (opts.unret) { 4588 /* 4589 * Must be after validate_branch() and friends, it plays 4590 * further games with insn->visited. 4591 */ 4592 ret = validate_unrets(file); 4593 if (ret < 0) 4594 return ret; 4595 warnings += ret; 4596 } 4597 4598 if (opts.ibt) { 4599 ret = validate_ibt(file); 4600 if (ret < 0) 4601 goto out; 4602 warnings += ret; 4603 } 4604 4605 if (opts.sls) { 4606 ret = validate_sls(file); 4607 if (ret < 0) 4608 goto out; 4609 warnings += ret; 4610 } 4611 4612 if (opts.static_call) { 4613 ret = create_static_call_sections(file); 4614 if (ret < 0) 4615 goto out; 4616 warnings += ret; 4617 } 4618 4619 if (opts.retpoline) { 4620 ret = create_retpoline_sites_sections(file); 4621 if (ret < 0) 4622 goto out; 4623 warnings += ret; 4624 } 4625 4626 if (opts.cfi) { 4627 ret = create_cfi_sections(file); 4628 if (ret < 0) 4629 goto out; 4630 warnings += ret; 4631 } 4632 4633 if (opts.rethunk) { 4634 ret = create_return_sites_sections(file); 4635 if (ret < 0) 4636 goto out; 4637 warnings += ret; 4638 4639 if (opts.hack_skylake) { 4640 ret = create_direct_call_sections(file); 4641 if (ret < 0) 4642 goto out; 4643 warnings += ret; 4644 } 4645 } 4646 4647 if (opts.mcount) { 4648 ret = create_mcount_loc_sections(file); 4649 if (ret < 0) 4650 goto out; 4651 warnings += ret; 4652 } 4653 4654 if (opts.prefix) { 4655 ret = add_prefix_symbols(file); 4656 if (ret < 0) 4657 return ret; 4658 warnings += ret; 4659 } 4660 4661 if (opts.ibt) { 4662 ret = create_ibt_endbr_seal_sections(file); 4663 if (ret < 0) 4664 goto out; 4665 warnings += ret; 4666 } 4667 4668 if (opts.orc && nr_insns) { 4669 ret = orc_create(file); 4670 if (ret < 0) 4671 goto out; 4672 warnings += ret; 4673 } 4674 4675 4676 if (opts.stats) { 4677 printf("nr_insns_visited: %ld\n", nr_insns_visited); 4678 printf("nr_cfi: %ld\n", nr_cfi); 4679 printf("nr_cfi_reused: %ld\n", nr_cfi_reused); 4680 printf("nr_cfi_cache: %ld\n", nr_cfi_cache); 4681 } 4682 4683 out: 4684 /* 4685 * For now, don't fail the kernel build on fatal warnings. These 4686 * errors are still fairly common due to the growing matrix of 4687 * supported toolchains and their recent pace of change. 4688 */ 4689 return 0; 4690 } 4691