2 * Copyright (C) 2015 Josh Poimboeuf <jpoimboe@redhat.com>
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 * This command analyzes every .o file and ensures the validity of its stack
22 * trace metadata. It enforces a set of rules on asm code and C inline
23 * assembly code so that stack traces can be reliable.
25 * For more information, see tools/objtool/Documentation/stack-validation.txt.
29 #include <subcmd/parse-options.h>
37 #include <linux/hashtable.h>
39 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
41 #define STATE_FP_SAVED 0x1
42 #define STATE_FP_SETUP 0x2
43 #define STATE_FENTRY 0x4
46 struct list_head list;
47 struct hlist_node hash;
50 unsigned int len, state;
52 unsigned long immediate;
53 bool alt_group, visited;
54 struct symbol *call_dest;
55 struct instruction *jump_dest;
56 struct list_head alts;
60 struct list_head list;
61 struct instruction *insn;
66 struct list_head insn_list;
67 DECLARE_HASHTABLE(insn_hash, 16);
68 struct section *rodata, *whitelist;
74 static struct instruction *find_insn(struct objtool_file *file,
75 struct section *sec, unsigned long offset)
77 struct instruction *insn;
79 hash_for_each_possible(file->insn_hash, insn, hash, offset)
80 if (insn->sec == sec && insn->offset == offset)
86 static struct instruction *next_insn_same_sec(struct objtool_file *file,
87 struct instruction *insn)
89 struct instruction *next = list_next_entry(insn, list);
91 if (&next->list == &file->insn_list || next->sec != insn->sec)
97 #define for_each_insn(file, insn) \
98 list_for_each_entry(insn, &file->insn_list, list)
100 #define func_for_each_insn(file, func, insn) \
101 for (insn = find_insn(file, func->sec, func->offset); \
102 insn && &insn->list != &file->insn_list && \
103 insn->sec == func->sec && \
104 insn->offset < func->offset + func->len; \
105 insn = list_next_entry(insn, list))
107 #define sec_for_each_insn_from(file, insn) \
108 for (; insn; insn = next_insn_same_sec(file, insn))
112 * Check if the function has been manually whitelisted with the
113 * STACK_FRAME_NON_STANDARD macro, or if it should be automatically whitelisted
114 * due to its use of a context switching instruction.
116 static bool ignore_func(struct objtool_file *file, struct symbol *func)
119 struct instruction *insn;
121 /* check for STACK_FRAME_NON_STANDARD */
122 if (file->whitelist && file->whitelist->rela)
123 list_for_each_entry(rela, &file->whitelist->rela->rela_list, list)
124 if (rela->sym->sec == func->sec &&
125 rela->addend == func->offset)
128 /* check if it has a context switching instruction */
129 func_for_each_insn(file, func, insn)
130 if (insn->type == INSN_CONTEXT_SWITCH)
137 * This checks to see if the given function is a "noreturn" function.
139 * For global functions which are outside the scope of this object file, we
140 * have to keep a manual list of them.
142 * For local functions, we have to detect them manually by simply looking for
143 * the lack of a return instruction.
150 static int __dead_end_function(struct objtool_file *file, struct symbol *func,
154 struct instruction *insn;
158 * Unfortunately these have to be hard coded because the noreturn
159 * attribute isn't provided in ELF data.
161 static const char * const global_noreturns[] = {
165 "__module_put_and_exit",
167 "kvm_spurious_fault",
172 if (func->bind == STB_WEAK)
175 if (func->bind == STB_GLOBAL)
176 for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
177 if (!strcmp(func->name, global_noreturns[i]))
183 func_for_each_insn(file, func, insn) {
186 if (insn->type == INSN_RETURN)
194 * A function can have a sibling call instead of a return. In that
195 * case, the function's dead-end status depends on whether the target
196 * of the sibling call returns.
198 func_for_each_insn(file, func, insn) {
199 if (insn->sec != func->sec ||
200 insn->offset >= func->offset + func->len)
203 if (insn->type == INSN_JUMP_UNCONDITIONAL) {
204 struct instruction *dest = insn->jump_dest;
205 struct symbol *dest_func;
208 /* sibling call to another file */
211 if (dest->sec != func->sec ||
212 dest->offset < func->offset ||
213 dest->offset >= func->offset + func->len) {
214 /* local sibling call */
215 dest_func = find_symbol_by_offset(dest->sec,
220 if (recursion == 5) {
221 WARN_FUNC("infinite recursion (objtool bug!)",
222 dest->sec, dest->offset);
226 return __dead_end_function(file, dest_func,
231 if (insn->type == INSN_JUMP_DYNAMIC)
239 static int dead_end_function(struct objtool_file *file, struct symbol *func)
241 return __dead_end_function(file, func, 0);
245 * Call the arch-specific instruction decoder for all the instructions and add
246 * them to the global instruction list.
248 static int decode_instructions(struct objtool_file *file)
251 unsigned long offset;
252 struct instruction *insn;
255 list_for_each_entry(sec, &file->elf->sections, list) {
257 if (!(sec->sh.sh_flags & SHF_EXECINSTR))
260 for (offset = 0; offset < sec->len; offset += insn->len) {
261 insn = malloc(sizeof(*insn));
262 memset(insn, 0, sizeof(*insn));
264 INIT_LIST_HEAD(&insn->alts);
266 insn->offset = offset;
268 ret = arch_decode_instruction(file->elf, sec, offset,
270 &insn->len, &insn->type,
275 if (!insn->type || insn->type > INSN_LAST) {
276 WARN_FUNC("invalid instruction type %d",
277 insn->sec, insn->offset, insn->type);
281 hash_add(file->insn_hash, &insn->hash, insn->offset);
282 list_add_tail(&insn->list, &file->insn_list);
290 * Warnings shouldn't be reported for ignored functions.
292 static void add_ignores(struct objtool_file *file)
294 struct instruction *insn;
298 list_for_each_entry(sec, &file->elf->sections, list) {
299 list_for_each_entry(func, &sec->symbol_list, list) {
300 if (func->type != STT_FUNC)
303 if (!ignore_func(file, func))
306 func_for_each_insn(file, func, insn)
307 insn->visited = true;
313 * Find the destination instructions for all jumps.
315 static int add_jump_destinations(struct objtool_file *file)
317 struct instruction *insn;
319 struct section *dest_sec;
320 unsigned long dest_off;
322 for_each_insn(file, insn) {
323 if (insn->type != INSN_JUMP_CONDITIONAL &&
324 insn->type != INSN_JUMP_UNCONDITIONAL)
331 rela = find_rela_by_dest_range(insn->sec, insn->offset,
334 dest_sec = insn->sec;
335 dest_off = insn->offset + insn->len + insn->immediate;
336 } else if (rela->sym->type == STT_SECTION) {
337 dest_sec = rela->sym->sec;
338 dest_off = rela->addend + 4;
339 } else if (rela->sym->sec->idx) {
340 dest_sec = rela->sym->sec;
341 dest_off = rela->sym->sym.st_value + rela->addend + 4;
348 insn->jump_dest = find_insn(file, dest_sec, dest_off);
349 if (!insn->jump_dest) {
352 * This is a special case where an alt instruction
353 * jumps past the end of the section. These are
354 * handled later in handle_group_alt().
356 if (!strcmp(insn->sec->name, ".altinstr_replacement"))
359 WARN_FUNC("can't find jump dest instruction at %s+0x%lx",
360 insn->sec, insn->offset, dest_sec->name,
370 * Find the destination instructions for all calls.
372 static int add_call_destinations(struct objtool_file *file)
374 struct instruction *insn;
375 unsigned long dest_off;
378 for_each_insn(file, insn) {
379 if (insn->type != INSN_CALL)
382 rela = find_rela_by_dest_range(insn->sec, insn->offset,
385 dest_off = insn->offset + insn->len + insn->immediate;
386 insn->call_dest = find_symbol_by_offset(insn->sec,
388 if (!insn->call_dest) {
389 WARN_FUNC("can't find call dest symbol at offset 0x%lx",
390 insn->sec, insn->offset, dest_off);
393 } else if (rela->sym->type == STT_SECTION) {
394 insn->call_dest = find_symbol_by_offset(rela->sym->sec,
396 if (!insn->call_dest ||
397 insn->call_dest->type != STT_FUNC) {
398 WARN_FUNC("can't find call dest symbol at %s+0x%x",
399 insn->sec, insn->offset,
400 rela->sym->sec->name,
405 insn->call_dest = rela->sym;
412 * The .alternatives section requires some extra special care, over and above
413 * what other special sections require:
415 * 1. Because alternatives are patched in-place, we need to insert a fake jump
416 * instruction at the end so that validate_branch() skips all the original
417 * replaced instructions when validating the new instruction path.
419 * 2. An added wrinkle is that the new instruction length might be zero. In
420 * that case the old instructions are replaced with noops. We simulate that
421 * by creating a fake jump as the only new instruction.
423 * 3. In some cases, the alternative section includes an instruction which
424 * conditionally jumps to the _end_ of the entry. We have to modify these
425 * jumps' destinations to point back to .text rather than the end of the
426 * entry in .altinstr_replacement.
428 * 4. It has been requested that we don't validate the !POPCNT feature path
429 * which is a "very very small percentage of machines".
431 static int handle_group_alt(struct objtool_file *file,
432 struct special_alt *special_alt,
433 struct instruction *orig_insn,
434 struct instruction **new_insn)
436 struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump;
437 unsigned long dest_off;
439 last_orig_insn = NULL;
441 sec_for_each_insn_from(file, insn) {
442 if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
445 if (special_alt->skip_orig)
446 insn->type = INSN_NOP;
448 insn->alt_group = true;
449 last_orig_insn = insn;
452 if (!next_insn_same_sec(file, last_orig_insn)) {
453 WARN("%s: don't know how to handle alternatives at end of section",
454 special_alt->orig_sec->name);
458 fake_jump = malloc(sizeof(*fake_jump));
460 WARN("malloc failed");
463 memset(fake_jump, 0, sizeof(*fake_jump));
464 INIT_LIST_HEAD(&fake_jump->alts);
465 fake_jump->sec = special_alt->new_sec;
466 fake_jump->offset = -1;
467 fake_jump->type = INSN_JUMP_UNCONDITIONAL;
468 fake_jump->jump_dest = list_next_entry(last_orig_insn, list);
470 if (!special_alt->new_len) {
471 *new_insn = fake_jump;
475 last_new_insn = NULL;
477 sec_for_each_insn_from(file, insn) {
478 if (insn->offset >= special_alt->new_off + special_alt->new_len)
481 last_new_insn = insn;
483 if (insn->type != INSN_JUMP_CONDITIONAL &&
484 insn->type != INSN_JUMP_UNCONDITIONAL)
487 if (!insn->immediate)
490 dest_off = insn->offset + insn->len + insn->immediate;
491 if (dest_off == special_alt->new_off + special_alt->new_len)
492 insn->jump_dest = fake_jump;
494 if (!insn->jump_dest) {
495 WARN_FUNC("can't find alternative jump destination",
496 insn->sec, insn->offset);
501 if (!last_new_insn) {
502 WARN_FUNC("can't find last new alternative instruction",
503 special_alt->new_sec, special_alt->new_off);
507 list_add(&fake_jump->list, &last_new_insn->list);
513 * A jump table entry can either convert a nop to a jump or a jump to a nop.
514 * If the original instruction is a jump, make the alt entry an effective nop
515 * by just skipping the original instruction.
517 static int handle_jump_alt(struct objtool_file *file,
518 struct special_alt *special_alt,
519 struct instruction *orig_insn,
520 struct instruction **new_insn)
522 if (orig_insn->type == INSN_NOP)
525 if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) {
526 WARN_FUNC("unsupported instruction at jump label",
527 orig_insn->sec, orig_insn->offset);
531 *new_insn = list_next_entry(orig_insn, list);
536 * Read all the special sections which have alternate instructions which can be
537 * patched in or redirected to at runtime. Each instruction having alternate
538 * instruction(s) has them added to its insn->alts list, which will be
539 * traversed in validate_branch().
541 static int add_special_section_alts(struct objtool_file *file)
543 struct list_head special_alts;
544 struct instruction *orig_insn, *new_insn;
545 struct special_alt *special_alt, *tmp;
546 struct alternative *alt;
549 ret = special_get_alts(file->elf, &special_alts);
553 list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
554 alt = malloc(sizeof(*alt));
556 WARN("malloc failed");
561 orig_insn = find_insn(file, special_alt->orig_sec,
562 special_alt->orig_off);
564 WARN_FUNC("special: can't find orig instruction",
565 special_alt->orig_sec, special_alt->orig_off);
571 if (!special_alt->group || special_alt->new_len) {
572 new_insn = find_insn(file, special_alt->new_sec,
573 special_alt->new_off);
575 WARN_FUNC("special: can't find new instruction",
576 special_alt->new_sec,
577 special_alt->new_off);
583 if (special_alt->group) {
584 ret = handle_group_alt(file, special_alt, orig_insn,
588 } else if (special_alt->jump_or_nop) {
589 ret = handle_jump_alt(file, special_alt, orig_insn,
595 alt->insn = new_insn;
596 list_add_tail(&alt->list, &orig_insn->alts);
598 list_del(&special_alt->list);
606 static int add_switch_table(struct objtool_file *file, struct symbol *func,
607 struct instruction *insn, struct rela *table,
608 struct rela *next_table)
610 struct rela *rela = table;
611 struct instruction *alt_insn;
612 struct alternative *alt;
614 list_for_each_entry_from(rela, &file->rodata->rela->rela_list, list) {
615 if (rela == next_table)
618 if (rela->sym->sec != insn->sec ||
619 rela->addend <= func->offset ||
620 rela->addend >= func->offset + func->len)
623 alt_insn = find_insn(file, insn->sec, rela->addend);
625 WARN("%s: can't find instruction at %s+0x%x",
626 file->rodata->rela->name, insn->sec->name,
631 alt = malloc(sizeof(*alt));
633 WARN("malloc failed");
637 alt->insn = alt_insn;
638 list_add_tail(&alt->list, &insn->alts);
644 static int add_func_switch_tables(struct objtool_file *file,
647 struct instruction *insn, *prev_jump;
648 struct rela *text_rela, *rodata_rela, *prev_rela;
653 func_for_each_insn(file, func, insn) {
654 if (insn->type != INSN_JUMP_DYNAMIC)
657 text_rela = find_rela_by_dest_range(insn->sec, insn->offset,
659 if (!text_rela || text_rela->sym != file->rodata->sym)
662 /* common case: jmpq *[addr](,%rax,8) */
663 rodata_rela = find_rela_by_dest(file->rodata,
667 * TODO: Document where this is needed, or get rid of it.
669 * rare case: jmpq *[addr](%rip)
672 rodata_rela = find_rela_by_dest(file->rodata,
673 text_rela->addend + 4);
679 * We found a switch table, but we don't know yet how big it
680 * is. Don't add it until we reach the end of the function or
681 * the beginning of another switch table in the same function.
684 ret = add_switch_table(file, func, prev_jump, prev_rela,
691 prev_rela = rodata_rela;
695 ret = add_switch_table(file, func, prev_jump, prev_rela, NULL);
704 * For some switch statements, gcc generates a jump table in the .rodata
705 * section which contains a list of addresses within the function to jump to.
706 * This finds these jump tables and adds them to the insn->alts lists.
708 static int add_switch_table_alts(struct objtool_file *file)
714 if (!file->rodata || !file->rodata->rela)
717 list_for_each_entry(sec, &file->elf->sections, list) {
718 list_for_each_entry(func, &sec->symbol_list, list) {
719 if (func->type != STT_FUNC)
722 ret = add_func_switch_tables(file, func);
731 static int decode_sections(struct objtool_file *file)
735 file->whitelist = find_section_by_name(file->elf, "__func_stack_frame_non_standard");
736 file->rodata = find_section_by_name(file->elf, ".rodata");
738 ret = decode_instructions(file);
744 ret = add_jump_destinations(file);
748 ret = add_call_destinations(file);
752 ret = add_special_section_alts(file);
756 ret = add_switch_table_alts(file);
763 static bool is_fentry_call(struct instruction *insn)
765 if (insn->type == INSN_CALL &&
766 insn->call_dest->type == STT_NOTYPE &&
767 !strcmp(insn->call_dest->name, "__fentry__"))
773 static bool has_modified_stack_frame(struct instruction *insn)
775 return (insn->state & STATE_FP_SAVED) ||
776 (insn->state & STATE_FP_SETUP);
779 static bool has_valid_stack_frame(struct instruction *insn)
781 return (insn->state & STATE_FP_SAVED) &&
782 (insn->state & STATE_FP_SETUP);
785 static unsigned int frame_state(unsigned long state)
787 return (state & (STATE_FP_SAVED | STATE_FP_SETUP));
791 * Follow the branch starting at the given instruction, and recursively follow
792 * any other branches (jumps). Meanwhile, track the frame pointer state at
793 * each instruction and validate all the rules described in
794 * tools/objtool/Documentation/stack-validation.txt.
796 static int validate_branch(struct objtool_file *file,
797 struct instruction *first, unsigned char first_state)
799 struct alternative *alt;
800 struct instruction *insn;
809 if (insn->alt_group && list_empty(&insn->alts)) {
810 WARN_FUNC("don't know how to handle branch to middle of alternative instruction group",
817 if (frame_state(insn->state) != frame_state(state)) {
818 WARN_FUNC("frame pointer state mismatch",
827 * Catch a rare case where a noreturn function falls through to
830 if (is_fentry_call(insn) && (state & STATE_FENTRY))
833 insn->visited = true;
836 list_for_each_entry(alt, &insn->alts, list) {
837 ret = validate_branch(file, alt->insn, state);
842 switch (insn->type) {
846 if (state & STATE_FP_SAVED) {
847 WARN_FUNC("duplicate frame pointer save",
851 state |= STATE_FP_SAVED;
857 if (state & STATE_FP_SETUP) {
858 WARN_FUNC("duplicate frame pointer setup",
862 state |= STATE_FP_SETUP;
866 case INSN_FP_RESTORE:
868 if (has_valid_stack_frame(insn))
869 state &= ~STATE_FP_SETUP;
871 state &= ~STATE_FP_SAVED;
876 if (!nofp && has_modified_stack_frame(insn)) {
877 WARN_FUNC("return without frame pointer restore",
884 if (is_fentry_call(insn)) {
885 state |= STATE_FENTRY;
889 ret = dead_end_function(file, insn->call_dest);
896 case INSN_CALL_DYNAMIC:
897 if (!nofp && !has_valid_stack_frame(insn)) {
898 WARN_FUNC("call without frame pointer save/setup",
904 case INSN_JUMP_CONDITIONAL:
905 case INSN_JUMP_UNCONDITIONAL:
906 if (insn->jump_dest) {
907 ret = validate_branch(file, insn->jump_dest,
911 } else if (has_modified_stack_frame(insn)) {
912 WARN_FUNC("sibling call from callable instruction with changed frame pointer",
915 } /* else it's a sibling call */
917 if (insn->type == INSN_JUMP_UNCONDITIONAL)
922 case INSN_JUMP_DYNAMIC:
923 if (list_empty(&insn->alts) &&
924 has_modified_stack_frame(insn)) {
925 WARN_FUNC("sibling call from callable instruction with changed frame pointer",
939 insn = next_insn_same_sec(file, insn);
941 WARN("%s: unexpected end of section", sec->name);
949 static bool is_gcov_insn(struct instruction *insn)
954 unsigned long offset;
956 rela = find_rela_by_dest_range(insn->sec, insn->offset, insn->len);
960 if (rela->sym->type != STT_SECTION)
963 sec = rela->sym->sec;
964 offset = rela->addend + insn->offset + insn->len - rela->offset;
966 list_for_each_entry(sym, &sec->symbol_list, list) {
967 if (sym->type != STT_OBJECT)
970 if (offset >= sym->offset && offset < sym->offset + sym->len)
971 return (!memcmp(sym->name, "__gcov0.", 8));
977 static bool is_kasan_insn(struct instruction *insn)
979 return (insn->type == INSN_CALL &&
980 !strcmp(insn->call_dest->name, "__asan_handle_no_return"));
983 static bool is_ubsan_insn(struct instruction *insn)
985 return (insn->type == INSN_CALL &&
986 !strcmp(insn->call_dest->name,
987 "__ubsan_handle_builtin_unreachable"));
990 static bool ignore_unreachable_insn(struct symbol *func,
991 struct instruction *insn)
995 if (insn->type == INSN_NOP)
998 if (is_gcov_insn(insn))
1002 * Check if this (or a subsequent) instruction is related to
1003 * CONFIG_UBSAN or CONFIG_KASAN.
1005 * End the search at 5 instructions to avoid going into the weeds.
1007 for (i = 0; i < 5; i++) {
1009 if (is_kasan_insn(insn) || is_ubsan_insn(insn))
1012 if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest) {
1013 insn = insn->jump_dest;
1017 if (insn->offset + insn->len >= func->offset + func->len)
1019 insn = list_next_entry(insn, list);
1025 static int validate_functions(struct objtool_file *file)
1027 struct section *sec;
1028 struct symbol *func;
1029 struct instruction *insn;
1030 int ret, warnings = 0;
1032 list_for_each_entry(sec, &file->elf->sections, list) {
1033 list_for_each_entry(func, &sec->symbol_list, list) {
1034 if (func->type != STT_FUNC)
1037 insn = find_insn(file, sec, func->offset);
1039 WARN("%s(): can't find starting instruction",
1045 ret = validate_branch(file, insn, 0);
1050 list_for_each_entry(sec, &file->elf->sections, list) {
1051 list_for_each_entry(func, &sec->symbol_list, list) {
1052 if (func->type != STT_FUNC)
1055 func_for_each_insn(file, func, insn) {
1059 if (!ignore_unreachable_insn(func, insn) &&
1061 WARN_FUNC("function has unreachable instruction", insn->sec, insn->offset);
1065 insn->visited = true;
1073 static int validate_uncallable_instructions(struct objtool_file *file)
1075 struct instruction *insn;
1078 for_each_insn(file, insn) {
1079 if (!insn->visited && insn->type == INSN_RETURN) {
1080 WARN_FUNC("return instruction outside of a callable function",
1081 insn->sec, insn->offset);
1089 static void cleanup(struct objtool_file *file)
1091 struct instruction *insn, *tmpinsn;
1092 struct alternative *alt, *tmpalt;
1094 list_for_each_entry_safe(insn, tmpinsn, &file->insn_list, list) {
1095 list_for_each_entry_safe(alt, tmpalt, &insn->alts, list) {
1096 list_del(&alt->list);
1099 list_del(&insn->list);
1100 hash_del(&insn->hash);
1103 elf_close(file->elf);
1106 const char * const check_usage[] = {
1107 "objtool check [<options>] file.o",
1111 int cmd_check(int argc, const char **argv)
1113 struct objtool_file file;
1114 int ret, warnings = 0;
1116 const struct option options[] = {
1117 OPT_BOOLEAN('f', "no-fp", &nofp, "Skip frame pointer validation"),
1121 argc = parse_options(argc, argv, options, check_usage, 0);
1124 usage_with_options(check_usage, options);
1128 file.elf = elf_open(objname);
1130 fprintf(stderr, "error reading elf file %s\n", objname);
1134 INIT_LIST_HEAD(&file.insn_list);
1135 hash_init(file.insn_hash);
1137 ret = decode_sections(&file);
1142 ret = validate_functions(&file);
1147 ret = validate_uncallable_instructions(&file);
1155 /* ignore warnings for now until we get all the code cleaned up */
1156 if (ret || warnings)
projects / karo-tx-linux.git / blob