Rust functions may be `noreturn` (i.e. diverging) by returning the
"never" type, `!`, e.g.
fn f() -> ! {
loop {}
}
Thus list the known `noreturn` functions to avoid such warnings.
Without this, `objtool` would complain if enabled for Rust, e.g.:
rust/core.o: warning: objtool:
_R...9panic_fmt() falls through to next function _R...18panic_nounwind_fmt()
rust/alloc.o: warning: objtool:
.text: unexpected end of section
In order to do so, we cannot match symbols' names exactly, for two
reasons:
- Rust mangling scheme [1] contains disambiguators [2] which we
cannot predict (e.g. they may vary depending on the compiler version).
One possibility to solve this would be to parse v0 and ignore/zero
those before comparison.
- Some of the diverging functions come from `core`, i.e. the Rust
standard library, which may change with each compiler version
since they are implementation details (e.g. `panic_internals`).
Thus, to workaround both issues, only part of the symbols are matched,
instead of using the `NORETURN` macro in `noreturns.h`.
Ideally, just like for the C side, we should have a better solution. For
instance, the compiler could give us the list via something like:
$ rustc --emit=noreturns ...
Link: https://rust-lang.github.io/rfcs/2603-rust-symbol-name-mangling-v0.html [1]
Link: https://doc.rust-lang.org/rustc/symbol-mangling/v0.html#disambiguator [2]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
---
tools/objtool/check.c | 48 ++++++++++++++++++++++++++++++++++++++-
tools/objtool/noreturns.h | 2 ++
2 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 0a33d9195b7a..deace6fca2ed 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -177,6 +177,48 @@ static bool is_sibling_call(struct instruction *insn)
return (is_static_jump(insn) && insn_call_dest(insn));
}
+/*
+ * Checks if a string ends with another.
+ */
+static bool str_ends_with(const char *s, const char *sub)
+{
+ const int slen = strlen(s);
+ const int sublen = strlen(sub);
+
+ if (sublen > slen)
+ return 0;
+
+ return !memcmp(s + slen - sublen, sub, sublen);
+}
+
+/*
+ * Checks if a function is a Rust "noreturn" one.
+ */
+static bool is_rust_noreturn(const struct symbol *func)
+{
+ /*
+ * If it does not start with "_R", then it is not a Rust symbol.
+ */
+ if (strncmp(func->name, "_R", 2))
+ return false;
+
+ /*
+ * These are just heuristics -- we do not control the precise symbol
+ * name, due to the crate disambiguators (which depend on the compiler)
+ * as well as changes to the source code itself between versions (since
+ * these come from the Rust standard library).
+ */
+ return str_ends_with(func->name, "_4core6option13unwrap_failed") ||
+ str_ends_with(func->name, "_4core6result13unwrap_failed") ||
+ str_ends_with(func->name, "_4core9panicking5panic") ||
+ str_ends_with(func->name, "_4core9panicking9panic_fmt") ||
+ str_ends_with(func->name, "_4core9panicking14panic_explicit") ||
+ str_ends_with(func->name, "_4core9panicking18panic_bounds_check") ||
+ strstr(func->name, "_4core9panicking11panic_const24panic_const_") ||
+ (strstr(func->name, "_4core5slice5index24slice_") &&
+ str_ends_with(func->name, "_fail"));
+}
+
/*
* This checks to see if the given function is a "noreturn" function.
*
@@ -202,10 +244,14 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
if (!func)
return false;
- if (func->bind == STB_GLOBAL || func->bind == STB_WEAK)
+ if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) {
+ if (is_rust_noreturn(func))
+ return true;
+
for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
if (!strcmp(func->name, global_noreturns[i]))
return true;
+ }
if (func->bind == STB_WEAK)
return false;
diff --git a/tools/objtool/noreturns.h b/tools/objtool/noreturns.h
index 7ebf29c91184..82a001ac433b 100644
--- a/tools/objtool/noreturns.h
+++ b/tools/objtool/noreturns.h
@@ -35,6 +35,8 @@ NORETURN(panic)
NORETURN(panic_smp_self_stop)
NORETURN(rest_init)
NORETURN(rewind_stack_and_make_dead)
+NORETURN(rust_begin_unwind)
+NORETURN(rust_helper_BUG)
NORETURN(sev_es_terminate)
NORETURN(snp_abort)
NORETURN(start_kernel)
--
2.45.2On Thu, Jul 25, 2024 at 08:33:22PM +0200, Miguel Ojeda wrote:
> Rust functions may be `noreturn` (i.e. diverging) by returning the
> "never" type, `!`, e.g.
>
> fn f() -> ! {
> loop {}
> }
>
> Thus list the known `noreturn` functions to avoid such warnings.
>
> Without this, `objtool` would complain if enabled for Rust, e.g.:
>
> rust/core.o: warning: objtool:
> _R...9panic_fmt() falls through to next function _R...18panic_nounwind_fmt()
>
> rust/alloc.o: warning: objtool:
> .text: unexpected end of section
>
> In order to do so, we cannot match symbols' names exactly, for two
> reasons:
>
> - Rust mangling scheme [1] contains disambiguators [2] which we
> cannot predict (e.g. they may vary depending on the compiler version).
>
> One possibility to solve this would be to parse v0 and ignore/zero
> those before comparison.
>
> - Some of the diverging functions come from `core`, i.e. the Rust
> standard library, which may change with each compiler version
> since they are implementation details (e.g. `panic_internals`).
>
> Thus, to workaround both issues, only part of the symbols are matched,
> instead of using the `NORETURN` macro in `noreturns.h`.
>
> Ideally, just like for the C side, we should have a better solution. For
> instance, the compiler could give us the list via something like:
>
> $ rustc --emit=noreturns ...
Yeah, having added noreturns to objtool myself a few times, it'd be nice
to have a way to make these manual lists go away some day.
>
> Link: https://rust-lang.github.io/rfcs/2603-rust-symbol-name-mangling-v0.html [1]
> Link: https://doc.rust-lang.org/rustc/symbol-mangling/v0.html#disambiguator [2]
> Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Reviewed-by: Kees Cook <kees@kernel.org>
--
Kees Cook
On Tue, Aug 06, 2024 at 12:42:41PM -0700, Kees Cook wrote:
> On Thu, Jul 25, 2024 at 08:33:22PM +0200, Miguel Ojeda wrote:
> > Rust functions may be `noreturn` (i.e. diverging) by returning the
> > "never" type, `!`, e.g.
> >
> > fn f() -> ! {
> > loop {}
> > }
> >
> > Thus list the known `noreturn` functions to avoid such warnings.
> >
> > Without this, `objtool` would complain if enabled for Rust, e.g.:
> >
> > rust/core.o: warning: objtool:
> > _R...9panic_fmt() falls through to next function _R...18panic_nounwind_fmt()
> >
> > rust/alloc.o: warning: objtool:
> > .text: unexpected end of section
> >
> > In order to do so, we cannot match symbols' names exactly, for two
> > reasons:
> >
> > - Rust mangling scheme [1] contains disambiguators [2] which we
> > cannot predict (e.g. they may vary depending on the compiler version).
> >
> > One possibility to solve this would be to parse v0 and ignore/zero
> > those before comparison.
> >
> > - Some of the diverging functions come from `core`, i.e. the Rust
> > standard library, which may change with each compiler version
> > since they are implementation details (e.g. `panic_internals`).
> >
> > Thus, to workaround both issues, only part of the symbols are matched,
> > instead of using the `NORETURN` macro in `noreturns.h`.
> >
> > Ideally, just like for the C side, we should have a better solution. For
> > instance, the compiler could give us the list via something like:
> >
> > $ rustc --emit=noreturns ...
>
> Yeah, having added noreturns to objtool myself a few times, it'd be nice
> to have a way to make these manual lists go away some day.
So it would be fairly simple to make objtool consume a magic section
emitted by the compiler.. I think we've asked the compiler folks for
that at some point even, but I don't have clear recollections.
On Tue, Aug 6, 2024 at 10:22 PM Peter Zijlstra <peterz@infradead.org> wrote: > > So it would be fairly simple to make objtool consume a magic section > emitted by the compiler.. I think we've asked the compiler folks for > that at some point even, but I don't have clear recollections. The section sounds like a good approach -- we will ask the Rust team about it. Then perhaps we can get Clang/GCC to implement something similar too -- for this sort of thing we can use the shorter cycles of `rustc` (and their unstable features concept too) to experiment with these things :) I have also added it to our `rustc` sublist of things we need. Cheers, Miguel
On Thu, Jul 25, 2024 at 8:35 PM Miguel Ojeda <ojeda@kernel.org> wrote:
>
> Rust functions may be `noreturn` (i.e. diverging) by returning the
> "never" type, `!`, e.g.
>
> fn f() -> ! {
> loop {}
> }
>
> Thus list the known `noreturn` functions to avoid such warnings.
>
> Without this, `objtool` would complain if enabled for Rust, e.g.:
>
> rust/core.o: warning: objtool:
> _R...9panic_fmt() falls through to next function _R...18panic_nounwind_fmt()
>
> rust/alloc.o: warning: objtool:
> .text: unexpected end of section
>
> In order to do so, we cannot match symbols' names exactly, for two
> reasons:
>
> - Rust mangling scheme [1] contains disambiguators [2] which we
> cannot predict (e.g. they may vary depending on the compiler version).
>
> One possibility to solve this would be to parse v0 and ignore/zero
> those before comparison.
>
> - Some of the diverging functions come from `core`, i.e. the Rust
> standard library, which may change with each compiler version
> since they are implementation details (e.g. `panic_internals`).
>
> Thus, to workaround both issues, only part of the symbols are matched,
> instead of using the `NORETURN` macro in `noreturns.h`.
>
> Ideally, just like for the C side, we should have a better solution. For
> instance, the compiler could give us the list via something like:
>
> $ rustc --emit=noreturns ...
>
> Link: https://rust-lang.github.io/rfcs/2603-rust-symbol-name-mangling-v0.html [1]
> Link: https://doc.rust-lang.org/rustc/symbol-mangling/v0.html#disambiguator [2]
> Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Tested-by: Alice Ryhl <aliceryhl@google.com>
On Thu, Jul 25, 2024 at 08:33:22PM +0200, Miguel Ojeda wrote:
> Rust functions may be `noreturn` (i.e. diverging) by returning the
> "never" type, `!`, e.g.
>
> fn f() -> ! {
> loop {}
> }
>
> Thus list the known `noreturn` functions to avoid such warnings.
>
> Without this, `objtool` would complain if enabled for Rust, e.g.:
>
> rust/core.o: warning: objtool:
> _R...9panic_fmt() falls through to next function _R...18panic_nounwind_fmt()
>
> rust/alloc.o: warning: objtool:
> .text: unexpected end of section
>
> In order to do so, we cannot match symbols' names exactly, for two
> reasons:
>
> - Rust mangling scheme [1] contains disambiguators [2] which we
> cannot predict (e.g. they may vary depending on the compiler version).
>
> One possibility to solve this would be to parse v0 and ignore/zero
> those before comparison.
>
> - Some of the diverging functions come from `core`, i.e. the Rust
> standard library, which may change with each compiler version
> since they are implementation details (e.g. `panic_internals`).
>
> Thus, to workaround both issues, only part of the symbols are matched,
> instead of using the `NORETURN` macro in `noreturns.h`.
>
> Ideally, just like for the C side, we should have a better solution. For
> instance, the compiler could give us the list via something like:
>
> $ rustc --emit=noreturns ...
>
> Link: https://rust-lang.github.io/rfcs/2603-rust-symbol-name-mangling-v0.html [1]
> Link: https://doc.rust-lang.org/rustc/symbol-mangling/v0.html#disambiguator [2]
> Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
> tools/objtool/check.c | 48 ++++++++++++++++++++++++++++++++++++++-
> tools/objtool/noreturns.h | 2 ++
> 2 files changed, 49 insertions(+), 1 deletion(-)
>
> diff --git a/tools/objtool/check.c b/tools/objtool/check.c
> index 0a33d9195b7a..deace6fca2ed 100644
> --- a/tools/objtool/check.c
> +++ b/tools/objtool/check.c
> @@ -177,6 +177,48 @@ static bool is_sibling_call(struct instruction *insn)
> return (is_static_jump(insn) && insn_call_dest(insn));
> }
>
> +/*
> + * Checks if a string ends with another.
> + */
> +static bool str_ends_with(const char *s, const char *sub)
> +{
> + const int slen = strlen(s);
> + const int sublen = strlen(sub);
> +
> + if (sublen > slen)
> + return 0;
> +
> + return !memcmp(s + slen - sublen, sub, sublen);
> +}
> +
> +/*
> + * Checks if a function is a Rust "noreturn" one.
> + */
> +static bool is_rust_noreturn(const struct symbol *func)
> +{
> + /*
> + * If it does not start with "_R", then it is not a Rust symbol.
> + */
> + if (strncmp(func->name, "_R", 2))
> + return false;
> +
> + /*
> + * These are just heuristics -- we do not control the precise symbol
> + * name, due to the crate disambiguators (which depend on the compiler)
> + * as well as changes to the source code itself between versions (since
> + * these come from the Rust standard library).
> + */
> + return str_ends_with(func->name, "_4core6option13unwrap_failed") ||
> + str_ends_with(func->name, "_4core6result13unwrap_failed") ||
> + str_ends_with(func->name, "_4core9panicking5panic") ||
> + str_ends_with(func->name, "_4core9panicking9panic_fmt") ||
> + str_ends_with(func->name, "_4core9panicking14panic_explicit") ||
> + str_ends_with(func->name, "_4core9panicking18panic_bounds_check") ||
> + strstr(func->name, "_4core9panicking11panic_const24panic_const_") ||
> + (strstr(func->name, "_4core5slice5index24slice_") &&
> + str_ends_with(func->name, "_fail"));
> +}
> +
> /*
> * This checks to see if the given function is a "noreturn" function.
> *
> @@ -202,10 +244,14 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
> if (!func)
> return false;
>
> - if (func->bind == STB_GLOBAL || func->bind == STB_WEAK)
> + if (func->bind == STB_GLOBAL || func->bind == STB_WEAK) {
> + if (is_rust_noreturn(func))
> + return true;
> +
> for (i = 0; i < ARRAY_SIZE(global_noreturns); i++)
> if (!strcmp(func->name, global_noreturns[i]))
> return true;
> + }
>
> if (func->bind == STB_WEAK)
> return false;
> diff --git a/tools/objtool/noreturns.h b/tools/objtool/noreturns.h
> index 7ebf29c91184..82a001ac433b 100644
> --- a/tools/objtool/noreturns.h
> +++ b/tools/objtool/noreturns.h
> @@ -35,6 +35,8 @@ NORETURN(panic)
> NORETURN(panic_smp_self_stop)
> NORETURN(rest_init)
> NORETURN(rewind_stack_and_make_dead)
> +NORETURN(rust_begin_unwind)
> +NORETURN(rust_helper_BUG)
> NORETURN(sev_es_terminate)
> NORETURN(snp_abort)
> NORETURN(start_kernel)
> --
> 2.45.2
>
© 2016 - 2024 Red Hat, Inc.