d8c7f0a3cd
Changes in 5.10.20 vmlinux.lds.h: add DWARF v5 sections vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() debugfs: be more robust at handling improper input in debugfs_lookup() debugfs: do not attempt to create a new file before the filesystem is initalized scsi: libsas: docs: Remove notify_ha_event() scsi: qla2xxx: Fix mailbox Ch erroneous error kdb: Make memory allocations more robust w1: w1_therm: Fix conversion result for negative temperatures PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 PCI: Decline to resize resources if boot config must be preserved virt: vbox: Do not use wait_event_interruptible when called from kernel context bfq: Avoid false bfq queue merging ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section vmlinux.lds.h: Define SANTIZER_DISCARDS with CONFIG_GCOV_KERNEL=y random: fix the RNDRESEEDCRNG ioctl ALSA: pcm: Call sync_stop at disconnection ALSA: pcm: Assure sync with the pending stop operation at suspend ALSA: pcm: Don't call sync_stop if it hasn't been stopped drm/i915/gt: One more flush for Baytrail clear residuals ath10k: Fix error handling in case of CE pipe init failure Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function Bluetooth: hci_uart: Fix a race for write_work scheduling Bluetooth: Fix initializing response id after clearing struct arm64: dts: renesas: beacon kit: Fix choppy Bluetooth Audio arm64: dts: renesas: beacon: Fix audio-1.8V pin enable ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 ARM: dts: exynos: correct PMIC interrupt trigger level on Monk ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato ARM: dts: exynos: correct PMIC interrupt trigger level on Spring ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family arm64: dts: exynos: correct PMIC interrupt trigger level on TM2 arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops Bluetooth: hci_qca: Fix memleak in qca_controller_memdump staging: vchiq: Fix bulk userdata handling staging: vchiq: Fix bulk transfers on 64-bit builds arm64: dts: qcom: msm8916-samsung-a5u: Fix iris compatible net: stmmac: dwmac-meson8b: fix enabling the timing-adjustment clock bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args firmware: arm_scmi: Fix call site of scmi_notification_exit arm64: dts: allwinner: A64: properly connect USB PHY to port 0 arm64: dts: allwinner: H6: properly connect USB PHY to port 0 arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card arm64: dts: allwinner: H6: Allow up to 150 MHz MMC bus frequency arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz arm64: dts: qcom: msm8916-samsung-a2015: Fix sensors cpufreq: brcmstb-avs-cpufreq: Free resources in error path cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() arm64: dts: rockchip: rk3328: Add clock_in_out property to gmac2phy node ACPICA: Fix exception code class checks usb: gadget: u_audio: Free requests only after callback arm64: dts: qcom: sdm845-db845c: Fix reset-pin of ov8856 node soc: qcom: socinfo: Fix an off by one in qcom_show_pmic_model() soc: ti: pm33xx: Fix some resource leak in the error handling paths of the probe function staging: media: atomisp: Fix size_t format specifier in hmm_alloc() debug statemenet Bluetooth: drop HCI device reference before return Bluetooth: Put HCI device if inquiry procedure interrupts memory: ti-aemif: Drop child node when jumping out loop ARM: dts: Configure missing thermal interrupt for 4430 usb: dwc2: Do not update data length if it is 0 on inbound transfers usb: dwc2: Abort transaction after errors with unknown reason usb: dwc2: Make "trimming xfer length" a debug message staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules x86/MSR: Filter MSR writes through X86_IOC_WRMSR_REGS ioctl too arm64: dts: renesas: beacon: Fix EEPROM compatible value can: mcp251xfd: mcp251xfd_probe(): fix errata reference ARM: dts: armada388-helios4: assign pinctrl to LEDs ARM: dts: armada388-helios4: assign pinctrl to each fan arm64: dts: armada-3720-turris-mox: rename u-boot mtd partition to a53-firmware opp: Correct debug message in _opp_add_static_v2() Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv soc: qcom: ocmem: don't return NULL in of_get_ocmem arm64: dts: msm8916: Fix reserved and rfsa nodes unit address arm64: dts: meson: fix broken wifi node for Khadas VIM3L iwlwifi: mvm: set enabled in the PPAG command properly ARM: s3c: fix fiq for clang IAS optee: simplify i2c access staging: wfx: fix possible panic with re-queued frames ARM: at91: use proper asm syntax in pm_suspend ath10k: Fix suspicious RCU usage warning in ath10k_wmi_tlv_parse_peer_stats_info() ath10k: Fix lockdep assertion warning in ath10k_sta_statistics ath11k: fix a locking bug in ath11k_mac_op_start() soc: aspeed: snoop: Add clock control logic iwlwifi: mvm: fix the type we use in the PPAG table validity checks iwlwifi: mvm: store PPAG enabled/disabled flag properly iwlwifi: mvm: send stored PPAG command instead of local iwlwifi: mvm: assign SAR table revision to the command later iwlwifi: mvm: don't check if CSA event is running before removing bpf_lru_list: Read double-checked variable once without lock iwlwifi: pnvm: set the PNVM again if it was already loaded iwlwifi: pnvm: increment the pointer before checking the TLV ath9k: fix data bus crash when setting nf_override via debugfs selftests/bpf: Convert test_xdp_redirect.sh to bash ibmvnic: Set to CLOSED state even on error bnxt_en: reverse order of TX disable and carrier off bnxt_en: Fix devlink info's stored fw.psid version format. xen/netback: fix spurious event detection for common event case dpaa2-eth: fix memory leak in XDP_REDIRECT net: phy: consider that suspend2ram may cut off PHY power net/mlx5e: Don't change interrupt moderation params when DIM is enabled net/mlx5e: Change interrupt moderation channel params also when channels are closed net/mlx5: Fix health error state handling net/mlx5e: Replace synchronize_rcu with synchronize_net net/mlx5e: kTLS, Use refcounts to free kTLS RX priv context net/mlx5: Disable devlink reload for multi port slave device net/mlx5: Disallow RoCE on multi port slave device net/mlx5: Disallow RoCE on lag device net/mlx5: Disable devlink reload for lag devices net/mlx5e: CT: manage the lifetime of the ct entry object net/mlx5e: Check tunnel offload is required before setting SWP mac80211: fix potential overflow when multiplying to u32 integers libbpf: Ignore non function pointer member in struct_ops bpf: Fix an unitialized value in bpf_iter bpf, devmap: Use GFP_KERNEL for xdp bulk queue allocation bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx selftests: mptcp: fix ACKRX debug message tcp: fix SO_RCVLOWAT related hangs under mem pressure net: axienet: Handle deferred probe on clock properly cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds b43: N-PHY: Fix the update of coef for the PHY revision >= 3case bpf: Clear subreg_def for global function return values ibmvnic: add memory barrier to protect long term buffer ibmvnic: skip send_request_unmap for timeout reset net: dsa: felix: perform teardown in reverse order of setup net: dsa: felix: don't deinitialize unused ports net: phy: mscc: adding LCPLL reset to VSC8514 net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning net: amd-xgbe: Reset link when the link never comes back net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP net: mvneta: Remove per-cpu queue mapping for Armada 3700 net: enetc: fix destroyed phylink dereference during unbind tty: convert tty_ldisc_ops 'read()' function to take a kernel pointer tty: implement read_iter fbdev: aty: SPARC64 requires FB_ATY_CT drm/gma500: Fix error return code in psb_driver_load() gma500: clean up error handling in init drm/fb-helper: Add missed unlocks in setcmap_legacy() drm/panel: mantix: Tweak init sequence drm/vc4: hdmi: Take into account the clock doubling flag in atomic_check crypto: sun4i-ss - linearize buffers content must be kept crypto: sun4i-ss - fix kmap usage crypto: arm64/aes-ce - really hide slower algos when faster ones are enabled hwrng: ingenic - Fix a resource leak in an error handling path media: allegro: Fix use after free on error kcsan: Rewrite kcsan_prandom_u32_max() without prandom_u32_state() drm: rcar-du: Fix PM reference leak in rcar_cmm_enable() drm: rcar-du: Fix crash when using LVDS1 clock for CRTC drm: rcar-du: Fix the return check of of_parse_phandle and of_find_device_by_node drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition MIPS: c-r4k: Fix section mismatch for loongson2_sc_init MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 drm/virtio: make sure context is created in gem open drm/fourcc: fix Amlogic format modifier masks media: ipu3-cio2: Build only for x86 media: i2c: ov5670: Fix PIXEL_RATE minimum value media: imx: Unregister csc/scaler only if registered media: imx: Fix csc/scaler unregister media: mtk-vcodec: fix error return code in vdec_vp9_decode() media: camss: missing error code in msm_video_register() media: vsp1: Fix an error handling path in the probe function media: em28xx: Fix use-after-free in em28xx_alloc_urbs media: media/pci: Fix memleak in empress_init media: tm6000: Fix memleak in tm6000_start_stream media: aspeed: fix error return code in aspeed_video_setup_video() ASoC: cs42l56: fix up error handling in probe ASoC: qcom: qdsp6: Move frontend AIFs to q6asm-dai evm: Fix memleak in init_desc crypto: bcm - Rename struct device_private to bcm_device_private sched/fair: Avoid stale CPU util_est value for schedutil in task dequeue drm/sun4i: tcon: fix inverted DCLK polarity media: imx7: csi: Fix regression for parallel cameras on i.MX6UL media: imx7: csi: Fix pad link validation media: ti-vpe: cal: fix write to unallocated memory MIPS: properly stop .eh_frame generation MIPS: Compare __SYNC_loongson3_war against 0 drm/tegra: Fix reference leak when pm_runtime_get_sync() fails drm/amdgpu: toggle on DF Cstate after finishing xgmi injection bsg: free the request before return error code macintosh/adb-iop: Use big-endian autopoll mask drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction. drm/amd/display: Fix HDMI deep color output for DCE 6-11. media: software_node: Fix refcounts in software_node_get_next_child() media: lmedm04: Fix misuse of comma media: vidtv: psi: fix missing crc for PMT media: atomisp: Fix a buffer overflow in debug code media: qm1d1c0042: fix error return code in qm1d1c0042_init() media: cx25821: Fix a bug when reallocating some dma memory media: mtk-vcodec: fix argument used when DEBUG is defined media: pxa_camera: declare variable when DEBUG is defined media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values sched/eas: Don't update misfit status if the task is pinned f2fs: compress: fix potential deadlock ASoC: qcom: lpass-cpu: Remove bit clock state check ASoC: SOF: Intel: hda: cancel D0i3 work during runtime suspend perf/arm-cmn: Fix PMU instance naming perf/arm-cmn: Move IRQs when migrating context mtd: parser: imagetag: fix error codes in bcm963xx_parse_imagetag_partitions() crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) crypto: talitos - Fix ctr(aes) on SEC1 drm/nouveau: bail out of nouveau_channel_new if channel init fails mm: proc: Invalidate TLB after clearing soft-dirty page state ata: ahci_brcm: Add back regulators management ASoC: cpcap: fix microphone timeslot mask ASoC: codecs: add missing max_register in regmap config mtd: parsers: afs: Fix freeing the part name memory in failure f2fs: fix to avoid inconsistent quota data drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask() f2fs: fix a wrong condition in __submit_bio ASoC: qcom: Fix typo error in HDMI regmap config callbacks KVM: nSVM: Don't strip host's C-bit from guest's CR3 when reading PDPTRs drm/mediatek: Check if fb is null Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A5E ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A3E locking/lockdep: Avoid unmatched unlock ASoC: qcom: lpass: Fix i2s ctl register bit map ASoC: rt5682: Fix panic in rt5682_jack_detect_handler happening during system shutdown ASoC: SOF: debug: Fix a potential issue on string buffer termination btrfs: clarify error returns values in __load_free_space_cache btrfs: fix double accounting of ordered extent for subpage case in btrfs_invalidapge KVM: x86: Restore all 64 bits of DR6 and DR7 during RSM on x86-64 s390/zcrypt: return EIO when msg retry limit reached drm/vc4: hdmi: Move hdmi reset to bind drm/vc4: hdmi: Fix register offset with longer CEC messages drm/vc4: hdmi: Fix up CEC registers drm/vc4: hdmi: Restore cec physical address on reconnect drm/vc4: hdmi: Compute the CEC clock divider from the clock rate drm/vc4: hdmi: Update the CEC clock divider on HSM rate change drm/lima: fix reference leak in lima_pm_busy drm/dp_mst: Don't cache EDIDs for physical ports hwrng: timeriomem - Fix cooldown period calculation crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() io_uring: fix possible deadlock in io_uring_poll nvmet-tcp: fix receive data digest calculation for multiple h2cdata PDUs nvmet-tcp: fix potential race of tcp socket closing accept_work nvme-multipath: set nr_zones for zoned namespaces nvmet: remove extra variable in identify ns nvmet: set status to 0 in case for invalid nsid ASoC: SOF: sof-pci-dev: add missing Up-Extreme quirk ima: Free IMA measurement buffer on error ima: Free IMA measurement buffer after kexec syscall ASoC: simple-card-utils: Fix device module clock fs/jfs: fix potential integer overflow on shift of a int jffs2: fix use after free in jffs2_sum_write_data() ubifs: Fix memleak in ubifs_init_authentication ubifs: replay: Fix high stack usage, again ubifs: Fix error return code in alloc_wbufs() irqchip/imx: IMX_INTMUX should not default to y, unconditionally smp: Process pending softirqs in flush_smp_call_function_from_idle() drm/amdgpu/display: remove hdcp_srm sysfs on device removal capabilities: Don't allow writing ambiguous v3 file capabilities HSI: Fix PM usage counter unbalance in ssi_hw_init power: supply: cpcap: Add missing IRQF_ONESHOT to fix regression clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL clk: meson: clk-pll: make "ret" a signed integer clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() selftests/powerpc: Make the test check in eeh-basic.sh posix compliant regulator: qcom-rpmh-regulator: add pm8009-1 chip revision arm64: dts: qcom: qrb5165-rb5: fix pm8009 regulators quota: Fix memory leak when handling corrupted quota file i2c: iproc: handle only slave interrupts which are enabled i2c: iproc: update slave isr mask (ISR_MASK_SLAVE) i2c: iproc: handle master read request spi: cadence-quadspi: Abort read if dummy cycles required are too many clk: sunxi-ng: h6: Fix CEC clock clk: renesas: r8a779a0: Remove non-existent S2 clock clk: renesas: r8a779a0: Fix parent of CBFUSA clock HID: core: detect and skip invalid inputs to snto32() RDMA/siw: Fix handling of zero-sized Read and Receive Queues. dmaengine: fsldma: Fix a resource leak in the remove function dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function dmaengine: owl-dma: Fix a resource leak in the remove function dmaengine: hsu: disable spurious interrupt mfd: bd9571mwv: Use devm_mfd_add_devices() power: supply: cpcap-charger: Fix missing power_supply_put() power: supply: cpcap-battery: Fix missing power_supply_put() power: supply: cpcap-charger: Fix power_supply_put on null battery pointer fdt: Properly handle "no-map" field in the memory region of/fdt: Make sure no-map does not remove already reserved regions RDMA/rtrs: Extend ibtrs_cq_qp_create RDMA/rtrs-srv: Release lock before call into close_sess RDMA/rtrs-srv: Use sysfs_remove_file_self for disconnect RDMA/rtrs-clt: Set mininum limit when create QP RDMA/rtrs: Call kobject_put in the failure path RDMA/rtrs-srv: Fix missing wr_cqe RDMA/rtrs-clt: Refactor the failure cases in alloc_clt RDMA/rtrs-srv: Init wr_cnt as 1 power: reset: at91-sama5d2_shdwc: fix wkupdbc mask rtc: s5m: select REGMAP_I2C dmaengine: idxd: set DMA channel to be private power: supply: fix sbs-charger build, needs REGMAP_I2C clocksource/drivers/ixp4xx: Select TIMER_OF when needed clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined spi: imx: Don't print error on -EPROBEDEFER RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex clk: sunxi-ng: h6: Fix clock divider range on some clocks platform/chrome: cros_ec_proto: Use EC_HOST_EVENT_MASK not BIT platform/chrome: cros_ec_proto: Add LID and BATTERY to default mask regulator: axp20x: Fix reference cout leak watch_queue: Drop references to /dev/watch_queue certs: Fix blacklist flag type confusion regulator: s5m8767: Fix reference count leak spi: atmel: Put allocated master before return regulator: s5m8767: Drop regulators OF node reference power: supply: axp20x_usb_power: Init work before enabling IRQs power: supply: smb347-charger: Fix interrupt usage if interrupt is unavailable regulator: core: Avoid debugfs: Directory ... already present! error isofs: release buffer head before return watchdog: intel-mid_wdt: Postpone IRQ handler registration till SCU is ready auxdisplay: ht16k33: Fix refresh rate handling objtool: Fix error handling for STD/CLD warnings objtool: Fix retpoline detection in asm code objtool: Fix ".cold" section suffix check for newer versions of GCC scsi: lpfc: Fix ancient double free iommu: Switch gather->end to the inclusive end IB/umad: Return EIO in case of when device disassociated IB/umad: Return EPOLLERR in case of when device disassociated KVM: PPC: Make the VMX instruction emulation routines static powerpc/47x: Disable 256k page size powerpc/time: Enable sched clock for irqtime mmc: owl-mmc: Fix a resource leak in an error handling path and in the remove function mmc: sdhci-sprd: Fix some resource leaks in the remove function mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores i2c: qcom-geni: Store DMA mapping data in geni_i2c_dev struct amba: Fix resource leak for drivers without .remove iommu: Move iotlb_sync_map out from __iommu_map iommu: Properly pass gfp_t in _iommu_map() to avoid atomic sleeping IB/mlx5: Return appropriate error code instead of ENOMEM IB/cm: Avoid a loop when device has 255 ports tracepoint: Do not fail unregistering a probe due to memory failure rtc: zynqmp: depend on HAS_IOMEM perf tools: Fix DSO filtering when not finding a map for a sampled address perf vendor events arm64: Fix Ampere eMag event typo RDMA/rxe: Fix coding error in rxe_recv.c RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt RDMA/rxe: Correct skb on loopback path spi: stm32: properly handle 0 byte transfer mfd: altera-sysmgr: Fix physical address storing more mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() powerpc/pseries/dlpar: handle ibm, configure-connector delay status powerpc/8xx: Fix software emulation interrupt clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs kunit: tool: fix unit test cleanup handling kselftests: dmabuf-heaps: Fix Makefile's inclusion of the kernel's usr/include dir RDMA/hns: Fixed wrong judgments in the goto branch RDMA/siw: Fix calculation of tx_valid_cpus size RDMA/hns: Fix type of sq_signal_bits RDMA/hns: Disable RQ inline by default clk: divider: fix initialization with parent_hw spi: pxa2xx: Fix the controller numbering for Wildcat Point powerpc/uaccess: Avoid might_fault() when user access is enabled powerpc/kuap: Restore AMR after replaying soft interrupts regulator: qcom-rpmh: fix pm8009 ldo7 clk: aspeed: Fix APLL calculate formula from ast2600-A2 selftests/ftrace: Update synthetic event syntax errors perf symbols: Use (long) for iterator for bfd symbols regulator: bd718x7, bd71828, Fix dvs voltage levels spi: dw: Avoid stack content exposure spi: Skip zero-length transfers in spi_transfer_one_message() printk: avoid prb_first_valid_seq() where possible perf symbols: Fix return value when loading PE DSO nfsd: register pernet ops last, unregister first svcrdma: Hold private mutex while invoking rdma_accept() ceph: fix flush_snap logic after putting caps RDMA/hns: Fixes missing error code of CMDQ RDMA/ucma: Fix use-after-free bug in ucma_create_uevent RDMA/rtrs-srv: Fix stack-out-of-bounds RDMA/rtrs: Only allow addition of path to an already established session RDMA/rtrs-srv: fix memory leak by missing kobject free RDMA/rtrs-srv-sysfs: fix missing put_device RDMA/rtrs-srv: Do not pass a valid pointer to PTR_ERR() Input: sur40 - fix an error code in sur40_probe() perf record: Fix continue profiling after draining the buffer perf intel-pt: Fix missing CYC processing in PSB perf intel-pt: Fix premature IPC perf intel-pt: Fix IPC with CYC threshold perf test: Fix unaligned access in sample parsing test Input: elo - fix an error code in elo_connect() sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set sparc: fix led.c driver when PROC_FS is not enabled Input: zinitix - fix return type of zinitix_init_touch() ARM: 9065/1: OABI compat: fix build when EPOLL is not enabled misc: eeprom_93xx46: Fix module alias to enable module autoprobe phy: rockchip-emmc: emmc_phy_init() always return 0 phy: cadence-torrent: Fix error code in cdns_torrent_phy_probe() misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users PCI: rcar: Always allocate MSI addresses in 32bit space soundwire: cadence: fix ACK/NAK handling pwm: rockchip: Enable APB clock during register access while probing pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() pwm: rockchip: Eliminate potential race condition when probing PCI: xilinx-cpm: Fix reference count leak on error path VMCI: Use set_page_dirty_lock() when unregistering guest memory PCI: Align checking of syscall user config accessors mei: hbm: call mei_set_devstate() on hbm stop response drm/msm: Fix MSM_INFO_GET_IOVA with carveout drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) drm/msm/mdp5: Fix wait-for-commit for cmd panels drm/msm: Fix race of GPU init vs timestamp power management. drm/msm: Fix races managing the OOB state for timestamp vs timestamps. drm/msm/dp: trigger unplug event in msm_dp_display_disable vfio/iommu_type1: Populate full dirty when detach non-pinned group vfio/iommu_type1: Fix some sanity checks in detach group vfio-pci/zdev: fix possible segmentation fault issue ext4: fix potential htree index checksum corruption phy: USB_LGM_PHY should depend on X86 coresight: etm4x: Skip accessing TRCPDCR in save/restore nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of() nvmem: core: skip child nodes not matching binding soundwire: bus: use sdw_update_no_pm when initializing a device soundwire: bus: use sdw_write_no_pm when setting the bus scale registers soundwire: export sdw_write/read_no_pm functions soundwire: bus: fix confusion on device used by pm_runtime misc: fastrpc: fix incorrect usage of dma_map_sgtable remoteproc/mediatek: acknowledge watchdog IRQ after handled regmap: sdw: use _no_pm functions in regmap_read/write ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it mailbox: sprd: correct definition of SPRD_OUTBOX_FIFO_FULL device-dax: Fix default return code of range_parse() PCI: pci-bridge-emul: Fix array overruns, improve safety PCI: cadence: Fix DMA range mapping early return error i40e: Fix flow for IPv6 next header (extension header) i40e: Add zero-initialization of AQ command structures i40e: Fix overwriting flow control settings during driver loading i40e: Fix addition of RX filters after enabling FW LLDP agent i40e: Fix VFs not created Take mmap lock in cacheflush syscall nios2: fixed broken sys_clone syscall i40e: Fix add TC filter for IPv6 octeontx2-af: Fix an off by one in rvu_dbg_qsize_write() pwm: iqs620a: Fix overflow and optimize calculations vfio/type1: Use follow_pte() ice: report correct max number of TCs ice: Account for port VLAN in VF max packet size calculation ice: Fix state bits on LLDP mode switch ice: update the number of available RSS queues net: stmmac: fix CBS idleslope and sendslope calculation net/mlx4_core: Add missed mlx4_free_cmd_mailbox() PCI: rockchip: Make 'ep-gpios' DT property optional vxlan: move debug check after netdev unregister wireguard: device: do not generate ICMP for non-IP packets wireguard: kconfig: use arm chacha even with no neon ocfs2: fix a use after free on error mm: memcontrol: fix NR_ANON_THPS accounting in charge moving mm: memcontrol: fix slub memory accounting mm/memory.c: fix potential pte_unmap_unlock pte error mm/hugetlb: fix potential double free in hugetlb_register_node() error path mm/hugetlb: suppress wrong warning info when alloc gigantic page mm/compaction: fix misbehaviors of fast_find_migrateblock() r8169: fix jumbo packet handling on RTL8168e NFSv4: Fixes for nfs4_bitmask_adjust() KVM: SVM: Intercept INVPCID when it's disabled to inject #UD KVM: x86/mmu: Expand collapsible SPTE zap for TDP MMU to ZONE_DEVICE and HugeTLB pages arm64: Add missing ISB after invalidating TLB in __primary_switch i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition i2c: exynos5: Preserve high speed master code mm,thp,shmem: make khugepaged obey tmpfs mount flags mm: fix memory_failure() handling of dax-namespace metadata mm/rmap: fix potential pte_unmap on an not mapped pte proc: use kvzalloc for our kernel buffer csky: Fix a size determination in gpr_get() scsi: bnx2fc: Fix Kconfig warning & CNIC build errors scsi: sd: sd_zbc: Don't pass GFP_NOIO to kvcalloc block: reopen the device in blkdev_reread_part ide/falconide: Fix module unload scsi: sd: Fix Opal support blk-settings: align max_sectors on "logical_block_size" boundary soundwire: intel: fix possible crash when no device is detected ACPI: property: Fix fwnode string properties matching ACPI: configfs: add missing check after configfs_register_default_group() cpufreq: ACPI: Set cpuinfo.max_freq directly if max boost is known HID: logitech-dj: add support for keyboard events in eQUAD step 4 Gaming HID: wacom: Ignore attempts to overwrite the touch_max value from HID Input: raydium_ts_i2c - do not send zero length Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S Input: joydev - prevent potential read overflow in ioctl Input: i8042 - add ASUS Zenbook Flip to noselftest list media: mceusb: Fix potential out-of-bounds shift USB: serial: option: update interface mapping for ZTE P685M usb: musb: Fix runtime PM race in musb_queue_resume_work usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt USB: serial: ftdi_sio: fix FTX sub-integer prescaler USB: serial: pl2303: fix line-speed handling on newer chips USB: serial: mos7840: fix error code in mos7840_write() USB: serial: mos7720: fix error code in mos7720_write() phy: lantiq: rcu-usb2: wait after clock enable ALSA: fireface: fix to parse sync status register of latter protocol ALSA: hda: Add another CometLake-H PCI ID ALSA: hda/hdmi: Drop bogus check at closing a stream ALSA: hda/realtek: modify EAPD in the ALC886 ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup MIPS: Ingenic: Disable HPTLB for D0 XBurst CPUs too MIPS: Support binutils configured with --enable-mips-fix-loongson3-llsc=yes MIPS: VDSO: Use CLANG_FLAGS instead of filtering out '--target=' Revert "MIPS: Octeon: Remove special handling of CONFIG_MIPS_ELF_APPENDED_DTB=y" Revert "bcache: Kill btree_io_wq" bcache: Give btree_io_wq correct semantics again bcache: Move journal work to new flush wq Revert "drm/amd/display: Update NV1x SR latency values" drm/amd/display: Add FPU wrappers to dcn21_validate_bandwidth() drm/amd/display: Remove Assert from dcn10_get_dig_frontend drm/amd/display: Add vupdate_no_lock interrupts for DCN2.1 drm/amdkfd: Fix recursive lock warnings drm/amdgpu: Set reference clock to 100Mhz on Renoir (v2) drm/nouveau/kms: handle mDP connectors drm/modes: Switch to 64bit maths to avoid integer overflow drm/sched: Cancel and flush all outstanding jobs before finish. drm/panel: kd35t133: allow using non-continuous dsi clock drm/rockchip: Require the YTR modifier for AFBC ASoC: siu: Fix build error by a wrong const prefix selinux: fix inconsistency between inode_getxattr and inode_listsecurity erofs: initialized fields can only be observed after bit is set tpm_tis: Fix check_locality for correct locality acquisition tpm_tis: Clean up locality release KEYS: trusted: Fix incorrect handling of tpm_get_random() KEYS: trusted: Fix migratable=1 failing KEYS: trusted: Reserve TPM for seal and unseal operations btrfs: do not cleanup upper nodes in btrfs_backref_cleanup_node btrfs: do not warn if we can't find the reloc root when looking up backref btrfs: add asserts for deleting backref cache nodes btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root btrfs: fix reloc root leak with 0 ref reloc roots on recovery btrfs: splice remaining dirty_bg's onto the transaction dirty bg list btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself btrfs: account for new extents being deleted in total_bytes_pinned btrfs: fix extent buffer leak on failure to copy root drm/i915/gt: Flush before changing register state drm/i915/gt: Correct surface base address for renderclear crypto: arm64/sha - add missing module aliases crypto: aesni - prevent misaligned buffers on the stack crypto: michael_mic - fix broken misalignment handling crypto: sun4i-ss - checking sg length is not sufficient crypto: sun4i-ss - IV register does not work on A10 and A13 crypto: sun4i-ss - handle BigEndian for cipher crypto: sun4i-ss - initialize need_fallback soc: samsung: exynos-asv: don't defer early on not-supported SoCs soc: samsung: exynos-asv: handle reading revision register error seccomp: Add missing return in non-void function arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) misc: rtsx: init of rts522a add OCP power off when no card is present drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue pstore: Fix typo in compression option name dts64: mt7622: fix slow sd card access arm64: dts: agilex: fix phy interface bit shift for gmac1 and gmac2 staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c staging: gdm724x: Fix DMA from stack staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table floppy: reintroduce O_NDELAY fix media: i2c: max9286: fix access to unallocated memory media: ir_toy: add another IR Droid device media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() media: marvell-ccic: power up the device on mclk enable media: smipcie: fix interrupt handling and IR timeout x86/virt: Eat faults on VMXOFF in reboot flows x86/reboot: Force all cpus to exit VMX root if VMX is supported x86/fault: Fix AMD erratum #91 errata fixup for user code x86/entry: Fix instrumentation annotation powerpc/prom: Fix "ibm,arch-vec-5-platform-support" scan rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers rcu/nocb: Perform deferred wake up before last idle's need_resched() check kprobes: Fix to delay the kprobes jump optimization arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 iommu/arm-smmu-qcom: Fix mask extraction for bootloader programmed SMRs arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing arm64 module: set plt* section addresses to 0x0 arm64: spectre: Prevent lockdep splat on v4 mitigation enable path riscv: Disable KSAN_SANITIZE for vDSO watchdog: qcom: Remove incorrect usage of QCOM_WDT_ENABLE_IRQ watchdog: mei_wdt: request stop on unregister coresight: etm4x: Handle accesses to TRCSTALLCTLR mtd: spi-nor: sfdp: Fix last erase region marking mtd: spi-nor: sfdp: Fix wrong erase type bitmask for overlaid region mtd: spi-nor: core: Fix erase type discovery for overlaid region mtd: spi-nor: core: Add erase size check for erase command initialization mtd: spi-nor: hisi-sfc: Put child node np on error path fs/affs: release old buffer head on error path seq_file: document how per-entry resources are managed. x86: fix seq_file iteration for pat/memtype.c mm: memcontrol: fix swap undercounting in cgroup2 mm: memcontrol: fix get_active_memcg return value hugetlb: fix update_and_free_page contig page struct assumption hugetlb: fix copy_huge_page_from_user contig page struct assumption mm/vmscan: restore zone_reclaim_mode ABI mm, compaction: make fast_isolate_freepages() stay within zone KVM: nSVM: fix running nested guests when npt=0 nvmem: qcom-spmi-sdam: Fix uninitialized pdev pointer module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols mmc: sdhci-esdhc-imx: fix kernel panic when remove module mmc: sdhci-pci-o2micro: Bug fix for SDR104 HW tuning failure powerpc/32: Preserve cr1 in exception prolog stack check to fix build error powerpc/kexec_file: fix FDT size estimation for kdump kernel powerpc/32s: Add missing call to kuep_lock on syscall entry spmi: spmi-pmic-arb: Fix hw_irq overflow mei: fix transfer over dma with extended header mei: me: emmitsburg workstation DID mei: me: add adler lake point S DID mei: me: add adler lake point LP DID gpio: pcf857x: Fix missing first interrupt mfd: gateworks-gsc: Fix interrupt type printk: fix deadlock when kernel panic exfat: fix shift-out-of-bounds in exfat_fill_super() zonefs: Fix file size of zones in full condition kcmp: Support selection of SYS_kcmp without CHECKPOINT_RESTORE thermal: cpufreq_cooling: freq_qos_update_request() returns < 0 on error cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks cpufreq: intel_pstate: Change intel_pstate_get_hwp_max() argument cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available proc: don't allow async path resolution of /proc/thread-self components s390/vtime: fix inline assembly clobber list virtio/s390: implement virtio-ccw revision 2 correctly um: mm: check more comprehensively for stub changes um: defer killing userspace on page table update failures irqchip/loongson-pch-msi: Use bitmap_zalloc() to allocate bitmap f2fs: fix out-of-repair __setattr_copy() f2fs: enforce the immutable flag on open files f2fs: flush data when enabling checkpoint back sparc32: fix a user-triggerable oops in clear_user() spi: fsl: invert spisel_boot signal on MPC8309 spi: spi-synquacer: fix set_cs handling gfs2: fix glock confusion in function signal_our_withdraw gfs2: Don't skip dlm unlock if glock has an lvb gfs2: Lock imbalance on error path in gfs2_recover_one gfs2: Recursive gfs2_quota_hold in gfs2_iomap_end dm: fix deadlock when swapping to encrypted device dm table: fix iterate_devices based device capability checks dm table: fix DAX iterate_devices based device capability checks dm table: fix zoned iterate_devices based device capability checks dm writecache: fix performance degradation in ssd mode dm writecache: return the exact table values that were set dm writecache: fix writing beyond end of underlying device when shrinking dm era: Recover committed writeset after crash dm era: Update in-core bitset after committing the metadata dm era: Verify the data block size hasn't changed dm era: Fix bitset memory leaks dm era: Use correct value size in equality function of writeset tree dm era: Reinitialize bitset cache before digesting a new writeset dm era: only resize metadata in preresume drm/i915: Reject 446-480MHz HDMI clock on GLK kgdb: fix to kill breakpoints on initmem after boot ipv6: silence compilation warning for non-IPV6 builds net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending wireguard: selftests: test multiple parallel streams wireguard: queueing: get rid of per-peer ring buffers net: sched: fix police ext initialization net: qrtr: Fix memory leak in qrtr_tun_open net_sched: fix RTNL deadlock again caused by request_module() ARM: dts: aspeed: Add LCLK to lpc-snoop Linux 5.10.20 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3fbcecd9413ce212dac68d5cc800c9457feba56a
3081 lines
72 KiB
C
3081 lines
72 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* Copyright (C) 2015-2017 Josh Poimboeuf <jpoimboe@redhat.com>
|
|
*/
|
|
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
|
|
#include "builtin.h"
|
|
#include "cfi.h"
|
|
#include "arch.h"
|
|
#include "check.h"
|
|
#include "special.h"
|
|
#include "warn.h"
|
|
#include "arch_elf.h"
|
|
|
|
#include <linux/objtool.h>
|
|
#include <linux/hashtable.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/static_call_types.h>
|
|
|
|
#define FAKE_JUMP_OFFSET -1
|
|
|
|
struct alternative {
|
|
struct list_head list;
|
|
struct instruction *insn;
|
|
bool skip_orig;
|
|
};
|
|
|
|
struct cfi_init_state initial_func_cfi;
|
|
|
|
struct instruction *find_insn(struct objtool_file *file,
|
|
struct section *sec, unsigned long offset)
|
|
{
|
|
struct instruction *insn;
|
|
|
|
hash_for_each_possible(file->insn_hash, insn, hash, sec_offset_hash(sec, offset)) {
|
|
if (insn->sec == sec && insn->offset == offset)
|
|
return insn;
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
static struct instruction *next_insn_same_sec(struct objtool_file *file,
|
|
struct instruction *insn)
|
|
{
|
|
struct instruction *next = list_next_entry(insn, list);
|
|
|
|
if (!next || &next->list == &file->insn_list || next->sec != insn->sec)
|
|
return NULL;
|
|
|
|
return next;
|
|
}
|
|
|
|
static struct instruction *next_insn_same_func(struct objtool_file *file,
|
|
struct instruction *insn)
|
|
{
|
|
struct instruction *next = list_next_entry(insn, list);
|
|
struct symbol *func = insn->func;
|
|
|
|
if (!func)
|
|
return NULL;
|
|
|
|
if (&next->list != &file->insn_list && next->func == func)
|
|
return next;
|
|
|
|
/* Check if we're already in the subfunction: */
|
|
if (func == func->cfunc)
|
|
return NULL;
|
|
|
|
/* Move to the subfunction: */
|
|
return find_insn(file, func->cfunc->sec, func->cfunc->offset);
|
|
}
|
|
|
|
static struct instruction *prev_insn_same_sym(struct objtool_file *file,
|
|
struct instruction *insn)
|
|
{
|
|
struct instruction *prev = list_prev_entry(insn, list);
|
|
|
|
if (&prev->list != &file->insn_list && prev->func == insn->func)
|
|
return prev;
|
|
|
|
return NULL;
|
|
}
|
|
|
|
#define func_for_each_insn(file, func, insn) \
|
|
for (insn = find_insn(file, func->sec, func->offset); \
|
|
insn; \
|
|
insn = next_insn_same_func(file, insn))
|
|
|
|
#define sym_for_each_insn(file, sym, insn) \
|
|
for (insn = find_insn(file, sym->sec, sym->offset); \
|
|
insn && &insn->list != &file->insn_list && \
|
|
insn->sec == sym->sec && \
|
|
insn->offset < sym->offset + sym->len; \
|
|
insn = list_next_entry(insn, list))
|
|
|
|
#define sym_for_each_insn_continue_reverse(file, sym, insn) \
|
|
for (insn = list_prev_entry(insn, list); \
|
|
&insn->list != &file->insn_list && \
|
|
insn->sec == sym->sec && insn->offset >= sym->offset; \
|
|
insn = list_prev_entry(insn, list))
|
|
|
|
#define sec_for_each_insn_from(file, insn) \
|
|
for (; insn; insn = next_insn_same_sec(file, insn))
|
|
|
|
#define sec_for_each_insn_continue(file, insn) \
|
|
for (insn = next_insn_same_sec(file, insn); insn; \
|
|
insn = next_insn_same_sec(file, insn))
|
|
|
|
static bool is_sibling_call(struct instruction *insn)
|
|
{
|
|
/* An indirect jump is either a sibling call or a jump to a table. */
|
|
if (insn->type == INSN_JUMP_DYNAMIC)
|
|
return list_empty(&insn->alts);
|
|
|
|
if (!is_static_jump(insn))
|
|
return false;
|
|
|
|
/* add_jump_destinations() sets insn->call_dest for sibling calls. */
|
|
return !!insn->call_dest;
|
|
}
|
|
|
|
/*
|
|
* This checks to see if the given function is a "noreturn" function.
|
|
*
|
|
* For global functions which are outside the scope of this object file, we
|
|
* have to keep a manual list of them.
|
|
*
|
|
* For local functions, we have to detect them manually by simply looking for
|
|
* the lack of a return instruction.
|
|
*/
|
|
static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
|
|
int recursion)
|
|
{
|
|
int i;
|
|
struct instruction *insn;
|
|
bool empty = true;
|
|
|
|
/*
|
|
* Unfortunately these have to be hard coded because the noreturn
|
|
* attribute isn't provided in ELF data.
|
|
*/
|
|
static const char * const global_noreturns[] = {
|
|
"__stack_chk_fail",
|
|
"panic",
|
|
"do_exit",
|
|
"do_task_dead",
|
|
"__module_put_and_exit",
|
|
"complete_and_exit",
|
|
"__reiserfs_panic",
|
|
"lbug_with_loc",
|
|
"fortify_panic",
|
|
"usercopy_abort",
|
|
"machine_real_restart",
|
|
"rewind_stack_do_exit",
|
|
"kunit_try_catch_throw",
|
|
};
|
|
|
|
if (!func)
|
|
return false;
|
|
|
|
if (func->bind == STB_WEAK)
|
|
return false;
|
|
|
|
if (func->bind == STB_GLOBAL)
|
|
for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
|
|
if (!strcmp(func->name, global_noreturns[i]))
|
|
return true;
|
|
|
|
if (!func->len)
|
|
return false;
|
|
|
|
insn = find_insn(file, func->sec, func->offset);
|
|
if (!insn->func)
|
|
return false;
|
|
|
|
func_for_each_insn(file, func, insn) {
|
|
empty = false;
|
|
|
|
if (insn->type == INSN_RETURN)
|
|
return false;
|
|
}
|
|
|
|
if (empty)
|
|
return false;
|
|
|
|
/*
|
|
* A function can have a sibling call instead of a return. In that
|
|
* case, the function's dead-end status depends on whether the target
|
|
* of the sibling call returns.
|
|
*/
|
|
func_for_each_insn(file, func, insn) {
|
|
if (is_sibling_call(insn)) {
|
|
struct instruction *dest = insn->jump_dest;
|
|
|
|
if (!dest)
|
|
/* sibling call to another file */
|
|
return false;
|
|
|
|
/* local sibling call */
|
|
if (recursion == 5) {
|
|
/*
|
|
* Infinite recursion: two functions have
|
|
* sibling calls to each other. This is a very
|
|
* rare case. It means they aren't dead ends.
|
|
*/
|
|
return false;
|
|
}
|
|
|
|
return __dead_end_function(file, dest->func, recursion+1);
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
static bool dead_end_function(struct objtool_file *file, struct symbol *func)
|
|
{
|
|
return __dead_end_function(file, func, 0);
|
|
}
|
|
|
|
static void init_cfi_state(struct cfi_state *cfi)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < CFI_NUM_REGS; i++) {
|
|
cfi->regs[i].base = CFI_UNDEFINED;
|
|
cfi->vals[i].base = CFI_UNDEFINED;
|
|
}
|
|
cfi->cfa.base = CFI_UNDEFINED;
|
|
cfi->drap_reg = CFI_UNDEFINED;
|
|
cfi->drap_offset = -1;
|
|
}
|
|
|
|
static void init_insn_state(struct insn_state *state, struct section *sec)
|
|
{
|
|
memset(state, 0, sizeof(*state));
|
|
init_cfi_state(&state->cfi);
|
|
|
|
/*
|
|
* We need the full vmlinux for noinstr validation, otherwise we can
|
|
* not correctly determine insn->call_dest->sec (external symbols do
|
|
* not have a section).
|
|
*/
|
|
if (vmlinux && noinstr && sec)
|
|
state->noinstr = sec->noinstr;
|
|
}
|
|
|
|
/*
|
|
* Call the arch-specific instruction decoder for all the instructions and add
|
|
* them to the global instruction list.
|
|
*/
|
|
static int decode_instructions(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct symbol *func;
|
|
unsigned long offset;
|
|
struct instruction *insn;
|
|
unsigned long nr_insns = 0;
|
|
int ret;
|
|
|
|
for_each_sec(file, sec) {
|
|
|
|
if (!(sec->sh.sh_flags & SHF_EXECINSTR))
|
|
continue;
|
|
|
|
if (strcmp(sec->name, ".altinstr_replacement") &&
|
|
strcmp(sec->name, ".altinstr_aux") &&
|
|
strncmp(sec->name, ".discard.", 9))
|
|
sec->text = true;
|
|
|
|
if (!strcmp(sec->name, ".noinstr.text") ||
|
|
!strcmp(sec->name, ".entry.text"))
|
|
sec->noinstr = true;
|
|
|
|
for (offset = 0; offset < sec->len; offset += insn->len) {
|
|
insn = malloc(sizeof(*insn));
|
|
if (!insn) {
|
|
WARN("malloc failed");
|
|
return -1;
|
|
}
|
|
memset(insn, 0, sizeof(*insn));
|
|
INIT_LIST_HEAD(&insn->alts);
|
|
INIT_LIST_HEAD(&insn->stack_ops);
|
|
init_cfi_state(&insn->cfi);
|
|
|
|
insn->sec = sec;
|
|
insn->offset = offset;
|
|
|
|
ret = arch_decode_instruction(file->elf, sec, offset,
|
|
sec->len - offset,
|
|
&insn->len, &insn->type,
|
|
&insn->immediate,
|
|
&insn->stack_ops);
|
|
if (ret)
|
|
goto err;
|
|
|
|
hash_add(file->insn_hash, &insn->hash, sec_offset_hash(sec, insn->offset));
|
|
list_add_tail(&insn->list, &file->insn_list);
|
|
nr_insns++;
|
|
}
|
|
|
|
list_for_each_entry(func, &sec->symbol_list, list) {
|
|
if (func->type != STT_FUNC || func->alias != func)
|
|
continue;
|
|
|
|
if (!find_insn(file, sec, func->offset)) {
|
|
WARN("%s(): can't find starting instruction",
|
|
func->name);
|
|
return -1;
|
|
}
|
|
|
|
sym_for_each_insn(file, func, insn)
|
|
insn->func = func;
|
|
}
|
|
}
|
|
|
|
if (stats)
|
|
printf("nr_insns: %lu\n", nr_insns);
|
|
|
|
return 0;
|
|
|
|
err:
|
|
free(insn);
|
|
return ret;
|
|
}
|
|
|
|
static struct instruction *find_last_insn(struct objtool_file *file,
|
|
struct section *sec)
|
|
{
|
|
struct instruction *insn = NULL;
|
|
unsigned int offset;
|
|
unsigned int end = (sec->len > 10) ? sec->len - 10 : 0;
|
|
|
|
for (offset = sec->len - 1; offset >= end && !insn; offset--)
|
|
insn = find_insn(file, sec, offset);
|
|
|
|
return insn;
|
|
}
|
|
|
|
/*
|
|
* Mark "ud2" instructions and manually annotated dead ends.
|
|
*/
|
|
static int add_dead_ends(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct reloc *reloc;
|
|
struct instruction *insn;
|
|
|
|
/*
|
|
* By default, "ud2" is a dead end unless otherwise annotated, because
|
|
* GCC 7 inserts it for certain divide-by-zero cases.
|
|
*/
|
|
for_each_insn(file, insn)
|
|
if (insn->type == INSN_BUG)
|
|
insn->dead_end = true;
|
|
|
|
/*
|
|
* Check for manually annotated dead ends.
|
|
*/
|
|
sec = find_section_by_name(file->elf, ".rela.discard.unreachable");
|
|
if (!sec)
|
|
goto reachable;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
if (reloc->sym->type != STT_SECTION) {
|
|
WARN("unexpected relocation symbol type in %s", sec->name);
|
|
return -1;
|
|
}
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (insn)
|
|
insn = list_prev_entry(insn, list);
|
|
else if (reloc->addend == reloc->sym->sec->len) {
|
|
insn = find_last_insn(file, reloc->sym->sec);
|
|
if (!insn) {
|
|
WARN("can't find unreachable insn at %s+0x%x",
|
|
reloc->sym->sec->name, reloc->addend);
|
|
return -1;
|
|
}
|
|
} else {
|
|
WARN("can't find unreachable insn at %s+0x%x",
|
|
reloc->sym->sec->name, reloc->addend);
|
|
return -1;
|
|
}
|
|
|
|
insn->dead_end = true;
|
|
}
|
|
|
|
reachable:
|
|
/*
|
|
* These manually annotated reachable checks are needed for GCC 4.4,
|
|
* where the Linux unreachable() macro isn't supported. In that case
|
|
* GCC doesn't know the "ud2" is fatal, so it generates code as if it's
|
|
* not a dead end.
|
|
*/
|
|
sec = find_section_by_name(file->elf, ".rela.discard.reachable");
|
|
if (!sec)
|
|
return 0;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
if (reloc->sym->type != STT_SECTION) {
|
|
WARN("unexpected relocation symbol type in %s", sec->name);
|
|
return -1;
|
|
}
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (insn)
|
|
insn = list_prev_entry(insn, list);
|
|
else if (reloc->addend == reloc->sym->sec->len) {
|
|
insn = find_last_insn(file, reloc->sym->sec);
|
|
if (!insn) {
|
|
WARN("can't find reachable insn at %s+0x%x",
|
|
reloc->sym->sec->name, reloc->addend);
|
|
return -1;
|
|
}
|
|
} else {
|
|
WARN("can't find reachable insn at %s+0x%x",
|
|
reloc->sym->sec->name, reloc->addend);
|
|
return -1;
|
|
}
|
|
|
|
insn->dead_end = false;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int create_static_call_sections(struct objtool_file *file)
|
|
{
|
|
struct section *sec, *reloc_sec;
|
|
struct reloc *reloc;
|
|
struct static_call_site *site;
|
|
struct instruction *insn;
|
|
struct symbol *key_sym;
|
|
char *key_name, *tmp;
|
|
int idx;
|
|
|
|
sec = find_section_by_name(file->elf, ".static_call_sites");
|
|
if (sec) {
|
|
INIT_LIST_HEAD(&file->static_call_list);
|
|
WARN("file already has .static_call_sites section, skipping");
|
|
return 0;
|
|
}
|
|
|
|
if (list_empty(&file->static_call_list))
|
|
return 0;
|
|
|
|
idx = 0;
|
|
list_for_each_entry(insn, &file->static_call_list, static_call_node)
|
|
idx++;
|
|
|
|
sec = elf_create_section(file->elf, ".static_call_sites", SHF_WRITE,
|
|
sizeof(struct static_call_site), idx);
|
|
if (!sec)
|
|
return -1;
|
|
|
|
reloc_sec = elf_create_reloc_section(file->elf, sec, SHT_RELA);
|
|
if (!reloc_sec)
|
|
return -1;
|
|
|
|
idx = 0;
|
|
list_for_each_entry(insn, &file->static_call_list, static_call_node) {
|
|
|
|
site = (struct static_call_site *)sec->data->d_buf + idx;
|
|
memset(site, 0, sizeof(struct static_call_site));
|
|
|
|
/* populate reloc for 'addr' */
|
|
reloc = malloc(sizeof(*reloc));
|
|
|
|
if (!reloc) {
|
|
perror("malloc");
|
|
return -1;
|
|
}
|
|
memset(reloc, 0, sizeof(*reloc));
|
|
|
|
insn_to_reloc_sym_addend(insn->sec, insn->offset, reloc);
|
|
if (!reloc->sym) {
|
|
WARN_FUNC("static call tramp: missing containing symbol",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
reloc->type = R_X86_64_PC32;
|
|
reloc->offset = idx * sizeof(struct static_call_site);
|
|
reloc->sec = reloc_sec;
|
|
elf_add_reloc(file->elf, reloc);
|
|
|
|
/* find key symbol */
|
|
key_name = strdup(insn->call_dest->name);
|
|
if (!key_name) {
|
|
perror("strdup");
|
|
return -1;
|
|
}
|
|
if (strncmp(key_name, STATIC_CALL_TRAMP_PREFIX_STR,
|
|
STATIC_CALL_TRAMP_PREFIX_LEN)) {
|
|
WARN("static_call: trampoline name malformed: %s", key_name);
|
|
return -1;
|
|
}
|
|
tmp = key_name + STATIC_CALL_TRAMP_PREFIX_LEN - STATIC_CALL_KEY_PREFIX_LEN;
|
|
memcpy(tmp, STATIC_CALL_KEY_PREFIX_STR, STATIC_CALL_KEY_PREFIX_LEN);
|
|
|
|
key_sym = find_symbol_by_name(file->elf, tmp);
|
|
if (!key_sym) {
|
|
WARN("static_call: can't find static_call_key symbol: %s", tmp);
|
|
return -1;
|
|
}
|
|
free(key_name);
|
|
|
|
/* populate reloc for 'key' */
|
|
reloc = malloc(sizeof(*reloc));
|
|
if (!reloc) {
|
|
perror("malloc");
|
|
return -1;
|
|
}
|
|
memset(reloc, 0, sizeof(*reloc));
|
|
reloc->sym = key_sym;
|
|
reloc->addend = is_sibling_call(insn) ? STATIC_CALL_SITE_TAIL : 0;
|
|
reloc->type = R_X86_64_PC32;
|
|
reloc->offset = idx * sizeof(struct static_call_site) + 4;
|
|
reloc->sec = reloc_sec;
|
|
elf_add_reloc(file->elf, reloc);
|
|
|
|
idx++;
|
|
}
|
|
|
|
if (elf_rebuild_reloc_section(file->elf, reloc_sec))
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int create_mcount_loc_sections(struct objtool_file *file)
|
|
{
|
|
struct section *sec, *reloc_sec;
|
|
struct reloc *reloc;
|
|
unsigned long *loc;
|
|
struct instruction *insn;
|
|
int idx;
|
|
|
|
sec = find_section_by_name(file->elf, "__mcount_loc");
|
|
if (sec) {
|
|
INIT_LIST_HEAD(&file->mcount_loc_list);
|
|
WARN("file already has __mcount_loc section, skipping");
|
|
return 0;
|
|
}
|
|
|
|
if (list_empty(&file->mcount_loc_list))
|
|
return 0;
|
|
|
|
idx = 0;
|
|
list_for_each_entry(insn, &file->mcount_loc_list, mcount_loc_node)
|
|
idx++;
|
|
|
|
sec = elf_create_section(file->elf, "__mcount_loc", 0, sizeof(unsigned long), idx);
|
|
if (!sec)
|
|
return -1;
|
|
|
|
reloc_sec = elf_create_reloc_section(file->elf, sec, SHT_RELA);
|
|
if (!reloc_sec)
|
|
return -1;
|
|
|
|
idx = 0;
|
|
list_for_each_entry(insn, &file->mcount_loc_list, mcount_loc_node) {
|
|
|
|
loc = (unsigned long *)sec->data->d_buf + idx;
|
|
memset(loc, 0, sizeof(unsigned long));
|
|
|
|
reloc = malloc(sizeof(*reloc));
|
|
if (!reloc) {
|
|
perror("malloc");
|
|
return -1;
|
|
}
|
|
memset(reloc, 0, sizeof(*reloc));
|
|
|
|
if (insn->sec->sym) {
|
|
reloc->sym = insn->sec->sym;
|
|
reloc->addend = insn->offset;
|
|
} else {
|
|
reloc->sym = find_symbol_containing(insn->sec, insn->offset);
|
|
|
|
if (!reloc->sym) {
|
|
WARN("missing symbol for insn at offset 0x%lx\n",
|
|
insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
reloc->addend = insn->offset - reloc->sym->offset;
|
|
}
|
|
|
|
reloc->type = R_X86_64_64;
|
|
reloc->offset = idx * sizeof(unsigned long);
|
|
reloc->sec = reloc_sec;
|
|
elf_add_reloc(file->elf, reloc);
|
|
|
|
idx++;
|
|
}
|
|
|
|
if (elf_rebuild_reloc_section(file->elf, reloc_sec))
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Warnings shouldn't be reported for ignored functions.
|
|
*/
|
|
static void add_ignores(struct objtool_file *file)
|
|
{
|
|
struct instruction *insn;
|
|
struct section *sec;
|
|
struct symbol *func;
|
|
struct reloc *reloc;
|
|
|
|
sec = find_section_by_name(file->elf, ".rela.discard.func_stack_frame_non_standard");
|
|
if (!sec)
|
|
return;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
switch (reloc->sym->type) {
|
|
case STT_FUNC:
|
|
func = reloc->sym;
|
|
break;
|
|
|
|
case STT_SECTION:
|
|
func = find_func_by_offset(reloc->sym->sec, reloc->addend);
|
|
if (!func)
|
|
continue;
|
|
break;
|
|
|
|
default:
|
|
WARN("unexpected relocation symbol type in %s: %d", sec->name, reloc->sym->type);
|
|
continue;
|
|
}
|
|
|
|
func_for_each_insn(file, func, insn)
|
|
insn->ignore = true;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* This is a whitelist of functions that is allowed to be called with AC set.
|
|
* The list is meant to be minimal and only contains compiler instrumentation
|
|
* ABI and a few functions used to implement *_{to,from}_user() functions.
|
|
*
|
|
* These functions must not directly change AC, but may PUSHF/POPF.
|
|
*/
|
|
static const char *uaccess_safe_builtin[] = {
|
|
/* KASAN */
|
|
"kasan_report",
|
|
"kasan_check_range",
|
|
/* KASAN out-of-line */
|
|
"__asan_loadN_noabort",
|
|
"__asan_load1_noabort",
|
|
"__asan_load2_noabort",
|
|
"__asan_load4_noabort",
|
|
"__asan_load8_noabort",
|
|
"__asan_load16_noabort",
|
|
"__asan_storeN_noabort",
|
|
"__asan_store1_noabort",
|
|
"__asan_store2_noabort",
|
|
"__asan_store4_noabort",
|
|
"__asan_store8_noabort",
|
|
"__asan_store16_noabort",
|
|
"__kasan_check_read",
|
|
"__kasan_check_write",
|
|
/* KASAN in-line */
|
|
"__asan_report_load_n_noabort",
|
|
"__asan_report_load1_noabort",
|
|
"__asan_report_load2_noabort",
|
|
"__asan_report_load4_noabort",
|
|
"__asan_report_load8_noabort",
|
|
"__asan_report_load16_noabort",
|
|
"__asan_report_store_n_noabort",
|
|
"__asan_report_store1_noabort",
|
|
"__asan_report_store2_noabort",
|
|
"__asan_report_store4_noabort",
|
|
"__asan_report_store8_noabort",
|
|
"__asan_report_store16_noabort",
|
|
/* KCSAN */
|
|
"__kcsan_check_access",
|
|
"kcsan_found_watchpoint",
|
|
"kcsan_setup_watchpoint",
|
|
"kcsan_check_scoped_accesses",
|
|
"kcsan_disable_current",
|
|
"kcsan_enable_current_nowarn",
|
|
/* KCSAN/TSAN */
|
|
"__tsan_func_entry",
|
|
"__tsan_func_exit",
|
|
"__tsan_read_range",
|
|
"__tsan_write_range",
|
|
"__tsan_read1",
|
|
"__tsan_read2",
|
|
"__tsan_read4",
|
|
"__tsan_read8",
|
|
"__tsan_read16",
|
|
"__tsan_write1",
|
|
"__tsan_write2",
|
|
"__tsan_write4",
|
|
"__tsan_write8",
|
|
"__tsan_write16",
|
|
"__tsan_read_write1",
|
|
"__tsan_read_write2",
|
|
"__tsan_read_write4",
|
|
"__tsan_read_write8",
|
|
"__tsan_read_write16",
|
|
"__tsan_atomic8_load",
|
|
"__tsan_atomic16_load",
|
|
"__tsan_atomic32_load",
|
|
"__tsan_atomic64_load",
|
|
"__tsan_atomic8_store",
|
|
"__tsan_atomic16_store",
|
|
"__tsan_atomic32_store",
|
|
"__tsan_atomic64_store",
|
|
"__tsan_atomic8_exchange",
|
|
"__tsan_atomic16_exchange",
|
|
"__tsan_atomic32_exchange",
|
|
"__tsan_atomic64_exchange",
|
|
"__tsan_atomic8_fetch_add",
|
|
"__tsan_atomic16_fetch_add",
|
|
"__tsan_atomic32_fetch_add",
|
|
"__tsan_atomic64_fetch_add",
|
|
"__tsan_atomic8_fetch_sub",
|
|
"__tsan_atomic16_fetch_sub",
|
|
"__tsan_atomic32_fetch_sub",
|
|
"__tsan_atomic64_fetch_sub",
|
|
"__tsan_atomic8_fetch_and",
|
|
"__tsan_atomic16_fetch_and",
|
|
"__tsan_atomic32_fetch_and",
|
|
"__tsan_atomic64_fetch_and",
|
|
"__tsan_atomic8_fetch_or",
|
|
"__tsan_atomic16_fetch_or",
|
|
"__tsan_atomic32_fetch_or",
|
|
"__tsan_atomic64_fetch_or",
|
|
"__tsan_atomic8_fetch_xor",
|
|
"__tsan_atomic16_fetch_xor",
|
|
"__tsan_atomic32_fetch_xor",
|
|
"__tsan_atomic64_fetch_xor",
|
|
"__tsan_atomic8_fetch_nand",
|
|
"__tsan_atomic16_fetch_nand",
|
|
"__tsan_atomic32_fetch_nand",
|
|
"__tsan_atomic64_fetch_nand",
|
|
"__tsan_atomic8_compare_exchange_strong",
|
|
"__tsan_atomic16_compare_exchange_strong",
|
|
"__tsan_atomic32_compare_exchange_strong",
|
|
"__tsan_atomic64_compare_exchange_strong",
|
|
"__tsan_atomic8_compare_exchange_weak",
|
|
"__tsan_atomic16_compare_exchange_weak",
|
|
"__tsan_atomic32_compare_exchange_weak",
|
|
"__tsan_atomic64_compare_exchange_weak",
|
|
"__tsan_atomic8_compare_exchange_val",
|
|
"__tsan_atomic16_compare_exchange_val",
|
|
"__tsan_atomic32_compare_exchange_val",
|
|
"__tsan_atomic64_compare_exchange_val",
|
|
"__tsan_atomic_thread_fence",
|
|
"__tsan_atomic_signal_fence",
|
|
/* KCOV */
|
|
"write_comp_data",
|
|
"check_kcov_mode",
|
|
"__sanitizer_cov_trace_pc",
|
|
"__sanitizer_cov_trace_const_cmp1",
|
|
"__sanitizer_cov_trace_const_cmp2",
|
|
"__sanitizer_cov_trace_const_cmp4",
|
|
"__sanitizer_cov_trace_const_cmp8",
|
|
"__sanitizer_cov_trace_cmp1",
|
|
"__sanitizer_cov_trace_cmp2",
|
|
"__sanitizer_cov_trace_cmp4",
|
|
"__sanitizer_cov_trace_cmp8",
|
|
"__sanitizer_cov_trace_switch",
|
|
/* UBSAN */
|
|
"ubsan_type_mismatch_common",
|
|
"__ubsan_handle_type_mismatch",
|
|
"__ubsan_handle_type_mismatch_v1",
|
|
"__ubsan_handle_shift_out_of_bounds",
|
|
/* misc */
|
|
"csum_partial_copy_generic",
|
|
"copy_mc_fragile",
|
|
"copy_mc_fragile_handle_tail",
|
|
"copy_mc_enhanced_fast_string",
|
|
"ftrace_likely_update", /* CONFIG_TRACE_BRANCH_PROFILING */
|
|
NULL
|
|
};
|
|
|
|
static void add_uaccess_safe(struct objtool_file *file)
|
|
{
|
|
struct symbol *func;
|
|
const char **name;
|
|
|
|
if (!uaccess)
|
|
return;
|
|
|
|
for (name = uaccess_safe_builtin; *name; name++) {
|
|
func = find_symbol_by_name(file->elf, *name);
|
|
if (!func)
|
|
continue;
|
|
|
|
func->uaccess_safe = true;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* FIXME: For now, just ignore any alternatives which add retpolines. This is
|
|
* a temporary hack, as it doesn't allow ORC to unwind from inside a retpoline.
|
|
* But it at least allows objtool to understand the control flow *around* the
|
|
* retpoline.
|
|
*/
|
|
static int add_ignore_alternatives(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct reloc *reloc;
|
|
struct instruction *insn;
|
|
|
|
sec = find_section_by_name(file->elf, ".rela.discard.ignore_alts");
|
|
if (!sec)
|
|
return 0;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
if (reloc->sym->type != STT_SECTION) {
|
|
WARN("unexpected relocation symbol type in %s", sec->name);
|
|
return -1;
|
|
}
|
|
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (!insn) {
|
|
WARN("bad .discard.ignore_alts entry");
|
|
return -1;
|
|
}
|
|
|
|
insn->ignore_alts = true;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* CONFIG_CFI_CLANG: Check if the section is a CFI jump table or a
|
|
* compiler-generated CFI handler.
|
|
*/
|
|
static bool is_cfi_section(struct section *sec)
|
|
{
|
|
return (sec->name &&
|
|
(!strncmp(sec->name, ".text..L.cfi.jumptable", 22) ||
|
|
!strcmp(sec->name, ".text.__cfi_check")));
|
|
}
|
|
|
|
/*
|
|
* CONFIG_CFI_CLANG: Ignore CFI jump tables.
|
|
*/
|
|
static void add_cfi_jumptables(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct symbol *func;
|
|
struct instruction *insn;
|
|
|
|
for_each_sec(file, sec) {
|
|
if (!is_cfi_section(sec))
|
|
continue;
|
|
|
|
list_for_each_entry(func, &sec->symbol_list, list) {
|
|
sym_for_each_insn(file, func, insn)
|
|
insn->ignore = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Find the destination instructions for all jumps.
|
|
*/
|
|
static int add_jump_destinations(struct objtool_file *file)
|
|
{
|
|
struct instruction *insn;
|
|
struct reloc *reloc;
|
|
struct section *dest_sec;
|
|
unsigned long dest_off;
|
|
|
|
for_each_insn(file, insn) {
|
|
if (!is_static_jump(insn))
|
|
continue;
|
|
|
|
if (insn->offset == FAKE_JUMP_OFFSET)
|
|
continue;
|
|
|
|
reloc = find_reloc_by_dest_range(file->elf, insn->sec,
|
|
insn->offset, insn->len);
|
|
if (!reloc) {
|
|
dest_sec = insn->sec;
|
|
dest_off = arch_jump_destination(insn);
|
|
} else if (reloc->sym->type == STT_SECTION) {
|
|
dest_sec = reloc->sym->sec;
|
|
dest_off = arch_dest_reloc_offset(reloc->addend);
|
|
} else if (reloc->sym->sec->idx) {
|
|
dest_sec = reloc->sym->sec;
|
|
dest_off = reloc->sym->sym.st_value +
|
|
arch_dest_reloc_offset(reloc->addend);
|
|
} else if (!strncmp(reloc->sym->name, "__x86_indirect_thunk_", 21) ||
|
|
!strncmp(reloc->sym->name, "__x86_retpoline_", 16)) {
|
|
/*
|
|
* Retpoline jumps are really dynamic jumps in
|
|
* disguise, so convert them accordingly.
|
|
*/
|
|
if (insn->type == INSN_JUMP_UNCONDITIONAL)
|
|
insn->type = INSN_JUMP_DYNAMIC;
|
|
else
|
|
insn->type = INSN_JUMP_DYNAMIC_CONDITIONAL;
|
|
|
|
insn->retpoline_safe = true;
|
|
continue;
|
|
} else {
|
|
/* external sibling call */
|
|
insn->call_dest = reloc->sym;
|
|
if (insn->call_dest->static_call_tramp) {
|
|
list_add_tail(&insn->static_call_node,
|
|
&file->static_call_list);
|
|
}
|
|
continue;
|
|
}
|
|
|
|
insn->jump_dest = find_insn(file, dest_sec, dest_off);
|
|
|
|
if (!insn->jump_dest && dest_sec->len == dest_off)
|
|
insn->jump_dest = find_last_insn(file, dest_sec);
|
|
|
|
if (!insn->jump_dest) {
|
|
|
|
/*
|
|
* This is a special case where an alt instruction
|
|
* jumps past the end of the section. These are
|
|
* handled later in handle_group_alt().
|
|
*/
|
|
if (!strcmp(insn->sec->name, ".altinstr_replacement"))
|
|
continue;
|
|
|
|
if (is_cfi_section(insn->sec))
|
|
continue;
|
|
|
|
WARN_FUNC("can't find jump dest instruction at %s+0x%lx",
|
|
insn->sec, insn->offset, dest_sec->name,
|
|
dest_off);
|
|
return -1;
|
|
}
|
|
|
|
/*
|
|
* Cross-function jump.
|
|
*/
|
|
if (insn->func && insn->jump_dest->func &&
|
|
insn->func != insn->jump_dest->func) {
|
|
|
|
/*
|
|
* For GCC 8+, create parent/child links for any cold
|
|
* subfunctions. This is _mostly_ redundant with a
|
|
* similar initialization in read_symbols().
|
|
*
|
|
* If a function has aliases, we want the *first* such
|
|
* function in the symbol table to be the subfunction's
|
|
* parent. In that case we overwrite the
|
|
* initialization done in read_symbols().
|
|
*
|
|
* However this code can't completely replace the
|
|
* read_symbols() code because this doesn't detect the
|
|
* case where the parent function's only reference to a
|
|
* subfunction is through a jump table.
|
|
*/
|
|
if (!strstr(insn->func->name, ".cold") &&
|
|
strstr(insn->jump_dest->func->name, ".cold")) {
|
|
insn->func->cfunc = insn->jump_dest->func;
|
|
insn->jump_dest->func->pfunc = insn->func;
|
|
|
|
} else if (insn->jump_dest->func->pfunc != insn->func->pfunc &&
|
|
insn->jump_dest->offset == insn->jump_dest->func->offset) {
|
|
|
|
/* internal sibling call */
|
|
insn->call_dest = insn->jump_dest->func;
|
|
if (insn->call_dest->static_call_tramp) {
|
|
list_add_tail(&insn->static_call_node,
|
|
&file->static_call_list);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void remove_insn_ops(struct instruction *insn)
|
|
{
|
|
struct stack_op *op, *tmp;
|
|
|
|
list_for_each_entry_safe(op, tmp, &insn->stack_ops, list) {
|
|
list_del(&op->list);
|
|
free(op);
|
|
}
|
|
}
|
|
|
|
static struct symbol *find_call_destination(struct section *sec, unsigned long offset)
|
|
{
|
|
struct symbol *call_dest;
|
|
|
|
call_dest = find_func_by_offset(sec, offset);
|
|
if (!call_dest)
|
|
call_dest = find_symbol_by_offset(sec, offset);
|
|
|
|
return call_dest;
|
|
}
|
|
|
|
/*
|
|
* Find the destination instructions for all calls.
|
|
*/
|
|
static int add_call_destinations(struct objtool_file *file)
|
|
{
|
|
struct instruction *insn;
|
|
unsigned long dest_off;
|
|
struct reloc *reloc;
|
|
|
|
for_each_insn(file, insn) {
|
|
if (insn->type != INSN_CALL)
|
|
continue;
|
|
|
|
reloc = find_reloc_by_dest_range(file->elf, insn->sec,
|
|
insn->offset, insn->len);
|
|
if (!reloc) {
|
|
dest_off = arch_jump_destination(insn);
|
|
insn->call_dest = find_call_destination(insn->sec, dest_off);
|
|
|
|
if (insn->ignore)
|
|
continue;
|
|
|
|
if (!insn->call_dest) {
|
|
WARN_FUNC("unannotated intra-function call", insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
if (insn->func && insn->call_dest->type != STT_FUNC) {
|
|
WARN_FUNC("unsupported call to non-function",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
} else if (reloc->sym->type == STT_SECTION) {
|
|
dest_off = arch_dest_reloc_offset(reloc->addend);
|
|
insn->call_dest = find_call_destination(reloc->sym->sec,
|
|
dest_off);
|
|
if (!insn->call_dest) {
|
|
if (is_cfi_section(reloc->sym->sec))
|
|
continue;
|
|
|
|
WARN_FUNC("can't find call dest symbol at %s+0x%lx",
|
|
insn->sec, insn->offset,
|
|
reloc->sym->sec->name,
|
|
dest_off);
|
|
return -1;
|
|
}
|
|
} else
|
|
insn->call_dest = reloc->sym;
|
|
|
|
/*
|
|
* Many compilers cannot disable KCOV with a function attribute
|
|
* so they need a little help, NOP out any KCOV calls from noinstr
|
|
* text.
|
|
*/
|
|
if (insn->sec->noinstr &&
|
|
!strncmp(insn->call_dest->name, "__sanitizer_cov_", 16)) {
|
|
if (reloc) {
|
|
reloc->type = R_NONE;
|
|
elf_write_reloc(file->elf, reloc);
|
|
}
|
|
|
|
elf_write_insn(file->elf, insn->sec,
|
|
insn->offset, insn->len,
|
|
arch_nop_insn(insn->len));
|
|
insn->type = INSN_NOP;
|
|
}
|
|
|
|
if (mcount && !strcmp(insn->call_dest->name, "__fentry__")) {
|
|
if (reloc) {
|
|
reloc->type = R_NONE;
|
|
elf_write_reloc(file->elf, reloc);
|
|
}
|
|
|
|
elf_write_insn(file->elf, insn->sec,
|
|
insn->offset, insn->len,
|
|
arch_nop_insn(insn->len));
|
|
|
|
insn->type = INSN_NOP;
|
|
|
|
list_add_tail(&insn->mcount_loc_node,
|
|
&file->mcount_loc_list);
|
|
}
|
|
|
|
/*
|
|
* Whatever stack impact regular CALLs have, should be undone
|
|
* by the RETURN of the called function.
|
|
*
|
|
* Annotated intra-function calls retain the stack_ops but
|
|
* are converted to JUMP, see read_intra_function_calls().
|
|
*/
|
|
remove_insn_ops(insn);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* The .alternatives section requires some extra special care, over and above
|
|
* what other special sections require:
|
|
*
|
|
* 1. Because alternatives are patched in-place, we need to insert a fake jump
|
|
* instruction at the end so that validate_branch() skips all the original
|
|
* replaced instructions when validating the new instruction path.
|
|
*
|
|
* 2. An added wrinkle is that the new instruction length might be zero. In
|
|
* that case the old instructions are replaced with noops. We simulate that
|
|
* by creating a fake jump as the only new instruction.
|
|
*
|
|
* 3. In some cases, the alternative section includes an instruction which
|
|
* conditionally jumps to the _end_ of the entry. We have to modify these
|
|
* jumps' destinations to point back to .text rather than the end of the
|
|
* entry in .altinstr_replacement.
|
|
*/
|
|
static int handle_group_alt(struct objtool_file *file,
|
|
struct special_alt *special_alt,
|
|
struct instruction *orig_insn,
|
|
struct instruction **new_insn)
|
|
{
|
|
static unsigned int alt_group_next_index = 1;
|
|
struct instruction *last_orig_insn, *last_new_insn, *insn, *fake_jump = NULL;
|
|
unsigned int alt_group = alt_group_next_index++;
|
|
unsigned long dest_off;
|
|
|
|
last_orig_insn = NULL;
|
|
insn = orig_insn;
|
|
sec_for_each_insn_from(file, insn) {
|
|
if (insn->offset >= special_alt->orig_off + special_alt->orig_len)
|
|
break;
|
|
|
|
insn->alt_group = alt_group;
|
|
last_orig_insn = insn;
|
|
}
|
|
|
|
if (next_insn_same_sec(file, last_orig_insn)) {
|
|
fake_jump = malloc(sizeof(*fake_jump));
|
|
if (!fake_jump) {
|
|
WARN("malloc failed");
|
|
return -1;
|
|
}
|
|
memset(fake_jump, 0, sizeof(*fake_jump));
|
|
INIT_LIST_HEAD(&fake_jump->alts);
|
|
INIT_LIST_HEAD(&fake_jump->stack_ops);
|
|
init_cfi_state(&fake_jump->cfi);
|
|
|
|
fake_jump->sec = special_alt->new_sec;
|
|
fake_jump->offset = FAKE_JUMP_OFFSET;
|
|
fake_jump->type = INSN_JUMP_UNCONDITIONAL;
|
|
fake_jump->jump_dest = list_next_entry(last_orig_insn, list);
|
|
fake_jump->func = orig_insn->func;
|
|
}
|
|
|
|
if (!special_alt->new_len) {
|
|
if (!fake_jump) {
|
|
WARN("%s: empty alternative at end of section",
|
|
special_alt->orig_sec->name);
|
|
return -1;
|
|
}
|
|
|
|
*new_insn = fake_jump;
|
|
return 0;
|
|
}
|
|
|
|
last_new_insn = NULL;
|
|
alt_group = alt_group_next_index++;
|
|
insn = *new_insn;
|
|
sec_for_each_insn_from(file, insn) {
|
|
struct reloc *alt_reloc;
|
|
|
|
if (insn->offset >= special_alt->new_off + special_alt->new_len)
|
|
break;
|
|
|
|
last_new_insn = insn;
|
|
|
|
insn->ignore = orig_insn->ignore_alts;
|
|
insn->func = orig_insn->func;
|
|
insn->alt_group = alt_group;
|
|
|
|
/*
|
|
* Since alternative replacement code is copy/pasted by the
|
|
* kernel after applying relocations, generally such code can't
|
|
* have relative-address relocation references to outside the
|
|
* .altinstr_replacement section, unless the arch's
|
|
* alternatives code can adjust the relative offsets
|
|
* accordingly.
|
|
*/
|
|
alt_reloc = find_reloc_by_dest_range(file->elf, insn->sec,
|
|
insn->offset, insn->len);
|
|
if (alt_reloc &&
|
|
!arch_support_alt_relocation(special_alt, insn, alt_reloc)) {
|
|
|
|
WARN_FUNC("unsupported relocation in alternatives section",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
if (!is_static_jump(insn))
|
|
continue;
|
|
|
|
if (!insn->immediate)
|
|
continue;
|
|
|
|
dest_off = arch_jump_destination(insn);
|
|
if (dest_off == special_alt->new_off + special_alt->new_len) {
|
|
if (!fake_jump) {
|
|
WARN("%s: alternative jump to end of section",
|
|
special_alt->orig_sec->name);
|
|
return -1;
|
|
}
|
|
insn->jump_dest = fake_jump;
|
|
}
|
|
|
|
if (!insn->jump_dest) {
|
|
WARN_FUNC("can't find alternative jump destination",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (!last_new_insn) {
|
|
WARN_FUNC("can't find last new alternative instruction",
|
|
special_alt->new_sec, special_alt->new_off);
|
|
return -1;
|
|
}
|
|
|
|
if (fake_jump)
|
|
list_add(&fake_jump->list, &last_new_insn->list);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* A jump table entry can either convert a nop to a jump or a jump to a nop.
|
|
* If the original instruction is a jump, make the alt entry an effective nop
|
|
* by just skipping the original instruction.
|
|
*/
|
|
static int handle_jump_alt(struct objtool_file *file,
|
|
struct special_alt *special_alt,
|
|
struct instruction *orig_insn,
|
|
struct instruction **new_insn)
|
|
{
|
|
if (orig_insn->type == INSN_NOP)
|
|
return 0;
|
|
|
|
if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) {
|
|
WARN_FUNC("unsupported instruction at jump label",
|
|
orig_insn->sec, orig_insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
*new_insn = list_next_entry(orig_insn, list);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Read all the special sections which have alternate instructions which can be
|
|
* patched in or redirected to at runtime. Each instruction having alternate
|
|
* instruction(s) has them added to its insn->alts list, which will be
|
|
* traversed in validate_branch().
|
|
*/
|
|
static int add_special_section_alts(struct objtool_file *file)
|
|
{
|
|
struct list_head special_alts;
|
|
struct instruction *orig_insn, *new_insn;
|
|
struct special_alt *special_alt, *tmp;
|
|
struct alternative *alt;
|
|
int ret;
|
|
|
|
ret = special_get_alts(file->elf, &special_alts);
|
|
if (ret)
|
|
return ret;
|
|
|
|
list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
|
|
|
|
orig_insn = find_insn(file, special_alt->orig_sec,
|
|
special_alt->orig_off);
|
|
if (!orig_insn) {
|
|
WARN_FUNC("special: can't find orig instruction",
|
|
special_alt->orig_sec, special_alt->orig_off);
|
|
ret = -1;
|
|
goto out;
|
|
}
|
|
|
|
new_insn = NULL;
|
|
if (!special_alt->group || special_alt->new_len) {
|
|
new_insn = find_insn(file, special_alt->new_sec,
|
|
special_alt->new_off);
|
|
if (!new_insn) {
|
|
WARN_FUNC("special: can't find new instruction",
|
|
special_alt->new_sec,
|
|
special_alt->new_off);
|
|
ret = -1;
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
if (special_alt->group) {
|
|
if (!special_alt->orig_len) {
|
|
WARN_FUNC("empty alternative entry",
|
|
orig_insn->sec, orig_insn->offset);
|
|
continue;
|
|
}
|
|
|
|
ret = handle_group_alt(file, special_alt, orig_insn,
|
|
&new_insn);
|
|
if (ret)
|
|
goto out;
|
|
} else if (special_alt->jump_or_nop) {
|
|
ret = handle_jump_alt(file, special_alt, orig_insn,
|
|
&new_insn);
|
|
if (ret)
|
|
goto out;
|
|
}
|
|
|
|
alt = malloc(sizeof(*alt));
|
|
if (!alt) {
|
|
WARN("malloc failed");
|
|
ret = -1;
|
|
goto out;
|
|
}
|
|
|
|
alt->insn = new_insn;
|
|
alt->skip_orig = special_alt->skip_orig;
|
|
orig_insn->ignore_alts |= special_alt->skip_alt;
|
|
list_add_tail(&alt->list, &orig_insn->alts);
|
|
|
|
list_del(&special_alt->list);
|
|
free(special_alt);
|
|
}
|
|
|
|
out:
|
|
return ret;
|
|
}
|
|
|
|
static int add_jump_table(struct objtool_file *file, struct instruction *insn,
|
|
struct reloc *table)
|
|
{
|
|
struct reloc *reloc = table;
|
|
struct instruction *dest_insn;
|
|
struct alternative *alt;
|
|
struct symbol *pfunc = insn->func->pfunc;
|
|
unsigned int prev_offset = 0;
|
|
|
|
/*
|
|
* Each @reloc is a switch table relocation which points to the target
|
|
* instruction.
|
|
*/
|
|
list_for_each_entry_from(reloc, &table->sec->reloc_list, list) {
|
|
|
|
/* Check for the end of the table: */
|
|
if (reloc != table && reloc->jump_table_start)
|
|
break;
|
|
|
|
/* Make sure the table entries are consecutive: */
|
|
if (prev_offset && reloc->offset != prev_offset + 8)
|
|
break;
|
|
|
|
/* Detect function pointers from contiguous objects: */
|
|
if (reloc->sym->sec == pfunc->sec &&
|
|
reloc->addend == pfunc->offset)
|
|
break;
|
|
|
|
dest_insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (!dest_insn)
|
|
break;
|
|
|
|
/* Make sure the destination is in the same function: */
|
|
if (!dest_insn->func || dest_insn->func->pfunc != pfunc)
|
|
break;
|
|
|
|
alt = malloc(sizeof(*alt));
|
|
if (!alt) {
|
|
WARN("malloc failed");
|
|
return -1;
|
|
}
|
|
|
|
alt->insn = dest_insn;
|
|
list_add_tail(&alt->list, &insn->alts);
|
|
prev_offset = reloc->offset;
|
|
}
|
|
|
|
if (!prev_offset) {
|
|
WARN_FUNC("can't find switch jump table",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* find_jump_table() - Given a dynamic jump, find the switch jump table
|
|
* associated with it.
|
|
*/
|
|
static struct reloc *find_jump_table(struct objtool_file *file,
|
|
struct symbol *func,
|
|
struct instruction *insn)
|
|
{
|
|
struct reloc *table_reloc;
|
|
struct instruction *dest_insn, *orig_insn = insn;
|
|
|
|
/*
|
|
* Backward search using the @first_jump_src links, these help avoid
|
|
* much of the 'in between' code. Which avoids us getting confused by
|
|
* it.
|
|
*/
|
|
for (;
|
|
insn && insn->func && insn->func->pfunc == func;
|
|
insn = insn->first_jump_src ?: prev_insn_same_sym(file, insn)) {
|
|
|
|
if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC)
|
|
break;
|
|
|
|
/* allow small jumps within the range */
|
|
if (insn->type == INSN_JUMP_UNCONDITIONAL &&
|
|
insn->jump_dest &&
|
|
(insn->jump_dest->offset <= insn->offset ||
|
|
insn->jump_dest->offset > orig_insn->offset))
|
|
break;
|
|
|
|
table_reloc = arch_find_switch_table(file, insn);
|
|
if (!table_reloc)
|
|
continue;
|
|
dest_insn = find_insn(file, table_reloc->sym->sec, table_reloc->addend);
|
|
if (!dest_insn || !dest_insn->func || dest_insn->func->pfunc != func)
|
|
continue;
|
|
|
|
return table_reloc;
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* First pass: Mark the head of each jump table so that in the next pass,
|
|
* we know when a given jump table ends and the next one starts.
|
|
*/
|
|
static void mark_func_jump_tables(struct objtool_file *file,
|
|
struct symbol *func)
|
|
{
|
|
struct instruction *insn, *last = NULL;
|
|
struct reloc *reloc;
|
|
|
|
func_for_each_insn(file, func, insn) {
|
|
if (!last)
|
|
last = insn;
|
|
|
|
/*
|
|
* Store back-pointers for unconditional forward jumps such
|
|
* that find_jump_table() can back-track using those and
|
|
* avoid some potentially confusing code.
|
|
*/
|
|
if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->jump_dest &&
|
|
insn->offset > last->offset &&
|
|
insn->jump_dest->offset > insn->offset &&
|
|
!insn->jump_dest->first_jump_src) {
|
|
|
|
insn->jump_dest->first_jump_src = insn;
|
|
last = insn->jump_dest;
|
|
}
|
|
|
|
if (insn->type != INSN_JUMP_DYNAMIC)
|
|
continue;
|
|
|
|
reloc = find_jump_table(file, func, insn);
|
|
if (reloc) {
|
|
reloc->jump_table_start = true;
|
|
insn->jump_table = reloc;
|
|
}
|
|
}
|
|
}
|
|
|
|
static int add_func_jump_tables(struct objtool_file *file,
|
|
struct symbol *func)
|
|
{
|
|
struct instruction *insn;
|
|
int ret;
|
|
|
|
func_for_each_insn(file, func, insn) {
|
|
if (!insn->jump_table)
|
|
continue;
|
|
|
|
ret = add_jump_table(file, insn, insn->jump_table);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* For some switch statements, gcc generates a jump table in the .rodata
|
|
* section which contains a list of addresses within the function to jump to.
|
|
* This finds these jump tables and adds them to the insn->alts lists.
|
|
*/
|
|
static int add_jump_table_alts(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct symbol *func;
|
|
int ret;
|
|
|
|
if (!file->rodata)
|
|
return 0;
|
|
|
|
for_each_sec(file, sec) {
|
|
list_for_each_entry(func, &sec->symbol_list, list) {
|
|
if (func->type != STT_FUNC)
|
|
continue;
|
|
|
|
mark_func_jump_tables(file, func);
|
|
ret = add_func_jump_tables(file, func);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int read_unwind_hints(struct objtool_file *file)
|
|
{
|
|
struct section *sec, *relocsec;
|
|
struct reloc *reloc;
|
|
struct unwind_hint *hint;
|
|
struct instruction *insn;
|
|
struct cfi_reg *cfa;
|
|
int i;
|
|
|
|
sec = find_section_by_name(file->elf, ".discard.unwind_hints");
|
|
if (!sec)
|
|
return 0;
|
|
|
|
relocsec = sec->reloc;
|
|
if (!relocsec) {
|
|
WARN("missing .rela.discard.unwind_hints section");
|
|
return -1;
|
|
}
|
|
|
|
if (sec->len % sizeof(struct unwind_hint)) {
|
|
WARN("struct unwind_hint size mismatch");
|
|
return -1;
|
|
}
|
|
|
|
file->hints = true;
|
|
|
|
for (i = 0; i < sec->len / sizeof(struct unwind_hint); i++) {
|
|
hint = (struct unwind_hint *)sec->data->d_buf + i;
|
|
|
|
reloc = find_reloc_by_dest(file->elf, sec, i * sizeof(*hint));
|
|
if (!reloc) {
|
|
WARN("can't find reloc for unwind_hints[%d]", i);
|
|
return -1;
|
|
}
|
|
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (!insn) {
|
|
WARN("can't find insn for unwind_hints[%d]", i);
|
|
return -1;
|
|
}
|
|
|
|
cfa = &insn->cfi.cfa;
|
|
|
|
if (hint->type == UNWIND_HINT_TYPE_RET_OFFSET) {
|
|
insn->ret_offset = hint->sp_offset;
|
|
continue;
|
|
}
|
|
|
|
insn->hint = true;
|
|
|
|
if (arch_decode_hint_reg(insn, hint->sp_reg)) {
|
|
WARN_FUNC("unsupported unwind_hint sp base reg %d",
|
|
insn->sec, insn->offset, hint->sp_reg);
|
|
return -1;
|
|
}
|
|
|
|
cfa->offset = hint->sp_offset;
|
|
insn->cfi.type = hint->type;
|
|
insn->cfi.end = hint->end;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int read_retpoline_hints(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct instruction *insn;
|
|
struct reloc *reloc;
|
|
|
|
sec = find_section_by_name(file->elf, ".rela.discard.retpoline_safe");
|
|
if (!sec)
|
|
return 0;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
if (reloc->sym->type != STT_SECTION) {
|
|
WARN("unexpected relocation symbol type in %s", sec->name);
|
|
return -1;
|
|
}
|
|
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (!insn) {
|
|
WARN("bad .discard.retpoline_safe entry");
|
|
return -1;
|
|
}
|
|
|
|
if (insn->type != INSN_JUMP_DYNAMIC &&
|
|
insn->type != INSN_CALL_DYNAMIC) {
|
|
WARN_FUNC("retpoline_safe hint not an indirect jump/call",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
insn->retpoline_safe = true;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int read_instr_hints(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct instruction *insn;
|
|
struct reloc *reloc;
|
|
|
|
sec = find_section_by_name(file->elf, ".rela.discard.instr_end");
|
|
if (!sec)
|
|
return 0;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
if (reloc->sym->type != STT_SECTION) {
|
|
WARN("unexpected relocation symbol type in %s", sec->name);
|
|
return -1;
|
|
}
|
|
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (!insn) {
|
|
WARN("bad .discard.instr_end entry");
|
|
return -1;
|
|
}
|
|
|
|
insn->instr--;
|
|
}
|
|
|
|
sec = find_section_by_name(file->elf, ".rela.discard.instr_begin");
|
|
if (!sec)
|
|
return 0;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
if (reloc->sym->type != STT_SECTION) {
|
|
WARN("unexpected relocation symbol type in %s", sec->name);
|
|
return -1;
|
|
}
|
|
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (!insn) {
|
|
WARN("bad .discard.instr_begin entry");
|
|
return -1;
|
|
}
|
|
|
|
insn->instr++;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int read_intra_function_calls(struct objtool_file *file)
|
|
{
|
|
struct instruction *insn;
|
|
struct section *sec;
|
|
struct reloc *reloc;
|
|
|
|
sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls");
|
|
if (!sec)
|
|
return 0;
|
|
|
|
list_for_each_entry(reloc, &sec->reloc_list, list) {
|
|
unsigned long dest_off;
|
|
|
|
if (reloc->sym->type != STT_SECTION) {
|
|
WARN("unexpected relocation symbol type in %s",
|
|
sec->name);
|
|
return -1;
|
|
}
|
|
|
|
insn = find_insn(file, reloc->sym->sec, reloc->addend);
|
|
if (!insn) {
|
|
WARN("bad .discard.intra_function_call entry");
|
|
return -1;
|
|
}
|
|
|
|
if (insn->type != INSN_CALL) {
|
|
WARN_FUNC("intra_function_call not a direct call",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
/*
|
|
* Treat intra-function CALLs as JMPs, but with a stack_op.
|
|
* See add_call_destinations(), which strips stack_ops from
|
|
* normal CALLs.
|
|
*/
|
|
insn->type = INSN_JUMP_UNCONDITIONAL;
|
|
|
|
dest_off = insn->offset + insn->len + insn->immediate;
|
|
insn->jump_dest = find_insn(file, insn->sec, dest_off);
|
|
if (!insn->jump_dest) {
|
|
WARN_FUNC("can't find call dest at %s+0x%lx",
|
|
insn->sec, insn->offset,
|
|
insn->sec->name, dest_off);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int read_static_call_tramps(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
struct symbol *func;
|
|
|
|
for_each_sec(file, sec) {
|
|
list_for_each_entry(func, &sec->symbol_list, list) {
|
|
if (func->bind == STB_GLOBAL &&
|
|
!strncmp(func->name, STATIC_CALL_TRAMP_PREFIX_STR,
|
|
strlen(STATIC_CALL_TRAMP_PREFIX_STR)))
|
|
func->static_call_tramp = true;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void mark_rodata(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
bool found = false;
|
|
|
|
/*
|
|
* Search for the following rodata sections, each of which can
|
|
* potentially contain jump tables:
|
|
*
|
|
* - .rodata: can contain GCC switch tables
|
|
* - .rodata.<func>: same, if -fdata-sections is being used
|
|
* - .rodata..c_jump_table: contains C annotated jump tables
|
|
*
|
|
* .rodata.str1.* sections are ignored; they don't contain jump tables.
|
|
*/
|
|
for_each_sec(file, sec) {
|
|
if (!strncmp(sec->name, ".rodata", 7) &&
|
|
!strstr(sec->name, ".str1.")) {
|
|
sec->rodata = true;
|
|
found = true;
|
|
}
|
|
}
|
|
|
|
file->rodata = found;
|
|
}
|
|
|
|
static int decode_sections(struct objtool_file *file)
|
|
{
|
|
int ret;
|
|
|
|
mark_rodata(file);
|
|
|
|
ret = decode_instructions(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = add_dead_ends(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
add_ignores(file);
|
|
add_uaccess_safe(file);
|
|
add_cfi_jumptables(file);
|
|
|
|
ret = add_ignore_alternatives(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = read_static_call_tramps(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = add_jump_destinations(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = add_special_section_alts(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = read_intra_function_calls(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = add_call_destinations(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = add_jump_table_alts(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = read_unwind_hints(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = read_retpoline_hints(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = read_instr_hints(file);
|
|
if (ret)
|
|
return ret;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static bool is_fentry_call(struct instruction *insn)
|
|
{
|
|
if (insn->type == INSN_CALL && insn->call_dest &&
|
|
insn->call_dest->type == STT_NOTYPE &&
|
|
!strcmp(insn->call_dest->name, "__fentry__"))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
static bool has_modified_stack_frame(struct instruction *insn, struct insn_state *state)
|
|
{
|
|
u8 ret_offset = insn->ret_offset;
|
|
struct cfi_state *cfi = &state->cfi;
|
|
int i;
|
|
|
|
if (cfi->cfa.base != initial_func_cfi.cfa.base || cfi->drap)
|
|
return true;
|
|
|
|
if (cfi->cfa.offset != initial_func_cfi.cfa.offset + ret_offset)
|
|
return true;
|
|
|
|
if (cfi->stack_size != initial_func_cfi.cfa.offset + ret_offset)
|
|
return true;
|
|
|
|
/*
|
|
* If there is a ret offset hint then don't check registers
|
|
* because a callee-saved register might have been pushed on
|
|
* the stack.
|
|
*/
|
|
if (ret_offset)
|
|
return false;
|
|
|
|
for (i = 0; i < CFI_NUM_REGS; i++) {
|
|
if (cfi->regs[i].base != initial_func_cfi.regs[i].base ||
|
|
cfi->regs[i].offset != initial_func_cfi.regs[i].offset)
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
static bool has_valid_stack_frame(struct insn_state *state)
|
|
{
|
|
struct cfi_state *cfi = &state->cfi;
|
|
|
|
if (cfi->cfa.base == CFI_BP && cfi->regs[CFI_BP].base == CFI_CFA &&
|
|
cfi->regs[CFI_BP].offset == -16)
|
|
return true;
|
|
|
|
if (cfi->drap && cfi->regs[CFI_BP].base == CFI_BP)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
static int update_cfi_state_regs(struct instruction *insn,
|
|
struct cfi_state *cfi,
|
|
struct stack_op *op)
|
|
{
|
|
struct cfi_reg *cfa = &cfi->cfa;
|
|
|
|
if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT)
|
|
return 0;
|
|
|
|
/* push */
|
|
if (op->dest.type == OP_DEST_PUSH || op->dest.type == OP_DEST_PUSHF)
|
|
cfa->offset += 8;
|
|
|
|
/* pop */
|
|
if (op->src.type == OP_SRC_POP || op->src.type == OP_SRC_POPF)
|
|
cfa->offset -= 8;
|
|
|
|
/* add immediate to sp */
|
|
if (op->dest.type == OP_DEST_REG && op->src.type == OP_SRC_ADD &&
|
|
op->dest.reg == CFI_SP && op->src.reg == CFI_SP)
|
|
cfa->offset -= op->src.offset;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void save_reg(struct cfi_state *cfi, unsigned char reg, int base, int offset)
|
|
{
|
|
if (arch_callee_saved_reg(reg) &&
|
|
cfi->regs[reg].base == CFI_UNDEFINED) {
|
|
cfi->regs[reg].base = base;
|
|
cfi->regs[reg].offset = offset;
|
|
}
|
|
}
|
|
|
|
static void restore_reg(struct cfi_state *cfi, unsigned char reg)
|
|
{
|
|
cfi->regs[reg].base = initial_func_cfi.regs[reg].base;
|
|
cfi->regs[reg].offset = initial_func_cfi.regs[reg].offset;
|
|
}
|
|
|
|
/*
|
|
* A note about DRAP stack alignment:
|
|
*
|
|
* GCC has the concept of a DRAP register, which is used to help keep track of
|
|
* the stack pointer when aligning the stack. r10 or r13 is used as the DRAP
|
|
* register. The typical DRAP pattern is:
|
|
*
|
|
* 4c 8d 54 24 08 lea 0x8(%rsp),%r10
|
|
* 48 83 e4 c0 and $0xffffffffffffffc0,%rsp
|
|
* 41 ff 72 f8 pushq -0x8(%r10)
|
|
* 55 push %rbp
|
|
* 48 89 e5 mov %rsp,%rbp
|
|
* (more pushes)
|
|
* 41 52 push %r10
|
|
* ...
|
|
* 41 5a pop %r10
|
|
* (more pops)
|
|
* 5d pop %rbp
|
|
* 49 8d 62 f8 lea -0x8(%r10),%rsp
|
|
* c3 retq
|
|
*
|
|
* There are some variations in the epilogues, like:
|
|
*
|
|
* 5b pop %rbx
|
|
* 41 5a pop %r10
|
|
* 41 5c pop %r12
|
|
* 41 5d pop %r13
|
|
* 41 5e pop %r14
|
|
* c9 leaveq
|
|
* 49 8d 62 f8 lea -0x8(%r10),%rsp
|
|
* c3 retq
|
|
*
|
|
* and:
|
|
*
|
|
* 4c 8b 55 e8 mov -0x18(%rbp),%r10
|
|
* 48 8b 5d e0 mov -0x20(%rbp),%rbx
|
|
* 4c 8b 65 f0 mov -0x10(%rbp),%r12
|
|
* 4c 8b 6d f8 mov -0x8(%rbp),%r13
|
|
* c9 leaveq
|
|
* 49 8d 62 f8 lea -0x8(%r10),%rsp
|
|
* c3 retq
|
|
*
|
|
* Sometimes r13 is used as the DRAP register, in which case it's saved and
|
|
* restored beforehand:
|
|
*
|
|
* 41 55 push %r13
|
|
* 4c 8d 6c 24 10 lea 0x10(%rsp),%r13
|
|
* 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
|
|
* ...
|
|
* 49 8d 65 f0 lea -0x10(%r13),%rsp
|
|
* 41 5d pop %r13
|
|
* c3 retq
|
|
*/
|
|
static int update_cfi_state(struct instruction *insn, struct cfi_state *cfi,
|
|
struct stack_op *op)
|
|
{
|
|
struct cfi_reg *cfa = &cfi->cfa;
|
|
struct cfi_reg *regs = cfi->regs;
|
|
|
|
/* stack operations don't make sense with an undefined CFA */
|
|
if (cfa->base == CFI_UNDEFINED) {
|
|
if (insn->func) {
|
|
WARN_FUNC("undefined stack state", insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
if (cfi->type == UNWIND_HINT_TYPE_REGS ||
|
|
cfi->type == UNWIND_HINT_TYPE_REGS_PARTIAL)
|
|
return update_cfi_state_regs(insn, cfi, op);
|
|
|
|
switch (op->dest.type) {
|
|
|
|
case OP_DEST_REG:
|
|
switch (op->src.type) {
|
|
|
|
case OP_SRC_REG:
|
|
if (op->src.reg == CFI_SP && op->dest.reg == CFI_BP &&
|
|
cfa->base == CFI_SP &&
|
|
regs[CFI_BP].base == CFI_CFA &&
|
|
regs[CFI_BP].offset == -cfa->offset) {
|
|
|
|
/* mov %rsp, %rbp */
|
|
cfa->base = op->dest.reg;
|
|
cfi->bp_scratch = false;
|
|
}
|
|
|
|
else if (op->src.reg == CFI_SP &&
|
|
op->dest.reg == CFI_BP && cfi->drap) {
|
|
|
|
/* drap: mov %rsp, %rbp */
|
|
regs[CFI_BP].base = CFI_BP;
|
|
regs[CFI_BP].offset = -cfi->stack_size;
|
|
cfi->bp_scratch = false;
|
|
}
|
|
|
|
else if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
|
|
|
|
/*
|
|
* mov %rsp, %reg
|
|
*
|
|
* This is needed for the rare case where GCC
|
|
* does:
|
|
*
|
|
* mov %rsp, %rax
|
|
* ...
|
|
* mov %rax, %rsp
|
|
*/
|
|
cfi->vals[op->dest.reg].base = CFI_CFA;
|
|
cfi->vals[op->dest.reg].offset = -cfi->stack_size;
|
|
}
|
|
|
|
else if (op->src.reg == CFI_BP && op->dest.reg == CFI_SP &&
|
|
cfa->base == CFI_BP) {
|
|
|
|
/*
|
|
* mov %rbp, %rsp
|
|
*
|
|
* Restore the original stack pointer (Clang).
|
|
*/
|
|
cfi->stack_size = -cfi->regs[CFI_BP].offset;
|
|
}
|
|
|
|
else if (op->dest.reg == cfa->base) {
|
|
|
|
/* mov %reg, %rsp */
|
|
if (cfa->base == CFI_SP &&
|
|
cfi->vals[op->src.reg].base == CFI_CFA) {
|
|
|
|
/*
|
|
* This is needed for the rare case
|
|
* where GCC does something dumb like:
|
|
*
|
|
* lea 0x8(%rsp), %rcx
|
|
* ...
|
|
* mov %rcx, %rsp
|
|
*/
|
|
cfa->offset = -cfi->vals[op->src.reg].offset;
|
|
cfi->stack_size = cfa->offset;
|
|
|
|
} else {
|
|
cfa->base = CFI_UNDEFINED;
|
|
cfa->offset = 0;
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
case OP_SRC_ADD:
|
|
if (op->dest.reg == CFI_SP && op->src.reg == CFI_SP) {
|
|
|
|
/* add imm, %rsp */
|
|
cfi->stack_size -= op->src.offset;
|
|
if (cfa->base == CFI_SP)
|
|
cfa->offset -= op->src.offset;
|
|
break;
|
|
}
|
|
|
|
if (op->dest.reg == CFI_SP && op->src.reg == CFI_BP) {
|
|
|
|
/* lea disp(%rbp), %rsp */
|
|
cfi->stack_size = -(op->src.offset + regs[CFI_BP].offset);
|
|
break;
|
|
}
|
|
|
|
if (op->src.reg == CFI_SP && cfa->base == CFI_SP) {
|
|
|
|
/* drap: lea disp(%rsp), %drap */
|
|
cfi->drap_reg = op->dest.reg;
|
|
|
|
/*
|
|
* lea disp(%rsp), %reg
|
|
*
|
|
* This is needed for the rare case where GCC
|
|
* does something dumb like:
|
|
*
|
|
* lea 0x8(%rsp), %rcx
|
|
* ...
|
|
* mov %rcx, %rsp
|
|
*/
|
|
cfi->vals[op->dest.reg].base = CFI_CFA;
|
|
cfi->vals[op->dest.reg].offset = \
|
|
-cfi->stack_size + op->src.offset;
|
|
|
|
break;
|
|
}
|
|
|
|
if (cfi->drap && op->dest.reg == CFI_SP &&
|
|
op->src.reg == cfi->drap_reg) {
|
|
|
|
/* drap: lea disp(%drap), %rsp */
|
|
cfa->base = CFI_SP;
|
|
cfa->offset = cfi->stack_size = -op->src.offset;
|
|
cfi->drap_reg = CFI_UNDEFINED;
|
|
cfi->drap = false;
|
|
break;
|
|
}
|
|
|
|
if (op->dest.reg == cfi->cfa.base) {
|
|
WARN_FUNC("unsupported stack register modification",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
break;
|
|
|
|
case OP_SRC_AND:
|
|
if (op->dest.reg != CFI_SP ||
|
|
(cfi->drap_reg != CFI_UNDEFINED && cfa->base != CFI_SP) ||
|
|
(cfi->drap_reg == CFI_UNDEFINED && cfa->base != CFI_BP)) {
|
|
WARN_FUNC("unsupported stack pointer realignment",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
if (cfi->drap_reg != CFI_UNDEFINED) {
|
|
/* drap: and imm, %rsp */
|
|
cfa->base = cfi->drap_reg;
|
|
cfa->offset = cfi->stack_size = 0;
|
|
cfi->drap = true;
|
|
}
|
|
|
|
/*
|
|
* Older versions of GCC (4.8ish) realign the stack
|
|
* without DRAP, with a frame pointer.
|
|
*/
|
|
|
|
break;
|
|
|
|
case OP_SRC_POP:
|
|
case OP_SRC_POPF:
|
|
if (!cfi->drap && op->dest.reg == cfa->base) {
|
|
|
|
/* pop %rbp */
|
|
cfa->base = CFI_SP;
|
|
}
|
|
|
|
if (cfi->drap && cfa->base == CFI_BP_INDIRECT &&
|
|
op->dest.reg == cfi->drap_reg &&
|
|
cfi->drap_offset == -cfi->stack_size) {
|
|
|
|
/* drap: pop %drap */
|
|
cfa->base = cfi->drap_reg;
|
|
cfa->offset = 0;
|
|
cfi->drap_offset = -1;
|
|
|
|
} else if (regs[op->dest.reg].offset == -cfi->stack_size) {
|
|
|
|
/* pop %reg */
|
|
restore_reg(cfi, op->dest.reg);
|
|
}
|
|
|
|
cfi->stack_size -= 8;
|
|
if (cfa->base == CFI_SP)
|
|
cfa->offset -= 8;
|
|
|
|
break;
|
|
|
|
case OP_SRC_REG_INDIRECT:
|
|
if (cfi->drap && op->src.reg == CFI_BP &&
|
|
op->src.offset == cfi->drap_offset) {
|
|
|
|
/* drap: mov disp(%rbp), %drap */
|
|
cfa->base = cfi->drap_reg;
|
|
cfa->offset = 0;
|
|
cfi->drap_offset = -1;
|
|
}
|
|
|
|
if (cfi->drap && op->src.reg == CFI_BP &&
|
|
op->src.offset == regs[op->dest.reg].offset) {
|
|
|
|
/* drap: mov disp(%rbp), %reg */
|
|
restore_reg(cfi, op->dest.reg);
|
|
|
|
} else if (op->src.reg == cfa->base &&
|
|
op->src.offset == regs[op->dest.reg].offset + cfa->offset) {
|
|
|
|
/* mov disp(%rbp), %reg */
|
|
/* mov disp(%rsp), %reg */
|
|
restore_reg(cfi, op->dest.reg);
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
WARN_FUNC("unknown stack-related instruction",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
break;
|
|
|
|
case OP_DEST_PUSH:
|
|
case OP_DEST_PUSHF:
|
|
cfi->stack_size += 8;
|
|
if (cfa->base == CFI_SP)
|
|
cfa->offset += 8;
|
|
|
|
if (op->src.type != OP_SRC_REG)
|
|
break;
|
|
|
|
if (cfi->drap) {
|
|
if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
|
|
|
|
/* drap: push %drap */
|
|
cfa->base = CFI_BP_INDIRECT;
|
|
cfa->offset = -cfi->stack_size;
|
|
|
|
/* save drap so we know when to restore it */
|
|
cfi->drap_offset = -cfi->stack_size;
|
|
|
|
} else if (op->src.reg == CFI_BP && cfa->base == cfi->drap_reg) {
|
|
|
|
/* drap: push %rbp */
|
|
cfi->stack_size = 0;
|
|
|
|
} else {
|
|
|
|
/* drap: push %reg */
|
|
save_reg(cfi, op->src.reg, CFI_BP, -cfi->stack_size);
|
|
}
|
|
|
|
} else {
|
|
|
|
/* push %reg */
|
|
save_reg(cfi, op->src.reg, CFI_CFA, -cfi->stack_size);
|
|
}
|
|
|
|
/* detect when asm code uses rbp as a scratch register */
|
|
if (!no_fp && insn->func && op->src.reg == CFI_BP &&
|
|
cfa->base != CFI_BP)
|
|
cfi->bp_scratch = true;
|
|
break;
|
|
|
|
case OP_DEST_REG_INDIRECT:
|
|
|
|
if (cfi->drap) {
|
|
if (op->src.reg == cfa->base && op->src.reg == cfi->drap_reg) {
|
|
|
|
/* drap: mov %drap, disp(%rbp) */
|
|
cfa->base = CFI_BP_INDIRECT;
|
|
cfa->offset = op->dest.offset;
|
|
|
|
/* save drap offset so we know when to restore it */
|
|
cfi->drap_offset = op->dest.offset;
|
|
} else {
|
|
|
|
/* drap: mov reg, disp(%rbp) */
|
|
save_reg(cfi, op->src.reg, CFI_BP, op->dest.offset);
|
|
}
|
|
|
|
} else if (op->dest.reg == cfa->base) {
|
|
|
|
/* mov reg, disp(%rbp) */
|
|
/* mov reg, disp(%rsp) */
|
|
save_reg(cfi, op->src.reg, CFI_CFA,
|
|
op->dest.offset - cfi->cfa.offset);
|
|
}
|
|
|
|
break;
|
|
|
|
case OP_DEST_LEAVE:
|
|
if ((!cfi->drap && cfa->base != CFI_BP) ||
|
|
(cfi->drap && cfa->base != cfi->drap_reg)) {
|
|
WARN_FUNC("leave instruction with modified stack frame",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
/* leave (mov %rbp, %rsp; pop %rbp) */
|
|
|
|
cfi->stack_size = -cfi->regs[CFI_BP].offset - 8;
|
|
restore_reg(cfi, CFI_BP);
|
|
|
|
if (!cfi->drap) {
|
|
cfa->base = CFI_SP;
|
|
cfa->offset -= 8;
|
|
}
|
|
|
|
break;
|
|
|
|
case OP_DEST_MEM:
|
|
if (op->src.type != OP_SRC_POP && op->src.type != OP_SRC_POPF) {
|
|
WARN_FUNC("unknown stack-related memory operation",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
/* pop mem */
|
|
cfi->stack_size -= 8;
|
|
if (cfa->base == CFI_SP)
|
|
cfa->offset -= 8;
|
|
|
|
break;
|
|
|
|
default:
|
|
WARN_FUNC("unknown stack-related instruction",
|
|
insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int handle_insn_ops(struct instruction *insn, struct insn_state *state)
|
|
{
|
|
struct stack_op *op;
|
|
|
|
list_for_each_entry(op, &insn->stack_ops, list) {
|
|
struct cfi_state old_cfi = state->cfi;
|
|
int res;
|
|
|
|
res = update_cfi_state(insn, &state->cfi, op);
|
|
if (res)
|
|
return res;
|
|
|
|
if (insn->alt_group && memcmp(&state->cfi, &old_cfi, sizeof(struct cfi_state))) {
|
|
WARN_FUNC("alternative modifies stack", insn->sec, insn->offset);
|
|
return -1;
|
|
}
|
|
|
|
if (op->dest.type == OP_DEST_PUSHF) {
|
|
if (!state->uaccess_stack) {
|
|
state->uaccess_stack = 1;
|
|
} else if (state->uaccess_stack >> 31) {
|
|
WARN_FUNC("PUSHF stack exhausted",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
state->uaccess_stack <<= 1;
|
|
state->uaccess_stack |= state->uaccess;
|
|
}
|
|
|
|
if (op->src.type == OP_SRC_POPF) {
|
|
if (state->uaccess_stack) {
|
|
state->uaccess = state->uaccess_stack & 1;
|
|
state->uaccess_stack >>= 1;
|
|
if (state->uaccess_stack == 1)
|
|
state->uaccess_stack = 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static bool insn_cfi_match(struct instruction *insn, struct cfi_state *cfi2)
|
|
{
|
|
struct cfi_state *cfi1 = &insn->cfi;
|
|
int i;
|
|
|
|
if (memcmp(&cfi1->cfa, &cfi2->cfa, sizeof(cfi1->cfa))) {
|
|
|
|
WARN_FUNC("stack state mismatch: cfa1=%d%+d cfa2=%d%+d",
|
|
insn->sec, insn->offset,
|
|
cfi1->cfa.base, cfi1->cfa.offset,
|
|
cfi2->cfa.base, cfi2->cfa.offset);
|
|
|
|
} else if (memcmp(&cfi1->regs, &cfi2->regs, sizeof(cfi1->regs))) {
|
|
for (i = 0; i < CFI_NUM_REGS; i++) {
|
|
if (!memcmp(&cfi1->regs[i], &cfi2->regs[i],
|
|
sizeof(struct cfi_reg)))
|
|
continue;
|
|
|
|
WARN_FUNC("stack state mismatch: reg1[%d]=%d%+d reg2[%d]=%d%+d",
|
|
insn->sec, insn->offset,
|
|
i, cfi1->regs[i].base, cfi1->regs[i].offset,
|
|
i, cfi2->regs[i].base, cfi2->regs[i].offset);
|
|
break;
|
|
}
|
|
|
|
} else if (cfi1->type != cfi2->type) {
|
|
|
|
WARN_FUNC("stack state mismatch: type1=%d type2=%d",
|
|
insn->sec, insn->offset, cfi1->type, cfi2->type);
|
|
|
|
} else if (cfi1->drap != cfi2->drap ||
|
|
(cfi1->drap && cfi1->drap_reg != cfi2->drap_reg) ||
|
|
(cfi1->drap && cfi1->drap_offset != cfi2->drap_offset)) {
|
|
|
|
WARN_FUNC("stack state mismatch: drap1=%d(%d,%d) drap2=%d(%d,%d)",
|
|
insn->sec, insn->offset,
|
|
cfi1->drap, cfi1->drap_reg, cfi1->drap_offset,
|
|
cfi2->drap, cfi2->drap_reg, cfi2->drap_offset);
|
|
|
|
} else
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
static inline bool func_uaccess_safe(struct symbol *func)
|
|
{
|
|
if (func)
|
|
return func->uaccess_safe;
|
|
|
|
return false;
|
|
}
|
|
|
|
static inline const char *call_dest_name(struct instruction *insn)
|
|
{
|
|
if (insn->call_dest)
|
|
return insn->call_dest->name;
|
|
|
|
return "{dynamic}";
|
|
}
|
|
|
|
static inline bool noinstr_call_dest(struct symbol *func)
|
|
{
|
|
/*
|
|
* We can't deal with indirect function calls at present;
|
|
* assume they're instrumented.
|
|
*/
|
|
if (!func)
|
|
return false;
|
|
|
|
/*
|
|
* If the symbol is from a noinstr section; we good.
|
|
*/
|
|
if (func->sec->noinstr)
|
|
return true;
|
|
|
|
/*
|
|
* The __ubsan_handle_*() calls are like WARN(), they only happen when
|
|
* something 'BAD' happened. At the risk of taking the machine down,
|
|
* let them proceed to get the message out.
|
|
*/
|
|
if (!strncmp(func->name, "__ubsan_handle_", 15))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
static int validate_call(struct instruction *insn, struct insn_state *state)
|
|
{
|
|
if (state->noinstr && state->instr <= 0 &&
|
|
!noinstr_call_dest(insn->call_dest)) {
|
|
WARN_FUNC("call to %s() leaves .noinstr.text section",
|
|
insn->sec, insn->offset, call_dest_name(insn));
|
|
return 1;
|
|
}
|
|
|
|
if (state->uaccess && !func_uaccess_safe(insn->call_dest)) {
|
|
WARN_FUNC("call to %s() with UACCESS enabled",
|
|
insn->sec, insn->offset, call_dest_name(insn));
|
|
return 1;
|
|
}
|
|
|
|
if (state->df) {
|
|
WARN_FUNC("call to %s() with DF set",
|
|
insn->sec, insn->offset, call_dest_name(insn));
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int validate_sibling_call(struct instruction *insn, struct insn_state *state)
|
|
{
|
|
if (has_modified_stack_frame(insn, state)) {
|
|
WARN_FUNC("sibling call from callable instruction with modified stack frame",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
return validate_call(insn, state);
|
|
}
|
|
|
|
static int validate_return(struct symbol *func, struct instruction *insn, struct insn_state *state)
|
|
{
|
|
if (state->noinstr && state->instr > 0) {
|
|
WARN_FUNC("return with instrumentation enabled",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
if (state->uaccess && !func_uaccess_safe(func)) {
|
|
WARN_FUNC("return with UACCESS enabled",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
if (!state->uaccess && func_uaccess_safe(func)) {
|
|
WARN_FUNC("return with UACCESS disabled from a UACCESS-safe function",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
if (state->df) {
|
|
WARN_FUNC("return with DF set",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
if (func && has_modified_stack_frame(insn, state)) {
|
|
WARN_FUNC("return with modified stack frame",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
if (state->cfi.bp_scratch) {
|
|
WARN_FUNC("BP used as a scratch register",
|
|
insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Alternatives should not contain any ORC entries, this in turn means they
|
|
* should not contain any CFI ops, which implies all instructions should have
|
|
* the same same CFI state.
|
|
*
|
|
* It is possible to constuct alternatives that have unreachable holes that go
|
|
* unreported (because they're NOPs), such holes would result in CFI_UNDEFINED
|
|
* states which then results in ORC entries, which we just said we didn't want.
|
|
*
|
|
* Avoid them by copying the CFI entry of the first instruction into the whole
|
|
* alternative.
|
|
*/
|
|
static void fill_alternative_cfi(struct objtool_file *file, struct instruction *insn)
|
|
{
|
|
struct instruction *first_insn = insn;
|
|
int alt_group = insn->alt_group;
|
|
|
|
sec_for_each_insn_continue(file, insn) {
|
|
if (insn->alt_group != alt_group)
|
|
break;
|
|
insn->cfi = first_insn->cfi;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Follow the branch starting at the given instruction, and recursively follow
|
|
* any other branches (jumps). Meanwhile, track the frame pointer state at
|
|
* each instruction and validate all the rules described in
|
|
* tools/objtool/Documentation/stack-validation.txt.
|
|
*/
|
|
static int validate_branch(struct objtool_file *file, struct symbol *func,
|
|
struct instruction *insn, struct insn_state state)
|
|
{
|
|
struct alternative *alt;
|
|
struct instruction *next_insn;
|
|
struct section *sec;
|
|
u8 visited;
|
|
int ret;
|
|
|
|
sec = insn->sec;
|
|
|
|
while (1) {
|
|
next_insn = next_insn_same_sec(file, insn);
|
|
|
|
if (file->c_file && func && insn->func && func != insn->func->pfunc) {
|
|
WARN("%s() falls through to next function %s()",
|
|
func->name, insn->func->name);
|
|
return 1;
|
|
}
|
|
|
|
if (func && insn->ignore) {
|
|
WARN_FUNC("BUG: why am I validating an ignored function?",
|
|
sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
visited = 1 << state.uaccess;
|
|
if (insn->visited) {
|
|
if (!insn->hint && !insn_cfi_match(insn, &state.cfi))
|
|
return 1;
|
|
|
|
if (insn->visited & visited)
|
|
return 0;
|
|
}
|
|
|
|
if (state.noinstr)
|
|
state.instr += insn->instr;
|
|
|
|
if (insn->hint)
|
|
state.cfi = insn->cfi;
|
|
else
|
|
insn->cfi = state.cfi;
|
|
|
|
insn->visited |= visited;
|
|
|
|
if (!insn->ignore_alts && !list_empty(&insn->alts)) {
|
|
bool skip_orig = false;
|
|
|
|
list_for_each_entry(alt, &insn->alts, list) {
|
|
if (alt->skip_orig)
|
|
skip_orig = true;
|
|
|
|
ret = validate_branch(file, func, alt->insn, state);
|
|
if (ret) {
|
|
if (backtrace)
|
|
BT_FUNC("(alt)", insn);
|
|
return ret;
|
|
}
|
|
}
|
|
|
|
if (insn->alt_group)
|
|
fill_alternative_cfi(file, insn);
|
|
|
|
if (skip_orig)
|
|
return 0;
|
|
}
|
|
|
|
if (handle_insn_ops(insn, &state))
|
|
return 1;
|
|
|
|
switch (insn->type) {
|
|
|
|
case INSN_RETURN:
|
|
return validate_return(func, insn, &state);
|
|
|
|
case INSN_CALL:
|
|
case INSN_CALL_DYNAMIC:
|
|
ret = validate_call(insn, &state);
|
|
if (ret)
|
|
return ret;
|
|
|
|
if (!no_fp && func && !is_fentry_call(insn) &&
|
|
!has_valid_stack_frame(&state)) {
|
|
WARN_FUNC("call without frame pointer save/setup",
|
|
sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
if (dead_end_function(file, insn->call_dest))
|
|
return 0;
|
|
|
|
if (insn->type == INSN_CALL && insn->call_dest &&
|
|
insn->call_dest->static_call_tramp) {
|
|
list_add_tail(&insn->static_call_node,
|
|
&file->static_call_list);
|
|
}
|
|
|
|
break;
|
|
|
|
case INSN_JUMP_CONDITIONAL:
|
|
case INSN_JUMP_UNCONDITIONAL:
|
|
if (func && is_sibling_call(insn)) {
|
|
ret = validate_sibling_call(insn, &state);
|
|
if (ret)
|
|
return ret;
|
|
|
|
} else if (insn->jump_dest) {
|
|
ret = validate_branch(file, func,
|
|
insn->jump_dest, state);
|
|
if (ret) {
|
|
if (backtrace)
|
|
BT_FUNC("(branch)", insn);
|
|
return ret;
|
|
}
|
|
}
|
|
|
|
if (insn->type == INSN_JUMP_UNCONDITIONAL)
|
|
return 0;
|
|
|
|
break;
|
|
|
|
case INSN_JUMP_DYNAMIC:
|
|
case INSN_JUMP_DYNAMIC_CONDITIONAL:
|
|
if (func && is_sibling_call(insn)) {
|
|
ret = validate_sibling_call(insn, &state);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
if (insn->type == INSN_JUMP_DYNAMIC)
|
|
return 0;
|
|
|
|
break;
|
|
|
|
case INSN_CONTEXT_SWITCH:
|
|
if (func && (!next_insn || !next_insn->hint)) {
|
|
WARN_FUNC("unsupported instruction in callable function",
|
|
sec, insn->offset);
|
|
return 1;
|
|
}
|
|
return 0;
|
|
|
|
case INSN_STAC:
|
|
if (state.uaccess) {
|
|
WARN_FUNC("recursive UACCESS enable", sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
state.uaccess = true;
|
|
break;
|
|
|
|
case INSN_CLAC:
|
|
if (!state.uaccess && func) {
|
|
WARN_FUNC("redundant UACCESS disable", sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
if (func_uaccess_safe(func) && !state.uaccess_stack) {
|
|
WARN_FUNC("UACCESS-safe disables UACCESS", sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
state.uaccess = false;
|
|
break;
|
|
|
|
case INSN_STD:
|
|
if (state.df) {
|
|
WARN_FUNC("recursive STD", sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
state.df = true;
|
|
break;
|
|
|
|
case INSN_CLD:
|
|
if (!state.df && func) {
|
|
WARN_FUNC("redundant CLD", sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
state.df = false;
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
|
|
if (insn->dead_end)
|
|
return 0;
|
|
|
|
if (!next_insn) {
|
|
if (state.cfi.cfa.base == CFI_UNDEFINED)
|
|
return 0;
|
|
WARN("%s: unexpected end of section", sec->name);
|
|
return 1;
|
|
}
|
|
|
|
insn = next_insn;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int validate_unwind_hints(struct objtool_file *file, struct section *sec)
|
|
{
|
|
struct instruction *insn;
|
|
struct insn_state state;
|
|
int ret, warnings = 0;
|
|
|
|
if (!file->hints)
|
|
return 0;
|
|
|
|
init_insn_state(&state, sec);
|
|
|
|
if (sec) {
|
|
insn = find_insn(file, sec, 0);
|
|
if (!insn)
|
|
return 0;
|
|
} else {
|
|
insn = list_first_entry(&file->insn_list, typeof(*insn), list);
|
|
}
|
|
|
|
while (&insn->list != &file->insn_list && (!sec || insn->sec == sec)) {
|
|
if (insn->hint && !insn->visited) {
|
|
ret = validate_branch(file, insn->func, insn, state);
|
|
if (ret && backtrace)
|
|
BT_FUNC("<=== (hint)", insn);
|
|
warnings += ret;
|
|
}
|
|
|
|
insn = list_next_entry(insn, list);
|
|
}
|
|
|
|
return warnings;
|
|
}
|
|
|
|
static int validate_retpoline(struct objtool_file *file)
|
|
{
|
|
struct instruction *insn;
|
|
int warnings = 0;
|
|
|
|
for_each_insn(file, insn) {
|
|
if (insn->type != INSN_JUMP_DYNAMIC &&
|
|
insn->type != INSN_CALL_DYNAMIC)
|
|
continue;
|
|
|
|
if (insn->retpoline_safe)
|
|
continue;
|
|
|
|
/*
|
|
* .init.text code is ran before userspace and thus doesn't
|
|
* strictly need retpolines, except for modules which are
|
|
* loaded late, they very much do need retpoline in their
|
|
* .init.text
|
|
*/
|
|
if (!strcmp(insn->sec->name, ".init.text") && !module)
|
|
continue;
|
|
|
|
WARN_FUNC("indirect %s found in RETPOLINE build",
|
|
insn->sec, insn->offset,
|
|
insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");
|
|
|
|
warnings++;
|
|
}
|
|
|
|
return warnings;
|
|
}
|
|
|
|
static bool is_kasan_insn(struct instruction *insn)
|
|
{
|
|
return (insn->type == INSN_CALL &&
|
|
!strcmp(insn->call_dest->name, "__asan_handle_no_return"));
|
|
}
|
|
|
|
static bool is_ubsan_insn(struct instruction *insn)
|
|
{
|
|
return (insn->type == INSN_CALL &&
|
|
!strcmp(insn->call_dest->name,
|
|
"__ubsan_handle_builtin_unreachable"));
|
|
}
|
|
|
|
static bool ignore_unreachable_insn(struct objtool_file *file, struct instruction *insn)
|
|
{
|
|
int i;
|
|
struct instruction *prev_insn;
|
|
|
|
if (insn->ignore || insn->type == INSN_NOP)
|
|
return true;
|
|
|
|
/*
|
|
* Ignore any unused exceptions. This can happen when a whitelisted
|
|
* function has an exception table entry.
|
|
*
|
|
* Also ignore alternative replacement instructions. This can happen
|
|
* when a whitelisted function uses one of the ALTERNATIVE macros.
|
|
*/
|
|
if (!strcmp(insn->sec->name, ".fixup") ||
|
|
!strcmp(insn->sec->name, ".altinstr_replacement") ||
|
|
!strcmp(insn->sec->name, ".altinstr_aux"))
|
|
return true;
|
|
|
|
if (insn->type == INSN_JUMP_UNCONDITIONAL && insn->offset == FAKE_JUMP_OFFSET)
|
|
return true;
|
|
|
|
if (!insn->func)
|
|
return false;
|
|
|
|
/*
|
|
* CONFIG_UBSAN_TRAP inserts a UD2 when it sees
|
|
* __builtin_unreachable(). The BUG() macro has an unreachable() after
|
|
* the UD2, which causes GCC's undefined trap logic to emit another UD2
|
|
* (or occasionally a JMP to UD2).
|
|
*
|
|
* It may also insert a UD2 after calling a __noreturn function.
|
|
*/
|
|
prev_insn = list_prev_entry(insn, list);
|
|
if ((prev_insn->dead_end || dead_end_function(file, prev_insn->call_dest)) &&
|
|
(insn->type == INSN_BUG ||
|
|
(insn->type == INSN_JUMP_UNCONDITIONAL &&
|
|
insn->jump_dest && insn->jump_dest->type == INSN_BUG)))
|
|
return true;
|
|
|
|
/*
|
|
* Check if this (or a subsequent) instruction is related to
|
|
* CONFIG_UBSAN or CONFIG_KASAN.
|
|
*
|
|
* End the search at 5 instructions to avoid going into the weeds.
|
|
*/
|
|
for (i = 0; i < 5; i++) {
|
|
|
|
if (is_kasan_insn(insn) || is_ubsan_insn(insn))
|
|
return true;
|
|
|
|
if (insn->type == INSN_JUMP_UNCONDITIONAL) {
|
|
if (insn->jump_dest &&
|
|
insn->jump_dest->func == insn->func) {
|
|
insn = insn->jump_dest;
|
|
continue;
|
|
}
|
|
|
|
break;
|
|
}
|
|
|
|
if (insn->offset + insn->len >= insn->func->offset + insn->func->len)
|
|
break;
|
|
|
|
insn = list_next_entry(insn, list);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
static int validate_symbol(struct objtool_file *file, struct section *sec,
|
|
struct symbol *sym, struct insn_state *state)
|
|
{
|
|
struct instruction *insn;
|
|
int ret;
|
|
|
|
if (!sym->len) {
|
|
WARN("%s() is missing an ELF size annotation", sym->name);
|
|
return 1;
|
|
}
|
|
|
|
if (sym->pfunc != sym || sym->alias != sym)
|
|
return 0;
|
|
|
|
insn = find_insn(file, sec, sym->offset);
|
|
if (!insn || insn->ignore || insn->visited)
|
|
return 0;
|
|
|
|
state->uaccess = sym->uaccess_safe;
|
|
|
|
ret = validate_branch(file, insn->func, insn, *state);
|
|
if (ret && backtrace)
|
|
BT_FUNC("<=== (sym)", insn);
|
|
return ret;
|
|
}
|
|
|
|
static int validate_section(struct objtool_file *file, struct section *sec)
|
|
{
|
|
struct insn_state state;
|
|
struct symbol *func;
|
|
int warnings = 0;
|
|
|
|
list_for_each_entry(func, &sec->symbol_list, list) {
|
|
if (func->type != STT_FUNC)
|
|
continue;
|
|
|
|
init_insn_state(&state, sec);
|
|
state.cfi.cfa = initial_func_cfi.cfa;
|
|
memcpy(&state.cfi.regs, &initial_func_cfi.regs,
|
|
CFI_NUM_REGS * sizeof(struct cfi_reg));
|
|
state.cfi.stack_size = initial_func_cfi.cfa.offset;
|
|
|
|
warnings += validate_symbol(file, sec, func, &state);
|
|
}
|
|
|
|
return warnings;
|
|
}
|
|
|
|
static int validate_vmlinux_functions(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
int warnings = 0;
|
|
|
|
sec = find_section_by_name(file->elf, ".noinstr.text");
|
|
if (sec) {
|
|
warnings += validate_section(file, sec);
|
|
warnings += validate_unwind_hints(file, sec);
|
|
}
|
|
|
|
sec = find_section_by_name(file->elf, ".entry.text");
|
|
if (sec) {
|
|
warnings += validate_section(file, sec);
|
|
warnings += validate_unwind_hints(file, sec);
|
|
}
|
|
|
|
return warnings;
|
|
}
|
|
|
|
static int validate_functions(struct objtool_file *file)
|
|
{
|
|
struct section *sec;
|
|
int warnings = 0;
|
|
|
|
for_each_sec(file, sec) {
|
|
if (!(sec->sh.sh_flags & SHF_EXECINSTR))
|
|
continue;
|
|
|
|
warnings += validate_section(file, sec);
|
|
}
|
|
|
|
return warnings;
|
|
}
|
|
|
|
static int validate_reachable_instructions(struct objtool_file *file)
|
|
{
|
|
struct instruction *insn;
|
|
|
|
if (file->ignore_unreachables)
|
|
return 0;
|
|
|
|
for_each_insn(file, insn) {
|
|
if (insn->visited || ignore_unreachable_insn(file, insn))
|
|
continue;
|
|
|
|
WARN_FUNC("unreachable instruction", insn->sec, insn->offset);
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int check(struct objtool_file *file)
|
|
{
|
|
int ret, warnings = 0;
|
|
|
|
arch_initial_func_cfi_state(&initial_func_cfi);
|
|
|
|
ret = decode_sections(file);
|
|
if (ret < 0)
|
|
goto out;
|
|
warnings += ret;
|
|
|
|
if (list_empty(&file->insn_list))
|
|
goto out;
|
|
|
|
if (vmlinux && !validate_dup) {
|
|
ret = validate_vmlinux_functions(file);
|
|
if (ret < 0)
|
|
goto out;
|
|
|
|
warnings += ret;
|
|
goto out;
|
|
}
|
|
|
|
if (retpoline) {
|
|
ret = validate_retpoline(file);
|
|
if (ret < 0)
|
|
return ret;
|
|
warnings += ret;
|
|
}
|
|
|
|
ret = validate_functions(file);
|
|
if (ret < 0)
|
|
goto out;
|
|
warnings += ret;
|
|
|
|
ret = validate_unwind_hints(file, NULL);
|
|
if (ret < 0)
|
|
goto out;
|
|
warnings += ret;
|
|
|
|
if (!warnings) {
|
|
ret = validate_reachable_instructions(file);
|
|
if (ret < 0)
|
|
goto out;
|
|
warnings += ret;
|
|
}
|
|
|
|
ret = create_static_call_sections(file);
|
|
if (ret < 0)
|
|
goto out;
|
|
warnings += ret;
|
|
|
|
if (mcount) {
|
|
ret = create_mcount_loc_sections(file);
|
|
if (ret < 0)
|
|
goto out;
|
|
warnings += ret;
|
|
}
|
|
|
|
out:
|
|
/*
|
|
* For now, don't fail the kernel build on fatal warnings. These
|
|
* errors are still fairly common due to the growing matrix of
|
|
* supported toolchains and their recent pace of change.
|
|
*/
|
|
return 0;
|
|
}
|