| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <db508586-258a-0616-d649-e76e95df9611@redhat.com>
Date: Thu, 2 Apr 2020 13:53:49 +0100
From: Julien Thierry <jthierry@...hat.com>
To: Alexandre Chartre <alexandre.chartre@...cle.com>, x86@...nel.org
Cc: linux-kernel@...r.kernel.org, jpoimboe@...hat.com,
peterz@...radead.org, tglx@...utronix.de
Subject: Re: [PATCH 3/7] objtool: Add support for intra-function calls
Hi Alexandre,
I ran into the limitation of intra-function call for the arm64 support
but didn't take the time to make a clean patch to support them properly.
Nice to see you've gone through that work :) .
On 4/2/20 9:22 AM, Alexandre Chartre wrote:
> Change objtool to support intra-function calls. An intra-function call
> is represented in objtool as a push onto the stack (of the return
I have to disagree a bit with that. The push onto the stack is true on
x86, but other architectures might not have that (arm/arm64 have a link
register that gets set by "bl" instructions and do not modify the stack).
> address), and a jump to the destination address. That way the stack
> information is correctly updated and the call flow is still accurate.
>
> Signed-off-by: Alexandre Chartre <alexandre.chartre@...cle.com>
> ---
> tools/objtool/check.c | 73 ++++++++++++++++++++++++++++++++++++++++++-
> tools/objtool/check.h | 1 +
> 2 files changed, 73 insertions(+), 1 deletion(-)
>
> diff --git a/tools/objtool/check.c b/tools/objtool/check.c
> index 214809ac2776..0cec91291d46 100644
> --- a/tools/objtool/check.c
> +++ b/tools/objtool/check.c
> @@ -657,6 +657,18 @@ static int add_call_destinations(struct objtool_file *file)
> if (insn->type != INSN_CALL)
> continue;
>
> + if (insn->intra_function_call) {
> + dest_off = insn->offset + insn->len + insn->immediate;
> + insn->jump_dest = find_insn(file, insn->sec, dest_off);
> + if (insn->jump_dest)
> + continue;
> +
> + WARN_FUNC("can't find call dest at %s+0x%lx",
> + insn->sec, insn->offset,
> + insn->sec->name, dest_off);
> + return -1;
> + }
> +
> rela = find_rela_by_dest_range(insn->sec, insn->offset,
> insn->len);
> if (!rela) {
> @@ -1289,6 +1301,49 @@ static int read_retpoline_hints(struct objtool_file *file)
> return 0;
> }
>
> +static int read_intra_function_call(struct objtool_file *file)
> +{
> + struct section *sec;
> + struct instruction *insn;
> + struct rela *rela;
> +
> + sec = find_section_by_name(file->elf,
> + ".rela.discard.intra_function_call");
I'm wondering, do we really need to annotate the intra_function_call and
group the in a section?
Would it be a problem to consider all (static) call instructions with a
destination that is not the start offset of a symbol to be an
intra-function call (and set insn->intra_function_call and
insn->jump_dest accordingly)?
Other than that the logic would stay the same.
> + if (!sec)
> + return 0;
> +
> + list_for_each_entry(rela, &sec->rela_list, list) {
> + if (rela->sym->type != STT_SECTION) {
> + WARN("unexpected relocation symbol type in %s",
> + sec->name);
> + return -1;
> + }
> +
> + insn = find_insn(file, rela->sym->sec, rela->addend);
> + if (!insn) {
> + WARN("bad .discard.intra_function_call entry");
> + return -1;
> + }
> +
> + if (insn->type != INSN_CALL) {
> + WARN_FUNC("intra_function_call not a call",
> + insn->sec, insn->offset);
Nit: This could be slightly confusing with INSN_CALL_DYNAMIC. Maybe just:
"unsupported instruction for intra-function call " ?
> + return -1;
> + }
> +
> + insn->intra_function_call = true;
> + /*
> + * For the impact on the stack, make an intra-function
> + * call behaves like a push of an immediate value (the
> + * return address).
> + */
> + insn->stack_op.src.type = OP_SRC_CONST;
> + insn->stack_op.dest.type = OP_DEST_PUSH;
As commented above, this should be arch dependent.
> + }
> +
> + return 0;
> +}
> +
> static void mark_rodata(struct objtool_file *file)
> {
> struct section *sec;
> @@ -1344,6 +1399,10 @@ static int decode_sections(struct objtool_file *file)
> if (ret)
> return ret;
>
> + ret = read_intra_function_call(file);
> + if (ret)
> + return ret;
> +
> ret = add_call_destinations(file);
> if (ret)
> return ret;
> @@ -2092,7 +2151,8 @@ static int validate_branch(struct objtool_file *file, struct symbol *func,
> return ret;
>
> if (!no_fp && func && !is_fentry_call(insn) &&
> - !has_valid_stack_frame(&state)) {
> + !has_valid_stack_frame(&state) &&
> + !insn->intra_function_call) {
> WARN_FUNC("call without frame pointer save/setup",
> sec, insn->offset);
> return 1;
> @@ -2101,6 +2161,17 @@ static int validate_branch(struct objtool_file *file, struct symbol *func,
> if (dead_end_function(file, insn->call_dest))
> return 0;
>
> + if (insn->intra_function_call) {
> + update_insn_state(insn, &state);
> + ret = validate_branch(file, func, insn,
> + insn->jump_dest, state);
> + if (ret) {
> + if (backtrace)
> + BT_FUNC("(intra-call)", insn);
> + return ret;
> + }
> + }
> +
> break;
>
> case INSN_JUMP_CONDITIONAL:
> diff --git a/tools/objtool/check.h b/tools/objtool/check.h
> index cffb23d81782..2bd6d2f46baa 100644
> --- a/tools/objtool/check.h
> +++ b/tools/objtool/check.h
> @@ -35,6 +35,7 @@ struct instruction {
> unsigned long immediate;
> unsigned int alt_group;
> bool dead_end, ignore, hint, save, restore, ignore_alts;
> + bool intra_function_call;
> bool retpoline_safe;
> u8 visited;
> struct symbol *call_dest;
>
Thanks,
--
Julien Thierry
Powered by blists - more mailing lists