2 * Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
28 #include <linux/hashtable.h>
29 #include <linux/kernel.h>
31 #define FAKE_JUMP_OFFSET -1
34 struct list_head list;
35 struct instruction *insn;
39 struct cfi_state initial_func_cfi;
41 struct instruction *find_insn(struct objtool_file *file,
42 struct section *sec, unsigned long offset)
44 struct instruction *insn;
46 hash_for_each_possible(file->insn_hash, insn, hash, offset)
47 if (insn->sec == sec && insn->offset == offset)
53 static struct instruction *next_insn_same_sec(struct objtool_file *file,
54 struct instruction *insn)
56 struct instruction *next = list_next_entry(insn, list);
58 if (!next || &next->list == &file->insn_list || next->sec != insn->sec)
64 static struct instruction *next_insn_same_func(struct objtool_file *file,
65 struct instruction *insn)
67 struct instruction *next = list_next_entry(insn, list);
68 struct symbol *func = insn->func;
73 if (&next->list != &file->insn_list && next->func == func)
76 /* Check if we're already in the subfunction: */
77 if (func == func->cfunc)
80 /* Move to the subfunction: */
81 return find_insn(file, func->cfunc->sec, func->cfunc->offset);
84 #define func_for_each_insn_all(file, func, insn) \
85 for (insn = find_insn(file, func->sec, func->offset); \
87 insn = next_insn_same_func(file, insn))
89 #define func_for_each_insn(file, func, insn) \
90 for (insn = find_insn(file, func->sec, func->offset); \
91 insn && &insn->list != &file->insn_list && \
92 insn->sec == func->sec && \
93 insn->offset < func->offset + func->len; \
94 insn = list_next_entry(insn, list))
96 #define func_for_each_insn_continue_reverse(file, func, insn) \
97 for (insn = list_prev_entry(insn, list); \
98 &insn->list != &file->insn_list && \
99 insn->sec == func->sec && insn->offset >= func->offset; \
100 insn = list_prev_entry(insn, list))
102 #define sec_for_each_insn_from(file, insn) \
103 for (; insn; insn = next_insn_same_sec(file, insn))
105 #define sec_for_each_insn_continue(file, insn) \
106 for (insn = next_insn_same_sec(file, insn); insn; \
107 insn = next_insn_same_sec(file, insn))
110 * Check if the function has been manually whitelisted with the
111 * STACK_FRAME_NON_STANDARD macro, or if it should be automatically whitelisted
112 * due to its use of a context switching instruction.
114 static bool ignore_func(struct objtool_file *file, struct symbol *func)
118 /* check for STACK_FRAME_NON_STANDARD */
119 if (file->whitelist && file->whitelist->rela)
120 list_for_each_entry(rela, &file->whitelist->rela->rela_list, list) {
121 if (rela->sym->type == STT_SECTION &&
122 rela->sym->sec == func->sec &&
123 rela->addend == func->offset)
125 if (rela->sym->type == STT_FUNC && rela->sym == func)
133 * This checks to see if the given function is a "noreturn" function.
135 * For global functions which are outside the scope of this object file, we
136 * have to keep a manual list of them.
138 * For local functions, we have to detect them manually by simply looking for
139 * the lack of a return instruction.
146 static int __dead_end_function(struct objtool_file *file, struct symbol *func,
150 struct instruction *insn;
154 * Unfortunately these have to be hard coded because the noreturn
155 * attribute isn't provided in ELF data.
157 static const char * const global_noreturns[] = {
163 "__module_put_and_exit",
165 "kvm_spurious_fault",
170 "machine_real_restart",
171 "rewind_stack_and_make_dead",
174 if (func->bind == STB_WEAK)
177 if (func->bind == STB_GLOBAL)
178 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
179 if (!strcmp(func->name, global_noreturns[i]))
185 insn = find_insn(file, func->sec, func->offset);
189 func_for_each_insn_all(file, func, insn) {
192 if (insn->type == INSN_RETURN)
200 * A function can have a sibling call instead of a return. In that
201 * case, the function's dead-end status depends on whether the target
202 * of the sibling call returns.
204 func_for_each_insn_all(file, func, insn) {
205 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
206 struct instruction *dest = insn->jump_dest;
209 /* sibling call to another file */
212 if (dest->func && dest->func->pfunc != insn->func->pfunc) {
214 /* local sibling call */
215 if (recursion == 5) {
217 * Infinite recursion: two functions
218 * have sibling calls to each other.
219 * This is a very rare case. It means
220 * they aren't dead ends.
225 return __dead_end_function(file, dest->func,
230 if (insn->type == INSN_JUMP_DYNAMIC && list_empty(&insn->alts))
238 static int dead_end_function(struct objtool_file *file, struct symbol *func)
240 return __dead_end_function(file, func, 0);
243 static void clear_insn_state(struct insn_state *state)
247 memset(state, 0, sizeof(*state));
248 state->cfa.base = CFI_UNDEFINED;
249 for (i = 0; i < CFI_NUM_REGS; i++) {
250 state->regs[i].base = CFI_UNDEFINED;
251 state->vals[i].base = CFI_UNDEFINED;
253 state->drap_reg = CFI_UNDEFINED;
254 state->drap_offset = -1;
258 * Call the arch-specific instruction decoder for all the instructions and add
259 * them to the global instruction list.
261 static int decode_instructions(struct objtool_file *file)
265 unsigned long offset;
266 struct instruction *insn;
269 for_each_sec(file, sec) {
271 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
274 if (strcmp(sec->name, ".altinstr_replacement") &&
275 strcmp(sec->name, ".altinstr_aux") &&
276 strncmp(sec->name, ".discard.", 9))
279 for (offset = 0; offset < sec->len; offset += insn->len) {
280 insn = malloc(sizeof(*insn));
282 WARN("malloc failed");
285 memset(insn, 0, sizeof(*insn));
286 INIT_LIST_HEAD(&insn->alts);
287 clear_insn_state(&insn->state);
290 insn->offset = offset;
292 ret = arch_decode_instruction(file->elf, sec, offset,
294 &insn->len, &insn->type,
300 if (!insn->type || insn->type > INSN_LAST) {
301 WARN_FUNC("invalid instruction type %d",
302 insn->sec, insn->offset, insn->type);
307 hash_add(file->insn_hash, &insn->hash, insn->offset);
308 list_add_tail(&insn->list, &file->insn_list);
311 list_for_each_entry(func, &sec->symbol_list, list) {
312 if (func->type != STT_FUNC)
315 if (!find_insn(file, sec, func->offset)) {
316 WARN("%s(): can't find starting instruction",
321 func_for_each_insn(file, func, insn)
335 * Mark "ud2" instructions and manually annotated dead ends.
337 static int add_dead_ends(struct objtool_file *file)
341 struct instruction *insn;
345 * By default, "ud2" is a dead end unless otherwise annotated, because
346 * GCC 7 inserts it for certain divide-by-zero cases.
348 for_each_insn(file, insn)
349 if (insn->type == INSN_BUG)
350 insn->dead_end = true;
353 * Check for manually annotated dead ends.
355 sec = find_section_by_name(file->elf, ".rela.discard.unreachable");
359 list_for_each_entry(rela, &sec->rela_list, list) {
360 if (rela->sym->type != STT_SECTION) {
361 WARN("unexpected relocation symbol type in %s", sec->name);
364 insn = find_insn(file, rela->sym->sec, rela->addend);
366 insn = list_prev_entry(insn, list);
367 else if (rela->addend == rela->sym->sec->len) {
369 list_for_each_entry_reverse(insn, &file->insn_list, list) {
370 if (insn->sec == rela->sym->sec) {
377 WARN("can't find unreachable insn at %s+0x%x",
378 rela->sym->sec->name, rela->addend);
382 WARN("can't find unreachable insn at %s+0x%x",
383 rela->sym->sec->name, rela->addend);
387 insn->dead_end = true;
392 * These manually annotated reachable checks are needed for GCC 4.4,
393 * where the Linux unreachable() macro isn't supported. In that case
394 * GCC doesn't know the "ud2" is fatal, so it generates code as if it's
397 sec = find_section_by_name(file->elf, ".rela.discard.reachable");
401 list_for_each_entry(rela, &sec->rela_list, list) {
402 if (rela->sym->type != STT_SECTION) {
403 WARN("unexpected relocation symbol type in %s", sec->name);
406 insn = find_insn(file, rela->sym->sec, rela->addend);
408 insn = list_prev_entry(insn, list);
409 else if (rela->addend == rela->sym->sec->len) {
411 list_for_each_entry_reverse(insn, &file->insn_list, list) {
412 if (insn->sec == rela->sym->sec) {
419 WARN("can't find reachable insn at %s+0x%x",
420 rela->sym->sec->name, rela->addend);
424 WARN("can't find reachable insn at %s+0x%x",
425 rela->sym->sec->name, rela->addend);
429 insn->dead_end = false;
436 * Warnings shouldn't be reported for ignored functions.
438 static void add_ignores(struct objtool_file *file)
440 struct instruction *insn;
444 for_each_sec(file, sec) {
445 list_for_each_entry(func, &sec->symbol_list, list) {
446 if (func->type != STT_FUNC)
449 if (!ignore_func(file, func))
452 func_for_each_insn_all(file, func, insn)
459 * FIXME: For now, just ignore any alternatives which add retpolines. This is
460 * a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline.
461 * But it at least allows objtool to understand the control flow *around* the
464 static int add_nospec_ignores(struct objtool_file *file)
468 struct instruction *insn;
470 sec = find_section_by_name(file->elf, ".rela.discard.nospec");
474 list_for_each_entry(rela, &sec->rela_list, list) {
475 if (rela->sym->type != STT_SECTION) {
476 WARN("unexpected relocation symbol type in %s", sec->name);
480 insn = find_insn(file, rela->sym->sec, rela->addend);
482 WARN("bad .discard.nospec entry");
486 insn->ignore_alts = true;
493 * Find the destination instructions for all jumps.
495 static int add_jump_destinations(struct objtool_file *file)
497 struct instruction *insn;
499 struct section *dest_sec;
500 unsigned long dest_off;
502 for_each_insn(file, insn) {
503 if (insn->type != INSN_JUMP_CONDITIONAL &&
504 insn->type != INSN_JUMP_UNCONDITIONAL)
507 if (insn->offset == FAKE_JUMP_OFFSET)
510 rela = find_rela_by_dest_range(insn->sec, insn->offset,
513 dest_sec = insn->sec;
514 dest_off = insn->offset + insn->len + insn->immediate;
515 } else if (rela->sym->type == STT_SECTION) {
516 dest_sec = rela->sym->sec;
517 dest_off = rela->addend + 4;
518 } else if (rela->sym->sec->idx) {
519 dest_sec = rela->sym->sec;
520 dest_off = rela->sym->sym.st_value + rela->addend + 4;
521 } else if (strstr(rela->sym->name, "_indirect_thunk_")) {
523 * Retpoline jumps are really dynamic jumps in
524 * disguise, so convert them accordingly.
526 insn->type = INSN_JUMP_DYNAMIC;
527 insn->retpoline_safe = true;
535 insn->jump_dest = find_insn(file, dest_sec, dest_off);
536 if (!insn->jump_dest) {
539 * This is a special case where an alt instruction
540 * jumps past the end of the section. These are
541 * handled later in handle_group_alt().
543 if (!strcmp(insn->sec->name, ".altinstr_replacement"))
546 WARN_FUNC("can't find jump dest instruction at %s+0x%lx",
547 insn->sec, insn->offset, dest_sec->name,
553 * For GCC 8+, create parent/child links for any cold
554 * subfunctions. This is _mostly_ redundant with a similar
555 * initialization in read_symbols().
557 * If a function has aliases, we want the *first* such function
558 * in the symbol table to be the subfunction's parent. In that
559 * case we overwrite the initialization done in read_symbols().
561 * However this code can't completely replace the
562 * read_symbols() code because this doesn't detect the case
563 * where the parent function's only reference to a subfunction
564 * is through a switch table.
566 if (insn->func && insn->jump_dest->func &&
567 insn->func != insn->jump_dest->func &&
568 !strstr(insn->func->name, ".cold.") &&
569 strstr(insn->jump_dest->func->name, ".cold.")) {
570 insn->func->cfunc = insn->jump_dest->func;
571 insn->jump_dest->func->pfunc = insn->func;
579 * Find the destination instructions for all calls.
581 static int add_call_destinations(struct objtool_file *file)
583 struct instruction *insn;
584 unsigned long dest_off;
587 for_each_insn(file, insn) {
588 if (insn->type != INSN_CALL)
591 rela = find_rela_by_dest_range(insn->sec, insn->offset,
594 dest_off = insn->offset + insn->len + insn->immediate;
595 insn->call_dest = find_symbol_by_offset(insn->sec,
598 if (!insn->call_dest && !insn->ignore) {
599 WARN_FUNC("unsupported intra-function call",
600 insn->sec, insn->offset);
602 WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE.");
606 } else if (rela->sym->type == STT_SECTION) {
607 insn->call_dest = find_symbol_by_offset(rela->sym->sec,
609 if (!insn->call_dest ||
610 insn->call_dest->type != STT_FUNC) {
611 WARN_FUNC("can't find call dest symbol at %s+0x%x",
612 insn->sec, insn->offset,
613 rela->sym->sec->name,
618 insn->call_dest = rela->sym;
625 * The .alternatives section requires some extra special care, over and above
626 * what other special sections require:
628 * 1. Because alternatives are patched in-place, we need to insert a fake jump
629 * instruction at the end so that validate_branch() skips all the original
630 * replaced instructions when validating the new instruction path.
632 * 2. An added wrinkle is that the new instruction length might be zero. In
633 * that case the old instructions are replaced with noops. We simulate that
634 * by creating a fake jump as the only new instruction.
636 * 3. In some cases, the alternative section includes an instruction which
637 * conditionally jumps to the _end_ of the entry. We have to modify these
638 * jumps' destinations to point back to .text rather than the end of the
639 * entry in .altinstr_replacement.
641 * 4. It has been requested that we don't validate the !POPCNT feature path
642 * which is a "very very small percentage of machines".
644 static int handle_group_alt(struct objtool_file *file,
645 struct special_alt *special_alt,
646 struct instruction *orig_insn,
647 struct instruction **new_insn)
649 struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump = NULL;
650 unsigned long dest_off;
652 last_orig_insn = NULL;
654 sec_for_each_insn_from(file, insn) {
655 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
658 if (special_alt->skip_orig)
659 insn->type = INSN_NOP;
661 insn->alt_group = true;
662 last_orig_insn = insn;
665 if (next_insn_same_sec(file, last_orig_insn)) {
666 fake_jump = malloc(sizeof(*fake_jump));
668 WARN("malloc failed");
671 memset(fake_jump, 0, sizeof(*fake_jump));
672 INIT_LIST_HEAD(&fake_jump->alts);
673 clear_insn_state(&fake_jump->state);
675 fake_jump->sec = special_alt->new_sec;
676 fake_jump->offset = FAKE_JUMP_OFFSET;
677 fake_jump->type = INSN_JUMP_UNCONDITIONAL;
678 fake_jump->jump_dest = list_next_entry(last_orig_insn, list);
679 fake_jump->func = orig_insn->func;
682 if (!special_alt->new_len) {
684 WARN("%s: empty alternative at end of section",
685 special_alt->orig_sec->name);
689 *new_insn = fake_jump;
693 last_new_insn = NULL;
695 sec_for_each_insn_from(file, insn) {
696 if (insn->offset >= special_alt->new_off + special_alt->new_len)
699 last_new_insn = insn;
701 insn->ignore = orig_insn->ignore_alts;
703 if (insn->type != INSN_JUMP_CONDITIONAL &&
704 insn->type != INSN_JUMP_UNCONDITIONAL)
707 if (!insn->immediate)
710 dest_off = insn->offset + insn->len + insn->immediate;
711 if (dest_off == special_alt->new_off + special_alt->new_len) {
713 WARN("%s: alternative jump to end of section",
714 special_alt->orig_sec->name);
717 insn->jump_dest = fake_jump;
720 if (!insn->jump_dest) {
721 WARN_FUNC("can't find alternative jump destination",
722 insn->sec, insn->offset);
727 if (!last_new_insn) {
728 WARN_FUNC("can't find last new alternative instruction",
729 special_alt->new_sec, special_alt->new_off);
734 list_add(&fake_jump->list, &last_new_insn->list);
740 * A jump table entry can either convert a nop to a jump or a jump to a nop.
741 * If the original instruction is a jump, make the alt entry an effective nop
742 * by just skipping the original instruction.
744 static int handle_jump_alt(struct objtool_file *file,
745 struct special_alt *special_alt,
746 struct instruction *orig_insn,
747 struct instruction **new_insn)
749 if (orig_insn->type == INSN_NOP)
752 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) {
753 WARN_FUNC("unsupported instruction at jump label",
754 orig_insn->sec, orig_insn->offset);
758 *new_insn = list_next_entry(orig_insn, list);
763 * Read all the special sections which have alternate instructions which can be
764 * patched in or redirected to at runtime. Each instruction having alternate
765 * instruction(s) has them added to its insn->alts list, which will be
766 * traversed in validate_branch().
768 static int add_special_section_alts(struct objtool_file *file)
770 struct list_head special_alts;
771 struct instruction *orig_insn, *new_insn;
772 struct special_alt *special_alt, *tmp;
773 struct alternative *alt;
776 ret = special_get_alts(file->elf, &special_alts);
780 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
782 orig_insn = find_insn(file, special_alt->orig_sec,
783 special_alt->orig_off);
785 WARN_FUNC("special: can't find orig instruction",
786 special_alt->orig_sec, special_alt->orig_off);
792 if (!special_alt->group || special_alt->new_len) {
793 new_insn = find_insn(file, special_alt->new_sec,
794 special_alt->new_off);
796 WARN_FUNC("special: can't find new instruction",
797 special_alt->new_sec,
798 special_alt->new_off);
804 if (special_alt->group) {
805 if (!special_alt->orig_len) {
806 WARN_FUNC("empty alternative entry",
807 orig_insn->sec, orig_insn->offset);
811 ret = handle_group_alt(file, special_alt, orig_insn,
815 } else if (special_alt->jump_or_nop) {
816 ret = handle_jump_alt(file, special_alt, orig_insn,
822 alt = malloc(sizeof(*alt));
824 WARN("malloc failed");
829 alt->insn = new_insn;
830 list_add_tail(&alt->list, &orig_insn->alts);
832 list_del(&special_alt->list);
840 static int add_switch_table(struct objtool_file *file, struct instruction *insn,
841 struct rela *table, struct rela *next_table)
843 struct rela *rela = table;
844 struct instruction *alt_insn;
845 struct alternative *alt;
846 struct symbol *pfunc = insn->func->pfunc;
847 unsigned int prev_offset = 0;
849 list_for_each_entry_from(rela, &table->rela_sec->rela_list, list) {
850 if (rela == next_table)
853 /* Make sure the switch table entries are consecutive: */
854 if (prev_offset && rela->offset != prev_offset + 8)
857 /* Detect function pointers from contiguous objects: */
858 if (rela->sym->sec == pfunc->sec &&
859 rela->addend == pfunc->offset)
862 alt_insn = find_insn(file, rela->sym->sec, rela->addend);
866 /* Make sure the jmp dest is in the function or subfunction: */
867 if (alt_insn->func->pfunc != pfunc)
870 alt = malloc(sizeof(*alt));
872 WARN("malloc failed");
876 alt->insn = alt_insn;
877 list_add_tail(&alt->list, &insn->alts);
878 prev_offset = rela->offset;
882 WARN_FUNC("can't find switch jump table",
883 insn->sec, insn->offset);
891 * find_switch_table() - Given a dynamic jump, find the switch jump table in
892 * .rodata associated with it.
894 * There are 3 basic patterns:
896 * 1. jmpq *[rodata addr](,%reg,8)
898 * This is the most common case by far. It jumps to an address in a simple
899 * jump table which is stored in .rodata.
901 * 2. jmpq *[rodata addr](%rip)
903 * This is caused by a rare GCC quirk, currently only seen in three driver
904 * functions in the kernel, only with certain obscure non-distro configs.
906 * As part of an optimization, GCC makes a copy of an existing switch jump
907 * table, modifies it, and then hard-codes the jump (albeit with an indirect
908 * jump) to use a single entry in the table. The rest of the jump table and
909 * some of its jump targets remain as dead code.
911 * In such a case we can just crudely ignore all unreachable instruction
912 * warnings for the entire object file. Ideally we would just ignore them
913 * for the function, but that would require redesigning the code quite a
914 * bit. And honestly that's just not worth doing: unreachable instruction
915 * warnings are of questionable value anyway, and this is such a rare issue.
917 * 3. mov [rodata addr],%reg1
918 * ... some instructions ...
919 * jmpq *(%reg1,%reg2,8)
921 * This is a fairly uncommon pattern which is new for GCC 6. As of this
922 * writing, there are 11 occurrences of it in the allmodconfig kernel.
924 * As of GCC 7 there are quite a few more of these and the 'in between' code
925 * is significant. Esp. with KASAN enabled some of the code between the mov
926 * and jmpq uses .rodata itself, which can confuse things.
928 * TODO: Once we have DWARF CFI and smarter instruction decoding logic,
929 * ensure the same register is used in the mov and jump instructions.
931 * NOTE: RETPOLINE made it harder still to decode dynamic jumps.
933 static struct rela *find_switch_table(struct objtool_file *file,
935 struct instruction *insn)
937 struct rela *text_rela, *rodata_rela;
938 struct instruction *orig_insn = insn;
939 struct section *rodata_sec;
940 unsigned long table_offset;
943 * Backward search using the @first_jump_src links, these help avoid
944 * much of the 'in between' code. Which avoids us getting confused by
948 &insn->list != &file->insn_list && insn->func && insn->func->pfunc == func;
949 insn = insn->first_jump_src ?: list_prev_entry(insn, list)) {
951 if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC)
954 /* allow small jumps within the range */
955 if (insn->type == INSN_JUMP_UNCONDITIONAL &&
957 (insn->jump_dest->offset <= insn->offset ||
958 insn->jump_dest->offset > orig_insn->offset))
961 /* look for a relocation which references .rodata */
962 text_rela = find_rela_by_dest_range(insn->sec, insn->offset,
964 if (!text_rela || text_rela->sym->type != STT_SECTION ||
965 !text_rela->sym->sec->rodata)
968 table_offset = text_rela->addend;
969 rodata_sec = text_rela->sym->sec;
971 if (text_rela->type == R_X86_64_PC32)
975 * Make sure the .rodata address isn't associated with a
976 * symbol. gcc jump tables are anonymous data.
978 if (find_symbol_containing(rodata_sec, table_offset))
981 rodata_rela = find_rela_by_dest(rodata_sec, table_offset);
984 * Use of RIP-relative switch jumps is quite rare, and
985 * indicates a rare GCC quirk/bug which can leave dead
988 if (text_rela->type == R_X86_64_PC32)
989 file->ignore_unreachables = true;
999 static int add_func_switch_tables(struct objtool_file *file,
1000 struct symbol *func)
1002 struct instruction *insn, *last = NULL, *prev_jump = NULL;
1003 struct rela *rela, *prev_rela = NULL;
1006 func_for_each_insn_all(file, func, insn) {
1011 * Store back-pointers for unconditional forward jumps such
1012 * that find_switch_table() can back-track using those and
1013 * avoid some potentially confusing code.
1015 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest &&
1016 insn->offset > last->offset &&
1017 insn->jump_dest->offset > insn->offset &&
1018 !insn->jump_dest->first_jump_src) {
1020 insn->jump_dest->first_jump_src = insn;
1021 last = insn->jump_dest;
1024 if (insn->type != INSN_JUMP_DYNAMIC)
1027 rela = find_switch_table(file, func, insn);
1032 * We found a switch table, but we don't know yet how big it
1033 * is. Don't add it until we reach the end of the function or
1034 * the beginning of another switch table in the same function.
1037 ret = add_switch_table(file, prev_jump, prev_rela, rela);
1047 ret = add_switch_table(file, prev_jump, prev_rela, NULL);
1056 * For some switch statements, gcc generates a jump table in the .rodata
1057 * section which contains a list of addresses within the function to jump to.
1058 * This finds these jump tables and adds them to the insn->alts lists.
1060 static int add_switch_table_alts(struct objtool_file *file)
1062 struct section *sec;
1063 struct symbol *func;
1069 for_each_sec(file, sec) {
1070 list_for_each_entry(func, &sec->symbol_list, list) {
1071 if (func->type != STT_FUNC)
1074 ret = add_func_switch_tables(file, func);
1083 static int read_unwind_hints(struct objtool_file *file)
1085 struct section *sec, *relasec;
1087 struct unwind_hint *hint;
1088 struct instruction *insn;
1089 struct cfi_reg *cfa;
1092 sec = find_section_by_name(file->elf, ".discard.unwind_hints");
1096 relasec = sec->rela;
1098 WARN("missing .rela.discard.unwind_hints section");
1102 if (sec->len % sizeof(struct unwind_hint)) {
1103 WARN("struct unwind_hint size mismatch");
1109 for (i = 0; i < sec->len / sizeof(struct unwind_hint); i++) {
1110 hint = (struct unwind_hint *)sec->data->d_buf + i;
1112 rela = find_rela_by_dest(sec, i * sizeof(*hint));
1114 WARN("can't find rela for unwind_hints[%d]", i);
1118 insn = find_insn(file, rela->sym->sec, rela->addend);
1120 WARN("can't find insn for unwind_hints[%d]", i);
1124 cfa = &insn->state.cfa;
1126 if (hint->type == UNWIND_HINT_TYPE_SAVE) {
1130 } else if (hint->type == UNWIND_HINT_TYPE_RESTORE) {
1131 insn->restore = true;
1138 switch (hint->sp_reg) {
1139 case ORC_REG_UNDEFINED:
1140 cfa->base = CFI_UNDEFINED;
1148 case ORC_REG_SP_INDIRECT:
1149 cfa->base = CFI_SP_INDIRECT;
1152 cfa->base = CFI_R10;
1155 cfa->base = CFI_R13;
1164 WARN_FUNC("unsupported unwind_hint sp base reg %d",
1165 insn->sec, insn->offset, hint->sp_reg);
1169 cfa->offset = hint->sp_offset;
1170 insn->state.type = hint->type;
1171 insn->state.end = hint->end;
1177 static int read_retpoline_hints(struct objtool_file *file)
1179 struct section *sec;
1180 struct instruction *insn;
1183 sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe");
1187 list_for_each_entry(rela, &sec->rela_list, list) {
1188 if (rela->sym->type != STT_SECTION) {
1189 WARN("unexpected relocation symbol type in %s", sec->name);
1193 insn = find_insn(file, rela->sym->sec, rela->addend);
1195 WARN("bad .discard.retpoline_safe entry");
1199 if (insn->type != INSN_JUMP_DYNAMIC &&
1200 insn->type != INSN_CALL_DYNAMIC) {
1201 WARN_FUNC("retpoline_safe hint not an indirect jump/call",
1202 insn->sec, insn->offset);
1206 insn->retpoline_safe = true;
1212 static void mark_rodata(struct objtool_file *file)
1214 struct section *sec;
1218 * This searches for the .rodata section or multiple .rodata.func_name
1219 * sections if -fdata-sections is being used. The .str.1.1 and .str.1.8
1220 * rodata sections are ignored as they don't contain jump tables.
1222 for_each_sec(file, sec) {
1223 if (!strncmp(sec->name, ".rodata", 7) &&
1224 !strstr(sec->name, ".str1.")) {
1230 file->rodata = found;
1233 static int decode_sections(struct objtool_file *file)
1239 ret = decode_instructions(file);
1243 ret = add_dead_ends(file);
1249 ret = add_nospec_ignores(file);
1253 ret = add_jump_destinations(file);
1257 ret = add_special_section_alts(file);
1261 ret = add_call_destinations(file);
1265 ret = add_switch_table_alts(file);
1269 ret = read_unwind_hints(file);
1273 ret = read_retpoline_hints(file);
1280 static bool is_fentry_call(struct instruction *insn)
1282 if (insn->type == INSN_CALL &&
1283 insn->call_dest->type == STT_NOTYPE &&
1284 !strcmp(insn->call_dest->name, "__fentry__"))
1290 static bool has_modified_stack_frame(struct insn_state *state)
1294 if (state->cfa.base != initial_func_cfi.cfa.base ||
1295 state->cfa.offset != initial_func_cfi.cfa.offset ||
1296 state->stack_size != initial_func_cfi.cfa.offset ||
1300 for (i = 0; i < CFI_NUM_REGS; i++)
1301 if (state->regs[i].base != initial_func_cfi.regs[i].base ||
1302 state->regs[i].offset != initial_func_cfi.regs[i].offset)
1308 static bool has_valid_stack_frame(struct insn_state *state)
1310 if (state->cfa.base == CFI_BP && state->regs[CFI_BP].base == CFI_CFA &&
1311 state->regs[CFI_BP].offset == -16)
1314 if (state->drap && state->regs[CFI_BP].base == CFI_BP)
1320 static int update_insn_state_regs(struct instruction *insn, struct insn_state *state)
1322 struct cfi_reg *cfa = &state->cfa;
1323 struct stack_op *op = &insn->stack_op;
1325 if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT)
1329 if (op->dest.type == OP_DEST_PUSH)
1333 if (op->src.type == OP_SRC_POP)
1336 /* add immediate to sp */
1337 if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD &&
1338 op->dest.reg == CFI_SP && op->src.reg == CFI_SP)
1339 cfa->offset -= op->src.offset;
1344 static void save_reg(struct insn_state *state, unsigned char reg, int base,
1347 if (arch_callee_saved_reg(reg) &&
1348 state->regs[reg].base == CFI_UNDEFINED) {
1349 state->regs[reg].base = base;
1350 state->regs[reg].offset = offset;
1354 static void restore_reg(struct insn_state *state, unsigned char reg)
1356 state->regs[reg].base = CFI_UNDEFINED;
1357 state->regs[reg].offset = 0;
1361 * A note about DRAP stack alignment:
1363 * GCC has the concept of a DRAP register, which is used to help keep track of
1364 * the stack pointer when aligning the stack. r10 or r13 is used as the DRAP
1365 * register. The typical DRAP pattern is:
1367 * 4c 8d 54 24 08 lea 0x8(%rsp),%r10
1368 * 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
1369 * 41 ff 72 f8 pushq -0x8(%r10)
1371 * 48 89 e5 mov %rsp,%rbp
1378 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1381 * There are some variations in the epilogues, like:
1389 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1394 * 4c 8b 55 e8 mov -0x18(%rbp),%r10
1395 * 48 8b 5d e0 mov -0x20(%rbp),%rbx
1396 * 4c 8b 65 f0 mov -0x10(%rbp),%r12
1397 * 4c 8b 6d f8 mov -0x8(%rbp),%r13
1399 * 49 8d 62 f8 lea -0x8(%r10),%rsp
1402 * Sometimes r13 is used as the DRAP register, in which case it's saved and
1403 * restored beforehand:
1406 * 4c 8d 6c 24 10 lea 0x10(%rsp),%r13
1407 * 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
1409 * 49 8d 65 f0 lea -0x10(%r13),%rsp
1413 static int update_insn_state(struct instruction *insn, struct insn_state *state)
1415 struct stack_op *op = &insn->stack_op;
1416 struct cfi_reg *cfa = &state->cfa;
1417 struct cfi_reg *regs = state->regs;
1419 /* stack operations don't make sense with an undefined CFA */
1420 if (cfa->base == CFI_UNDEFINED) {
1422 WARN_FUNC("undefined stack state", insn->sec, insn->offset);
1428 if (state->type == ORC_TYPE_REGS || state->type == ORC_TYPE_REGS_IRET)
1429 return update_insn_state_regs(insn, state);
1431 switch (op->dest.type) {
1434 switch (op->src.type) {
1437 if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP &&
1438 cfa->base == CFI_SP &&
1439 regs[CFI_BP].base == CFI_CFA &&
1440 regs[CFI_BP].offset == -cfa->offset) {
1442 /* mov %rsp, %rbp */
1443 cfa->base = op->dest.reg;
1444 state->bp_scratch = false;
1447 else if (op->src.reg == CFI_SP &&
1448 op->dest.reg == CFI_BP && state->drap) {
1450 /* drap: mov %rsp, %rbp */
1451 regs[CFI_BP].base = CFI_BP;
1452 regs[CFI_BP].offset = -state->stack_size;
1453 state->bp_scratch = false;
1456 else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
1461 * This is needed for the rare case where GCC
1468 state->vals[op->dest.reg].base = CFI_CFA;
1469 state->vals[op->dest.reg].offset = -state->stack_size;
1472 else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP &&
1473 cfa->base == CFI_BP) {
1478 * Restore the original stack pointer (Clang).
1480 state->stack_size = -state->regs[CFI_BP].offset;
1483 else if (op->dest.reg == cfa->base) {
1485 /* mov %reg, %rsp */
1486 if (cfa->base == CFI_SP &&
1487 state->vals[op->src.reg].base == CFI_CFA) {
1490 * This is needed for the rare case
1491 * where GCC does something dumb like:
1493 * lea 0x8(%rsp), %rcx
1497 cfa->offset = -state->vals[op->src.reg].offset;
1498 state->stack_size = cfa->offset;
1501 cfa->base = CFI_UNDEFINED;
1509 if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) {
1512 state->stack_size -= op->src.offset;
1513 if (cfa->base == CFI_SP)
1514 cfa->offset -= op->src.offset;
1518 if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) {
1520 /* lea disp(%rbp), %rsp */
1521 state->stack_size = -(op->src.offset + regs[CFI_BP].offset);
1525 if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
1527 /* drap: lea disp(%rsp), %drap */
1528 state->drap_reg = op->dest.reg;
1531 * lea disp(%rsp), %reg
1533 * This is needed for the rare case where GCC
1534 * does something dumb like:
1536 * lea 0x8(%rsp), %rcx
1540 state->vals[op->dest.reg].base = CFI_CFA;
1541 state->vals[op->dest.reg].offset = \
1542 -state->stack_size + op->src.offset;
1547 if (state->drap && op->dest.reg == CFI_SP &&
1548 op->src.reg == state->drap_reg) {
1550 /* drap: lea disp(%drap), %rsp */
1552 cfa->offset = state->stack_size = -op->src.offset;
1553 state->drap_reg = CFI_UNDEFINED;
1554 state->drap = false;
1558 if (op->dest.reg == state->cfa.base) {
1559 WARN_FUNC("unsupported stack register modification",
1560 insn->sec, insn->offset);
1567 if (op->dest.reg != CFI_SP ||
1568 (state->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) ||
1569 (state->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) {
1570 WARN_FUNC("unsupported stack pointer realignment",
1571 insn->sec, insn->offset);
1575 if (state->drap_reg != CFI_UNDEFINED) {
1576 /* drap: and imm, %rsp */
1577 cfa->base = state->drap_reg;
1578 cfa->offset = state->stack_size = 0;
1583 * Older versions of GCC (4.8ish) realign the stack
1584 * without DRAP, with a frame pointer.
1590 if (!state->drap && op->dest.type == OP_DEST_REG &&
1591 op->dest.reg == cfa->base) {
1597 if (state->drap && cfa->base == CFI_BP_INDIRECT &&
1598 op->dest.type == OP_DEST_REG &&
1599 op->dest.reg == state->drap_reg &&
1600 state->drap_offset == -state->stack_size) {
1602 /* drap: pop %drap */
1603 cfa->base = state->drap_reg;
1605 state->drap_offset = -1;
1607 } else if (regs[op->dest.reg].offset == -state->stack_size) {
1610 restore_reg(state, op->dest.reg);
1613 state->stack_size -= 8;
1614 if (cfa->base == CFI_SP)
1619 case OP_SRC_REG_INDIRECT:
1620 if (state->drap && op->src.reg == CFI_BP &&
1621 op->src.offset == state->drap_offset) {
1623 /* drap: mov disp(%rbp), %drap */
1624 cfa->base = state->drap_reg;
1626 state->drap_offset = -1;
1629 if (state->drap && op->src.reg == CFI_BP &&
1630 op->src.offset == regs[op->dest.reg].offset) {
1632 /* drap: mov disp(%rbp), %reg */
1633 restore_reg(state, op->dest.reg);
1635 } else if (op->src.reg == cfa->base &&
1636 op->src.offset == regs[op->dest.reg].offset + cfa->offset) {
1638 /* mov disp(%rbp), %reg */
1639 /* mov disp(%rsp), %reg */
1640 restore_reg(state, op->dest.reg);
1646 WARN_FUNC("unknown stack-related instruction",
1647 insn->sec, insn->offset);
1654 state->stack_size += 8;
1655 if (cfa->base == CFI_SP)
1658 if (op->src.type != OP_SRC_REG)
1662 if (op->src.reg == cfa->base && op->src.reg == state->drap_reg) {
1664 /* drap: push %drap */
1665 cfa->base = CFI_BP_INDIRECT;
1666 cfa->offset = -state->stack_size;
1668 /* save drap so we know when to restore it */
1669 state->drap_offset = -state->stack_size;
1671 } else if (op->src.reg == CFI_BP && cfa->base == state->drap_reg) {
1673 /* drap: push %rbp */
1674 state->stack_size = 0;
1676 } else if (regs[op->src.reg].base == CFI_UNDEFINED) {
1678 /* drap: push %reg */
1679 save_reg(state, op->src.reg, CFI_BP, -state->stack_size);
1685 save_reg(state, op->src.reg, CFI_CFA, -state->stack_size);
1688 /* detect when asm code uses rbp as a scratch register */
1689 if (!no_fp && insn->func && op->src.reg == CFI_BP &&
1690 cfa->base != CFI_BP)
1691 state->bp_scratch = true;
1694 case OP_DEST_REG_INDIRECT:
1697 if (op->src.reg == cfa->base && op->src.reg == state->drap_reg) {
1699 /* drap: mov %drap, disp(%rbp) */
1700 cfa->base = CFI_BP_INDIRECT;
1701 cfa->offset = op->dest.offset;
1703 /* save drap offset so we know when to restore it */
1704 state->drap_offset = op->dest.offset;
1707 else if (regs[op->src.reg].base == CFI_UNDEFINED) {
1709 /* drap: mov reg, disp(%rbp) */
1710 save_reg(state, op->src.reg, CFI_BP, op->dest.offset);
1713 } else if (op->dest.reg == cfa->base) {
1715 /* mov reg, disp(%rbp) */
1716 /* mov reg, disp(%rsp) */
1717 save_reg(state, op->src.reg, CFI_CFA,
1718 op->dest.offset - state->cfa.offset);
1724 if ((!state->drap && cfa->base != CFI_BP) ||
1725 (state->drap && cfa->base != state->drap_reg)) {
1726 WARN_FUNC("leave instruction with modified stack frame",
1727 insn->sec, insn->offset);
1731 /* leave (mov %rbp, %rsp; pop %rbp) */
1733 state->stack_size = -state->regs[CFI_BP].offset - 8;
1734 restore_reg(state, CFI_BP);
1744 if (op->src.type != OP_SRC_POP) {
1745 WARN_FUNC("unknown stack-related memory operation",
1746 insn->sec, insn->offset);
1751 state->stack_size -= 8;
1752 if (cfa->base == CFI_SP)
1758 WARN_FUNC("unknown stack-related instruction",
1759 insn->sec, insn->offset);
1766 static bool insn_state_match(struct instruction *insn, struct insn_state *state)
1768 struct insn_state *state1 = &insn->state, *state2 = state;
1771 if (memcmp(&state1->cfa, &state2->cfa, sizeof(state1->cfa))) {
1772 WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d",
1773 insn->sec, insn->offset,
1774 state1->cfa.base, state1->cfa.offset,
1775 state2->cfa.base, state2->cfa.offset);
1777 } else if (memcmp(&state1->regs, &state2->regs, sizeof(state1->regs))) {
1778 for (i = 0; i < CFI_NUM_REGS; i++) {
1779 if (!memcmp(&state1->regs[i], &state2->regs[i],
1780 sizeof(struct cfi_reg)))
1783 WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d",
1784 insn->sec, insn->offset,
1785 i, state1->regs[i].base, state1->regs[i].offset,
1786 i, state2->regs[i].base, state2->regs[i].offset);
1790 } else if (state1->type != state2->type) {
1791 WARN_FUNC("stack state mismatch: type1=%d type2=%d",
1792 insn->sec, insn->offset, state1->type, state2->type);
1794 } else if (state1->drap != state2->drap ||
1795 (state1->drap && state1->drap_reg != state2->drap_reg) ||
1796 (state1->drap && state1->drap_offset != state2->drap_offset)) {
1797 WARN_FUNC("stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)",
1798 insn->sec, insn->offset,
1799 state1->drap, state1->drap_reg, state1->drap_offset,
1800 state2->drap, state2->drap_reg, state2->drap_offset);
1809 * Follow the branch starting at the given instruction, and recursively follow
1810 * any other branches (jumps). Meanwhile, track the frame pointer state at
1811 * each instruction and validate all the rules described in
1812 * tools/objtool/Documentation/stack-validation.txt.
1814 static int validate_branch(struct objtool_file *file, struct instruction *first,
1815 struct insn_state state)
1817 struct alternative *alt;
1818 struct instruction *insn, *next_insn;
1819 struct section *sec;
1820 struct symbol *func = NULL;
1826 if (insn->alt_group && list_empty(&insn->alts)) {
1827 WARN_FUNC("don't know how to handle branch to middle of alternative instruction group",
1833 next_insn = next_insn_same_sec(file, insn);
1835 if (file->c_file && func && insn->func && func != insn->func->pfunc) {
1836 WARN("%s() falls through to next function %s()",
1837 func->name, insn->func->name);
1842 func = insn->func->pfunc;
1844 if (func && insn->ignore) {
1845 WARN_FUNC("BUG: why am I validating an ignored function?",
1850 if (insn->visited) {
1851 if (!insn->hint && !insn_state_match(insn, &state))
1858 if (insn->restore) {
1859 struct instruction *save_insn, *i;
1863 func_for_each_insn_continue_reverse(file, insn->func, i) {
1871 WARN_FUNC("no corresponding CFI save for CFI restore",
1876 if (!save_insn->visited) {
1878 * Oops, no state to copy yet.
1879 * Hopefully we can reach this
1880 * instruction from another branch
1881 * after the save insn has been
1887 WARN_FUNC("objtool isn't smart enough to handle this CFI save/restore combo",
1892 insn->state = save_insn->state;
1895 state = insn->state;
1898 insn->state = state;
1900 insn->visited = true;
1902 if (!insn->ignore_alts) {
1903 list_for_each_entry(alt, &insn->alts, list) {
1904 ret = validate_branch(file, alt->insn, state);
1910 switch (insn->type) {
1913 if (func && has_modified_stack_frame(&state)) {
1914 WARN_FUNC("return with modified stack frame",
1919 if (state.bp_scratch) {
1920 WARN("%s uses BP as a scratch register",
1928 if (is_fentry_call(insn))
1931 ret = dead_end_function(file, insn->call_dest);
1938 case INSN_CALL_DYNAMIC:
1939 if (!no_fp && func && !has_valid_stack_frame(&state)) {
1940 WARN_FUNC("call without frame pointer save/setup",
1946 case INSN_JUMP_CONDITIONAL:
1947 case INSN_JUMP_UNCONDITIONAL:
1948 if (insn->jump_dest &&
1949 (!func || !insn->jump_dest->func ||
1950 insn->jump_dest->func->pfunc == func)) {
1951 ret = validate_branch(file, insn->jump_dest,
1956 } else if (func && has_modified_stack_frame(&state)) {
1957 WARN_FUNC("sibling call from callable instruction with modified stack frame",
1962 if (insn->type == INSN_JUMP_UNCONDITIONAL)
1967 case INSN_JUMP_DYNAMIC:
1968 if (func && list_empty(&insn->alts) &&
1969 has_modified_stack_frame(&state)) {
1970 WARN_FUNC("sibling call from callable instruction with modified stack frame",
1977 case INSN_CONTEXT_SWITCH:
1978 if (func && (!next_insn || !next_insn->hint)) {
1979 WARN_FUNC("unsupported instruction in callable function",
1986 if (update_insn_state(insn, &state))
1999 if (state.cfa.base == CFI_UNDEFINED)
2001 WARN("%s: unexpected end of section", sec->name);
2011 static int validate_unwind_hints(struct objtool_file *file)
2013 struct instruction *insn;
2014 int ret, warnings = 0;
2015 struct insn_state state;
2020 clear_insn_state(&state);
2022 for_each_insn(file, insn) {
2023 if (insn->hint && !insn->visited) {
2024 ret = validate_branch(file, insn, state);
2032 static int validate_retpoline(struct objtool_file *file)
2034 struct instruction *insn;
2037 for_each_insn(file, insn) {
2038 if (insn->type != INSN_JUMP_DYNAMIC &&
2039 insn->type != INSN_CALL_DYNAMIC)
2042 if (insn->retpoline_safe)
2046 * .init.text code is ran before userspace and thus doesn't
2047 * strictly need retpolines, except for modules which are
2048 * loaded late, they very much do need retpoline in their
2051 if (!strcmp(insn->sec->name, ".init.text") && !module)
2054 WARN_FUNC("indirect %s found in RETPOLINE build",
2055 insn->sec, insn->offset,
2056 insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");
2064 static bool is_kasan_insn(struct instruction *insn)
2066 return (insn->type == INSN_CALL &&
2067 !strcmp(insn->call_dest->name, "__asan_handle_no_return"));
2070 static bool is_ubsan_insn(struct instruction *insn)
2072 return (insn->type == INSN_CALL &&
2073 !strcmp(insn->call_dest->name,
2074 "__ubsan_handle_builtin_unreachable"));
2077 static bool ignore_unreachable_insn(struct instruction *insn)
2081 if (insn->ignore || insn->type == INSN_NOP)
2085 * Ignore any unused exceptions. This can happen when a whitelisted
2086 * function has an exception table entry.
2088 * Also ignore alternative replacement instructions. This can happen
2089 * when a whitelisted function uses one of the ALTERNATIVE macros.
2091 if (!strcmp(insn->sec->name, ".fixup") ||
2092 !strcmp(insn->sec->name, ".altinstr_replacement") ||
2093 !strcmp(insn->sec->name, ".altinstr_aux"))
2100 * CONFIG_UBSAN_TRAP inserts a UD2 when it sees
2101 * __builtin_unreachable(). The BUG() macro has an unreachable() after
2102 * the UD2, which causes GCC's undefined trap logic to emit another UD2
2103 * (or occasionally a JMP to UD2).
2105 if (list_prev_entry(insn, list)->dead_end &&
2106 (insn->type == INSN_BUG ||
2107 (insn->type == INSN_JUMP_UNCONDITIONAL &&
2108 insn->jump_dest && insn->jump_dest->type == INSN_BUG)))
2112 * Check if this (or a subsequent) instruction is related to
2113 * CONFIG_UBSAN or CONFIG_KASAN.
2115 * End the search at 5 instructions to avoid going into the weeds.
2117 for (i = 0; i < 5; i++) {
2119 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
2122 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
2123 if (insn->jump_dest &&
2124 insn->jump_dest->func == insn->func) {
2125 insn = insn->jump_dest;
2132 if (insn->offset + insn->len >= insn->func->offset + insn->func->len)
2135 insn = list_next_entry(insn, list);
2141 static int validate_functions(struct objtool_file *file)
2143 struct section *sec;
2144 struct symbol *func;
2145 struct instruction *insn;
2146 struct insn_state state;
2147 int ret, warnings = 0;
2149 clear_insn_state(&state);
2151 state.cfa = initial_func_cfi.cfa;
2152 memcpy(&state.regs, &initial_func_cfi.regs,
2153 CFI_NUM_REGS * sizeof(struct cfi_reg));
2154 state.stack_size = initial_func_cfi.cfa.offset;
2156 for_each_sec(file, sec) {
2157 list_for_each_entry(func, &sec->symbol_list, list) {
2158 if (func->type != STT_FUNC || func->pfunc != func)
2161 insn = find_insn(file, sec, func->offset);
2162 if (!insn || insn->ignore)
2165 ret = validate_branch(file, insn, state);
2173 static int validate_reachable_instructions(struct objtool_file *file)
2175 struct instruction *insn;
2177 if (file->ignore_unreachables)
2180 for_each_insn(file, insn) {
2181 if (insn->visited || ignore_unreachable_insn(insn))
2184 WARN_FUNC("unreachable instruction", insn->sec, insn->offset);
2191 static void cleanup(struct objtool_file *file)
2193 struct instruction *insn, *tmpinsn;
2194 struct alternative *alt, *tmpalt;
2196 list_for_each_entry_safe(insn, tmpinsn, &file->insn_list, list) {
2197 list_for_each_entry_safe(alt, tmpalt, &insn->alts, list) {
2198 list_del(&alt->list);
2201 list_del(&insn->list);
2202 hash_del(&insn->hash);
2205 elf_close(file->elf);
2208 static struct objtool_file file;
2210 int check(const char *_objname, bool orc)
2212 int ret, warnings = 0;
2216 file.elf = elf_open(objname, orc ? O_RDWR : O_RDONLY);
2220 INIT_LIST_HEAD(&file.insn_list);
2221 hash_init(file.insn_hash);
2222 file.whitelist = find_section_by_name(file.elf, ".discard.func_stack_frame_non_standard");
2223 file.c_file = find_section_by_name(file.elf, ".comment");
2224 file.ignore_unreachables = no_unreachable;
2227 arch_initial_func_cfi_state(&initial_func_cfi);
2229 ret = decode_sections(&file);
2234 if (list_empty(&file.insn_list))
2238 ret = validate_retpoline(&file);
2244 ret = validate_functions(&file);
2249 ret = validate_unwind_hints(&file);
2255 ret = validate_reachable_instructions(&file);
2262 ret = create_orc(&file);
2266 ret = create_orc_sections(&file);
2270 ret = elf_write(file.elf);
2278 /* ignore warnings for now until we get all the code cleaned up */
2279 if (ret || warnings)
projects / releases.git / blob