1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2015 Josh Poimboeuf <jpoimboe@redhat.com>
9 #define unlikely(cond) (cond)
11 #include "../../../arch/x86/lib/inat.c"
12 #include "../../../arch/x86/lib/insn.c"
14 #define CONFIG_64BIT 1
17 #include <asm/orc_types.h>
18 #include <objtool/check.h>
19 #include <objtool/elf.h>
20 #include <objtool/arch.h>
21 #include <objtool/warn.h>
22 #include <objtool/endianness.h>
23 #include <objtool/builtin.h>
26 static int is_x86_64(const struct elf *elf)
28 switch (elf->ehdr.e_machine) {
34 WARN("unexpected ELF machine type %d", elf->ehdr.e_machine);
39 bool arch_callee_saved_reg(unsigned char reg)
66 unsigned long arch_dest_reloc_offset(int addend)
71 unsigned long arch_jump_destination(struct instruction *insn)
73 return insn->offset + insn->len + insn->immediate;
77 if (!(op = calloc(1, sizeof(*op)))) \
79 else for (list_add_tail(&op->list, ops_list); op; op = NULL)
82 * Helpers to decode ModRM/SIB:
84 * r/m| AX CX DX BX | SP | BP | SI DI |
85 * | R8 R9 R10 R11 | R12 | R13 | R14 R15 |
86 * Mod+----------------+-----+-----+---------+
87 * 00 | [r/m] |[SIB]|[IP+]| [r/m] |
88 * 01 | [r/m + d8] |[S+d]| [r/m + d8] |
89 * 10 | [r/m + d32] |[S+D]| [r/m + d32] |
93 #define mod_is_mem() (modrm_mod != 3)
94 #define mod_is_reg() (modrm_mod == 3)
96 #define is_RIP() ((modrm_rm & 7) == CFI_BP && modrm_mod == 0)
97 #define have_SIB() ((modrm_rm & 7) == CFI_SP && mod_is_mem())
99 #define rm_is(reg) (have_SIB() ? \
100 sib_base == (reg) && sib_index == CFI_SP : \
103 #define rm_is_mem(reg) (mod_is_mem() && !is_RIP() && rm_is(reg))
104 #define rm_is_reg(reg) (mod_is_reg() && modrm_rm == (reg))
106 static bool has_notrack_prefix(struct insn *insn)
110 for (i = 0; i < insn->prefixes.nbytes; i++) {
111 if (insn->prefixes.bytes[i] == 0x3e)
118 int arch_decode_instruction(struct objtool_file *file, const struct section *sec,
119 unsigned long offset, unsigned int maxlen,
120 unsigned int *len, enum insn_type *type,
121 unsigned long *immediate,
122 struct list_head *ops_list)
124 const struct elf *elf = file->elf;
127 unsigned char op1, op2, op3, prefix,
128 rex = 0, rex_b = 0, rex_r = 0, rex_w = 0, rex_x = 0,
129 modrm = 0, modrm_mod = 0, modrm_rm = 0, modrm_reg = 0,
130 sib = 0, /* sib_scale = 0, */ sib_index = 0, sib_base = 0;
131 struct stack_op *op = NULL;
135 x86_64 = is_x86_64(elf);
139 ret = insn_decode(&insn, sec->data->d_buf + offset, maxlen,
140 x86_64 ? INSN_MODE_64 : INSN_MODE_32);
142 WARN("can't decode instruction at %s:0x%lx", sec->name, offset);
149 if (insn.vex_prefix.nbytes)
152 prefix = insn.prefixes.bytes[0];
154 op1 = insn.opcode.bytes[0];
155 op2 = insn.opcode.bytes[1];
156 op3 = insn.opcode.bytes[2];
158 if (insn.rex_prefix.nbytes) {
159 rex = insn.rex_prefix.bytes[0];
160 rex_w = X86_REX_W(rex) >> 3;
161 rex_r = X86_REX_R(rex) >> 2;
162 rex_x = X86_REX_X(rex) >> 1;
163 rex_b = X86_REX_B(rex);
166 if (insn.modrm.nbytes) {
167 modrm = insn.modrm.bytes[0];
168 modrm_mod = X86_MODRM_MOD(modrm);
169 modrm_reg = X86_MODRM_REG(modrm) + 8*rex_r;
170 modrm_rm = X86_MODRM_RM(modrm) + 8*rex_b;
173 if (insn.sib.nbytes) {
174 sib = insn.sib.bytes[0];
175 /* sib_scale = X86_SIB_SCALE(sib); */
176 sib_index = X86_SIB_INDEX(sib) + 8*rex_x;
177 sib_base = X86_SIB_BASE(sib) + 8*rex_b;
184 if (rex_w && rm_is_reg(CFI_SP)) {
186 /* add/sub reg, %rsp */
188 op->src.type = OP_SRC_ADD;
189 op->src.reg = modrm_reg;
190 op->dest.type = OP_DEST_REG;
191 op->dest.reg = CFI_SP;
200 op->src.type = OP_SRC_REG;
201 op->src.reg = (op1 & 0x7) + 8*rex_b;
202 op->dest.type = OP_DEST_PUSH;
211 op->src.type = OP_SRC_POP;
212 op->dest.type = OP_DEST_REG;
213 op->dest.reg = (op1 & 0x7) + 8*rex_b;
222 op->src.type = OP_SRC_CONST;
223 op->dest.type = OP_DEST_PUSH;
228 *type = INSN_JUMP_CONDITIONAL;
233 * 1000 00sw : mod OP r/m : immediate
235 * s - sign extend immediate
238 * OP: 000 ADD 100 AND
248 /* %rsp target only */
249 if (!rm_is_reg(CFI_SP))
252 imm = insn.immediate.value;
253 if (op1 & 2) { /* sign extend */
254 if (op1 & 1) { /* imm32 */
256 imm = (s64)imm >> 32;
259 imm = (s64)imm >> 56;
263 switch (modrm_reg & 7) {
268 /* add/sub imm, %rsp */
270 op->src.type = OP_SRC_ADD;
271 op->src.reg = CFI_SP;
272 op->src.offset = imm;
273 op->dest.type = OP_DEST_REG;
274 op->dest.reg = CFI_SP;
281 op->src.type = OP_SRC_AND;
282 op->src.reg = CFI_SP;
283 op->src.offset = insn.immediate.value;
284 op->dest.type = OP_DEST_REG;
285 op->dest.reg = CFI_SP;
300 if (modrm_reg == CFI_SP) {
305 op->src.type = OP_SRC_REG;
306 op->src.reg = CFI_SP;
307 op->dest.type = OP_DEST_REG;
308 op->dest.reg = modrm_rm;
313 /* skip RIP relative displacement */
317 /* skip nontrivial SIB */
320 if (sib_index != CFI_SP)
324 /* mov %rsp, disp(%reg) */
326 op->src.type = OP_SRC_REG;
327 op->src.reg = CFI_SP;
328 op->dest.type = OP_DEST_REG_INDIRECT;
329 op->dest.reg = modrm_rm;
330 op->dest.offset = insn.displacement.value;
338 if (rm_is_reg(CFI_SP)) {
342 op->src.type = OP_SRC_REG;
343 op->src.reg = modrm_reg;
344 op->dest.type = OP_DEST_REG;
345 op->dest.reg = CFI_SP;
355 if (rm_is_mem(CFI_BP)) {
357 /* mov reg, disp(%rbp) */
359 op->src.type = OP_SRC_REG;
360 op->src.reg = modrm_reg;
361 op->dest.type = OP_DEST_REG_INDIRECT;
362 op->dest.reg = CFI_BP;
363 op->dest.offset = insn.displacement.value;
368 if (rm_is_mem(CFI_SP)) {
370 /* mov reg, disp(%rsp) */
372 op->src.type = OP_SRC_REG;
373 op->src.reg = modrm_reg;
374 op->dest.type = OP_DEST_REG_INDIRECT;
375 op->dest.reg = CFI_SP;
376 op->dest.offset = insn.displacement.value;
387 if (rm_is_mem(CFI_BP)) {
389 /* mov disp(%rbp), reg */
391 op->src.type = OP_SRC_REG_INDIRECT;
392 op->src.reg = CFI_BP;
393 op->src.offset = insn.displacement.value;
394 op->dest.type = OP_DEST_REG;
395 op->dest.reg = modrm_reg;
400 if (rm_is_mem(CFI_SP)) {
402 /* mov disp(%rsp), reg */
404 op->src.type = OP_SRC_REG_INDIRECT;
405 op->src.reg = CFI_SP;
406 op->src.offset = insn.displacement.value;
407 op->dest.type = OP_DEST_REG;
408 op->dest.reg = modrm_reg;
417 WARN("invalid LEA encoding at %s:0x%lx", sec->name, offset);
421 /* skip non 64bit ops */
425 /* skip RIP relative displacement */
429 /* skip nontrivial SIB */
432 if (sib_index != CFI_SP)
436 /* lea disp(%src), %dst */
438 op->src.offset = insn.displacement.value;
439 if (!op->src.offset) {
440 /* lea (%src), %dst */
441 op->src.type = OP_SRC_REG;
443 /* lea disp(%src), %dst */
444 op->src.type = OP_SRC_ADD;
446 op->src.reg = modrm_rm;
447 op->dest.type = OP_DEST_REG;
448 op->dest.reg = modrm_reg;
455 op->src.type = OP_SRC_POP;
456 op->dest.type = OP_DEST_MEM;
467 op->src.type = OP_SRC_CONST;
468 op->dest.type = OP_DEST_PUSHF;
475 op->src.type = OP_SRC_POPF;
476 op->dest.type = OP_DEST_MEM;
486 else if (modrm == 0xcb)
489 } else if (op2 >= 0x80 && op2 <= 0x8f) {
491 *type = INSN_JUMP_CONDITIONAL;
493 } else if (op2 == 0x05 || op2 == 0x07 || op2 == 0x34 ||
496 /* sysenter, sysret */
497 *type = INSN_CONTEXT_SWITCH;
499 } else if (op2 == 0x0b || op2 == 0xb9) {
504 } else if (op2 == 0x0d || op2 == 0x1f) {
509 } else if (op2 == 0x1e) {
511 if (prefix == 0xf3 && (modrm == 0xfa || modrm == 0xfb))
515 } else if (op2 == 0x38 && op3 == 0xf8) {
516 if (insn.prefixes.nbytes == 1 &&
517 insn.prefixes.bytes[0] == 0xf2) {
518 /* ENQCMD cannot be used in the kernel. */
519 WARN("ENQCMD instruction at %s:%lx", sec->name,
523 } else if (op2 == 0xa0 || op2 == 0xa8) {
527 op->src.type = OP_SRC_CONST;
528 op->dest.type = OP_DEST_PUSH;
531 } else if (op2 == 0xa1 || op2 == 0xa9) {
535 op->src.type = OP_SRC_POP;
536 op->dest.type = OP_DEST_MEM;
551 op->src.type = OP_SRC_REG;
552 op->src.reg = CFI_BP;
553 op->dest.type = OP_DEST_REG;
554 op->dest.reg = CFI_SP;
557 op->src.type = OP_SRC_POP;
558 op->dest.type = OP_DEST_REG;
559 op->dest.reg = CFI_BP;
570 *type = INSN_JUMP_CONDITIONAL;
575 *type = INSN_JUMP_UNCONDITIONAL;
583 case 0xc7: /* mov imm, r/m */
587 if (insn.length == 3+4+4 && !strncmp(sec->name, ".init.text", 10)) {
588 struct reloc *immr, *disp;
592 immr = find_reloc_by_dest(elf, (void *)sec, offset+3);
593 disp = find_reloc_by_dest(elf, (void *)sec, offset+7);
595 if (!immr || strcmp(immr->sym->name, "pv_ops"))
598 idx = (immr->addend + 8) / sizeof(void *);
601 if (disp->sym->type == STT_SECTION)
602 func = find_symbol_by_offset(disp->sym->sec, disp->addend);
604 WARN("no func for pv_ops[]");
608 objtool_pv_add(file, idx, func);
613 case 0xcf: /* iret */
615 * Handle sync_core(), which has an IRET to self.
616 * All other IRET are in STT_NONE entry code.
618 sym = find_symbol_containing(sec, offset);
619 if (sym && sym->type == STT_FUNC) {
622 op->src.type = OP_SRC_ADD;
623 op->src.reg = CFI_SP;
624 op->src.offset = 5*8;
625 op->dest.type = OP_DEST_REG;
626 op->dest.reg = CFI_SP;
633 case 0xca: /* retf */
634 case 0xcb: /* retf */
635 *type = INSN_CONTEXT_SWITCH;
641 * For the impact on the stack, a CALL behaves like
642 * a PUSH of an immediate value (the return address).
645 op->src.type = OP_SRC_CONST;
646 op->dest.type = OP_DEST_PUSH;
659 if (modrm_reg == 2 || modrm_reg == 3) {
661 *type = INSN_CALL_DYNAMIC;
662 if (has_notrack_prefix(&insn))
663 WARN("notrack prefix found at %s:0x%lx", sec->name, offset);
665 } else if (modrm_reg == 4) {
667 *type = INSN_JUMP_DYNAMIC;
668 if (has_notrack_prefix(&insn))
669 WARN("notrack prefix found at %s:0x%lx", sec->name, offset);
671 } else if (modrm_reg == 5) {
674 *type = INSN_CONTEXT_SWITCH;
676 } else if (modrm_reg == 6) {
680 op->src.type = OP_SRC_CONST;
681 op->dest.type = OP_DEST_PUSH;
691 *immediate = insn.immediate.nbytes ? insn.immediate.value : 0;
696 void arch_initial_func_cfi_state(struct cfi_init_state *state)
700 for (i = 0; i < CFI_NUM_REGS; i++) {
701 state->regs[i].base = CFI_UNDEFINED;
702 state->regs[i].offset = 0;
705 /* initial CFA (call frame address) */
706 state->cfa.base = CFI_SP;
707 state->cfa.offset = 8;
709 /* initial RA (return address) */
710 state->regs[CFI_RA].base = CFI_CFA;
711 state->regs[CFI_RA].offset = -8;
714 const char *arch_nop_insn(int len)
716 static const char nops[5][5] = {
724 if (len < 1 || len > 5) {
725 WARN("invalid NOP size: %d\n", len);
732 #define BYTE_RET 0xC3
734 const char *arch_ret_insn(int len)
736 static const char ret[5][5] = {
739 { BYTE_RET, 0xcc, BYTES_NOP1 },
740 { BYTE_RET, 0xcc, BYTES_NOP2 },
741 { BYTE_RET, 0xcc, BYTES_NOP3 },
744 if (len < 1 || len > 5) {
745 WARN("invalid RET size: %d\n", len);
752 int arch_decode_hint_reg(u8 sp_reg, int *base)
755 case ORC_REG_UNDEFINED:
756 *base = CFI_UNDEFINED;
764 case ORC_REG_SP_INDIRECT:
765 *base = CFI_SP_INDIRECT;
786 bool arch_is_retpoline(struct symbol *sym)
788 return !strncmp(sym->name, "__x86_indirect_", 15);
791 bool arch_is_rethunk(struct symbol *sym)
793 return !strcmp(sym->name, "__x86_return_thunk");
projects / linux-2.6-block.git / blob