Loading...
Note: File does not exist in v3.1.
1/*
2 * Copyright (C) 2015 Josh Poimboeuf <jpoimboe@redhat.com>
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
16 */
17
18/*
19 * objtool check:
20 *
21 * This command analyzes every .o file and ensures the validity of its stack
22 * trace metadata. It enforces a set of rules on asm code and C inline
23 * assembly code so that stack traces can be reliable.
24 *
25 * For more information, see tools/objtool/Documentation/stack-validation.txt.
26 */
27
28#include <string.h>
29#include <stdlib.h>
30#include <subcmd/parse-options.h>
31
32#include "builtin.h"
33#include "elf.h"
34#include "special.h"
35#include "arch.h"
36#include "warn.h"
37
38#include <linux/hashtable.h>
39
40#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
41
42#define STATE_FP_SAVED 0x1
43#define STATE_FP_SETUP 0x2
44#define STATE_FENTRY 0x4
45
46struct instruction {
47 struct list_head list;
48 struct hlist_node hash;
49 struct section *sec;
50 unsigned long offset;
51 unsigned int len, state;
52 unsigned char type;
53 unsigned long immediate;
54 bool alt_group, visited;
55 struct symbol *call_dest;
56 struct instruction *jump_dest;
57 struct list_head alts;
58 struct symbol *func;
59};
60
61struct alternative {
62 struct list_head list;
63 struct instruction *insn;
64};
65
66struct objtool_file {
67 struct elf *elf;
68 struct list_head insn_list;
69 DECLARE_HASHTABLE(insn_hash, 16);
70 struct section *rodata, *whitelist;
71 bool ignore_unreachables, c_file;
72};
73
74const char *objname;
75static bool nofp;
76
77static struct instruction *find_insn(struct objtool_file *file,
78 struct section *sec, unsigned long offset)
79{
80 struct instruction *insn;
81
82 hash_for_each_possible(file->insn_hash, insn, hash, offset)
83 if (insn->sec == sec && insn->offset == offset)
84 return insn;
85
86 return NULL;
87}
88
89static struct instruction *next_insn_same_sec(struct objtool_file *file,
90 struct instruction *insn)
91{
92 struct instruction *next = list_next_entry(insn, list);
93
94 if (&next->list == &file->insn_list || next->sec != insn->sec)
95 return NULL;
96
97 return next;
98}
99
100static bool gcov_enabled(struct objtool_file *file)
101{
102 struct section *sec;
103 struct symbol *sym;
104
105 list_for_each_entry(sec, &file->elf->sections, list)
106 list_for_each_entry(sym, &sec->symbol_list, list)
107 if (!strncmp(sym->name, "__gcov_.", 8))
108 return true;
109
110 return false;
111}
112
113#define for_each_insn(file, insn) \
114 list_for_each_entry(insn, &file->insn_list, list)
115
116#define func_for_each_insn(file, func, insn) \
117 for (insn = find_insn(file, func->sec, func->offset); \
118 insn && &insn->list != &file->insn_list && \
119 insn->sec == func->sec && \
120 insn->offset < func->offset + func->len; \
121 insn = list_next_entry(insn, list))
122
123#define func_for_each_insn_continue_reverse(file, func, insn) \
124 for (insn = list_prev_entry(insn, list); \
125 &insn->list != &file->insn_list && \
126 insn->sec == func->sec && insn->offset >= func->offset; \
127 insn = list_prev_entry(insn, list))
128
129#define sec_for_each_insn_from(file, insn) \
130 for (; insn; insn = next_insn_same_sec(file, insn))
131
132
133/*
134 * Check if the function has been manually whitelisted with the
135 * STACK_FRAME_NON_STANDARD macro, or if it should be automatically whitelisted
136 * due to its use of a context switching instruction.
137 */
138static bool ignore_func(struct objtool_file *file, struct symbol *func)
139{
140 struct rela *rela;
141 struct instruction *insn;
142
143 /* check for STACK_FRAME_NON_STANDARD */
144 if (file->whitelist && file->whitelist->rela)
145 list_for_each_entry(rela, &file->whitelist->rela->rela_list, list) {
146 if (rela->sym->type == STT_SECTION &&
147 rela->sym->sec == func->sec &&
148 rela->addend == func->offset)
149 return true;
150 if (rela->sym->type == STT_FUNC && rela->sym == func)
151 return true;
152 }
153
154 /* check if it has a context switching instruction */
155 func_for_each_insn(file, func, insn)
156 if (insn->type == INSN_CONTEXT_SWITCH)
157 return true;
158
159 return false;
160}
161
162/*
163 * This checks to see if the given function is a "noreturn" function.
164 *
165 * For global functions which are outside the scope of this object file, we
166 * have to keep a manual list of them.
167 *
168 * For local functions, we have to detect them manually by simply looking for
169 * the lack of a return instruction.
170 *
171 * Returns:
172 * -1: error
173 * 0: no dead end
174 * 1: dead end
175 */
176static int __dead_end_function(struct objtool_file *file, struct symbol *func,
177 int recursion)
178{
179 int i;
180 struct instruction *insn;
181 bool empty = true;
182
183 /*
184 * Unfortunately these have to be hard coded because the noreturn
185 * attribute isn't provided in ELF data.
186 */
187 static const char * const global_noreturns[] = {
188 "__stack_chk_fail",
189 "panic",
190 "do_exit",
191 "do_task_dead",
192 "__module_put_and_exit",
193 "complete_and_exit",
194 "kvm_spurious_fault",
195 "__reiserfs_panic",
196 "lbug_with_loc"
197 };
198
199 if (func->bind == STB_WEAK)
200 return 0;
201
202 if (func->bind == STB_GLOBAL)
203 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
204 if (!strcmp(func->name, global_noreturns[i]))
205 return 1;
206
207 if (!func->sec)
208 return 0;
209
210 func_for_each_insn(file, func, insn) {
211 empty = false;
212
213 if (insn->type == INSN_RETURN)
214 return 0;
215 }
216
217 if (empty)
218 return 0;
219
220 /*
221 * A function can have a sibling call instead of a return. In that
222 * case, the function's dead-end status depends on whether the target
223 * of the sibling call returns.
224 */
225 func_for_each_insn(file, func, insn) {
226 if (insn->sec != func->sec ||
227 insn->offset >= func->offset + func->len)
228 break;
229
230 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
231 struct instruction *dest = insn->jump_dest;
232 struct symbol *dest_func;
233
234 if (!dest)
235 /* sibling call to another file */
236 return 0;
237
238 if (dest->sec != func->sec ||
239 dest->offset < func->offset ||
240 dest->offset >= func->offset + func->len) {
241 /* local sibling call */
242 dest_func = find_symbol_by_offset(dest->sec,
243 dest->offset);
244 if (!dest_func)
245 continue;
246
247 if (recursion == 5) {
248 WARN_FUNC("infinite recursion (objtool bug!)",
249 dest->sec, dest->offset);
250 return -1;
251 }
252
253 return __dead_end_function(file, dest_func,
254 recursion + 1);
255 }
256 }
257
258 if (insn->type == INSN_JUMP_DYNAMIC && list_empty(&insn->alts))
259 /* sibling call */
260 return 0;
261 }
262
263 return 1;
264}
265
266static int dead_end_function(struct objtool_file *file, struct symbol *func)
267{
268 return __dead_end_function(file, func, 0);
269}
270
271/*
272 * Call the arch-specific instruction decoder for all the instructions and add
273 * them to the global instruction list.
274 */
275static int decode_instructions(struct objtool_file *file)
276{
277 struct section *sec;
278 struct symbol *func;
279 unsigned long offset;
280 struct instruction *insn;
281 int ret;
282
283 list_for_each_entry(sec, &file->elf->sections, list) {
284
285 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
286 continue;
287
288 for (offset = 0; offset < sec->len; offset += insn->len) {
289 insn = malloc(sizeof(*insn));
290 memset(insn, 0, sizeof(*insn));
291
292 INIT_LIST_HEAD(&insn->alts);
293 insn->sec = sec;
294 insn->offset = offset;
295
296 ret = arch_decode_instruction(file->elf, sec, offset,
297 sec->len - offset,
298 &insn->len, &insn->type,
299 &insn->immediate);
300 if (ret)
301 return ret;
302
303 if (!insn->type || insn->type > INSN_LAST) {
304 WARN_FUNC("invalid instruction type %d",
305 insn->sec, insn->offset, insn->type);
306 return -1;
307 }
308
309 hash_add(file->insn_hash, &insn->hash, insn->offset);
310 list_add_tail(&insn->list, &file->insn_list);
311 }
312
313 list_for_each_entry(func, &sec->symbol_list, list) {
314 if (func->type != STT_FUNC)
315 continue;
316
317 if (!find_insn(file, sec, func->offset)) {
318 WARN("%s(): can't find starting instruction",
319 func->name);
320 return -1;
321 }
322
323 func_for_each_insn(file, func, insn)
324 if (!insn->func)
325 insn->func = func;
326 }
327 }
328
329 return 0;
330}
331
332/*
333 * Warnings shouldn't be reported for ignored functions.
334 */
335static void add_ignores(struct objtool_file *file)
336{
337 struct instruction *insn;
338 struct section *sec;
339 struct symbol *func;
340
341 list_for_each_entry(sec, &file->elf->sections, list) {
342 list_for_each_entry(func, &sec->symbol_list, list) {
343 if (func->type != STT_FUNC)
344 continue;
345
346 if (!ignore_func(file, func))
347 continue;
348
349 func_for_each_insn(file, func, insn)
350 insn->visited = true;
351 }
352 }
353}
354
355/*
356 * Find the destination instructions for all jumps.
357 */
358static int add_jump_destinations(struct objtool_file *file)
359{
360 struct instruction *insn;
361 struct rela *rela;
362 struct section *dest_sec;
363 unsigned long dest_off;
364
365 for_each_insn(file, insn) {
366 if (insn->type != INSN_JUMP_CONDITIONAL &&
367 insn->type != INSN_JUMP_UNCONDITIONAL)
368 continue;
369
370 /* skip ignores */
371 if (insn->visited)
372 continue;
373
374 rela = find_rela_by_dest_range(insn->sec, insn->offset,
375 insn->len);
376 if (!rela) {
377 dest_sec = insn->sec;
378 dest_off = insn->offset + insn->len + insn->immediate;
379 } else if (rela->sym->type == STT_SECTION) {
380 dest_sec = rela->sym->sec;
381 dest_off = rela->addend + 4;
382 } else if (rela->sym->sec->idx) {
383 dest_sec = rela->sym->sec;
384 dest_off = rela->sym->sym.st_value + rela->addend + 4;
385 } else {
386 /* sibling call */
387 insn->jump_dest = 0;
388 continue;
389 }
390
391 insn->jump_dest = find_insn(file, dest_sec, dest_off);
392 if (!insn->jump_dest) {
393
394 /*
395 * This is a special case where an alt instruction
396 * jumps past the end of the section. These are
397 * handled later in handle_group_alt().
398 */
399 if (!strcmp(insn->sec->name, ".altinstr_replacement"))
400 continue;
401
402 WARN_FUNC("can't find jump dest instruction at %s+0x%lx",
403 insn->sec, insn->offset, dest_sec->name,
404 dest_off);
405 return -1;
406 }
407 }
408
409 return 0;
410}
411
412/*
413 * Find the destination instructions for all calls.
414 */
415static int add_call_destinations(struct objtool_file *file)
416{
417 struct instruction *insn;
418 unsigned long dest_off;
419 struct rela *rela;
420
421 for_each_insn(file, insn) {
422 if (insn->type != INSN_CALL)
423 continue;
424
425 rela = find_rela_by_dest_range(insn->sec, insn->offset,
426 insn->len);
427 if (!rela) {
428 dest_off = insn->offset + insn->len + insn->immediate;
429 insn->call_dest = find_symbol_by_offset(insn->sec,
430 dest_off);
431 if (!insn->call_dest) {
432 WARN_FUNC("can't find call dest symbol at offset 0x%lx",
433 insn->sec, insn->offset, dest_off);
434 return -1;
435 }
436 } else if (rela->sym->type == STT_SECTION) {
437 insn->call_dest = find_symbol_by_offset(rela->sym->sec,
438 rela->addend+4);
439 if (!insn->call_dest ||
440 insn->call_dest->type != STT_FUNC) {
441 WARN_FUNC("can't find call dest symbol at %s+0x%x",
442 insn->sec, insn->offset,
443 rela->sym->sec->name,
444 rela->addend + 4);
445 return -1;
446 }
447 } else
448 insn->call_dest = rela->sym;
449 }
450
451 return 0;
452}
453
454/*
455 * The .alternatives section requires some extra special care, over and above
456 * what other special sections require:
457 *
458 * 1. Because alternatives are patched in-place, we need to insert a fake jump
459 * instruction at the end so that validate_branch() skips all the original
460 * replaced instructions when validating the new instruction path.
461 *
462 * 2. An added wrinkle is that the new instruction length might be zero. In
463 * that case the old instructions are replaced with noops. We simulate that
464 * by creating a fake jump as the only new instruction.
465 *
466 * 3. In some cases, the alternative section includes an instruction which
467 * conditionally jumps to the _end_ of the entry. We have to modify these
468 * jumps' destinations to point back to .text rather than the end of the
469 * entry in .altinstr_replacement.
470 *
471 * 4. It has been requested that we don't validate the !POPCNT feature path
472 * which is a "very very small percentage of machines".
473 */
474static int handle_group_alt(struct objtool_file *file,
475 struct special_alt *special_alt,
476 struct instruction *orig_insn,
477 struct instruction **new_insn)
478{
479 struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump;
480 unsigned long dest_off;
481
482 last_orig_insn = NULL;
483 insn = orig_insn;
484 sec_for_each_insn_from(file, insn) {
485 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
486 break;
487
488 if (special_alt->skip_orig)
489 insn->type = INSN_NOP;
490
491 insn->alt_group = true;
492 last_orig_insn = insn;
493 }
494
495 if (!next_insn_same_sec(file, last_orig_insn)) {
496 WARN("%s: don't know how to handle alternatives at end of section",
497 special_alt->orig_sec->name);
498 return -1;
499 }
500
501 fake_jump = malloc(sizeof(*fake_jump));
502 if (!fake_jump) {
503 WARN("malloc failed");
504 return -1;
505 }
506 memset(fake_jump, 0, sizeof(*fake_jump));
507 INIT_LIST_HEAD(&fake_jump->alts);
508 fake_jump->sec = special_alt->new_sec;
509 fake_jump->offset = -1;
510 fake_jump->type = INSN_JUMP_UNCONDITIONAL;
511 fake_jump->jump_dest = list_next_entry(last_orig_insn, list);
512
513 if (!special_alt->new_len) {
514 *new_insn = fake_jump;
515 return 0;
516 }
517
518 last_new_insn = NULL;
519 insn = *new_insn;
520 sec_for_each_insn_from(file, insn) {
521 if (insn->offset >= special_alt->new_off + special_alt->new_len)
522 break;
523
524 last_new_insn = insn;
525
526 if (insn->type != INSN_JUMP_CONDITIONAL &&
527 insn->type != INSN_JUMP_UNCONDITIONAL)
528 continue;
529
530 if (!insn->immediate)
531 continue;
532
533 dest_off = insn->offset + insn->len + insn->immediate;
534 if (dest_off == special_alt->new_off + special_alt->new_len)
535 insn->jump_dest = fake_jump;
536
537 if (!insn->jump_dest) {
538 WARN_FUNC("can't find alternative jump destination",
539 insn->sec, insn->offset);
540 return -1;
541 }
542 }
543
544 if (!last_new_insn) {
545 WARN_FUNC("can't find last new alternative instruction",
546 special_alt->new_sec, special_alt->new_off);
547 return -1;
548 }
549
550 list_add(&fake_jump->list, &last_new_insn->list);
551
552 return 0;
553}
554
555/*
556 * A jump table entry can either convert a nop to a jump or a jump to a nop.
557 * If the original instruction is a jump, make the alt entry an effective nop
558 * by just skipping the original instruction.
559 */
560static int handle_jump_alt(struct objtool_file *file,
561 struct special_alt *special_alt,
562 struct instruction *orig_insn,
563 struct instruction **new_insn)
564{
565 if (orig_insn->type == INSN_NOP)
566 return 0;
567
568 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) {
569 WARN_FUNC("unsupported instruction at jump label",
570 orig_insn->sec, orig_insn->offset);
571 return -1;
572 }
573
574 *new_insn = list_next_entry(orig_insn, list);
575 return 0;
576}
577
578/*
579 * Read all the special sections which have alternate instructions which can be
580 * patched in or redirected to at runtime. Each instruction having alternate
581 * instruction(s) has them added to its insn->alts list, which will be
582 * traversed in validate_branch().
583 */
584static int add_special_section_alts(struct objtool_file *file)
585{
586 struct list_head special_alts;
587 struct instruction *orig_insn, *new_insn;
588 struct special_alt *special_alt, *tmp;
589 struct alternative *alt;
590 int ret;
591
592 ret = special_get_alts(file->elf, &special_alts);
593 if (ret)
594 return ret;
595
596 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
597 alt = malloc(sizeof(*alt));
598 if (!alt) {
599 WARN("malloc failed");
600 ret = -1;
601 goto out;
602 }
603
604 orig_insn = find_insn(file, special_alt->orig_sec,
605 special_alt->orig_off);
606 if (!orig_insn) {
607 WARN_FUNC("special: can't find orig instruction",
608 special_alt->orig_sec, special_alt->orig_off);
609 ret = -1;
610 goto out;
611 }
612
613 new_insn = NULL;
614 if (!special_alt->group || special_alt->new_len) {
615 new_insn = find_insn(file, special_alt->new_sec,
616 special_alt->new_off);
617 if (!new_insn) {
618 WARN_FUNC("special: can't find new instruction",
619 special_alt->new_sec,
620 special_alt->new_off);
621 ret = -1;
622 goto out;
623 }
624 }
625
626 if (special_alt->group) {
627 ret = handle_group_alt(file, special_alt, orig_insn,
628 &new_insn);
629 if (ret)
630 goto out;
631 } else if (special_alt->jump_or_nop) {
632 ret = handle_jump_alt(file, special_alt, orig_insn,
633 &new_insn);
634 if (ret)
635 goto out;
636 }
637
638 alt->insn = new_insn;
639 list_add_tail(&alt->list, &orig_insn->alts);
640
641 list_del(&special_alt->list);
642 free(special_alt);
643 }
644
645out:
646 return ret;
647}
648
649static int add_switch_table(struct objtool_file *file, struct symbol *func,
650 struct instruction *insn, struct rela *table,
651 struct rela *next_table)
652{
653 struct rela *rela = table;
654 struct instruction *alt_insn;
655 struct alternative *alt;
656
657 list_for_each_entry_from(rela, &file->rodata->rela->rela_list, list) {
658 if (rela == next_table)
659 break;
660
661 if (rela->sym->sec != insn->sec ||
662 rela->addend <= func->offset ||
663 rela->addend >= func->offset + func->len)
664 break;
665
666 alt_insn = find_insn(file, insn->sec, rela->addend);
667 if (!alt_insn) {
668 WARN("%s: can't find instruction at %s+0x%x",
669 file->rodata->rela->name, insn->sec->name,
670 rela->addend);
671 return -1;
672 }
673
674 alt = malloc(sizeof(*alt));
675 if (!alt) {
676 WARN("malloc failed");
677 return -1;
678 }
679
680 alt->insn = alt_insn;
681 list_add_tail(&alt->list, &insn->alts);
682 }
683
684 return 0;
685}
686
687/*
688 * find_switch_table() - Given a dynamic jump, find the switch jump table in
689 * .rodata associated with it.
690 *
691 * There are 3 basic patterns:
692 *
693 * 1. jmpq *[rodata addr](,%reg,8)
694 *
695 * This is the most common case by far. It jumps to an address in a simple
696 * jump table which is stored in .rodata.
697 *
698 * 2. jmpq *[rodata addr](%rip)
699 *
700 * This is caused by a rare GCC quirk, currently only seen in three driver
701 * functions in the kernel, only with certain obscure non-distro configs.
702 *
703 * As part of an optimization, GCC makes a copy of an existing switch jump
704 * table, modifies it, and then hard-codes the jump (albeit with an indirect
705 * jump) to use a single entry in the table. The rest of the jump table and
706 * some of its jump targets remain as dead code.
707 *
708 * In such a case we can just crudely ignore all unreachable instruction
709 * warnings for the entire object file. Ideally we would just ignore them
710 * for the function, but that would require redesigning the code quite a
711 * bit. And honestly that's just not worth doing: unreachable instruction
712 * warnings are of questionable value anyway, and this is such a rare issue.
713 *
714 * 3. mov [rodata addr],%reg1
715 * ... some instructions ...
716 * jmpq *(%reg1,%reg2,8)
717 *
718 * This is a fairly uncommon pattern which is new for GCC 6. As of this
719 * writing, there are 11 occurrences of it in the allmodconfig kernel.
720 *
721 * TODO: Once we have DWARF CFI and smarter instruction decoding logic,
722 * ensure the same register is used in the mov and jump instructions.
723 */
724static struct rela *find_switch_table(struct objtool_file *file,
725 struct symbol *func,
726 struct instruction *insn)
727{
728 struct rela *text_rela, *rodata_rela;
729 struct instruction *orig_insn = insn;
730
731 text_rela = find_rela_by_dest_range(insn->sec, insn->offset, insn->len);
732 if (text_rela && text_rela->sym == file->rodata->sym) {
733 /* case 1 */
734 rodata_rela = find_rela_by_dest(file->rodata,
735 text_rela->addend);
736 if (rodata_rela)
737 return rodata_rela;
738
739 /* case 2 */
740 rodata_rela = find_rela_by_dest(file->rodata,
741 text_rela->addend + 4);
742 if (!rodata_rela)
743 return NULL;
744 file->ignore_unreachables = true;
745 return rodata_rela;
746 }
747
748 /* case 3 */
749 func_for_each_insn_continue_reverse(file, func, insn) {
750 if (insn->type == INSN_JUMP_DYNAMIC)
751 break;
752
753 /* allow small jumps within the range */
754 if (insn->type == INSN_JUMP_UNCONDITIONAL &&
755 insn->jump_dest &&
756 (insn->jump_dest->offset <= insn->offset ||
757 insn->jump_dest->offset > orig_insn->offset))
758 break;
759
760 text_rela = find_rela_by_dest_range(insn->sec, insn->offset,
761 insn->len);
762 if (text_rela && text_rela->sym == file->rodata->sym)
763 return find_rela_by_dest(file->rodata,
764 text_rela->addend);
765 }
766
767 return NULL;
768}
769
770static int add_func_switch_tables(struct objtool_file *file,
771 struct symbol *func)
772{
773 struct instruction *insn, *prev_jump = NULL;
774 struct rela *rela, *prev_rela = NULL;
775 int ret;
776
777 func_for_each_insn(file, func, insn) {
778 if (insn->type != INSN_JUMP_DYNAMIC)
779 continue;
780
781 rela = find_switch_table(file, func, insn);
782 if (!rela)
783 continue;
784
785 /*
786 * We found a switch table, but we don't know yet how big it
787 * is. Don't add it until we reach the end of the function or
788 * the beginning of another switch table in the same function.
789 */
790 if (prev_jump) {
791 ret = add_switch_table(file, func, prev_jump, prev_rela,
792 rela);
793 if (ret)
794 return ret;
795 }
796
797 prev_jump = insn;
798 prev_rela = rela;
799 }
800
801 if (prev_jump) {
802 ret = add_switch_table(file, func, prev_jump, prev_rela, NULL);
803 if (ret)
804 return ret;
805 }
806
807 return 0;
808}
809
810/*
811 * For some switch statements, gcc generates a jump table in the .rodata
812 * section which contains a list of addresses within the function to jump to.
813 * This finds these jump tables and adds them to the insn->alts lists.
814 */
815static int add_switch_table_alts(struct objtool_file *file)
816{
817 struct section *sec;
818 struct symbol *func;
819 int ret;
820
821 if (!file->rodata || !file->rodata->rela)
822 return 0;
823
824 list_for_each_entry(sec, &file->elf->sections, list) {
825 list_for_each_entry(func, &sec->symbol_list, list) {
826 if (func->type != STT_FUNC)
827 continue;
828
829 ret = add_func_switch_tables(file, func);
830 if (ret)
831 return ret;
832 }
833 }
834
835 return 0;
836}
837
838static int decode_sections(struct objtool_file *file)
839{
840 int ret;
841
842 ret = decode_instructions(file);
843 if (ret)
844 return ret;
845
846 add_ignores(file);
847
848 ret = add_jump_destinations(file);
849 if (ret)
850 return ret;
851
852 ret = add_call_destinations(file);
853 if (ret)
854 return ret;
855
856 ret = add_special_section_alts(file);
857 if (ret)
858 return ret;
859
860 ret = add_switch_table_alts(file);
861 if (ret)
862 return ret;
863
864 return 0;
865}
866
867static bool is_fentry_call(struct instruction *insn)
868{
869 if (insn->type == INSN_CALL &&
870 insn->call_dest->type == STT_NOTYPE &&
871 !strcmp(insn->call_dest->name, "__fentry__"))
872 return true;
873
874 return false;
875}
876
877static bool has_modified_stack_frame(struct instruction *insn)
878{
879 return (insn->state & STATE_FP_SAVED) ||
880 (insn->state & STATE_FP_SETUP);
881}
882
883static bool has_valid_stack_frame(struct instruction *insn)
884{
885 return (insn->state & STATE_FP_SAVED) &&
886 (insn->state & STATE_FP_SETUP);
887}
888
889static unsigned int frame_state(unsigned long state)
890{
891 return (state & (STATE_FP_SAVED | STATE_FP_SETUP));
892}
893
894/*
895 * Follow the branch starting at the given instruction, and recursively follow
896 * any other branches (jumps). Meanwhile, track the frame pointer state at
897 * each instruction and validate all the rules described in
898 * tools/objtool/Documentation/stack-validation.txt.
899 */
900static int validate_branch(struct objtool_file *file,
901 struct instruction *first, unsigned char first_state)
902{
903 struct alternative *alt;
904 struct instruction *insn;
905 struct section *sec;
906 struct symbol *func = NULL;
907 unsigned char state;
908 int ret;
909
910 insn = first;
911 sec = insn->sec;
912 state = first_state;
913
914 if (insn->alt_group && list_empty(&insn->alts)) {
915 WARN_FUNC("don't know how to handle branch to middle of alternative instruction group",
916 sec, insn->offset);
917 return 1;
918 }
919
920 while (1) {
921 if (file->c_file && insn->func) {
922 if (func && func != insn->func) {
923 WARN("%s() falls through to next function %s()",
924 func->name, insn->func->name);
925 return 1;
926 }
927
928 func = insn->func;
929 }
930
931 if (insn->visited) {
932 if (frame_state(insn->state) != frame_state(state)) {
933 WARN_FUNC("frame pointer state mismatch",
934 sec, insn->offset);
935 return 1;
936 }
937
938 return 0;
939 }
940
941 insn->visited = true;
942 insn->state = state;
943
944 list_for_each_entry(alt, &insn->alts, list) {
945 ret = validate_branch(file, alt->insn, state);
946 if (ret)
947 return 1;
948 }
949
950 switch (insn->type) {
951
952 case INSN_FP_SAVE:
953 if (!nofp) {
954 if (state & STATE_FP_SAVED) {
955 WARN_FUNC("duplicate frame pointer save",
956 sec, insn->offset);
957 return 1;
958 }
959 state |= STATE_FP_SAVED;
960 }
961 break;
962
963 case INSN_FP_SETUP:
964 if (!nofp) {
965 if (state & STATE_FP_SETUP) {
966 WARN_FUNC("duplicate frame pointer setup",
967 sec, insn->offset);
968 return 1;
969 }
970 state |= STATE_FP_SETUP;
971 }
972 break;
973
974 case INSN_FP_RESTORE:
975 if (!nofp) {
976 if (has_valid_stack_frame(insn))
977 state &= ~STATE_FP_SETUP;
978
979 state &= ~STATE_FP_SAVED;
980 }
981 break;
982
983 case INSN_RETURN:
984 if (!nofp && has_modified_stack_frame(insn)) {
985 WARN_FUNC("return without frame pointer restore",
986 sec, insn->offset);
987 return 1;
988 }
989 return 0;
990
991 case INSN_CALL:
992 if (is_fentry_call(insn)) {
993 state |= STATE_FENTRY;
994 break;
995 }
996
997 ret = dead_end_function(file, insn->call_dest);
998 if (ret == 1)
999 return 0;
1000 if (ret == -1)
1001 return 1;
1002
1003 /* fallthrough */
1004 case INSN_CALL_DYNAMIC:
1005 if (!nofp && !has_valid_stack_frame(insn)) {
1006 WARN_FUNC("call without frame pointer save/setup",
1007 sec, insn->offset);
1008 return 1;
1009 }
1010 break;
1011
1012 case INSN_JUMP_CONDITIONAL:
1013 case INSN_JUMP_UNCONDITIONAL:
1014 if (insn->jump_dest) {
1015 ret = validate_branch(file, insn->jump_dest,
1016 state);
1017 if (ret)
1018 return 1;
1019 } else if (has_modified_stack_frame(insn)) {
1020 WARN_FUNC("sibling call from callable instruction with changed frame pointer",
1021 sec, insn->offset);
1022 return 1;
1023 } /* else it's a sibling call */
1024
1025 if (insn->type == INSN_JUMP_UNCONDITIONAL)
1026 return 0;
1027
1028 break;
1029
1030 case INSN_JUMP_DYNAMIC:
1031 if (list_empty(&insn->alts) &&
1032 has_modified_stack_frame(insn)) {
1033 WARN_FUNC("sibling call from callable instruction with changed frame pointer",
1034 sec, insn->offset);
1035 return 1;
1036 }
1037
1038 return 0;
1039
1040 case INSN_BUG:
1041 return 0;
1042
1043 default:
1044 break;
1045 }
1046
1047 insn = next_insn_same_sec(file, insn);
1048 if (!insn) {
1049 WARN("%s: unexpected end of section", sec->name);
1050 return 1;
1051 }
1052 }
1053
1054 return 0;
1055}
1056
1057static bool is_kasan_insn(struct instruction *insn)
1058{
1059 return (insn->type == INSN_CALL &&
1060 !strcmp(insn->call_dest->name, "__asan_handle_no_return"));
1061}
1062
1063static bool is_ubsan_insn(struct instruction *insn)
1064{
1065 return (insn->type == INSN_CALL &&
1066 !strcmp(insn->call_dest->name,
1067 "__ubsan_handle_builtin_unreachable"));
1068}
1069
1070static bool ignore_unreachable_insn(struct symbol *func,
1071 struct instruction *insn)
1072{
1073 int i;
1074
1075 if (insn->type == INSN_NOP)
1076 return true;
1077
1078 /*
1079 * Check if this (or a subsequent) instruction is related to
1080 * CONFIG_UBSAN or CONFIG_KASAN.
1081 *
1082 * End the search at 5 instructions to avoid going into the weeds.
1083 */
1084 for (i = 0; i < 5; i++) {
1085
1086 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
1087 return true;
1088
1089 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest) {
1090 insn = insn->jump_dest;
1091 continue;
1092 }
1093
1094 if (insn->offset + insn->len >= func->offset + func->len)
1095 break;
1096 insn = list_next_entry(insn, list);
1097 }
1098
1099 return false;
1100}
1101
1102static int validate_functions(struct objtool_file *file)
1103{
1104 struct section *sec;
1105 struct symbol *func;
1106 struct instruction *insn;
1107 int ret, warnings = 0;
1108
1109 list_for_each_entry(sec, &file->elf->sections, list) {
1110 list_for_each_entry(func, &sec->symbol_list, list) {
1111 if (func->type != STT_FUNC)
1112 continue;
1113
1114 insn = find_insn(file, sec, func->offset);
1115 if (!insn)
1116 continue;
1117
1118 ret = validate_branch(file, insn, 0);
1119 warnings += ret;
1120 }
1121 }
1122
1123 list_for_each_entry(sec, &file->elf->sections, list) {
1124 list_for_each_entry(func, &sec->symbol_list, list) {
1125 if (func->type != STT_FUNC)
1126 continue;
1127
1128 func_for_each_insn(file, func, insn) {
1129 if (insn->visited)
1130 continue;
1131
1132 insn->visited = true;
1133
1134 if (file->ignore_unreachables || warnings ||
1135 ignore_unreachable_insn(func, insn))
1136 continue;
1137
1138 /*
1139 * gcov produces a lot of unreachable
1140 * instructions. If we get an unreachable
1141 * warning and the file has gcov enabled, just
1142 * ignore it, and all other such warnings for
1143 * the file.
1144 */
1145 if (!file->ignore_unreachables &&
1146 gcov_enabled(file)) {
1147 file->ignore_unreachables = true;
1148 continue;
1149 }
1150
1151 WARN_FUNC("function has unreachable instruction", insn->sec, insn->offset);
1152 warnings++;
1153 }
1154 }
1155 }
1156
1157 return warnings;
1158}
1159
1160static int validate_uncallable_instructions(struct objtool_file *file)
1161{
1162 struct instruction *insn;
1163 int warnings = 0;
1164
1165 for_each_insn(file, insn) {
1166 if (!insn->visited && insn->type == INSN_RETURN) {
1167 WARN_FUNC("return instruction outside of a callable function",
1168 insn->sec, insn->offset);
1169 warnings++;
1170 }
1171 }
1172
1173 return warnings;
1174}
1175
1176static void cleanup(struct objtool_file *file)
1177{
1178 struct instruction *insn, *tmpinsn;
1179 struct alternative *alt, *tmpalt;
1180
1181 list_for_each_entry_safe(insn, tmpinsn, &file->insn_list, list) {
1182 list_for_each_entry_safe(alt, tmpalt, &insn->alts, list) {
1183 list_del(&alt->list);
1184 free(alt);
1185 }
1186 list_del(&insn->list);
1187 hash_del(&insn->hash);
1188 free(insn);
1189 }
1190 elf_close(file->elf);
1191}
1192
1193const char * const check_usage[] = {
1194 "objtool check [<options>] file.o",
1195 NULL,
1196};
1197
1198int cmd_check(int argc, const char **argv)
1199{
1200 struct objtool_file file;
1201 int ret, warnings = 0;
1202
1203 const struct option options[] = {
1204 OPT_BOOLEAN('f', "no-fp", &nofp, "Skip frame pointer validation"),
1205 OPT_END(),
1206 };
1207
1208 argc = parse_options(argc, argv, options, check_usage, 0);
1209
1210 if (argc != 1)
1211 usage_with_options(check_usage, options);
1212
1213 objname = argv[0];
1214
1215 file.elf = elf_open(objname);
1216 if (!file.elf) {
1217 fprintf(stderr, "error reading elf file %s\n", objname);
1218 return 1;
1219 }
1220
1221 INIT_LIST_HEAD(&file.insn_list);
1222 hash_init(file.insn_hash);
1223 file.whitelist = find_section_by_name(file.elf, "__func_stack_frame_non_standard");
1224 file.rodata = find_section_by_name(file.elf, ".rodata");
1225 file.ignore_unreachables = false;
1226 file.c_file = find_section_by_name(file.elf, ".comment");
1227
1228 ret = decode_sections(&file);
1229 if (ret < 0)
1230 goto out;
1231 warnings += ret;
1232
1233 ret = validate_functions(&file);
1234 if (ret < 0)
1235 goto out;
1236 warnings += ret;
1237
1238 ret = validate_uncallable_instructions(&file);
1239 if (ret < 0)
1240 goto out;
1241 warnings += ret;
1242
1243out:
1244 cleanup(&file);
1245
1246 /* ignore warnings for now until we get all the code cleaned up */
1247 if (ret || warnings)
1248 return 0;
1249 return 0;
1250}