]> git.ipfire.org Git - thirdparty/linux.git/blob - tools/objtool/check.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
objtool: Improve reloc naming
[thirdparty/linux.git] / tools / objtool / check.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
4 */
5
6 #include <string.h>
7 #include <stdlib.h>
8 #include <inttypes.h>
9 #include <sys/mman.h>
10
11 #include <arch/elf.h>
12 #include <objtool/builtin.h>
13 #include <objtool/cfi.h>
14 #include <objtool/arch.h>
15 #include <objtool/check.h>
16 #include <objtool/special.h>
17 #include <objtool/warn.h>
18 #include <objtool/endianness.h>
19
20 #include <linux/objtool_types.h>
21 #include <linux/hashtable.h>
22 #include <linux/kernel.h>
23 #include <linux/static_call_types.h>
24
25 struct alternative {
26 struct alternative *next;
27 struct instruction *insn;
28 bool skip_orig;
29 };
30
31 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache;
32
33 static struct cfi_init_state initial_func_cfi;
34 static struct cfi_state init_cfi;
35 static struct cfi_state func_cfi;
36 static struct cfi_state force_undefined_cfi;
37
38 struct instruction *find_insn(struct objtool_file *file,
39 struct section *sec, unsigned long offset)
40 {
41 struct instruction *insn;
42
43 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) {
44 if (insn->sec == sec && insn->offset == offset)
45 return insn;
46 }
47
48 return NULL;
49 }
50
51 struct instruction *next_insn_same_sec(struct objtool_file *file,
52 struct instruction *insn)
53 {
54 if (insn->idx == INSN_CHUNK_MAX)
55 return find_insn(file, insn->sec, insn->offset + insn->len);
56
57 insn++;
58 if (!insn->len)
59 return NULL;
60
61 return insn;
62 }
63
64 static struct instruction *next_insn_same_func(struct objtool_file *file,
65 struct instruction *insn)
66 {
67 struct instruction *next = next_insn_same_sec(file, insn);
68 struct symbol *func = insn_func(insn);
69
70 if (!func)
71 return NULL;
72
73 if (next && insn_func(next) == func)
74 return next;
75
76 /* Check if we're already in the subfunction: */
77 if (func == func->cfunc)
78 return NULL;
79
80 /* Move to the subfunction: */
81 return find_insn(file, func->cfunc->sec, func->cfunc->offset);
82 }
83
84 static struct instruction *prev_insn_same_sec(struct objtool_file *file,
85 struct instruction *insn)
86 {
87 if (insn->idx == 0) {
88 if (insn->prev_len)
89 return find_insn(file, insn->sec, insn->offset - insn->prev_len);
90 return NULL;
91 }
92
93 return insn - 1;
94 }
95
96 static struct instruction *prev_insn_same_sym(struct objtool_file *file,
97 struct instruction *insn)
98 {
99 struct instruction *prev = prev_insn_same_sec(file, insn);
100
101 if (prev && insn_func(prev) == insn_func(insn))
102 return prev;
103
104 return NULL;
105 }
106
107 #define for_each_insn(file, insn) \
108 for (struct section *__sec, *__fake = (struct section *)1; \
109 __fake; __fake = NULL) \
110 for_each_sec(file, __sec) \
111 sec_for_each_insn(file, __sec, insn)
112
113 #define func_for_each_insn(file, func, insn) \
114 for (insn = find_insn(file, func->sec, func->offset); \
115 insn; \
116 insn = next_insn_same_func(file, insn))
117
118 #define sym_for_each_insn(file, sym, insn) \
119 for (insn = find_insn(file, sym->sec, sym->offset); \
120 insn && insn->offset < sym->offset + sym->len; \
121 insn = next_insn_same_sec(file, insn))
122
123 #define sym_for_each_insn_continue_reverse(file, sym, insn) \
124 for (insn = prev_insn_same_sec(file, insn); \
125 insn && insn->offset >= sym->offset; \
126 insn = prev_insn_same_sec(file, insn))
127
128 #define sec_for_each_insn_from(file, insn) \
129 for (; insn; insn = next_insn_same_sec(file, insn))
130
131 #define sec_for_each_insn_continue(file, insn) \
132 for (insn = next_insn_same_sec(file, insn); insn; \
133 insn = next_insn_same_sec(file, insn))
134
135 static inline struct symbol *insn_call_dest(struct instruction *insn)
136 {
137 if (insn->type == INSN_JUMP_DYNAMIC ||
138 insn->type == INSN_CALL_DYNAMIC)
139 return NULL;
140
141 return insn->_call_dest;
142 }
143
144 static inline struct reloc *insn_jump_table(struct instruction *insn)
145 {
146 if (insn->type == INSN_JUMP_DYNAMIC ||
147 insn->type == INSN_CALL_DYNAMIC)
148 return insn->_jump_table;
149
150 return NULL;
151 }
152
153 static bool is_jump_table_jump(struct instruction *insn)
154 {
155 struct alt_group *alt_group = insn->alt_group;
156
157 if (insn_jump_table(insn))
158 return true;
159
160 /* Retpoline alternative for a jump table? */
161 return alt_group && alt_group->orig_group &&
162 insn_jump_table(alt_group->orig_group->first_insn);
163 }
164
165 static bool is_sibling_call(struct instruction *insn)
166 {
167 /*
168 * Assume only STT_FUNC calls have jump-tables.
169 */
170 if (insn_func(insn)) {
171 /* An indirect jump is either a sibling call or a jump to a table. */
172 if (insn->type == INSN_JUMP_DYNAMIC)
173 return !is_jump_table_jump(insn);
174 }
175
176 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */
177 return (is_static_jump(insn) && insn_call_dest(insn));
178 }
179
180 /*
181 * This checks to see if the given function is a "noreturn" function.
182 *
183 * For global functions which are outside the scope of this object file, we
184 * have to keep a manual list of them.
185 *
186 * For local functions, we have to detect them manually by simply looking for
187 * the lack of a return instruction.
188 */
189 static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
190 int recursion)
191 {
192 int i;
193 struct instruction *insn;
194 bool empty = true;
195
196 #define NORETURN(func) __stringify(func),
197 static const char * const global_noreturns[] = {
198 #include "noreturns.h"
199 };
200 #undef NORETURN
201
202 if (!func)
203 return false;
204
205 if (func->bind == STB_GLOBAL || func->bind == STB_WEAK)
206 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
207 if (!strcmp(func->name, global_noreturns[i]))
208 return true;
209
210 if (func->bind == STB_WEAK)
211 return false;
212
213 if (!func->len)
214 return false;
215
216 insn = find_insn(file, func->sec, func->offset);
217 if (!insn || !insn_func(insn))
218 return false;
219
220 func_for_each_insn(file, func, insn) {
221 empty = false;
222
223 if (insn->type == INSN_RETURN)
224 return false;
225 }
226
227 if (empty)
228 return false;
229
230 /*
231 * A function can have a sibling call instead of a return. In that
232 * case, the function's dead-end status depends on whether the target
233 * of the sibling call returns.
234 */
235 func_for_each_insn(file, func, insn) {
236 if (is_sibling_call(insn)) {
237 struct instruction *dest = insn->jump_dest;
238
239 if (!dest)
240 /* sibling call to another file */
241 return false;
242
243 /* local sibling call */
244 if (recursion == 5) {
245 /*
246 * Infinite recursion: two functions have
247 * sibling calls to each other. This is a very
248 * rare case. It means they aren't dead ends.
249 */
250 return false;
251 }
252
253 return __dead_end_function(file, insn_func(dest), recursion+1);
254 }
255 }
256
257 return true;
258 }
259
260 static bool dead_end_function(struct objtool_file *file, struct symbol *func)
261 {
262 return __dead_end_function(file, func, 0);
263 }
264
265 static void init_cfi_state(struct cfi_state *cfi)
266 {
267 int i;
268
269 for (i = 0; i < CFI_NUM_REGS; i++) {
270 cfi->regs[i].base = CFI_UNDEFINED;
271 cfi->vals[i].base = CFI_UNDEFINED;
272 }
273 cfi->cfa.base = CFI_UNDEFINED;
274 cfi->drap_reg = CFI_UNDEFINED;
275 cfi->drap_offset = -1;
276 }
277
278 static void init_insn_state(struct objtool_file *file, struct insn_state *state,
279 struct section *sec)
280 {
281 memset(state, 0, sizeof(*state));
282 init_cfi_state(&state->cfi);
283
284 /*
285 * We need the full vmlinux for noinstr validation, otherwise we can
286 * not correctly determine insn_call_dest(insn)->sec (external symbols
287 * do not have a section).
288 */
289 if (opts.link && opts.noinstr && sec)
290 state->noinstr = sec->noinstr;
291 }
292
293 static struct cfi_state *cfi_alloc(void)
294 {
295 struct cfi_state *cfi = calloc(sizeof(struct cfi_state), 1);
296 if (!cfi) {
297 WARN("calloc failed");
298 exit(1);
299 }
300 nr_cfi++;
301 return cfi;
302 }
303
304 static int cfi_bits;
305 static struct hlist_head *cfi_hash;
306
307 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2)
308 {
309 return memcmp((void *)cfi1 + sizeof(cfi1->hash),
310 (void *)cfi2 + sizeof(cfi2->hash),
311 sizeof(struct cfi_state) - sizeof(struct hlist_node));
312 }
313
314 static inline u32 cfi_key(struct cfi_state *cfi)
315 {
316 return jhash((void *)cfi + sizeof(cfi->hash),
317 sizeof(*cfi) - sizeof(cfi->hash), 0);
318 }
319
320 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi)
321 {
322 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)];
323 struct cfi_state *obj;
324
325 hlist_for_each_entry(obj, head, hash) {
326 if (!cficmp(cfi, obj)) {
327 nr_cfi_cache++;
328 return obj;
329 }
330 }
331
332 obj = cfi_alloc();
333 *obj = *cfi;
334 hlist_add_head(&obj->hash, head);
335
336 return obj;
337 }
338
339 static void cfi_hash_add(struct cfi_state *cfi)
340 {
341 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)];
342
343 hlist_add_head(&cfi->hash, head);
344 }
345
346 static void *cfi_hash_alloc(unsigned long size)
347 {
348 cfi_bits = max(10, ilog2(size));
349 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits,
350 PROT_READ|PROT_WRITE,
351 MAP_PRIVATE|MAP_ANON, -1, 0);
352 if (cfi_hash == (void *)-1L) {
353 WARN("mmap fail cfi_hash");
354 cfi_hash = NULL;
355 } else if (opts.stats) {
356 printf("cfi_bits: %d\n", cfi_bits);
357 }
358
359 return cfi_hash;
360 }
361
362 static unsigned long nr_insns;
363 static unsigned long nr_insns_visited;
364
365 /*
366 * Call the arch-specific instruction decoder for all the instructions and add
367 * them to the global instruction list.
368 */
369 static int decode_instructions(struct objtool_file *file)
370 {
371 struct section *sec;
372 struct symbol *func;
373 unsigned long offset;
374 struct instruction *insn;
375 int ret;
376
377 for_each_sec(file, sec) {
378 struct instruction *insns = NULL;
379 u8 prev_len = 0;
380 u8 idx = 0;
381
382 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
383 continue;
384
385 if (strcmp(sec->name, ".altinstr_replacement") &&
386 strcmp(sec->name, ".altinstr_aux") &&
387 strncmp(sec->name, ".discard.", 9))
388 sec->text = true;
389
390 if (!strcmp(sec->name, ".noinstr.text") ||
391 !strcmp(sec->name, ".entry.text") ||
392 !strcmp(sec->name, ".cpuidle.text") ||
393 !strncmp(sec->name, ".text.__x86.", 12))
394 sec->noinstr = true;
395
396 /*
397 * .init.text code is ran before userspace and thus doesn't
398 * strictly need retpolines, except for modules which are
399 * loaded late, they very much do need retpoline in their
400 * .init.text
401 */
402 if (!strcmp(sec->name, ".init.text") && !opts.module)
403 sec->init = true;
404
405 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) {
406 if (!insns || idx == INSN_CHUNK_MAX) {
407 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE);
408 if (!insns) {
409 WARN("malloc failed");
410 return -1;
411 }
412 idx = 0;
413 } else {
414 idx++;
415 }
416 insn = &insns[idx];
417 insn->idx = idx;
418
419 INIT_LIST_HEAD(&insn->call_node);
420 insn->sec = sec;
421 insn->offset = offset;
422 insn->prev_len = prev_len;
423
424 ret = arch_decode_instruction(file, sec, offset,
425 sec->sh.sh_size - offset,
426 insn);
427 if (ret)
428 return ret;
429
430 prev_len = insn->len;
431
432 /*
433 * By default, "ud2" is a dead end unless otherwise
434 * annotated, because GCC 7 inserts it for certain
435 * divide-by-zero cases.
436 */
437 if (insn->type == INSN_BUG)
438 insn->dead_end = true;
439
440 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset));
441 nr_insns++;
442 }
443
444 // printf("%s: last chunk used: %d\n", sec->name, (int)idx);
445
446 sec_for_each_sym(sec, func) {
447 if (func->type != STT_NOTYPE && func->type != STT_FUNC)
448 continue;
449
450 if (func->offset == sec->sh.sh_size) {
451 /* Heuristic: likely an "end" symbol */
452 if (func->type == STT_NOTYPE)
453 continue;
454 WARN("%s(): STT_FUNC at end of section",
455 func->name);
456 return -1;
457 }
458
459 if (func->return_thunk || func->alias != func)
460 continue;
461
462 if (!find_insn(file, sec, func->offset)) {
463 WARN("%s(): can't find starting instruction",
464 func->name);
465 return -1;
466 }
467
468 sym_for_each_insn(file, func, insn) {
469 insn->sym = func;
470 if (func->type == STT_FUNC &&
471 insn->type == INSN_ENDBR &&
472 list_empty(&insn->call_node)) {
473 if (insn->offset == func->offset) {
474 list_add_tail(&insn->call_node, &file->endbr_list);
475 file->nr_endbr++;
476 } else {
477 file->nr_endbr_int++;
478 }
479 }
480 }
481 }
482 }
483
484 if (opts.stats)
485 printf("nr_insns: %lu\n", nr_insns);
486
487 return 0;
488 }
489
490 /*
491 * Read the pv_ops[] .data table to find the static initialized values.
492 */
493 static int add_pv_ops(struct objtool_file *file, const char *symname)
494 {
495 struct symbol *sym, *func;
496 unsigned long off, end;
497 struct reloc *reloc;
498 int idx;
499
500 sym = find_symbol_by_name(file->elf, symname);
501 if (!sym)
502 return 0;
503
504 off = sym->offset;
505 end = off + sym->len;
506 for (;;) {
507 reloc = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off);
508 if (!reloc)
509 break;
510
511 func = reloc->sym;
512 if (func->type == STT_SECTION)
513 func = find_symbol_by_offset(reloc->sym->sec, reloc->addend);
514
515 idx = (reloc->offset - sym->offset) / sizeof(unsigned long);
516
517 objtool_pv_add(file, idx, func);
518
519 off = reloc->offset + 1;
520 if (off > end)
521 break;
522 }
523
524 return 0;
525 }
526
527 /*
528 * Allocate and initialize file->pv_ops[].
529 */
530 static int init_pv_ops(struct objtool_file *file)
531 {
532 static const char *pv_ops_tables[] = {
533 "pv_ops",
534 "xen_cpu_ops",
535 "xen_irq_ops",
536 "xen_mmu_ops",
537 NULL,
538 };
539 const char *pv_ops;
540 struct symbol *sym;
541 int idx, nr;
542
543 if (!opts.noinstr)
544 return 0;
545
546 file->pv_ops = NULL;
547
548 sym = find_symbol_by_name(file->elf, "pv_ops");
549 if (!sym)
550 return 0;
551
552 nr = sym->len / sizeof(unsigned long);
553 file->pv_ops = calloc(sizeof(struct pv_state), nr);
554 if (!file->pv_ops)
555 return -1;
556
557 for (idx = 0; idx < nr; idx++)
558 INIT_LIST_HEAD(&file->pv_ops[idx].targets);
559
560 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++)
561 add_pv_ops(file, pv_ops);
562
563 return 0;
564 }
565
566 static struct instruction *find_last_insn(struct objtool_file *file,
567 struct section *sec)
568 {
569 struct instruction *insn = NULL;
570 unsigned int offset;
571 unsigned int end = (sec->sh.sh_size > 10) ? sec->sh.sh_size - 10 : 0;
572
573 for (offset = sec->sh.sh_size - 1; offset >= end && !insn; offset--)
574 insn = find_insn(file, sec, offset);
575
576 return insn;
577 }
578
579 /*
580 * Mark "ud2" instructions and manually annotated dead ends.
581 */
582 static int add_dead_ends(struct objtool_file *file)
583 {
584 struct section *rsec;
585 struct reloc *reloc;
586 struct instruction *insn;
587
588 /*
589 * Check for manually annotated dead ends.
590 */
591 rsec = find_section_by_name(file->elf, ".rela.discard.unreachable");
592 if (!rsec)
593 goto reachable;
594
595 list_for_each_entry(reloc, &rsec->reloc_list, list) {
596 if (reloc->sym->type != STT_SECTION) {
597 WARN("unexpected relocation symbol type in %s", rsec->name);
598 return -1;
599 }
600 insn = find_insn(file, reloc->sym->sec, reloc->addend);
601 if (insn)
602 insn = prev_insn_same_sec(file, insn);
603 else if (reloc->addend == reloc->sym->sec->sh.sh_size) {
604 insn = find_last_insn(file, reloc->sym->sec);
605 if (!insn) {
606 WARN("can't find unreachable insn at %s+0x%" PRIx64,
607 reloc->sym->sec->name, reloc->addend);
608 return -1;
609 }
610 } else {
611 WARN("can't find unreachable insn at %s+0x%" PRIx64,
612 reloc->sym->sec->name, reloc->addend);
613 return -1;
614 }
615
616 insn->dead_end = true;
617 }
618
619 reachable:
620 /*
621 * These manually annotated reachable checks are needed for GCC 4.4,
622 * where the Linux unreachable() macro isn't supported. In that case
623 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's
624 * not a dead end.
625 */
626 rsec = find_section_by_name(file->elf, ".rela.discard.reachable");
627 if (!rsec)
628 return 0;
629
630 list_for_each_entry(reloc, &rsec->reloc_list, list) {
631 if (reloc->sym->type != STT_SECTION) {
632 WARN("unexpected relocation symbol type in %s", rsec->name);
633 return -1;
634 }
635 insn = find_insn(file, reloc->sym->sec, reloc->addend);
636 if (insn)
637 insn = prev_insn_same_sec(file, insn);
638 else if (reloc->addend == reloc->sym->sec->sh.sh_size) {
639 insn = find_last_insn(file, reloc->sym->sec);
640 if (!insn) {
641 WARN("can't find reachable insn at %s+0x%" PRIx64,
642 reloc->sym->sec->name, reloc->addend);
643 return -1;
644 }
645 } else {
646 WARN("can't find reachable insn at %s+0x%" PRIx64,
647 reloc->sym->sec->name, reloc->addend);
648 return -1;
649 }
650
651 insn->dead_end = false;
652 }
653
654 return 0;
655 }
656
657 static int create_static_call_sections(struct objtool_file *file)
658 {
659 struct section *sec;
660 struct static_call_site *site;
661 struct instruction *insn;
662 struct symbol *key_sym;
663 char *key_name, *tmp;
664 int idx;
665
666 sec = find_section_by_name(file->elf, ".static_call_sites");
667 if (sec) {
668 INIT_LIST_HEAD(&file->static_call_list);
669 WARN("file already has .static_call_sites section, skipping");
670 return 0;
671 }
672
673 if (list_empty(&file->static_call_list))
674 return 0;
675
676 idx = 0;
677 list_for_each_entry(insn, &file->static_call_list, call_node)
678 idx++;
679
680 sec = elf_create_section(file->elf, ".static_call_sites",
681 sizeof(struct static_call_site), idx);
682 if (!sec)
683 return -1;
684
685 /* Allow modules to set the low bits of static_call_site::key */
686 sec->sh.sh_flags |= SHF_WRITE;
687
688 idx = 0;
689 list_for_each_entry(insn, &file->static_call_list, call_node) {
690
691 site = (struct static_call_site *)sec->data->d_buf + idx;
692 memset(site, 0, sizeof(struct static_call_site));
693
694 /* populate reloc for 'addr' */
695 if (elf_add_reloc_to_insn(file->elf, sec,
696 idx * sizeof(struct static_call_site),
697 R_X86_64_PC32,
698 insn->sec, insn->offset))
699 return -1;
700
701 /* find key symbol */
702 key_name = strdup(insn_call_dest(insn)->name);
703 if (!key_name) {
704 perror("strdup");
705 return -1;
706 }
707 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR,
708 STATIC_CALL_TRAMP_PREFIX_LEN)) {
709 WARN("static_call: trampoline name malformed: %s", key_name);
710 free(key_name);
711 return -1;
712 }
713 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN;
714 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN);
715
716 key_sym = find_symbol_by_name(file->elf, tmp);
717 if (!key_sym) {
718 if (!opts.module) {
719 WARN("static_call: can't find static_call_key symbol: %s", tmp);
720 free(key_name);
721 return -1;
722 }
723
724 /*
725 * For modules(), the key might not be exported, which
726 * means the module can make static calls but isn't
727 * allowed to change them.
728 *
729 * In that case we temporarily set the key to be the
730 * trampoline address. This is fixed up in
731 * static_call_add_module().
732 */
733 key_sym = insn_call_dest(insn);
734 }
735 free(key_name);
736
737 /* populate reloc for 'key' */
738 if (elf_add_reloc(file->elf, sec,
739 idx * sizeof(struct static_call_site) + 4,
740 R_X86_64_PC32, key_sym,
741 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL))
742 return -1;
743
744 idx++;
745 }
746
747 return 0;
748 }
749
750 static int create_retpoline_sites_sections(struct objtool_file *file)
751 {
752 struct instruction *insn;
753 struct section *sec;
754 int idx;
755
756 sec = find_section_by_name(file->elf, ".retpoline_sites");
757 if (sec) {
758 WARN("file already has .retpoline_sites, skipping");
759 return 0;
760 }
761
762 idx = 0;
763 list_for_each_entry(insn, &file->retpoline_call_list, call_node)
764 idx++;
765
766 if (!idx)
767 return 0;
768
769 sec = elf_create_section(file->elf, ".retpoline_sites",
770 sizeof(int), idx);
771 if (!sec) {
772 WARN("elf_create_section: .retpoline_sites");
773 return -1;
774 }
775
776 idx = 0;
777 list_for_each_entry(insn, &file->retpoline_call_list, call_node) {
778
779 int *site = (int *)sec->data->d_buf + idx;
780 *site = 0;
781
782 if (elf_add_reloc_to_insn(file->elf, sec,
783 idx * sizeof(int),
784 R_X86_64_PC32,
785 insn->sec, insn->offset)) {
786 WARN("elf_add_reloc_to_insn: .retpoline_sites");
787 return -1;
788 }
789
790 idx++;
791 }
792
793 return 0;
794 }
795
796 static int create_return_sites_sections(struct objtool_file *file)
797 {
798 struct instruction *insn;
799 struct section *sec;
800 int idx;
801
802 sec = find_section_by_name(file->elf, ".return_sites");
803 if (sec) {
804 WARN("file already has .return_sites, skipping");
805 return 0;
806 }
807
808 idx = 0;
809 list_for_each_entry(insn, &file->return_thunk_list, call_node)
810 idx++;
811
812 if (!idx)
813 return 0;
814
815 sec = elf_create_section(file->elf, ".return_sites",
816 sizeof(int), idx);
817 if (!sec) {
818 WARN("elf_create_section: .return_sites");
819 return -1;
820 }
821
822 idx = 0;
823 list_for_each_entry(insn, &file->return_thunk_list, call_node) {
824
825 int *site = (int *)sec->data->d_buf + idx;
826 *site = 0;
827
828 if (elf_add_reloc_to_insn(file->elf, sec,
829 idx * sizeof(int),
830 R_X86_64_PC32,
831 insn->sec, insn->offset)) {
832 WARN("elf_add_reloc_to_insn: .return_sites");
833 return -1;
834 }
835
836 idx++;
837 }
838
839 return 0;
840 }
841
842 static int create_ibt_endbr_seal_sections(struct objtool_file *file)
843 {
844 struct instruction *insn;
845 struct section *sec;
846 int idx;
847
848 sec = find_section_by_name(file->elf, ".ibt_endbr_seal");
849 if (sec) {
850 WARN("file already has .ibt_endbr_seal, skipping");
851 return 0;
852 }
853
854 idx = 0;
855 list_for_each_entry(insn, &file->endbr_list, call_node)
856 idx++;
857
858 if (opts.stats) {
859 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr);
860 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int);
861 printf("ibt: superfluous ENDBR: %d\n", idx);
862 }
863
864 if (!idx)
865 return 0;
866
867 sec = elf_create_section(file->elf, ".ibt_endbr_seal",
868 sizeof(int), idx);
869 if (!sec) {
870 WARN("elf_create_section: .ibt_endbr_seal");
871 return -1;
872 }
873
874 idx = 0;
875 list_for_each_entry(insn, &file->endbr_list, call_node) {
876
877 int *site = (int *)sec->data->d_buf + idx;
878 struct symbol *sym = insn->sym;
879 *site = 0;
880
881 if (opts.module && sym && sym->type == STT_FUNC &&
882 insn->offset == sym->offset &&
883 (!strcmp(sym->name, "init_module") ||
884 !strcmp(sym->name, "cleanup_module")))
885 WARN("%s(): not an indirect call target", sym->name);
886
887 if (elf_add_reloc_to_insn(file->elf, sec,
888 idx * sizeof(int),
889 R_X86_64_PC32,
890 insn->sec, insn->offset)) {
891 WARN("elf_add_reloc_to_insn: .ibt_endbr_seal");
892 return -1;
893 }
894
895 idx++;
896 }
897
898 return 0;
899 }
900
901 static int create_cfi_sections(struct objtool_file *file)
902 {
903 struct section *sec;
904 struct symbol *sym;
905 unsigned int *loc;
906 int idx;
907
908 sec = find_section_by_name(file->elf, ".cfi_sites");
909 if (sec) {
910 INIT_LIST_HEAD(&file->call_list);
911 WARN("file already has .cfi_sites section, skipping");
912 return 0;
913 }
914
915 idx = 0;
916 for_each_sym(file, sym) {
917 if (sym->type != STT_FUNC)
918 continue;
919
920 if (strncmp(sym->name, "__cfi_", 6))
921 continue;
922
923 idx++;
924 }
925
926 sec = elf_create_section(file->elf, ".cfi_sites", sizeof(unsigned int), idx);
927 if (!sec)
928 return -1;
929
930 idx = 0;
931 for_each_sym(file, sym) {
932 if (sym->type != STT_FUNC)
933 continue;
934
935 if (strncmp(sym->name, "__cfi_", 6))
936 continue;
937
938 loc = (unsigned int *)sec->data->d_buf + idx;
939 memset(loc, 0, sizeof(unsigned int));
940
941 if (elf_add_reloc_to_insn(file->elf, sec,
942 idx * sizeof(unsigned int),
943 R_X86_64_PC32,
944 sym->sec, sym->offset))
945 return -1;
946
947 idx++;
948 }
949
950 return 0;
951 }
952
953 static int create_mcount_loc_sections(struct objtool_file *file)
954 {
955 int addrsize = elf_class_addrsize(file->elf);
956 struct instruction *insn;
957 struct section *sec;
958 int idx;
959
960 sec = find_section_by_name(file->elf, "__mcount_loc");
961 if (sec) {
962 INIT_LIST_HEAD(&file->mcount_loc_list);
963 WARN("file already has __mcount_loc section, skipping");
964 return 0;
965 }
966
967 if (list_empty(&file->mcount_loc_list))
968 return 0;
969
970 idx = 0;
971 list_for_each_entry(insn, &file->mcount_loc_list, call_node)
972 idx++;
973
974 sec = elf_create_section(file->elf, "__mcount_loc", addrsize, idx);
975 if (!sec)
976 return -1;
977
978 sec->sh.sh_addralign = addrsize;
979
980 idx = 0;
981 list_for_each_entry(insn, &file->mcount_loc_list, call_node) {
982 void *loc;
983
984 loc = sec->data->d_buf + idx;
985 memset(loc, 0, addrsize);
986
987 if (elf_add_reloc_to_insn(file->elf, sec, idx,
988 addrsize == sizeof(u64) ? R_ABS64 : R_ABS32,
989 insn->sec, insn->offset))
990 return -1;
991
992 idx += addrsize;
993 }
994
995 return 0;
996 }
997
998 static int create_direct_call_sections(struct objtool_file *file)
999 {
1000 struct instruction *insn;
1001 struct section *sec;
1002 unsigned int *loc;
1003 int idx;
1004
1005 sec = find_section_by_name(file->elf, ".call_sites");
1006 if (sec) {
1007 INIT_LIST_HEAD(&file->call_list);
1008 WARN("file already has .call_sites section, skipping");
1009 return 0;
1010 }
1011
1012 if (list_empty(&file->call_list))
1013 return 0;
1014
1015 idx = 0;
1016 list_for_each_entry(insn, &file->call_list, call_node)
1017 idx++;
1018
1019 sec = elf_create_section(file->elf, ".call_sites", sizeof(unsigned int), idx);
1020 if (!sec)
1021 return -1;
1022
1023 idx = 0;
1024 list_for_each_entry(insn, &file->call_list, call_node) {
1025
1026 loc = (unsigned int *)sec->data->d_buf + idx;
1027 memset(loc, 0, sizeof(unsigned int));
1028
1029 if (elf_add_reloc_to_insn(file->elf, sec,
1030 idx * sizeof(unsigned int),
1031 R_X86_64_PC32,
1032 insn->sec, insn->offset))
1033 return -1;
1034
1035 idx++;
1036 }
1037
1038 return 0;
1039 }
1040
1041 /*
1042 * Warnings shouldn't be reported for ignored functions.
1043 */
1044 static void add_ignores(struct objtool_file *file)
1045 {
1046 struct instruction *insn;
1047 struct section *rsec;
1048 struct symbol *func;
1049 struct reloc *reloc;
1050
1051 rsec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard");
1052 if (!rsec)
1053 return;
1054
1055 list_for_each_entry(reloc, &rsec->reloc_list, list) {
1056 switch (reloc->sym->type) {
1057 case STT_FUNC:
1058 func = reloc->sym;
1059 break;
1060
1061 case STT_SECTION:
1062 func = find_func_by_offset(reloc->sym->sec, reloc->addend);
1063 if (!func)
1064 continue;
1065 break;
1066
1067 default:
1068 WARN("unexpected relocation symbol type in %s: %d",
1069 rsec->name, reloc->sym->type);
1070 continue;
1071 }
1072
1073 func_for_each_insn(file, func, insn)
1074 insn->ignore = true;
1075 }
1076 }
1077
1078 /*
1079 * This is a whitelist of functions that is allowed to be called with AC set.
1080 * The list is meant to be minimal and only contains compiler instrumentation
1081 * ABI and a few functions used to implement *_{to,from}_user() functions.
1082 *
1083 * These functions must not directly change AC, but may PUSHF/POPF.
1084 */
1085 static const char *uaccess_safe_builtin[] = {
1086 /* KASAN */
1087 "kasan_report",
1088 "kasan_check_range",
1089 /* KASAN out-of-line */
1090 "__asan_loadN_noabort",
1091 "__asan_load1_noabort",
1092 "__asan_load2_noabort",
1093 "__asan_load4_noabort",
1094 "__asan_load8_noabort",
1095 "__asan_load16_noabort",
1096 "__asan_storeN_noabort",
1097 "__asan_store1_noabort",
1098 "__asan_store2_noabort",
1099 "__asan_store4_noabort",
1100 "__asan_store8_noabort",
1101 "__asan_store16_noabort",
1102 "__kasan_check_read",
1103 "__kasan_check_write",
1104 /* KASAN in-line */
1105 "__asan_report_load_n_noabort",
1106 "__asan_report_load1_noabort",
1107 "__asan_report_load2_noabort",
1108 "__asan_report_load4_noabort",
1109 "__asan_report_load8_noabort",
1110 "__asan_report_load16_noabort",
1111 "__asan_report_store_n_noabort",
1112 "__asan_report_store1_noabort",
1113 "__asan_report_store2_noabort",
1114 "__asan_report_store4_noabort",
1115 "__asan_report_store8_noabort",
1116 "__asan_report_store16_noabort",
1117 /* KCSAN */
1118 "__kcsan_check_access",
1119 "__kcsan_mb",
1120 "__kcsan_wmb",
1121 "__kcsan_rmb",
1122 "__kcsan_release",
1123 "kcsan_found_watchpoint",
1124 "kcsan_setup_watchpoint",
1125 "kcsan_check_scoped_accesses",
1126 "kcsan_disable_current",
1127 "kcsan_enable_current_nowarn",
1128 /* KCSAN/TSAN */
1129 "__tsan_func_entry",
1130 "__tsan_func_exit",
1131 "__tsan_read_range",
1132 "__tsan_write_range",
1133 "__tsan_read1",
1134 "__tsan_read2",
1135 "__tsan_read4",
1136 "__tsan_read8",
1137 "__tsan_read16",
1138 "__tsan_write1",
1139 "__tsan_write2",
1140 "__tsan_write4",
1141 "__tsan_write8",
1142 "__tsan_write16",
1143 "__tsan_read_write1",
1144 "__tsan_read_write2",
1145 "__tsan_read_write4",
1146 "__tsan_read_write8",
1147 "__tsan_read_write16",
1148 "__tsan_volatile_read1",
1149 "__tsan_volatile_read2",
1150 "__tsan_volatile_read4",
1151 "__tsan_volatile_read8",
1152 "__tsan_volatile_read16",
1153 "__tsan_volatile_write1",
1154 "__tsan_volatile_write2",
1155 "__tsan_volatile_write4",
1156 "__tsan_volatile_write8",
1157 "__tsan_volatile_write16",
1158 "__tsan_atomic8_load",
1159 "__tsan_atomic16_load",
1160 "__tsan_atomic32_load",
1161 "__tsan_atomic64_load",
1162 "__tsan_atomic8_store",
1163 "__tsan_atomic16_store",
1164 "__tsan_atomic32_store",
1165 "__tsan_atomic64_store",
1166 "__tsan_atomic8_exchange",
1167 "__tsan_atomic16_exchange",
1168 "__tsan_atomic32_exchange",
1169 "__tsan_atomic64_exchange",
1170 "__tsan_atomic8_fetch_add",
1171 "__tsan_atomic16_fetch_add",
1172 "__tsan_atomic32_fetch_add",
1173 "__tsan_atomic64_fetch_add",
1174 "__tsan_atomic8_fetch_sub",
1175 "__tsan_atomic16_fetch_sub",
1176 "__tsan_atomic32_fetch_sub",
1177 "__tsan_atomic64_fetch_sub",
1178 "__tsan_atomic8_fetch_and",
1179 "__tsan_atomic16_fetch_and",
1180 "__tsan_atomic32_fetch_and",
1181 "__tsan_atomic64_fetch_and",
1182 "__tsan_atomic8_fetch_or",
1183 "__tsan_atomic16_fetch_or",
1184 "__tsan_atomic32_fetch_or",
1185 "__tsan_atomic64_fetch_or",
1186 "__tsan_atomic8_fetch_xor",
1187 "__tsan_atomic16_fetch_xor",
1188 "__tsan_atomic32_fetch_xor",
1189 "__tsan_atomic64_fetch_xor",
1190 "__tsan_atomic8_fetch_nand",
1191 "__tsan_atomic16_fetch_nand",
1192 "__tsan_atomic32_fetch_nand",
1193 "__tsan_atomic64_fetch_nand",
1194 "__tsan_atomic8_compare_exchange_strong",
1195 "__tsan_atomic16_compare_exchange_strong",
1196 "__tsan_atomic32_compare_exchange_strong",
1197 "__tsan_atomic64_compare_exchange_strong",
1198 "__tsan_atomic8_compare_exchange_weak",
1199 "__tsan_atomic16_compare_exchange_weak",
1200 "__tsan_atomic32_compare_exchange_weak",
1201 "__tsan_atomic64_compare_exchange_weak",
1202 "__tsan_atomic8_compare_exchange_val",
1203 "__tsan_atomic16_compare_exchange_val",
1204 "__tsan_atomic32_compare_exchange_val",
1205 "__tsan_atomic64_compare_exchange_val",
1206 "__tsan_atomic_thread_fence",
1207 "__tsan_atomic_signal_fence",
1208 "__tsan_unaligned_read16",
1209 "__tsan_unaligned_write16",
1210 /* KCOV */
1211 "write_comp_data",
1212 "check_kcov_mode",
1213 "__sanitizer_cov_trace_pc",
1214 "__sanitizer_cov_trace_const_cmp1",
1215 "__sanitizer_cov_trace_const_cmp2",
1216 "__sanitizer_cov_trace_const_cmp4",
1217 "__sanitizer_cov_trace_const_cmp8",
1218 "__sanitizer_cov_trace_cmp1",
1219 "__sanitizer_cov_trace_cmp2",
1220 "__sanitizer_cov_trace_cmp4",
1221 "__sanitizer_cov_trace_cmp8",
1222 "__sanitizer_cov_trace_switch",
1223 /* KMSAN */
1224 "kmsan_copy_to_user",
1225 "kmsan_report",
1226 "kmsan_unpoison_entry_regs",
1227 "kmsan_unpoison_memory",
1228 "__msan_chain_origin",
1229 "__msan_get_context_state",
1230 "__msan_instrument_asm_store",
1231 "__msan_metadata_ptr_for_load_1",
1232 "__msan_metadata_ptr_for_load_2",
1233 "__msan_metadata_ptr_for_load_4",
1234 "__msan_metadata_ptr_for_load_8",
1235 "__msan_metadata_ptr_for_load_n",
1236 "__msan_metadata_ptr_for_store_1",
1237 "__msan_metadata_ptr_for_store_2",
1238 "__msan_metadata_ptr_for_store_4",
1239 "__msan_metadata_ptr_for_store_8",
1240 "__msan_metadata_ptr_for_store_n",
1241 "__msan_poison_alloca",
1242 "__msan_warning",
1243 /* UBSAN */
1244 "ubsan_type_mismatch_common",
1245 "__ubsan_handle_type_mismatch",
1246 "__ubsan_handle_type_mismatch_v1",
1247 "__ubsan_handle_shift_out_of_bounds",
1248 "__ubsan_handle_load_invalid_value",
1249 /* STACKLEAK */
1250 "stackleak_track_stack",
1251 /* misc */
1252 "csum_partial_copy_generic",
1253 "copy_mc_fragile",
1254 "copy_mc_fragile_handle_tail",
1255 "copy_mc_enhanced_fast_string",
1256 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */
1257 "rep_stos_alternative",
1258 "rep_movs_alternative",
1259 "__copy_user_nocache",
1260 NULL
1261 };
1262
1263 static void add_uaccess_safe(struct objtool_file *file)
1264 {
1265 struct symbol *func;
1266 const char **name;
1267
1268 if (!opts.uaccess)
1269 return;
1270
1271 for (name = uaccess_safe_builtin; *name; name++) {
1272 func = find_symbol_by_name(file->elf, *name);
1273 if (!func)
1274 continue;
1275
1276 func->uaccess_safe = true;
1277 }
1278 }
1279
1280 /*
1281 * FIXME: For now, just ignore any alternatives which add retpolines. This is
1282 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline.
1283 * But it at least allows objtool to understand the control flow *around* the
1284 * retpoline.
1285 */
1286 static int add_ignore_alternatives(struct objtool_file *file)
1287 {
1288 struct section *rsec;
1289 struct reloc *reloc;
1290 struct instruction *insn;
1291
1292 rsec = find_section_by_name(file->elf, ".rela.discard.ignore_alts");
1293 if (!rsec)
1294 return 0;
1295
1296 list_for_each_entry(reloc, &rsec->reloc_list, list) {
1297 if (reloc->sym->type != STT_SECTION) {
1298 WARN("unexpected relocation symbol type in %s", rsec->name);
1299 return -1;
1300 }
1301
1302 insn = find_insn(file, reloc->sym->sec, reloc->addend);
1303 if (!insn) {
1304 WARN("bad .discard.ignore_alts entry");
1305 return -1;
1306 }
1307
1308 insn->ignore_alts = true;
1309 }
1310
1311 return 0;
1312 }
1313
1314 __weak bool arch_is_retpoline(struct symbol *sym)
1315 {
1316 return false;
1317 }
1318
1319 __weak bool arch_is_rethunk(struct symbol *sym)
1320 {
1321 return false;
1322 }
1323
1324 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn)
1325 {
1326 struct reloc *reloc;
1327
1328 if (insn->no_reloc)
1329 return NULL;
1330
1331 if (!file)
1332 return NULL;
1333
1334 reloc = find_reloc_by_dest_range(file->elf, insn->sec,
1335 insn->offset, insn->len);
1336 if (!reloc) {
1337 insn->no_reloc = 1;
1338 return NULL;
1339 }
1340
1341 return reloc;
1342 }
1343
1344 static void remove_insn_ops(struct instruction *insn)
1345 {
1346 struct stack_op *op, *next;
1347
1348 for (op = insn->stack_ops; op; op = next) {
1349 next = op->next;
1350 free(op);
1351 }
1352 insn->stack_ops = NULL;
1353 }
1354
1355 static void annotate_call_site(struct objtool_file *file,
1356 struct instruction *insn, bool sibling)
1357 {
1358 struct reloc *reloc = insn_reloc(file, insn);
1359 struct symbol *sym = insn_call_dest(insn);
1360
1361 if (!sym)
1362 sym = reloc->sym;
1363
1364 /*
1365 * Alternative replacement code is just template code which is
1366 * sometimes copied to the original instruction. For now, don't
1367 * annotate it. (In the future we might consider annotating the
1368 * original instruction if/when it ever makes sense to do so.)
1369 */
1370 if (!strcmp(insn->sec->name, ".altinstr_replacement"))
1371 return;
1372
1373 if (sym->static_call_tramp) {
1374 list_add_tail(&insn->call_node, &file->static_call_list);
1375 return;
1376 }
1377
1378 if (sym->retpoline_thunk) {
1379 list_add_tail(&insn->call_node, &file->retpoline_call_list);
1380 return;
1381 }
1382
1383 /*
1384 * Many compilers cannot disable KCOV or sanitizer calls with a function
1385 * attribute so they need a little help, NOP out any such calls from
1386 * noinstr text.
1387 */
1388 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) {
1389 if (reloc) {
1390 reloc->type = R_NONE;
1391 elf_write_reloc(file->elf, reloc);
1392 }
1393
1394 elf_write_insn(file->elf, insn->sec,
1395 insn->offset, insn->len,
1396 sibling ? arch_ret_insn(insn->len)
1397 : arch_nop_insn(insn->len));
1398
1399 insn->type = sibling ? INSN_RETURN : INSN_NOP;
1400
1401 if (sibling) {
1402 /*
1403 * We've replaced the tail-call JMP insn by two new
1404 * insn: RET; INT3, except we only have a single struct
1405 * insn here. Mark it retpoline_safe to avoid the SLS
1406 * warning, instead of adding another insn.
1407 */
1408 insn->retpoline_safe = true;
1409 }
1410
1411 return;
1412 }
1413
1414 if (opts.mcount && sym->fentry) {
1415 if (sibling)
1416 WARN_INSN(insn, "tail call to __fentry__ !?!?");
1417 if (opts.mnop) {
1418 if (reloc) {
1419 reloc->type = R_NONE;
1420 elf_write_reloc(file->elf, reloc);
1421 }
1422
1423 elf_write_insn(file->elf, insn->sec,
1424 insn->offset, insn->len,
1425 arch_nop_insn(insn->len));
1426
1427 insn->type = INSN_NOP;
1428 }
1429
1430 list_add_tail(&insn->call_node, &file->mcount_loc_list);
1431 return;
1432 }
1433
1434 if (insn->type == INSN_CALL && !insn->sec->init)
1435 list_add_tail(&insn->call_node, &file->call_list);
1436
1437 if (!sibling && dead_end_function(file, sym))
1438 insn->dead_end = true;
1439 }
1440
1441 static void add_call_dest(struct objtool_file *file, struct instruction *insn,
1442 struct symbol *dest, bool sibling)
1443 {
1444 insn->_call_dest = dest;
1445 if (!dest)
1446 return;
1447
1448 /*
1449 * Whatever stack impact regular CALLs have, should be undone
1450 * by the RETURN of the called function.
1451 *
1452 * Annotated intra-function calls retain the stack_ops but
1453 * are converted to JUMP, see read_intra_function_calls().
1454 */
1455 remove_insn_ops(insn);
1456
1457 annotate_call_site(file, insn, sibling);
1458 }
1459
1460 static void add_retpoline_call(struct objtool_file *file, struct instruction *insn)
1461 {
1462 /*
1463 * Retpoline calls/jumps are really dynamic calls/jumps in disguise,
1464 * so convert them accordingly.
1465 */
1466 switch (insn->type) {
1467 case INSN_CALL:
1468 insn->type = INSN_CALL_DYNAMIC;
1469 break;
1470 case INSN_JUMP_UNCONDITIONAL:
1471 insn->type = INSN_JUMP_DYNAMIC;
1472 break;
1473 case INSN_JUMP_CONDITIONAL:
1474 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL;
1475 break;
1476 default:
1477 return;
1478 }
1479
1480 insn->retpoline_safe = true;
1481
1482 /*
1483 * Whatever stack impact regular CALLs have, should be undone
1484 * by the RETURN of the called function.
1485 *
1486 * Annotated intra-function calls retain the stack_ops but
1487 * are converted to JUMP, see read_intra_function_calls().
1488 */
1489 remove_insn_ops(insn);
1490
1491 annotate_call_site(file, insn, false);
1492 }
1493
1494 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add)
1495 {
1496 /*
1497 * Return thunk tail calls are really just returns in disguise,
1498 * so convert them accordingly.
1499 */
1500 insn->type = INSN_RETURN;
1501 insn->retpoline_safe = true;
1502
1503 if (add)
1504 list_add_tail(&insn->call_node, &file->return_thunk_list);
1505 }
1506
1507 static bool is_first_func_insn(struct objtool_file *file,
1508 struct instruction *insn, struct symbol *sym)
1509 {
1510 if (insn->offset == sym->offset)
1511 return true;
1512
1513 /* Allow direct CALL/JMP past ENDBR */
1514 if (opts.ibt) {
1515 struct instruction *prev = prev_insn_same_sym(file, insn);
1516
1517 if (prev && prev->type == INSN_ENDBR &&
1518 insn->offset == sym->offset + prev->len)
1519 return true;
1520 }
1521
1522 return false;
1523 }
1524
1525 /*
1526 * A sibling call is a tail-call to another symbol -- to differentiate from a
1527 * recursive tail-call which is to the same symbol.
1528 */
1529 static bool jump_is_sibling_call(struct objtool_file *file,
1530 struct instruction *from, struct instruction *to)
1531 {
1532 struct symbol *fs = from->sym;
1533 struct symbol *ts = to->sym;
1534
1535 /* Not a sibling call if from/to a symbol hole */
1536 if (!fs || !ts)
1537 return false;
1538
1539 /* Not a sibling call if not targeting the start of a symbol. */
1540 if (!is_first_func_insn(file, to, ts))
1541 return false;
1542
1543 /* Disallow sibling calls into STT_NOTYPE */
1544 if (ts->type == STT_NOTYPE)
1545 return false;
1546
1547 /* Must not be self to be a sibling */
1548 return fs->pfunc != ts->pfunc;
1549 }
1550
1551 /*
1552 * Find the destination instructions for all jumps.
1553 */
1554 static int add_jump_destinations(struct objtool_file *file)
1555 {
1556 struct instruction *insn, *jump_dest;
1557 struct reloc *reloc;
1558 struct section *dest_sec;
1559 unsigned long dest_off;
1560
1561 for_each_insn(file, insn) {
1562 if (insn->jump_dest) {
1563 /*
1564 * handle_group_alt() may have previously set
1565 * 'jump_dest' for some alternatives.
1566 */
1567 continue;
1568 }
1569 if (!is_static_jump(insn))
1570 continue;
1571
1572 reloc = insn_reloc(file, insn);
1573 if (!reloc) {
1574 dest_sec = insn->sec;
1575 dest_off = arch_jump_destination(insn);
1576 } else if (reloc->sym->type == STT_SECTION) {
1577 dest_sec = reloc->sym->sec;
1578 dest_off = arch_dest_reloc_offset(reloc->addend);
1579 } else if (reloc->sym->retpoline_thunk) {
1580 add_retpoline_call(file, insn);
1581 continue;
1582 } else if (reloc->sym->return_thunk) {
1583 add_return_call(file, insn, true);
1584 continue;
1585 } else if (insn_func(insn)) {
1586 /*
1587 * External sibling call or internal sibling call with
1588 * STT_FUNC reloc.
1589 */
1590 add_call_dest(file, insn, reloc->sym, true);
1591 continue;
1592 } else if (reloc->sym->sec->idx) {
1593 dest_sec = reloc->sym->sec;
1594 dest_off = reloc->sym->sym.st_value +
1595 arch_dest_reloc_offset(reloc->addend);
1596 } else {
1597 /* non-func asm code jumping to another file */
1598 continue;
1599 }
1600
1601 jump_dest = find_insn(file, dest_sec, dest_off);
1602 if (!jump_dest) {
1603 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off);
1604
1605 /*
1606 * This is a special case for zen_untrain_ret().
1607 * It jumps to __x86_return_thunk(), but objtool
1608 * can't find the thunk's starting RET
1609 * instruction, because the RET is also in the
1610 * middle of another instruction. Objtool only
1611 * knows about the outer instruction.
1612 */
1613 if (sym && sym->return_thunk) {
1614 add_return_call(file, insn, false);
1615 continue;
1616 }
1617
1618 WARN_INSN(insn, "can't find jump dest instruction at %s+0x%lx",
1619 dest_sec->name, dest_off);
1620 return -1;
1621 }
1622
1623 /*
1624 * Cross-function jump.
1625 */
1626 if (insn_func(insn) && insn_func(jump_dest) &&
1627 insn_func(insn) != insn_func(jump_dest)) {
1628
1629 /*
1630 * For GCC 8+, create parent/child links for any cold
1631 * subfunctions. This is _mostly_ redundant with a
1632 * similar initialization in read_symbols().
1633 *
1634 * If a function has aliases, we want the *first* such
1635 * function in the symbol table to be the subfunction's
1636 * parent. In that case we overwrite the
1637 * initialization done in read_symbols().
1638 *
1639 * However this code can't completely replace the
1640 * read_symbols() code because this doesn't detect the
1641 * case where the parent function's only reference to a
1642 * subfunction is through a jump table.
1643 */
1644 if (!strstr(insn_func(insn)->name, ".cold") &&
1645 strstr(insn_func(jump_dest)->name, ".cold")) {
1646 insn_func(insn)->cfunc = insn_func(jump_dest);
1647 insn_func(jump_dest)->pfunc = insn_func(insn);
1648 }
1649 }
1650
1651 if (jump_is_sibling_call(file, insn, jump_dest)) {
1652 /*
1653 * Internal sibling call without reloc or with
1654 * STT_SECTION reloc.
1655 */
1656 add_call_dest(file, insn, insn_func(jump_dest), true);
1657 continue;
1658 }
1659
1660 insn->jump_dest = jump_dest;
1661 }
1662
1663 return 0;
1664 }
1665
1666 static struct symbol *find_call_destination(struct section *sec, unsigned long offset)
1667 {
1668 struct symbol *call_dest;
1669
1670 call_dest = find_func_by_offset(sec, offset);
1671 if (!call_dest)
1672 call_dest = find_symbol_by_offset(sec, offset);
1673
1674 return call_dest;
1675 }
1676
1677 /*
1678 * Find the destination instructions for all calls.
1679 */
1680 static int add_call_destinations(struct objtool_file *file)
1681 {
1682 struct instruction *insn;
1683 unsigned long dest_off;
1684 struct symbol *dest;
1685 struct reloc *reloc;
1686
1687 for_each_insn(file, insn) {
1688 if (insn->type != INSN_CALL)
1689 continue;
1690
1691 reloc = insn_reloc(file, insn);
1692 if (!reloc) {
1693 dest_off = arch_jump_destination(insn);
1694 dest = find_call_destination(insn->sec, dest_off);
1695
1696 add_call_dest(file, insn, dest, false);
1697
1698 if (insn->ignore)
1699 continue;
1700
1701 if (!insn_call_dest(insn)) {
1702 WARN_INSN(insn, "unannotated intra-function call");
1703 return -1;
1704 }
1705
1706 if (insn_func(insn) && insn_call_dest(insn)->type != STT_FUNC) {
1707 WARN_INSN(insn, "unsupported call to non-function");
1708 return -1;
1709 }
1710
1711 } else if (reloc->sym->type == STT_SECTION) {
1712 dest_off = arch_dest_reloc_offset(reloc->addend);
1713 dest = find_call_destination(reloc->sym->sec, dest_off);
1714 if (!dest) {
1715 WARN_INSN(insn, "can't find call dest symbol at %s+0x%lx",
1716 reloc->sym->sec->name, dest_off);
1717 return -1;
1718 }
1719
1720 add_call_dest(file, insn, dest, false);
1721
1722 } else if (reloc->sym->retpoline_thunk) {
1723 add_retpoline_call(file, insn);
1724
1725 } else
1726 add_call_dest(file, insn, reloc->sym, false);
1727 }
1728
1729 return 0;
1730 }
1731
1732 /*
1733 * The .alternatives section requires some extra special care over and above
1734 * other special sections because alternatives are patched in place.
1735 */
1736 static int handle_group_alt(struct objtool_file *file,
1737 struct special_alt *special_alt,
1738 struct instruction *orig_insn,
1739 struct instruction **new_insn)
1740 {
1741 struct instruction *last_new_insn = NULL, *insn, *nop = NULL;
1742 struct alt_group *orig_alt_group, *new_alt_group;
1743 unsigned long dest_off;
1744
1745 orig_alt_group = orig_insn->alt_group;
1746 if (!orig_alt_group) {
1747 struct instruction *last_orig_insn = NULL;
1748
1749 orig_alt_group = malloc(sizeof(*orig_alt_group));
1750 if (!orig_alt_group) {
1751 WARN("malloc failed");
1752 return -1;
1753 }
1754 orig_alt_group->cfi = calloc(special_alt->orig_len,
1755 sizeof(struct cfi_state *));
1756 if (!orig_alt_group->cfi) {
1757 WARN("calloc failed");
1758 return -1;
1759 }
1760
1761 insn = orig_insn;
1762 sec_for_each_insn_from(file, insn) {
1763 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
1764 break;
1765
1766 insn->alt_group = orig_alt_group;
1767 last_orig_insn = insn;
1768 }
1769 orig_alt_group->orig_group = NULL;
1770 orig_alt_group->first_insn = orig_insn;
1771 orig_alt_group->last_insn = last_orig_insn;
1772 orig_alt_group->nop = NULL;
1773 } else {
1774 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len -
1775 orig_alt_group->first_insn->offset != special_alt->orig_len) {
1776 WARN_INSN(orig_insn, "weirdly overlapping alternative! %ld != %d",
1777 orig_alt_group->last_insn->offset +
1778 orig_alt_group->last_insn->len -
1779 orig_alt_group->first_insn->offset,
1780 special_alt->orig_len);
1781 return -1;
1782 }
1783 }
1784
1785 new_alt_group = malloc(sizeof(*new_alt_group));
1786 if (!new_alt_group) {
1787 WARN("malloc failed");
1788 return -1;
1789 }
1790
1791 if (special_alt->new_len < special_alt->orig_len) {
1792 /*
1793 * Insert a fake nop at the end to make the replacement
1794 * alt_group the same size as the original. This is needed to
1795 * allow propagate_alt_cfi() to do its magic. When the last
1796 * instruction affects the stack, the instruction after it (the
1797 * nop) will propagate the new state to the shared CFI array.
1798 */
1799 nop = malloc(sizeof(*nop));
1800 if (!nop) {
1801 WARN("malloc failed");
1802 return -1;
1803 }
1804 memset(nop, 0, sizeof(*nop));
1805
1806 nop->sec = special_alt->new_sec;
1807 nop->offset = special_alt->new_off + special_alt->new_len;
1808 nop->len = special_alt->orig_len - special_alt->new_len;
1809 nop->type = INSN_NOP;
1810 nop->sym = orig_insn->sym;
1811 nop->alt_group = new_alt_group;
1812 nop->ignore = orig_insn->ignore_alts;
1813 }
1814
1815 if (!special_alt->new_len) {
1816 *new_insn = nop;
1817 goto end;
1818 }
1819
1820 insn = *new_insn;
1821 sec_for_each_insn_from(file, insn) {
1822 struct reloc *alt_reloc;
1823
1824 if (insn->offset >= special_alt->new_off + special_alt->new_len)
1825 break;
1826
1827 last_new_insn = insn;
1828
1829 insn->ignore = orig_insn->ignore_alts;
1830 insn->sym = orig_insn->sym;
1831 insn->alt_group = new_alt_group;
1832
1833 /*
1834 * Since alternative replacement code is copy/pasted by the
1835 * kernel after applying relocations, generally such code can't
1836 * have relative-address relocation references to outside the
1837 * .altinstr_replacement section, unless the arch's
1838 * alternatives code can adjust the relative offsets
1839 * accordingly.
1840 */
1841 alt_reloc = insn_reloc(file, insn);
1842 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) &&
1843 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) {
1844
1845 WARN_INSN(insn, "unsupported relocation in alternatives section");
1846 return -1;
1847 }
1848
1849 if (!is_static_jump(insn))
1850 continue;
1851
1852 if (!insn->immediate)
1853 continue;
1854
1855 dest_off = arch_jump_destination(insn);
1856 if (dest_off == special_alt->new_off + special_alt->new_len) {
1857 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn);
1858 if (!insn->jump_dest) {
1859 WARN_INSN(insn, "can't find alternative jump destination");
1860 return -1;
1861 }
1862 }
1863 }
1864
1865 if (!last_new_insn) {
1866 WARN_FUNC("can't find last new alternative instruction",
1867 special_alt->new_sec, special_alt->new_off);
1868 return -1;
1869 }
1870
1871 end:
1872 new_alt_group->orig_group = orig_alt_group;
1873 new_alt_group->first_insn = *new_insn;
1874 new_alt_group->last_insn = last_new_insn;
1875 new_alt_group->nop = nop;
1876 new_alt_group->cfi = orig_alt_group->cfi;
1877 return 0;
1878 }
1879
1880 /*
1881 * A jump table entry can either convert a nop to a jump or a jump to a nop.
1882 * If the original instruction is a jump, make the alt entry an effective nop
1883 * by just skipping the original instruction.
1884 */
1885 static int handle_jump_alt(struct objtool_file *file,
1886 struct special_alt *special_alt,
1887 struct instruction *orig_insn,
1888 struct instruction **new_insn)
1889 {
1890 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL &&
1891 orig_insn->type != INSN_NOP) {
1892
1893 WARN_INSN(orig_insn, "unsupported instruction at jump label");
1894 return -1;
1895 }
1896
1897 if (opts.hack_jump_label && special_alt->key_addend & 2) {
1898 struct reloc *reloc = insn_reloc(file, orig_insn);
1899
1900 if (reloc) {
1901 reloc->type = R_NONE;
1902 elf_write_reloc(file->elf, reloc);
1903 }
1904 elf_write_insn(file->elf, orig_insn->sec,
1905 orig_insn->offset, orig_insn->len,
1906 arch_nop_insn(orig_insn->len));
1907 orig_insn->type = INSN_NOP;
1908 }
1909
1910 if (orig_insn->type == INSN_NOP) {
1911 if (orig_insn->len == 2)
1912 file->jl_nop_short++;
1913 else
1914 file->jl_nop_long++;
1915
1916 return 0;
1917 }
1918
1919 if (orig_insn->len == 2)
1920 file->jl_short++;
1921 else
1922 file->jl_long++;
1923
1924 *new_insn = next_insn_same_sec(file, orig_insn);
1925 return 0;
1926 }
1927
1928 /*
1929 * Read all the special sections which have alternate instructions which can be
1930 * patched in or redirected to at runtime. Each instruction having alternate
1931 * instruction(s) has them added to its insn->alts list, which will be
1932 * traversed in validate_branch().
1933 */
1934 static int add_special_section_alts(struct objtool_file *file)
1935 {
1936 struct list_head special_alts;
1937 struct instruction *orig_insn, *new_insn;
1938 struct special_alt *special_alt, *tmp;
1939 struct alternative *alt;
1940 int ret;
1941
1942 ret = special_get_alts(file->elf, &special_alts);
1943 if (ret)
1944 return ret;
1945
1946 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
1947
1948 orig_insn = find_insn(file, special_alt->orig_sec,
1949 special_alt->orig_off);
1950 if (!orig_insn) {
1951 WARN_FUNC("special: can't find orig instruction",
1952 special_alt->orig_sec, special_alt->orig_off);
1953 ret = -1;
1954 goto out;
1955 }
1956
1957 new_insn = NULL;
1958 if (!special_alt->group || special_alt->new_len) {
1959 new_insn = find_insn(file, special_alt->new_sec,
1960 special_alt->new_off);
1961 if (!new_insn) {
1962 WARN_FUNC("special: can't find new instruction",
1963 special_alt->new_sec,
1964 special_alt->new_off);
1965 ret = -1;
1966 goto out;
1967 }
1968 }
1969
1970 if (special_alt->group) {
1971 if (!special_alt->orig_len) {
1972 WARN_INSN(orig_insn, "empty alternative entry");
1973 continue;
1974 }
1975
1976 ret = handle_group_alt(file, special_alt, orig_insn,
1977 &new_insn);
1978 if (ret)
1979 goto out;
1980 } else if (special_alt->jump_or_nop) {
1981 ret = handle_jump_alt(file, special_alt, orig_insn,
1982 &new_insn);
1983 if (ret)
1984 goto out;
1985 }
1986
1987 alt = malloc(sizeof(*alt));
1988 if (!alt) {
1989 WARN("malloc failed");
1990 ret = -1;
1991 goto out;
1992 }
1993
1994 alt->insn = new_insn;
1995 alt->skip_orig = special_alt->skip_orig;
1996 orig_insn->ignore_alts |= special_alt->skip_alt;
1997 alt->next = orig_insn->alts;
1998 orig_insn->alts = alt;
1999
2000 list_del(&special_alt->list);
2001 free(special_alt);
2002 }
2003
2004 if (opts.stats) {
2005 printf("jl\\\tNOP\tJMP\n");
2006 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short);
2007 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long);
2008 }
2009
2010 out:
2011 return ret;
2012 }
2013
2014 static int add_jump_table(struct objtool_file *file, struct instruction *insn,
2015 struct reloc *table)
2016 {
2017 struct reloc *reloc = table;
2018 struct instruction *dest_insn;
2019 struct alternative *alt;
2020 struct symbol *pfunc = insn_func(insn)->pfunc;
2021 unsigned int prev_offset = 0;
2022
2023 /*
2024 * Each @reloc is a switch table relocation which points to the target
2025 * instruction.
2026 */
2027 list_for_each_entry_from(reloc, &table->sec->reloc_list, list) {
2028
2029 /* Check for the end of the table: */
2030 if (reloc != table && reloc->jump_table_start)
2031 break;
2032
2033 /* Make sure the table entries are consecutive: */
2034 if (prev_offset && reloc->offset != prev_offset + 8)
2035 break;
2036
2037 /* Detect function pointers from contiguous objects: */
2038 if (reloc->sym->sec == pfunc->sec &&
2039 reloc->addend == pfunc->offset)
2040 break;
2041
2042 dest_insn = find_insn(file, reloc->sym->sec, reloc->addend);
2043 if (!dest_insn)
2044 break;
2045
2046 /* Make sure the destination is in the same function: */
2047 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc)
2048 break;
2049
2050 alt = malloc(sizeof(*alt));
2051 if (!alt) {
2052 WARN("malloc failed");
2053 return -1;
2054 }
2055
2056 alt->insn = dest_insn;
2057 alt->next = insn->alts;
2058 insn->alts = alt;
2059 prev_offset = reloc->offset;
2060 }
2061
2062 if (!prev_offset) {
2063 WARN_INSN(insn, "can't find switch jump table");
2064 return -1;
2065 }
2066
2067 return 0;
2068 }
2069
2070 /*
2071 * find_jump_table() - Given a dynamic jump, find the switch jump table
2072 * associated with it.
2073 */
2074 static struct reloc *find_jump_table(struct objtool_file *file,
2075 struct symbol *func,
2076 struct instruction *insn)
2077 {
2078 struct reloc *table_reloc;
2079 struct instruction *dest_insn, *orig_insn = insn;
2080
2081 /*
2082 * Backward search using the @first_jump_src links, these help avoid
2083 * much of the 'in between' code. Which avoids us getting confused by
2084 * it.
2085 */
2086 for (;
2087 insn && insn_func(insn) && insn_func(insn)->pfunc == func;
2088 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) {
2089
2090 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC)
2091 break;
2092
2093 /* allow small jumps within the range */
2094 if (insn->type == INSN_JUMP_UNCONDITIONAL &&
2095 insn->jump_dest &&
2096 (insn->jump_dest->offset <= insn->offset ||
2097 insn->jump_dest->offset > orig_insn->offset))
2098 break;
2099
2100 table_reloc = arch_find_switch_table(file, insn);
2101 if (!table_reloc)
2102 continue;
2103 dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend);
2104 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func)
2105 continue;
2106
2107 return table_reloc;
2108 }
2109
2110 return NULL;
2111 }
2112
2113 /*
2114 * First pass: Mark the head of each jump table so that in the next pass,
2115 * we know when a given jump table ends and the next one starts.
2116 */
2117 static void mark_func_jump_tables(struct objtool_file *file,
2118 struct symbol *func)
2119 {
2120 struct instruction *insn, *last = NULL;
2121 struct reloc *reloc;
2122
2123 func_for_each_insn(file, func, insn) {
2124 if (!last)
2125 last = insn;
2126
2127 /*
2128 * Store back-pointers for unconditional forward jumps such
2129 * that find_jump_table() can back-track using those and
2130 * avoid some potentially confusing code.
2131 */
2132 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest &&
2133 insn->offset > last->offset &&
2134 insn->jump_dest->offset > insn->offset &&
2135 !insn->jump_dest->first_jump_src) {
2136
2137 insn->jump_dest->first_jump_src = insn;
2138 last = insn->jump_dest;
2139 }
2140
2141 if (insn->type != INSN_JUMP_DYNAMIC)
2142 continue;
2143
2144 reloc = find_jump_table(file, func, insn);
2145 if (reloc) {
2146 reloc->jump_table_start = true;
2147 insn->_jump_table = reloc;
2148 }
2149 }
2150 }
2151
2152 static int add_func_jump_tables(struct objtool_file *file,
2153 struct symbol *func)
2154 {
2155 struct instruction *insn;
2156 int ret;
2157
2158 func_for_each_insn(file, func, insn) {
2159 if (!insn_jump_table(insn))
2160 continue;
2161
2162 ret = add_jump_table(file, insn, insn_jump_table(insn));
2163 if (ret)
2164 return ret;
2165 }
2166
2167 return 0;
2168 }
2169
2170 /*
2171 * For some switch statements, gcc generates a jump table in the .rodata
2172 * section which contains a list of addresses within the function to jump to.
2173 * This finds these jump tables and adds them to the insn->alts lists.
2174 */
2175 static int add_jump_table_alts(struct objtool_file *file)
2176 {
2177 struct symbol *func;
2178 int ret;
2179
2180 if (!file->rodata)
2181 return 0;
2182
2183 for_each_sym(file, func) {
2184 if (func->type != STT_FUNC)
2185 continue;
2186
2187 mark_func_jump_tables(file, func);
2188 ret = add_func_jump_tables(file, func);
2189 if (ret)
2190 return ret;
2191 }
2192
2193 return 0;
2194 }
2195
2196 static void set_func_state(struct cfi_state *state)
2197 {
2198 state->cfa = initial_func_cfi.cfa;
2199 memcpy(&state->regs, &initial_func_cfi.regs,
2200 CFI_NUM_REGS * sizeof(struct cfi_reg));
2201 state->stack_size = initial_func_cfi.cfa.offset;
2202 state->type = UNWIND_HINT_TYPE_CALL;
2203 }
2204
2205 static int read_unwind_hints(struct objtool_file *file)
2206 {
2207 struct cfi_state cfi = init_cfi;
2208 struct section *sec;
2209 struct unwind_hint *hint;
2210 struct instruction *insn;
2211 struct reloc *reloc;
2212 int i;
2213
2214 sec = find_section_by_name(file->elf, ".discard.unwind_hints");
2215 if (!sec)
2216 return 0;
2217
2218 if (!sec->rsec) {
2219 WARN("missing .rela.discard.unwind_hints section");
2220 return -1;
2221 }
2222
2223 if (sec->sh.sh_size % sizeof(struct unwind_hint)) {
2224 WARN("struct unwind_hint size mismatch");
2225 return -1;
2226 }
2227
2228 file->hints = true;
2229
2230 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) {
2231 hint = (struct unwind_hint *)sec->data->d_buf + i;
2232
2233 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint));
2234 if (!reloc) {
2235 WARN("can't find reloc for unwind_hints[%d]", i);
2236 return -1;
2237 }
2238
2239 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2240 if (!insn) {
2241 WARN("can't find insn for unwind_hints[%d]", i);
2242 return -1;
2243 }
2244
2245 insn->hint = true;
2246
2247 if (hint->type == UNWIND_HINT_TYPE_UNDEFINED) {
2248 insn->cfi = &force_undefined_cfi;
2249 continue;
2250 }
2251
2252 if (hint->type == UNWIND_HINT_TYPE_SAVE) {
2253 insn->hint = false;
2254 insn->save = true;
2255 continue;
2256 }
2257
2258 if (hint->type == UNWIND_HINT_TYPE_RESTORE) {
2259 insn->restore = true;
2260 continue;
2261 }
2262
2263 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) {
2264 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset);
2265
2266 if (sym && sym->bind == STB_GLOBAL) {
2267 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) {
2268 WARN_INSN(insn, "UNWIND_HINT_IRET_REGS without ENDBR");
2269 }
2270 }
2271 }
2272
2273 if (hint->type == UNWIND_HINT_TYPE_FUNC) {
2274 insn->cfi = &func_cfi;
2275 continue;
2276 }
2277
2278 if (insn->cfi)
2279 cfi = *(insn->cfi);
2280
2281 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) {
2282 WARN_INSN(insn, "unsupported unwind_hint sp base reg %d", hint->sp_reg);
2283 return -1;
2284 }
2285
2286 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset);
2287 cfi.type = hint->type;
2288 cfi.signal = hint->signal;
2289
2290 insn->cfi = cfi_hash_find_or_add(&cfi);
2291 }
2292
2293 return 0;
2294 }
2295
2296 static int read_noendbr_hints(struct objtool_file *file)
2297 {
2298 struct instruction *insn;
2299 struct section *rsec;
2300 struct reloc *reloc;
2301
2302 rsec = find_section_by_name(file->elf, ".rela.discard.noendbr");
2303 if (!rsec)
2304 return 0;
2305
2306 list_for_each_entry(reloc, &rsec->reloc_list, list) {
2307 insn = find_insn(file, reloc->sym->sec, reloc->sym->offset + reloc->addend);
2308 if (!insn) {
2309 WARN("bad .discard.noendbr entry");
2310 return -1;
2311 }
2312
2313 insn->noendbr = 1;
2314 }
2315
2316 return 0;
2317 }
2318
2319 static int read_retpoline_hints(struct objtool_file *file)
2320 {
2321 struct section *rsec;
2322 struct instruction *insn;
2323 struct reloc *reloc;
2324
2325 rsec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe");
2326 if (!rsec)
2327 return 0;
2328
2329 list_for_each_entry(reloc, &rsec->reloc_list, list) {
2330 if (reloc->sym->type != STT_SECTION) {
2331 WARN("unexpected relocation symbol type in %s", rsec->name);
2332 return -1;
2333 }
2334
2335 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2336 if (!insn) {
2337 WARN("bad .discard.retpoline_safe entry");
2338 return -1;
2339 }
2340
2341 if (insn->type != INSN_JUMP_DYNAMIC &&
2342 insn->type != INSN_CALL_DYNAMIC &&
2343 insn->type != INSN_RETURN &&
2344 insn->type != INSN_NOP) {
2345 WARN_INSN(insn, "retpoline_safe hint not an indirect jump/call/ret/nop");
2346 return -1;
2347 }
2348
2349 insn->retpoline_safe = true;
2350 }
2351
2352 return 0;
2353 }
2354
2355 static int read_instr_hints(struct objtool_file *file)
2356 {
2357 struct section *rsec;
2358 struct instruction *insn;
2359 struct reloc *reloc;
2360
2361 rsec = find_section_by_name(file->elf, ".rela.discard.instr_end");
2362 if (!rsec)
2363 return 0;
2364
2365 list_for_each_entry(reloc, &rsec->reloc_list, list) {
2366 if (reloc->sym->type != STT_SECTION) {
2367 WARN("unexpected relocation symbol type in %s", rsec->name);
2368 return -1;
2369 }
2370
2371 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2372 if (!insn) {
2373 WARN("bad .discard.instr_end entry");
2374 return -1;
2375 }
2376
2377 insn->instr--;
2378 }
2379
2380 rsec = find_section_by_name(file->elf, ".rela.discard.instr_begin");
2381 if (!rsec)
2382 return 0;
2383
2384 list_for_each_entry(reloc, &rsec->reloc_list, list) {
2385 if (reloc->sym->type != STT_SECTION) {
2386 WARN("unexpected relocation symbol type in %s", rsec->name);
2387 return -1;
2388 }
2389
2390 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2391 if (!insn) {
2392 WARN("bad .discard.instr_begin entry");
2393 return -1;
2394 }
2395
2396 insn->instr++;
2397 }
2398
2399 return 0;
2400 }
2401
2402 static int read_validate_unret_hints(struct objtool_file *file)
2403 {
2404 struct section *rsec;
2405 struct instruction *insn;
2406 struct reloc *reloc;
2407
2408 rsec = find_section_by_name(file->elf, ".rela.discard.validate_unret");
2409 if (!rsec)
2410 return 0;
2411
2412 list_for_each_entry(reloc, &rsec->reloc_list, list) {
2413 if (reloc->sym->type != STT_SECTION) {
2414 WARN("unexpected relocation symbol type in %s", rsec->name);
2415 return -1;
2416 }
2417
2418 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2419 if (!insn) {
2420 WARN("bad .discard.instr_end entry");
2421 return -1;
2422 }
2423 insn->unret = 1;
2424 }
2425
2426 return 0;
2427 }
2428
2429
2430 static int read_intra_function_calls(struct objtool_file *file)
2431 {
2432 struct instruction *insn;
2433 struct section *rsec;
2434 struct reloc *reloc;
2435
2436 rsec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls");
2437 if (!rsec)
2438 return 0;
2439
2440 list_for_each_entry(reloc, &rsec->reloc_list, list) {
2441 unsigned long dest_off;
2442
2443 if (reloc->sym->type != STT_SECTION) {
2444 WARN("unexpected relocation symbol type in %s",
2445 rsec->name);
2446 return -1;
2447 }
2448
2449 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2450 if (!insn) {
2451 WARN("bad .discard.intra_function_call entry");
2452 return -1;
2453 }
2454
2455 if (insn->type != INSN_CALL) {
2456 WARN_INSN(insn, "intra_function_call not a direct call");
2457 return -1;
2458 }
2459
2460 /*
2461 * Treat intra-function CALLs as JMPs, but with a stack_op.
2462 * See add_call_destinations(), which strips stack_ops from
2463 * normal CALLs.
2464 */
2465 insn->type = INSN_JUMP_UNCONDITIONAL;
2466
2467 dest_off = arch_jump_destination(insn);
2468 insn->jump_dest = find_insn(file, insn->sec, dest_off);
2469 if (!insn->jump_dest) {
2470 WARN_INSN(insn, "can't find call dest at %s+0x%lx",
2471 insn->sec->name, dest_off);
2472 return -1;
2473 }
2474 }
2475
2476 return 0;
2477 }
2478
2479 /*
2480 * Return true if name matches an instrumentation function, where calls to that
2481 * function from noinstr code can safely be removed, but compilers won't do so.
2482 */
2483 static bool is_profiling_func(const char *name)
2484 {
2485 /*
2486 * Many compilers cannot disable KCOV with a function attribute.
2487 */
2488 if (!strncmp(name, "__sanitizer_cov_", 16))
2489 return true;
2490
2491 /*
2492 * Some compilers currently do not remove __tsan_func_entry/exit nor
2493 * __tsan_atomic_signal_fence (used for barrier instrumentation) with
2494 * the __no_sanitize_thread attribute, remove them. Once the kernel's
2495 * minimum Clang version is 14.0, this can be removed.
2496 */
2497 if (!strncmp(name, "__tsan_func_", 12) ||
2498 !strcmp(name, "__tsan_atomic_signal_fence"))
2499 return true;
2500
2501 return false;
2502 }
2503
2504 static int classify_symbols(struct objtool_file *file)
2505 {
2506 struct symbol *func;
2507
2508 for_each_sym(file, func) {
2509 if (func->bind != STB_GLOBAL)
2510 continue;
2511
2512 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR,
2513 strlen(STATIC_CALL_TRAMP_PREFIX_STR)))
2514 func->static_call_tramp = true;
2515
2516 if (arch_is_retpoline(func))
2517 func->retpoline_thunk = true;
2518
2519 if (arch_is_rethunk(func))
2520 func->return_thunk = true;
2521
2522 if (arch_ftrace_match(func->name))
2523 func->fentry = true;
2524
2525 if (is_profiling_func(func->name))
2526 func->profiling_func = true;
2527 }
2528
2529 return 0;
2530 }
2531
2532 static void mark_rodata(struct objtool_file *file)
2533 {
2534 struct section *sec;
2535 bool found = false;
2536
2537 /*
2538 * Search for the following rodata sections, each of which can
2539 * potentially contain jump tables:
2540 *
2541 * - .rodata: can contain GCC switch tables
2542 * - .rodata.<func>: same, if -fdata-sections is being used
2543 * - .rodata..c_jump_table: contains C annotated jump tables
2544 *
2545 * .rodata.str1.* sections are ignored; they don't contain jump tables.
2546 */
2547 for_each_sec(file, sec) {
2548 if (!strncmp(sec->name, ".rodata", 7) &&
2549 !strstr(sec->name, ".str1.")) {
2550 sec->rodata = true;
2551 found = true;
2552 }
2553 }
2554
2555 file->rodata = found;
2556 }
2557
2558 static int decode_sections(struct objtool_file *file)
2559 {
2560 int ret;
2561
2562 mark_rodata(file);
2563
2564 ret = init_pv_ops(file);
2565 if (ret)
2566 return ret;
2567
2568 /*
2569 * Must be before add_{jump_call}_destination.
2570 */
2571 ret = classify_symbols(file);
2572 if (ret)
2573 return ret;
2574
2575 ret = decode_instructions(file);
2576 if (ret)
2577 return ret;
2578
2579 add_ignores(file);
2580 add_uaccess_safe(file);
2581
2582 ret = add_ignore_alternatives(file);
2583 if (ret)
2584 return ret;
2585
2586 /*
2587 * Must be before read_unwind_hints() since that needs insn->noendbr.
2588 */
2589 ret = read_noendbr_hints(file);
2590 if (ret)
2591 return ret;
2592
2593 /*
2594 * Must be before add_jump_destinations(), which depends on 'func'
2595 * being set for alternatives, to enable proper sibling call detection.
2596 */
2597 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) {
2598 ret = add_special_section_alts(file);
2599 if (ret)
2600 return ret;
2601 }
2602
2603 ret = add_jump_destinations(file);
2604 if (ret)
2605 return ret;
2606
2607 /*
2608 * Must be before add_call_destination(); it changes INSN_CALL to
2609 * INSN_JUMP.
2610 */
2611 ret = read_intra_function_calls(file);
2612 if (ret)
2613 return ret;
2614
2615 ret = add_call_destinations(file);
2616 if (ret)
2617 return ret;
2618
2619 /*
2620 * Must be after add_call_destinations() such that it can override
2621 * dead_end_function() marks.
2622 */
2623 ret = add_dead_ends(file);
2624 if (ret)
2625 return ret;
2626
2627 ret = add_jump_table_alts(file);
2628 if (ret)
2629 return ret;
2630
2631 ret = read_unwind_hints(file);
2632 if (ret)
2633 return ret;
2634
2635 ret = read_retpoline_hints(file);
2636 if (ret)
2637 return ret;
2638
2639 ret = read_instr_hints(file);
2640 if (ret)
2641 return ret;
2642
2643 ret = read_validate_unret_hints(file);
2644 if (ret)
2645 return ret;
2646
2647 return 0;
2648 }
2649
2650 static bool is_fentry_call(struct instruction *insn)
2651 {
2652 if (insn->type == INSN_CALL &&
2653 insn_call_dest(insn) &&
2654 insn_call_dest(insn)->fentry)
2655 return true;
2656
2657 return false;
2658 }
2659
2660 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state)
2661 {
2662 struct cfi_state *cfi = &state->cfi;
2663 int i;
2664
2665 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap)
2666 return true;
2667
2668 if (cfi->cfa.offset != initial_func_cfi.cfa.offset)
2669 return true;
2670
2671 if (cfi->stack_size != initial_func_cfi.cfa.offset)
2672 return true;
2673
2674 for (i = 0; i < CFI_NUM_REGS; i++) {
2675 if (cfi->regs[i].base != initial_func_cfi.regs[i].base ||
2676 cfi->regs[i].offset != initial_func_cfi.regs[i].offset)
2677 return true;
2678 }
2679
2680 return false;
2681 }
2682
2683 static bool check_reg_frame_pos(const struct cfi_reg *reg,
2684 int expected_offset)
2685 {
2686 return reg->base == CFI_CFA &&
2687 reg->offset == expected_offset;
2688 }
2689
2690 static bool has_valid_stack_frame(struct insn_state *state)
2691 {
2692 struct cfi_state *cfi = &state->cfi;
2693
2694 if (cfi->cfa.base == CFI_BP &&
2695 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) &&
2696 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8))
2697 return true;
2698
2699 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP)
2700 return true;
2701
2702 return false;
2703 }
2704
2705 static int update_cfi_state_regs(struct instruction *insn,
2706 struct cfi_state *cfi,
2707 struct stack_op *op)
2708 {
2709 struct cfi_reg *cfa = &cfi->cfa;
2710
2711 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT)
2712 return 0;
2713
2714 /* push */
2715 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF)
2716 cfa->offset += 8;
2717
2718 /* pop */
2719 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF)
2720 cfa->offset -= 8;
2721
2722 /* add immediate to sp */
2723 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD &&
2724 op->dest.reg == CFI_SP && op->src.reg == CFI_SP)
2725 cfa->offset -= op->src.offset;
2726
2727 return 0;
2728 }
2729
2730 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset)
2731 {
2732 if (arch_callee_saved_reg(reg) &&
2733 cfi->regs[reg].base == CFI_UNDEFINED) {
2734 cfi->regs[reg].base = base;
2735 cfi->regs[reg].offset = offset;
2736 }
2737 }
2738
2739 static void restore_reg(struct cfi_state *cfi, unsigned char reg)
2740 {
2741 cfi->regs[reg].base = initial_func_cfi.regs[reg].base;
2742 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset;
2743 }
2744
2745 /*
2746 * A note about DRAP stack alignment:
2747 *
2748 * GCC has the concept of a DRAP register, which is used to help keep track of
2749 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP
2750 * register. The typical DRAP pattern is:
2751 *
2752 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10
2753 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
2754 * 41 ff 72 f8 pushq -0x8(%r10)
2755 * 55 push %rbp
2756 * 48 89 e5 mov %rsp,%rbp
2757 * (more pushes)
2758 * 41 52 push %r10
2759 * ...
2760 * 41 5a pop %r10
2761 * (more pops)
2762 * 5d pop %rbp
2763 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2764 * c3 retq
2765 *
2766 * There are some variations in the epilogues, like:
2767 *
2768 * 5b pop %rbx
2769 * 41 5a pop %r10
2770 * 41 5c pop %r12
2771 * 41 5d pop %r13
2772 * 41 5e pop %r14
2773 * c9 leaveq
2774 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2775 * c3 retq
2776 *
2777 * and:
2778 *
2779 * 4c 8b 55 e8 mov -0x18(%rbp),%r10
2780 * 48 8b 5d e0 mov -0x20(%rbp),%rbx
2781 * 4c 8b 65 f0 mov -0x10(%rbp),%r12
2782 * 4c 8b 6d f8 mov -0x8(%rbp),%r13
2783 * c9 leaveq
2784 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2785 * c3 retq
2786 *
2787 * Sometimes r13 is used as the DRAP register, in which case it's saved and
2788 * restored beforehand:
2789 *
2790 * 41 55 push %r13
2791 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13
2792 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
2793 * ...
2794 * 49 8d 65 f0 lea -0x10(%r13),%rsp
2795 * 41 5d pop %r13
2796 * c3 retq
2797 */
2798 static int update_cfi_state(struct instruction *insn,
2799 struct instruction *next_insn,
2800 struct cfi_state *cfi, struct stack_op *op)
2801 {
2802 struct cfi_reg *cfa = &cfi->cfa;
2803 struct cfi_reg *regs = cfi->regs;
2804
2805 /* ignore UNWIND_HINT_UNDEFINED regions */
2806 if (cfi->force_undefined)
2807 return 0;
2808
2809 /* stack operations don't make sense with an undefined CFA */
2810 if (cfa->base == CFI_UNDEFINED) {
2811 if (insn_func(insn)) {
2812 WARN_INSN(insn, "undefined stack state");
2813 return -1;
2814 }
2815 return 0;
2816 }
2817
2818 if (cfi->type == UNWIND_HINT_TYPE_REGS ||
2819 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL)
2820 return update_cfi_state_regs(insn, cfi, op);
2821
2822 switch (op->dest.type) {
2823
2824 case OP_DEST_REG:
2825 switch (op->src.type) {
2826
2827 case OP_SRC_REG:
2828 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP &&
2829 cfa->base == CFI_SP &&
2830 check_reg_frame_pos(&regs[CFI_BP], -cfa->offset)) {
2831
2832 /* mov %rsp, %rbp */
2833 cfa->base = op->dest.reg;
2834 cfi->bp_scratch = false;
2835 }
2836
2837 else if (op->src.reg == CFI_SP &&
2838 op->dest.reg == CFI_BP && cfi->drap) {
2839
2840 /* drap: mov %rsp, %rbp */
2841 regs[CFI_BP].base = CFI_BP;
2842 regs[CFI_BP].offset = -cfi->stack_size;
2843 cfi->bp_scratch = false;
2844 }
2845
2846 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
2847
2848 /*
2849 * mov %rsp, %reg
2850 *
2851 * This is needed for the rare case where GCC
2852 * does:
2853 *
2854 * mov %rsp, %rax
2855 * ...
2856 * mov %rax, %rsp
2857 */
2858 cfi->vals[op->dest.reg].base = CFI_CFA;
2859 cfi->vals[op->dest.reg].offset = -cfi->stack_size;
2860 }
2861
2862 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP &&
2863 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) {
2864
2865 /*
2866 * mov %rbp, %rsp
2867 *
2868 * Restore the original stack pointer (Clang).
2869 */
2870 cfi->stack_size = -cfi->regs[CFI_BP].offset;
2871 }
2872
2873 else if (op->dest.reg == cfa->base) {
2874
2875 /* mov %reg, %rsp */
2876 if (cfa->base == CFI_SP &&
2877 cfi->vals[op->src.reg].base == CFI_CFA) {
2878
2879 /*
2880 * This is needed for the rare case
2881 * where GCC does something dumb like:
2882 *
2883 * lea 0x8(%rsp), %rcx
2884 * ...
2885 * mov %rcx, %rsp
2886 */
2887 cfa->offset = -cfi->vals[op->src.reg].offset;
2888 cfi->stack_size = cfa->offset;
2889
2890 } else if (cfa->base == CFI_SP &&
2891 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT &&
2892 cfi->vals[op->src.reg].offset == cfa->offset) {
2893
2894 /*
2895 * Stack swizzle:
2896 *
2897 * 1: mov %rsp, (%[tos])
2898 * 2: mov %[tos], %rsp
2899 * ...
2900 * 3: pop %rsp
2901 *
2902 * Where:
2903 *
2904 * 1 - places a pointer to the previous
2905 * stack at the Top-of-Stack of the
2906 * new stack.
2907 *
2908 * 2 - switches to the new stack.
2909 *
2910 * 3 - pops the Top-of-Stack to restore
2911 * the original stack.
2912 *
2913 * Note: we set base to SP_INDIRECT
2914 * here and preserve offset. Therefore
2915 * when the unwinder reaches ToS it
2916 * will dereference SP and then add the
2917 * offset to find the next frame, IOW:
2918 * (%rsp) + offset.
2919 */
2920 cfa->base = CFI_SP_INDIRECT;
2921
2922 } else {
2923 cfa->base = CFI_UNDEFINED;
2924 cfa->offset = 0;
2925 }
2926 }
2927
2928 else if (op->dest.reg == CFI_SP &&
2929 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT &&
2930 cfi->vals[op->src.reg].offset == cfa->offset) {
2931
2932 /*
2933 * The same stack swizzle case 2) as above. But
2934 * because we can't change cfa->base, case 3)
2935 * will become a regular POP. Pretend we're a
2936 * PUSH so things don't go unbalanced.
2937 */
2938 cfi->stack_size += 8;
2939 }
2940
2941
2942 break;
2943
2944 case OP_SRC_ADD:
2945 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) {
2946
2947 /* add imm, %rsp */
2948 cfi->stack_size -= op->src.offset;
2949 if (cfa->base == CFI_SP)
2950 cfa->offset -= op->src.offset;
2951 break;
2952 }
2953
2954 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) {
2955
2956 /* lea disp(%rbp), %rsp */
2957 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset);
2958 break;
2959 }
2960
2961 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
2962
2963 /* drap: lea disp(%rsp), %drap */
2964 cfi->drap_reg = op->dest.reg;
2965
2966 /*
2967 * lea disp(%rsp), %reg
2968 *
2969 * This is needed for the rare case where GCC
2970 * does something dumb like:
2971 *
2972 * lea 0x8(%rsp), %rcx
2973 * ...
2974 * mov %rcx, %rsp
2975 */
2976 cfi->vals[op->dest.reg].base = CFI_CFA;
2977 cfi->vals[op->dest.reg].offset = \
2978 -cfi->stack_size + op->src.offset;
2979
2980 break;
2981 }
2982
2983 if (cfi->drap && op->dest.reg == CFI_SP &&
2984 op->src.reg == cfi->drap_reg) {
2985
2986 /* drap: lea disp(%drap), %rsp */
2987 cfa->base = CFI_SP;
2988 cfa->offset = cfi->stack_size = -op->src.offset;
2989 cfi->drap_reg = CFI_UNDEFINED;
2990 cfi->drap = false;
2991 break;
2992 }
2993
2994 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) {
2995 WARN_INSN(insn, "unsupported stack register modification");
2996 return -1;
2997 }
2998
2999 break;
3000
3001 case OP_SRC_AND:
3002 if (op->dest.reg != CFI_SP ||
3003 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) ||
3004 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) {
3005 WARN_INSN(insn, "unsupported stack pointer realignment");
3006 return -1;
3007 }
3008
3009 if (cfi->drap_reg != CFI_UNDEFINED) {
3010 /* drap: and imm, %rsp */
3011 cfa->base = cfi->drap_reg;
3012 cfa->offset = cfi->stack_size = 0;
3013 cfi->drap = true;
3014 }
3015
3016 /*
3017 * Older versions of GCC (4.8ish) realign the stack
3018 * without DRAP, with a frame pointer.
3019 */
3020
3021 break;
3022
3023 case OP_SRC_POP:
3024 case OP_SRC_POPF:
3025 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) {
3026
3027 /* pop %rsp; # restore from a stack swizzle */
3028 cfa->base = CFI_SP;
3029 break;
3030 }
3031
3032 if (!cfi->drap && op->dest.reg == cfa->base) {
3033
3034 /* pop %rbp */
3035 cfa->base = CFI_SP;
3036 }
3037
3038 if (cfi->drap && cfa->base == CFI_BP_INDIRECT &&
3039 op->dest.reg == cfi->drap_reg &&
3040 cfi->drap_offset == -cfi->stack_size) {
3041
3042 /* drap: pop %drap */
3043 cfa->base = cfi->drap_reg;
3044 cfa->offset = 0;
3045 cfi->drap_offset = -1;
3046
3047 } else if (cfi->stack_size == -regs[op->dest.reg].offset) {
3048
3049 /* pop %reg */
3050 restore_reg(cfi, op->dest.reg);
3051 }
3052
3053 cfi->stack_size -= 8;
3054 if (cfa->base == CFI_SP)
3055 cfa->offset -= 8;
3056
3057 break;
3058
3059 case OP_SRC_REG_INDIRECT:
3060 if (!cfi->drap && op->dest.reg == cfa->base &&
3061 op->dest.reg == CFI_BP) {
3062
3063 /* mov disp(%rsp), %rbp */
3064 cfa->base = CFI_SP;
3065 cfa->offset = cfi->stack_size;
3066 }
3067
3068 if (cfi->drap && op->src.reg == CFI_BP &&
3069 op->src.offset == cfi->drap_offset) {
3070
3071 /* drap: mov disp(%rbp), %drap */
3072 cfa->base = cfi->drap_reg;
3073 cfa->offset = 0;
3074 cfi->drap_offset = -1;
3075 }
3076
3077 if (cfi->drap && op->src.reg == CFI_BP &&
3078 op->src.offset == regs[op->dest.reg].offset) {
3079
3080 /* drap: mov disp(%rbp), %reg */
3081 restore_reg(cfi, op->dest.reg);
3082
3083 } else if (op->src.reg == cfa->base &&
3084 op->src.offset == regs[op->dest.reg].offset + cfa->offset) {
3085
3086 /* mov disp(%rbp), %reg */
3087 /* mov disp(%rsp), %reg */
3088 restore_reg(cfi, op->dest.reg);
3089
3090 } else if (op->src.reg == CFI_SP &&
3091 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) {
3092
3093 /* mov disp(%rsp), %reg */
3094 restore_reg(cfi, op->dest.reg);
3095 }
3096
3097 break;
3098
3099 default:
3100 WARN_INSN(insn, "unknown stack-related instruction");
3101 return -1;
3102 }
3103
3104 break;
3105
3106 case OP_DEST_PUSH:
3107 case OP_DEST_PUSHF:
3108 cfi->stack_size += 8;
3109 if (cfa->base == CFI_SP)
3110 cfa->offset += 8;
3111
3112 if (op->src.type != OP_SRC_REG)
3113 break;
3114
3115 if (cfi->drap) {
3116 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
3117
3118 /* drap: push %drap */
3119 cfa->base = CFI_BP_INDIRECT;
3120 cfa->offset = -cfi->stack_size;
3121
3122 /* save drap so we know when to restore it */
3123 cfi->drap_offset = -cfi->stack_size;
3124
3125 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) {
3126
3127 /* drap: push %rbp */
3128 cfi->stack_size = 0;
3129
3130 } else {
3131
3132 /* drap: push %reg */
3133 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size);
3134 }
3135
3136 } else {
3137
3138 /* push %reg */
3139 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size);
3140 }
3141
3142 /* detect when asm code uses rbp as a scratch register */
3143 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP &&
3144 cfa->base != CFI_BP)
3145 cfi->bp_scratch = true;
3146 break;
3147
3148 case OP_DEST_REG_INDIRECT:
3149
3150 if (cfi->drap) {
3151 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
3152
3153 /* drap: mov %drap, disp(%rbp) */
3154 cfa->base = CFI_BP_INDIRECT;
3155 cfa->offset = op->dest.offset;
3156
3157 /* save drap offset so we know when to restore it */
3158 cfi->drap_offset = op->dest.offset;
3159 } else {
3160
3161 /* drap: mov reg, disp(%rbp) */
3162 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset);
3163 }
3164
3165 } else if (op->dest.reg == cfa->base) {
3166
3167 /* mov reg, disp(%rbp) */
3168 /* mov reg, disp(%rsp) */
3169 save_reg(cfi, op->src.reg, CFI_CFA,
3170 op->dest.offset - cfi->cfa.offset);
3171
3172 } else if (op->dest.reg == CFI_SP) {
3173
3174 /* mov reg, disp(%rsp) */
3175 save_reg(cfi, op->src.reg, CFI_CFA,
3176 op->dest.offset - cfi->stack_size);
3177
3178 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) {
3179
3180 /* mov %rsp, (%reg); # setup a stack swizzle. */
3181 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT;
3182 cfi->vals[op->dest.reg].offset = cfa->offset;
3183 }
3184
3185 break;
3186
3187 case OP_DEST_MEM:
3188 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) {
3189 WARN_INSN(insn, "unknown stack-related memory operation");
3190 return -1;
3191 }
3192
3193 /* pop mem */
3194 cfi->stack_size -= 8;
3195 if (cfa->base == CFI_SP)
3196 cfa->offset -= 8;
3197
3198 break;
3199
3200 default:
3201 WARN_INSN(insn, "unknown stack-related instruction");
3202 return -1;
3203 }
3204
3205 return 0;
3206 }
3207
3208 /*
3209 * The stack layouts of alternatives instructions can sometimes diverge when
3210 * they have stack modifications. That's fine as long as the potential stack
3211 * layouts don't conflict at any given potential instruction boundary.
3212 *
3213 * Flatten the CFIs of the different alternative code streams (both original
3214 * and replacement) into a single shared CFI array which can be used to detect
3215 * conflicts and nicely feed a linear array of ORC entries to the unwinder.
3216 */
3217 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn)
3218 {
3219 struct cfi_state **alt_cfi;
3220 int group_off;
3221
3222 if (!insn->alt_group)
3223 return 0;
3224
3225 if (!insn->cfi) {
3226 WARN("CFI missing");
3227 return -1;
3228 }
3229
3230 alt_cfi = insn->alt_group->cfi;
3231 group_off = insn->offset - insn->alt_group->first_insn->offset;
3232
3233 if (!alt_cfi[group_off]) {
3234 alt_cfi[group_off] = insn->cfi;
3235 } else {
3236 if (cficmp(alt_cfi[group_off], insn->cfi)) {
3237 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group;
3238 struct instruction *orig = orig_group->first_insn;
3239 char *where = offstr(insn->sec, insn->offset);
3240 WARN_INSN(orig, "stack layout conflict in alternatives: %s", where);
3241 free(where);
3242 return -1;
3243 }
3244 }
3245
3246 return 0;
3247 }
3248
3249 static int handle_insn_ops(struct instruction *insn,
3250 struct instruction *next_insn,
3251 struct insn_state *state)
3252 {
3253 struct stack_op *op;
3254
3255 for (op = insn->stack_ops; op; op = op->next) {
3256
3257 if (update_cfi_state(insn, next_insn, &state->cfi, op))
3258 return 1;
3259
3260 if (!insn->alt_group)
3261 continue;
3262
3263 if (op->dest.type == OP_DEST_PUSHF) {
3264 if (!state->uaccess_stack) {
3265 state->uaccess_stack = 1;
3266 } else if (state->uaccess_stack >> 31) {
3267 WARN_INSN(insn, "PUSHF stack exhausted");
3268 return 1;
3269 }
3270 state->uaccess_stack <<= 1;
3271 state->uaccess_stack |= state->uaccess;
3272 }
3273
3274 if (op->src.type == OP_SRC_POPF) {
3275 if (state->uaccess_stack) {
3276 state->uaccess = state->uaccess_stack & 1;
3277 state->uaccess_stack >>= 1;
3278 if (state->uaccess_stack == 1)
3279 state->uaccess_stack = 0;
3280 }
3281 }
3282 }
3283
3284 return 0;
3285 }
3286
3287 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2)
3288 {
3289 struct cfi_state *cfi1 = insn->cfi;
3290 int i;
3291
3292 if (!cfi1) {
3293 WARN("CFI missing");
3294 return false;
3295 }
3296
3297 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) {
3298
3299 WARN_INSN(insn, "stack state mismatch: cfa1=%d%+d cfa2=%d%+d",
3300 cfi1->cfa.base, cfi1->cfa.offset,
3301 cfi2->cfa.base, cfi2->cfa.offset);
3302
3303 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) {
3304 for (i = 0; i < CFI_NUM_REGS; i++) {
3305 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i],
3306 sizeof(struct cfi_reg)))
3307 continue;
3308
3309 WARN_INSN(insn, "stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d",
3310 i, cfi1->regs[i].base, cfi1->regs[i].offset,
3311 i, cfi2->regs[i].base, cfi2->regs[i].offset);
3312 break;
3313 }
3314
3315 } else if (cfi1->type != cfi2->type) {
3316
3317 WARN_INSN(insn, "stack state mismatch: type1=%d type2=%d",
3318 cfi1->type, cfi2->type);
3319
3320 } else if (cfi1->drap != cfi2->drap ||
3321 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) ||
3322 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) {
3323
3324 WARN_INSN(insn, "stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)",
3325 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset,
3326 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset);
3327
3328 } else
3329 return true;
3330
3331 return false;
3332 }
3333
3334 static inline bool func_uaccess_safe(struct symbol *func)
3335 {
3336 if (func)
3337 return func->uaccess_safe;
3338
3339 return false;
3340 }
3341
3342 static inline const char *call_dest_name(struct instruction *insn)
3343 {
3344 static char pvname[19];
3345 struct reloc *reloc;
3346 int idx;
3347
3348 if (insn_call_dest(insn))
3349 return insn_call_dest(insn)->name;
3350
3351 reloc = insn_reloc(NULL, insn);
3352 if (reloc && !strcmp(reloc->sym->name, "pv_ops")) {
3353 idx = (reloc->addend / sizeof(void *));
3354 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx);
3355 return pvname;
3356 }
3357
3358 return "{dynamic}";
3359 }
3360
3361 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn)
3362 {
3363 struct symbol *target;
3364 struct reloc *reloc;
3365 int idx;
3366
3367 reloc = insn_reloc(file, insn);
3368 if (!reloc || strcmp(reloc->sym->name, "pv_ops"))
3369 return false;
3370
3371 idx = (arch_dest_reloc_offset(reloc->addend) / sizeof(void *));
3372
3373 if (file->pv_ops[idx].clean)
3374 return true;
3375
3376 file->pv_ops[idx].clean = true;
3377
3378 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) {
3379 if (!target->sec->noinstr) {
3380 WARN("pv_ops[%d]: %s", idx, target->name);
3381 file->pv_ops[idx].clean = false;
3382 }
3383 }
3384
3385 return file->pv_ops[idx].clean;
3386 }
3387
3388 static inline bool noinstr_call_dest(struct objtool_file *file,
3389 struct instruction *insn,
3390 struct symbol *func)
3391 {
3392 /*
3393 * We can't deal with indirect function calls at present;
3394 * assume they're instrumented.
3395 */
3396 if (!func) {
3397 if (file->pv_ops)
3398 return pv_call_dest(file, insn);
3399
3400 return false;
3401 }
3402
3403 /*
3404 * If the symbol is from a noinstr section; we good.
3405 */
3406 if (func->sec->noinstr)
3407 return true;
3408
3409 /*
3410 * If the symbol is a static_call trampoline, we can't tell.
3411 */
3412 if (func->static_call_tramp)
3413 return true;
3414
3415 /*
3416 * The __ubsan_handle_*() calls are like WARN(), they only happen when
3417 * something 'BAD' happened. At the risk of taking the machine down,
3418 * let them proceed to get the message out.
3419 */
3420 if (!strncmp(func->name, "__ubsan_handle_", 15))
3421 return true;
3422
3423 return false;
3424 }
3425
3426 static int validate_call(struct objtool_file *file,
3427 struct instruction *insn,
3428 struct insn_state *state)
3429 {
3430 if (state->noinstr && state->instr <= 0 &&
3431 !noinstr_call_dest(file, insn, insn_call_dest(insn))) {
3432 WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn));
3433 return 1;
3434 }
3435
3436 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) {
3437 WARN_INSN(insn, "call to %s() with UACCESS enabled", call_dest_name(insn));
3438 return 1;
3439 }
3440
3441 if (state->df) {
3442 WARN_INSN(insn, "call to %s() with DF set", call_dest_name(insn));
3443 return 1;
3444 }
3445
3446 return 0;
3447 }
3448
3449 static int validate_sibling_call(struct objtool_file *file,
3450 struct instruction *insn,
3451 struct insn_state *state)
3452 {
3453 if (insn_func(insn) && has_modified_stack_frame(insn, state)) {
3454 WARN_INSN(insn, "sibling call from callable instruction with modified stack frame");
3455 return 1;
3456 }
3457
3458 return validate_call(file, insn, state);
3459 }
3460
3461 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state)
3462 {
3463 if (state->noinstr && state->instr > 0) {
3464 WARN_INSN(insn, "return with instrumentation enabled");
3465 return 1;
3466 }
3467
3468 if (state->uaccess && !func_uaccess_safe(func)) {
3469 WARN_INSN(insn, "return with UACCESS enabled");
3470 return 1;
3471 }
3472
3473 if (!state->uaccess && func_uaccess_safe(func)) {
3474 WARN_INSN(insn, "return with UACCESS disabled from a UACCESS-safe function");
3475 return 1;
3476 }
3477
3478 if (state->df) {
3479 WARN_INSN(insn, "return with DF set");
3480 return 1;
3481 }
3482
3483 if (func && has_modified_stack_frame(insn, state)) {
3484 WARN_INSN(insn, "return with modified stack frame");
3485 return 1;
3486 }
3487
3488 if (state->cfi.bp_scratch) {
3489 WARN_INSN(insn, "BP used as a scratch register");
3490 return 1;
3491 }
3492
3493 return 0;
3494 }
3495
3496 static struct instruction *next_insn_to_validate(struct objtool_file *file,
3497 struct instruction *insn)
3498 {
3499 struct alt_group *alt_group = insn->alt_group;
3500
3501 /*
3502 * Simulate the fact that alternatives are patched in-place. When the
3503 * end of a replacement alt_group is reached, redirect objtool flow to
3504 * the end of the original alt_group.
3505 *
3506 * insn->alts->insn -> alt_group->first_insn
3507 * ...
3508 * alt_group->last_insn
3509 * [alt_group->nop] -> next(orig_group->last_insn)
3510 */
3511 if (alt_group) {
3512 if (alt_group->nop) {
3513 /* ->nop implies ->orig_group */
3514 if (insn == alt_group->last_insn)
3515 return alt_group->nop;
3516 if (insn == alt_group->nop)
3517 goto next_orig;
3518 }
3519 if (insn == alt_group->last_insn && alt_group->orig_group)
3520 goto next_orig;
3521 }
3522
3523 return next_insn_same_sec(file, insn);
3524
3525 next_orig:
3526 return next_insn_same_sec(file, alt_group->orig_group->last_insn);
3527 }
3528
3529 /*
3530 * Follow the branch starting at the given instruction, and recursively follow
3531 * any other branches (jumps). Meanwhile, track the frame pointer state at
3532 * each instruction and validate all the rules described in
3533 * tools/objtool/Documentation/objtool.txt.
3534 */
3535 static int validate_branch(struct objtool_file *file, struct symbol *func,
3536 struct instruction *insn, struct insn_state state)
3537 {
3538 struct alternative *alt;
3539 struct instruction *next_insn, *prev_insn = NULL;
3540 struct section *sec;
3541 u8 visited;
3542 int ret;
3543
3544 sec = insn->sec;
3545
3546 while (1) {
3547 next_insn = next_insn_to_validate(file, insn);
3548
3549 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) {
3550 /* Ignore KCFI type preambles, which always fall through */
3551 if (!strncmp(func->name, "__cfi_", 6) ||
3552 !strncmp(func->name, "__pfx_", 6))
3553 return 0;
3554
3555 WARN("%s() falls through to next function %s()",
3556 func->name, insn_func(insn)->name);
3557 return 1;
3558 }
3559
3560 if (func && insn->ignore) {
3561 WARN_INSN(insn, "BUG: why am I validating an ignored function?");
3562 return 1;
3563 }
3564
3565 visited = VISITED_BRANCH << state.uaccess;
3566 if (insn->visited & VISITED_BRANCH_MASK) {
3567 if (!insn->hint && !insn_cfi_match(insn, &state.cfi))
3568 return 1;
3569
3570 if (insn->visited & visited)
3571 return 0;
3572 } else {
3573 nr_insns_visited++;
3574 }
3575
3576 if (state.noinstr)
3577 state.instr += insn->instr;
3578
3579 if (insn->hint) {
3580 if (insn->restore) {
3581 struct instruction *save_insn, *i;
3582
3583 i = insn;
3584 save_insn = NULL;
3585
3586 sym_for_each_insn_continue_reverse(file, func, i) {
3587 if (i->save) {
3588 save_insn = i;
3589 break;
3590 }
3591 }
3592
3593 if (!save_insn) {
3594 WARN_INSN(insn, "no corresponding CFI save for CFI restore");
3595 return 1;
3596 }
3597
3598 if (!save_insn->visited) {
3599 WARN_INSN(insn, "objtool isn't smart enough to handle this CFI save/restore combo");
3600 return 1;
3601 }
3602
3603 insn->cfi = save_insn->cfi;
3604 nr_cfi_reused++;
3605 }
3606
3607 state.cfi = *insn->cfi;
3608 } else {
3609 /* XXX track if we actually changed state.cfi */
3610
3611 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) {
3612 insn->cfi = prev_insn->cfi;
3613 nr_cfi_reused++;
3614 } else {
3615 insn->cfi = cfi_hash_find_or_add(&state.cfi);
3616 }
3617 }
3618
3619 insn->visited |= visited;
3620
3621 if (propagate_alt_cfi(file, insn))
3622 return 1;
3623
3624 if (!insn->ignore_alts && insn->alts) {
3625 bool skip_orig = false;
3626
3627 for (alt = insn->alts; alt; alt = alt->next) {
3628 if (alt->skip_orig)
3629 skip_orig = true;
3630
3631 ret = validate_branch(file, func, alt->insn, state);
3632 if (ret) {
3633 BT_INSN(insn, "(alt)");
3634 return ret;
3635 }
3636 }
3637
3638 if (skip_orig)
3639 return 0;
3640 }
3641
3642 if (handle_insn_ops(insn, next_insn, &state))
3643 return 1;
3644
3645 switch (insn->type) {
3646
3647 case INSN_RETURN:
3648 return validate_return(func, insn, &state);
3649
3650 case INSN_CALL:
3651 case INSN_CALL_DYNAMIC:
3652 ret = validate_call(file, insn, &state);
3653 if (ret)
3654 return ret;
3655
3656 if (opts.stackval && func && !is_fentry_call(insn) &&
3657 !has_valid_stack_frame(&state)) {
3658 WARN_INSN(insn, "call without frame pointer save/setup");
3659 return 1;
3660 }
3661
3662 if (insn->dead_end)
3663 return 0;
3664
3665 break;
3666
3667 case INSN_JUMP_CONDITIONAL:
3668 case INSN_JUMP_UNCONDITIONAL:
3669 if (is_sibling_call(insn)) {
3670 ret = validate_sibling_call(file, insn, &state);
3671 if (ret)
3672 return ret;
3673
3674 } else if (insn->jump_dest) {
3675 ret = validate_branch(file, func,
3676 insn->jump_dest, state);
3677 if (ret) {
3678 BT_INSN(insn, "(branch)");
3679 return ret;
3680 }
3681 }
3682
3683 if (insn->type == INSN_JUMP_UNCONDITIONAL)
3684 return 0;
3685
3686 break;
3687
3688 case INSN_JUMP_DYNAMIC:
3689 case INSN_JUMP_DYNAMIC_CONDITIONAL:
3690 if (is_sibling_call(insn)) {
3691 ret = validate_sibling_call(file, insn, &state);
3692 if (ret)
3693 return ret;
3694 }
3695
3696 if (insn->type == INSN_JUMP_DYNAMIC)
3697 return 0;
3698
3699 break;
3700
3701 case INSN_CONTEXT_SWITCH:
3702 if (func && (!next_insn || !next_insn->hint)) {
3703 WARN_INSN(insn, "unsupported instruction in callable function");
3704 return 1;
3705 }
3706 return 0;
3707
3708 case INSN_STAC:
3709 if (state.uaccess) {
3710 WARN_INSN(insn, "recursive UACCESS enable");
3711 return 1;
3712 }
3713
3714 state.uaccess = true;
3715 break;
3716
3717 case INSN_CLAC:
3718 if (!state.uaccess && func) {
3719 WARN_INSN(insn, "redundant UACCESS disable");
3720 return 1;
3721 }
3722
3723 if (func_uaccess_safe(func) && !state.uaccess_stack) {
3724 WARN_INSN(insn, "UACCESS-safe disables UACCESS");
3725 return 1;
3726 }
3727
3728 state.uaccess = false;
3729 break;
3730
3731 case INSN_STD:
3732 if (state.df) {
3733 WARN_INSN(insn, "recursive STD");
3734 return 1;
3735 }
3736
3737 state.df = true;
3738 break;
3739
3740 case INSN_CLD:
3741 if (!state.df && func) {
3742 WARN_INSN(insn, "redundant CLD");
3743 return 1;
3744 }
3745
3746 state.df = false;
3747 break;
3748
3749 default:
3750 break;
3751 }
3752
3753 if (insn->dead_end)
3754 return 0;
3755
3756 if (!next_insn) {
3757 if (state.cfi.cfa.base == CFI_UNDEFINED)
3758 return 0;
3759 WARN("%s: unexpected end of section", sec->name);
3760 return 1;
3761 }
3762
3763 prev_insn = insn;
3764 insn = next_insn;
3765 }
3766
3767 return 0;
3768 }
3769
3770 static int validate_unwind_hint(struct objtool_file *file,
3771 struct instruction *insn,
3772 struct insn_state *state)
3773 {
3774 if (insn->hint && !insn->visited && !insn->ignore) {
3775 int ret = validate_branch(file, insn_func(insn), insn, *state);
3776 if (ret)
3777 BT_INSN(insn, "<=== (hint)");
3778 return ret;
3779 }
3780
3781 return 0;
3782 }
3783
3784 static int validate_unwind_hints(struct objtool_file *file, struct section *sec)
3785 {
3786 struct instruction *insn;
3787 struct insn_state state;
3788 int warnings = 0;
3789
3790 if (!file->hints)
3791 return 0;
3792
3793 init_insn_state(file, &state, sec);
3794
3795 if (sec) {
3796 sec_for_each_insn(file, sec, insn)
3797 warnings += validate_unwind_hint(file, insn, &state);
3798 } else {
3799 for_each_insn(file, insn)
3800 warnings += validate_unwind_hint(file, insn, &state);
3801 }
3802
3803 return warnings;
3804 }
3805
3806 /*
3807 * Validate rethunk entry constraint: must untrain RET before the first RET.
3808 *
3809 * Follow every branch (intra-function) and ensure VALIDATE_UNRET_END comes
3810 * before an actual RET instruction.
3811 */
3812 static int validate_unret(struct objtool_file *file, struct instruction *insn)
3813 {
3814 struct instruction *next, *dest;
3815 int ret;
3816
3817 for (;;) {
3818 next = next_insn_to_validate(file, insn);
3819
3820 if (insn->visited & VISITED_UNRET)
3821 return 0;
3822
3823 insn->visited |= VISITED_UNRET;
3824
3825 if (!insn->ignore_alts && insn->alts) {
3826 struct alternative *alt;
3827 bool skip_orig = false;
3828
3829 for (alt = insn->alts; alt; alt = alt->next) {
3830 if (alt->skip_orig)
3831 skip_orig = true;
3832
3833 ret = validate_unret(file, alt->insn);
3834 if (ret) {
3835 BT_INSN(insn, "(alt)");
3836 return ret;
3837 }
3838 }
3839
3840 if (skip_orig)
3841 return 0;
3842 }
3843
3844 switch (insn->type) {
3845
3846 case INSN_CALL_DYNAMIC:
3847 case INSN_JUMP_DYNAMIC:
3848 case INSN_JUMP_DYNAMIC_CONDITIONAL:
3849 WARN_INSN(insn, "early indirect call");
3850 return 1;
3851
3852 case INSN_JUMP_UNCONDITIONAL:
3853 case INSN_JUMP_CONDITIONAL:
3854 if (!is_sibling_call(insn)) {
3855 if (!insn->jump_dest) {
3856 WARN_INSN(insn, "unresolved jump target after linking?!?");
3857 return -1;
3858 }
3859 ret = validate_unret(file, insn->jump_dest);
3860 if (ret) {
3861 BT_INSN(insn, "(branch%s)",
3862 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : "");
3863 return ret;
3864 }
3865
3866 if (insn->type == INSN_JUMP_UNCONDITIONAL)
3867 return 0;
3868
3869 break;
3870 }
3871
3872 /* fallthrough */
3873 case INSN_CALL:
3874 dest = find_insn(file, insn_call_dest(insn)->sec,
3875 insn_call_dest(insn)->offset);
3876 if (!dest) {
3877 WARN("Unresolved function after linking!?: %s",
3878 insn_call_dest(insn)->name);
3879 return -1;
3880 }
3881
3882 ret = validate_unret(file, dest);
3883 if (ret) {
3884 BT_INSN(insn, "(call)");
3885 return ret;
3886 }
3887 /*
3888 * If a call returns without error, it must have seen UNTRAIN_RET.
3889 * Therefore any non-error return is a success.
3890 */
3891 return 0;
3892
3893 case INSN_RETURN:
3894 WARN_INSN(insn, "RET before UNTRAIN");
3895 return 1;
3896
3897 case INSN_NOP:
3898 if (insn->retpoline_safe)
3899 return 0;
3900 break;
3901
3902 default:
3903 break;
3904 }
3905
3906 if (!next) {
3907 WARN_INSN(insn, "teh end!");
3908 return -1;
3909 }
3910 insn = next;
3911 }
3912
3913 return 0;
3914 }
3915
3916 /*
3917 * Validate that all branches starting at VALIDATE_UNRET_BEGIN encounter
3918 * VALIDATE_UNRET_END before RET.
3919 */
3920 static int validate_unrets(struct objtool_file *file)
3921 {
3922 struct instruction *insn;
3923 int ret, warnings = 0;
3924
3925 for_each_insn(file, insn) {
3926 if (!insn->unret)
3927 continue;
3928
3929 ret = validate_unret(file, insn);
3930 if (ret < 0) {
3931 WARN_INSN(insn, "Failed UNRET validation");
3932 return ret;
3933 }
3934 warnings += ret;
3935 }
3936
3937 return warnings;
3938 }
3939
3940 static int validate_retpoline(struct objtool_file *file)
3941 {
3942 struct instruction *insn;
3943 int warnings = 0;
3944
3945 for_each_insn(file, insn) {
3946 if (insn->type != INSN_JUMP_DYNAMIC &&
3947 insn->type != INSN_CALL_DYNAMIC &&
3948 insn->type != INSN_RETURN)
3949 continue;
3950
3951 if (insn->retpoline_safe)
3952 continue;
3953
3954 if (insn->sec->init)
3955 continue;
3956
3957 if (insn->type == INSN_RETURN) {
3958 if (opts.rethunk) {
3959 WARN_INSN(insn, "'naked' return found in RETHUNK build");
3960 } else
3961 continue;
3962 } else {
3963 WARN_INSN(insn, "indirect %s found in RETPOLINE build",
3964 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");
3965 }
3966
3967 warnings++;
3968 }
3969
3970 return warnings;
3971 }
3972
3973 static bool is_kasan_insn(struct instruction *insn)
3974 {
3975 return (insn->type == INSN_CALL &&
3976 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return"));
3977 }
3978
3979 static bool is_ubsan_insn(struct instruction *insn)
3980 {
3981 return (insn->type == INSN_CALL &&
3982 !strcmp(insn_call_dest(insn)->name,
3983 "__ubsan_handle_builtin_unreachable"));
3984 }
3985
3986 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn)
3987 {
3988 int i;
3989 struct instruction *prev_insn;
3990
3991 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP)
3992 return true;
3993
3994 /*
3995 * Ignore alternative replacement instructions. This can happen
3996 * when a whitelisted function uses one of the ALTERNATIVE macros.
3997 */
3998 if (!strcmp(insn->sec->name, ".altinstr_replacement") ||
3999 !strcmp(insn->sec->name, ".altinstr_aux"))
4000 return true;
4001
4002 /*
4003 * Whole archive runs might encounter dead code from weak symbols.
4004 * This is where the linker will have dropped the weak symbol in
4005 * favour of a regular symbol, but leaves the code in place.
4006 *
4007 * In this case we'll find a piece of code (whole function) that is not
4008 * covered by a !section symbol. Ignore them.
4009 */
4010 if (opts.link && !insn_func(insn)) {
4011 int size = find_symbol_hole_containing(insn->sec, insn->offset);
4012 unsigned long end = insn->offset + size;
4013
4014 if (!size) /* not a hole */
4015 return false;
4016
4017 if (size < 0) /* hole until the end */
4018 return true;
4019
4020 sec_for_each_insn_continue(file, insn) {
4021 /*
4022 * If we reach a visited instruction at or before the
4023 * end of the hole, ignore the unreachable.
4024 */
4025 if (insn->visited)
4026 return true;
4027
4028 if (insn->offset >= end)
4029 break;
4030
4031 /*
4032 * If this hole jumps to a .cold function, mark it ignore too.
4033 */
4034 if (insn->jump_dest && insn_func(insn->jump_dest) &&
4035 strstr(insn_func(insn->jump_dest)->name, ".cold")) {
4036 struct instruction *dest = insn->jump_dest;
4037 func_for_each_insn(file, insn_func(dest), dest)
4038 dest->ignore = true;
4039 }
4040 }
4041
4042 return false;
4043 }
4044
4045 if (!insn_func(insn))
4046 return false;
4047
4048 if (insn_func(insn)->static_call_tramp)
4049 return true;
4050
4051 /*
4052 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees
4053 * __builtin_unreachable(). The BUG() macro has an unreachable() after
4054 * the UD2, which causes GCC's undefined trap logic to emit another UD2
4055 * (or occasionally a JMP to UD2).
4056 *
4057 * It may also insert a UD2 after calling a __noreturn function.
4058 */
4059 prev_insn = prev_insn_same_sec(file, insn);
4060 if (prev_insn->dead_end &&
4061 (insn->type == INSN_BUG ||
4062 (insn->type == INSN_JUMP_UNCONDITIONAL &&
4063 insn->jump_dest && insn->jump_dest->type == INSN_BUG)))
4064 return true;
4065
4066 /*
4067 * Check if this (or a subsequent) instruction is related to
4068 * CONFIG_UBSAN or CONFIG_KASAN.
4069 *
4070 * End the search at 5 instructions to avoid going into the weeds.
4071 */
4072 for (i = 0; i < 5; i++) {
4073
4074 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
4075 return true;
4076
4077 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
4078 if (insn->jump_dest &&
4079 insn_func(insn->jump_dest) == insn_func(insn)) {
4080 insn = insn->jump_dest;
4081 continue;
4082 }
4083
4084 break;
4085 }
4086
4087 if (insn->offset + insn->len >= insn_func(insn)->offset + insn_func(insn)->len)
4088 break;
4089
4090 insn = next_insn_same_sec(file, insn);
4091 }
4092
4093 return false;
4094 }
4095
4096 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func)
4097 {
4098 struct instruction *insn, *prev;
4099 struct cfi_state *cfi;
4100
4101 insn = find_insn(file, func->sec, func->offset);
4102 if (!insn)
4103 return -1;
4104
4105 for (prev = prev_insn_same_sec(file, insn);
4106 prev;
4107 prev = prev_insn_same_sec(file, prev)) {
4108 u64 offset;
4109
4110 if (prev->type != INSN_NOP)
4111 return -1;
4112
4113 offset = func->offset - prev->offset;
4114
4115 if (offset > opts.prefix)
4116 return -1;
4117
4118 if (offset < opts.prefix)
4119 continue;
4120
4121 elf_create_prefix_symbol(file->elf, func, opts.prefix);
4122 break;
4123 }
4124
4125 if (!prev)
4126 return -1;
4127
4128 if (!insn->cfi) {
4129 /*
4130 * This can happen if stack validation isn't enabled or the
4131 * function is annotated with STACK_FRAME_NON_STANDARD.
4132 */
4133 return 0;
4134 }
4135
4136 /* Propagate insn->cfi to the prefix code */
4137 cfi = cfi_hash_find_or_add(insn->cfi);
4138 for (; prev != insn; prev = next_insn_same_sec(file, prev))
4139 prev->cfi = cfi;
4140
4141 return 0;
4142 }
4143
4144 static int add_prefix_symbols(struct objtool_file *file)
4145 {
4146 struct section *sec;
4147 struct symbol *func;
4148
4149 for_each_sec(file, sec) {
4150 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
4151 continue;
4152
4153 sec_for_each_sym(sec, func) {
4154 if (func->type != STT_FUNC)
4155 continue;
4156
4157 add_prefix_symbol(file, func);
4158 }
4159 }
4160
4161 return 0;
4162 }
4163
4164 static int validate_symbol(struct objtool_file *file, struct section *sec,
4165 struct symbol *sym, struct insn_state *state)
4166 {
4167 struct instruction *insn;
4168 int ret;
4169
4170 if (!sym->len) {
4171 WARN("%s() is missing an ELF size annotation", sym->name);
4172 return 1;
4173 }
4174
4175 if (sym->pfunc != sym || sym->alias != sym)
4176 return 0;
4177
4178 insn = find_insn(file, sec, sym->offset);
4179 if (!insn || insn->ignore || insn->visited)
4180 return 0;
4181
4182 state->uaccess = sym->uaccess_safe;
4183
4184 ret = validate_branch(file, insn_func(insn), insn, *state);
4185 if (ret)
4186 BT_INSN(insn, "<=== (sym)");
4187 return ret;
4188 }
4189
4190 static int validate_section(struct objtool_file *file, struct section *sec)
4191 {
4192 struct insn_state state;
4193 struct symbol *func;
4194 int warnings = 0;
4195
4196 sec_for_each_sym(sec, func) {
4197 if (func->type != STT_FUNC)
4198 continue;
4199
4200 init_insn_state(file, &state, sec);
4201 set_func_state(&state.cfi);
4202
4203 warnings += validate_symbol(file, sec, func, &state);
4204 }
4205
4206 return warnings;
4207 }
4208
4209 static int validate_noinstr_sections(struct objtool_file *file)
4210 {
4211 struct section *sec;
4212 int warnings = 0;
4213
4214 sec = find_section_by_name(file->elf, ".noinstr.text");
4215 if (sec) {
4216 warnings += validate_section(file, sec);
4217 warnings += validate_unwind_hints(file, sec);
4218 }
4219
4220 sec = find_section_by_name(file->elf, ".entry.text");
4221 if (sec) {
4222 warnings += validate_section(file, sec);
4223 warnings += validate_unwind_hints(file, sec);
4224 }
4225
4226 sec = find_section_by_name(file->elf, ".cpuidle.text");
4227 if (sec) {
4228 warnings += validate_section(file, sec);
4229 warnings += validate_unwind_hints(file, sec);
4230 }
4231
4232 return warnings;
4233 }
4234
4235 static int validate_functions(struct objtool_file *file)
4236 {
4237 struct section *sec;
4238 int warnings = 0;
4239
4240 for_each_sec(file, sec) {
4241 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
4242 continue;
4243
4244 warnings += validate_section(file, sec);
4245 }
4246
4247 return warnings;
4248 }
4249
4250 static void mark_endbr_used(struct instruction *insn)
4251 {
4252 if (!list_empty(&insn->call_node))
4253 list_del_init(&insn->call_node);
4254 }
4255
4256 static bool noendbr_range(struct objtool_file *file, struct instruction *insn)
4257 {
4258 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1);
4259 struct instruction *first;
4260
4261 if (!sym)
4262 return false;
4263
4264 first = find_insn(file, sym->sec, sym->offset);
4265 if (!first)
4266 return false;
4267
4268 if (first->type != INSN_ENDBR && !first->noendbr)
4269 return false;
4270
4271 return insn->offset == sym->offset + sym->len;
4272 }
4273
4274 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn)
4275 {
4276 struct instruction *dest;
4277 struct reloc *reloc;
4278 unsigned long off;
4279 int warnings = 0;
4280
4281 /*
4282 * Looking for function pointer load relocations. Ignore
4283 * direct/indirect branches:
4284 */
4285 switch (insn->type) {
4286 case INSN_CALL:
4287 case INSN_CALL_DYNAMIC:
4288 case INSN_JUMP_CONDITIONAL:
4289 case INSN_JUMP_UNCONDITIONAL:
4290 case INSN_JUMP_DYNAMIC:
4291 case INSN_JUMP_DYNAMIC_CONDITIONAL:
4292 case INSN_RETURN:
4293 case INSN_NOP:
4294 return 0;
4295 default:
4296 break;
4297 }
4298
4299 for (reloc = insn_reloc(file, insn);
4300 reloc;
4301 reloc = find_reloc_by_dest_range(file->elf, insn->sec,
4302 reloc->offset + 1,
4303 (insn->offset + insn->len) - (reloc->offset + 1))) {
4304
4305 /*
4306 * static_call_update() references the trampoline, which
4307 * doesn't have (or need) ENDBR. Skip warning in that case.
4308 */
4309 if (reloc->sym->static_call_tramp)
4310 continue;
4311
4312 off = reloc->sym->offset;
4313 if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32)
4314 off += arch_dest_reloc_offset(reloc->addend);
4315 else
4316 off += reloc->addend;
4317
4318 dest = find_insn(file, reloc->sym->sec, off);
4319 if (!dest)
4320 continue;
4321
4322 if (dest->type == INSN_ENDBR) {
4323 mark_endbr_used(dest);
4324 continue;
4325 }
4326
4327 if (insn_func(dest) && insn_func(dest) == insn_func(insn)) {
4328 /*
4329 * Anything from->to self is either _THIS_IP_ or
4330 * IRET-to-self.
4331 *
4332 * There is no sane way to annotate _THIS_IP_ since the
4333 * compiler treats the relocation as a constant and is
4334 * happy to fold in offsets, skewing any annotation we
4335 * do, leading to vast amounts of false-positives.
4336 *
4337 * There's also compiler generated _THIS_IP_ through
4338 * KCOV and such which we have no hope of annotating.
4339 *
4340 * As such, blanket accept self-references without
4341 * issue.
4342 */
4343 continue;
4344 }
4345
4346 /*
4347 * Accept anything ANNOTATE_NOENDBR.
4348 */
4349 if (dest->noendbr)
4350 continue;
4351
4352 /*
4353 * Accept if this is the instruction after a symbol
4354 * that is (no)endbr -- typical code-range usage.
4355 */
4356 if (noendbr_range(file, dest))
4357 continue;
4358
4359 WARN_INSN(insn, "relocation to !ENDBR: %s", offstr(dest->sec, dest->offset));
4360
4361 warnings++;
4362 }
4363
4364 return warnings;
4365 }
4366
4367 static int validate_ibt_data_reloc(struct objtool_file *file,
4368 struct reloc *reloc)
4369 {
4370 struct instruction *dest;
4371
4372 dest = find_insn(file, reloc->sym->sec,
4373 reloc->sym->offset + reloc->addend);
4374 if (!dest)
4375 return 0;
4376
4377 if (dest->type == INSN_ENDBR) {
4378 mark_endbr_used(dest);
4379 return 0;
4380 }
4381
4382 if (dest->noendbr)
4383 return 0;
4384
4385 WARN_FUNC("data relocation to !ENDBR: %s",
4386 reloc->sec->base, reloc->offset,
4387 offstr(dest->sec, dest->offset));
4388
4389 return 1;
4390 }
4391
4392 /*
4393 * Validate IBT rules and remove used ENDBR instructions from the seal list.
4394 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with
4395 * NOPs) later, in create_ibt_endbr_seal_sections().
4396 */
4397 static int validate_ibt(struct objtool_file *file)
4398 {
4399 struct section *sec;
4400 struct reloc *reloc;
4401 struct instruction *insn;
4402 int warnings = 0;
4403
4404 for_each_insn(file, insn)
4405 warnings += validate_ibt_insn(file, insn);
4406
4407 for_each_sec(file, sec) {
4408
4409 /* Already done by validate_ibt_insn() */
4410 if (sec->sh.sh_flags & SHF_EXECINSTR)
4411 continue;
4412
4413 if (!sec->rsec)
4414 continue;
4415
4416 /*
4417 * These sections can reference text addresses, but not with
4418 * the intent to indirect branch to them.
4419 */
4420 if ((!strncmp(sec->name, ".discard", 8) &&
4421 strcmp(sec->name, ".discard.ibt_endbr_noseal")) ||
4422 !strncmp(sec->name, ".debug", 6) ||
4423 !strcmp(sec->name, ".altinstructions") ||
4424 !strcmp(sec->name, ".ibt_endbr_seal") ||
4425 !strcmp(sec->name, ".orc_unwind_ip") ||
4426 !strcmp(sec->name, ".parainstructions") ||
4427 !strcmp(sec->name, ".retpoline_sites") ||
4428 !strcmp(sec->name, ".smp_locks") ||
4429 !strcmp(sec->name, ".static_call_sites") ||
4430 !strcmp(sec->name, "_error_injection_whitelist") ||
4431 !strcmp(sec->name, "_kprobe_blacklist") ||
4432 !strcmp(sec->name, "__bug_table") ||
4433 !strcmp(sec->name, "__ex_table") ||
4434 !strcmp(sec->name, "__jump_table") ||
4435 !strcmp(sec->name, "__mcount_loc") ||
4436 !strcmp(sec->name, ".kcfi_traps") ||
4437 strstr(sec->name, "__patchable_function_entries"))
4438 continue;
4439
4440 list_for_each_entry(reloc, &sec->rsec->reloc_list, list)
4441 warnings += validate_ibt_data_reloc(file, reloc);
4442 }
4443
4444 return warnings;
4445 }
4446
4447 static int validate_sls(struct objtool_file *file)
4448 {
4449 struct instruction *insn, *next_insn;
4450 int warnings = 0;
4451
4452 for_each_insn(file, insn) {
4453 next_insn = next_insn_same_sec(file, insn);
4454
4455 if (insn->retpoline_safe)
4456 continue;
4457
4458 switch (insn->type) {
4459 case INSN_RETURN:
4460 if (!next_insn || next_insn->type != INSN_TRAP) {
4461 WARN_INSN(insn, "missing int3 after ret");
4462 warnings++;
4463 }
4464
4465 break;
4466 case INSN_JUMP_DYNAMIC:
4467 if (!next_insn || next_insn->type != INSN_TRAP) {
4468 WARN_INSN(insn, "missing int3 after indirect jump");
4469 warnings++;
4470 }
4471 break;
4472 default:
4473 break;
4474 }
4475 }
4476
4477 return warnings;
4478 }
4479
4480 static bool ignore_noreturn_call(struct instruction *insn)
4481 {
4482 struct symbol *call_dest = insn_call_dest(insn);
4483
4484 /*
4485 * FIXME: hack, we need a real noreturn solution
4486 *
4487 * Problem is, exc_double_fault() may or may not return, depending on
4488 * whether CONFIG_X86_ESPFIX64 is set. But objtool has no visibility
4489 * to the kernel config.
4490 *
4491 * Other potential ways to fix it:
4492 *
4493 * - have compiler communicate __noreturn functions somehow
4494 * - remove CONFIG_X86_ESPFIX64
4495 * - read the .config file
4496 * - add a cmdline option
4497 * - create a generic objtool annotation format (vs a bunch of custom
4498 * formats) and annotate it
4499 */
4500 if (!strcmp(call_dest->name, "exc_double_fault")) {
4501 /* prevent further unreachable warnings for the caller */
4502 insn->sym->warned = 1;
4503 return true;
4504 }
4505
4506 return false;
4507 }
4508
4509 static int validate_reachable_instructions(struct objtool_file *file)
4510 {
4511 struct instruction *insn, *prev_insn;
4512 struct symbol *call_dest;
4513 int warnings = 0;
4514
4515 if (file->ignore_unreachables)
4516 return 0;
4517
4518 for_each_insn(file, insn) {
4519 if (insn->visited || ignore_unreachable_insn(file, insn))
4520 continue;
4521
4522 prev_insn = prev_insn_same_sec(file, insn);
4523 if (prev_insn && prev_insn->dead_end) {
4524 call_dest = insn_call_dest(prev_insn);
4525 if (call_dest && !ignore_noreturn_call(prev_insn)) {
4526 WARN_INSN(insn, "%s() is missing a __noreturn annotation",
4527 call_dest->name);
4528 warnings++;
4529 continue;
4530 }
4531 }
4532
4533 WARN_INSN(insn, "unreachable instruction");
4534 warnings++;
4535 }
4536
4537 return warnings;
4538 }
4539
4540 /* 'funcs' is a space-separated list of function names */
4541 static int disas_funcs(const char *funcs)
4542 {
4543 const char *objdump_str, *cross_compile;
4544 int size, ret;
4545 char *cmd;
4546
4547 cross_compile = getenv("CROSS_COMPILE");
4548
4549 objdump_str = "%sobjdump -wdr %s | gawk -M -v _funcs='%s' '"
4550 "BEGIN { split(_funcs, funcs); }"
4551 "/^$/ { func_match = 0; }"
4552 "/<.*>:/ { "
4553 "f = gensub(/.*<(.*)>:/, \"\\\\1\", 1);"
4554 "for (i in funcs) {"
4555 "if (funcs[i] == f) {"
4556 "func_match = 1;"
4557 "base = strtonum(\"0x\" $1);"
4558 "break;"
4559 "}"
4560 "}"
4561 "}"
4562 "{"
4563 "if (func_match) {"
4564 "addr = strtonum(\"0x\" $1);"
4565 "printf(\"%%04x \", addr - base);"
4566 "print;"
4567 "}"
4568 "}' 1>&2";
4569
4570 /* fake snprintf() to calculate the size */
4571 size = snprintf(NULL, 0, objdump_str, cross_compile, objname, funcs) + 1;
4572 if (size <= 0) {
4573 WARN("objdump string size calculation failed");
4574 return -1;
4575 }
4576
4577 cmd = malloc(size);
4578
4579 /* real snprintf() */
4580 snprintf(cmd, size, objdump_str, cross_compile, objname, funcs);
4581 ret = system(cmd);
4582 if (ret) {
4583 WARN("disassembly failed: %d", ret);
4584 return -1;
4585 }
4586
4587 return 0;
4588 }
4589
4590 static int disas_warned_funcs(struct objtool_file *file)
4591 {
4592 struct symbol *sym;
4593 char *funcs = NULL, *tmp;
4594
4595 for_each_sym(file, sym) {
4596 if (sym->warned) {
4597 if (!funcs) {
4598 funcs = malloc(strlen(sym->name) + 1);
4599 strcpy(funcs, sym->name);
4600 } else {
4601 tmp = malloc(strlen(funcs) + strlen(sym->name) + 2);
4602 sprintf(tmp, "%s %s", funcs, sym->name);
4603 free(funcs);
4604 funcs = tmp;
4605 }
4606 }
4607 }
4608
4609 if (funcs)
4610 disas_funcs(funcs);
4611
4612 return 0;
4613 }
4614
4615 int check(struct objtool_file *file)
4616 {
4617 int ret, warnings = 0;
4618
4619 arch_initial_func_cfi_state(&initial_func_cfi);
4620 init_cfi_state(&init_cfi);
4621 init_cfi_state(&func_cfi);
4622 set_func_state(&func_cfi);
4623 init_cfi_state(&force_undefined_cfi);
4624 force_undefined_cfi.force_undefined = true;
4625
4626 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3)))
4627 goto out;
4628
4629 cfi_hash_add(&init_cfi);
4630 cfi_hash_add(&func_cfi);
4631
4632 ret = decode_sections(file);
4633 if (ret < 0)
4634 goto out;
4635
4636 warnings += ret;
4637
4638 if (!nr_insns)
4639 goto out;
4640
4641 if (opts.retpoline) {
4642 ret = validate_retpoline(file);
4643 if (ret < 0)
4644 return ret;
4645 warnings += ret;
4646 }
4647
4648 if (opts.stackval || opts.orc || opts.uaccess) {
4649 ret = validate_functions(file);
4650 if (ret < 0)
4651 goto out;
4652 warnings += ret;
4653
4654 ret = validate_unwind_hints(file, NULL);
4655 if (ret < 0)
4656 goto out;
4657 warnings += ret;
4658
4659 if (!warnings) {
4660 ret = validate_reachable_instructions(file);
4661 if (ret < 0)
4662 goto out;
4663 warnings += ret;
4664 }
4665
4666 } else if (opts.noinstr) {
4667 ret = validate_noinstr_sections(file);
4668 if (ret < 0)
4669 goto out;
4670 warnings += ret;
4671 }
4672
4673 if (opts.unret) {
4674 /*
4675 * Must be after validate_branch() and friends, it plays
4676 * further games with insn->visited.
4677 */
4678 ret = validate_unrets(file);
4679 if (ret < 0)
4680 return ret;
4681 warnings += ret;
4682 }
4683
4684 if (opts.ibt) {
4685 ret = validate_ibt(file);
4686 if (ret < 0)
4687 goto out;
4688 warnings += ret;
4689 }
4690
4691 if (opts.sls) {
4692 ret = validate_sls(file);
4693 if (ret < 0)
4694 goto out;
4695 warnings += ret;
4696 }
4697
4698 if (opts.static_call) {
4699 ret = create_static_call_sections(file);
4700 if (ret < 0)
4701 goto out;
4702 warnings += ret;
4703 }
4704
4705 if (opts.retpoline) {
4706 ret = create_retpoline_sites_sections(file);
4707 if (ret < 0)
4708 goto out;
4709 warnings += ret;
4710 }
4711
4712 if (opts.cfi) {
4713 ret = create_cfi_sections(file);
4714 if (ret < 0)
4715 goto out;
4716 warnings += ret;
4717 }
4718
4719 if (opts.rethunk) {
4720 ret = create_return_sites_sections(file);
4721 if (ret < 0)
4722 goto out;
4723 warnings += ret;
4724
4725 if (opts.hack_skylake) {
4726 ret = create_direct_call_sections(file);
4727 if (ret < 0)
4728 goto out;
4729 warnings += ret;
4730 }
4731 }
4732
4733 if (opts.mcount) {
4734 ret = create_mcount_loc_sections(file);
4735 if (ret < 0)
4736 goto out;
4737 warnings += ret;
4738 }
4739
4740 if (opts.prefix) {
4741 ret = add_prefix_symbols(file);
4742 if (ret < 0)
4743 return ret;
4744 warnings += ret;
4745 }
4746
4747 if (opts.ibt) {
4748 ret = create_ibt_endbr_seal_sections(file);
4749 if (ret < 0)
4750 goto out;
4751 warnings += ret;
4752 }
4753
4754 if (opts.orc && nr_insns) {
4755 ret = orc_create(file);
4756 if (ret < 0)
4757 goto out;
4758 warnings += ret;
4759 }
4760
4761 if (opts.verbose)
4762 disas_warned_funcs(file);
4763
4764 if (opts.stats) {
4765 printf("nr_insns_visited: %ld\n", nr_insns_visited);
4766 printf("nr_cfi: %ld\n", nr_cfi);
4767 printf("nr_cfi_reused: %ld\n", nr_cfi_reused);
4768 printf("nr_cfi_cache: %ld\n", nr_cfi_cache);
4769 }
4770
4771 out:
4772 /*
4773 * For now, don't fail the kernel build on fatal warnings. These
4774 * errors are still fairly common due to the growing matrix of
4775 * supported toolchains and their recent pace of change.
4776 */
4777 return 0;
4778 }
A mirror of Linus' kernel repository