]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - tools/objtool/check.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
KVM: SVM: Move spec control call after restore of GS
[mirror_ubuntu-artful-kernel.git] / tools / objtool / check.c
1 /*
2 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include <string.h>
19 #include <stdlib.h>
20
21 #include "check.h"
22 #include "elf.h"
23 #include "special.h"
24 #include "arch.h"
25 #include "warn.h"
26
27 #include <linux/hashtable.h>
28 #include <linux/kernel.h>
29
30 struct alternative {
31 struct list_head list;
32 struct instruction *insn;
33 };
34
35 const char *objname;
36 static bool nofp;
37 struct cfi_state initial_func_cfi;
38
39 struct instruction *find_insn(struct objtool_file *file,
40 struct section *sec, unsigned long offset)
41 {
42 struct instruction *insn;
43
44 hash_for_each_possible(file->insn_hash, insn, hash, offset)
45 if (insn->sec == sec && insn->offset == offset)
46 return insn;
47
48 return NULL;
49 }
50
51 static struct instruction *next_insn_same_sec(struct objtool_file *file,
52 struct instruction *insn)
53 {
54 struct instruction *next = list_next_entry(insn, list);
55
56 if (!next || &next->list == &file->insn_list || next->sec != insn->sec)
57 return NULL;
58
59 return next;
60 }
61
62 static bool gcov_enabled(struct objtool_file *file)
63 {
64 struct section *sec;
65 struct symbol *sym;
66
67 for_each_sec(file, sec)
68 list_for_each_entry(sym, &sec->symbol_list, list)
69 if (!strncmp(sym->name, "__gcov_.", 8))
70 return true;
71
72 return false;
73 }
74
75 #define func_for_each_insn(file, func, insn) \
76 for (insn = find_insn(file, func->sec, func->offset); \
77 insn && &insn->list != &file->insn_list && \
78 insn->sec == func->sec && \
79 insn->offset < func->offset + func->len; \
80 insn = list_next_entry(insn, list))
81
82 #define func_for_each_insn_continue_reverse(file, func, insn) \
83 for (insn = list_prev_entry(insn, list); \
84 &insn->list != &file->insn_list && \
85 insn->sec == func->sec && insn->offset >= func->offset; \
86 insn = list_prev_entry(insn, list))
87
88 #define sec_for_each_insn_from(file, insn) \
89 for (; insn; insn = next_insn_same_sec(file, insn))
90
91 #define sec_for_each_insn_continue(file, insn) \
92 for (insn = next_insn_same_sec(file, insn); insn; \
93 insn = next_insn_same_sec(file, insn))
94
95 /*
96 * Check if the function has been manually whitelisted with the
97 * STACK_FRAME_NON_STANDARD macro, or if it should be automatically whitelisted
98 * due to its use of a context switching instruction.
99 */
100 static bool ignore_func(struct objtool_file *file, struct symbol *func)
101 {
102 struct rela *rela;
103
104 /* check for STACK_FRAME_NON_STANDARD */
105 if (file->whitelist && file->whitelist->rela)
106 list_for_each_entry(rela, &file->whitelist->rela->rela_list, list) {
107 if (rela->sym->type == STT_SECTION &&
108 rela->sym->sec == func->sec &&
109 rela->addend == func->offset)
110 return true;
111 if (rela->sym->type == STT_FUNC && rela->sym == func)
112 return true;
113 }
114
115 return false;
116 }
117
118 /*
119 * This checks to see if the given function is a "noreturn" function.
120 *
121 * For global functions which are outside the scope of this object file, we
122 * have to keep a manual list of them.
123 *
124 * For local functions, we have to detect them manually by simply looking for
125 * the lack of a return instruction.
126 *
127 * Returns:
128 * -1: error
129 * 0: no dead end
130 * 1: dead end
131 */
132 static int __dead_end_function(struct objtool_file *file, struct symbol *func,
133 int recursion)
134 {
135 int i;
136 struct instruction *insn;
137 bool empty = true;
138
139 /*
140 * Unfortunately these have to be hard coded because the noreturn
141 * attribute isn't provided in ELF data.
142 */
143 static const char * const global_noreturns[] = {
144 "__stack_chk_fail",
145 "panic",
146 "do_exit",
147 "do_task_dead",
148 "__module_put_and_exit",
149 "complete_and_exit",
150 "kvm_spurious_fault",
151 "__reiserfs_panic",
152 "lbug_with_loc",
153 "fortify_panic",
154 };
155
156 if (func->bind == STB_WEAK)
157 return 0;
158
159 if (func->bind == STB_GLOBAL)
160 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
161 if (!strcmp(func->name, global_noreturns[i]))
162 return 1;
163
164 if (!func->sec)
165 return 0;
166
167 func_for_each_insn(file, func, insn) {
168 empty = false;
169
170 if (insn->type == INSN_RETURN)
171 return 0;
172 }
173
174 if (empty)
175 return 0;
176
177 /*
178 * A function can have a sibling call instead of a return. In that
179 * case, the function's dead-end status depends on whether the target
180 * of the sibling call returns.
181 */
182 func_for_each_insn(file, func, insn) {
183 if (insn->sec != func->sec ||
184 insn->offset >= func->offset + func->len)
185 break;
186
187 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
188 struct instruction *dest = insn->jump_dest;
189 struct symbol *dest_func;
190
191 if (!dest)
192 /* sibling call to another file */
193 return 0;
194
195 if (dest->sec != func->sec ||
196 dest->offset < func->offset ||
197 dest->offset >= func->offset + func->len) {
198 /* local sibling call */
199 dest_func = find_symbol_by_offset(dest->sec,
200 dest->offset);
201 if (!dest_func)
202 continue;
203
204 if (recursion == 5) {
205 WARN_FUNC("infinite recursion (objtool bug!)",
206 dest->sec, dest->offset);
207 return -1;
208 }
209
210 return __dead_end_function(file, dest_func,
211 recursion + 1);
212 }
213 }
214
215 if (insn->type == INSN_JUMP_DYNAMIC && list_empty(&insn->alts))
216 /* sibling call */
217 return 0;
218 }
219
220 return 1;
221 }
222
223 static int dead_end_function(struct objtool_file *file, struct symbol *func)
224 {
225 return __dead_end_function(file, func, 0);
226 }
227
228 static void clear_insn_state(struct insn_state *state)
229 {
230 int i;
231
232 memset(state, 0, sizeof(*state));
233 state->cfa.base = CFI_UNDEFINED;
234 for (i = 0; i < CFI_NUM_REGS; i++)
235 state->regs[i].base = CFI_UNDEFINED;
236 state->drap_reg = CFI_UNDEFINED;
237 }
238
239 /*
240 * Call the arch-specific instruction decoder for all the instructions and add
241 * them to the global instruction list.
242 */
243 static int decode_instructions(struct objtool_file *file)
244 {
245 struct section *sec;
246 struct symbol *func;
247 unsigned long offset;
248 struct instruction *insn;
249 int ret;
250
251 for_each_sec(file, sec) {
252
253 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
254 continue;
255
256 if (strcmp(sec->name, ".altinstr_replacement") &&
257 strcmp(sec->name, ".altinstr_aux") &&
258 strncmp(sec->name, ".discard.", 9))
259 sec->text = true;
260
261 for (offset = 0; offset < sec->len; offset += insn->len) {
262 insn = malloc(sizeof(*insn));
263 if (!insn) {
264 WARN("malloc failed");
265 return -1;
266 }
267 memset(insn, 0, sizeof(*insn));
268 INIT_LIST_HEAD(&insn->alts);
269 clear_insn_state(&insn->state);
270
271 insn->sec = sec;
272 insn->offset = offset;
273
274 ret = arch_decode_instruction(file->elf, sec, offset,
275 sec->len - offset,
276 &insn->len, &insn->type,
277 &insn->immediate,
278 &insn->stack_op);
279 if (ret)
280 return ret;
281
282 if (!insn->type || insn->type > INSN_LAST) {
283 WARN_FUNC("invalid instruction type %d",
284 insn->sec, insn->offset, insn->type);
285 return -1;
286 }
287
288 hash_add(file->insn_hash, &insn->hash, insn->offset);
289 list_add_tail(&insn->list, &file->insn_list);
290 }
291
292 list_for_each_entry(func, &sec->symbol_list, list) {
293 if (func->type != STT_FUNC)
294 continue;
295
296 if (!find_insn(file, sec, func->offset)) {
297 WARN("%s(): can't find starting instruction",
298 func->name);
299 return -1;
300 }
301
302 func_for_each_insn(file, func, insn)
303 if (!insn->func)
304 insn->func = func;
305 }
306 }
307
308 return 0;
309 }
310
311 /*
312 * Find all uses of the unreachable() macro, which are code path dead ends.
313 */
314 static int add_dead_ends(struct objtool_file *file)
315 {
316 struct section *sec;
317 struct rela *rela;
318 struct instruction *insn;
319 bool found;
320
321 sec = find_section_by_name(file->elf, ".rela.discard.unreachable");
322 if (!sec)
323 return 0;
324
325 list_for_each_entry(rela, &sec->rela_list, list) {
326 if (rela->sym->type != STT_SECTION) {
327 WARN("unexpected relocation symbol type in %s", sec->name);
328 return -1;
329 }
330 insn = find_insn(file, rela->sym->sec, rela->addend);
331 if (insn)
332 insn = list_prev_entry(insn, list);
333 else if (rela->addend == rela->sym->sec->len) {
334 found = false;
335 list_for_each_entry_reverse(insn, &file->insn_list, list) {
336 if (insn->sec == rela->sym->sec) {
337 found = true;
338 break;
339 }
340 }
341
342 if (!found) {
343 WARN("can't find unreachable insn at %s+0x%x",
344 rela->sym->sec->name, rela->addend);
345 return -1;
346 }
347 } else {
348 WARN("can't find unreachable insn at %s+0x%x",
349 rela->sym->sec->name, rela->addend);
350 return -1;
351 }
352
353 insn->dead_end = true;
354 }
355
356 return 0;
357 }
358
359 /*
360 * Warnings shouldn't be reported for ignored functions.
361 */
362 static void add_ignores(struct objtool_file *file)
363 {
364 struct instruction *insn;
365 struct section *sec;
366 struct symbol *func;
367
368 for_each_sec(file, sec) {
369 list_for_each_entry(func, &sec->symbol_list, list) {
370 if (func->type != STT_FUNC)
371 continue;
372
373 if (!ignore_func(file, func))
374 continue;
375
376 func_for_each_insn(file, func, insn)
377 insn->ignore = true;
378 }
379 }
380 }
381
382 /*
383 * FIXME: For now, just ignore any alternatives which add retpolines. This is
384 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline.
385 * But it at least allows objtool to understand the control flow *around* the
386 * retpoline.
387 */
388 static int add_nospec_ignores(struct objtool_file *file)
389 {
390 struct section *sec;
391 struct rela *rela;
392 struct instruction *insn;
393
394 sec = find_section_by_name(file->elf, ".rela.discard.nospec");
395 if (!sec)
396 return 0;
397
398 list_for_each_entry(rela, &sec->rela_list, list) {
399 if (rela->sym->type != STT_SECTION) {
400 WARN("unexpected relocation symbol type in %s", sec->name);
401 return -1;
402 }
403
404 insn = find_insn(file, rela->sym->sec, rela->addend);
405 if (!insn) {
406 WARN("bad .discard.nospec entry");
407 return -1;
408 }
409
410 insn->ignore_alts = true;
411 }
412
413 return 0;
414 }
415
416 /*
417 * Find the destination instructions for all jumps.
418 */
419 static int add_jump_destinations(struct objtool_file *file)
420 {
421 struct instruction *insn;
422 struct rela *rela;
423 struct section *dest_sec;
424 unsigned long dest_off;
425
426 for_each_insn(file, insn) {
427 if (insn->type != INSN_JUMP_CONDITIONAL &&
428 insn->type != INSN_JUMP_UNCONDITIONAL)
429 continue;
430
431 if (insn->ignore)
432 continue;
433
434 rela = find_rela_by_dest_range(insn->sec, insn->offset,
435 insn->len);
436 if (!rela) {
437 dest_sec = insn->sec;
438 dest_off = insn->offset + insn->len + insn->immediate;
439 } else if (rela->sym->type == STT_SECTION) {
440 dest_sec = rela->sym->sec;
441 dest_off = rela->addend + 4;
442 } else if (rela->sym->sec->idx) {
443 dest_sec = rela->sym->sec;
444 dest_off = rela->sym->sym.st_value + rela->addend + 4;
445 } else if (strstr(rela->sym->name, "_indirect_thunk_")) {
446 /*
447 * Retpoline jumps are really dynamic jumps in
448 * disguise, so convert them accordingly.
449 */
450 insn->type = INSN_JUMP_DYNAMIC;
451 continue;
452 } else {
453 /* sibling call */
454 insn->jump_dest = 0;
455 continue;
456 }
457
458 insn->jump_dest = find_insn(file, dest_sec, dest_off);
459 if (!insn->jump_dest) {
460
461 /*
462 * This is a special case where an alt instruction
463 * jumps past the end of the section. These are
464 * handled later in handle_group_alt().
465 */
466 if (!strcmp(insn->sec->name, ".altinstr_replacement"))
467 continue;
468
469 WARN_FUNC("can't find jump dest instruction at %s+0x%lx",
470 insn->sec, insn->offset, dest_sec->name,
471 dest_off);
472 return -1;
473 }
474 }
475
476 return 0;
477 }
478
479 /*
480 * Find the destination instructions for all calls.
481 */
482 static int add_call_destinations(struct objtool_file *file)
483 {
484 struct instruction *insn;
485 unsigned long dest_off;
486 struct rela *rela;
487
488 for_each_insn(file, insn) {
489 if (insn->type != INSN_CALL)
490 continue;
491
492 rela = find_rela_by_dest_range(insn->sec, insn->offset,
493 insn->len);
494 if (!rela) {
495 dest_off = insn->offset + insn->len + insn->immediate;
496 insn->call_dest = find_symbol_by_offset(insn->sec,
497 dest_off);
498 /*
499 * FIXME: Thanks to retpolines, it's now considered
500 * normal for a function to call within itself. So
501 * disable this warning for now.
502 */
503 #if 0
504 if (!insn->call_dest) {
505 WARN_FUNC("can't find call dest symbol at offset 0x%lx",
506 insn->sec, insn->offset, dest_off);
507 return -1;
508 }
509 #endif
510 } else if (rela->sym->type == STT_SECTION) {
511 insn->call_dest = find_symbol_by_offset(rela->sym->sec,
512 rela->addend+4);
513 if (!insn->call_dest ||
514 insn->call_dest->type != STT_FUNC) {
515 WARN_FUNC("can't find call dest symbol at %s+0x%x",
516 insn->sec, insn->offset,
517 rela->sym->sec->name,
518 rela->addend + 4);
519 return -1;
520 }
521 } else
522 insn->call_dest = rela->sym;
523 }
524
525 return 0;
526 }
527
528 /*
529 * The .alternatives section requires some extra special care, over and above
530 * what other special sections require:
531 *
532 * 1. Because alternatives are patched in-place, we need to insert a fake jump
533 * instruction at the end so that validate_branch() skips all the original
534 * replaced instructions when validating the new instruction path.
535 *
536 * 2. An added wrinkle is that the new instruction length might be zero. In
537 * that case the old instructions are replaced with noops. We simulate that
538 * by creating a fake jump as the only new instruction.
539 *
540 * 3. In some cases, the alternative section includes an instruction which
541 * conditionally jumps to the _end_ of the entry. We have to modify these
542 * jumps' destinations to point back to .text rather than the end of the
543 * entry in .altinstr_replacement.
544 *
545 * 4. It has been requested that we don't validate the !POPCNT feature path
546 * which is a "very very small percentage of machines".
547 */
548 static int handle_group_alt(struct objtool_file *file,
549 struct special_alt *special_alt,
550 struct instruction *orig_insn,
551 struct instruction **new_insn)
552 {
553 struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump;
554 unsigned long dest_off;
555
556 last_orig_insn = NULL;
557 insn = orig_insn;
558 sec_for_each_insn_from(file, insn) {
559 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
560 break;
561
562 if (special_alt->skip_orig)
563 insn->type = INSN_NOP;
564
565 insn->alt_group = true;
566 last_orig_insn = insn;
567 }
568
569 if (!next_insn_same_sec(file, last_orig_insn)) {
570 WARN("%s: don't know how to handle alternatives at end of section",
571 special_alt->orig_sec->name);
572 return -1;
573 }
574
575 fake_jump = malloc(sizeof(*fake_jump));
576 if (!fake_jump) {
577 WARN("malloc failed");
578 return -1;
579 }
580 memset(fake_jump, 0, sizeof(*fake_jump));
581 INIT_LIST_HEAD(&fake_jump->alts);
582 clear_insn_state(&fake_jump->state);
583
584 fake_jump->sec = special_alt->new_sec;
585 fake_jump->offset = -1;
586 fake_jump->type = INSN_JUMP_UNCONDITIONAL;
587 fake_jump->jump_dest = list_next_entry(last_orig_insn, list);
588 fake_jump->ignore = true;
589
590 if (!special_alt->new_len) {
591 *new_insn = fake_jump;
592 return 0;
593 }
594
595 last_new_insn = NULL;
596 insn = *new_insn;
597 sec_for_each_insn_from(file, insn) {
598 if (insn->offset >= special_alt->new_off + special_alt->new_len)
599 break;
600
601 last_new_insn = insn;
602
603 if (insn->type != INSN_JUMP_CONDITIONAL &&
604 insn->type != INSN_JUMP_UNCONDITIONAL)
605 continue;
606
607 if (!insn->immediate)
608 continue;
609
610 dest_off = insn->offset + insn->len + insn->immediate;
611 if (dest_off == special_alt->new_off + special_alt->new_len)
612 insn->jump_dest = fake_jump;
613
614 if (!insn->jump_dest) {
615 WARN_FUNC("can't find alternative jump destination",
616 insn->sec, insn->offset);
617 return -1;
618 }
619 }
620
621 if (!last_new_insn) {
622 WARN_FUNC("can't find last new alternative instruction",
623 special_alt->new_sec, special_alt->new_off);
624 return -1;
625 }
626
627 list_add(&fake_jump->list, &last_new_insn->list);
628
629 return 0;
630 }
631
632 /*
633 * A jump table entry can either convert a nop to a jump or a jump to a nop.
634 * If the original instruction is a jump, make the alt entry an effective nop
635 * by just skipping the original instruction.
636 */
637 static int handle_jump_alt(struct objtool_file *file,
638 struct special_alt *special_alt,
639 struct instruction *orig_insn,
640 struct instruction **new_insn)
641 {
642 if (orig_insn->type == INSN_NOP)
643 return 0;
644
645 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) {
646 WARN_FUNC("unsupported instruction at jump label",
647 orig_insn->sec, orig_insn->offset);
648 return -1;
649 }
650
651 *new_insn = list_next_entry(orig_insn, list);
652 return 0;
653 }
654
655 /*
656 * Read all the special sections which have alternate instructions which can be
657 * patched in or redirected to at runtime. Each instruction having alternate
658 * instruction(s) has them added to its insn->alts list, which will be
659 * traversed in validate_branch().
660 */
661 static int add_special_section_alts(struct objtool_file *file)
662 {
663 struct list_head special_alts;
664 struct instruction *orig_insn, *new_insn;
665 struct special_alt *special_alt, *tmp;
666 struct alternative *alt;
667 int ret;
668
669 ret = special_get_alts(file->elf, &special_alts);
670 if (ret)
671 return ret;
672
673 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
674
675 orig_insn = find_insn(file, special_alt->orig_sec,
676 special_alt->orig_off);
677 if (!orig_insn) {
678 WARN_FUNC("special: can't find orig instruction",
679 special_alt->orig_sec, special_alt->orig_off);
680 ret = -1;
681 goto out;
682 }
683
684 /* Ignore retpoline alternatives. */
685 if (orig_insn->ignore_alts)
686 continue;
687
688 new_insn = NULL;
689 if (!special_alt->group || special_alt->new_len) {
690 new_insn = find_insn(file, special_alt->new_sec,
691 special_alt->new_off);
692 if (!new_insn) {
693 WARN_FUNC("special: can't find new instruction",
694 special_alt->new_sec,
695 special_alt->new_off);
696 ret = -1;
697 goto out;
698 }
699 }
700
701 if (special_alt->group) {
702 ret = handle_group_alt(file, special_alt, orig_insn,
703 &new_insn);
704 if (ret)
705 goto out;
706 } else if (special_alt->jump_or_nop) {
707 ret = handle_jump_alt(file, special_alt, orig_insn,
708 &new_insn);
709 if (ret)
710 goto out;
711 }
712
713 alt = malloc(sizeof(*alt));
714 if (!alt) {
715 WARN("malloc failed");
716 ret = -1;
717 goto out;
718 }
719
720 alt->insn = new_insn;
721 list_add_tail(&alt->list, &orig_insn->alts);
722
723 list_del(&special_alt->list);
724 free(special_alt);
725 }
726
727 out:
728 return ret;
729 }
730
731 static int add_switch_table(struct objtool_file *file, struct symbol *func,
732 struct instruction *insn, struct rela *table,
733 struct rela *next_table)
734 {
735 struct rela *rela = table;
736 struct instruction *alt_insn;
737 struct alternative *alt;
738
739 list_for_each_entry_from(rela, &file->rodata->rela->rela_list, list) {
740 if (rela == next_table)
741 break;
742
743 if (rela->sym->sec != insn->sec ||
744 rela->addend <= func->offset ||
745 rela->addend >= func->offset + func->len)
746 break;
747
748 alt_insn = find_insn(file, insn->sec, rela->addend);
749 if (!alt_insn) {
750 WARN("%s: can't find instruction at %s+0x%x",
751 file->rodata->rela->name, insn->sec->name,
752 rela->addend);
753 return -1;
754 }
755
756 alt = malloc(sizeof(*alt));
757 if (!alt) {
758 WARN("malloc failed");
759 return -1;
760 }
761
762 alt->insn = alt_insn;
763 list_add_tail(&alt->list, &insn->alts);
764 }
765
766 return 0;
767 }
768
769 /*
770 * find_switch_table() - Given a dynamic jump, find the switch jump table in
771 * .rodata associated with it.
772 *
773 * There are 3 basic patterns:
774 *
775 * 1. jmpq *[rodata addr](,%reg,8)
776 *
777 * This is the most common case by far. It jumps to an address in a simple
778 * jump table which is stored in .rodata.
779 *
780 * 2. jmpq *[rodata addr](%rip)
781 *
782 * This is caused by a rare GCC quirk, currently only seen in three driver
783 * functions in the kernel, only with certain obscure non-distro configs.
784 *
785 * As part of an optimization, GCC makes a copy of an existing switch jump
786 * table, modifies it, and then hard-codes the jump (albeit with an indirect
787 * jump) to use a single entry in the table. The rest of the jump table and
788 * some of its jump targets remain as dead code.
789 *
790 * In such a case we can just crudely ignore all unreachable instruction
791 * warnings for the entire object file. Ideally we would just ignore them
792 * for the function, but that would require redesigning the code quite a
793 * bit. And honestly that's just not worth doing: unreachable instruction
794 * warnings are of questionable value anyway, and this is such a rare issue.
795 *
796 * 3. mov [rodata addr],%reg1
797 * ... some instructions ...
798 * jmpq *(%reg1,%reg2,8)
799 *
800 * This is a fairly uncommon pattern which is new for GCC 6. As of this
801 * writing, there are 11 occurrences of it in the allmodconfig kernel.
802 *
803 * TODO: Once we have DWARF CFI and smarter instruction decoding logic,
804 * ensure the same register is used in the mov and jump instructions.
805 */
806 static struct rela *find_switch_table(struct objtool_file *file,
807 struct symbol *func,
808 struct instruction *insn)
809 {
810 struct rela *text_rela, *rodata_rela;
811 struct instruction *orig_insn = insn;
812
813 text_rela = find_rela_by_dest_range(insn->sec, insn->offset, insn->len);
814 if (text_rela && text_rela->sym == file->rodata->sym) {
815 /* case 1 */
816 rodata_rela = find_rela_by_dest(file->rodata,
817 text_rela->addend);
818 if (rodata_rela)
819 return rodata_rela;
820
821 /* case 2 */
822 rodata_rela = find_rela_by_dest(file->rodata,
823 text_rela->addend + 4);
824 if (!rodata_rela)
825 return NULL;
826 file->ignore_unreachables = true;
827 return rodata_rela;
828 }
829
830 /* case 3 */
831 func_for_each_insn_continue_reverse(file, func, insn) {
832 if (insn->type == INSN_JUMP_DYNAMIC)
833 break;
834
835 /* allow small jumps within the range */
836 if (insn->type == INSN_JUMP_UNCONDITIONAL &&
837 insn->jump_dest &&
838 (insn->jump_dest->offset <= insn->offset ||
839 insn->jump_dest->offset > orig_insn->offset))
840 break;
841
842 /* look for a relocation which references .rodata */
843 text_rela = find_rela_by_dest_range(insn->sec, insn->offset,
844 insn->len);
845 if (!text_rela || text_rela->sym != file->rodata->sym)
846 continue;
847
848 /*
849 * Make sure the .rodata address isn't associated with a
850 * symbol. gcc jump tables are anonymous data.
851 */
852 if (find_symbol_containing(file->rodata, text_rela->addend))
853 continue;
854
855 return find_rela_by_dest(file->rodata, text_rela->addend);
856 }
857
858 return NULL;
859 }
860
861 static int add_func_switch_tables(struct objtool_file *file,
862 struct symbol *func)
863 {
864 struct instruction *insn, *prev_jump = NULL;
865 struct rela *rela, *prev_rela = NULL;
866 int ret;
867
868 func_for_each_insn(file, func, insn) {
869 if (insn->type != INSN_JUMP_DYNAMIC)
870 continue;
871
872 rela = find_switch_table(file, func, insn);
873 if (!rela)
874 continue;
875
876 /*
877 * We found a switch table, but we don't know yet how big it
878 * is. Don't add it until we reach the end of the function or
879 * the beginning of another switch table in the same function.
880 */
881 if (prev_jump) {
882 ret = add_switch_table(file, func, prev_jump, prev_rela,
883 rela);
884 if (ret)
885 return ret;
886 }
887
888 prev_jump = insn;
889 prev_rela = rela;
890 }
891
892 if (prev_jump) {
893 ret = add_switch_table(file, func, prev_jump, prev_rela, NULL);
894 if (ret)
895 return ret;
896 }
897
898 return 0;
899 }
900
901 /*
902 * For some switch statements, gcc generates a jump table in the .rodata
903 * section which contains a list of addresses within the function to jump to.
904 * This finds these jump tables and adds them to the insn->alts lists.
905 */
906 static int add_switch_table_alts(struct objtool_file *file)
907 {
908 struct section *sec;
909 struct symbol *func;
910 int ret;
911
912 if (!file->rodata || !file->rodata->rela)
913 return 0;
914
915 for_each_sec(file, sec) {
916 list_for_each_entry(func, &sec->symbol_list, list) {
917 if (func->type != STT_FUNC)
918 continue;
919
920 ret = add_func_switch_tables(file, func);
921 if (ret)
922 return ret;
923 }
924 }
925
926 return 0;
927 }
928
929 static int read_unwind_hints(struct objtool_file *file)
930 {
931 struct section *sec, *relasec;
932 struct rela *rela;
933 struct unwind_hint *hint;
934 struct instruction *insn;
935 struct cfi_reg *cfa;
936 int i;
937
938 sec = find_section_by_name(file->elf, ".discard.unwind_hints");
939 if (!sec)
940 return 0;
941
942 relasec = sec->rela;
943 if (!relasec) {
944 WARN("missing .rela.discard.unwind_hints section");
945 return -1;
946 }
947
948 if (sec->len % sizeof(struct unwind_hint)) {
949 WARN("struct unwind_hint size mismatch");
950 return -1;
951 }
952
953 file->hints = true;
954
955 for (i = 0; i < sec->len / sizeof(struct unwind_hint); i++) {
956 hint = (struct unwind_hint *)sec->data->d_buf + i;
957
958 rela = find_rela_by_dest(sec, i * sizeof(*hint));
959 if (!rela) {
960 WARN("can't find rela for unwind_hints[%d]", i);
961 return -1;
962 }
963
964 insn = find_insn(file, rela->sym->sec, rela->addend);
965 if (!insn) {
966 WARN("can't find insn for unwind_hints[%d]", i);
967 return -1;
968 }
969
970 cfa = &insn->state.cfa;
971
972 if (hint->type == UNWIND_HINT_TYPE_SAVE) {
973 insn->save = true;
974 continue;
975
976 } else if (hint->type == UNWIND_HINT_TYPE_RESTORE) {
977 insn->restore = true;
978 insn->hint = true;
979 continue;
980 }
981
982 insn->hint = true;
983
984 switch (hint->sp_reg) {
985 case ORC_REG_UNDEFINED:
986 cfa->base = CFI_UNDEFINED;
987 break;
988 case ORC_REG_SP:
989 cfa->base = CFI_SP;
990 break;
991 case ORC_REG_BP:
992 cfa->base = CFI_BP;
993 break;
994 case ORC_REG_SP_INDIRECT:
995 cfa->base = CFI_SP_INDIRECT;
996 break;
997 case ORC_REG_R10:
998 cfa->base = CFI_R10;
999 break;
1000 case ORC_REG_R13:
1001 cfa->base = CFI_R13;
1002 break;
1003 case ORC_REG_DI:
1004 cfa->base = CFI_DI;
1005 break;
1006 case ORC_REG_DX:
1007 cfa->base = CFI_DX;
1008 break;
1009 default:
1010 WARN_FUNC("unsupported unwind_hint sp base reg %d",
1011 insn->sec, insn->offset, hint->sp_reg);
1012 return -1;
1013 }
1014
1015 cfa->offset = hint->sp_offset;
1016 insn->state.type = hint->type;
1017 }
1018
1019 return 0;
1020 }
1021
1022 static int decode_sections(struct objtool_file *file)
1023 {
1024 int ret;
1025
1026 ret = decode_instructions(file);
1027 if (ret)
1028 return ret;
1029
1030 ret = add_dead_ends(file);
1031 if (ret)
1032 return ret;
1033
1034 add_ignores(file);
1035
1036 ret = add_nospec_ignores(file);
1037 if (ret)
1038 return ret;
1039
1040 ret = add_jump_destinations(file);
1041 if (ret)
1042 return ret;
1043
1044 ret = add_call_destinations(file);
1045 if (ret)
1046 return ret;
1047
1048 ret = add_special_section_alts(file);
1049 if (ret)
1050 return ret;
1051
1052 ret = add_switch_table_alts(file);
1053 if (ret)
1054 return ret;
1055
1056 ret = read_unwind_hints(file);
1057 if (ret)
1058 return ret;
1059
1060 return 0;
1061 }
1062
1063 static bool is_fentry_call(struct instruction *insn)
1064 {
1065 if (insn->type == INSN_CALL &&
1066 insn->call_dest->type == STT_NOTYPE &&
1067 !strcmp(insn->call_dest->name, "__fentry__"))
1068 return true;
1069
1070 return false;
1071 }
1072
1073 static bool has_modified_stack_frame(struct insn_state *state)
1074 {
1075 int i;
1076
1077 if (state->cfa.base != initial_func_cfi.cfa.base ||
1078 state->cfa.offset != initial_func_cfi.cfa.offset ||
1079 state->stack_size != initial_func_cfi.cfa.offset ||
1080 state->drap)
1081 return true;
1082
1083 for (i = 0; i < CFI_NUM_REGS; i++)
1084 if (state->regs[i].base != initial_func_cfi.regs[i].base ||
1085 state->regs[i].offset != initial_func_cfi.regs[i].offset)
1086 return true;
1087
1088 return false;
1089 }
1090
1091 static bool has_valid_stack_frame(struct insn_state *state)
1092 {
1093 if (state->cfa.base == CFI_BP && state->regs[CFI_BP].base == CFI_CFA &&
1094 state->regs[CFI_BP].offset == -16)
1095 return true;
1096
1097 if (state->drap && state->regs[CFI_BP].base == CFI_BP)
1098 return true;
1099
1100 return false;
1101 }
1102
1103 static int update_insn_state_regs(struct instruction *insn, struct insn_state *state)
1104 {
1105 struct cfi_reg *cfa = &state->cfa;
1106 struct stack_op *op = &insn->stack_op;
1107
1108 if (cfa->base != CFI_SP)
1109 return 0;
1110
1111 /* push */
1112 if (op->dest.type == OP_DEST_PUSH)
1113 cfa->offset += 8;
1114
1115 /* pop */
1116 if (op->src.type == OP_SRC_POP)
1117 cfa->offset -= 8;
1118
1119 /* add immediate to sp */
1120 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD &&
1121 op->dest.reg == CFI_SP && op->src.reg == CFI_SP)
1122 cfa->offset -= op->src.offset;
1123
1124 return 0;
1125 }
1126
1127 static void save_reg(struct insn_state *state, unsigned char reg, int base,
1128 int offset)
1129 {
1130 if ((arch_callee_saved_reg(reg) ||
1131 (state->drap && reg == state->drap_reg)) &&
1132 state->regs[reg].base == CFI_UNDEFINED) {
1133 state->regs[reg].base = base;
1134 state->regs[reg].offset = offset;
1135 }
1136 }
1137
1138 static void restore_reg(struct insn_state *state, unsigned char reg)
1139 {
1140 state->regs[reg].base = CFI_UNDEFINED;
1141 state->regs[reg].offset = 0;
1142 }
1143
1144 /*
1145 * A note about DRAP stack alignment:
1146 *
1147 * GCC has the concept of a DRAP register, which is used to help keep track of
1148 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP
1149 * register. The typical DRAP pattern is:
1150 *
1151 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10
1152 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
1153 * 41 ff 72 f8 pushq -0x8(%r10)
1154 * 55 push %rbp
1155 * 48 89 e5 mov %rsp,%rbp
1156 * (more pushes)
1157 * 41 52 push %r10
1158 * ...
1159 * 41 5a pop %r10
1160 * (more pops)
1161 * 5d pop %rbp
1162 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1163 * c3 retq
1164 *
1165 * There are some variations in the epilogues, like:
1166 *
1167 * 5b pop %rbx
1168 * 41 5a pop %r10
1169 * 41 5c pop %r12
1170 * 41 5d pop %r13
1171 * 41 5e pop %r14
1172 * c9 leaveq
1173 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1174 * c3 retq
1175 *
1176 * and:
1177 *
1178 * 4c 8b 55 e8 mov -0x18(%rbp),%r10
1179 * 48 8b 5d e0 mov -0x20(%rbp),%rbx
1180 * 4c 8b 65 f0 mov -0x10(%rbp),%r12
1181 * 4c 8b 6d f8 mov -0x8(%rbp),%r13
1182 * c9 leaveq
1183 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1184 * c3 retq
1185 *
1186 * Sometimes r13 is used as the DRAP register, in which case it's saved and
1187 * restored beforehand:
1188 *
1189 * 41 55 push %r13
1190 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13
1191 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
1192 * ...
1193 * 49 8d 65 f0 lea -0x10(%r13),%rsp
1194 * 41 5d pop %r13
1195 * c3 retq
1196 */
1197 static int update_insn_state(struct instruction *insn, struct insn_state *state)
1198 {
1199 struct stack_op *op = &insn->stack_op;
1200 struct cfi_reg *cfa = &state->cfa;
1201 struct cfi_reg *regs = state->regs;
1202
1203 /* stack operations don't make sense with an undefined CFA */
1204 if (cfa->base == CFI_UNDEFINED) {
1205 if (insn->func) {
1206 WARN_FUNC("undefined stack state", insn->sec, insn->offset);
1207 return -1;
1208 }
1209 return 0;
1210 }
1211
1212 if (state->type == ORC_TYPE_REGS || state->type == ORC_TYPE_REGS_IRET)
1213 return update_insn_state_regs(insn, state);
1214
1215 switch (op->dest.type) {
1216
1217 case OP_DEST_REG:
1218 switch (op->src.type) {
1219
1220 case OP_SRC_REG:
1221 if (cfa->base == op->src.reg && cfa->base == CFI_SP &&
1222 op->dest.reg == CFI_BP && regs[CFI_BP].base == CFI_CFA &&
1223 regs[CFI_BP].offset == -cfa->offset) {
1224
1225 /* mov %rsp, %rbp */
1226 cfa->base = op->dest.reg;
1227 state->bp_scratch = false;
1228 } else if (state->drap) {
1229
1230 /* drap: mov %rsp, %rbp */
1231 regs[CFI_BP].base = CFI_BP;
1232 regs[CFI_BP].offset = -state->stack_size;
1233 state->bp_scratch = false;
1234 } else if (!nofp) {
1235
1236 WARN_FUNC("unknown stack-related register move",
1237 insn->sec, insn->offset);
1238 return -1;
1239 }
1240
1241 break;
1242
1243 case OP_SRC_ADD:
1244 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) {
1245
1246 /* add imm, %rsp */
1247 state->stack_size -= op->src.offset;
1248 if (cfa->base == CFI_SP)
1249 cfa->offset -= op->src.offset;
1250 break;
1251 }
1252
1253 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) {
1254
1255 /* lea disp(%rbp), %rsp */
1256 state->stack_size = -(op->src.offset + regs[CFI_BP].offset);
1257 break;
1258 }
1259
1260 if (op->dest.reg != CFI_BP && op->src.reg == CFI_SP &&
1261 cfa->base == CFI_SP) {
1262
1263 /* drap: lea disp(%rsp), %drap */
1264 state->drap_reg = op->dest.reg;
1265 break;
1266 }
1267
1268 if (state->drap && op->dest.reg == CFI_SP &&
1269 op->src.reg == state->drap_reg) {
1270
1271 /* drap: lea disp(%drap), %rsp */
1272 cfa->base = CFI_SP;
1273 cfa->offset = state->stack_size = -op->src.offset;
1274 state->drap_reg = CFI_UNDEFINED;
1275 state->drap = false;
1276 break;
1277 }
1278
1279 if (op->dest.reg == state->cfa.base) {
1280 WARN_FUNC("unsupported stack register modification",
1281 insn->sec, insn->offset);
1282 return -1;
1283 }
1284
1285 break;
1286
1287 case OP_SRC_AND:
1288 if (op->dest.reg != CFI_SP ||
1289 (state->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) ||
1290 (state->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) {
1291 WARN_FUNC("unsupported stack pointer realignment",
1292 insn->sec, insn->offset);
1293 return -1;
1294 }
1295
1296 if (state->drap_reg != CFI_UNDEFINED) {
1297 /* drap: and imm, %rsp */
1298 cfa->base = state->drap_reg;
1299 cfa->offset = state->stack_size = 0;
1300 state->drap = true;
1301
1302 }
1303
1304 /*
1305 * Older versions of GCC (4.8ish) realign the stack
1306 * without DRAP, with a frame pointer.
1307 */
1308
1309 break;
1310
1311 case OP_SRC_POP:
1312 if (!state->drap && op->dest.type == OP_DEST_REG &&
1313 op->dest.reg == cfa->base) {
1314
1315 /* pop %rbp */
1316 cfa->base = CFI_SP;
1317 }
1318
1319 if (regs[op->dest.reg].offset == -state->stack_size) {
1320
1321 if (state->drap && cfa->base == CFI_BP_INDIRECT &&
1322 op->dest.type == OP_DEST_REG &&
1323 op->dest.reg == state->drap_reg) {
1324
1325 /* drap: pop %drap */
1326 cfa->base = state->drap_reg;
1327 cfa->offset = 0;
1328 }
1329
1330 restore_reg(state, op->dest.reg);
1331 }
1332
1333 state->stack_size -= 8;
1334 if (cfa->base == CFI_SP)
1335 cfa->offset -= 8;
1336
1337 break;
1338
1339 case OP_SRC_REG_INDIRECT:
1340 if (state->drap && op->src.reg == CFI_BP &&
1341 op->src.offset == regs[op->dest.reg].offset) {
1342
1343 /* drap: mov disp(%rbp), %reg */
1344 if (op->dest.reg == state->drap_reg) {
1345 cfa->base = state->drap_reg;
1346 cfa->offset = 0;
1347 }
1348
1349 restore_reg(state, op->dest.reg);
1350
1351 } else if (op->src.reg == cfa->base &&
1352 op->src.offset == regs[op->dest.reg].offset + cfa->offset) {
1353
1354 /* mov disp(%rbp), %reg */
1355 /* mov disp(%rsp), %reg */
1356 restore_reg(state, op->dest.reg);
1357 }
1358
1359 break;
1360
1361 default:
1362 WARN_FUNC("unknown stack-related instruction",
1363 insn->sec, insn->offset);
1364 return -1;
1365 }
1366
1367 break;
1368
1369 case OP_DEST_PUSH:
1370 state->stack_size += 8;
1371 if (cfa->base == CFI_SP)
1372 cfa->offset += 8;
1373
1374 if (op->src.type != OP_SRC_REG)
1375 break;
1376
1377 if (state->drap) {
1378 if (op->src.reg == cfa->base && op->src.reg == state->drap_reg) {
1379
1380 /* drap: push %drap */
1381 cfa->base = CFI_BP_INDIRECT;
1382 cfa->offset = -state->stack_size;
1383
1384 /* save drap so we know when to undefine it */
1385 save_reg(state, op->src.reg, CFI_CFA, -state->stack_size);
1386
1387 } else if (op->src.reg == CFI_BP && cfa->base == state->drap_reg) {
1388
1389 /* drap: push %rbp */
1390 state->stack_size = 0;
1391
1392 } else if (regs[op->src.reg].base == CFI_UNDEFINED) {
1393
1394 /* drap: push %reg */
1395 save_reg(state, op->src.reg, CFI_BP, -state->stack_size);
1396 }
1397
1398 } else {
1399
1400 /* push %reg */
1401 save_reg(state, op->src.reg, CFI_CFA, -state->stack_size);
1402 }
1403
1404 /* detect when asm code uses rbp as a scratch register */
1405 if (!nofp && insn->func && op->src.reg == CFI_BP &&
1406 cfa->base != CFI_BP)
1407 state->bp_scratch = true;
1408 break;
1409
1410 case OP_DEST_REG_INDIRECT:
1411
1412 if (state->drap) {
1413 if (op->src.reg == cfa->base && op->src.reg == state->drap_reg) {
1414
1415 /* drap: mov %drap, disp(%rbp) */
1416 cfa->base = CFI_BP_INDIRECT;
1417 cfa->offset = op->dest.offset;
1418
1419 /* save drap so we know when to undefine it */
1420 save_reg(state, op->src.reg, CFI_CFA, op->dest.offset);
1421 }
1422
1423 else if (regs[op->src.reg].base == CFI_UNDEFINED) {
1424
1425 /* drap: mov reg, disp(%rbp) */
1426 save_reg(state, op->src.reg, CFI_BP, op->dest.offset);
1427 }
1428
1429 } else if (op->dest.reg == cfa->base) {
1430
1431 /* mov reg, disp(%rbp) */
1432 /* mov reg, disp(%rsp) */
1433 save_reg(state, op->src.reg, CFI_CFA,
1434 op->dest.offset - state->cfa.offset);
1435 }
1436
1437 break;
1438
1439 case OP_DEST_LEAVE:
1440 if ((!state->drap && cfa->base != CFI_BP) ||
1441 (state->drap && cfa->base != state->drap_reg)) {
1442 WARN_FUNC("leave instruction with modified stack frame",
1443 insn->sec, insn->offset);
1444 return -1;
1445 }
1446
1447 /* leave (mov %rbp, %rsp; pop %rbp) */
1448
1449 state->stack_size = -state->regs[CFI_BP].offset - 8;
1450 restore_reg(state, CFI_BP);
1451
1452 if (!state->drap) {
1453 cfa->base = CFI_SP;
1454 cfa->offset -= 8;
1455 }
1456
1457 break;
1458
1459 case OP_DEST_MEM:
1460 if (op->src.type != OP_SRC_POP) {
1461 WARN_FUNC("unknown stack-related memory operation",
1462 insn->sec, insn->offset);
1463 return -1;
1464 }
1465
1466 /* pop mem */
1467 state->stack_size -= 8;
1468 if (cfa->base == CFI_SP)
1469 cfa->offset -= 8;
1470
1471 break;
1472
1473 default:
1474 WARN_FUNC("unknown stack-related instruction",
1475 insn->sec, insn->offset);
1476 return -1;
1477 }
1478
1479 return 0;
1480 }
1481
1482 static bool insn_state_match(struct instruction *insn, struct insn_state *state)
1483 {
1484 struct insn_state *state1 = &insn->state, *state2 = state;
1485 int i;
1486
1487 if (memcmp(&state1->cfa, &state2->cfa, sizeof(state1->cfa))) {
1488 WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d",
1489 insn->sec, insn->offset,
1490 state1->cfa.base, state1->cfa.offset,
1491 state2->cfa.base, state2->cfa.offset);
1492
1493 } else if (memcmp(&state1->regs, &state2->regs, sizeof(state1->regs))) {
1494 for (i = 0; i < CFI_NUM_REGS; i++) {
1495 if (!memcmp(&state1->regs[i], &state2->regs[i],
1496 sizeof(struct cfi_reg)))
1497 continue;
1498
1499 WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d",
1500 insn->sec, insn->offset,
1501 i, state1->regs[i].base, state1->regs[i].offset,
1502 i, state2->regs[i].base, state2->regs[i].offset);
1503 break;
1504 }
1505
1506 } else if (state1->type != state2->type) {
1507 WARN_FUNC("stack state mismatch: type1=%d type2=%d",
1508 insn->sec, insn->offset, state1->type, state2->type);
1509
1510 } else if (state1->drap != state2->drap ||
1511 (state1->drap && state1->drap_reg != state2->drap_reg)) {
1512 WARN_FUNC("stack state mismatch: drap1=%d(%d) drap2=%d(%d)",
1513 insn->sec, insn->offset,
1514 state1->drap, state1->drap_reg,
1515 state2->drap, state2->drap_reg);
1516
1517 } else
1518 return true;
1519
1520 return false;
1521 }
1522
1523 /*
1524 * Follow the branch starting at the given instruction, and recursively follow
1525 * any other branches (jumps). Meanwhile, track the frame pointer state at
1526 * each instruction and validate all the rules described in
1527 * tools/objtool/Documentation/stack-validation.txt.
1528 */
1529 static int validate_branch(struct objtool_file *file, struct instruction *first,
1530 struct insn_state state)
1531 {
1532 struct alternative *alt;
1533 struct instruction *insn, *next_insn;
1534 struct section *sec;
1535 struct symbol *func = NULL;
1536 int ret;
1537
1538 insn = first;
1539 sec = insn->sec;
1540
1541 if (insn->alt_group && list_empty(&insn->alts)) {
1542 WARN_FUNC("don't know how to handle branch to middle of alternative instruction group",
1543 sec, insn->offset);
1544 return -1;
1545 }
1546
1547 while (1) {
1548 next_insn = next_insn_same_sec(file, insn);
1549
1550 if (file->c_file && insn->func) {
1551 if (func && func != insn->func) {
1552 WARN("%s() falls through to next function %s()",
1553 func->name, insn->func->name);
1554 return 1;
1555 }
1556 }
1557
1558 func = insn->func;
1559
1560 if (func && insn->ignore) {
1561 WARN_FUNC("BUG: why am I validating an ignored function?",
1562 sec, insn->offset);
1563 return -1;
1564 }
1565
1566 if (insn->visited) {
1567 if (!insn->hint && !insn_state_match(insn, &state))
1568 return 1;
1569
1570 return 0;
1571 }
1572
1573 if (insn->hint) {
1574 if (insn->restore) {
1575 struct instruction *save_insn, *i;
1576
1577 i = insn;
1578 save_insn = NULL;
1579 func_for_each_insn_continue_reverse(file, func, i) {
1580 if (i->save) {
1581 save_insn = i;
1582 break;
1583 }
1584 }
1585
1586 if (!save_insn) {
1587 WARN_FUNC("no corresponding CFI save for CFI restore",
1588 sec, insn->offset);
1589 return 1;
1590 }
1591
1592 if (!save_insn->visited) {
1593 /*
1594 * Oops, no state to copy yet.
1595 * Hopefully we can reach this
1596 * instruction from another branch
1597 * after the save insn has been
1598 * visited.
1599 */
1600 if (insn == first)
1601 return 0;
1602
1603 WARN_FUNC("objtool isn't smart enough to handle this CFI save/restore combo",
1604 sec, insn->offset);
1605 return 1;
1606 }
1607
1608 insn->state = save_insn->state;
1609 }
1610
1611 state = insn->state;
1612
1613 } else
1614 insn->state = state;
1615
1616 insn->visited = true;
1617
1618 list_for_each_entry(alt, &insn->alts, list) {
1619 ret = validate_branch(file, alt->insn, state);
1620 if (ret)
1621 return 1;
1622 }
1623
1624 switch (insn->type) {
1625
1626 case INSN_RETURN:
1627 if (func && has_modified_stack_frame(&state)) {
1628 WARN_FUNC("return with modified stack frame",
1629 sec, insn->offset);
1630 return 1;
1631 }
1632
1633 if (state.bp_scratch) {
1634 WARN("%s uses BP as a scratch register",
1635 insn->func->name);
1636 return 1;
1637 }
1638
1639 return 0;
1640
1641 case INSN_CALL:
1642 if (is_fentry_call(insn))
1643 break;
1644
1645 ret = dead_end_function(file, insn->call_dest);
1646 if (ret == 1)
1647 return 0;
1648 if (ret == -1)
1649 return 1;
1650
1651 /* fallthrough */
1652 case INSN_CALL_DYNAMIC:
1653 if (!nofp && func && !has_valid_stack_frame(&state)) {
1654 WARN_FUNC("call without frame pointer save/setup",
1655 sec, insn->offset);
1656 return 1;
1657 }
1658 break;
1659
1660 case INSN_JUMP_CONDITIONAL:
1661 case INSN_JUMP_UNCONDITIONAL:
1662 if (insn->jump_dest &&
1663 (!func || !insn->jump_dest->func ||
1664 func == insn->jump_dest->func)) {
1665 ret = validate_branch(file, insn->jump_dest,
1666 state);
1667 if (ret)
1668 return 1;
1669
1670 } else if (func && has_modified_stack_frame(&state)) {
1671 WARN_FUNC("sibling call from callable instruction with modified stack frame",
1672 sec, insn->offset);
1673 return 1;
1674 }
1675
1676 if (insn->type == INSN_JUMP_UNCONDITIONAL)
1677 return 0;
1678
1679 break;
1680
1681 case INSN_JUMP_DYNAMIC:
1682 if (func && list_empty(&insn->alts) &&
1683 has_modified_stack_frame(&state)) {
1684 WARN_FUNC("sibling call from callable instruction with modified stack frame",
1685 sec, insn->offset);
1686 return 1;
1687 }
1688
1689 return 0;
1690
1691 case INSN_CONTEXT_SWITCH:
1692 if (func && (!next_insn || !next_insn->hint)) {
1693 WARN_FUNC("unsupported instruction in callable function",
1694 sec, insn->offset);
1695 return 1;
1696 }
1697 return 0;
1698
1699 case INSN_STACK:
1700 if (update_insn_state(insn, &state))
1701 return -1;
1702
1703 break;
1704
1705 default:
1706 break;
1707 }
1708
1709 if (insn->dead_end)
1710 return 0;
1711
1712 if (!next_insn) {
1713 if (state.cfa.base == CFI_UNDEFINED)
1714 return 0;
1715 WARN("%s: unexpected end of section", sec->name);
1716 return 1;
1717 }
1718
1719 insn = next_insn;
1720 }
1721
1722 return 0;
1723 }
1724
1725 static int validate_unwind_hints(struct objtool_file *file)
1726 {
1727 struct instruction *insn;
1728 int ret, warnings = 0;
1729 struct insn_state state;
1730
1731 if (!file->hints)
1732 return 0;
1733
1734 clear_insn_state(&state);
1735
1736 for_each_insn(file, insn) {
1737 if (insn->hint && !insn->visited) {
1738 ret = validate_branch(file, insn, state);
1739 warnings += ret;
1740 }
1741 }
1742
1743 return warnings;
1744 }
1745
1746 static bool is_kasan_insn(struct instruction *insn)
1747 {
1748 return (insn->type == INSN_CALL &&
1749 !strcmp(insn->call_dest->name, "__asan_handle_no_return"));
1750 }
1751
1752 static bool is_ubsan_insn(struct instruction *insn)
1753 {
1754 return (insn->type == INSN_CALL &&
1755 !strcmp(insn->call_dest->name,
1756 "__ubsan_handle_builtin_unreachable"));
1757 }
1758
1759 static bool ignore_unreachable_insn(struct instruction *insn)
1760 {
1761 int i;
1762
1763 if (insn->ignore || insn->type == INSN_NOP)
1764 return true;
1765
1766 /*
1767 * Ignore any unused exceptions. This can happen when a whitelisted
1768 * function has an exception table entry.
1769 */
1770 if (!strcmp(insn->sec->name, ".fixup"))
1771 return true;
1772
1773 /*
1774 * Check if this (or a subsequent) instruction is related to
1775 * CONFIG_UBSAN or CONFIG_KASAN.
1776 *
1777 * End the search at 5 instructions to avoid going into the weeds.
1778 */
1779 if (!insn->func)
1780 return false;
1781 for (i = 0; i < 5; i++) {
1782
1783 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
1784 return true;
1785
1786 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest) {
1787 insn = insn->jump_dest;
1788 continue;
1789 }
1790
1791 if (insn->offset + insn->len >= insn->func->offset + insn->func->len)
1792 break;
1793 insn = list_next_entry(insn, list);
1794 }
1795
1796 return false;
1797 }
1798
1799 static int validate_functions(struct objtool_file *file)
1800 {
1801 struct section *sec;
1802 struct symbol *func;
1803 struct instruction *insn;
1804 struct insn_state state;
1805 int ret, warnings = 0;
1806
1807 clear_insn_state(&state);
1808
1809 state.cfa = initial_func_cfi.cfa;
1810 memcpy(&state.regs, &initial_func_cfi.regs,
1811 CFI_NUM_REGS * sizeof(struct cfi_reg));
1812 state.stack_size = initial_func_cfi.cfa.offset;
1813
1814 for_each_sec(file, sec) {
1815 list_for_each_entry(func, &sec->symbol_list, list) {
1816 if (func->type != STT_FUNC)
1817 continue;
1818
1819 insn = find_insn(file, sec, func->offset);
1820 if (!insn || insn->ignore)
1821 continue;
1822
1823 ret = validate_branch(file, insn, state);
1824 warnings += ret;
1825 }
1826 }
1827
1828 return warnings;
1829 }
1830
1831 static int validate_reachable_instructions(struct objtool_file *file)
1832 {
1833 struct instruction *insn;
1834
1835 if (file->ignore_unreachables)
1836 return 0;
1837
1838 for_each_insn(file, insn) {
1839 if (insn->visited || ignore_unreachable_insn(insn))
1840 continue;
1841
1842 /*
1843 * gcov produces a lot of unreachable instructions. If we get
1844 * an unreachable warning and the file has gcov enabled, just
1845 * ignore it, and all other such warnings for the file. Do
1846 * this here because this is an expensive function.
1847 */
1848 if (gcov_enabled(file))
1849 return 0;
1850
1851 WARN_FUNC("unreachable instruction", insn->sec, insn->offset);
1852 return 1;
1853 }
1854
1855 return 0;
1856 }
1857
1858 static void cleanup(struct objtool_file *file)
1859 {
1860 struct instruction *insn, *tmpinsn;
1861 struct alternative *alt, *tmpalt;
1862
1863 list_for_each_entry_safe(insn, tmpinsn, &file->insn_list, list) {
1864 list_for_each_entry_safe(alt, tmpalt, &insn->alts, list) {
1865 list_del(&alt->list);
1866 free(alt);
1867 }
1868 list_del(&insn->list);
1869 hash_del(&insn->hash);
1870 free(insn);
1871 }
1872 elf_close(file->elf);
1873 }
1874
1875 int check(const char *_objname, bool _nofp, bool orc)
1876 {
1877 struct objtool_file file;
1878 int ret, warnings = 0;
1879
1880 objname = _objname;
1881 nofp = _nofp;
1882
1883 file.elf = elf_open(objname, orc ? O_RDWR : O_RDONLY);
1884 if (!file.elf)
1885 return 1;
1886
1887 INIT_LIST_HEAD(&file.insn_list);
1888 hash_init(file.insn_hash);
1889 file.whitelist = find_section_by_name(file.elf, ".discard.func_stack_frame_non_standard");
1890 file.rodata = find_section_by_name(file.elf, ".rodata");
1891 file.c_file = find_section_by_name(file.elf, ".comment");
1892 file.ignore_unreachables = false;
1893 file.hints = false;
1894
1895 arch_initial_func_cfi_state(&initial_func_cfi);
1896
1897 ret = decode_sections(&file);
1898 if (ret < 0)
1899 goto out;
1900 warnings += ret;
1901
1902 if (list_empty(&file.insn_list))
1903 goto out;
1904
1905 ret = validate_functions(&file);
1906 if (ret < 0)
1907 goto out;
1908 warnings += ret;
1909
1910 ret = validate_unwind_hints(&file);
1911 if (ret < 0)
1912 goto out;
1913 warnings += ret;
1914
1915 if (!warnings) {
1916 ret = validate_reachable_instructions(&file);
1917 if (ret < 0)
1918 goto out;
1919 warnings += ret;
1920 }
1921
1922 if (orc) {
1923 ret = create_orc(&file);
1924 if (ret < 0)
1925 goto out;
1926
1927 ret = create_orc_sections(&file);
1928 if (ret < 0)
1929 goto out;
1930
1931 ret = elf_write(file.elf);
1932 if (ret < 0)
1933 goto out;
1934 }
1935
1936 out:
1937 cleanup(&file);
1938
1939 /* ignore warnings for now until we get all the code cleaned up */
1940 if (ret || warnings)
1941 return 0;
1942 return 0;
1943 }
Ubuntu Artful kernel mirror