]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - tools/objtool/check.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
x86,smap: Fix smap_{save,restore}() alternatives
[mirror_ubuntu-jammy-kernel.git] / tools / objtool / check.c
CommitLineData
1ccea77e 1// SPDX-License-Identifier: GPL-2.0-or-later
dcc914f4
JP		 2/*
3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
dcc914f4
JP		 4 */
5
6#include <string.h>
7#include <stdlib.h>
8
43a4525f 9#include "builtin.h"
dcc914f4
JP		 10#include "check.h"
11#include "elf.h"
12#include "special.h"
13#include "arch.h"
14#include "warn.h"
15
16#include <linux/hashtable.h>
17#include <linux/kernel.h>
18
e6da9567
JP		 19#define FAKE_JUMP_OFFSET -1
20
87b512de
JP		 21#define C_JUMP_TABLE_SECTION ".rodata..c_jump_table"
22
dcc914f4
JP		 23struct alternative {
24 struct list_head list;
25 struct instruction *insn;
764eef4b 26 bool skip_orig;
dcc914f4
JP		 27};
28
29const char *objname;
a3608f59 30struct cfi_init_state initial_func_cfi;
dcc914f4 31
627fce14
JP		 32struct instruction *find_insn(struct objtool_file *file,
33 struct section *sec, unsigned long offset)
dcc914f4
JP		 34{
35 struct instruction *insn;
36
87ecb582 37 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) {
dcc914f4
JP		 38 if (insn->sec == sec && insn->offset == offset)
39 return insn;
87ecb582 40 }
dcc914f4
JP		 41
42 return NULL;
43}
44
45static struct instruction *next_insn_same_sec(struct objtool_file *file,
46 struct instruction *insn)
47{
48 struct instruction *next = list_next_entry(insn, list);
49
baa41469 50 if (!next || &next->list == &file->insn_list || next->sec != insn->sec)
dcc914f4
JP		 51 return NULL;
52
53 return next;
54}
55
13810435
JP		 56static struct instruction *next_insn_same_func(struct objtool_file *file,
57 struct instruction *insn)
58{
59 struct instruction *next = list_next_entry(insn, list);
60 struct symbol *func = insn->func;
61
62 if (!func)
63 return NULL;
64
65 if (&next->list != &file->insn_list && next->func == func)
66 return next;
67
68 /* Check if we're already in the subfunction: */
69 if (func == func->cfunc)
70 return NULL;
71
72 /* Move to the subfunction: */
73 return find_insn(file, func->cfunc->sec, func->cfunc->offset);
74}
75
f0f70adb 76#define func_for_each_insn(file, func, insn) \
13810435
JP		 77 for (insn = find_insn(file, func->sec, func->offset); \
78 insn; \
79 insn = next_insn_same_func(file, insn))
80
dbf4aeb0
PZ		 81#define sym_for_each_insn(file, sym, insn) \
82 for (insn = find_insn(file, sym->sec, sym->offset); \
dcc914f4 83 insn && &insn->list != &file->insn_list && \
dbf4aeb0
PZ		 84 insn->sec == sym->sec && \
85 insn->offset < sym->offset + sym->len; \
dcc914f4
JP		 86 insn = list_next_entry(insn, list))
87
dbf4aeb0 88#define sym_for_each_insn_continue_reverse(file, sym, insn) \
dcc914f4
JP		 89 for (insn = list_prev_entry(insn, list); \
90 &insn->list != &file->insn_list && \
dbf4aeb0 91 insn->sec == sym->sec && insn->offset >= sym->offset; \
dcc914f4
JP		 92 insn = list_prev_entry(insn, list))
93
94#define sec_for_each_insn_from(file, insn) \
95 for (; insn; insn = next_insn_same_sec(file, insn))
96
baa41469
JP		 97#define sec_for_each_insn_continue(file, insn) \
98 for (insn = next_insn_same_sec(file, insn); insn; \
99 insn = next_insn_same_sec(file, insn))
dcc914f4 100
a2296140
JP		 101static bool is_static_jump(struct instruction *insn)
102{
103 return insn->type == INSN_JUMP_CONDITIONAL ||
104 insn->type == INSN_JUMP_UNCONDITIONAL;
105}
106
0c1ddd33
JP		 107static bool is_sibling_call(struct instruction *insn)
108{
109 /* An indirect jump is either a sibling call or a jump to a table. */
110 if (insn->type == INSN_JUMP_DYNAMIC)
111 return list_empty(&insn->alts);
112
a2296140 113 if (!is_static_jump(insn))
0c1ddd33
JP		 114 return false;
115
116 /* add_jump_destinations() sets insn->call_dest for sibling calls. */
117 return !!insn->call_dest;
118}
119
dcc914f4
JP		 120/*
121 * This checks to see if the given function is a "noreturn" function.
122 *
123 * For global functions which are outside the scope of this object file, we
124 * have to keep a manual list of them.
125 *
126 * For local functions, we have to detect them manually by simply looking for
127 * the lack of a return instruction.
dcc914f4 128 */
8e25c9f8
JP		 129static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
130 int recursion)
dcc914f4
JP		 131{
132 int i;
133 struct instruction *insn;
134 bool empty = true;
135
136 /*
137 * Unfortunately these have to be hard coded because the noreturn
138 * attribute isn't provided in ELF data.
139 */
140 static const char * const global_noreturns[] = {
141 "__stack_chk_fail",
142 "panic",
143 "do_exit",
144 "do_task_dead",
145 "__module_put_and_exit",
146 "complete_and_exit",
dcc914f4
JP		 147 "__reiserfs_panic",
148 "lbug_with_loc",
149 "fortify_panic",
b394d468 150 "usercopy_abort",
684fb246 151 "machine_real_restart",
4fa5ecda 152 "rewind_stack_do_exit",
33adf80f 153 "kunit_try_catch_throw",
dcc914f4
JP		 154 };
155
c9bab22b
JP		 156 if (!func)
157 return false;
158
dcc914f4 159 if (func->bind == STB_WEAK)
8e25c9f8 160 return false;
dcc914f4
JP		 161
162 if (func->bind == STB_GLOBAL)
163 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
164 if (!strcmp(func->name, global_noreturns[i]))
8e25c9f8 165 return true;
dcc914f4 166
13810435 167 if (!func->len)
8e25c9f8 168 return false;
dcc914f4 169
13810435
JP		 170 insn = find_insn(file, func->sec, func->offset);
171 if (!insn->func)
8e25c9f8 172 return false;
13810435 173
f0f70adb 174 func_for_each_insn(file, func, insn) {
dcc914f4
JP		 175 empty = false;
176
177 if (insn->type == INSN_RETURN)
8e25c9f8 178 return false;
dcc914f4
JP		 179 }
180
181 if (empty)
8e25c9f8 182 return false;
dcc914f4
JP		 183
184 /*
185 * A function can have a sibling call instead of a return. In that
186 * case, the function's dead-end status depends on whether the target
187 * of the sibling call returns.
188 */
f0f70adb 189 func_for_each_insn(file, func, insn) {
0c1ddd33 190 if (is_sibling_call(insn)) {
dcc914f4 191 struct instruction *dest = insn->jump_dest;
dcc914f4
JP		 192
193 if (!dest)
194 /* sibling call to another file */
8e25c9f8 195 return false;
dcc914f4 196
0c1ddd33
JP		 197 /* local sibling call */
198 if (recursion == 5) {
199 /*
200 * Infinite recursion: two functions have
201 * sibling calls to each other. This is a very
202 * rare case. It means they aren't dead ends.
203 */
204 return false;
dcc914f4 205 }
dcc914f4 206
0c1ddd33
JP		 207 return __dead_end_function(file, dest->func, recursion+1);
208 }
dcc914f4
JP		 209 }
210
8e25c9f8 211 return true;
dcc914f4
JP		 212}
213
8e25c9f8 214static bool dead_end_function(struct objtool_file *file, struct symbol *func)
dcc914f4
JP		 215{
216 return __dead_end_function(file, func, 0);
217}
218
e7c0219b 219static void init_cfi_state(struct cfi_state *cfi)
baa41469
JP		 220{
221 int i;
222
dd88a0a0 223 for (i = 0; i < CFI_NUM_REGS; i++) {
e7c0219b
PZ		 224 cfi->regs[i].base = CFI_UNDEFINED;
225 cfi->vals[i].base = CFI_UNDEFINED;
dd88a0a0 226 }
e7c0219b
PZ		 227 cfi->cfa.base = CFI_UNDEFINED;
228 cfi->drap_reg = CFI_UNDEFINED;
229 cfi->drap_offset = -1;
230}
231
932f8e98 232static void init_insn_state(struct insn_state *state, struct section *sec)
e7c0219b
PZ		 233{
234 memset(state, 0, sizeof(*state));
235 init_cfi_state(&state->cfi);
932f8e98
PZ		 236
237 /*
238 * We need the full vmlinux for noinstr validation, otherwise we can
239 * not correctly determine insn->call_dest->sec (external symbols do
240 * not have a section).
241 */
242 if (vmlinux && sec)
243 state->noinstr = sec->noinstr;
baa41469
JP		 244}
245
dcc914f4
JP		 246/*
247 * Call the arch-specific instruction decoder for all the instructions and add
248 * them to the global instruction list.
249 */
250static int decode_instructions(struct objtool_file *file)
251{
252 struct section *sec;
253 struct symbol *func;
254 unsigned long offset;
255 struct instruction *insn;
1e11f3fd 256 unsigned long nr_insns = 0;
dcc914f4
JP		 257 int ret;
258
baa41469 259 for_each_sec(file, sec) {
dcc914f4
JP		 260
261 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
262 continue;
263
627fce14
JP		 264 if (strcmp(sec->name, ".altinstr_replacement") &&
265 strcmp(sec->name, ".altinstr_aux") &&
266 strncmp(sec->name, ".discard.", 9))
267 sec->text = true;
268
0cc9ac8d
TG		 269 if (!strcmp(sec->name, ".noinstr.text") ||
270 !strcmp(sec->name, ".entry.text"))
c4a33939
PZ		 271 sec->noinstr = true;
272
dcc914f4
JP		 273 for (offset = 0; offset < sec->len; offset += insn->len) {
274 insn = malloc(sizeof(*insn));
baa41469
JP		 275 if (!insn) {
276 WARN("malloc failed");
277 return -1;
278 }
dcc914f4 279 memset(insn, 0, sizeof(*insn));
dcc914f4 280 INIT_LIST_HEAD(&insn->alts);
65ea47dc 281 INIT_LIST_HEAD(&insn->stack_ops);
e7c0219b 282 init_cfi_state(&insn->cfi);
baa41469 283
dcc914f4
JP		 284 insn->sec = sec;
285 insn->offset = offset;
286
287 ret = arch_decode_instruction(file->elf, sec, offset,
288 sec->len - offset,
289 &insn->len, &insn->type,
baa41469 290 &insn->immediate,
65ea47dc 291 &insn->stack_ops);
dcc914f4 292 if (ret)
b7037983 293 goto err;
dcc914f4 294
87ecb582 295 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset));
dcc914f4 296 list_add_tail(&insn->list, &file->insn_list);
1e11f3fd 297 nr_insns++;
dcc914f4
JP		 298 }
299
300 list_for_each_entry(func, &sec->symbol_list, list) {
e10cd8fe 301 if (func->type != STT_FUNC || func->alias != func)
dcc914f4
JP		 302 continue;
303
304 if (!find_insn(file, sec, func->offset)) {
305 WARN("%s(): can't find starting instruction",
306 func->name);
307 return -1;
308 }
309
dbf4aeb0 310 sym_for_each_insn(file, func, insn)
e10cd8fe 311 insn->func = func;
dcc914f4
JP		 312 }
313 }
314
1e11f3fd
PZ		 315 if (stats)
316 printf("nr_insns: %lu\n", nr_insns);
317
dcc914f4 318 return 0;
b7037983
KB		 319
320err:
321 free(insn);
322 return ret;
dcc914f4
JP		 323}
324
325/*
649ea4d5 326 * Mark "ud2" instructions and manually annotated dead ends.
dcc914f4
JP		 327 */
328static int add_dead_ends(struct objtool_file *file)
329{
330 struct section *sec;
331 struct rela *rela;
332 struct instruction *insn;
333 bool found;
334
649ea4d5
JP		 335 /*
336 * By default, "ud2" is a dead end unless otherwise annotated, because
337 * GCC 7 inserts it for certain divide-by-zero cases.
338 */
339 for_each_insn(file, insn)
340 if (insn->type == INSN_BUG)
341 insn->dead_end = true;
342
343 /*
344 * Check for manually annotated dead ends.
345 */
dcc914f4
JP		 346 sec = find_section_by_name(file->elf, ".rela.discard.unreachable");
347 if (!sec)
649ea4d5 348 goto reachable;
dcc914f4
JP		 349
350 list_for_each_entry(rela, &sec->rela_list, list) {
351 if (rela->sym->type != STT_SECTION) {
352 WARN("unexpected relocation symbol type in %s", sec->name);
353 return -1;
354 }
355 insn = find_insn(file, rela->sym->sec, rela->addend);
356 if (insn)
357 insn = list_prev_entry(insn, list);
358 else if (rela->addend == rela->sym->sec->len) {
359 found = false;
360 list_for_each_entry_reverse(insn, &file->insn_list, list) {
361 if (insn->sec == rela->sym->sec) {
362 found = true;
363 break;
364 }
365 }
366
367 if (!found) {
368 WARN("can't find unreachable insn at %s+0x%x",
369 rela->sym->sec->name, rela->addend);
370 return -1;
371 }
372 } else {
373 WARN("can't find unreachable insn at %s+0x%x",
374 rela->sym->sec->name, rela->addend);
375 return -1;
376 }
377
378 insn->dead_end = true;
379 }
380
649ea4d5
JP		 381reachable:
382 /*
383 * These manually annotated reachable checks are needed for GCC 4.4,
384 * where the Linux unreachable() macro isn't supported. In that case
385 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's
386 * not a dead end.
387 */
388 sec = find_section_by_name(file->elf, ".rela.discard.reachable");
389 if (!sec)
390 return 0;
391
392 list_for_each_entry(rela, &sec->rela_list, list) {
393 if (rela->sym->type != STT_SECTION) {
394 WARN("unexpected relocation symbol type in %s", sec->name);
395 return -1;
396 }
397 insn = find_insn(file, rela->sym->sec, rela->addend);
398 if (insn)
399 insn = list_prev_entry(insn, list);
400 else if (rela->addend == rela->sym->sec->len) {
401 found = false;
402 list_for_each_entry_reverse(insn, &file->insn_list, list) {
403 if (insn->sec == rela->sym->sec) {
404 found = true;
405 break;
406 }
407 }
408
409 if (!found) {
410 WARN("can't find reachable insn at %s+0x%x",
411 rela->sym->sec->name, rela->addend);
412 return -1;
413 }
414 } else {
415 WARN("can't find reachable insn at %s+0x%x",
416 rela->sym->sec->name, rela->addend);
417 return -1;
418 }
419
420 insn->dead_end = false;
421 }
422
dcc914f4
JP		 423 return 0;
424}
425
426/*
427 * Warnings shouldn't be reported for ignored functions.
428 */
429static void add_ignores(struct objtool_file *file)
430{
431 struct instruction *insn;
432 struct section *sec;
433 struct symbol *func;
aaf5c623 434 struct rela *rela;
dcc914f4 435
aaf5c623
PZ		 436 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard");
437 if (!sec)
438 return;
dcc914f4 439
aaf5c623
PZ		 440 list_for_each_entry(rela, &sec->rela_list, list) {
441 switch (rela->sym->type) {
442 case STT_FUNC:
443 func = rela->sym;
444 break;
445
446 case STT_SECTION:
7acfe531
JP		 447 func = find_func_by_offset(rela->sym->sec, rela->addend);
448 if (!func)
dcc914f4 449 continue;
aaf5c623 450 break;
dcc914f4 451
aaf5c623
PZ		 452 default:
453 WARN("unexpected relocation symbol type in %s: %d", sec->name, rela->sym->type);
454 continue;
dcc914f4 455 }
aaf5c623 456
f0f70adb 457 func_for_each_insn(file, func, insn)
aaf5c623 458 insn->ignore = true;
dcc914f4
JP		 459 }
460}
461
ea24213d
PZ		 462/*
463 * This is a whitelist of functions that is allowed to be called with AC set.
464 * The list is meant to be minimal and only contains compiler instrumentation
465 * ABI and a few functions used to implement *_{to,from}_user() functions.
466 *
467 * These functions must not directly change AC, but may PUSHF/POPF.
468 */
469static const char *uaccess_safe_builtin[] = {
470 /* KASAN */
471 "kasan_report",
472 "check_memory_region",
473 /* KASAN out-of-line */
474 "__asan_loadN_noabort",
475 "__asan_load1_noabort",
476 "__asan_load2_noabort",
477 "__asan_load4_noabort",
478 "__asan_load8_noabort",
479 "__asan_load16_noabort",
480 "__asan_storeN_noabort",
481 "__asan_store1_noabort",
482 "__asan_store2_noabort",
483 "__asan_store4_noabort",
484 "__asan_store8_noabort",
485 "__asan_store16_noabort",
486 /* KASAN in-line */
487 "__asan_report_load_n_noabort",
488 "__asan_report_load1_noabort",
489 "__asan_report_load2_noabort",
490 "__asan_report_load4_noabort",
491 "__asan_report_load8_noabort",
492 "__asan_report_load16_noabort",
493 "__asan_report_store_n_noabort",
494 "__asan_report_store1_noabort",
495 "__asan_report_store2_noabort",
496 "__asan_report_store4_noabort",
497 "__asan_report_store8_noabort",
498 "__asan_report_store16_noabort",
499 /* KCOV */
500 "write_comp_data",
501 "__sanitizer_cov_trace_pc",
502 "__sanitizer_cov_trace_const_cmp1",
503 "__sanitizer_cov_trace_const_cmp2",
504 "__sanitizer_cov_trace_const_cmp4",
505 "__sanitizer_cov_trace_const_cmp8",
506 "__sanitizer_cov_trace_cmp1",
507 "__sanitizer_cov_trace_cmp2",
508 "__sanitizer_cov_trace_cmp4",
509 "__sanitizer_cov_trace_cmp8",
36b1c700 510 "__sanitizer_cov_trace_switch",
ea24213d
PZ		 511 /* UBSAN */
512 "ubsan_type_mismatch_common",
513 "__ubsan_handle_type_mismatch",
514 "__ubsan_handle_type_mismatch_v1",
9a50dcaf 515 "__ubsan_handle_shift_out_of_bounds",
ea24213d
PZ		 516 /* misc */
517 "csum_partial_copy_generic",
518 "__memcpy_mcsafe",
a7e47f26 519 "mcsafe_handle_tail",
ea24213d
PZ		 520 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */
521 NULL
522};
523
524static void add_uaccess_safe(struct objtool_file *file)
525{
526 struct symbol *func;
527 const char **name;
528
529 if (!uaccess)
530 return;
531
532 for (name = uaccess_safe_builtin; *name; name++) {
533 func = find_symbol_by_name(file->elf, *name);
534 if (!func)
535 continue;
536
e10cd8fe 537 func->uaccess_safe = true;
dcc914f4
JP		 538 }
539}
540
258c7605
JP		 541/*
542 * FIXME: For now, just ignore any alternatives which add retpolines. This is
543 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline.
544 * But it at least allows objtool to understand the control flow *around* the
545 * retpoline.
546 */
ff05ab23 547static int add_ignore_alternatives(struct objtool_file *file)
258c7605
JP		 548{
549 struct section *sec;
550 struct rela *rela;
551 struct instruction *insn;
552
ff05ab23 553 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts");
258c7605
JP		 554 if (!sec)
555 return 0;
556
557 list_for_each_entry(rela, &sec->rela_list, list) {
558 if (rela->sym->type != STT_SECTION) {
559 WARN("unexpected relocation symbol type in %s", sec->name);
560 return -1;
561 }
562
563 insn = find_insn(file, rela->sym->sec, rela->addend);
564 if (!insn) {
ff05ab23 565 WARN("bad .discard.ignore_alts entry");
258c7605
JP		 566 return -1;
567 }
568
569 insn->ignore_alts = true;
570 }
571
572 return 0;
573}
574
dcc914f4
JP		 575/*
576 * Find the destination instructions for all jumps.
577 */
578static int add_jump_destinations(struct objtool_file *file)
579{
580 struct instruction *insn;
581 struct rela *rela;
582 struct section *dest_sec;
583 unsigned long dest_off;
584
585 for_each_insn(file, insn) {
a2296140 586 if (!is_static_jump(insn))
dcc914f4
JP		 587 continue;
588
e6da9567 589 if (insn->ignore || insn->offset == FAKE_JUMP_OFFSET)
dcc914f4
JP		 590 continue;
591
8b5fa6bc
PZ		 592 rela = find_rela_by_dest_range(file->elf, insn->sec,
593 insn->offset, insn->len);
dcc914f4
JP		 594 if (!rela) {
595 dest_sec = insn->sec;
bfb08f22 596 dest_off = arch_jump_destination(insn);
dcc914f4
JP		 597 } else if (rela->sym->type == STT_SECTION) {
598 dest_sec = rela->sym->sec;
bfb08f22 599 dest_off = arch_dest_rela_offset(rela->addend);
dcc914f4
JP		 600 } else if (rela->sym->sec->idx) {
601 dest_sec = rela->sym->sec;
bfb08f22
RG		 602 dest_off = rela->sym->sym.st_value +
603 arch_dest_rela_offset(rela->addend);
39b73533
JP		 604 } else if (strstr(rela->sym->name, "_indirect_thunk_")) {
605 /*
606 * Retpoline jumps are really dynamic jumps in
607 * disguise, so convert them accordingly.
608 */
b68b9907
JP		 609 if (insn->type == INSN_JUMP_UNCONDITIONAL)
610 insn->type = INSN_JUMP_DYNAMIC;
611 else
612 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL;
613
b5bc2231 614 insn->retpoline_safe = true;
39b73533 615 continue;
dcc914f4 616 } else {
0c1ddd33 617 /* external sibling call */
54262aa2 618 insn->call_dest = rela->sym;
dcc914f4
JP		 619 continue;
620 }
621
622 insn->jump_dest = find_insn(file, dest_sec, dest_off);
623 if (!insn->jump_dest) {
624
625 /*
626 * This is a special case where an alt instruction
627 * jumps past the end of the section. These are
628 * handled later in handle_group_alt().
629 */
630 if (!strcmp(insn->sec->name, ".altinstr_replacement"))
631 continue;
632
633 WARN_FUNC("can't find jump dest instruction at %s+0x%lx",
634 insn->sec, insn->offset, dest_sec->name,
635 dest_off);
636 return -1;
637 }
cd77849a
JP		 638
639 /*
54262aa2 640 * Cross-function jump.
cd77849a
JP		 641 */
642 if (insn->func && insn->jump_dest->func &&
54262aa2
PZ		 643 insn->func != insn->jump_dest->func) {
644
645 /*
646 * For GCC 8+, create parent/child links for any cold
647 * subfunctions. This is _mostly_ redundant with a
648 * similar initialization in read_symbols().
649 *
650 * If a function has aliases, we want the *first* such
651 * function in the symbol table to be the subfunction's
652 * parent. In that case we overwrite the
653 * initialization done in read_symbols().
654 *
655 * However this code can't completely replace the
656 * read_symbols() code because this doesn't detect the
657 * case where the parent function's only reference to a
e7c2bc37 658 * subfunction is through a jump table.
54262aa2
PZ		 659 */
660 if (!strstr(insn->func->name, ".cold.") &&
661 strstr(insn->jump_dest->func->name, ".cold.")) {
662 insn->func->cfunc = insn->jump_dest->func;
663 insn->jump_dest->func->pfunc = insn->func;
664
665 } else if (insn->jump_dest->func->pfunc != insn->func->pfunc &&
666 insn->jump_dest->offset == insn->jump_dest->func->offset) {
667
0c1ddd33 668 /* internal sibling call */
54262aa2 669 insn->call_dest = insn->jump_dest->func;
54262aa2 670 }
cd77849a 671 }
dcc914f4
JP		 672 }
673
674 return 0;
675}
676
677/*
678 * Find the destination instructions for all calls.
679 */
680static int add_call_destinations(struct objtool_file *file)
681{
682 struct instruction *insn;
683 unsigned long dest_off;
684 struct rela *rela;
685
686 for_each_insn(file, insn) {
687 if (insn->type != INSN_CALL)
688 continue;
689
8b5fa6bc
PZ		 690 rela = find_rela_by_dest_range(file->elf, insn->sec,
691 insn->offset, insn->len);
dcc914f4 692 if (!rela) {
bfb08f22 693 dest_off = arch_jump_destination(insn);
7acfe531
JP		 694 insn->call_dest = find_func_by_offset(insn->sec, dest_off);
695 if (!insn->call_dest)
696 insn->call_dest = find_symbol_by_offset(insn->sec, dest_off);
a845c7cf 697
7acfe531
JP		 698 if (insn->ignore)
699 continue;
700
701 if (!insn->call_dest) {
a845c7cf
JP		 702 WARN_FUNC("unsupported intra-function call",
703 insn->sec, insn->offset);
b5bc2231
PZ		 704 if (retpoline)
705 WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE.");
dcc914f4
JP		 706 return -1;
707 }
a845c7cf 708
7acfe531
JP		 709 if (insn->func && insn->call_dest->type != STT_FUNC) {
710 WARN_FUNC("unsupported call to non-function",
711 insn->sec, insn->offset);
712 return -1;
713 }
714
dcc914f4 715 } else if (rela->sym->type == STT_SECTION) {
bfb08f22 716 dest_off = arch_dest_rela_offset(rela->addend);
7acfe531 717 insn->call_dest = find_func_by_offset(rela->sym->sec,
bfb08f22 718 dest_off);
7acfe531 719 if (!insn->call_dest) {
bfb08f22 720 WARN_FUNC("can't find call dest symbol at %s+0x%lx",
dcc914f4
JP		 721 insn->sec, insn->offset,
722 rela->sym->sec->name,
bfb08f22 723 dest_off);
dcc914f4
JP		 724 return -1;
725 }
726 } else
727 insn->call_dest = rela->sym;
728 }
729
730 return 0;
731}
732
733/*
734 * The .alternatives section requires some extra special care, over and above
735 * what other special sections require:
736 *
737 * 1. Because alternatives are patched in-place, we need to insert a fake jump
738 * instruction at the end so that validate_branch() skips all the original
739 * replaced instructions when validating the new instruction path.
740 *
741 * 2. An added wrinkle is that the new instruction length might be zero. In
742 * that case the old instructions are replaced with noops. We simulate that
743 * by creating a fake jump as the only new instruction.
744 *
745 * 3. In some cases, the alternative section includes an instruction which
746 * conditionally jumps to the _end_ of the entry. We have to modify these
747 * jumps' destinations to point back to .text rather than the end of the
748 * entry in .altinstr_replacement.
dcc914f4
JP		 749 */
750static int handle_group_alt(struct objtool_file *file,
751 struct special_alt *special_alt,
752 struct instruction *orig_insn,
753 struct instruction **new_insn)
754{
13fab06d 755 static unsigned int alt_group_next_index = 1;
17bc3391 756 struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump = NULL;
13fab06d 757 unsigned int alt_group = alt_group_next_index++;
dcc914f4
JP		 758 unsigned long dest_off;
759
760 last_orig_insn = NULL;
761 insn = orig_insn;
762 sec_for_each_insn_from(file, insn) {
763 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
764 break;
765
13fab06d 766 insn->alt_group = alt_group;
dcc914f4
JP		 767 last_orig_insn = insn;
768 }
769
17bc3391
JP		 770 if (next_insn_same_sec(file, last_orig_insn)) {
771 fake_jump = malloc(sizeof(*fake_jump));
772 if (!fake_jump) {
773 WARN("malloc failed");
774 return -1;
775 }
776 memset(fake_jump, 0, sizeof(*fake_jump));
777 INIT_LIST_HEAD(&fake_jump->alts);
65ea47dc 778 INIT_LIST_HEAD(&fake_jump->stack_ops);
e7c0219b 779 init_cfi_state(&fake_jump->cfi);
17bc3391
JP		 780
781 fake_jump->sec = special_alt->new_sec;
e6da9567 782 fake_jump->offset = FAKE_JUMP_OFFSET;
17bc3391
JP		 783 fake_jump->type = INSN_JUMP_UNCONDITIONAL;
784 fake_jump->jump_dest = list_next_entry(last_orig_insn, list);
e6da9567 785 fake_jump->func = orig_insn->func;
dcc914f4 786 }
dcc914f4
JP		 787
788 if (!special_alt->new_len) {
17bc3391
JP		 789 if (!fake_jump) {
790 WARN("%s: empty alternative at end of section",
791 special_alt->orig_sec->name);
792 return -1;
793 }
794
dcc914f4
JP		 795 *new_insn = fake_jump;
796 return 0;
797 }
798
799 last_new_insn = NULL;
13fab06d 800 alt_group = alt_group_next_index++;
dcc914f4
JP		 801 insn = *new_insn;
802 sec_for_each_insn_from(file, insn) {
803 if (insn->offset >= special_alt->new_off + special_alt->new_len)
804 break;
805
806 last_new_insn = insn;
807
a845c7cf 808 insn->ignore = orig_insn->ignore_alts;
a4d09dde 809 insn->func = orig_insn->func;
13fab06d 810 insn->alt_group = alt_group;
a845c7cf 811
dc419723
JP		 812 /*
813 * Since alternative replacement code is copy/pasted by the
814 * kernel after applying relocations, generally such code can't
815 * have relative-address relocation references to outside the
816 * .altinstr_replacement section, unless the arch's
817 * alternatives code can adjust the relative offsets
818 * accordingly.
819 *
820 * The x86 alternatives code adjusts the offsets only when it
821 * encounters a branch instruction at the very beginning of the
822 * replacement group.
823 */
824 if ((insn->offset != special_alt->new_off ||
825 (insn->type != INSN_CALL && !is_static_jump(insn))) &&
8b5fa6bc 826 find_rela_by_dest_range(file->elf, insn->sec, insn->offset, insn->len)) {
dc419723
JP		 827
828 WARN_FUNC("unsupported relocation in alternatives section",
829 insn->sec, insn->offset);
830 return -1;
831 }
832
a2296140 833 if (!is_static_jump(insn))
dcc914f4
JP		 834 continue;
835
836 if (!insn->immediate)
837 continue;
838
bfb08f22 839 dest_off = arch_jump_destination(insn);
17bc3391
JP		 840 if (dest_off == special_alt->new_off + special_alt->new_len) {
841 if (!fake_jump) {
842 WARN("%s: alternative jump to end of section",
843 special_alt->orig_sec->name);
844 return -1;
845 }
dcc914f4 846 insn->jump_dest = fake_jump;
17bc3391 847 }
dcc914f4
JP		 848
849 if (!insn->jump_dest) {
850 WARN_FUNC("can't find alternative jump destination",
851 insn->sec, insn->offset);
852 return -1;
853 }
854 }
855
856 if (!last_new_insn) {
857 WARN_FUNC("can't find last new alternative instruction",
858 special_alt->new_sec, special_alt->new_off);
859 return -1;
860 }
861
17bc3391
JP		 862 if (fake_jump)
863 list_add(&fake_jump->list, &last_new_insn->list);
dcc914f4
JP		 864
865 return 0;
866}
867
868/*
869 * A jump table entry can either convert a nop to a jump or a jump to a nop.
870 * If the original instruction is a jump, make the alt entry an effective nop
871 * by just skipping the original instruction.
872 */
873static int handle_jump_alt(struct objtool_file *file,
874 struct special_alt *special_alt,
875 struct instruction *orig_insn,
876 struct instruction **new_insn)
877{
878 if (orig_insn->type == INSN_NOP)
879 return 0;
880
881 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) {
882 WARN_FUNC("unsupported instruction at jump label",
883 orig_insn->sec, orig_insn->offset);
884 return -1;
885 }
886
887 *new_insn = list_next_entry(orig_insn, list);
888 return 0;
889}
890
891/*
892 * Read all the special sections which have alternate instructions which can be
893 * patched in or redirected to at runtime. Each instruction having alternate
894 * instruction(s) has them added to its insn->alts list, which will be
895 * traversed in validate_branch().
896 */
897static int add_special_section_alts(struct objtool_file *file)
898{
899 struct list_head special_alts;
900 struct instruction *orig_insn, *new_insn;
901 struct special_alt *special_alt, *tmp;
902 struct alternative *alt;
903 int ret;
904
905 ret = special_get_alts(file->elf, &special_alts);
906 if (ret)
907 return ret;
908
909 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
dcc914f4
JP		 910
911 orig_insn = find_insn(file, special_alt->orig_sec,
912 special_alt->orig_off);
913 if (!orig_insn) {
914 WARN_FUNC("special: can't find orig instruction",
915 special_alt->orig_sec, special_alt->orig_off);
916 ret = -1;
917 goto out;
918 }
919
920 new_insn = NULL;
921 if (!special_alt->group || special_alt->new_len) {
922 new_insn = find_insn(file, special_alt->new_sec,
923 special_alt->new_off);
924 if (!new_insn) {
925 WARN_FUNC("special: can't find new instruction",
926 special_alt->new_sec,
927 special_alt->new_off);
928 ret = -1;
929 goto out;
930 }
931 }
932
933 if (special_alt->group) {
7170cf47
JT		 934 if (!special_alt->orig_len) {
935 WARN_FUNC("empty alternative entry",
936 orig_insn->sec, orig_insn->offset);
937 continue;
938 }
939
dcc914f4
JP		 940 ret = handle_group_alt(file, special_alt, orig_insn,
941 &new_insn);
942 if (ret)
943 goto out;
944 } else if (special_alt->jump_or_nop) {
945 ret = handle_jump_alt(file, special_alt, orig_insn,
946 &new_insn);
947 if (ret)
948 goto out;
949 }
950
258c7605
JP		 951 alt = malloc(sizeof(*alt));
952 if (!alt) {
953 WARN("malloc failed");
954 ret = -1;
955 goto out;
956 }
957
dcc914f4 958 alt->insn = new_insn;
764eef4b 959 alt->skip_orig = special_alt->skip_orig;
ea24213d 960 orig_insn->ignore_alts |= special_alt->skip_alt;
dcc914f4
JP		 961 list_add_tail(&alt->list, &orig_insn->alts);
962
963 list_del(&special_alt->list);
964 free(special_alt);
965 }
966
967out:
968 return ret;
969}
970
e7c2bc37 971static int add_jump_table(struct objtool_file *file, struct instruction *insn,
bd98c813 972 struct rela *table)
dcc914f4
JP		 973{
974 struct rela *rela = table;
e7c2bc37 975 struct instruction *dest_insn;
dcc914f4 976 struct alternative *alt;
fd35c88b
JP		 977 struct symbol *pfunc = insn->func->pfunc;
978 unsigned int prev_offset = 0;
dcc914f4 979
e7c2bc37
JP		 980 /*
981 * Each @rela is a switch table relocation which points to the target
982 * instruction.
983 */
984 list_for_each_entry_from(rela, &table->sec->rela_list, list) {
bd98c813
JH		 985
986 /* Check for the end of the table: */
987 if (rela != table && rela->jump_table_start)
dcc914f4
JP		 988 break;
989
e7c2bc37 990 /* Make sure the table entries are consecutive: */
fd35c88b
JP		 991 if (prev_offset && rela->offset != prev_offset + 8)
992 break;
993
994 /* Detect function pointers from contiguous objects: */
995 if (rela->sym->sec == pfunc->sec &&
996 rela->addend == pfunc->offset)
997 break;
998
e7c2bc37
JP		 999 dest_insn = find_insn(file, rela->sym->sec, rela->addend);
1000 if (!dest_insn)
dcc914f4
JP		 1001 break;
1002
e7c2bc37 1003 /* Make sure the destination is in the same function: */
e65050b9 1004 if (!dest_insn->func || dest_insn->func->pfunc != pfunc)
13810435 1005 break;
dcc914f4
JP		 1006
1007 alt = malloc(sizeof(*alt));
1008 if (!alt) {
1009 WARN("malloc failed");
1010 return -1;
1011 }
1012
e7c2bc37 1013 alt->insn = dest_insn;
dcc914f4 1014 list_add_tail(&alt->list, &insn->alts);
fd35c88b
JP		 1015 prev_offset = rela->offset;
1016 }
1017
1018 if (!prev_offset) {
1019 WARN_FUNC("can't find switch jump table",
1020 insn->sec, insn->offset);
1021 return -1;
dcc914f4
JP		 1022 }
1023
1024 return 0;
1025}
1026
1027/*
e7c2bc37 1028 * find_jump_table() - Given a dynamic jump, find the switch jump table in
dcc914f4
JP		 1029 * .rodata associated with it.
1030 *
1031 * There are 3 basic patterns:
1032 *
1033 * 1. jmpq *[rodata addr](,%reg,8)
1034 *
1035 * This is the most common case by far. It jumps to an address in a simple
1036 * jump table which is stored in .rodata.
1037 *
1038 * 2. jmpq *[rodata addr](%rip)
1039 *
1040 * This is caused by a rare GCC quirk, currently only seen in three driver
1041 * functions in the kernel, only with certain obscure non-distro configs.
1042 *
1043 * As part of an optimization, GCC makes a copy of an existing switch jump
1044 * table, modifies it, and then hard-codes the jump (albeit with an indirect
1045 * jump) to use a single entry in the table. The rest of the jump table and
1046 * some of its jump targets remain as dead code.
1047 *
1048 * In such a case we can just crudely ignore all unreachable instruction
1049 * warnings for the entire object file. Ideally we would just ignore them
1050 * for the function, but that would require redesigning the code quite a
1051 * bit. And honestly that's just not worth doing: unreachable instruction
1052 * warnings are of questionable value anyway, and this is such a rare issue.
1053 *
1054 * 3. mov [rodata addr],%reg1
1055 * ... some instructions ...
1056 * jmpq *(%reg1,%reg2,8)
1057 *
1058 * This is a fairly uncommon pattern which is new for GCC 6. As of this
1059 * writing, there are 11 occurrences of it in the allmodconfig kernel.
1060 *
99ce7962
PZ		 1061 * As of GCC 7 there are quite a few more of these and the 'in between' code
1062 * is significant. Esp. with KASAN enabled some of the code between the mov
1063 * and jmpq uses .rodata itself, which can confuse things.
1064 *
dcc914f4
JP		 1065 * TODO: Once we have DWARF CFI and smarter instruction decoding logic,
1066 * ensure the same register is used in the mov and jump instructions.
99ce7962
PZ		 1067 *
1068 * NOTE: RETPOLINE made it harder still to decode dynamic jumps.
dcc914f4 1069 */
e7c2bc37 1070static struct rela *find_jump_table(struct objtool_file *file,
dcc914f4
JP		 1071 struct symbol *func,
1072 struct instruction *insn)
1073{
e7c2bc37 1074 struct rela *text_rela, *table_rela;
113d4bc9 1075 struct instruction *dest_insn, *orig_insn = insn;
e7c2bc37 1076 struct section *table_sec;
6f5ec299 1077 unsigned long table_offset;
dcc914f4 1078
99ce7962
PZ		 1079 /*
1080 * Backward search using the @first_jump_src links, these help avoid
1081 * much of the 'in between' code. Which avoids us getting confused by
1082 * it.
1083 */
7dec80cc 1084 for (;
b401efc1 1085 &insn->list != &file->insn_list && insn->func && insn->func->pfunc == func;
99ce7962
PZ		 1086 insn = insn->first_jump_src ?: list_prev_entry(insn, list)) {
1087
7dec80cc 1088 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC)
dcc914f4
JP		 1089 break;
1090
1091 /* allow small jumps within the range */
1092 if (insn->type == INSN_JUMP_UNCONDITIONAL &&
1093 insn->jump_dest &&
1094 (insn->jump_dest->offset <= insn->offset ||
1095 insn->jump_dest->offset > orig_insn->offset))
1096 break;
1097
1098 /* look for a relocation which references .rodata */
8b5fa6bc
PZ		 1099 text_rela = find_rela_by_dest_range(file->elf, insn->sec,
1100 insn->offset, insn->len);
4a60aa05
AX		 1101 if (!text_rela || text_rela->sym->type != STT_SECTION ||
1102 !text_rela->sym->sec->rodata)
dcc914f4
JP		 1103 continue;
1104
6f5ec299 1105 table_offset = text_rela->addend;
e7c2bc37 1106 table_sec = text_rela->sym->sec;
4a60aa05 1107
6f5ec299
JP		 1108 if (text_rela->type == R_X86_64_PC32)
1109 table_offset += 4;
1110
dcc914f4
JP		 1111 /*
1112 * Make sure the .rodata address isn't associated with a
87b512de
JP		 1113 * symbol. GCC jump tables are anonymous data.
1114 *
1115 * Also support C jump tables which are in the same format as
1116 * switch jump tables. For objtool to recognize them, they
1117 * need to be placed in the C_JUMP_TABLE_SECTION section. They
1118 * have symbols associated with them.
dcc914f4 1119 */
e7c2bc37
JP		 1120 if (find_symbol_containing(table_sec, table_offset) &&
1121 strcmp(table_sec->name, C_JUMP_TABLE_SECTION))
1402fd8e
JP		 1122 continue;
1123
113d4bc9
JP		 1124 /*
1125 * Each table entry has a rela associated with it. The rela
1126 * should reference text in the same function as the original
1127 * instruction.
1128 */
8b5fa6bc 1129 table_rela = find_rela_by_dest(file->elf, table_sec, table_offset);
e7c2bc37
JP		 1130 if (!table_rela)
1131 continue;
113d4bc9
JP		 1132 dest_insn = find_insn(file, table_rela->sym->sec, table_rela->addend);
1133 if (!dest_insn || !dest_insn->func || dest_insn->func->pfunc != func)
1134 continue;
7dec80cc 1135
e7c2bc37
JP		 1136 /*
1137 * Use of RIP-relative switch jumps is quite rare, and
1138 * indicates a rare GCC quirk/bug which can leave dead code
1139 * behind.
1140 */
1141 if (text_rela->type == R_X86_64_PC32)
1142 file->ignore_unreachables = true;
1143
1144 return table_rela;
dcc914f4
JP		 1145 }
1146
1147 return NULL;
1148}
1149
bd98c813
JH		 1150/*
1151 * First pass: Mark the head of each jump table so that in the next pass,
1152 * we know when a given jump table ends and the next one starts.
1153 */
1154static void mark_func_jump_tables(struct objtool_file *file,
1155 struct symbol *func)
dcc914f4 1156{
bd98c813
JH		 1157 struct instruction *insn, *last = NULL;
1158 struct rela *rela;
dcc914f4 1159
f0f70adb 1160 func_for_each_insn(file, func, insn) {
99ce7962
PZ		 1161 if (!last)
1162 last = insn;
1163
1164 /*
1165 * Store back-pointers for unconditional forward jumps such
e7c2bc37 1166 * that find_jump_table() can back-track using those and
99ce7962
PZ		 1167 * avoid some potentially confusing code.
1168 */
1169 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest &&
1170 insn->offset > last->offset &&
1171 insn->jump_dest->offset > insn->offset &&
1172 !insn->jump_dest->first_jump_src) {
1173
1174 insn->jump_dest->first_jump_src = insn;
1175 last = insn->jump_dest;
1176 }
1177
dcc914f4
JP		 1178 if (insn->type != INSN_JUMP_DYNAMIC)
1179 continue;
1180
e7c2bc37 1181 rela = find_jump_table(file, func, insn);
bd98c813
JH		 1182 if (rela) {
1183 rela->jump_table_start = true;
1184 insn->jump_table = rela;
dcc914f4 1185 }
dcc914f4 1186 }
bd98c813
JH		 1187}
1188
1189static int add_func_jump_tables(struct objtool_file *file,
1190 struct symbol *func)
1191{
1192 struct instruction *insn;
1193 int ret;
1194
f0f70adb 1195 func_for_each_insn(file, func, insn) {
bd98c813
JH		 1196 if (!insn->jump_table)
1197 continue;
dcc914f4 1198
bd98c813 1199 ret = add_jump_table(file, insn, insn->jump_table);
dcc914f4
JP		 1200 if (ret)
1201 return ret;
1202 }
1203
1204 return 0;
1205}
1206
1207/*
1208 * For some switch statements, gcc generates a jump table in the .rodata
1209 * section which contains a list of addresses within the function to jump to.
1210 * This finds these jump tables and adds them to the insn->alts lists.
1211 */
e7c2bc37 1212static int add_jump_table_alts(struct objtool_file *file)
dcc914f4
JP		 1213{
1214 struct section *sec;
1215 struct symbol *func;
1216 int ret;
1217
4a60aa05 1218 if (!file->rodata)
dcc914f4
JP		 1219 return 0;
1220
baa41469 1221 for_each_sec(file, sec) {
dcc914f4
JP		 1222 list_for_each_entry(func, &sec->symbol_list, list) {
1223 if (func->type != STT_FUNC)
1224 continue;
1225
bd98c813 1226 mark_func_jump_tables(file, func);
e7c2bc37 1227 ret = add_func_jump_tables(file, func);
dcc914f4
JP		 1228 if (ret)
1229 return ret;
1230 }
1231 }
1232
1233 return 0;
1234}
1235
39358a03
JP		 1236static int read_unwind_hints(struct objtool_file *file)
1237{
1238 struct section *sec, *relasec;
1239 struct rela *rela;
1240 struct unwind_hint *hint;
1241 struct instruction *insn;
1242 struct cfi_reg *cfa;
1243 int i;
1244
1245 sec = find_section_by_name(file->elf, ".discard.unwind_hints");
1246 if (!sec)
1247 return 0;
1248
1249 relasec = sec->rela;
1250 if (!relasec) {
1251 WARN("missing .rela.discard.unwind_hints section");
1252 return -1;
1253 }
1254
1255 if (sec->len % sizeof(struct unwind_hint)) {
1256 WARN("struct unwind_hint size mismatch");
1257 return -1;
1258 }
1259
1260 file->hints = true;
1261
1262 for (i = 0; i < sec->len / sizeof(struct unwind_hint); i++) {
1263 hint = (struct unwind_hint *)sec->data->d_buf + i;
1264
8b5fa6bc 1265 rela = find_rela_by_dest(file->elf, sec, i * sizeof(*hint));
39358a03
JP		 1266 if (!rela) {
1267 WARN("can't find rela for unwind_hints[%d]", i);
1268 return -1;
1269 }
1270
1271 insn = find_insn(file, rela->sym->sec, rela->addend);
1272 if (!insn) {
1273 WARN("can't find insn for unwind_hints[%d]", i);
1274 return -1;
1275 }
1276
e7c0219b 1277 cfa = &insn->cfi.cfa;
39358a03 1278
c536ed2f 1279 if (hint->type == UNWIND_HINT_TYPE_RET_OFFSET) {
e25eea89 1280 insn->ret_offset = hint->sp_offset;
39358a03
JP		 1281 continue;
1282 }
1283
1284 insn->hint = true;
1285
1286 switch (hint->sp_reg) {
1287 case ORC_REG_UNDEFINED:
1288 cfa->base = CFI_UNDEFINED;
1289 break;
1290 case ORC_REG_SP:
1291 cfa->base = CFI_SP;
1292 break;
1293 case ORC_REG_BP:
1294 cfa->base = CFI_BP;
1295 break;
1296 case ORC_REG_SP_INDIRECT:
1297 cfa->base = CFI_SP_INDIRECT;
1298 break;
1299 case ORC_REG_R10:
1300 cfa->base = CFI_R10;
1301 break;
1302 case ORC_REG_R13:
1303 cfa->base = CFI_R13;
1304 break;
1305 case ORC_REG_DI:
1306 cfa->base = CFI_DI;
1307 break;
1308 case ORC_REG_DX:
1309 cfa->base = CFI_DX;
1310 break;
1311 default:
1312 WARN_FUNC("unsupported unwind_hint sp base reg %d",
1313 insn->sec, insn->offset, hint->sp_reg);
1314 return -1;
1315 }
1316
1317 cfa->offset = hint->sp_offset;
e7c0219b
PZ		 1318 insn->cfi.type = hint->type;
1319 insn->cfi.end = hint->end;
39358a03
JP		 1320 }
1321
1322 return 0;
1323}
1324
b5bc2231
PZ		 1325static int read_retpoline_hints(struct objtool_file *file)
1326{
63474dc4 1327 struct section *sec;
b5bc2231
PZ		 1328 struct instruction *insn;
1329 struct rela *rela;
b5bc2231 1330
63474dc4 1331 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe");
b5bc2231
PZ		 1332 if (!sec)
1333 return 0;
1334
63474dc4
JP		 1335 list_for_each_entry(rela, &sec->rela_list, list) {
1336 if (rela->sym->type != STT_SECTION) {
1337 WARN("unexpected relocation symbol type in %s", sec->name);
b5bc2231
PZ		 1338 return -1;
1339 }
1340
1341 insn = find_insn(file, rela->sym->sec, rela->addend);
1342 if (!insn) {
63474dc4 1343 WARN("bad .discard.retpoline_safe entry");
b5bc2231
PZ		 1344 return -1;
1345 }
1346
1347 if (insn->type != INSN_JUMP_DYNAMIC &&
1348 insn->type != INSN_CALL_DYNAMIC) {
63474dc4 1349 WARN_FUNC("retpoline_safe hint not an indirect jump/call",
b5bc2231
PZ		 1350 insn->sec, insn->offset);
1351 return -1;
1352 }
1353
1354 insn->retpoline_safe = true;
1355 }
1356
1357 return 0;
1358}
1359
c4a33939
PZ		 1360static int read_instr_hints(struct objtool_file *file)
1361{
1362 struct section *sec;
1363 struct instruction *insn;
1364 struct rela *rela;
1365
1366 sec = find_section_by_name(file->elf, ".rela.discard.instr_end");
1367 if (!sec)
1368 return 0;
1369
1370 list_for_each_entry(rela, &sec->rela_list, list) {
1371 if (rela->sym->type != STT_SECTION) {
1372 WARN("unexpected relocation symbol type in %s", sec->name);
1373 return -1;
1374 }
1375
1376 insn = find_insn(file, rela->sym->sec, rela->addend);
1377 if (!insn) {
1378 WARN("bad .discard.instr_end entry");
1379 return -1;
1380 }
1381
1382 insn->instr--;
1383 }
1384
1385 sec = find_section_by_name(file->elf, ".rela.discard.instr_begin");
1386 if (!sec)
1387 return 0;
1388
1389 list_for_each_entry(rela, &sec->rela_list, list) {
1390 if (rela->sym->type != STT_SECTION) {
1391 WARN("unexpected relocation symbol type in %s", sec->name);
1392 return -1;
1393 }
1394
1395 insn = find_insn(file, rela->sym->sec, rela->addend);
1396 if (!insn) {
1397 WARN("bad .discard.instr_begin entry");
1398 return -1;
1399 }
1400
1401 insn->instr++;
1402 }
1403
1404 return 0;
1405}
1406
4a60aa05
AX		 1407static void mark_rodata(struct objtool_file *file)
1408{
1409 struct section *sec;
1410 bool found = false;
1411
1412 /*
87b512de
JP		 1413 * Search for the following rodata sections, each of which can
1414 * potentially contain jump tables:
1415 *
1416 * - .rodata: can contain GCC switch tables
1417 * - .rodata.<func>: same, if -fdata-sections is being used
1418 * - .rodata..c_jump_table: contains C annotated jump tables
1419 *
1420 * .rodata.str1.* sections are ignored; they don't contain jump tables.
4a60aa05
AX		 1421 */
1422 for_each_sec(file, sec) {
1ee44470
MS		 1423 if (!strncmp(sec->name, ".rodata", 7) &&
1424 !strstr(sec->name, ".str1.")) {
4a60aa05
AX		 1425 sec->rodata = true;
1426 found = true;
1427 }
1428 }
1429
1430 file->rodata = found;
1431}
1432
dcc914f4
JP		 1433static int decode_sections(struct objtool_file *file)
1434{
1435 int ret;
1436
4a60aa05
AX		 1437 mark_rodata(file);
1438
dcc914f4
JP		 1439 ret = decode_instructions(file);
1440 if (ret)
1441 return ret;
1442
1443 ret = add_dead_ends(file);
1444 if (ret)
1445 return ret;
1446
1447 add_ignores(file);
ea24213d 1448 add_uaccess_safe(file);
dcc914f4 1449
ff05ab23 1450 ret = add_ignore_alternatives(file);
258c7605
JP		 1451 if (ret)
1452 return ret;
1453
dcc914f4
JP		 1454 ret = add_jump_destinations(file);
1455 if (ret)
1456 return ret;
1457
a845c7cf 1458 ret = add_special_section_alts(file);
dcc914f4
JP		 1459 if (ret)
1460 return ret;
1461
a845c7cf 1462 ret = add_call_destinations(file);
dcc914f4
JP		 1463 if (ret)
1464 return ret;
1465
e7c2bc37 1466 ret = add_jump_table_alts(file);
dcc914f4
JP		 1467 if (ret)
1468 return ret;
1469
39358a03
JP		 1470 ret = read_unwind_hints(file);
1471 if (ret)
1472 return ret;
1473
b5bc2231
PZ		 1474 ret = read_retpoline_hints(file);
1475 if (ret)
1476 return ret;
1477
c4a33939
PZ		 1478 ret = read_instr_hints(file);
1479 if (ret)
1480 return ret;
1481
dcc914f4
JP		 1482 return 0;
1483}
1484
1485static bool is_fentry_call(struct instruction *insn)
1486{
1487 if (insn->type == INSN_CALL &&
1488 insn->call_dest->type == STT_NOTYPE &&
1489 !strcmp(insn->call_dest->name, "__fentry__"))
1490 return true;
1491
1492 return false;
1493}
1494
e25eea89 1495static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state)
dcc914f4 1496{
e25eea89 1497 u8 ret_offset = insn->ret_offset;
e7c0219b 1498 struct cfi_state *cfi = &state->cfi;
baa41469
JP		 1499 int i;
1500
e7c0219b 1501 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap)
e25eea89
PZ		 1502 return true;
1503
e7c0219b 1504 if (cfi->cfa.offset != initial_func_cfi.cfa.offset + ret_offset)
baa41469
JP		 1505 return true;
1506
e7c0219b 1507 if (cfi->stack_size != initial_func_cfi.cfa.offset + ret_offset)
e25eea89
PZ		 1508 return true;
1509
1510 for (i = 0; i < CFI_NUM_REGS; i++) {
e7c0219b
PZ		 1511 if (cfi->regs[i].base != initial_func_cfi.regs[i].base ||
1512 cfi->regs[i].offset != initial_func_cfi.regs[i].offset)
baa41469 1513 return true;
e25eea89 1514 }
baa41469
JP		 1515
1516 return false;
1517}
1518
1519static bool has_valid_stack_frame(struct insn_state *state)
1520{
e7c0219b
PZ		 1521 struct cfi_state *cfi = &state->cfi;
1522
1523 if (cfi->cfa.base == CFI_BP && cfi->regs[CFI_BP].base == CFI_CFA &&
1524 cfi->regs[CFI_BP].offset == -16)
baa41469
JP		 1525 return true;
1526
e7c0219b 1527 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP)
baa41469
JP		 1528 return true;
1529
1530 return false;
dcc914f4
JP		 1531}
1532
e7c0219b
PZ		 1533static int update_cfi_state_regs(struct instruction *insn,
1534 struct cfi_state *cfi,
65ea47dc 1535 struct stack_op *op)
627fce14 1536{
e7c0219b 1537 struct cfi_reg *cfa = &cfi->cfa;
627fce14
JP		 1538
1539 if (cfa->base != CFI_SP)
1540 return 0;
1541
1542 /* push */
ea24213d 1543 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF)
627fce14
JP		 1544 cfa->offset += 8;
1545
1546 /* pop */
ea24213d 1547 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF)
627fce14
JP		 1548 cfa->offset -= 8;
1549
1550 /* add immediate to sp */
1551 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD &&
1552 op->dest.reg == CFI_SP && op->src.reg == CFI_SP)
1553 cfa->offset -= op->src.offset;
1554
1555 return 0;
1556}
1557
e7c0219b 1558static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset)
dcc914f4 1559{
bf4d1a83 1560 if (arch_callee_saved_reg(reg) &&
e7c0219b
PZ		 1561 cfi->regs[reg].base == CFI_UNDEFINED) {
1562 cfi->regs[reg].base = base;
1563 cfi->regs[reg].offset = offset;
baa41469 1564 }
dcc914f4
JP		 1565}
1566
e7c0219b 1567static void restore_reg(struct cfi_state *cfi, unsigned char reg)
dcc914f4 1568{
e7c0219b
PZ		 1569 cfi->regs[reg].base = initial_func_cfi.regs[reg].base;
1570 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset;
baa41469
JP		 1571}
1572
1573/*
1574 * A note about DRAP stack alignment:
1575 *
1576 * GCC has the concept of a DRAP register, which is used to help keep track of
1577 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP
1578 * register. The typical DRAP pattern is:
1579 *
1580 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10
1581 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
1582 * 41 ff 72 f8 pushq -0x8(%r10)
1583 * 55 push %rbp
1584 * 48 89 e5 mov %rsp,%rbp
1585 * (more pushes)
1586 * 41 52 push %r10
1587 * ...
1588 * 41 5a pop %r10
1589 * (more pops)
1590 * 5d pop %rbp
1591 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1592 * c3 retq
1593 *
1594 * There are some variations in the epilogues, like:
1595 *
1596 * 5b pop %rbx
1597 * 41 5a pop %r10
1598 * 41 5c pop %r12
1599 * 41 5d pop %r13
1600 * 41 5e pop %r14
1601 * c9 leaveq
1602 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1603 * c3 retq
1604 *
1605 * and:
1606 *
1607 * 4c 8b 55 e8 mov -0x18(%rbp),%r10
1608 * 48 8b 5d e0 mov -0x20(%rbp),%rbx
1609 * 4c 8b 65 f0 mov -0x10(%rbp),%r12
1610 * 4c 8b 6d f8 mov -0x8(%rbp),%r13
1611 * c9 leaveq
1612 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1613 * c3 retq
1614 *
1615 * Sometimes r13 is used as the DRAP register, in which case it's saved and
1616 * restored beforehand:
1617 *
1618 * 41 55 push %r13
1619 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13
1620 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
1621 * ...
1622 * 49 8d 65 f0 lea -0x10(%r13),%rsp
1623 * 41 5d pop %r13
1624 * c3 retq
1625 */
e7c0219b 1626static int update_cfi_state(struct instruction *insn, struct cfi_state *cfi,
65ea47dc 1627 struct stack_op *op)
baa41469 1628{
e7c0219b
PZ		 1629 struct cfi_reg *cfa = &cfi->cfa;
1630 struct cfi_reg *regs = cfi->regs;
baa41469
JP		 1631
1632 /* stack operations don't make sense with an undefined CFA */
1633 if (cfa->base == CFI_UNDEFINED) {
1634 if (insn->func) {
1635 WARN_FUNC("undefined stack state", insn->sec, insn->offset);
1636 return -1;
1637 }
1638 return 0;
1639 }
1640
e7c0219b
PZ		 1641 if (cfi->type == ORC_TYPE_REGS || cfi->type == ORC_TYPE_REGS_IRET)
1642 return update_cfi_state_regs(insn, cfi, op);
627fce14 1643
baa41469
JP		 1644 switch (op->dest.type) {
1645
1646 case OP_DEST_REG:
1647 switch (op->src.type) {
1648
1649 case OP_SRC_REG:
0d0970ee
JP		 1650 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP &&
1651 cfa->base == CFI_SP &&
1652 regs[CFI_BP].base == CFI_CFA &&
1653 regs[CFI_BP].offset == -cfa->offset) {
1654
1655 /* mov %rsp, %rbp */
1656 cfa->base = op->dest.reg;
e7c0219b 1657 cfi->bp_scratch = false;
0d0970ee 1658 }
dd88a0a0 1659
0d0970ee 1660 else if (op->src.reg == CFI_SP &&
e7c0219b 1661 op->dest.reg == CFI_BP && cfi->drap) {
dd88a0a0 1662
0d0970ee
JP		 1663 /* drap: mov %rsp, %rbp */
1664 regs[CFI_BP].base = CFI_BP;
e7c0219b
PZ		 1665 regs[CFI_BP].offset = -cfi->stack_size;
1666 cfi->bp_scratch = false;
0d0970ee 1667 }
dd88a0a0 1668
0d0970ee
JP		 1669 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
1670
1671 /*
1672 * mov %rsp, %reg
1673 *
1674 * This is needed for the rare case where GCC
1675 * does:
1676 *
1677 * mov %rsp, %rax
1678 * ...
1679 * mov %rax, %rsp
1680 */
e7c0219b
PZ		 1681 cfi->vals[op->dest.reg].base = CFI_CFA;
1682 cfi->vals[op->dest.reg].offset = -cfi->stack_size;
dd88a0a0
JP		 1683 }
1684
3c1f0583
JP		 1685 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP &&
1686 cfa->base == CFI_BP) {
1687
1688 /*
1689 * mov %rbp, %rsp
1690 *
1691 * Restore the original stack pointer (Clang).
1692 */
e7c0219b 1693 cfi->stack_size = -cfi->regs[CFI_BP].offset;
3c1f0583
JP		 1694 }
1695
dd88a0a0
JP		 1696 else if (op->dest.reg == cfa->base) {
1697
1698 /* mov %reg, %rsp */
1699 if (cfa->base == CFI_SP &&
e7c0219b 1700 cfi->vals[op->src.reg].base == CFI_CFA) {
dd88a0a0
JP		 1701
1702 /*
1703 * This is needed for the rare case
1704 * where GCC does something dumb like:
1705 *
1706 * lea 0x8(%rsp), %rcx
1707 * ...
1708 * mov %rcx, %rsp
1709 */
e7c0219b
PZ		 1710 cfa->offset = -cfi->vals[op->src.reg].offset;
1711 cfi->stack_size = cfa->offset;
dd88a0a0
JP		 1712
1713 } else {
1714 cfa->base = CFI_UNDEFINED;
1715 cfa->offset = 0;
1716 }
baa41469
JP		 1717 }
1718
1719 break;
1720
1721 case OP_SRC_ADD:
1722 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) {
1723
1724 /* add imm, %rsp */
e7c0219b 1725 cfi->stack_size -= op->src.offset;
baa41469
JP		 1726 if (cfa->base == CFI_SP)
1727 cfa->offset -= op->src.offset;
1728 break;
1729 }
1730
1731 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) {
1732
1733 /* lea disp(%rbp), %rsp */
e7c0219b 1734 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset);
baa41469
JP		 1735 break;
1736 }
1737
dd88a0a0 1738 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
baa41469
JP		 1739
1740 /* drap: lea disp(%rsp), %drap */
e7c0219b 1741 cfi->drap_reg = op->dest.reg;
dd88a0a0
JP		 1742
1743 /*
1744 * lea disp(%rsp), %reg
1745 *
1746 * This is needed for the rare case where GCC
1747 * does something dumb like:
1748 *
1749 * lea 0x8(%rsp), %rcx
1750 * ...
1751 * mov %rcx, %rsp
1752 */
e7c0219b
PZ		 1753 cfi->vals[op->dest.reg].base = CFI_CFA;
1754 cfi->vals[op->dest.reg].offset = \
1755 -cfi->stack_size + op->src.offset;
dd88a0a0 1756
baa41469
JP		 1757 break;
1758 }
1759
e7c0219b
PZ		 1760 if (cfi->drap && op->dest.reg == CFI_SP &&
1761 op->src.reg == cfi->drap_reg) {
baa41469
JP		 1762
1763 /* drap: lea disp(%drap), %rsp */
1764 cfa->base = CFI_SP;
e7c0219b
PZ		 1765 cfa->offset = cfi->stack_size = -op->src.offset;
1766 cfi->drap_reg = CFI_UNDEFINED;
1767 cfi->drap = false;
baa41469
JP		 1768 break;
1769 }
1770
e7c0219b 1771 if (op->dest.reg == cfi->cfa.base) {
baa41469
JP		 1772 WARN_FUNC("unsupported stack register modification",
1773 insn->sec, insn->offset);
1774 return -1;
1775 }
1776
1777 break;
1778
1779 case OP_SRC_AND:
1780 if (op->dest.reg != CFI_SP ||
e7c0219b
PZ		 1781 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) ||
1782 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) {
baa41469
JP		 1783 WARN_FUNC("unsupported stack pointer realignment",
1784 insn->sec, insn->offset);
1785 return -1;
1786 }
1787
e7c0219b 1788 if (cfi->drap_reg != CFI_UNDEFINED) {
baa41469 1789 /* drap: and imm, %rsp */
e7c0219b
PZ		 1790 cfa->base = cfi->drap_reg;
1791 cfa->offset = cfi->stack_size = 0;
1792 cfi->drap = true;
baa41469
JP		 1793 }
1794
1795 /*
1796 * Older versions of GCC (4.8ish) realign the stack
1797 * without DRAP, with a frame pointer.
1798 */
1799
1800 break;
1801
1802 case OP_SRC_POP:
ea24213d 1803 case OP_SRC_POPF:
e7c0219b 1804 if (!cfi->drap && op->dest.reg == cfa->base) {
baa41469
JP		 1805
1806 /* pop %rbp */
1807 cfa->base = CFI_SP;
1808 }
1809
e7c0219b
PZ		 1810 if (cfi->drap && cfa->base == CFI_BP_INDIRECT &&
1811 op->dest.reg == cfi->drap_reg &&
1812 cfi->drap_offset == -cfi->stack_size) {
baa41469 1813
bf4d1a83 1814 /* drap: pop %drap */
e7c0219b 1815 cfa->base = cfi->drap_reg;
bf4d1a83 1816 cfa->offset = 0;
e7c0219b 1817 cfi->drap_offset = -1;
baa41469 1818
e7c0219b 1819 } else if (regs[op->dest.reg].offset == -cfi->stack_size) {
baa41469 1820
bf4d1a83 1821 /* pop %reg */
e7c0219b 1822 restore_reg(cfi, op->dest.reg);
baa41469
JP		 1823 }
1824
e7c0219b 1825 cfi->stack_size -= 8;
baa41469
JP		 1826 if (cfa->base == CFI_SP)
1827 cfa->offset -= 8;
1828
1829 break;
1830
1831 case OP_SRC_REG_INDIRECT:
e7c0219b
PZ		 1832 if (cfi->drap && op->src.reg == CFI_BP &&
1833 op->src.offset == cfi->drap_offset) {
bf4d1a83
JP		 1834
1835 /* drap: mov disp(%rbp), %drap */
e7c0219b 1836 cfa->base = cfi->drap_reg;
bf4d1a83 1837 cfa->offset = 0;
e7c0219b 1838 cfi->drap_offset = -1;
bf4d1a83
JP		 1839 }
1840
e7c0219b 1841 if (cfi->drap && op->src.reg == CFI_BP &&
baa41469
JP		 1842 op->src.offset == regs[op->dest.reg].offset) {
1843
1844 /* drap: mov disp(%rbp), %reg */
e7c0219b 1845 restore_reg(cfi, op->dest.reg);
baa41469
JP		 1846
1847 } else if (op->src.reg == cfa->base &&
1848 op->src.offset == regs[op->dest.reg].offset + cfa->offset) {
1849
1850 /* mov disp(%rbp), %reg */
1851 /* mov disp(%rsp), %reg */
e7c0219b 1852 restore_reg(cfi, op->dest.reg);
baa41469
JP		 1853 }
1854
1855 break;
1856
1857 default:
1858 WARN_FUNC("unknown stack-related instruction",
1859 insn->sec, insn->offset);
1860 return -1;
1861 }
1862
1863 break;
1864
1865 case OP_DEST_PUSH:
ea24213d 1866 case OP_DEST_PUSHF:
e7c0219b 1867 cfi->stack_size += 8;
baa41469
JP		 1868 if (cfa->base == CFI_SP)
1869 cfa->offset += 8;
1870
1871 if (op->src.type != OP_SRC_REG)
1872 break;
1873
e7c0219b
PZ		 1874 if (cfi->drap) {
1875 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
baa41469
JP		 1876
1877 /* drap: push %drap */
1878 cfa->base = CFI_BP_INDIRECT;
e7c0219b 1879 cfa->offset = -cfi->stack_size;
baa41469 1880
bf4d1a83 1881 /* save drap so we know when to restore it */
e7c0219b 1882 cfi->drap_offset = -cfi->stack_size;
baa41469 1883
e7c0219b 1884 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) {
baa41469
JP		 1885
1886 /* drap: push %rbp */
e7c0219b 1887 cfi->stack_size = 0;
baa41469
JP		 1888
1889 } else if (regs[op->src.reg].base == CFI_UNDEFINED) {
1890
1891 /* drap: push %reg */
e7c0219b 1892 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size);
baa41469
JP		 1893 }
1894
1895 } else {
1896
1897 /* push %reg */
e7c0219b 1898 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size);
baa41469
JP		 1899 }
1900
1901 /* detect when asm code uses rbp as a scratch register */
867ac9d7 1902 if (!no_fp && insn->func && op->src.reg == CFI_BP &&
baa41469 1903 cfa->base != CFI_BP)
e7c0219b 1904 cfi->bp_scratch = true;
baa41469
JP		 1905 break;
1906
1907 case OP_DEST_REG_INDIRECT:
1908
e7c0219b
PZ		 1909 if (cfi->drap) {
1910 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
baa41469
JP		 1911
1912 /* drap: mov %drap, disp(%rbp) */
1913 cfa->base = CFI_BP_INDIRECT;
1914 cfa->offset = op->dest.offset;
1915
bf4d1a83 1916 /* save drap offset so we know when to restore it */
e7c0219b 1917 cfi->drap_offset = op->dest.offset;
baa41469
JP		 1918 }
1919
1920 else if (regs[op->src.reg].base == CFI_UNDEFINED) {
1921
1922 /* drap: mov reg, disp(%rbp) */
e7c0219b 1923 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset);
baa41469
JP		 1924 }
1925
1926 } else if (op->dest.reg == cfa->base) {
1927
1928 /* mov reg, disp(%rbp) */
1929 /* mov reg, disp(%rsp) */
e7c0219b
PZ		 1930 save_reg(cfi, op->src.reg, CFI_CFA,
1931 op->dest.offset - cfi->cfa.offset);
baa41469
JP		 1932 }
1933
1934 break;
1935
1936 case OP_DEST_LEAVE:
e7c0219b
PZ		 1937 if ((!cfi->drap && cfa->base != CFI_BP) ||
1938 (cfi->drap && cfa->base != cfi->drap_reg)) {
baa41469
JP		 1939 WARN_FUNC("leave instruction with modified stack frame",
1940 insn->sec, insn->offset);
1941 return -1;
1942 }
1943
1944 /* leave (mov %rbp, %rsp; pop %rbp) */
1945
e7c0219b
PZ		 1946 cfi->stack_size = -cfi->regs[CFI_BP].offset - 8;
1947 restore_reg(cfi, CFI_BP);
baa41469 1948
e7c0219b 1949 if (!cfi->drap) {
baa41469
JP		 1950 cfa->base = CFI_SP;
1951 cfa->offset -= 8;
1952 }
1953
1954 break;
1955
1956 case OP_DEST_MEM:
ea24213d 1957 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) {
baa41469
JP		 1958 WARN_FUNC("unknown stack-related memory operation",
1959 insn->sec, insn->offset);
1960 return -1;
1961 }
1962
1963 /* pop mem */
e7c0219b 1964 cfi->stack_size -= 8;
baa41469
JP		 1965 if (cfa->base == CFI_SP)
1966 cfa->offset -= 8;
1967
1968 break;
1969
1970 default:
1971 WARN_FUNC("unknown stack-related instruction",
1972 insn->sec, insn->offset);
1973 return -1;
1974 }
1975
1976 return 0;
1977}
1978
65ea47dc
JT		 1979static int handle_insn_ops(struct instruction *insn, struct insn_state *state)
1980{
1981 struct stack_op *op;
1982
1983 list_for_each_entry(op, &insn->stack_ops, list) {
1984 int res;
1985
7117f16b
PZ		 1986 if (insn->alt_group) {
1987 WARN_FUNC("alternative modifies stack", insn->sec, insn->offset);
1988 return -1;
1989 }
1990
e7c0219b 1991 res = update_cfi_state(insn, &state->cfi, op);
65ea47dc
JT		 1992 if (res)
1993 return res;
1994
1995 if (op->dest.type == OP_DEST_PUSHF) {
1996 if (!state->uaccess_stack) {
1997 state->uaccess_stack = 1;
1998 } else if (state->uaccess_stack >> 31) {
1999 WARN_FUNC("PUSHF stack exhausted",
2000 insn->sec, insn->offset);
2001 return 1;
2002 }
2003 state->uaccess_stack <<= 1;
2004 state->uaccess_stack |= state->uaccess;
2005 }
2006
2007 if (op->src.type == OP_SRC_POPF) {
2008 if (state->uaccess_stack) {
2009 state->uaccess = state->uaccess_stack & 1;
2010 state->uaccess_stack >>= 1;
2011 if (state->uaccess_stack == 1)
2012 state->uaccess_stack = 0;
2013 }
2014 }
2015 }
2016
2017 return 0;
2018}
2019
e7c0219b 2020static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2)
baa41469 2021{
e7c0219b 2022 struct cfi_state *cfi1 = &insn->cfi;
baa41469
JP		 2023 int i;
2024
e7c0219b
PZ		 2025 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) {
2026
baa41469
JP		 2027 WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d",
2028 insn->sec, insn->offset,
e7c0219b
PZ		 2029 cfi1->cfa.base, cfi1->cfa.offset,
2030 cfi2->cfa.base, cfi2->cfa.offset);
baa41469 2031
e7c0219b 2032 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) {
baa41469 2033 for (i = 0; i < CFI_NUM_REGS; i++) {
e7c0219b 2034 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i],
baa41469
JP		 2035 sizeof(struct cfi_reg)))
2036 continue;
2037
2038 WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d",
2039 insn->sec, insn->offset,
e7c0219b
PZ		 2040 i, cfi1->regs[i].base, cfi1->regs[i].offset,
2041 i, cfi2->regs[i].base, cfi2->regs[i].offset);
baa41469
JP		 2042 break;
2043 }
2044
e7c0219b
PZ		 2045 } else if (cfi1->type != cfi2->type) {
2046
627fce14 2047 WARN_FUNC("stack state mismatch: type1=%d type2=%d",
e7c0219b
PZ		 2048 insn->sec, insn->offset, cfi1->type, cfi2->type);
2049
2050 } else if (cfi1->drap != cfi2->drap ||
2051 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) ||
2052 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) {
627fce14 2053
bf4d1a83 2054 WARN_FUNC("stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)",
baa41469 2055 insn->sec, insn->offset,
e7c0219b
PZ		 2056 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset,
2057 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset);
baa41469
JP		 2058
2059 } else
2060 return true;
2061
2062 return false;
dcc914f4
JP		 2063}
2064
ea24213d
PZ		 2065static inline bool func_uaccess_safe(struct symbol *func)
2066{
2067 if (func)
e10cd8fe 2068 return func->uaccess_safe;
ea24213d
PZ		 2069
2070 return false;
2071}
2072
0c1ddd33 2073static inline const char *call_dest_name(struct instruction *insn)
ea24213d
PZ		 2074{
2075 if (insn->call_dest)
2076 return insn->call_dest->name;
2077
2078 return "{dynamic}";
2079}
2080
2081static int validate_call(struct instruction *insn, struct insn_state *state)
2082{
c4a33939 2083 if (state->noinstr && state->instr <= 0 &&
0cc9ac8d 2084 (!insn->call_dest || !insn->call_dest->sec->noinstr)) {
c4a33939
PZ		 2085 WARN_FUNC("call to %s() leaves .noinstr.text section",
2086 insn->sec, insn->offset, call_dest_name(insn));
2087 return 1;
2088 }
2089
ea24213d
PZ		 2090 if (state->uaccess && !func_uaccess_safe(insn->call_dest)) {
2091 WARN_FUNC("call to %s() with UACCESS enabled",
0c1ddd33 2092 insn->sec, insn->offset, call_dest_name(insn));
ea24213d
PZ		 2093 return 1;
2094 }
2095
2f0f9e9a
PZ		 2096 if (state->df) {
2097 WARN_FUNC("call to %s() with DF set",
0c1ddd33 2098 insn->sec, insn->offset, call_dest_name(insn));
2f0f9e9a
PZ		 2099 return 1;
2100 }
2101
ea24213d
PZ		 2102 return 0;
2103}
2104
54262aa2
PZ		 2105static int validate_sibling_call(struct instruction *insn, struct insn_state *state)
2106{
e25eea89 2107 if (has_modified_stack_frame(insn, state)) {
54262aa2
PZ		 2108 WARN_FUNC("sibling call from callable instruction with modified stack frame",
2109 insn->sec, insn->offset);
2110 return 1;
2111 }
2112
ea24213d 2113 return validate_call(insn, state);
54262aa2
PZ		 2114}
2115
a92e92d1
PZ		 2116static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state)
2117{
c4a33939
PZ		 2118 if (state->noinstr && state->instr > 0) {
2119 WARN_FUNC("return with instrumentation enabled",
2120 insn->sec, insn->offset);
2121 return 1;
2122 }
2123
a92e92d1
PZ		 2124 if (state->uaccess && !func_uaccess_safe(func)) {
2125 WARN_FUNC("return with UACCESS enabled",
2126 insn->sec, insn->offset);
2127 return 1;
2128 }
2129
2130 if (!state->uaccess && func_uaccess_safe(func)) {
2131 WARN_FUNC("return with UACCESS disabled from a UACCESS-safe function",
2132 insn->sec, insn->offset);
2133 return 1;
2134 }
2135
2136 if (state->df) {
2137 WARN_FUNC("return with DF set",
2138 insn->sec, insn->offset);
2139 return 1;
2140 }
2141
e25eea89 2142 if (func && has_modified_stack_frame(insn, state)) {
a92e92d1
PZ		 2143 WARN_FUNC("return with modified stack frame",
2144 insn->sec, insn->offset);
2145 return 1;
2146 }
2147
e7c0219b 2148 if (state->cfi.bp_scratch) {
b2966952
JP		 2149 WARN_FUNC("BP used as a scratch register",
2150 insn->sec, insn->offset);
a92e92d1
PZ		 2151 return 1;
2152 }
2153
2154 return 0;
2155}
2156
7117f16b
PZ		 2157/*
2158 * Alternatives should not contain any ORC entries, this in turn means they
2159 * should not contain any CFI ops, which implies all instructions should have
2160 * the same same CFI state.
2161 *
2162 * It is possible to constuct alternatives that have unreachable holes that go
2163 * unreported (because they're NOPs), such holes would result in CFI_UNDEFINED
2164 * states which then results in ORC entries, which we just said we didn't want.
2165 *
2166 * Avoid them by copying the CFI entry of the first instruction into the whole
2167 * alternative.
2168 */
2169static void fill_alternative_cfi(struct objtool_file *file, struct instruction *insn)
2170{
2171 struct instruction *first_insn = insn;
2172 int alt_group = insn->alt_group;
2173
2174 sec_for_each_insn_continue(file, insn) {
2175 if (insn->alt_group != alt_group)
2176 break;
2177 insn->cfi = first_insn->cfi;
2178 }
2179}
2180
dcc914f4
JP		 2181/*
2182 * Follow the branch starting at the given instruction, and recursively follow
2183 * any other branches (jumps). Meanwhile, track the frame pointer state at
2184 * each instruction and validate all the rules described in
2185 * tools/objtool/Documentation/stack-validation.txt.
2186 */
c705cecc 2187static int validate_branch(struct objtool_file *file, struct symbol *func,
b7460462 2188 struct instruction *insn, struct insn_state state)
dcc914f4
JP		 2189{
2190 struct alternative *alt;
b7460462 2191 struct instruction *next_insn;
dcc914f4 2192 struct section *sec;
882a0db9 2193 u8 visited;
dcc914f4
JP		 2194 int ret;
2195
dcc914f4 2196 sec = insn->sec;
dcc914f4 2197
dcc914f4 2198 while (1) {
39358a03
JP		 2199 next_insn = next_insn_same_sec(file, insn);
2200
13810435 2201 if (file->c_file && func && insn->func && func != insn->func->pfunc) {
ee97638b
JP		 2202 WARN("%s() falls through to next function %s()",
2203 func->name, insn->func->name);
2204 return 1;
dcc914f4
JP		 2205 }
2206
4855022a
JP		 2207 if (func && insn->ignore) {
2208 WARN_FUNC("BUG: why am I validating an ignored function?",
2209 sec, insn->offset);
12b25729 2210 return 1;
4855022a
JP		 2211 }
2212
882a0db9 2213 visited = 1 << state.uaccess;
dcc914f4 2214 if (insn->visited) {
e7c0219b 2215 if (!insn->hint && !insn_cfi_match(insn, &state.cfi))
dcc914f4 2216 return 1;
dcc914f4 2217
882a0db9 2218 if (insn->visited & visited)
ea24213d 2219 return 0;
dcc914f4
JP		 2220 }
2221
c4a33939
PZ		 2222 if (state.noinstr)
2223 state.instr += insn->instr;
2224
c536ed2f 2225 if (insn->hint)
e7c0219b 2226 state.cfi = insn->cfi;
c536ed2f 2227 else
e7c0219b 2228 insn->cfi = state.cfi;
dcc914f4 2229
882a0db9 2230 insn->visited |= visited;
baa41469 2231
7117f16b 2232 if (!insn->ignore_alts && !list_empty(&insn->alts)) {
764eef4b
PZ		 2233 bool skip_orig = false;
2234
a845c7cf 2235 list_for_each_entry(alt, &insn->alts, list) {
764eef4b
PZ		 2236 if (alt->skip_orig)
2237 skip_orig = true;
2238
c705cecc 2239 ret = validate_branch(file, func, alt->insn, state);
7697eee3
PZ		 2240 if (ret) {
2241 if (backtrace)
2242 BT_FUNC("(alt)", insn);
2243 return ret;
2244 }
a845c7cf 2245 }
764eef4b 2246
7117f16b
PZ		 2247 if (insn->alt_group)
2248 fill_alternative_cfi(file, insn);
2249
764eef4b
PZ		 2250 if (skip_orig)
2251 return 0;
dcc914f4
JP		 2252 }
2253
2254 switch (insn->type) {
2255
dcc914f4 2256 case INSN_RETURN:
a92e92d1 2257 return validate_return(func, insn, &state);
dcc914f4
JP		 2258
2259 case INSN_CALL:
ea24213d
PZ		 2260 case INSN_CALL_DYNAMIC:
2261 ret = validate_call(insn, &state);
2262 if (ret)
2263 return ret;
dcc914f4 2264
c9bab22b
JP		 2265 if (!no_fp && func && !is_fentry_call(insn) &&
2266 !has_valid_stack_frame(&state)) {
dcc914f4
JP		 2267 WARN_FUNC("call without frame pointer save/setup",
2268 sec, insn->offset);
2269 return 1;
2270 }
c9bab22b
JP		 2271
2272 if (dead_end_function(file, insn->call_dest))
2273 return 0;
2274
dcc914f4
JP		 2275 break;
2276
2277 case INSN_JUMP_CONDITIONAL:
2278 case INSN_JUMP_UNCONDITIONAL:
0c1ddd33 2279 if (func && is_sibling_call(insn)) {
54262aa2 2280 ret = validate_sibling_call(insn, &state);
dcc914f4 2281 if (ret)
54262aa2 2282 return ret;
4855022a 2283
0c1ddd33 2284 } else if (insn->jump_dest) {
c705cecc
JP		 2285 ret = validate_branch(file, func,
2286 insn->jump_dest, state);
7697eee3
PZ		 2287 if (ret) {
2288 if (backtrace)
2289 BT_FUNC("(branch)", insn);
2290 return ret;
2291 }
4855022a 2292 }
dcc914f4
JP		 2293
2294 if (insn->type == INSN_JUMP_UNCONDITIONAL)
2295 return 0;
2296
2297 break;
2298
2299 case INSN_JUMP_DYNAMIC:
b68b9907 2300 case INSN_JUMP_DYNAMIC_CONDITIONAL:
0c1ddd33 2301 if (func && is_sibling_call(insn)) {
54262aa2
PZ		 2302 ret = validate_sibling_call(insn, &state);
2303 if (ret)
2304 return ret;
dcc914f4
JP		 2305 }
2306
b68b9907
JP		 2307 if (insn->type == INSN_JUMP_DYNAMIC)
2308 return 0;
2309
2310 break;
dcc914f4 2311
b7460462
PZ		 2312 case INSN_EXCEPTION_RETURN:
2313 if (handle_insn_ops(insn, &state))
2314 return 1;
2315
2316 /*
2317 * This handles x86's sync_core() case, where we use an
2318 * IRET to self. All 'normal' IRET instructions are in
2319 * STT_NOTYPE entry symbols.
2320 */
2321 if (func)
2322 break;
2323
2324 return 0;
2325
39358a03
JP		 2326 case INSN_CONTEXT_SWITCH:
2327 if (func && (!next_insn || !next_insn->hint)) {
2328 WARN_FUNC("unsupported instruction in callable function",
2329 sec, insn->offset);
2330 return 1;
2331 }
2332 return 0;
2333
baa41469 2334 case INSN_STACK:
65ea47dc 2335 if (handle_insn_ops(insn, &state))
12b25729 2336 return 1;
ea24213d
PZ		 2337 break;
2338
2339 case INSN_STAC:
2340 if (state.uaccess) {
2341 WARN_FUNC("recursive UACCESS enable", sec, insn->offset);
2342 return 1;
2343 }
2344
2345 state.uaccess = true;
2346 break;
2347
2348 case INSN_CLAC:
c705cecc 2349 if (!state.uaccess && func) {
ea24213d
PZ		 2350 WARN_FUNC("redundant UACCESS disable", sec, insn->offset);
2351 return 1;
2352 }
2353
2354 if (func_uaccess_safe(func) && !state.uaccess_stack) {
2355 WARN_FUNC("UACCESS-safe disables UACCESS", sec, insn->offset);
2356 return 1;
2357 }
2358
2359 state.uaccess = false;
baa41469
JP		 2360 break;
2361
2f0f9e9a
PZ		 2362 case INSN_STD:
2363 if (state.df)
2364 WARN_FUNC("recursive STD", sec, insn->offset);
2365
2366 state.df = true;
2367 break;
2368
2369 case INSN_CLD:
c705cecc 2370 if (!state.df && func)
2f0f9e9a
PZ		 2371 WARN_FUNC("redundant CLD", sec, insn->offset);
2372
2373 state.df = false;
baa41469
JP		 2374 break;
2375
dcc914f4
JP		 2376 default:
2377 break;
2378 }
2379
2380 if (insn->dead_end)
2381 return 0;
2382
00d96180 2383 if (!next_insn) {
e7c0219b 2384 if (state.cfi.cfa.base == CFI_UNDEFINED)
00d96180 2385 return 0;
dcc914f4
JP		 2386 WARN("%s: unexpected end of section", sec->name);
2387 return 1;
2388 }
00d96180
JP		 2389
2390 insn = next_insn;
dcc914f4
JP		 2391 }
2392
2393 return 0;
2394}
2395
932f8e98 2396static int validate_unwind_hints(struct objtool_file *file, struct section *sec)
39358a03
JP		 2397{
2398 struct instruction *insn;
39358a03 2399 struct insn_state state;
932f8e98 2400 int ret, warnings = 0;
39358a03
JP		 2401
2402 if (!file->hints)
2403 return 0;
2404
932f8e98 2405 init_insn_state(&state, sec);
39358a03 2406
932f8e98
PZ		 2407 if (sec) {
2408 insn = find_insn(file, sec, 0);
2409 if (!insn)
2410 return 0;
2411 } else {
2412 insn = list_first_entry(&file->insn_list, typeof(*insn), list);
2413 }
2414
2415 while (&insn->list != &file->insn_list && (!sec || insn->sec == sec)) {
39358a03 2416 if (insn->hint && !insn->visited) {
c705cecc 2417 ret = validate_branch(file, insn->func, insn, state);
7697eee3
PZ		 2418 if (ret && backtrace)
2419 BT_FUNC("<=== (hint)", insn);
39358a03
JP		 2420 warnings += ret;
2421 }
932f8e98
PZ		 2422
2423 insn = list_next_entry(insn, list);
39358a03
JP		 2424 }
2425
2426 return warnings;
2427}
2428
b5bc2231
PZ		 2429static int validate_retpoline(struct objtool_file *file)
2430{
2431 struct instruction *insn;
2432 int warnings = 0;
2433
2434 for_each_insn(file, insn) {
2435 if (insn->type != INSN_JUMP_DYNAMIC &&
2436 insn->type != INSN_CALL_DYNAMIC)
2437 continue;
2438
2439 if (insn->retpoline_safe)
2440 continue;
2441
ca41b97e
PZ		 2442 /*
2443 * .init.text code is ran before userspace and thus doesn't
2444 * strictly need retpolines, except for modules which are
2445 * loaded late, they very much do need retpoline in their
2446 * .init.text
2447 */
2448 if (!strcmp(insn->sec->name, ".init.text") && !module)
2449 continue;
2450
b5bc2231
PZ		 2451 WARN_FUNC("indirect %s found in RETPOLINE build",
2452 insn->sec, insn->offset,
2453 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");
2454
2455 warnings++;
2456 }
2457
2458 return warnings;
2459}
2460
dcc914f4
JP		 2461static bool is_kasan_insn(struct instruction *insn)
2462{
2463 return (insn->type == INSN_CALL &&
2464 !strcmp(insn->call_dest->name, "__asan_handle_no_return"));
2465}
2466
2467static bool is_ubsan_insn(struct instruction *insn)
2468{
2469 return (insn->type == INSN_CALL &&
2470 !strcmp(insn->call_dest->name,
2471 "__ubsan_handle_builtin_unreachable"));
2472}
2473
baa41469 2474static bool ignore_unreachable_insn(struct instruction *insn)
dcc914f4
JP		 2475{
2476 int i;
2477
baa41469
JP		 2478 if (insn->ignore || insn->type == INSN_NOP)
2479 return true;
2480
2481 /*
2482 * Ignore any unused exceptions. This can happen when a whitelisted
2483 * function has an exception table entry.
0e2bb2bc
JP		 2484 *
2485 * Also ignore alternative replacement instructions. This can happen
2486 * when a whitelisted function uses one of the ALTERNATIVE macros.
baa41469 2487 */
0e2bb2bc
JP		 2488 if (!strcmp(insn->sec->name, ".fixup") ||
2489 !strcmp(insn->sec->name, ".altinstr_replacement") ||
2490 !strcmp(insn->sec->name, ".altinstr_aux"))
dcc914f4
JP		 2491 return true;
2492
bd841d61
JP		 2493 if (!insn->func)
2494 return false;
2495
2496 /*
2497 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees
2498 * __builtin_unreachable(). The BUG() macro has an unreachable() after
2499 * the UD2, which causes GCC's undefined trap logic to emit another UD2
2500 * (or occasionally a JMP to UD2).
2501 */
2502 if (list_prev_entry(insn, list)->dead_end &&
2503 (insn->type == INSN_BUG ||
2504 (insn->type == INSN_JUMP_UNCONDITIONAL &&
2505 insn->jump_dest && insn->jump_dest->type == INSN_BUG)))
2506 return true;
2507
dcc914f4
JP		 2508 /*
2509 * Check if this (or a subsequent) instruction is related to
2510 * CONFIG_UBSAN or CONFIG_KASAN.
2511 *
2512 * End the search at 5 instructions to avoid going into the weeds.
2513 */
2514 for (i = 0; i < 5; i++) {
2515
2516 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
2517 return true;
2518
fe24e271
JP		 2519 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
2520 if (insn->jump_dest &&
2521 insn->jump_dest->func == insn->func) {
2522 insn = insn->jump_dest;
2523 continue;
2524 }
2525
2526 break;
dcc914f4
JP		 2527 }
2528
baa41469 2529 if (insn->offset + insn->len >= insn->func->offset + insn->func->len)
dcc914f4 2530 break;
fe24e271 2531
dcc914f4
JP		 2532 insn = list_next_entry(insn, list);
2533 }
2534
2535 return false;
2536}
2537
4b5e2e7f
PZ		 2538static int validate_symbol(struct objtool_file *file, struct section *sec,
2539 struct symbol *sym, struct insn_state *state)
dcc914f4 2540{
dcc914f4 2541 struct instruction *insn;
4b5e2e7f
PZ		 2542 int ret;
2543
2544 if (!sym->len) {
2545 WARN("%s() is missing an ELF size annotation", sym->name);
2546 return 1;
2547 }
2548
2549 if (sym->pfunc != sym || sym->alias != sym)
2550 return 0;
2551
2552 insn = find_insn(file, sec, sym->offset);
2553 if (!insn || insn->ignore || insn->visited)
2554 return 0;
2555
2556 state->uaccess = sym->uaccess_safe;
2557
2558 ret = validate_branch(file, insn->func, insn, *state);
2559 if (ret && backtrace)
2560 BT_FUNC("<=== (sym)", insn);
2561 return ret;
2562}
2563
2564static int validate_section(struct objtool_file *file, struct section *sec)
2565{
baa41469 2566 struct insn_state state;
4b5e2e7f
PZ		 2567 struct symbol *func;
2568 int warnings = 0;
dcc914f4 2569
350994bf
PZ		 2570 list_for_each_entry(func, &sec->symbol_list, list) {
2571 if (func->type != STT_FUNC)
2572 continue;
e10cd8fe 2573
932f8e98 2574 init_insn_state(&state, sec);
e7c0219b
PZ		 2575 state.cfi.cfa = initial_func_cfi.cfa;
2576 memcpy(&state.cfi.regs, &initial_func_cfi.regs,
0699e551 2577 CFI_NUM_REGS * sizeof(struct cfi_reg));
e7c0219b 2578 state.cfi.stack_size = initial_func_cfi.cfa.offset;
0699e551 2579
4b5e2e7f 2580 warnings += validate_symbol(file, sec, func, &state);
dcc914f4
JP		 2581 }
2582
dcc914f4
JP		 2583 return warnings;
2584}
2585
c4a33939
PZ		 2586static int validate_vmlinux_functions(struct objtool_file *file)
2587{
2588 struct section *sec;
932f8e98 2589 int warnings = 0;
c4a33939
PZ		 2590
2591 sec = find_section_by_name(file->elf, ".noinstr.text");
0cc9ac8d
TG		 2592 if (sec) {
2593 warnings += validate_section(file, sec);
2594 warnings += validate_unwind_hints(file, sec);
2595 }
c4a33939 2596
0cc9ac8d
TG		 2597 sec = find_section_by_name(file->elf, ".entry.text");
2598 if (sec) {
2599 warnings += validate_section(file, sec);
2600 warnings += validate_unwind_hints(file, sec);
2601 }
932f8e98
PZ		 2602
2603 return warnings;
c4a33939
PZ		 2604}
2605
350994bf
PZ		 2606static int validate_functions(struct objtool_file *file)
2607{
2608 struct section *sec;
2609 int warnings = 0;
2610
da837bd6
PZ		 2611 for_each_sec(file, sec) {
2612 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
2613 continue;
2614
350994bf 2615 warnings += validate_section(file, sec);
da837bd6 2616 }
350994bf
PZ		 2617
2618 return warnings;
2619}
2620
baa41469 2621static int validate_reachable_instructions(struct objtool_file *file)
dcc914f4
JP		 2622{
2623 struct instruction *insn;
baa41469
JP		 2624
2625 if (file->ignore_unreachables)
2626 return 0;
dcc914f4
JP		 2627
2628 for_each_insn(file, insn) {
baa41469
JP		 2629 if (insn->visited || ignore_unreachable_insn(insn))
2630 continue;
2631
baa41469
JP		 2632 WARN_FUNC("unreachable instruction", insn->sec, insn->offset);
2633 return 1;
dcc914f4
JP		 2634 }
2635
baa41469 2636 return 0;
dcc914f4
JP		 2637}
2638
0c671812
JP		 2639static struct objtool_file file;
2640
43a4525f 2641int check(const char *_objname, bool orc)
dcc914f4 2642{
dcc914f4
JP		 2643 int ret, warnings = 0;
2644
2645 objname = _objname;
dcc914f4 2646
bc359ff2 2647 file.elf = elf_open_read(objname, orc ? O_RDWR : O_RDONLY);
baa41469 2648 if (!file.elf)
dcc914f4 2649 return 1;
dcc914f4
JP		 2650
2651 INIT_LIST_HEAD(&file.insn_list);
2652 hash_init(file.insn_hash);
dcc914f4 2653 file.c_file = find_section_by_name(file.elf, ".comment");
867ac9d7 2654 file.ignore_unreachables = no_unreachable;
39358a03 2655 file.hints = false;
dcc914f4 2656
baa41469
JP		 2657 arch_initial_func_cfi_state(&initial_func_cfi);
2658
dcc914f4
JP		 2659 ret = decode_sections(&file);
2660 if (ret < 0)
2661 goto out;
2662 warnings += ret;
2663
baa41469 2664 if (list_empty(&file.insn_list))
dcc914f4 2665 goto out;
dcc914f4 2666
c4a33939
PZ		 2667 if (vmlinux && !validate_dup) {
2668 ret = validate_vmlinux_functions(&file);
2669 if (ret < 0)
2670 goto out;
2671
2672 warnings += ret;
2673 goto out;
2674 }
2675
b5bc2231
PZ		 2676 if (retpoline) {
2677 ret = validate_retpoline(&file);
2678 if (ret < 0)
2679 return ret;
2680 warnings += ret;
2681 }
2682
baa41469 2683 ret = validate_functions(&file);
dcc914f4
JP		 2684 if (ret < 0)
2685 goto out;
2686 warnings += ret;
2687
932f8e98 2688 ret = validate_unwind_hints(&file, NULL);
39358a03
JP		 2689 if (ret < 0)
2690 goto out;
2691 warnings += ret;
2692
baa41469
JP		 2693 if (!warnings) {
2694 ret = validate_reachable_instructions(&file);
2695 if (ret < 0)
2696 goto out;
2697 warnings += ret;
2698 }
2699
627fce14
JP		 2700 if (orc) {
2701 ret = create_orc(&file);
2702 if (ret < 0)
2703 goto out;
2704
2705 ret = create_orc_sections(&file);
2706 if (ret < 0)
2707 goto out;
2708
2709 ret = elf_write(file.elf);
2710 if (ret < 0)
2711 goto out;
2712 }
2713
dcc914f4 2714out:
644592d3
JP		 2715 if (ret < 0) {
2716 /*
2717 * Fatal error. The binary is corrupt or otherwise broken in
2718 * some way, or objtool itself is broken. Fail the kernel
2719 * build.
2720 */
2721 return ret;
2722 }
2723
dcc914f4
JP		 2724 return 0;
2725}
Ubuntu Jammy Linux kernel mirror