1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
12 #include <objtool/builtin.h>
13 #include <objtool/cfi.h>
14 #include <objtool/arch.h>
15 #include <objtool/check.h>
16 #include <objtool/special.h>
17 #include <objtool/warn.h>
18 #include <objtool/endianness.h>
20 #include <linux/objtool.h>
21 #include <linux/hashtable.h>
22 #include <linux/kernel.h>
23 #include <linux/static_call_types.h>
26 struct alternative *next;
27 struct instruction *insn;
31 static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache;
33 static struct cfi_init_state initial_func_cfi;
34 static struct cfi_state init_cfi;
35 static struct cfi_state func_cfi;
37 struct instruction *find_insn(struct objtool_file *file,
38 struct section *sec, unsigned long offset)
40 struct instruction *insn;
42 hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) {
43 if (insn->sec == sec && insn->offset == offset)
50 struct instruction *next_insn_same_sec(struct objtool_file *file,
51 struct instruction *insn)
53 if (insn->idx == INSN_CHUNK_MAX)
54 return find_insn(file, insn->sec, insn->offset + insn->len);
63 static struct instruction *next_insn_same_func(struct objtool_file *file,
64 struct instruction *insn)
66 struct instruction *next = next_insn_same_sec(file, insn);
67 struct symbol *func = insn_func(insn);
72 if (next && insn_func(next) == func)
75 /* Check if we're already in the subfunction: */
76 if (func == func->cfunc)
79 /* Move to the subfunction: */
80 return find_insn(file, func->cfunc->sec, func->cfunc->offset);
83 static struct instruction *prev_insn_same_sec(struct objtool_file *file,
84 struct instruction *insn)
88 return find_insn(file, insn->sec, insn->offset - insn->prev_len);
95 static struct instruction *prev_insn_same_sym(struct objtool_file *file,
96 struct instruction *insn)
98 struct instruction *prev = prev_insn_same_sec(file, insn);
100 if (prev && insn_func(prev) == insn_func(insn))
106 #define for_each_insn(file, insn) \
107 for (struct section *__sec, *__fake = (struct section *)1; \
108 __fake; __fake = NULL) \
109 for_each_sec(file, __sec) \
110 sec_for_each_insn(file, __sec, insn)
112 #define func_for_each_insn(file, func, insn) \
113 for (insn = find_insn(file, func->sec, func->offset); \
115 insn = next_insn_same_func(file, insn))
117 #define sym_for_each_insn(file, sym, insn) \
118 for (insn = find_insn(file, sym->sec, sym->offset); \
119 insn && insn->offset < sym->offset + sym->len; \
120 insn = next_insn_same_sec(file, insn))
122 #define sym_for_each_insn_continue_reverse(file, sym, insn) \
123 for (insn = prev_insn_same_sec(file, insn); \
124 insn && insn->offset >= sym->offset; \
125 insn = prev_insn_same_sec(file, insn))
127 #define sec_for_each_insn_from(file, insn) \
128 for (; insn; insn = next_insn_same_sec(file, insn))
130 #define sec_for_each_insn_continue(file, insn) \
131 for (insn = next_insn_same_sec(file, insn); insn; \
132 insn = next_insn_same_sec(file, insn))
134 static inline struct symbol *insn_call_dest(struct instruction *insn)
136 if (insn->type == INSN_JUMP_DYNAMIC ||
137 insn->type == INSN_CALL_DYNAMIC)
140 return insn->_call_dest;
143 static inline struct reloc *insn_jump_table(struct instruction *insn)
145 if (insn->type == INSN_JUMP_DYNAMIC ||
146 insn->type == INSN_CALL_DYNAMIC)
147 return insn->_jump_table;
152 static bool is_jump_table_jump(struct instruction *insn)
154 struct alt_group *alt_group = insn->alt_group;
156 if (insn_jump_table(insn))
159 /* Retpoline alternative for a jump table? */
160 return alt_group && alt_group->orig_group &&
161 insn_jump_table(alt_group->orig_group->first_insn);
164 static bool is_sibling_call(struct instruction *insn)
167 * Assume only STT_FUNC calls have jump-tables.
169 if (insn_func(insn)) {
170 /* An indirect jump is either a sibling call or a jump to a table. */
171 if (insn->type == INSN_JUMP_DYNAMIC)
172 return !is_jump_table_jump(insn);
175 /* add_jump_destinations() sets insn_call_dest(insn) for sibling calls. */
176 return (is_static_jump(insn) && insn_call_dest(insn));
180 * This checks to see if the given function is a "noreturn" function.
182 * For global functions which are outside the scope of this object file, we
183 * have to keep a manual list of them.
185 * For local functions, we have to detect them manually by simply looking for
186 * the lack of a return instruction.
188 static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
192 struct instruction *insn;
196 * Unfortunately these have to be hard coded because the noreturn
197 * attribute isn't provided in ELF data. Keep 'em sorted.
199 static const char * const global_noreturns[] = {
201 "__module_put_and_kthread_exit",
204 "__ubsan_handle_builtin_unreachable",
205 "cpu_bringup_and_idle",
210 "ex_handler_msr_mce",
212 "kthread_complete_and_exit",
214 "kunit_try_catch_throw",
216 "machine_real_restart",
219 "rewind_stack_and_make_dead",
224 "xen_cpu_bringup_again",
231 if (func->bind == STB_WEAK)
234 if (func->bind == STB_GLOBAL)
235 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
236 if (!strcmp(func->name, global_noreturns[i]))
242 insn = find_insn(file, func->sec, func->offset);
243 if (!insn || !insn_func(insn))
246 func_for_each_insn(file, func, insn) {
249 if (insn->type == INSN_RETURN)
257 * A function can have a sibling call instead of a return. In that
258 * case, the function's dead-end status depends on whether the target
259 * of the sibling call returns.
261 func_for_each_insn(file, func, insn) {
262 if (is_sibling_call(insn)) {
263 struct instruction *dest = insn->jump_dest;
266 /* sibling call to another file */
269 /* local sibling call */
270 if (recursion == 5) {
272 * Infinite recursion: two functions have
273 * sibling calls to each other. This is a very
274 * rare case. It means they aren't dead ends.
279 return __dead_end_function(file, insn_func(dest), recursion+1);
286 static bool dead_end_function(struct objtool_file *file, struct symbol *func)
288 return __dead_end_function(file, func, 0);
291 static void init_cfi_state(struct cfi_state *cfi)
295 for (i = 0; i < CFI_NUM_REGS; i++) {
296 cfi->regs[i].base = CFI_UNDEFINED;
297 cfi->vals[i].base = CFI_UNDEFINED;
299 cfi->cfa.base = CFI_UNDEFINED;
300 cfi->drap_reg = CFI_UNDEFINED;
301 cfi->drap_offset = -1;
304 static void init_insn_state(struct objtool_file *file, struct insn_state *state,
307 memset(state, 0, sizeof(*state));
308 init_cfi_state(&state->cfi);
311 * We need the full vmlinux for noinstr validation, otherwise we can
312 * not correctly determine insn_call_dest(insn)->sec (external symbols
313 * do not have a section).
315 if (opts.link && opts.noinstr && sec)
316 state->noinstr = sec->noinstr;
319 static struct cfi_state *cfi_alloc(void)
321 struct cfi_state *cfi = calloc(sizeof(struct cfi_state), 1);
323 WARN("calloc failed");
331 static struct hlist_head *cfi_hash;
333 static inline bool cficmp(struct cfi_state *cfi1, struct cfi_state *cfi2)
335 return memcmp((void *)cfi1 + sizeof(cfi1->hash),
336 (void *)cfi2 + sizeof(cfi2->hash),
337 sizeof(struct cfi_state) - sizeof(struct hlist_node));
340 static inline u32 cfi_key(struct cfi_state *cfi)
342 return jhash((void *)cfi + sizeof(cfi->hash),
343 sizeof(*cfi) - sizeof(cfi->hash), 0);
346 static struct cfi_state *cfi_hash_find_or_add(struct cfi_state *cfi)
348 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)];
349 struct cfi_state *obj;
351 hlist_for_each_entry(obj, head, hash) {
352 if (!cficmp(cfi, obj)) {
360 hlist_add_head(&obj->hash, head);
365 static void cfi_hash_add(struct cfi_state *cfi)
367 struct hlist_head *head = &cfi_hash[hash_min(cfi_key(cfi), cfi_bits)];
369 hlist_add_head(&cfi->hash, head);
372 static void *cfi_hash_alloc(unsigned long size)
374 cfi_bits = max(10, ilog2(size));
375 cfi_hash = mmap(NULL, sizeof(struct hlist_head) << cfi_bits,
376 PROT_READ|PROT_WRITE,
377 MAP_PRIVATE|MAP_ANON, -1, 0);
378 if (cfi_hash == (void *)-1L) {
379 WARN("mmap fail cfi_hash");
381 } else if (opts.stats) {
382 printf("cfi_bits: %d\n", cfi_bits);
388 static unsigned long nr_insns;
389 static unsigned long nr_insns_visited;
392 * Call the arch-specific instruction decoder for all the instructions and add
393 * them to the global instruction list.
395 static int decode_instructions(struct objtool_file *file)
399 unsigned long offset;
400 struct instruction *insn;
403 for_each_sec(file, sec) {
404 struct instruction *insns = NULL;
408 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
411 if (strcmp(sec->name, ".altinstr_replacement") &&
412 strcmp(sec->name, ".altinstr_aux") &&
413 strncmp(sec->name, ".discard.", 9))
416 if (!strcmp(sec->name, ".noinstr.text") ||
417 !strcmp(sec->name, ".entry.text") ||
418 !strcmp(sec->name, ".cpuidle.text") ||
419 !strncmp(sec->name, ".text.__x86.", 12))
423 * .init.text code is ran before userspace and thus doesn't
424 * strictly need retpolines, except for modules which are
425 * loaded late, they very much do need retpoline in their
428 if (!strcmp(sec->name, ".init.text") && !opts.module)
431 for (offset = 0; offset < sec->sh.sh_size; offset += insn->len) {
432 if (!insns || idx == INSN_CHUNK_MAX) {
433 insns = calloc(sizeof(*insn), INSN_CHUNK_SIZE);
435 WARN("malloc failed");
445 INIT_LIST_HEAD(&insn->call_node);
447 insn->offset = offset;
448 insn->prev_len = prev_len;
450 ret = arch_decode_instruction(file, sec, offset,
451 sec->sh.sh_size - offset,
456 prev_len = insn->len;
459 * By default, "ud2" is a dead end unless otherwise
460 * annotated, because GCC 7 inserts it for certain
461 * divide-by-zero cases.
463 if (insn->type == INSN_BUG)
464 insn->dead_end = true;
466 hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset));
470 // printf("%s: last chunk used: %d\n", sec->name, (int)idx);
472 list_for_each_entry(func, &sec->symbol_list, list) {
473 if (func->type != STT_NOTYPE && func->type != STT_FUNC)
476 if (func->offset == sec->sh.sh_size) {
477 /* Heuristic: likely an "end" symbol */
478 if (func->type == STT_NOTYPE)
480 WARN("%s(): STT_FUNC at end of section",
485 if (func->return_thunk || func->alias != func)
488 if (!find_insn(file, sec, func->offset)) {
489 WARN("%s(): can't find starting instruction",
494 sym_for_each_insn(file, func, insn) {
496 if (func->type == STT_FUNC &&
497 insn->type == INSN_ENDBR &&
498 list_empty(&insn->call_node)) {
499 if (insn->offset == func->offset) {
500 list_add_tail(&insn->call_node, &file->endbr_list);
503 file->nr_endbr_int++;
511 printf("nr_insns: %lu\n", nr_insns);
517 * Read the pv_ops[] .data table to find the static initialized values.
519 static int add_pv_ops(struct objtool_file *file, const char *symname)
521 struct symbol *sym, *func;
522 unsigned long off, end;
526 sym = find_symbol_by_name(file->elf, symname);
531 end = off + sym->len;
533 rel = find_reloc_by_dest_range(file->elf, sym->sec, off, end - off);
538 if (func->type == STT_SECTION)
539 func = find_symbol_by_offset(rel->sym->sec, rel->addend);
541 idx = (rel->offset - sym->offset) / sizeof(unsigned long);
543 objtool_pv_add(file, idx, func);
545 off = rel->offset + 1;
554 * Allocate and initialize file->pv_ops[].
556 static int init_pv_ops(struct objtool_file *file)
558 static const char *pv_ops_tables[] = {
574 sym = find_symbol_by_name(file->elf, "pv_ops");
578 nr = sym->len / sizeof(unsigned long);
579 file->pv_ops = calloc(sizeof(struct pv_state), nr);
583 for (idx = 0; idx < nr; idx++)
584 INIT_LIST_HEAD(&file->pv_ops[idx].targets);
586 for (idx = 0; (pv_ops = pv_ops_tables[idx]); idx++)
587 add_pv_ops(file, pv_ops);
592 static struct instruction *find_last_insn(struct objtool_file *file,
595 struct instruction *insn = NULL;
597 unsigned int end = (sec->sh.sh_size > 10) ? sec->sh.sh_size - 10 : 0;
599 for (offset = sec->sh.sh_size - 1; offset >= end && !insn; offset--)
600 insn = find_insn(file, sec, offset);
606 * Mark "ud2" instructions and manually annotated dead ends.
608 static int add_dead_ends(struct objtool_file *file)
612 struct instruction *insn;
615 * Check for manually annotated dead ends.
617 sec = find_section_by_name(file->elf, ".rela.discard.unreachable");
621 list_for_each_entry(reloc, &sec->reloc_list, list) {
622 if (reloc->sym->type != STT_SECTION) {
623 WARN("unexpected relocation symbol type in %s", sec->name);
626 insn = find_insn(file, reloc->sym->sec, reloc->addend);
628 insn = prev_insn_same_sec(file, insn);
629 else if (reloc->addend == reloc->sym->sec->sh.sh_size) {
630 insn = find_last_insn(file, reloc->sym->sec);
632 WARN("can't find unreachable insn at %s+0x%" PRIx64,
633 reloc->sym->sec->name, reloc->addend);
637 WARN("can't find unreachable insn at %s+0x%" PRIx64,
638 reloc->sym->sec->name, reloc->addend);
642 insn->dead_end = true;
647 * These manually annotated reachable checks are needed for GCC 4.4,
648 * where the Linux unreachable() macro isn't supported. In that case
649 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's
652 sec = find_section_by_name(file->elf, ".rela.discard.reachable");
656 list_for_each_entry(reloc, &sec->reloc_list, list) {
657 if (reloc->sym->type != STT_SECTION) {
658 WARN("unexpected relocation symbol type in %s", sec->name);
661 insn = find_insn(file, reloc->sym->sec, reloc->addend);
663 insn = prev_insn_same_sec(file, insn);
664 else if (reloc->addend == reloc->sym->sec->sh.sh_size) {
665 insn = find_last_insn(file, reloc->sym->sec);
667 WARN("can't find reachable insn at %s+0x%" PRIx64,
668 reloc->sym->sec->name, reloc->addend);
672 WARN("can't find reachable insn at %s+0x%" PRIx64,
673 reloc->sym->sec->name, reloc->addend);
677 insn->dead_end = false;
683 static int create_static_call_sections(struct objtool_file *file)
686 struct static_call_site *site;
687 struct instruction *insn;
688 struct symbol *key_sym;
689 char *key_name, *tmp;
692 sec = find_section_by_name(file->elf, ".static_call_sites");
694 INIT_LIST_HEAD(&file->static_call_list);
695 WARN("file already has .static_call_sites section, skipping");
699 if (list_empty(&file->static_call_list))
703 list_for_each_entry(insn, &file->static_call_list, call_node)
706 sec = elf_create_section(file->elf, ".static_call_sites", SHF_WRITE,
707 sizeof(struct static_call_site), idx);
712 list_for_each_entry(insn, &file->static_call_list, call_node) {
714 site = (struct static_call_site *)sec->data->d_buf + idx;
715 memset(site, 0, sizeof(struct static_call_site));
717 /* populate reloc for 'addr' */
718 if (elf_add_reloc_to_insn(file->elf, sec,
719 idx * sizeof(struct static_call_site),
721 insn->sec, insn->offset))
724 /* find key symbol */
725 key_name = strdup(insn_call_dest(insn)->name);
730 if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR,
731 STATIC_CALL_TRAMP_PREFIX_LEN)) {
732 WARN("static_call: trampoline name malformed: %s", key_name);
736 tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN;
737 memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN);
739 key_sym = find_symbol_by_name(file->elf, tmp);
742 WARN("static_call: can't find static_call_key symbol: %s", tmp);
748 * For modules(), the key might not be exported, which
749 * means the module can make static calls but isn't
750 * allowed to change them.
752 * In that case we temporarily set the key to be the
753 * trampoline address. This is fixed up in
754 * static_call_add_module().
756 key_sym = insn_call_dest(insn);
760 /* populate reloc for 'key' */
761 if (elf_add_reloc(file->elf, sec,
762 idx * sizeof(struct static_call_site) + 4,
763 R_X86_64_PC32, key_sym,
764 is_sibling_call(insn) * STATIC_CALL_SITE_TAIL))
773 static int create_retpoline_sites_sections(struct objtool_file *file)
775 struct instruction *insn;
779 sec = find_section_by_name(file->elf, ".retpoline_sites");
781 WARN("file already has .retpoline_sites, skipping");
786 list_for_each_entry(insn, &file->retpoline_call_list, call_node)
792 sec = elf_create_section(file->elf, ".retpoline_sites", 0,
795 WARN("elf_create_section: .retpoline_sites");
800 list_for_each_entry(insn, &file->retpoline_call_list, call_node) {
802 int *site = (int *)sec->data->d_buf + idx;
805 if (elf_add_reloc_to_insn(file->elf, sec,
808 insn->sec, insn->offset)) {
809 WARN("elf_add_reloc_to_insn: .retpoline_sites");
819 static int create_return_sites_sections(struct objtool_file *file)
821 struct instruction *insn;
825 sec = find_section_by_name(file->elf, ".return_sites");
827 WARN("file already has .return_sites, skipping");
832 list_for_each_entry(insn, &file->return_thunk_list, call_node)
838 sec = elf_create_section(file->elf, ".return_sites", 0,
841 WARN("elf_create_section: .return_sites");
846 list_for_each_entry(insn, &file->return_thunk_list, call_node) {
848 int *site = (int *)sec->data->d_buf + idx;
851 if (elf_add_reloc_to_insn(file->elf, sec,
854 insn->sec, insn->offset)) {
855 WARN("elf_add_reloc_to_insn: .return_sites");
865 static int create_ibt_endbr_seal_sections(struct objtool_file *file)
867 struct instruction *insn;
871 sec = find_section_by_name(file->elf, ".ibt_endbr_seal");
873 WARN("file already has .ibt_endbr_seal, skipping");
878 list_for_each_entry(insn, &file->endbr_list, call_node)
882 printf("ibt: ENDBR at function start: %d\n", file->nr_endbr);
883 printf("ibt: ENDBR inside functions: %d\n", file->nr_endbr_int);
884 printf("ibt: superfluous ENDBR: %d\n", idx);
890 sec = elf_create_section(file->elf, ".ibt_endbr_seal", 0,
893 WARN("elf_create_section: .ibt_endbr_seal");
898 list_for_each_entry(insn, &file->endbr_list, call_node) {
900 int *site = (int *)sec->data->d_buf + idx;
901 struct symbol *sym = insn->sym;
904 if (opts.module && sym && sym->type == STT_FUNC &&
905 insn->offset == sym->offset &&
906 (!strcmp(sym->name, "init_module") ||
907 !strcmp(sym->name, "cleanup_module")))
908 WARN("%s(): not an indirect call target", sym->name);
910 if (elf_add_reloc_to_insn(file->elf, sec,
913 insn->sec, insn->offset)) {
914 WARN("elf_add_reloc_to_insn: .ibt_endbr_seal");
924 static int create_cfi_sections(struct objtool_file *file)
926 struct section *sec, *s;
931 sec = find_section_by_name(file->elf, ".cfi_sites");
933 INIT_LIST_HEAD(&file->call_list);
934 WARN("file already has .cfi_sites section, skipping");
939 for_each_sec(file, s) {
943 list_for_each_entry(sym, &s->symbol_list, list) {
944 if (sym->type != STT_FUNC)
947 if (strncmp(sym->name, "__cfi_", 6))
954 sec = elf_create_section(file->elf, ".cfi_sites", 0, sizeof(unsigned int), idx);
959 for_each_sec(file, s) {
963 list_for_each_entry(sym, &s->symbol_list, list) {
964 if (sym->type != STT_FUNC)
967 if (strncmp(sym->name, "__cfi_", 6))
970 loc = (unsigned int *)sec->data->d_buf + idx;
971 memset(loc, 0, sizeof(unsigned int));
973 if (elf_add_reloc_to_insn(file->elf, sec,
974 idx * sizeof(unsigned int),
986 static int create_mcount_loc_sections(struct objtool_file *file)
988 int addrsize = elf_class_addrsize(file->elf);
989 struct instruction *insn;
993 sec = find_section_by_name(file->elf, "__mcount_loc");
995 INIT_LIST_HEAD(&file->mcount_loc_list);
996 WARN("file already has __mcount_loc section, skipping");
1000 if (list_empty(&file->mcount_loc_list))
1004 list_for_each_entry(insn, &file->mcount_loc_list, call_node)
1007 sec = elf_create_section(file->elf, "__mcount_loc", 0, addrsize, idx);
1011 sec->sh.sh_addralign = addrsize;
1014 list_for_each_entry(insn, &file->mcount_loc_list, call_node) {
1017 loc = sec->data->d_buf + idx;
1018 memset(loc, 0, addrsize);
1020 if (elf_add_reloc_to_insn(file->elf, sec, idx,
1021 addrsize == sizeof(u64) ? R_ABS64 : R_ABS32,
1022 insn->sec, insn->offset))
1031 static int create_direct_call_sections(struct objtool_file *file)
1033 struct instruction *insn;
1034 struct section *sec;
1038 sec = find_section_by_name(file->elf, ".call_sites");
1040 INIT_LIST_HEAD(&file->call_list);
1041 WARN("file already has .call_sites section, skipping");
1045 if (list_empty(&file->call_list))
1049 list_for_each_entry(insn, &file->call_list, call_node)
1052 sec = elf_create_section(file->elf, ".call_sites", 0, sizeof(unsigned int), idx);
1057 list_for_each_entry(insn, &file->call_list, call_node) {
1059 loc = (unsigned int *)sec->data->d_buf + idx;
1060 memset(loc, 0, sizeof(unsigned int));
1062 if (elf_add_reloc_to_insn(file->elf, sec,
1063 idx * sizeof(unsigned int),
1065 insn->sec, insn->offset))
1075 * Warnings shouldn't be reported for ignored functions.
1077 static void add_ignores(struct objtool_file *file)
1079 struct instruction *insn;
1080 struct section *sec;
1081 struct symbol *func;
1082 struct reloc *reloc;
1084 sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard");
1088 list_for_each_entry(reloc, &sec->reloc_list, list) {
1089 switch (reloc->sym->type) {
1095 func = find_func_by_offset(reloc->sym->sec, reloc->addend);
1101 WARN("unexpected relocation symbol type in %s: %d", sec->name, reloc->sym->type);
1105 func_for_each_insn(file, func, insn)
1106 insn->ignore = true;
1111 * This is a whitelist of functions that is allowed to be called with AC set.
1112 * The list is meant to be minimal and only contains compiler instrumentation
1113 * ABI and a few functions used to implement *_{to,from}_user() functions.
1115 * These functions must not directly change AC, but may PUSHF/POPF.
1117 static const char *uaccess_safe_builtin[] = {
1120 "kasan_check_range",
1121 /* KASAN out-of-line */
1122 "__asan_loadN_noabort",
1123 "__asan_load1_noabort",
1124 "__asan_load2_noabort",
1125 "__asan_load4_noabort",
1126 "__asan_load8_noabort",
1127 "__asan_load16_noabort",
1128 "__asan_storeN_noabort",
1129 "__asan_store1_noabort",
1130 "__asan_store2_noabort",
1131 "__asan_store4_noabort",
1132 "__asan_store8_noabort",
1133 "__asan_store16_noabort",
1134 "__kasan_check_read",
1135 "__kasan_check_write",
1137 "__asan_report_load_n_noabort",
1138 "__asan_report_load1_noabort",
1139 "__asan_report_load2_noabort",
1140 "__asan_report_load4_noabort",
1141 "__asan_report_load8_noabort",
1142 "__asan_report_load16_noabort",
1143 "__asan_report_store_n_noabort",
1144 "__asan_report_store1_noabort",
1145 "__asan_report_store2_noabort",
1146 "__asan_report_store4_noabort",
1147 "__asan_report_store8_noabort",
1148 "__asan_report_store16_noabort",
1150 "__kcsan_check_access",
1155 "kcsan_found_watchpoint",
1156 "kcsan_setup_watchpoint",
1157 "kcsan_check_scoped_accesses",
1158 "kcsan_disable_current",
1159 "kcsan_enable_current_nowarn",
1161 "__tsan_func_entry",
1163 "__tsan_read_range",
1164 "__tsan_write_range",
1175 "__tsan_read_write1",
1176 "__tsan_read_write2",
1177 "__tsan_read_write4",
1178 "__tsan_read_write8",
1179 "__tsan_read_write16",
1180 "__tsan_volatile_read1",
1181 "__tsan_volatile_read2",
1182 "__tsan_volatile_read4",
1183 "__tsan_volatile_read8",
1184 "__tsan_volatile_read16",
1185 "__tsan_volatile_write1",
1186 "__tsan_volatile_write2",
1187 "__tsan_volatile_write4",
1188 "__tsan_volatile_write8",
1189 "__tsan_volatile_write16",
1190 "__tsan_atomic8_load",
1191 "__tsan_atomic16_load",
1192 "__tsan_atomic32_load",
1193 "__tsan_atomic64_load",
1194 "__tsan_atomic8_store",
1195 "__tsan_atomic16_store",
1196 "__tsan_atomic32_store",
1197 "__tsan_atomic64_store",
1198 "__tsan_atomic8_exchange",
1199 "__tsan_atomic16_exchange",
1200 "__tsan_atomic32_exchange",
1201 "__tsan_atomic64_exchange",
1202 "__tsan_atomic8_fetch_add",
1203 "__tsan_atomic16_fetch_add",
1204 "__tsan_atomic32_fetch_add",
1205 "__tsan_atomic64_fetch_add",
1206 "__tsan_atomic8_fetch_sub",
1207 "__tsan_atomic16_fetch_sub",
1208 "__tsan_atomic32_fetch_sub",
1209 "__tsan_atomic64_fetch_sub",
1210 "__tsan_atomic8_fetch_and",
1211 "__tsan_atomic16_fetch_and",
1212 "__tsan_atomic32_fetch_and",
1213 "__tsan_atomic64_fetch_and",
1214 "__tsan_atomic8_fetch_or",
1215 "__tsan_atomic16_fetch_or",
1216 "__tsan_atomic32_fetch_or",
1217 "__tsan_atomic64_fetch_or",
1218 "__tsan_atomic8_fetch_xor",
1219 "__tsan_atomic16_fetch_xor",
1220 "__tsan_atomic32_fetch_xor",
1221 "__tsan_atomic64_fetch_xor",
1222 "__tsan_atomic8_fetch_nand",
1223 "__tsan_atomic16_fetch_nand",
1224 "__tsan_atomic32_fetch_nand",
1225 "__tsan_atomic64_fetch_nand",
1226 "__tsan_atomic8_compare_exchange_strong",
1227 "__tsan_atomic16_compare_exchange_strong",
1228 "__tsan_atomic32_compare_exchange_strong",
1229 "__tsan_atomic64_compare_exchange_strong",
1230 "__tsan_atomic8_compare_exchange_weak",
1231 "__tsan_atomic16_compare_exchange_weak",
1232 "__tsan_atomic32_compare_exchange_weak",
1233 "__tsan_atomic64_compare_exchange_weak",
1234 "__tsan_atomic8_compare_exchange_val",
1235 "__tsan_atomic16_compare_exchange_val",
1236 "__tsan_atomic32_compare_exchange_val",
1237 "__tsan_atomic64_compare_exchange_val",
1238 "__tsan_atomic_thread_fence",
1239 "__tsan_atomic_signal_fence",
1243 "__sanitizer_cov_trace_pc",
1244 "__sanitizer_cov_trace_const_cmp1",
1245 "__sanitizer_cov_trace_const_cmp2",
1246 "__sanitizer_cov_trace_const_cmp4",
1247 "__sanitizer_cov_trace_const_cmp8",
1248 "__sanitizer_cov_trace_cmp1",
1249 "__sanitizer_cov_trace_cmp2",
1250 "__sanitizer_cov_trace_cmp4",
1251 "__sanitizer_cov_trace_cmp8",
1252 "__sanitizer_cov_trace_switch",
1254 "kmsan_copy_to_user",
1256 "kmsan_unpoison_entry_regs",
1257 "kmsan_unpoison_memory",
1258 "__msan_chain_origin",
1259 "__msan_get_context_state",
1260 "__msan_instrument_asm_store",
1261 "__msan_metadata_ptr_for_load_1",
1262 "__msan_metadata_ptr_for_load_2",
1263 "__msan_metadata_ptr_for_load_4",
1264 "__msan_metadata_ptr_for_load_8",
1265 "__msan_metadata_ptr_for_load_n",
1266 "__msan_metadata_ptr_for_store_1",
1267 "__msan_metadata_ptr_for_store_2",
1268 "__msan_metadata_ptr_for_store_4",
1269 "__msan_metadata_ptr_for_store_8",
1270 "__msan_metadata_ptr_for_store_n",
1271 "__msan_poison_alloca",
1274 "ubsan_type_mismatch_common",
1275 "__ubsan_handle_type_mismatch",
1276 "__ubsan_handle_type_mismatch_v1",
1277 "__ubsan_handle_shift_out_of_bounds",
1278 "__ubsan_handle_load_invalid_value",
1280 "csum_partial_copy_generic",
1282 "copy_mc_fragile_handle_tail",
1283 "copy_mc_enhanced_fast_string",
1284 "ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */
1286 "clear_user_rep_good",
1287 "clear_user_original",
1291 static void add_uaccess_safe(struct objtool_file *file)
1293 struct symbol *func;
1299 for (name = uaccess_safe_builtin; *name; name++) {
1300 func = find_symbol_by_name(file->elf, *name);
1304 func->uaccess_safe = true;
1309 * FIXME: For now, just ignore any alternatives which add retpolines. This is
1310 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline.
1311 * But it at least allows objtool to understand the control flow *around* the
1314 static int add_ignore_alternatives(struct objtool_file *file)
1316 struct section *sec;
1317 struct reloc *reloc;
1318 struct instruction *insn;
1320 sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts");
1324 list_for_each_entry(reloc, &sec->reloc_list, list) {
1325 if (reloc->sym->type != STT_SECTION) {
1326 WARN("unexpected relocation symbol type in %s", sec->name);
1330 insn = find_insn(file, reloc->sym->sec, reloc->addend);
1332 WARN("bad .discard.ignore_alts entry");
1336 insn->ignore_alts = true;
1342 __weak bool arch_is_retpoline(struct symbol *sym)
1347 __weak bool arch_is_rethunk(struct symbol *sym)
1352 static struct reloc *insn_reloc(struct objtool_file *file, struct instruction *insn)
1354 struct reloc *reloc;
1362 reloc = find_reloc_by_dest_range(file->elf, insn->sec,
1363 insn->offset, insn->len);
1372 static void remove_insn_ops(struct instruction *insn)
1374 struct stack_op *op, *next;
1376 for (op = insn->stack_ops; op; op = next) {
1380 insn->stack_ops = NULL;
1383 static void annotate_call_site(struct objtool_file *file,
1384 struct instruction *insn, bool sibling)
1386 struct reloc *reloc = insn_reloc(file, insn);
1387 struct symbol *sym = insn_call_dest(insn);
1393 * Alternative replacement code is just template code which is
1394 * sometimes copied to the original instruction. For now, don't
1395 * annotate it. (In the future we might consider annotating the
1396 * original instruction if/when it ever makes sense to do so.)
1398 if (!strcmp(insn->sec->name, ".altinstr_replacement"))
1401 if (sym->static_call_tramp) {
1402 list_add_tail(&insn->call_node, &file->static_call_list);
1406 if (sym->retpoline_thunk) {
1407 list_add_tail(&insn->call_node, &file->retpoline_call_list);
1412 * Many compilers cannot disable KCOV or sanitizer calls with a function
1413 * attribute so they need a little help, NOP out any such calls from
1416 if (opts.hack_noinstr && insn->sec->noinstr && sym->profiling_func) {
1418 reloc->type = R_NONE;
1419 elf_write_reloc(file->elf, reloc);
1422 elf_write_insn(file->elf, insn->sec,
1423 insn->offset, insn->len,
1424 sibling ? arch_ret_insn(insn->len)
1425 : arch_nop_insn(insn->len));
1427 insn->type = sibling ? INSN_RETURN : INSN_NOP;
1431 * We've replaced the tail-call JMP insn by two new
1432 * insn: RET; INT3, except we only have a single struct
1433 * insn here. Mark it retpoline_safe to avoid the SLS
1434 * warning, instead of adding another insn.
1436 insn->retpoline_safe = true;
1442 if (opts.mcount && sym->fentry) {
1444 WARN_FUNC("Tail call to __fentry__ !?!?", insn->sec, insn->offset);
1447 reloc->type = R_NONE;
1448 elf_write_reloc(file->elf, reloc);
1451 elf_write_insn(file->elf, insn->sec,
1452 insn->offset, insn->len,
1453 arch_nop_insn(insn->len));
1455 insn->type = INSN_NOP;
1458 list_add_tail(&insn->call_node, &file->mcount_loc_list);
1462 if (insn->type == INSN_CALL && !insn->sec->init)
1463 list_add_tail(&insn->call_node, &file->call_list);
1465 if (!sibling && dead_end_function(file, sym))
1466 insn->dead_end = true;
1469 static void add_call_dest(struct objtool_file *file, struct instruction *insn,
1470 struct symbol *dest, bool sibling)
1472 insn->_call_dest = dest;
1477 * Whatever stack impact regular CALLs have, should be undone
1478 * by the RETURN of the called function.
1480 * Annotated intra-function calls retain the stack_ops but
1481 * are converted to JUMP, see read_intra_function_calls().
1483 remove_insn_ops(insn);
1485 annotate_call_site(file, insn, sibling);
1488 static void add_retpoline_call(struct objtool_file *file, struct instruction *insn)
1491 * Retpoline calls/jumps are really dynamic calls/jumps in disguise,
1492 * so convert them accordingly.
1494 switch (insn->type) {
1496 insn->type = INSN_CALL_DYNAMIC;
1498 case INSN_JUMP_UNCONDITIONAL:
1499 insn->type = INSN_JUMP_DYNAMIC;
1501 case INSN_JUMP_CONDITIONAL:
1502 insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL;
1508 insn->retpoline_safe = true;
1511 * Whatever stack impact regular CALLs have, should be undone
1512 * by the RETURN of the called function.
1514 * Annotated intra-function calls retain the stack_ops but
1515 * are converted to JUMP, see read_intra_function_calls().
1517 remove_insn_ops(insn);
1519 annotate_call_site(file, insn, false);
1522 static void add_return_call(struct objtool_file *file, struct instruction *insn, bool add)
1525 * Return thunk tail calls are really just returns in disguise,
1526 * so convert them accordingly.
1528 insn->type = INSN_RETURN;
1529 insn->retpoline_safe = true;
1532 list_add_tail(&insn->call_node, &file->return_thunk_list);
1535 static bool is_first_func_insn(struct objtool_file *file,
1536 struct instruction *insn, struct symbol *sym)
1538 if (insn->offset == sym->offset)
1541 /* Allow direct CALL/JMP past ENDBR */
1543 struct instruction *prev = prev_insn_same_sym(file, insn);
1545 if (prev && prev->type == INSN_ENDBR &&
1546 insn->offset == sym->offset + prev->len)
1554 * A sibling call is a tail-call to another symbol -- to differentiate from a
1555 * recursive tail-call which is to the same symbol.
1557 static bool jump_is_sibling_call(struct objtool_file *file,
1558 struct instruction *from, struct instruction *to)
1560 struct symbol *fs = from->sym;
1561 struct symbol *ts = to->sym;
1563 /* Not a sibling call if from/to a symbol hole */
1567 /* Not a sibling call if not targeting the start of a symbol. */
1568 if (!is_first_func_insn(file, to, ts))
1571 /* Disallow sibling calls into STT_NOTYPE */
1572 if (ts->type == STT_NOTYPE)
1575 /* Must not be self to be a sibling */
1576 return fs->pfunc != ts->pfunc;
1580 * Find the destination instructions for all jumps.
1582 static int add_jump_destinations(struct objtool_file *file)
1584 struct instruction *insn, *jump_dest;
1585 struct reloc *reloc;
1586 struct section *dest_sec;
1587 unsigned long dest_off;
1589 for_each_insn(file, insn) {
1590 if (insn->jump_dest) {
1592 * handle_group_alt() may have previously set
1593 * 'jump_dest' for some alternatives.
1597 if (!is_static_jump(insn))
1600 reloc = insn_reloc(file, insn);
1602 dest_sec = insn->sec;
1603 dest_off = arch_jump_destination(insn);
1604 } else if (reloc->sym->type == STT_SECTION) {
1605 dest_sec = reloc->sym->sec;
1606 dest_off = arch_dest_reloc_offset(reloc->addend);
1607 } else if (reloc->sym->retpoline_thunk) {
1608 add_retpoline_call(file, insn);
1610 } else if (reloc->sym->return_thunk) {
1611 add_return_call(file, insn, true);
1613 } else if (insn_func(insn)) {
1615 * External sibling call or internal sibling call with
1618 add_call_dest(file, insn, reloc->sym, true);
1620 } else if (reloc->sym->sec->idx) {
1621 dest_sec = reloc->sym->sec;
1622 dest_off = reloc->sym->sym.st_value +
1623 arch_dest_reloc_offset(reloc->addend);
1625 /* non-func asm code jumping to another file */
1629 jump_dest = find_insn(file, dest_sec, dest_off);
1631 struct symbol *sym = find_symbol_by_offset(dest_sec, dest_off);
1634 * This is a special case for zen_untrain_ret().
1635 * It jumps to __x86_return_thunk(), but objtool
1636 * can't find the thunk's starting RET
1637 * instruction, because the RET is also in the
1638 * middle of another instruction. Objtool only
1639 * knows about the outer instruction.
1641 if (sym && sym->return_thunk) {
1642 add_return_call(file, insn, false);
1646 WARN_FUNC("can't find jump dest instruction at %s+0x%lx",
1647 insn->sec, insn->offset, dest_sec->name,
1653 * Cross-function jump.
1655 if (insn_func(insn) && insn_func(jump_dest) &&
1656 insn_func(insn) != insn_func(jump_dest)) {
1659 * For GCC 8+, create parent/child links for any cold
1660 * subfunctions. This is _mostly_ redundant with a
1661 * similar initialization in read_symbols().
1663 * If a function has aliases, we want the *first* such
1664 * function in the symbol table to be the subfunction's
1665 * parent. In that case we overwrite the
1666 * initialization done in read_symbols().
1668 * However this code can't completely replace the
1669 * read_symbols() code because this doesn't detect the
1670 * case where the parent function's only reference to a
1671 * subfunction is through a jump table.
1673 if (!strstr(insn_func(insn)->name, ".cold") &&
1674 strstr(insn_func(jump_dest)->name, ".cold")) {
1675 insn_func(insn)->cfunc = insn_func(jump_dest);
1676 insn_func(jump_dest)->pfunc = insn_func(insn);
1680 if (jump_is_sibling_call(file, insn, jump_dest)) {
1682 * Internal sibling call without reloc or with
1683 * STT_SECTION reloc.
1685 add_call_dest(file, insn, insn_func(jump_dest), true);
1689 insn->jump_dest = jump_dest;
1695 static struct symbol *find_call_destination(struct section *sec, unsigned long offset)
1697 struct symbol *call_dest;
1699 call_dest = find_func_by_offset(sec, offset);
1701 call_dest = find_symbol_by_offset(sec, offset);
1707 * Find the destination instructions for all calls.
1709 static int add_call_destinations(struct objtool_file *file)
1711 struct instruction *insn;
1712 unsigned long dest_off;
1713 struct symbol *dest;
1714 struct reloc *reloc;
1716 for_each_insn(file, insn) {
1717 if (insn->type != INSN_CALL)
1720 reloc = insn_reloc(file, insn);
1722 dest_off = arch_jump_destination(insn);
1723 dest = find_call_destination(insn->sec, dest_off);
1725 add_call_dest(file, insn, dest, false);
1730 if (!insn_call_dest(insn)) {
1731 WARN_FUNC("unannotated intra-function call", insn->sec, insn->offset);
1735 if (insn_func(insn) && insn_call_dest(insn)->type != STT_FUNC) {
1736 WARN_FUNC("unsupported call to non-function",
1737 insn->sec, insn->offset);
1741 } else if (reloc->sym->type == STT_SECTION) {
1742 dest_off = arch_dest_reloc_offset(reloc->addend);
1743 dest = find_call_destination(reloc->sym->sec, dest_off);
1745 WARN_FUNC("can't find call dest symbol at %s+0x%lx",
1746 insn->sec, insn->offset,
1747 reloc->sym->sec->name,
1752 add_call_dest(file, insn, dest, false);
1754 } else if (reloc->sym->retpoline_thunk) {
1755 add_retpoline_call(file, insn);
1758 add_call_dest(file, insn, reloc->sym, false);
1765 * The .alternatives section requires some extra special care over and above
1766 * other special sections because alternatives are patched in place.
1768 static int handle_group_alt(struct objtool_file *file,
1769 struct special_alt *special_alt,
1770 struct instruction *orig_insn,
1771 struct instruction **new_insn)
1773 struct instruction *last_new_insn = NULL, *insn, *nop = NULL;
1774 struct alt_group *orig_alt_group, *new_alt_group;
1775 unsigned long dest_off;
1777 orig_alt_group = orig_insn->alt_group;
1778 if (!orig_alt_group) {
1779 struct instruction *last_orig_insn = NULL;
1781 orig_alt_group = malloc(sizeof(*orig_alt_group));
1782 if (!orig_alt_group) {
1783 WARN("malloc failed");
1786 orig_alt_group->cfi = calloc(special_alt->orig_len,
1787 sizeof(struct cfi_state *));
1788 if (!orig_alt_group->cfi) {
1789 WARN("calloc failed");
1794 sec_for_each_insn_from(file, insn) {
1795 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
1798 insn->alt_group = orig_alt_group;
1799 last_orig_insn = insn;
1801 orig_alt_group->orig_group = NULL;
1802 orig_alt_group->first_insn = orig_insn;
1803 orig_alt_group->last_insn = last_orig_insn;
1804 orig_alt_group->nop = NULL;
1806 if (orig_alt_group->last_insn->offset + orig_alt_group->last_insn->len -
1807 orig_alt_group->first_insn->offset != special_alt->orig_len) {
1808 WARN_FUNC("weirdly overlapping alternative! %ld != %d",
1809 orig_insn->sec, orig_insn->offset,
1810 orig_alt_group->last_insn->offset +
1811 orig_alt_group->last_insn->len -
1812 orig_alt_group->first_insn->offset,
1813 special_alt->orig_len);
1818 new_alt_group = malloc(sizeof(*new_alt_group));
1819 if (!new_alt_group) {
1820 WARN("malloc failed");
1824 if (special_alt->new_len < special_alt->orig_len) {
1826 * Insert a fake nop at the end to make the replacement
1827 * alt_group the same size as the original. This is needed to
1828 * allow propagate_alt_cfi() to do its magic. When the last
1829 * instruction affects the stack, the instruction after it (the
1830 * nop) will propagate the new state to the shared CFI array.
1832 nop = malloc(sizeof(*nop));
1834 WARN("malloc failed");
1837 memset(nop, 0, sizeof(*nop));
1839 nop->sec = special_alt->new_sec;
1840 nop->offset = special_alt->new_off + special_alt->new_len;
1841 nop->len = special_alt->orig_len - special_alt->new_len;
1842 nop->type = INSN_NOP;
1843 nop->sym = orig_insn->sym;
1844 nop->alt_group = new_alt_group;
1845 nop->ignore = orig_insn->ignore_alts;
1848 if (!special_alt->new_len) {
1854 sec_for_each_insn_from(file, insn) {
1855 struct reloc *alt_reloc;
1857 if (insn->offset >= special_alt->new_off + special_alt->new_len)
1860 last_new_insn = insn;
1862 insn->ignore = orig_insn->ignore_alts;
1863 insn->sym = orig_insn->sym;
1864 insn->alt_group = new_alt_group;
1867 * Since alternative replacement code is copy/pasted by the
1868 * kernel after applying relocations, generally such code can't
1869 * have relative-address relocation references to outside the
1870 * .altinstr_replacement section, unless the arch's
1871 * alternatives code can adjust the relative offsets
1874 alt_reloc = insn_reloc(file, insn);
1875 if (alt_reloc && arch_pc_relative_reloc(alt_reloc) &&
1876 !arch_support_alt_relocation(special_alt, insn, alt_reloc)) {
1878 WARN_FUNC("unsupported relocation in alternatives section",
1879 insn->sec, insn->offset);
1883 if (!is_static_jump(insn))
1886 if (!insn->immediate)
1889 dest_off = arch_jump_destination(insn);
1890 if (dest_off == special_alt->new_off + special_alt->new_len) {
1891 insn->jump_dest = next_insn_same_sec(file, orig_alt_group->last_insn);
1892 if (!insn->jump_dest) {
1893 WARN_FUNC("can't find alternative jump destination",
1894 insn->sec, insn->offset);
1900 if (!last_new_insn) {
1901 WARN_FUNC("can't find last new alternative instruction",
1902 special_alt->new_sec, special_alt->new_off);
1907 new_alt_group->orig_group = orig_alt_group;
1908 new_alt_group->first_insn = *new_insn;
1909 new_alt_group->last_insn = last_new_insn;
1910 new_alt_group->nop = nop;
1911 new_alt_group->cfi = orig_alt_group->cfi;
1916 * A jump table entry can either convert a nop to a jump or a jump to a nop.
1917 * If the original instruction is a jump, make the alt entry an effective nop
1918 * by just skipping the original instruction.
1920 static int handle_jump_alt(struct objtool_file *file,
1921 struct special_alt *special_alt,
1922 struct instruction *orig_insn,
1923 struct instruction **new_insn)
1925 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL &&
1926 orig_insn->type != INSN_NOP) {
1928 WARN_FUNC("unsupported instruction at jump label",
1929 orig_insn->sec, orig_insn->offset);
1933 if (opts.hack_jump_label && special_alt->key_addend & 2) {
1934 struct reloc *reloc = insn_reloc(file, orig_insn);
1937 reloc->type = R_NONE;
1938 elf_write_reloc(file->elf, reloc);
1940 elf_write_insn(file->elf, orig_insn->sec,
1941 orig_insn->offset, orig_insn->len,
1942 arch_nop_insn(orig_insn->len));
1943 orig_insn->type = INSN_NOP;
1946 if (orig_insn->type == INSN_NOP) {
1947 if (orig_insn->len == 2)
1948 file->jl_nop_short++;
1950 file->jl_nop_long++;
1955 if (orig_insn->len == 2)
1960 *new_insn = next_insn_same_sec(file, orig_insn);
1965 * Read all the special sections which have alternate instructions which can be
1966 * patched in or redirected to at runtime. Each instruction having alternate
1967 * instruction(s) has them added to its insn->alts list, which will be
1968 * traversed in validate_branch().
1970 static int add_special_section_alts(struct objtool_file *file)
1972 struct list_head special_alts;
1973 struct instruction *orig_insn, *new_insn;
1974 struct special_alt *special_alt, *tmp;
1975 struct alternative *alt;
1978 ret = special_get_alts(file->elf, &special_alts);
1982 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
1984 orig_insn = find_insn(file, special_alt->orig_sec,
1985 special_alt->orig_off);
1987 WARN_FUNC("special: can't find orig instruction",
1988 special_alt->orig_sec, special_alt->orig_off);
1994 if (!special_alt->group || special_alt->new_len) {
1995 new_insn = find_insn(file, special_alt->new_sec,
1996 special_alt->new_off);
1998 WARN_FUNC("special: can't find new instruction",
1999 special_alt->new_sec,
2000 special_alt->new_off);
2006 if (special_alt->group) {
2007 if (!special_alt->orig_len) {
2008 WARN_FUNC("empty alternative entry",
2009 orig_insn->sec, orig_insn->offset);
2013 ret = handle_group_alt(file, special_alt, orig_insn,
2017 } else if (special_alt->jump_or_nop) {
2018 ret = handle_jump_alt(file, special_alt, orig_insn,
2024 alt = malloc(sizeof(*alt));
2026 WARN("malloc failed");
2031 alt->insn = new_insn;
2032 alt->skip_orig = special_alt->skip_orig;
2033 orig_insn->ignore_alts |= special_alt->skip_alt;
2034 alt->next = orig_insn->alts;
2035 orig_insn->alts = alt;
2037 list_del(&special_alt->list);
2042 printf("jl\\\tNOP\tJMP\n");
2043 printf("short:\t%ld\t%ld\n", file->jl_nop_short, file->jl_short);
2044 printf("long:\t%ld\t%ld\n", file->jl_nop_long, file->jl_long);
2051 static int add_jump_table(struct objtool_file *file, struct instruction *insn,
2052 struct reloc *table)
2054 struct reloc *reloc = table;
2055 struct instruction *dest_insn;
2056 struct alternative *alt;
2057 struct symbol *pfunc = insn_func(insn)->pfunc;
2058 unsigned int prev_offset = 0;
2061 * Each @reloc is a switch table relocation which points to the target
2064 list_for_each_entry_from(reloc, &table->sec->reloc_list, list) {
2066 /* Check for the end of the table: */
2067 if (reloc != table && reloc->jump_table_start)
2070 /* Make sure the table entries are consecutive: */
2071 if (prev_offset && reloc->offset != prev_offset + 8)
2074 /* Detect function pointers from contiguous objects: */
2075 if (reloc->sym->sec == pfunc->sec &&
2076 reloc->addend == pfunc->offset)
2079 dest_insn = find_insn(file, reloc->sym->sec, reloc->addend);
2083 /* Make sure the destination is in the same function: */
2084 if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc != pfunc)
2087 alt = malloc(sizeof(*alt));
2089 WARN("malloc failed");
2093 alt->insn = dest_insn;
2094 alt->next = insn->alts;
2096 prev_offset = reloc->offset;
2100 WARN_FUNC("can't find switch jump table",
2101 insn->sec, insn->offset);
2109 * find_jump_table() - Given a dynamic jump, find the switch jump table
2110 * associated with it.
2112 static struct reloc *find_jump_table(struct objtool_file *file,
2113 struct symbol *func,
2114 struct instruction *insn)
2116 struct reloc *table_reloc;
2117 struct instruction *dest_insn, *orig_insn = insn;
2120 * Backward search using the @first_jump_src links, these help avoid
2121 * much of the 'in between' code. Which avoids us getting confused by
2125 insn && insn_func(insn) && insn_func(insn)->pfunc == func;
2126 insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) {
2128 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC)
2131 /* allow small jumps within the range */
2132 if (insn->type == INSN_JUMP_UNCONDITIONAL &&
2134 (insn->jump_dest->offset <= insn->offset ||
2135 insn->jump_dest->offset > orig_insn->offset))
2138 table_reloc = arch_find_switch_table(file, insn);
2141 dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend);
2142 if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != func)
2152 * First pass: Mark the head of each jump table so that in the next pass,
2153 * we know when a given jump table ends and the next one starts.
2155 static void mark_func_jump_tables(struct objtool_file *file,
2156 struct symbol *func)
2158 struct instruction *insn, *last = NULL;
2159 struct reloc *reloc;
2161 func_for_each_insn(file, func, insn) {
2166 * Store back-pointers for unconditional forward jumps such
2167 * that find_jump_table() can back-track using those and
2168 * avoid some potentially confusing code.
2170 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest &&
2171 insn->offset > last->offset &&
2172 insn->jump_dest->offset > insn->offset &&
2173 !insn->jump_dest->first_jump_src) {
2175 insn->jump_dest->first_jump_src = insn;
2176 last = insn->jump_dest;
2179 if (insn->type != INSN_JUMP_DYNAMIC)
2182 reloc = find_jump_table(file, func, insn);
2184 reloc->jump_table_start = true;
2185 insn->_jump_table = reloc;
2190 static int add_func_jump_tables(struct objtool_file *file,
2191 struct symbol *func)
2193 struct instruction *insn;
2196 func_for_each_insn(file, func, insn) {
2197 if (!insn_jump_table(insn))
2200 ret = add_jump_table(file, insn, insn_jump_table(insn));
2209 * For some switch statements, gcc generates a jump table in the .rodata
2210 * section which contains a list of addresses within the function to jump to.
2211 * This finds these jump tables and adds them to the insn->alts lists.
2213 static int add_jump_table_alts(struct objtool_file *file)
2215 struct section *sec;
2216 struct symbol *func;
2222 for_each_sec(file, sec) {
2223 list_for_each_entry(func, &sec->symbol_list, list) {
2224 if (func->type != STT_FUNC)
2227 mark_func_jump_tables(file, func);
2228 ret = add_func_jump_tables(file, func);
2237 static void set_func_state(struct cfi_state *state)
2239 state->cfa = initial_func_cfi.cfa;
2240 memcpy(&state->regs, &initial_func_cfi.regs,
2241 CFI_NUM_REGS * sizeof(struct cfi_reg));
2242 state->stack_size = initial_func_cfi.cfa.offset;
2245 static int read_unwind_hints(struct objtool_file *file)
2247 struct cfi_state cfi = init_cfi;
2248 struct section *sec, *relocsec;
2249 struct unwind_hint *hint;
2250 struct instruction *insn;
2251 struct reloc *reloc;
2254 sec = find_section_by_name(file->elf, ".discard.unwind_hints");
2258 relocsec = sec->reloc;
2260 WARN("missing .rela.discard.unwind_hints section");
2264 if (sec->sh.sh_size % sizeof(struct unwind_hint)) {
2265 WARN("struct unwind_hint size mismatch");
2271 for (i = 0; i < sec->sh.sh_size / sizeof(struct unwind_hint); i++) {
2272 hint = (struct unwind_hint *)sec->data->d_buf + i;
2274 reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint));
2276 WARN("can't find reloc for unwind_hints[%d]", i);
2280 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2282 WARN("can't find insn for unwind_hints[%d]", i);
2288 if (hint->type == UNWIND_HINT_TYPE_SAVE) {
2294 if (hint->type == UNWIND_HINT_TYPE_RESTORE) {
2295 insn->restore = true;
2299 if (hint->type == UNWIND_HINT_TYPE_REGS_PARTIAL) {
2300 struct symbol *sym = find_symbol_by_offset(insn->sec, insn->offset);
2302 if (sym && sym->bind == STB_GLOBAL) {
2303 if (opts.ibt && insn->type != INSN_ENDBR && !insn->noendbr) {
2304 WARN_FUNC("UNWIND_HINT_IRET_REGS without ENDBR",
2305 insn->sec, insn->offset);
2312 if (hint->type == UNWIND_HINT_TYPE_ENTRY) {
2313 hint->type = UNWIND_HINT_TYPE_CALL;
2317 if (hint->type == UNWIND_HINT_TYPE_FUNC) {
2318 insn->cfi = &func_cfi;
2325 if (arch_decode_hint_reg(hint->sp_reg, &cfi.cfa.base)) {
2326 WARN_FUNC("unsupported unwind_hint sp base reg %d",
2327 insn->sec, insn->offset, hint->sp_reg);
2331 cfi.cfa.offset = bswap_if_needed(file->elf, hint->sp_offset);
2332 cfi.type = hint->type;
2333 cfi.end = hint->end;
2335 insn->cfi = cfi_hash_find_or_add(&cfi);
2341 static int read_noendbr_hints(struct objtool_file *file)
2343 struct section *sec;
2344 struct instruction *insn;
2345 struct reloc *reloc;
2347 sec = find_section_by_name(file->elf, ".rela.discard.noendbr");
2351 list_for_each_entry(reloc, &sec->reloc_list, list) {
2352 insn = find_insn(file, reloc->sym->sec, reloc->sym->offset + reloc->addend);
2354 WARN("bad .discard.noendbr entry");
2364 static int read_retpoline_hints(struct objtool_file *file)
2366 struct section *sec;
2367 struct instruction *insn;
2368 struct reloc *reloc;
2370 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe");
2374 list_for_each_entry(reloc, &sec->reloc_list, list) {
2375 if (reloc->sym->type != STT_SECTION) {
2376 WARN("unexpected relocation symbol type in %s", sec->name);
2380 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2382 WARN("bad .discard.retpoline_safe entry");
2386 if (insn->type != INSN_JUMP_DYNAMIC &&
2387 insn->type != INSN_CALL_DYNAMIC &&
2388 insn->type != INSN_RETURN &&
2389 insn->type != INSN_NOP) {
2390 WARN_FUNC("retpoline_safe hint not an indirect jump/call/ret/nop",
2391 insn->sec, insn->offset);
2395 insn->retpoline_safe = true;
2401 static int read_instr_hints(struct objtool_file *file)
2403 struct section *sec;
2404 struct instruction *insn;
2405 struct reloc *reloc;
2407 sec = find_section_by_name(file->elf, ".rela.discard.instr_end");
2411 list_for_each_entry(reloc, &sec->reloc_list, list) {
2412 if (reloc->sym->type != STT_SECTION) {
2413 WARN("unexpected relocation symbol type in %s", sec->name);
2417 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2419 WARN("bad .discard.instr_end entry");
2426 sec = find_section_by_name(file->elf, ".rela.discard.instr_begin");
2430 list_for_each_entry(reloc, &sec->reloc_list, list) {
2431 if (reloc->sym->type != STT_SECTION) {
2432 WARN("unexpected relocation symbol type in %s", sec->name);
2436 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2438 WARN("bad .discard.instr_begin entry");
2448 static int read_intra_function_calls(struct objtool_file *file)
2450 struct instruction *insn;
2451 struct section *sec;
2452 struct reloc *reloc;
2454 sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls");
2458 list_for_each_entry(reloc, &sec->reloc_list, list) {
2459 unsigned long dest_off;
2461 if (reloc->sym->type != STT_SECTION) {
2462 WARN("unexpected relocation symbol type in %s",
2467 insn = find_insn(file, reloc->sym->sec, reloc->addend);
2469 WARN("bad .discard.intra_function_call entry");
2473 if (insn->type != INSN_CALL) {
2474 WARN_FUNC("intra_function_call not a direct call",
2475 insn->sec, insn->offset);
2480 * Treat intra-function CALLs as JMPs, but with a stack_op.
2481 * See add_call_destinations(), which strips stack_ops from
2484 insn->type = INSN_JUMP_UNCONDITIONAL;
2486 dest_off = arch_jump_destination(insn);
2487 insn->jump_dest = find_insn(file, insn->sec, dest_off);
2488 if (!insn->jump_dest) {
2489 WARN_FUNC("can't find call dest at %s+0x%lx",
2490 insn->sec, insn->offset,
2491 insn->sec->name, dest_off);
2500 * Return true if name matches an instrumentation function, where calls to that
2501 * function from noinstr code can safely be removed, but compilers won't do so.
2503 static bool is_profiling_func(const char *name)
2506 * Many compilers cannot disable KCOV with a function attribute.
2508 if (!strncmp(name, "__sanitizer_cov_", 16))
2512 * Some compilers currently do not remove __tsan_func_entry/exit nor
2513 * __tsan_atomic_signal_fence (used for barrier instrumentation) with
2514 * the __no_sanitize_thread attribute, remove them. Once the kernel's
2515 * minimum Clang version is 14.0, this can be removed.
2517 if (!strncmp(name, "__tsan_func_", 12) ||
2518 !strcmp(name, "__tsan_atomic_signal_fence"))
2524 static int classify_symbols(struct objtool_file *file)
2526 struct section *sec;
2527 struct symbol *func;
2529 for_each_sec(file, sec) {
2530 list_for_each_entry(func, &sec->symbol_list, list) {
2531 if (func->bind != STB_GLOBAL)
2534 if (!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR,
2535 strlen(STATIC_CALL_TRAMP_PREFIX_STR)))
2536 func->static_call_tramp = true;
2538 if (arch_is_retpoline(func))
2539 func->retpoline_thunk = true;
2541 if (arch_is_rethunk(func))
2542 func->return_thunk = true;
2544 if (arch_ftrace_match(func->name))
2545 func->fentry = true;
2547 if (is_profiling_func(func->name))
2548 func->profiling_func = true;
2555 static void mark_rodata(struct objtool_file *file)
2557 struct section *sec;
2561 * Search for the following rodata sections, each of which can
2562 * potentially contain jump tables:
2564 * - .rodata: can contain GCC switch tables
2565 * - .rodata.<func>: same, if -fdata-sections is being used
2566 * - .rodata..c_jump_table: contains C annotated jump tables
2568 * .rodata.str1.* sections are ignored; they don't contain jump tables.
2570 for_each_sec(file, sec) {
2571 if (!strncmp(sec->name, ".rodata", 7) &&
2572 !strstr(sec->name, ".str1.")) {
2578 file->rodata = found;
2581 static int decode_sections(struct objtool_file *file)
2587 ret = init_pv_ops(file);
2592 * Must be before add_{jump_call}_destination.
2594 ret = classify_symbols(file);
2598 ret = decode_instructions(file);
2603 add_uaccess_safe(file);
2605 ret = add_ignore_alternatives(file);
2610 * Must be before read_unwind_hints() since that needs insn->noendbr.
2612 ret = read_noendbr_hints(file);
2617 * Must be before add_jump_destinations(), which depends on 'func'
2618 * being set for alternatives, to enable proper sibling call detection.
2620 if (opts.stackval || opts.orc || opts.uaccess || opts.noinstr) {
2621 ret = add_special_section_alts(file);
2626 ret = add_jump_destinations(file);
2631 * Must be before add_call_destination(); it changes INSN_CALL to
2634 ret = read_intra_function_calls(file);
2638 ret = add_call_destinations(file);
2643 * Must be after add_call_destinations() such that it can override
2644 * dead_end_function() marks.
2646 ret = add_dead_ends(file);
2650 ret = add_jump_table_alts(file);
2654 ret = read_unwind_hints(file);
2658 ret = read_retpoline_hints(file);
2662 ret = read_instr_hints(file);
2669 static bool is_fentry_call(struct instruction *insn)
2671 if (insn->type == INSN_CALL &&
2672 insn_call_dest(insn) &&
2673 insn_call_dest(insn)->fentry)
2679 static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state)
2681 struct cfi_state *cfi = &state->cfi;
2684 if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap)
2687 if (cfi->cfa.offset != initial_func_cfi.cfa.offset)
2690 if (cfi->stack_size != initial_func_cfi.cfa.offset)
2693 for (i = 0; i < CFI_NUM_REGS; i++) {
2694 if (cfi->regs[i].base != initial_func_cfi.regs[i].base ||
2695 cfi->regs[i].offset != initial_func_cfi.regs[i].offset)
2702 static bool check_reg_frame_pos(const struct cfi_reg *reg,
2703 int expected_offset)
2705 return reg->base == CFI_CFA &&
2706 reg->offset == expected_offset;
2709 static bool has_valid_stack_frame(struct insn_state *state)
2711 struct cfi_state *cfi = &state->cfi;
2713 if (cfi->cfa.base == CFI_BP &&
2714 check_reg_frame_pos(&cfi->regs[CFI_BP], -cfi->cfa.offset) &&
2715 check_reg_frame_pos(&cfi->regs[CFI_RA], -cfi->cfa.offset + 8))
2718 if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP)
2724 static int update_cfi_state_regs(struct instruction *insn,
2725 struct cfi_state *cfi,
2726 struct stack_op *op)
2728 struct cfi_reg *cfa = &cfi->cfa;
2730 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT)
2734 if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF)
2738 if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF)
2741 /* add immediate to sp */
2742 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD &&
2743 op->dest.reg == CFI_SP && op->src.reg == CFI_SP)
2744 cfa->offset -= op->src.offset;
2749 static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset)
2751 if (arch_callee_saved_reg(reg) &&
2752 cfi->regs[reg].base == CFI_UNDEFINED) {
2753 cfi->regs[reg].base = base;
2754 cfi->regs[reg].offset = offset;
2758 static void restore_reg(struct cfi_state *cfi, unsigned char reg)
2760 cfi->regs[reg].base = initial_func_cfi.regs[reg].base;
2761 cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset;
2765 * A note about DRAP stack alignment:
2767 * GCC has the concept of a DRAP register, which is used to help keep track of
2768 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP
2769 * register. The typical DRAP pattern is:
2771 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10
2772 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
2773 * 41 ff 72 f8 pushq -0x8(%r10)
2775 * 48 89 e5 mov %rsp,%rbp
2782 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2785 * There are some variations in the epilogues, like:
2793 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2798 * 4c 8b 55 e8 mov -0x18(%rbp),%r10
2799 * 48 8b 5d e0 mov -0x20(%rbp),%rbx
2800 * 4c 8b 65 f0 mov -0x10(%rbp),%r12
2801 * 4c 8b 6d f8 mov -0x8(%rbp),%r13
2803 * 49 8d 62 f8 lea -0x8(%r10),%rsp
2806 * Sometimes r13 is used as the DRAP register, in which case it's saved and
2807 * restored beforehand:
2810 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13
2811 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
2813 * 49 8d 65 f0 lea -0x10(%r13),%rsp
2817 static int update_cfi_state(struct instruction *insn,
2818 struct instruction *next_insn,
2819 struct cfi_state *cfi, struct stack_op *op)
2821 struct cfi_reg *cfa = &cfi->cfa;
2822 struct cfi_reg *regs = cfi->regs;
2824 /* stack operations don't make sense with an undefined CFA */
2825 if (cfa->base == CFI_UNDEFINED) {
2826 if (insn_func(insn)) {
2827 WARN_FUNC("undefined stack state", insn->sec, insn->offset);
2833 if (cfi->type == UNWIND_HINT_TYPE_REGS ||
2834 cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL)
2835 return update_cfi_state_regs(insn, cfi, op);
2837 switch (op->dest.type) {
2840 switch (op->src.type) {
2843 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP &&
2844 cfa->base == CFI_SP &&
2845 check_reg_frame_pos(®s[CFI_BP], -cfa->offset)) {
2847 /* mov %rsp, %rbp */
2848 cfa->base = op->dest.reg;
2849 cfi->bp_scratch = false;
2852 else if (op->src.reg == CFI_SP &&
2853 op->dest.reg == CFI_BP && cfi->drap) {
2855 /* drap: mov %rsp, %rbp */
2856 regs[CFI_BP].base = CFI_BP;
2857 regs[CFI_BP].offset = -cfi->stack_size;
2858 cfi->bp_scratch = false;
2861 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
2866 * This is needed for the rare case where GCC
2873 cfi->vals[op->dest.reg].base = CFI_CFA;
2874 cfi->vals[op->dest.reg].offset = -cfi->stack_size;
2877 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP &&
2878 (cfa->base == CFI_BP || cfa->base == cfi->drap_reg)) {
2883 * Restore the original stack pointer (Clang).
2885 cfi->stack_size = -cfi->regs[CFI_BP].offset;
2888 else if (op->dest.reg == cfa->base) {
2890 /* mov %reg, %rsp */
2891 if (cfa->base == CFI_SP &&
2892 cfi->vals[op->src.reg].base == CFI_CFA) {
2895 * This is needed for the rare case
2896 * where GCC does something dumb like:
2898 * lea 0x8(%rsp), %rcx
2902 cfa->offset = -cfi->vals[op->src.reg].offset;
2903 cfi->stack_size = cfa->offset;
2905 } else if (cfa->base == CFI_SP &&
2906 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT &&
2907 cfi->vals[op->src.reg].offset == cfa->offset) {
2912 * 1: mov %rsp, (%[tos])
2913 * 2: mov %[tos], %rsp
2919 * 1 - places a pointer to the previous
2920 * stack at the Top-of-Stack of the
2923 * 2 - switches to the new stack.
2925 * 3 - pops the Top-of-Stack to restore
2926 * the original stack.
2928 * Note: we set base to SP_INDIRECT
2929 * here and preserve offset. Therefore
2930 * when the unwinder reaches ToS it
2931 * will dereference SP and then add the
2932 * offset to find the next frame, IOW:
2935 cfa->base = CFI_SP_INDIRECT;
2938 cfa->base = CFI_UNDEFINED;
2943 else if (op->dest.reg == CFI_SP &&
2944 cfi->vals[op->src.reg].base == CFI_SP_INDIRECT &&
2945 cfi->vals[op->src.reg].offset == cfa->offset) {
2948 * The same stack swizzle case 2) as above. But
2949 * because we can't change cfa->base, case 3)
2950 * will become a regular POP. Pretend we're a
2951 * PUSH so things don't go unbalanced.
2953 cfi->stack_size += 8;
2960 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) {
2963 cfi->stack_size -= op->src.offset;
2964 if (cfa->base == CFI_SP)
2965 cfa->offset -= op->src.offset;
2969 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) {
2971 /* lea disp(%rbp), %rsp */
2972 cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset);
2976 if (!cfi->drap && op->src.reg == CFI_SP &&
2977 op->dest.reg == CFI_BP && cfa->base == CFI_SP &&
2978 check_reg_frame_pos(®s[CFI_BP], -cfa->offset + op->src.offset)) {
2980 /* lea disp(%rsp), %rbp */
2982 cfa->offset -= op->src.offset;
2983 cfi->bp_scratch = false;
2987 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
2989 /* drap: lea disp(%rsp), %drap */
2990 cfi->drap_reg = op->dest.reg;
2993 * lea disp(%rsp), %reg
2995 * This is needed for the rare case where GCC
2996 * does something dumb like:
2998 * lea 0x8(%rsp), %rcx
3002 cfi->vals[op->dest.reg].base = CFI_CFA;
3003 cfi->vals[op->dest.reg].offset = \
3004 -cfi->stack_size + op->src.offset;
3009 if (cfi->drap && op->dest.reg == CFI_SP &&
3010 op->src.reg == cfi->drap_reg) {
3012 /* drap: lea disp(%drap), %rsp */
3014 cfa->offset = cfi->stack_size = -op->src.offset;
3015 cfi->drap_reg = CFI_UNDEFINED;
3020 if (op->dest.reg == cfi->cfa.base && !(next_insn && next_insn->hint)) {
3021 WARN_FUNC("unsupported stack register modification",
3022 insn->sec, insn->offset);
3029 if (op->dest.reg != CFI_SP ||
3030 (cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) ||
3031 (cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) {
3032 WARN_FUNC("unsupported stack pointer realignment",
3033 insn->sec, insn->offset);
3037 if (cfi->drap_reg != CFI_UNDEFINED) {
3038 /* drap: and imm, %rsp */
3039 cfa->base = cfi->drap_reg;
3040 cfa->offset = cfi->stack_size = 0;
3045 * Older versions of GCC (4.8ish) realign the stack
3046 * without DRAP, with a frame pointer.
3053 if (op->dest.reg == CFI_SP && cfa->base == CFI_SP_INDIRECT) {
3055 /* pop %rsp; # restore from a stack swizzle */
3060 if (!cfi->drap && op->dest.reg == cfa->base) {
3066 if (cfi->drap && cfa->base == CFI_BP_INDIRECT &&
3067 op->dest.reg == cfi->drap_reg &&
3068 cfi->drap_offset == -cfi->stack_size) {
3070 /* drap: pop %drap */
3071 cfa->base = cfi->drap_reg;
3073 cfi->drap_offset = -1;
3075 } else if (cfi->stack_size == -regs[op->dest.reg].offset) {
3078 restore_reg(cfi, op->dest.reg);
3081 cfi->stack_size -= 8;
3082 if (cfa->base == CFI_SP)
3087 case OP_SRC_REG_INDIRECT:
3088 if (!cfi->drap && op->dest.reg == cfa->base &&
3089 op->dest.reg == CFI_BP) {
3091 /* mov disp(%rsp), %rbp */
3093 cfa->offset = cfi->stack_size;
3096 if (cfi->drap && op->src.reg == CFI_BP &&
3097 op->src.offset == cfi->drap_offset) {
3099 /* drap: mov disp(%rbp), %drap */
3100 cfa->base = cfi->drap_reg;
3102 cfi->drap_offset = -1;
3105 if (cfi->drap && op->src.reg == CFI_BP &&
3106 op->src.offset == regs[op->dest.reg].offset) {
3108 /* drap: mov disp(%rbp), %reg */
3109 restore_reg(cfi, op->dest.reg);
3111 } else if (op->src.reg == cfa->base &&
3112 op->src.offset == regs[op->dest.reg].offset + cfa->offset) {
3114 /* mov disp(%rbp), %reg */
3115 /* mov disp(%rsp), %reg */
3116 restore_reg(cfi, op->dest.reg);
3118 } else if (op->src.reg == CFI_SP &&
3119 op->src.offset == regs[op->dest.reg].offset + cfi->stack_size) {
3121 /* mov disp(%rsp), %reg */
3122 restore_reg(cfi, op->dest.reg);
3128 WARN_FUNC("unknown stack-related instruction",
3129 insn->sec, insn->offset);
3137 cfi->stack_size += 8;
3138 if (cfa->base == CFI_SP)
3141 if (op->src.type != OP_SRC_REG)
3145 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
3147 /* drap: push %drap */
3148 cfa->base = CFI_BP_INDIRECT;
3149 cfa->offset = -cfi->stack_size;
3151 /* save drap so we know when to restore it */
3152 cfi->drap_offset = -cfi->stack_size;
3154 } else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) {
3156 /* drap: push %rbp */
3157 cfi->stack_size = 0;
3161 /* drap: push %reg */
3162 save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size);
3168 save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size);
3171 /* detect when asm code uses rbp as a scratch register */
3172 if (opts.stackval && insn_func(insn) && op->src.reg == CFI_BP &&
3173 cfa->base != CFI_BP)
3174 cfi->bp_scratch = true;
3177 case OP_DEST_REG_INDIRECT:
3180 if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
3182 /* drap: mov %drap, disp(%rbp) */
3183 cfa->base = CFI_BP_INDIRECT;
3184 cfa->offset = op->dest.offset;
3186 /* save drap offset so we know when to restore it */
3187 cfi->drap_offset = op->dest.offset;
3190 /* drap: mov reg, disp(%rbp) */
3191 save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset);
3194 } else if (op->dest.reg == cfa->base) {
3196 /* mov reg, disp(%rbp) */
3197 /* mov reg, disp(%rsp) */
3198 save_reg(cfi, op->src.reg, CFI_CFA,
3199 op->dest.offset - cfi->cfa.offset);
3201 } else if (op->dest.reg == CFI_SP) {
3203 /* mov reg, disp(%rsp) */
3204 save_reg(cfi, op->src.reg, CFI_CFA,
3205 op->dest.offset - cfi->stack_size);
3207 } else if (op->src.reg == CFI_SP && op->dest.offset == 0) {
3209 /* mov %rsp, (%reg); # setup a stack swizzle. */
3210 cfi->vals[op->dest.reg].base = CFI_SP_INDIRECT;
3211 cfi->vals[op->dest.reg].offset = cfa->offset;
3217 if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) {
3218 WARN_FUNC("unknown stack-related memory operation",
3219 insn->sec, insn->offset);
3224 cfi->stack_size -= 8;
3225 if (cfa->base == CFI_SP)
3231 WARN_FUNC("unknown stack-related instruction",
3232 insn->sec, insn->offset);
3240 * The stack layouts of alternatives instructions can sometimes diverge when
3241 * they have stack modifications. That's fine as long as the potential stack
3242 * layouts don't conflict at any given potential instruction boundary.
3244 * Flatten the CFIs of the different alternative code streams (both original
3245 * and replacement) into a single shared CFI array which can be used to detect
3246 * conflicts and nicely feed a linear array of ORC entries to the unwinder.
3248 static int propagate_alt_cfi(struct objtool_file *file, struct instruction *insn)
3250 struct cfi_state **alt_cfi;
3253 if (!insn->alt_group)
3257 WARN("CFI missing");
3261 alt_cfi = insn->alt_group->cfi;
3262 group_off = insn->offset - insn->alt_group->first_insn->offset;
3264 if (!alt_cfi[group_off]) {
3265 alt_cfi[group_off] = insn->cfi;
3267 if (cficmp(alt_cfi[group_off], insn->cfi)) {
3268 struct alt_group *orig_group = insn->alt_group->orig_group ?: insn->alt_group;
3269 struct instruction *orig = orig_group->first_insn;
3270 char *where = offstr(insn->sec, insn->offset);
3271 WARN_FUNC("stack layout conflict in alternatives: %s",
3272 orig->sec, orig->offset, where);
3281 static int handle_insn_ops(struct instruction *insn,
3282 struct instruction *next_insn,
3283 struct insn_state *state)
3285 struct stack_op *op;
3287 for (op = insn->stack_ops; op; op = op->next) {
3289 if (update_cfi_state(insn, next_insn, &state->cfi, op))
3292 if (!insn->alt_group)
3295 if (op->dest.type == OP_DEST_PUSHF) {
3296 if (!state->uaccess_stack) {
3297 state->uaccess_stack = 1;
3298 } else if (state->uaccess_stack >> 31) {
3299 WARN_FUNC("PUSHF stack exhausted",
3300 insn->sec, insn->offset);
3303 state->uaccess_stack <<= 1;
3304 state->uaccess_stack |= state->uaccess;
3307 if (op->src.type == OP_SRC_POPF) {
3308 if (state->uaccess_stack) {
3309 state->uaccess = state->uaccess_stack & 1;
3310 state->uaccess_stack >>= 1;
3311 if (state->uaccess_stack == 1)
3312 state->uaccess_stack = 0;
3320 static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2)
3322 struct cfi_state *cfi1 = insn->cfi;
3326 WARN("CFI missing");
3330 if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) {
3332 WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d",
3333 insn->sec, insn->offset,
3334 cfi1->cfa.base, cfi1->cfa.offset,
3335 cfi2->cfa.base, cfi2->cfa.offset);
3337 } else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) {
3338 for (i = 0; i < CFI_NUM_REGS; i++) {
3339 if (!memcmp(&cfi1->regs[i], &cfi2->regs[i],
3340 sizeof(struct cfi_reg)))
3343 WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d",
3344 insn->sec, insn->offset,
3345 i, cfi1->regs[i].base, cfi1->regs[i].offset,
3346 i, cfi2->regs[i].base, cfi2->regs[i].offset);
3350 } else if (cfi1->type != cfi2->type) {
3352 WARN_FUNC("stack state mismatch: type1=%d type2=%d",
3353 insn->sec, insn->offset, cfi1->type, cfi2->type);
3355 } else if (cfi1->drap != cfi2->drap ||
3356 (cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) ||
3357 (cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) {
3359 WARN_FUNC("stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)",
3360 insn->sec, insn->offset,
3361 cfi1->drap, cfi1->drap_reg, cfi1->drap_offset,
3362 cfi2->drap, cfi2->drap_reg, cfi2->drap_offset);
3370 static inline bool func_uaccess_safe(struct symbol *func)
3373 return func->uaccess_safe;
3378 static inline const char *call_dest_name(struct instruction *insn)
3380 static char pvname[19];
3384 if (insn_call_dest(insn))
3385 return insn_call_dest(insn)->name;
3387 rel = insn_reloc(NULL, insn);
3388 if (rel && !strcmp(rel->sym->name, "pv_ops")) {
3389 idx = (rel->addend / sizeof(void *));
3390 snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx);
3397 static bool pv_call_dest(struct objtool_file *file, struct instruction *insn)
3399 struct symbol *target;
3403 rel = insn_reloc(file, insn);
3404 if (!rel || strcmp(rel->sym->name, "pv_ops"))
3407 idx = (arch_dest_reloc_offset(rel->addend) / sizeof(void *));
3409 if (file->pv_ops[idx].clean)
3412 file->pv_ops[idx].clean = true;
3414 list_for_each_entry(target, &file->pv_ops[idx].targets, pv_target) {
3415 if (!target->sec->noinstr) {
3416 WARN("pv_ops[%d]: %s", idx, target->name);
3417 file->pv_ops[idx].clean = false;
3421 return file->pv_ops[idx].clean;
3424 static inline bool noinstr_call_dest(struct objtool_file *file,
3425 struct instruction *insn,
3426 struct symbol *func)
3429 * We can't deal with indirect function calls at present;
3430 * assume they're instrumented.
3434 return pv_call_dest(file, insn);
3440 * If the symbol is from a noinstr section; we good.
3442 if (func->sec->noinstr)
3446 * If the symbol is a static_call trampoline, we can't tell.
3448 if (func->static_call_tramp)
3452 * The __ubsan_handle_*() calls are like WARN(), they only happen when
3453 * something 'BAD' happened. At the risk of taking the machine down,
3454 * let them proceed to get the message out.
3456 if (!strncmp(func->name, "__ubsan_handle_", 15))
3462 static int validate_call(struct objtool_file *file,
3463 struct instruction *insn,
3464 struct insn_state *state)
3466 if (state->noinstr && state->instr <= 0 &&
3467 !noinstr_call_dest(file, insn, insn_call_dest(insn))) {
3468 WARN_FUNC("call to %s() leaves .noinstr.text section",
3469 insn->sec, insn->offset, call_dest_name(insn));
3473 if (state->uaccess && !func_uaccess_safe(insn_call_dest(insn))) {
3474 WARN_FUNC("call to %s() with UACCESS enabled",
3475 insn->sec, insn->offset, call_dest_name(insn));
3480 WARN_FUNC("call to %s() with DF set",
3481 insn->sec, insn->offset, call_dest_name(insn));
3488 static int validate_sibling_call(struct objtool_file *file,
3489 struct instruction *insn,
3490 struct insn_state *state)
3492 if (insn_func(insn) && has_modified_stack_frame(insn, state)) {
3493 WARN_FUNC("sibling call from callable instruction with modified stack frame",
3494 insn->sec, insn->offset);
3498 return validate_call(file, insn, state);
3501 static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state)
3503 if (state->noinstr && state->instr > 0) {
3504 WARN_FUNC("return with instrumentation enabled",
3505 insn->sec, insn->offset);
3509 if (state->uaccess && !func_uaccess_safe(func)) {
3510 WARN_FUNC("return with UACCESS enabled",
3511 insn->sec, insn->offset);
3515 if (!state->uaccess && func_uaccess_safe(func)) {
3516 WARN_FUNC("return with UACCESS disabled from a UACCESS-safe function",
3517 insn->sec, insn->offset);
3522 WARN_FUNC("return with DF set",
3523 insn->sec, insn->offset);
3527 if (func && has_modified_stack_frame(insn, state)) {
3528 WARN_FUNC("return with modified stack frame",
3529 insn->sec, insn->offset);
3533 if (state->cfi.bp_scratch) {
3534 WARN_FUNC("BP used as a scratch register",
3535 insn->sec, insn->offset);
3542 static struct instruction *next_insn_to_validate(struct objtool_file *file,
3543 struct instruction *insn)
3545 struct alt_group *alt_group = insn->alt_group;
3548 * Simulate the fact that alternatives are patched in-place. When the
3549 * end of a replacement alt_group is reached, redirect objtool flow to
3550 * the end of the original alt_group.
3552 * insn->alts->insn -> alt_group->first_insn
3554 * alt_group->last_insn
3555 * [alt_group->nop] -> next(orig_group->last_insn)
3558 if (alt_group->nop) {
3559 /* ->nop implies ->orig_group */
3560 if (insn == alt_group->last_insn)
3561 return alt_group->nop;
3562 if (insn == alt_group->nop)
3565 if (insn == alt_group->last_insn && alt_group->orig_group)
3569 return next_insn_same_sec(file, insn);
3572 return next_insn_same_sec(file, alt_group->orig_group->last_insn);
3576 * Follow the branch starting at the given instruction, and recursively follow
3577 * any other branches (jumps). Meanwhile, track the frame pointer state at
3578 * each instruction and validate all the rules described in
3579 * tools/objtool/Documentation/objtool.txt.
3581 static int validate_branch(struct objtool_file *file, struct symbol *func,
3582 struct instruction *insn, struct insn_state state)
3584 struct alternative *alt;
3585 struct instruction *next_insn, *prev_insn = NULL;
3586 struct section *sec;
3593 next_insn = next_insn_to_validate(file, insn);
3595 if (func && insn_func(insn) && func != insn_func(insn)->pfunc) {
3596 /* Ignore KCFI type preambles, which always fall through */
3597 if (!strncmp(func->name, "__cfi_", 6) ||
3598 !strncmp(func->name, "__pfx_", 6))
3601 WARN("%s() falls through to next function %s()",
3602 func->name, insn_func(insn)->name);
3606 if (func && insn->ignore) {
3607 WARN_FUNC("BUG: why am I validating an ignored function?",
3612 visited = VISITED_BRANCH << state.uaccess;
3613 if (insn->visited & VISITED_BRANCH_MASK) {
3614 if (!insn->hint && !insn_cfi_match(insn, &state.cfi))
3617 if (insn->visited & visited)
3624 state.instr += insn->instr;
3627 if (insn->restore) {
3628 struct instruction *save_insn, *i;
3633 sym_for_each_insn_continue_reverse(file, func, i) {
3641 WARN_FUNC("no corresponding CFI save for CFI restore",
3646 if (!save_insn->visited) {
3647 WARN_FUNC("objtool isn't smart enough to handle this CFI save/restore combo",
3652 insn->cfi = save_insn->cfi;
3656 state.cfi = *insn->cfi;
3658 /* XXX track if we actually changed state.cfi */
3660 if (prev_insn && !cficmp(prev_insn->cfi, &state.cfi)) {
3661 insn->cfi = prev_insn->cfi;
3664 insn->cfi = cfi_hash_find_or_add(&state.cfi);
3668 insn->visited |= visited;
3670 if (propagate_alt_cfi(file, insn))
3673 if (!insn->ignore_alts && insn->alts) {
3674 bool skip_orig = false;
3676 for (alt = insn->alts; alt; alt = alt->next) {
3680 ret = validate_branch(file, func, alt->insn, state);
3683 BT_FUNC("(alt)", insn);
3692 if (handle_insn_ops(insn, next_insn, &state))
3695 switch (insn->type) {
3698 return validate_return(func, insn, &state);
3701 case INSN_CALL_DYNAMIC:
3702 ret = validate_call(file, insn, &state);
3706 if (opts.stackval && func && !is_fentry_call(insn) &&
3707 !has_valid_stack_frame(&state)) {
3708 WARN_FUNC("call without frame pointer save/setup",
3718 case INSN_JUMP_CONDITIONAL:
3719 case INSN_JUMP_UNCONDITIONAL:
3720 if (is_sibling_call(insn)) {
3721 ret = validate_sibling_call(file, insn, &state);
3725 } else if (insn->jump_dest) {
3726 ret = validate_branch(file, func,
3727 insn->jump_dest, state);
3730 BT_FUNC("(branch)", insn);
3735 if (insn->type == INSN_JUMP_UNCONDITIONAL)
3740 case INSN_JUMP_DYNAMIC:
3741 case INSN_JUMP_DYNAMIC_CONDITIONAL:
3742 if (is_sibling_call(insn)) {
3743 ret = validate_sibling_call(file, insn, &state);
3748 if (insn->type == INSN_JUMP_DYNAMIC)
3753 case INSN_CONTEXT_SWITCH:
3754 if (func && (!next_insn || !next_insn->hint)) {
3755 WARN_FUNC("unsupported instruction in callable function",
3762 if (state.uaccess) {
3763 WARN_FUNC("recursive UACCESS enable", sec, insn->offset);
3767 state.uaccess = true;
3771 if (!state.uaccess && func) {
3772 WARN_FUNC("redundant UACCESS disable", sec, insn->offset);
3776 if (func_uaccess_safe(func) && !state.uaccess_stack) {
3777 WARN_FUNC("UACCESS-safe disables UACCESS", sec, insn->offset);
3781 state.uaccess = false;
3786 WARN_FUNC("recursive STD", sec, insn->offset);
3794 if (!state.df && func) {
3795 WARN_FUNC("redundant CLD", sec, insn->offset);
3810 if (state.cfi.cfa.base == CFI_UNDEFINED)
3812 WARN("%s: unexpected end of section", sec->name);
3823 static int validate_unwind_hint(struct objtool_file *file,
3824 struct instruction *insn,
3825 struct insn_state *state)
3827 if (insn->hint && !insn->visited && !insn->ignore) {
3828 int ret = validate_branch(file, insn_func(insn), insn, *state);
3829 if (ret && opts.backtrace)
3830 BT_FUNC("<=== (hint)", insn);
3837 static int validate_unwind_hints(struct objtool_file *file, struct section *sec)
3839 struct instruction *insn;
3840 struct insn_state state;
3846 init_insn_state(file, &state, sec);
3849 sec_for_each_insn(file, sec, insn)
3850 warnings += validate_unwind_hint(file, insn, &state);
3852 for_each_insn(file, insn)
3853 warnings += validate_unwind_hint(file, insn, &state);
3860 * Validate rethunk entry constraint: must untrain RET before the first RET.
3862 * Follow every branch (intra-function) and ensure ANNOTATE_UNRET_END comes
3863 * before an actual RET instruction.
3865 static int validate_entry(struct objtool_file *file, struct instruction *insn)
3867 struct instruction *next, *dest;
3868 int ret, warnings = 0;
3871 next = next_insn_to_validate(file, insn);
3873 if (insn->visited & VISITED_ENTRY)
3876 insn->visited |= VISITED_ENTRY;
3878 if (!insn->ignore_alts && insn->alts) {
3879 struct alternative *alt;
3880 bool skip_orig = false;
3882 for (alt = insn->alts; alt; alt = alt->next) {
3886 ret = validate_entry(file, alt->insn);
3889 BT_FUNC("(alt)", insn);
3898 switch (insn->type) {
3900 case INSN_CALL_DYNAMIC:
3901 case INSN_JUMP_DYNAMIC:
3902 case INSN_JUMP_DYNAMIC_CONDITIONAL:
3903 WARN_FUNC("early indirect call", insn->sec, insn->offset);
3906 case INSN_JUMP_UNCONDITIONAL:
3907 case INSN_JUMP_CONDITIONAL:
3908 if (!is_sibling_call(insn)) {
3909 if (!insn->jump_dest) {
3910 WARN_FUNC("unresolved jump target after linking?!?",
3911 insn->sec, insn->offset);
3914 ret = validate_entry(file, insn->jump_dest);
3916 if (opts.backtrace) {
3917 BT_FUNC("(branch%s)", insn,
3918 insn->type == INSN_JUMP_CONDITIONAL ? "-cond" : "");
3923 if (insn->type == INSN_JUMP_UNCONDITIONAL)
3931 dest = find_insn(file, insn_call_dest(insn)->sec,
3932 insn_call_dest(insn)->offset);
3934 WARN("Unresolved function after linking!?: %s",
3935 insn_call_dest(insn)->name);
3939 ret = validate_entry(file, dest);
3942 BT_FUNC("(call)", insn);
3946 * If a call returns without error, it must have seen UNTRAIN_RET.
3947 * Therefore any non-error return is a success.
3952 WARN_FUNC("RET before UNTRAIN", insn->sec, insn->offset);
3956 if (insn->retpoline_safe)
3965 WARN_FUNC("teh end!", insn->sec, insn->offset);
3975 * Validate that all branches starting at 'insn->entry' encounter UNRET_END
3978 static int validate_unret(struct objtool_file *file)
3980 struct instruction *insn;
3981 int ret, warnings = 0;
3983 for_each_insn(file, insn) {
3987 ret = validate_entry(file, insn);
3989 WARN_FUNC("Failed UNRET validation", insn->sec, insn->offset);
3998 static int validate_retpoline(struct objtool_file *file)
4000 struct instruction *insn;
4003 for_each_insn(file, insn) {
4004 if (insn->type != INSN_JUMP_DYNAMIC &&
4005 insn->type != INSN_CALL_DYNAMIC &&
4006 insn->type != INSN_RETURN)
4009 if (insn->retpoline_safe)
4012 if (insn->sec->init)
4015 if (insn->type == INSN_RETURN) {
4017 WARN_FUNC("'naked' return found in RETHUNK build",
4018 insn->sec, insn->offset);
4022 WARN_FUNC("indirect %s found in RETPOLINE build",
4023 insn->sec, insn->offset,
4024 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");
4033 static bool is_kasan_insn(struct instruction *insn)
4035 return (insn->type == INSN_CALL &&
4036 !strcmp(insn_call_dest(insn)->name, "__asan_handle_no_return"));
4039 static bool is_ubsan_insn(struct instruction *insn)
4041 return (insn->type == INSN_CALL &&
4042 !strcmp(insn_call_dest(insn)->name,
4043 "__ubsan_handle_builtin_unreachable"));
4046 static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn)
4049 struct instruction *prev_insn;
4051 if (insn->ignore || insn->type == INSN_NOP || insn->type == INSN_TRAP)
4055 * Ignore alternative replacement instructions. This can happen
4056 * when a whitelisted function uses one of the ALTERNATIVE macros.
4058 if (!strcmp(insn->sec->name, ".altinstr_replacement") ||
4059 !strcmp(insn->sec->name, ".altinstr_aux"))
4063 * Whole archive runs might encounter dead code from weak symbols.
4064 * This is where the linker will have dropped the weak symbol in
4065 * favour of a regular symbol, but leaves the code in place.
4067 * In this case we'll find a piece of code (whole function) that is not
4068 * covered by a !section symbol. Ignore them.
4070 if (opts.link && !insn_func(insn)) {
4071 int size = find_symbol_hole_containing(insn->sec, insn->offset);
4072 unsigned long end = insn->offset + size;
4074 if (!size) /* not a hole */
4077 if (size < 0) /* hole until the end */
4080 sec_for_each_insn_continue(file, insn) {
4082 * If we reach a visited instruction at or before the
4083 * end of the hole, ignore the unreachable.
4088 if (insn->offset >= end)
4092 * If this hole jumps to a .cold function, mark it ignore too.
4094 if (insn->jump_dest && insn_func(insn->jump_dest) &&
4095 strstr(insn_func(insn->jump_dest)->name, ".cold")) {
4096 struct instruction *dest = insn->jump_dest;
4097 func_for_each_insn(file, insn_func(dest), dest)
4098 dest->ignore = true;
4105 if (!insn_func(insn))
4108 if (insn_func(insn)->static_call_tramp)
4112 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees
4113 * __builtin_unreachable(). The BUG() macro has an unreachable() after
4114 * the UD2, which causes GCC's undefined trap logic to emit another UD2
4115 * (or occasionally a JMP to UD2).
4117 * It may also insert a UD2 after calling a __noreturn function.
4119 prev_insn = prev_insn_same_sec(file, insn);
4120 if ((prev_insn->dead_end ||
4121 dead_end_function(file, insn_call_dest(prev_insn))) &&
4122 (insn->type == INSN_BUG ||
4123 (insn->type == INSN_JUMP_UNCONDITIONAL &&
4124 insn->jump_dest && insn->jump_dest->type == INSN_BUG)))
4128 * Check if this (or a subsequent) instruction is related to
4129 * CONFIG_UBSAN or CONFIG_KASAN.
4131 * End the search at 5 instructions to avoid going into the weeds.
4133 for (i = 0; i < 5; i++) {
4135 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
4138 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
4139 if (insn->jump_dest &&
4140 insn_func(insn->jump_dest) == insn_func(insn)) {
4141 insn = insn->jump_dest;
4148 if (insn->offset + insn->len >= insn_func(insn)->offset + insn_func(insn)->len)
4151 insn = next_insn_same_sec(file, insn);
4157 static int add_prefix_symbol(struct objtool_file *file, struct symbol *func,
4158 struct instruction *insn)
4164 struct instruction *prev = prev_insn_same_sec(file, insn);
4170 if (prev->type != INSN_NOP)
4173 offset = func->offset - prev->offset;
4174 if (offset >= opts.prefix) {
4175 if (offset == opts.prefix) {
4177 * Since the sec->symbol_list is ordered by
4178 * offset (see elf_add_symbol()) the added
4179 * symbol will not be seen by the iteration in
4180 * validate_section().
4182 * Hence the lack of list_for_each_entry_safe()
4185 * The direct concequence is that prefix symbols
4186 * don't get visited (because pointless), except
4187 * for the logic in ignore_unreachable_insn()
4188 * that needs the terminating insn to be visited
4189 * otherwise it will report the hole.
4191 * Hence mark the first instruction of the
4192 * prefix symbol as visisted.
4194 prev->visited |= VISITED_BRANCH;
4195 elf_create_prefix_symbol(file->elf, func, opts.prefix);
4205 static int validate_symbol(struct objtool_file *file, struct section *sec,
4206 struct symbol *sym, struct insn_state *state)
4208 struct instruction *insn;
4212 WARN("%s() is missing an ELF size annotation", sym->name);
4216 if (sym->pfunc != sym || sym->alias != sym)
4219 insn = find_insn(file, sec, sym->offset);
4220 if (!insn || insn->ignore || insn->visited)
4223 add_prefix_symbol(file, sym, insn);
4225 state->uaccess = sym->uaccess_safe;
4227 ret = validate_branch(file, insn_func(insn), insn, *state);
4228 if (ret && opts.backtrace)
4229 BT_FUNC("<=== (sym)", insn);
4233 static int validate_section(struct objtool_file *file, struct section *sec)
4235 struct insn_state state;
4236 struct symbol *func;
4239 list_for_each_entry(func, &sec->symbol_list, list) {
4240 if (func->type != STT_FUNC)
4243 init_insn_state(file, &state, sec);
4244 set_func_state(&state.cfi);
4246 warnings += validate_symbol(file, sec, func, &state);
4252 static int validate_noinstr_sections(struct objtool_file *file)
4254 struct section *sec;
4257 sec = find_section_by_name(file->elf, ".noinstr.text");
4259 warnings += validate_section(file, sec);
4260 warnings += validate_unwind_hints(file, sec);
4263 sec = find_section_by_name(file->elf, ".entry.text");
4265 warnings += validate_section(file, sec);
4266 warnings += validate_unwind_hints(file, sec);
4269 sec = find_section_by_name(file->elf, ".cpuidle.text");
4271 warnings += validate_section(file, sec);
4272 warnings += validate_unwind_hints(file, sec);
4278 static int validate_functions(struct objtool_file *file)
4280 struct section *sec;
4283 for_each_sec(file, sec) {
4284 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
4287 warnings += validate_section(file, sec);
4293 static void mark_endbr_used(struct instruction *insn)
4295 if (!list_empty(&insn->call_node))
4296 list_del_init(&insn->call_node);
4299 static bool noendbr_range(struct objtool_file *file, struct instruction *insn)
4301 struct symbol *sym = find_symbol_containing(insn->sec, insn->offset-1);
4302 struct instruction *first;
4307 first = find_insn(file, sym->sec, sym->offset);
4311 if (first->type != INSN_ENDBR && !first->noendbr)
4314 return insn->offset == sym->offset + sym->len;
4317 static int validate_ibt_insn(struct objtool_file *file, struct instruction *insn)
4319 struct instruction *dest;
4320 struct reloc *reloc;
4325 * Looking for function pointer load relocations. Ignore
4326 * direct/indirect branches:
4328 switch (insn->type) {
4330 case INSN_CALL_DYNAMIC:
4331 case INSN_JUMP_CONDITIONAL:
4332 case INSN_JUMP_UNCONDITIONAL:
4333 case INSN_JUMP_DYNAMIC:
4334 case INSN_JUMP_DYNAMIC_CONDITIONAL:
4342 for (reloc = insn_reloc(file, insn);
4344 reloc = find_reloc_by_dest_range(file->elf, insn->sec,
4346 (insn->offset + insn->len) - (reloc->offset + 1))) {
4349 * static_call_update() references the trampoline, which
4350 * doesn't have (or need) ENDBR. Skip warning in that case.
4352 if (reloc->sym->static_call_tramp)
4355 off = reloc->sym->offset;
4356 if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32)
4357 off += arch_dest_reloc_offset(reloc->addend);
4359 off += reloc->addend;
4361 dest = find_insn(file, reloc->sym->sec, off);
4365 if (dest->type == INSN_ENDBR) {
4366 mark_endbr_used(dest);
4370 if (insn_func(dest) && insn_func(dest) == insn_func(insn)) {
4372 * Anything from->to self is either _THIS_IP_ or
4375 * There is no sane way to annotate _THIS_IP_ since the
4376 * compiler treats the relocation as a constant and is
4377 * happy to fold in offsets, skewing any annotation we
4378 * do, leading to vast amounts of false-positives.
4380 * There's also compiler generated _THIS_IP_ through
4381 * KCOV and such which we have no hope of annotating.
4383 * As such, blanket accept self-references without
4390 * Accept anything ANNOTATE_NOENDBR.
4396 * Accept if this is the instruction after a symbol
4397 * that is (no)endbr -- typical code-range usage.
4399 if (noendbr_range(file, dest))
4402 WARN_FUNC("relocation to !ENDBR: %s",
4403 insn->sec, insn->offset,
4404 offstr(dest->sec, dest->offset));
4412 static int validate_ibt_data_reloc(struct objtool_file *file,
4413 struct reloc *reloc)
4415 struct instruction *dest;
4417 dest = find_insn(file, reloc->sym->sec,
4418 reloc->sym->offset + reloc->addend);
4422 if (dest->type == INSN_ENDBR) {
4423 mark_endbr_used(dest);
4430 WARN_FUNC("data relocation to !ENDBR: %s",
4431 reloc->sec->base, reloc->offset,
4432 offstr(dest->sec, dest->offset));
4438 * Validate IBT rules and remove used ENDBR instructions from the seal list.
4439 * Unused ENDBR instructions will be annotated for sealing (i.e., replaced with
4440 * NOPs) later, in create_ibt_endbr_seal_sections().
4442 static int validate_ibt(struct objtool_file *file)
4444 struct section *sec;
4445 struct reloc *reloc;
4446 struct instruction *insn;
4449 for_each_insn(file, insn)
4450 warnings += validate_ibt_insn(file, insn);
4452 for_each_sec(file, sec) {
4454 /* Already done by validate_ibt_insn() */
4455 if (sec->sh.sh_flags & SHF_EXECINSTR)
4462 * These sections can reference text addresses, but not with
4463 * the intent to indirect branch to them.
4465 if ((!strncmp(sec->name, ".discard", 8) &&
4466 strcmp(sec->name, ".discard.ibt_endbr_noseal")) ||
4467 !strncmp(sec->name, ".debug", 6) ||
4468 !strcmp(sec->name, ".altinstructions") ||
4469 !strcmp(sec->name, ".ibt_endbr_seal") ||
4470 !strcmp(sec->name, ".orc_unwind_ip") ||
4471 !strcmp(sec->name, ".parainstructions") ||
4472 !strcmp(sec->name, ".retpoline_sites") ||
4473 !strcmp(sec->name, ".smp_locks") ||
4474 !strcmp(sec->name, ".static_call_sites") ||
4475 !strcmp(sec->name, "_error_injection_whitelist") ||
4476 !strcmp(sec->name, "_kprobe_blacklist") ||
4477 !strcmp(sec->name, "__bug_table") ||
4478 !strcmp(sec->name, "__ex_table") ||
4479 !strcmp(sec->name, "__jump_table") ||
4480 !strcmp(sec->name, "__mcount_loc") ||
4481 !strcmp(sec->name, ".kcfi_traps") ||
4482 strstr(sec->name, "__patchable_function_entries"))
4485 list_for_each_entry(reloc, &sec->reloc->reloc_list, list)
4486 warnings += validate_ibt_data_reloc(file, reloc);
4492 static int validate_sls(struct objtool_file *file)
4494 struct instruction *insn, *next_insn;
4497 for_each_insn(file, insn) {
4498 next_insn = next_insn_same_sec(file, insn);
4500 if (insn->retpoline_safe)
4503 switch (insn->type) {
4505 if (!next_insn || next_insn->type != INSN_TRAP) {
4506 WARN_FUNC("missing int3 after ret",
4507 insn->sec, insn->offset);
4512 case INSN_JUMP_DYNAMIC:
4513 if (!next_insn || next_insn->type != INSN_TRAP) {
4514 WARN_FUNC("missing int3 after indirect jump",
4515 insn->sec, insn->offset);
4527 static int validate_reachable_instructions(struct objtool_file *file)
4529 struct instruction *insn;
4531 if (file->ignore_unreachables)
4534 for_each_insn(file, insn) {
4535 if (insn->visited || ignore_unreachable_insn(file, insn))
4538 WARN_FUNC("unreachable instruction", insn->sec, insn->offset);
4545 int check(struct objtool_file *file)
4547 int ret, warnings = 0;
4549 arch_initial_func_cfi_state(&initial_func_cfi);
4550 init_cfi_state(&init_cfi);
4551 init_cfi_state(&func_cfi);
4552 set_func_state(&func_cfi);
4554 if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3)))
4557 cfi_hash_add(&init_cfi);
4558 cfi_hash_add(&func_cfi);
4560 ret = decode_sections(file);
4569 if (opts.retpoline) {
4570 ret = validate_retpoline(file);
4576 if (opts.stackval || opts.orc || opts.uaccess) {
4577 ret = validate_functions(file);
4582 ret = validate_unwind_hints(file, NULL);
4588 ret = validate_reachable_instructions(file);
4594 } else if (opts.noinstr) {
4595 ret = validate_noinstr_sections(file);
4603 * Must be after validate_branch() and friends, it plays
4604 * further games with insn->visited.
4606 ret = validate_unret(file);
4613 ret = validate_ibt(file);
4620 ret = validate_sls(file);
4626 if (opts.static_call) {
4627 ret = create_static_call_sections(file);
4633 if (opts.retpoline) {
4634 ret = create_retpoline_sites_sections(file);
4641 ret = create_cfi_sections(file);
4648 ret = create_return_sites_sections(file);
4653 if (opts.hack_skylake) {
4654 ret = create_direct_call_sections(file);
4662 ret = create_mcount_loc_sections(file);
4669 ret = create_ibt_endbr_seal_sections(file);
4675 if (opts.orc && nr_insns) {
4676 ret = orc_create(file);
4684 printf("nr_insns_visited: %ld\n", nr_insns_visited);
4685 printf("nr_cfi: %ld\n", nr_cfi);
4686 printf("nr_cfi_reused: %ld\n", nr_cfi_reused);
4687 printf("nr_cfi_cache: %ld\n", nr_cfi_cache);
4692 * For now, don't fail the kernel build on fatal warnings. These
4693 * errors are still fairly common due to the growing matrix of
4694 * supported toolchains and their recent pace of change.
projects / linux-2.6-block.git / blob