From nobody Wed Nov 27 07:48:01 2024 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF64A1A0BE7 for ; Fri, 11 Oct 2024 17:09:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666549; cv=none; b=XIEJnbYWBPt0dg9sOBhjFc5OwFVia0kAdEKAflgKqu1QpMITP/cHKCZFFP0F828LFFDn2Mg0DoQasik/Db5q3WXKffJNKrGG5TkyHjJWv0qrjzTPHlGNOE5BzRtff/+AP5j7UNVpjxGgxgARfvT/JrEEIV3rJrnjXencDq9/MZU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666549; c=relaxed/simple; bh=i07p+euZWicvD4DcduG6W8DaYxJyYJVcmSBCOXNMKfI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=IPKJxYQN8uwOZTJDbYt+/2lWKgXmGryuf1lAvk680RZV/nQ9nOzqDzo3Ek7IC+ng0PYgByoIftS6JOls0FSi+x7c7PlIUtpflDGFV/ZRCayDOr3k14aBa7lYC4M64XcPKmDPXtStV1o4R1MVsDMNnieNUwChylrm7TYtJrAtKUc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NuANwo9T; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NuANwo9T" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e23ee3110fso38199017b3.1 for ; Fri, 11 Oct 2024 10:09:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666547; x=1729271347; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3qdWVRrVbX3ToZU4Q5VrJuHDTTEiDMG3j538Hbt/T70=; b=NuANwo9TWbsTRHoUob8A2vLPIgYmiUunw6pIhzVeDF3gUMfo85/DRvd+UpqtRtTQE+ dqZ27FfarnhpgS2I1U/ElORxxHsRaXcrdxA/NBMnHaaqOqZo37kCQpiRBNmdVys9BOi9 ttsujtX9FB2NpXmiwdTFBbLZkUkRrucZ0zzL2zdgjTLRyPJuVIOIkQtvp6DxunEa3aiQ m1axwvHYHVsZx/VRpb7ChmWPcatlRffocmSFYyadZGrkBgL2qceN2SPAKe92XuMIAKvH cPItbzv63t0/DX3dxeEF8PMCkoJtL5a/5RRQYWKK3NoKk34lv4Au3kwtiTcsjZoDANz5 KE9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666547; x=1729271347; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3qdWVRrVbX3ToZU4Q5VrJuHDTTEiDMG3j538Hbt/T70=; b=d2kfMwf4F/4zJ9MbYWT20PupphQYsD7Y7nswxoFnJBAsRT31JGI0Z65P7ITu/2Zj0B t7gDUi0FJ3cz/nrZ+oURtkRkH3jrCdFmk1mNq4+tgRWipEivlyo6lBKnhbOGvnZ8q+ga xIfsUOKZA4/Q58HrskG+TRRhvVI7lNifThU7OqkYjEOnlZGF7rwHda2JxDLXpBByGKaP WFT/Ovwkb8AcvIpwSaGVQ9mj5GWJSmxOOIMlCtePPeI1osahYZAjGK5sQZ8Bxw5aQGR0 tI6w2JuXkXh2VYYVtVX9P9tfKjo5dpT8ns3r/DxudyQEMM+nhNXIoLNlef/0ZyOL6s5L Cz8Q== X-Gm-Message-State: AOJu0YzSp2iYrH4xXbJl0utThx0qU8ibRYA+HvlvgQwHIJQvvStZXmDI zWTFkEsJjLk6oYdBgSXTzv+4uZT91sS1QOVer7Lh4WPCIjEOSXvAYHvEctAqfDX9EkZFHHTaSS7 VB2Dwea2EWmRgYiXc7koF0d0Uos8motXOjXHFH3EpTFVkThFNn2vm4m5FcOuiACDTClV3vMlDwL TH2RDgbybngAJEiuHm6sBaSlaSnysKmg== X-Google-Smtp-Source: AGHT+IFwVip20YS7zwHFgmSUuevuRJVKrZKv+7d3ChvsNAmYTytYT9sUmJLT2/L4RZPtMTdbzwTJa4eT X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a25:8702:0:b0:e29:1864:5215 with SMTP id 3f1490d57ef6-e2919dbd114mr2278276.1.1728666546408; Fri, 11 Oct 2024 10:09:06 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:49 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=5192; i=ardb@kernel.org; h=from:subject; bh=fphk4j28lP0ahlwTC1zZcurlE54ngflWbp7fP3s2REU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zeuFpSY6nGevt91Rsfhp+64WWcP6J5R9O/6l/rSZ90 fnRMgvHjlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRTi2G/36ng8X4bqic8m/f wLih91nnA+6eUw/bohXsLjPVTN+2sJ6R4ZjGX/tvOUt3RjnytGbvmluqrf16c+Cn67sN3ilkF01 bxwAA X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-11-ardb+git@google.com> Subject: [PATCH v3 1/8] objtool: Deal with relative jump tables correctly From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Relative jump tables contain entries that carry the offset between the target of the jump and the start of the jump table. This permits the use of the PIC idiom of leaq jump_table(%rip), %tbl movslq (%tbl,%idx,4), %offset addq %offset, %tbl jmp *%tbl The jump table entries are decorated with PC32 relocations, which record the offset of the referenced symbol relative to the target of the relocation, which is the individual entry in the table. This means that only the first entry produces the correct value directly; the subsequent ones need to be corrected to produce the offset relative to the start of the table, by applying an addend. Given that the referenced symbols are anonymous, and thus already expressed in terms of sections and addends, e.g., .text+0x5df9, the correction is incorporated into the existing addend. The upshot of this is that chasing the reference to find the target instruction needs to take this second addend into account as well. Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/x86/special.c | 8 ------- tools/objtool/check.c | 24 +++++++++++++++++--- tools/objtool/include/objtool/elf.h | 6 +++++ 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/spec= ial.c index 4ea0f9815fda..415e4d035e53 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -150,13 +150,5 @@ struct reloc *arch_find_switch_table(struct objtool_fi= le *file, if (!rodata_reloc) return NULL; =20 - /* - * Use of RIP-relative switch jumps is quite rare, and - * indicates a rare GCC quirk/bug which can leave dead - * code behind. - */ - if (reloc_type(text_reloc) =3D=3D R_X86_64_PC32) - file->ignore_unreachables =3D true; - return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 2b0965153b25..aa07fdf1cf13 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -2101,6 +2101,8 @@ static int add_jump_table(struct objtool_file *file, = struct instruction *insn, { struct symbol *pfunc =3D insn_func(insn)->pfunc; struct reloc *table =3D insn_jump_table(insn); + unsigned int rtype =3D reloc_type(table); + bool pcrel =3D (rtype =3D=3D elf_text_rela_type(file->elf)); struct instruction *dest_insn; unsigned int prev_offset =3D 0; struct reloc *reloc =3D table; @@ -2111,13 +2113,18 @@ static int add_jump_table(struct objtool_file *file= , struct instruction *insn, * instruction. */ for_each_reloc_from(table->sec, reloc) { + unsigned long addend =3D reloc_addend(reloc); =20 /* Check for the end of the table: */ if (reloc !=3D table && reloc =3D=3D next_table) break; =20 + /* Each entry in the jump table should use the same relocation type */ + if (reloc_type(reloc) !=3D rtype) + break; + /* Make sure the table entries are consecutive: */ - if (prev_offset && reloc_offset(reloc) !=3D prev_offset + 8) + if (prev_offset && reloc_offset(reloc) !=3D prev_offset + (pcrel ? 4 : 8= )) break; =20 /* Detect function pointers from contiguous objects: */ @@ -2125,7 +2132,15 @@ static int add_jump_table(struct objtool_file *file,= struct instruction *insn, reloc_addend(reloc) =3D=3D pfunc->offset) break; =20 - dest_insn =3D find_insn(file, reloc->sym->sec, reloc_addend(reloc)); + /* + * Place-relative jump tables carry offsets relative to the + * start of the jump table, not to the entry itself. So correct + * the addend for the location of the entry in the table. + */ + if (pcrel) + addend -=3D reloc_offset(reloc) - reloc_offset(table); + + dest_insn =3D find_insn(file, reloc->sym->sec, addend); if (!dest_insn) break; =20 @@ -2133,6 +2148,9 @@ static int add_jump_table(struct objtool_file *file, = struct instruction *insn, if (!insn_func(dest_insn) || insn_func(dest_insn)->pfunc !=3D pfunc) break; =20 + if (pcrel) + reloc->sym_offset =3D addend; + alt =3D malloc(sizeof(*alt)); if (!alt) { WARN("malloc failed"); @@ -4535,7 +4553,7 @@ static int validate_ibt_data_reloc(struct objtool_fil= e *file, struct instruction *dest; =20 dest =3D find_insn(file, reloc->sym->sec, - reloc->sym->offset + reloc_addend(reloc)); + reloc->sym->offset + reloc_sym_offset(reloc)); if (!dest) return 0; =20 diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/ob= jtool/elf.h index d7e815c2fd15..f4a6307f4c08 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -78,6 +78,7 @@ struct reloc { struct section *sec; struct symbol *sym; struct reloc *sym_next_reloc; + s64 sym_offset; }; =20 struct elf { @@ -251,6 +252,11 @@ static inline s64 reloc_addend(struct reloc *reloc) return __get_reloc_field(reloc, r_addend); } =20 +static inline s64 reloc_sym_offset(struct reloc *reloc) +{ + return reloc->sym_offset ?: reloc_addend(reloc); +} + static inline void set_reloc_addend(struct elf *elf, struct reloc *reloc, = s64 addend) { __set_reloc_field(reloc, r_addend, addend); --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Wed Nov 27 07:48:01 2024 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8D7A1C4610 for ; Fri, 11 Oct 2024 17:09:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666552; cv=none; b=SG18wJJyHeMa07orZ6Ev3AGGe0CslDQnhtdAiVHlOAacIfaSO6YBUuVBQWN86ZGwCE8UiYqgwiGflCnWPWmA5opdku0RmzVUruZxnqL47/5lfZhqMPAlEf919x5QPsXdQc8Um7R9r5JIpRGTLqrvhLg/Ht5mdwIh5Om/53S9hto= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666552; c=relaxed/simple; bh=VUujYBiQvSszgV0qs3fJK1Hvr5k7z7tzS0djEyuvxZs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lJXm1IvJQm5RrVP3WYRyEMJ5Y54G9bfoej2Le3STEpvwFwSHFlZoQoJVKS7XXyYTPvx5R3FD4ngiz0GqPutaQYCr7AaUg/pnSLGOzGegO/h1FEf+D64eqXfs9DLFaVICopM7Ko5nT4IR6q3YK/f++XhmATTq+MaPK8oRj7r098E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vIFY2t62; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vIFY2t62" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-431207426e3so3512685e9.1 for ; Fri, 11 Oct 2024 10:09:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666549; x=1729271349; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=bfj0B3nnHjUxcCyCalhugd5ngmM/JrZzfePhPsFLeh4=; b=vIFY2t62Kfu9sD1TJtD3E5c4RPwLlZA/U+7yY5NfJhMwZlWqcT9jQRfMBnfpb+pjGg voO+yx8Em89gfalkzcJRLCWQC3WsUHGzLxLod9w0Tm1GEOyBxjP2Nk2TPwLlMaE2ZQo2 X/4si/pDbdI4gzEm2rpjSO0c2MyLMhmmwZluMD7TRqJ3Ia6kncF4Ciu2sTl52sBV0dYz Zn8diq3+bald2w7c/7SMa501mLH0rZUd9w4n+ttrZoLNLNtSpeuXyyOdqaRPa6P+e9lq eXQ4HfLGNXWmEf4mVktMAPrBeRs8pTcE/nbvAh9v1eKnNaCUeNx5ZCJYbU3buOMDPL3r oh8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666549; x=1729271349; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bfj0B3nnHjUxcCyCalhugd5ngmM/JrZzfePhPsFLeh4=; b=Meem3kqTVnnZpxNNJ/+gzW7s92uVRlKrlCKSqwq/owwQmB8XgCUET4v8qMVYTT00vm c/N/cI7iE6vDwhywuLTcwwr6kkIf7FhnyzNVNI5hr/ly0n2zDqVfXJZXv1SY9Iqf/PN7 j6Uki3hFn2yhMWE+nLmBCYDF/Q+1dlArVNU/miJT6CA2LYcC0NcyA98Ttf8KPcp1fdQe QOcLYhSMJBDmjJm8c3Eqf4/B1RmjFFk9NAAd2ZmX8ppwUBUtNoMSCijAwzZzi1KyurBh +0QJVX+NyA4KphfoWjBetEzmynJ5XDaGI3UN6qTYTd7CdX4YofHyZPocEnKvSHTrgW74 DbqQ== X-Gm-Message-State: AOJu0YwnGt1Qgvn7cmWkmZ7Uaw/m+K/z5DvItyo7EHv9TP715ec2E7Jc 9o+lTDksxpRd2eGncgrygryG+9yANzED7b12Hgo/yi5qTZHPSzSzKZOIxzfgnxXjnD+XbPqTw5k RvGEiytqsJGkGnwfveY7F2letpd+e/5eMgeCgRqR7vbfvwFGQQ34RiRRv9n2FR35SqI+CLYzLBl zf7jQMcIevy+wSjOL6ysHY0HPKSY0tvw== X-Google-Smtp-Source: AGHT+IFvX/saq2RUfGzHvn3Yuhv8T3E5DzVonOGZChHXCjZPWicr/2IaSFuxMZRFRkaqCDpZgMyInJz/ X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a5d:6890:0:b0:374:badf:9b16 with SMTP id ffacd0b85a97d-37d54de7715mr5662f8f.0.1728666548505; Fri, 11 Oct 2024 10:09:08 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:50 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=6898; i=ardb@kernel.org; h=from:subject; bh=2jvHADU7c8PNtY41id5iwZpe+A4RE0tCIX4zDl/IOwI=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zevGeuTemSKv5/VnNF3SJkT37m5jGny9B0qcX3hCdy FY1fcO/jlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR2tMM/wteCl2WXp4vrqrU 8/PM1Tu7eE0Ka+2OVWe/PrexdoZEgQ3DP7MzGyWTi0uENn70OL9B8qPnx/4X27Z1bYtzXq58O1l YjB8A X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-12-ardb+git@google.com> Subject: [PATCH v3 2/8] objtool: Allow arch code to discover jump table size From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In preparation for adding support for annotated jump tables, where ELF relocations and symbols are used to describe the locations of jump tables in the executable, refactor the jump table discovery logic so the table size can be returned from arch_find_switch_table(). Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/loongarch/special.c | 3 +- tools/objtool/arch/powerpc/special.c | 3 +- tools/objtool/arch/x86/special.c | 4 ++- tools/objtool/check.c | 31 +++++++++++++------- tools/objtool/include/objtool/check.h | 5 +++- tools/objtool/include/objtool/special.h | 3 +- 6 files changed, 33 insertions(+), 16 deletions(-) diff --git a/tools/objtool/arch/loongarch/special.c b/tools/objtool/arch/lo= ongarch/special.c index 9bba1e9318e0..87230ed570fd 100644 --- a/tools/objtool/arch/loongarch/special.c +++ b/tools/objtool/arch/loongarch/special.c @@ -9,7 +9,8 @@ bool arch_support_alt_relocation(struct special_alt *specia= l_alt, } =20 struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { return NULL; } diff --git a/tools/objtool/arch/powerpc/special.c b/tools/objtool/arch/powe= rpc/special.c index d33868147196..51610689abf7 100644 --- a/tools/objtool/arch/powerpc/special.c +++ b/tools/objtool/arch/powerpc/special.c @@ -13,7 +13,8 @@ bool arch_support_alt_relocation(struct special_alt *spec= ial_alt, } =20 struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { exit(-1); } diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/spec= ial.c index 415e4d035e53..f8fb67636384 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -109,7 +109,8 @@ bool arch_support_alt_relocation(struct special_alt *sp= ecial_alt, * NOTE: MITIGATION_RETPOLINE made it harder still to decode dynamic ju= mps. */ struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn) + struct instruction *insn, + unsigned long *table_size) { struct reloc *text_reloc, *rodata_reloc; struct section *table_sec; @@ -150,5 +151,6 @@ struct reloc *arch_find_switch_table(struct objtool_fil= e *file, if (!rodata_reloc) return NULL; =20 + *table_size =3D 0; return rodata_reloc; } diff --git a/tools/objtool/check.c b/tools/objtool/check.c index aa07fdf1cf13..b73e43b9b9e3 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -150,6 +150,15 @@ static inline struct reloc *insn_jump_table(struct ins= truction *insn) return NULL; } =20 +static inline unsigned long insn_jump_table_size(struct instruction *insn) +{ + if (insn->type =3D=3D INSN_JUMP_DYNAMIC || + insn->type =3D=3D INSN_CALL_DYNAMIC) + return insn->_jump_table_size; + + return 0; +} + static bool is_jump_table_jump(struct instruction *insn) { struct alt_group *alt_group =3D insn->alt_group; @@ -2099,6 +2108,7 @@ static int add_special_section_alts(struct objtool_fi= le *file) static int add_jump_table(struct objtool_file *file, struct instruction *i= nsn, struct reloc *next_table) { + unsigned long table_size =3D insn_jump_table_size(insn); struct symbol *pfunc =3D insn_func(insn)->pfunc; struct reloc *table =3D insn_jump_table(insn); unsigned int rtype =3D reloc_type(table); @@ -2116,6 +2126,8 @@ static int add_jump_table(struct objtool_file *file, = struct instruction *insn, unsigned long addend =3D reloc_addend(reloc); =20 /* Check for the end of the table: */ + if (table_size && reloc_offset(reloc) - reloc_offset(table) >=3D table_s= ize) + break; if (reloc !=3D table && reloc =3D=3D next_table) break; =20 @@ -2175,12 +2187,12 @@ static int add_jump_table(struct objtool_file *file= , struct instruction *insn, * find_jump_table() - Given a dynamic jump, find the switch jump table * associated with it. */ -static struct reloc *find_jump_table(struct objtool_file *file, - struct symbol *func, - struct instruction *insn) +static void find_jump_table(struct objtool_file *file, struct symbol *func, + struct instruction *insn) { struct reloc *table_reloc; struct instruction *dest_insn, *orig_insn =3D insn; + unsigned long table_size; =20 /* * Backward search using the @first_jump_src links, these help avoid @@ -2201,17 +2213,17 @@ static struct reloc *find_jump_table(struct objtool= _file *file, insn->jump_dest->offset > orig_insn->offset)) break; =20 - table_reloc =3D arch_find_switch_table(file, insn); + table_reloc =3D arch_find_switch_table(file, insn, &table_size); if (!table_reloc) continue; dest_insn =3D find_insn(file, table_reloc->sym->sec, reloc_addend(table_= reloc)); if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != =3D func) continue; =20 - return table_reloc; + orig_insn->_jump_table =3D table_reloc; + orig_insn->_jump_table_size =3D table_size; + break; } - - return NULL; } =20 /* @@ -2222,7 +2234,6 @@ static void mark_func_jump_tables(struct objtool_file= *file, struct symbol *func) { struct instruction *insn, *last =3D NULL; - struct reloc *reloc; =20 func_for_each_insn(file, func, insn) { if (!last) @@ -2245,9 +2256,7 @@ static void mark_func_jump_tables(struct objtool_file= *file, if (insn->type !=3D INSN_JUMP_DYNAMIC) continue; =20 - reloc =3D find_jump_table(file, func, insn); - if (reloc) - insn->_jump_table =3D reloc; + find_jump_table(file, func, insn); } } =20 diff --git a/tools/objtool/include/objtool/check.h b/tools/objtool/include/= objtool/check.h index daa46f1f0965..e1cd13cd28a3 100644 --- a/tools/objtool/include/objtool/check.h +++ b/tools/objtool/include/objtool/check.h @@ -71,7 +71,10 @@ struct instruction { struct instruction *first_jump_src; union { struct symbol *_call_dest; - struct reloc *_jump_table; + struct { + struct reloc *_jump_table; + unsigned long _jump_table_size; + }; }; struct alternative *alts; struct symbol *sym; diff --git a/tools/objtool/include/objtool/special.h b/tools/objtool/includ= e/objtool/special.h index 86d4af9c5aa9..e7ee7ffccefd 100644 --- a/tools/objtool/include/objtool/special.h +++ b/tools/objtool/include/objtool/special.h @@ -38,5 +38,6 @@ bool arch_support_alt_relocation(struct special_alt *spec= ial_alt, struct instruction *insn, struct reloc *reloc); struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn); + struct instruction *insn, + unsigned long *table_size); #endif /* _SPECIAL_H */ --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Wed Nov 27 07:48:01 2024 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63AE71C6F58 for ; Fri, 11 Oct 2024 17:09:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666557; cv=none; b=jHgI41yYlZj+8oikCobeW6h/H77pZjThu7dbt2wi1kU9LXWwGRe4NYqYKYT6+Ei7pN2HD/1mHR4DPHLe+sjdFzGVFhn70dDX9vb3rhxsbWnGrbalzz1AvZ1PvoCR6tEPk7+sjmRnJQGwf87H9Gs8TzSivDwahjvAyvlqfT7aOnc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666557; c=relaxed/simple; bh=0an784L5kpDmdK8mN18dKa6e13LcwOa+SLNxCEIV8x4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ano3HMD7t+5zoo5cFvowU2z9k+gle0dzUH8NtI+QUCbnwkPfpUMn43qio4wUjkdp6b+Q6FrMvphb0xVYb4O8gWpvxgu28aHJeNEH58NSyaDHlA3MLwv9NAnUN9e4Dl8blzGQC66zFfwPD6Fd93U6g7eP3kNz5CuZnn4xRrQPQoc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=s4WFxcMl; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="s4WFxcMl" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43058dce286so11757975e9.2 for ; Fri, 11 Oct 2024 10:09:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666552; x=1729271352; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=WkO7vfvBh/UE7nLoKyOKLo43oPVJ4Pq/WcQaO1W6Bnw=; b=s4WFxcMlArwxprN5ir0T6F0uVDBwRfqMRUlhWdd47nzXCXjb4o51HZQsbeajrsb8iM b4m3fFTyNQYAhxbP7WVWqMUBYkEoQjnRSLSN/0jrTfCFN6200fhSHmNnc/DHgtQO2Mif Ttc2m2AWJIX16cTDdVbttC9Tb6xKkWuRbMK8HHv06Y3uIBwdxZK6hcnYM+5Zl9Lt2gyA 6bd+lTQmuCrWJamYW2enzMQr9uYOzi6iO61HCPf2URY0WZ8+lepyQi8tgmCqwhQ62ZhN xRFZEF1nWuqnJQjB94TNYOKjpfhPAl8XH03D8JUy8VOp5WY1zwRFxXQLJyfnyP8QMR26 4Ncg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666552; x=1729271352; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WkO7vfvBh/UE7nLoKyOKLo43oPVJ4Pq/WcQaO1W6Bnw=; b=nkZMEEBWhqNGnhoRSbQj1o6Qw1u3jW1PD4M6LidENFhz0aLbK24D7gn3sHK2VBS7UW C99IDyesCNp2MI0rCD1j4GLHKvwNKSngTZdUP9EEli44RIfhnfHmJ+JdYs3ZeU1UaXp5 yCrvbDfUU9L43bFHfeiIRVMoVQL7YU6F2sNrbwXXzl5qbnvqHgJ/r2MLZ4iWB3HYZgZZ ZdHip36OKcsbLJcbYCh+7Pgcp5v6/5ZpvK7VkT2yM8s48I9o/wDstbuTKyaUNxL8sbNy j0KSk7KilhXIAGYKuts0z7n371R8+LyMjxjf3BxFg+oQ3FUklmxjrWZfOoejQpNsaIxx 8s2w== X-Gm-Message-State: AOJu0YxLTAVTRn0ay70H3cEzjegaxjwTCGaKgnqSge7qAUCawlmZQ5SA 9QjMBeswTU9gO3FtAmg9xj20FKeR9ehUMkZIVvOZp+O5BirbKw+3Fe9bDWYoN6/8/F8zJC2Xw8+ 9td9IUC9VaX0qu3gzIVSuxOIuYKh+PTgsrkraOM+H7cuNSdEFvUo//nibvWUTvKO8H0NarakyUb ibRwPlOzCM/zXwi6ZOXKd49Fs1QPwOBg== X-Google-Smtp-Source: AGHT+IFed+Jkm09W0qDIY/JP8fTr1qhYOY3doVvTKyQfexNDvmU8Qio0ZZDRztBB0SAbldwZsy30PHAh X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:600c:1c96:b0:42c:a8b5:c1b with SMTP id 5b1f17b1804b1-4311de86414mr276615e9.2.1728666551095; Fri, 11 Oct 2024 10:09:11 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:51 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3782; i=ardb@kernel.org; h=from:subject; bh=A2/RO6uk5klpid4u/+fW8dDiGa2vurlmiGxn2abwXOw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zesm2OynG/CefvNqzuP2B3f2Z556oucZEiLe5TWrVM c4UbnjcUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYy8Rwjw9964dRnPnNTMjNf xZ67JjnNas4TGxb2uVeiciP75zndvMvwz/bi+aiTD+/42b7psc+aa3V49Z5j2h/UKj5/OSr6N9j kBD8A X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-13-ardb+git@google.com> Subject: [PATCH v3 3/8] objtool: Make some helper functions globally accessible From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move some helpers around so they can be used from arch specific jump table code that is getting refactored in the next patch. Signed-off-by: Ard Biesheuvel --- tools/objtool/check.c | 22 ++++---------------- tools/objtool/include/objtool/check.h | 16 ++++++++++++++ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index b73e43b9b9e3..fbb05e973acc 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -61,8 +61,8 @@ struct instruction *next_insn_same_sec(struct objtool_fil= e *file, return insn; } =20 -static struct instruction *next_insn_same_func(struct objtool_file *file, - struct instruction *insn) +struct instruction *next_insn_same_func(struct objtool_file *file, + struct instruction *insn) { struct instruction *next =3D next_insn_same_sec(file, insn); struct symbol *func =3D insn_func(insn); @@ -93,8 +93,8 @@ static struct instruction *prev_insn_same_sec(struct objt= ool_file *file, return insn - 1; } =20 -static struct instruction *prev_insn_same_sym(struct objtool_file *file, - struct instruction *insn) +struct instruction *prev_insn_same_sym(struct objtool_file *file, + struct instruction *insn) { struct instruction *prev =3D prev_insn_same_sec(file, insn); =20 @@ -110,11 +110,6 @@ static struct instruction *prev_insn_same_sym(struct o= bjtool_file *file, for_each_sec(file, __sec) \ sec_for_each_insn(file, __sec, insn) =20 -#define func_for_each_insn(file, func, insn) \ - for (insn =3D find_insn(file, func->sec, func->offset); \ - insn; \ - insn =3D next_insn_same_func(file, insn)) - #define sym_for_each_insn(file, sym, insn) \ for (insn =3D find_insn(file, sym->sec, sym->offset); \ insn && insn->offset < sym->offset + sym->len; \ @@ -141,15 +136,6 @@ static inline struct symbol *insn_call_dest(struct ins= truction *insn) return insn->_call_dest; } =20 -static inline struct reloc *insn_jump_table(struct instruction *insn) -{ - if (insn->type =3D=3D INSN_JUMP_DYNAMIC || - insn->type =3D=3D INSN_CALL_DYNAMIC) - return insn->_jump_table; - - return NULL; -} - static inline unsigned long insn_jump_table_size(struct instruction *insn) { if (insn->type =3D=3D INSN_JUMP_DYNAMIC || diff --git a/tools/objtool/include/objtool/check.h b/tools/objtool/include/= objtool/check.h index e1cd13cd28a3..e2f755484c4a 100644 --- a/tools/objtool/include/objtool/check.h +++ b/tools/objtool/include/objtool/check.h @@ -114,14 +114,30 @@ static inline bool is_jump(struct instruction *insn) return is_static_jump(insn) || is_dynamic_jump(insn); } =20 +static inline struct reloc *insn_jump_table(struct instruction *insn) +{ + if (insn->type =3D=3D INSN_JUMP_DYNAMIC || + insn->type =3D=3D INSN_CALL_DYNAMIC) + return insn->_jump_table; + + return NULL; +} + struct instruction *find_insn(struct objtool_file *file, struct section *sec, unsigned long offset); =20 +struct instruction *prev_insn_same_sym(struct objtool_file *file, struct i= nstruction *insn); struct instruction *next_insn_same_sec(struct objtool_file *file, struct i= nstruction *insn); +struct instruction *next_insn_same_func(struct objtool_file *file, struct = instruction *insn); =20 #define sec_for_each_insn(file, _sec, insn) \ for (insn =3D find_insn(file, _sec, 0); \ insn && insn->sec =3D=3D _sec; \ insn =3D next_insn_same_sec(file, insn)) =20 +#define func_for_each_insn(file, func, insn) \ + for (insn =3D find_insn(file, func->sec, func->offset); \ + insn; \ + insn =3D next_insn_same_func(file, insn)) + #endif /* _CHECK_H */ --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Wed Nov 27 07:48:01 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 391261C9B7C for ; Fri, 11 Oct 2024 17:09:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666557; cv=none; b=bMWh0R7ePV7+AJe2RL8uyY8RToVJ/Ld0PNiQidgT+faMjhjtrCFNAA5G7ZF2ZuIPYQ/7AFc+CHzAaz+TeJk+k/6ybvQSepW87ovWJMjY0ifQUrI3z8sdIpQWa4t7vML8xpmXnCeR7sMFsyBQuVipGWCaaD4v6EYxLQl4zNbogoI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666557; c=relaxed/simple; bh=sRBC3imC2fsNC2651TKH0KS++dKocaTpJWGS92trpJI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=npiud1vsCPA8+Ae1vMqp8JM3VFI+mJxW/Wv2zwZ+VTwx8GptuayMJ3w4BZziyI6mh2AjTHQqe6mneC0+52rWWBeCHS8V/szr/cl5TpFVZylgs6Jt8V3M+sJHwaym4vwwPdFOWH2eyHkxJ/HAFfyv9fXG4S29NfYh/4zBJ1NSnbQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=uSOi1Eyo; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uSOi1Eyo" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6e1fbe2a6b1so40448587b3.2 for ; Fri, 11 Oct 2024 10:09:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666554; x=1729271354; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5NFjU8MWypV/vmYVD9Z8mN2L/hjHRNn6Cg6IdwFQVZM=; b=uSOi1EyooFA6gjHawXWVqci9Bykcixp/hd/8E8yf4qkif4inwH/yokm4/itPW1NNgy qT9NkcV2jPLvwTUVQ6o1hXfB/ugtb3hwNs7GjpLNbabP6qvou7p6AlRu41w+2UQaSQ5K CjvCO8dibaLYnxFHI3MoNbn900Agf5091GfNTy0E4Ehu5MFDG/tVh2pZfTM3fCfFz2Ft qC8YfjwkWLyoPet7IFsRJd15yXRfRFoS09M+AWrhfXbXZcwdpHBQW3H+qNEZOctgBq+E Oc114aJ9nVeDP5sjmDQj1gvEGzJ63arVHYTK9kBju/i5my4V2GwjhBJJn9KHV26dZJ5W FY7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666554; x=1729271354; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5NFjU8MWypV/vmYVD9Z8mN2L/hjHRNn6Cg6IdwFQVZM=; b=XtZWrbpXo4ddKFmYfH4jbGkuJmsJw6JbribwiKNAjpCh8yxH2fS3anXfIsAJaD8F18 xtZZbHqfHiDbD/2pMXx36hGNqR3+tYKhxg2GRn9P+pEKvdKEClP/FggBv/gec4+OCIh+ rGH0tffe5EaXS2NW5WmVOTM6ifassEWjkO9CFr+khpqIx7+eEC5r4rpOnu/r74q1l1oZ Ru6e1qrYuWYc1MXQlGscH9KZeatfO9MQ3nyJ9599eWn8r2dIh2hFoatDe45jowTwDQT9 u6RQjEl1WvpkMh8oHA8RqczVRpBMfEOZMPLhvznPoDt9Z4awuVBlIXHAJzqS34G8owYb eT8A== X-Gm-Message-State: AOJu0YzvmXLsGzIRnF6k7fQUUZbm5JTUc30lhu7FkamdC417oCHTeMXC W8irNjIHKBtOeaGZw1y3NpnMNRZHhZCPy2/GoHS7wqTmCl8SBRDTEhImoGGkDhEKrJjmBeNLfpA 37ENEDpkiciMPKM2NIVtdTrnbTYGhYAL1iCEWd9u2MlRtpKD7xHxuauebQ4QzO5xdxz6FvyYQEb 2zG575BgaKtt6JeRAcxi6iQ00BYN2fNA== X-Google-Smtp-Source: AGHT+IGMNagPLd2f5e3cks8tlI/NbU5Eiyxm0UEjGwCJmB1Pvx62gpt8GDgIRWCX+baPrvA1I2aArE9A X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:690c:5048:b0:6db:bd8f:2c59 with SMTP id 00721157ae682-6e347b3aa77mr657047b3.4.1728666553837; Fri, 11 Oct 2024 10:09:13 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:52 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=10349; i=ardb@kernel.org; h=from:subject; bh=Ubt7RQjuRDIfCARVycqrXHI/7Y7hGzCx+rj5JuA2brA=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zemnHHr2KoxPDrWaG8jOvEHNbtmqutkHemsRvq+fMK TE41jWjo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEyku5zhf8LMnDCH1BctSt81 m+5cDbr5KerLtMDgrU32/x4zLv9pWs3IsK/V6oTzsQ/P/+/V7FUU+mq3Skz3cuI6ZgO+fEnha5l PGQE= X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-14-ardb+git@google.com> Subject: [PATCH v3 4/8] objtool: Move jump table heuristics to a x86 specific source file From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel In preparation for implementing support for the use of compiler emitted jump table annotations, move the existing code out of the generic sources. This will permit a clean separation between the two approaches, where the old one will not be wired up for architectures other than x86. Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/loongarch/special.c | 7 -- tools/objtool/arch/powerpc/special.c | 7 -- tools/objtool/arch/x86/special.c | 114 +++++++++++++++++++- tools/objtool/check.c | 112 +------------------ tools/objtool/include/objtool/special.h | 9 +- 5 files changed, 122 insertions(+), 127 deletions(-) diff --git a/tools/objtool/arch/loongarch/special.c b/tools/objtool/arch/lo= ongarch/special.c index 87230ed570fd..acf3a391a2f9 100644 --- a/tools/objtool/arch/loongarch/special.c +++ b/tools/objtool/arch/loongarch/special.c @@ -7,10 +7,3 @@ bool arch_support_alt_relocation(struct special_alt *speci= al_alt, { return false; } - -struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn, - unsigned long *table_size) -{ - return NULL; -} diff --git a/tools/objtool/arch/powerpc/special.c b/tools/objtool/arch/powe= rpc/special.c index 51610689abf7..3a108437cfa6 100644 --- a/tools/objtool/arch/powerpc/special.c +++ b/tools/objtool/arch/powerpc/special.c @@ -11,10 +11,3 @@ bool arch_support_alt_relocation(struct special_alt *spe= cial_alt, { exit(-1); } - -struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn, - unsigned long *table_size) -{ - exit(-1); -} diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/spec= ial.c index f8fb67636384..cd964b85e2b1 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -108,9 +108,9 @@ bool arch_support_alt_relocation(struct special_alt *sp= ecial_alt, * * NOTE: MITIGATION_RETPOLINE made it harder still to decode dynamic ju= mps. */ -struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn, - unsigned long *table_size) +static struct reloc *find_switch_table(struct objtool_file *file, + struct instruction *insn, + unsigned long *table_size) { struct reloc *text_reloc, *rodata_reloc; struct section *table_sec; @@ -154,3 +154,111 @@ struct reloc *arch_find_switch_table(struct objtool_f= ile *file, *table_size =3D 0; return rodata_reloc; } + +/* + * find_jump_table() - Given a dynamic jump, find the switch jump table + * associated with it. + */ +static void find_jump_table(struct objtool_file *file, + struct symbol *func, + struct instruction *insn) +{ + struct reloc *table_reloc; + struct instruction *dest_insn, *orig_insn =3D insn; + unsigned long table_size; + + /* + * Backward search using the @first_jump_src links, these help avoid + * much of the 'in between' code. Which avoids us getting confused by + * it. + */ + for (; + insn && insn_func(insn) && insn_func(insn)->pfunc =3D=3D func; + insn =3D insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { + + if (insn !=3D orig_insn && insn->type =3D=3D INSN_JUMP_DYNAMIC) + break; + + /* allow small jumps within the range */ + if (insn->type =3D=3D INSN_JUMP_UNCONDITIONAL && + insn->jump_dest && + (insn->jump_dest->offset <=3D insn->offset || + insn->jump_dest->offset > orig_insn->offset)) + break; + + table_reloc =3D find_switch_table(file, insn, &table_size); + if (!table_reloc) + continue; + dest_insn =3D find_insn(file, table_reloc->sym->sec, reloc_addend(table_= reloc)); + if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != =3D func) + continue; + + orig_insn->_jump_table =3D table_reloc; + orig_insn->_jump_table_size =3D table_size; + break; + } +} + +/* + * First pass: Mark the head of each jump table so that in the next pass, + * we know when a given jump table ends and the next one starts. + */ +static void mark_func_jump_tables(struct objtool_file *file, + struct symbol *func) +{ + struct instruction *insn, *last =3D NULL; + + func_for_each_insn(file, func, insn) { + if (!last) + last =3D insn; + + /* + * Store back-pointers for unconditional forward jumps such + * that find_jump_table() can back-track using those and + * avoid some potentially confusing code. + */ + if (insn->type =3D=3D INSN_JUMP_UNCONDITIONAL && insn->jump_dest && + insn->offset > last->offset && + insn->jump_dest->offset > insn->offset && + !insn->jump_dest->first_jump_src) { + + insn->jump_dest->first_jump_src =3D insn; + last =3D insn->jump_dest; + } + + if (insn->type =3D=3D INSN_JUMP_DYNAMIC) + find_jump_table(file, func, insn); + } +} + +int add_func_jump_tables(struct objtool_file *file, + struct symbol *func) +{ + struct instruction *insn, *insn_t1 =3D NULL, *insn_t2; + int ret =3D 0; + + mark_func_jump_tables(file, func); + + func_for_each_insn(file, func, insn) { + if (!insn_jump_table(insn)) + continue; + + if (!insn_t1) { + insn_t1 =3D insn; + continue; + } + + insn_t2 =3D insn; + + ret =3D add_jump_table(file, insn_t1, insn_jump_table(insn_t2)); + if (ret) + return ret; + + insn_t1 =3D insn_t2; + } + + if (insn_t1) + ret =3D add_jump_table(file, insn_t1, NULL); + + return ret; +} diff --git a/tools/objtool/check.c b/tools/objtool/check.c index fbb05e973acc..389475dde47c 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -2091,8 +2091,8 @@ static int add_special_section_alts(struct objtool_fi= le *file) return ret; } =20 -static int add_jump_table(struct objtool_file *file, struct instruction *i= nsn, - struct reloc *next_table) +int add_jump_table(struct objtool_file *file, struct instruction *insn, + struct reloc *next_table) { unsigned long table_size =3D insn_jump_table_size(insn); struct symbol *pfunc =3D insn_func(insn)->pfunc; @@ -2169,111 +2169,10 @@ static int add_jump_table(struct objtool_file *fil= e, struct instruction *insn, return 0; } =20 -/* - * find_jump_table() - Given a dynamic jump, find the switch jump table - * associated with it. - */ -static void find_jump_table(struct objtool_file *file, struct symbol *func, - struct instruction *insn) +int __weak add_func_jump_tables(struct objtool_file *file, + struct symbol *func) { - struct reloc *table_reloc; - struct instruction *dest_insn, *orig_insn =3D insn; - unsigned long table_size; - - /* - * Backward search using the @first_jump_src links, these help avoid - * much of the 'in between' code. Which avoids us getting confused by - * it. - */ - for (; - insn && insn_func(insn) && insn_func(insn)->pfunc =3D=3D func; - insn =3D insn->first_jump_src ?: prev_insn_same_sym(file, insn)) { - - if (insn !=3D orig_insn && insn->type =3D=3D INSN_JUMP_DYNAMIC) - break; - - /* allow small jumps within the range */ - if (insn->type =3D=3D INSN_JUMP_UNCONDITIONAL && - insn->jump_dest && - (insn->jump_dest->offset <=3D insn->offset || - insn->jump_dest->offset > orig_insn->offset)) - break; - - table_reloc =3D arch_find_switch_table(file, insn, &table_size); - if (!table_reloc) - continue; - dest_insn =3D find_insn(file, table_reloc->sym->sec, reloc_addend(table_= reloc)); - if (!dest_insn || !insn_func(dest_insn) || insn_func(dest_insn)->pfunc != =3D func) - continue; - - orig_insn->_jump_table =3D table_reloc; - orig_insn->_jump_table_size =3D table_size; - break; - } -} - -/* - * First pass: Mark the head of each jump table so that in the next pass, - * we know when a given jump table ends and the next one starts. - */ -static void mark_func_jump_tables(struct objtool_file *file, - struct symbol *func) -{ - struct instruction *insn, *last =3D NULL; - - func_for_each_insn(file, func, insn) { - if (!last) - last =3D insn; - - /* - * Store back-pointers for unconditional forward jumps such - * that find_jump_table() can back-track using those and - * avoid some potentially confusing code. - */ - if (insn->type =3D=3D INSN_JUMP_UNCONDITIONAL && insn->jump_dest && - insn->offset > last->offset && - insn->jump_dest->offset > insn->offset && - !insn->jump_dest->first_jump_src) { - - insn->jump_dest->first_jump_src =3D insn; - last =3D insn->jump_dest; - } - - if (insn->type !=3D INSN_JUMP_DYNAMIC) - continue; - - find_jump_table(file, func, insn); - } -} - -static int add_func_jump_tables(struct objtool_file *file, - struct symbol *func) -{ - struct instruction *insn, *insn_t1 =3D NULL, *insn_t2; - int ret =3D 0; - - func_for_each_insn(file, func, insn) { - if (!insn_jump_table(insn)) - continue; - - if (!insn_t1) { - insn_t1 =3D insn; - continue; - } - - insn_t2 =3D insn; - - ret =3D add_jump_table(file, insn_t1, insn_jump_table(insn_t2)); - if (ret) - return ret; - - insn_t1 =3D insn_t2; - } - - if (insn_t1) - ret =3D add_jump_table(file, insn_t1, NULL); - - return ret; + return 0; } =20 /* @@ -2293,7 +2192,6 @@ static int add_jump_table_alts(struct objtool_file *f= ile) if (func->type !=3D STT_FUNC) continue; =20 - mark_func_jump_tables(file, func); ret =3D add_func_jump_tables(file, func); if (ret) return ret; diff --git a/tools/objtool/include/objtool/special.h b/tools/objtool/includ= e/objtool/special.h index e7ee7ffccefd..019b511eca6e 100644 --- a/tools/objtool/include/objtool/special.h +++ b/tools/objtool/include/objtool/special.h @@ -37,7 +37,10 @@ void arch_handle_alternative(unsigned short feature, str= uct special_alt *alt); bool arch_support_alt_relocation(struct special_alt *special_alt, struct instruction *insn, struct reloc *reloc); -struct reloc *arch_find_switch_table(struct objtool_file *file, - struct instruction *insn, - unsigned long *table_size); + +int add_func_jump_tables(struct objtool_file *file, struct symbol *func); + +int add_jump_table(struct objtool_file *file, struct instruction *insn, + struct reloc *next_table); + #endif /* _SPECIAL_H */ --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Wed Nov 27 07:48:02 2024 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 21DCF1C68BE for ; Fri, 11 Oct 2024 17:09:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666558; cv=none; b=FBW6OlEP2S41mZM/q7hzDXlpEvQ/xuVrMHk+C2RksV8RQv3KxBbCUon/8Toi4e0b/h8rdWGAYox+e9aeXVWBVjg3DGeoxHiDP8S7aJz6Gqdrifw4Rc1mHya3gHAeB/Segry1gKw6mdLe6OmLNpqggw8pTDz2fjvAOr6c06czkC4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666558; c=relaxed/simple; bh=sAeCweVaF++1xPImV9kFPIzONcEieIfdQoCU4nI32ZM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=cIE+RoDwnqIALmq3s7UU6UNA5KSxADr25EAiIep3SC/Vb0cjTJ7N5H9EYpX9D3AWVXIi//iVyxJUNyA7+UEYSX2Qnm3f+BSH38O9v4xEhhQgSaVk5phGdWvhA/AIeXdhal4nwiW3Xbn3F6Bo4jxj7PZ4uG2szwmg8O8fy7Eb65I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ubrs4Hq2; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ubrs4Hq2" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e347b1e29dso14573327b3.0 for ; Fri, 11 Oct 2024 10:09:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666556; x=1729271356; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=tkyFy75UvalNrKBAT+vGmyHx9oLFSJKfRi17QpMpSIY=; b=ubrs4Hq22sL0CeNjkrYSUGpWEWqjBdPyccWJxkRo55hazWY6aQjm94wIZOHwPwBkPj BszVaqeprZbYwjWnKTky7VNRZfsHohHmRoOh4zUr1BsYY5g+IG5GN6MNsrlyHFdBBGkn 4ESYDuQN4l9qoKj9/n2ZBsUTB5aXW2lLgosTz+MKF7xMIOHhgJLD0mvuV+H6OecZzhr9 km/oUyxuyBdy3572TGTxxUrpDnzRlH6WE7bh1llSV+Nq331Pr7A/MguHlp06YY2kbXeK tTb+lJWNOqL95N5ebUnVd9drk+qbECgJHPVNfe6S25XusNWNw3gEZC6XFIJBqGJXdwda iz6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666556; x=1729271356; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tkyFy75UvalNrKBAT+vGmyHx9oLFSJKfRi17QpMpSIY=; b=KkxvcwuTa8myTRQ9kyjsFjpVtvDC0wkY+x1aZg0sz/Ees1OlL75uD3W6OQUW4fEZU4 1rdFvA75crZaEyhCUOZO50Yw8rMkuS0x7BeXMcx6F2krfOM1oUoI65rIMxH5H3YOEYHf m5/Eos24NFuJaRrHs2+Oq9usX8Y08j8DQmiZWY0efQTwDAa9B+K1Dhy8VDlgPSt6Pnis YlWF/DtxN+e1/PwQEH4AdSGqBjchTpDwPCSClHEimjEOgE8eWKRv5BOI4Fjd5sVDUs/p frMDKr4hCrN4/EmtgxDZ1mDgrpW/pplbcACP//BqzrMP86/rNecc+3J1Fm261oYHdixZ lyYw== X-Gm-Message-State: AOJu0YxHSW7lCJWHLrJWkBRlApZJcHNXTyasvCvUl1sJUmuznXY8ZWKf ejyRE0f8r1nTbJiLSmxu/lEzk5Oy0oI4vHZQRLfnPF5y8Ncvlr8y08apgCWGO4Q73R+dAHPxMT/ 9AV1Yj4xotVrBzRvcOKboMJZYs4qPtSnB/Zrp/bDfjaV+z2gpmNCo5YcUg35gC2XYKLS3sM3bjz Gzw9wrCPmnhSLDOm0CimYWu4Srzortww== X-Google-Smtp-Source: AGHT+IG8uyTeSXYrP2xbYDgV1i6m+IIf5hhHRlJp4OnDNqMleSdN0I9pfGlD5rZwlLnRFzNchILK3KTJ X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:690c:2e01:b0:6dd:fda3:6568 with SMTP id 00721157ae682-6e347b36782mr258307b3.3.1728666556111; Fri, 11 Oct 2024 10:09:16 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:53 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=7204; i=ardb@kernel.org; h=from:subject; bh=gMBS2qjTsD8TMc2JpqTm0UjfHcu7H8Q7pFD2ywB6NtE=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zevm59bWM+taeTtUnFd+8kE8slUlWup/d9WzJm8u1R 0TuHcvsKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNZFc7wP/hEvt/0VkWLiV+k /TlDwo0Yp6ZNLDw3ndm25V+cllivHiPDtZwqc5PY5VPdi48k9an47rLmOcLw181DRpn7DAevpCQ zAA== X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-15-ardb+git@google.com> Subject: [PATCH v3 5/8] objtool: Add generic support for jump table annotations From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Refactor the jump table handling code so that a generic code path is provided that can identify jump tables attached to indirect jumps based only on compiler provided annotations. This will be used by non-x86 architectures which do not support jump tables at all at this point. Refactor the x86 code to share the logic that follows relocations on instructions into the .rodata section and finds the associated symbols. Signed-off-by: Ard Biesheuvel --- tools/objtool/arch/x86/special.c | 46 ++++------ tools/objtool/check.c | 88 +++++++++++++++++++- tools/objtool/include/objtool/check.h | 4 + 3 files changed, 106 insertions(+), 32 deletions(-) diff --git a/tools/objtool/arch/x86/special.c b/tools/objtool/arch/x86/spec= ial.c index cd964b85e2b1..08a5ce662974 100644 --- a/tools/objtool/arch/x86/special.c +++ b/tools/objtool/arch/x86/special.c @@ -112,46 +112,34 @@ static struct reloc *find_switch_table(struct objtool= _file *file, struct instruction *insn, unsigned long *table_size) { - struct reloc *text_reloc, *rodata_reloc; - struct section *table_sec; - unsigned long table_offset; - - /* look for a relocation which references .rodata */ - text_reloc =3D find_reloc_by_dest_range(file->elf, insn->sec, - insn->offset, insn->len); - if (!text_reloc || text_reloc->sym->type !=3D STT_SECTION || - !text_reloc->sym->sec->rodata) - return NULL; - - table_offset =3D reloc_addend(text_reloc); - table_sec =3D text_reloc->sym->sec; + struct reloc *rodata_reloc; + struct symbol *sym =3D NULL; =20 - if (reloc_type(text_reloc) =3D=3D R_X86_64_PC32) - table_offset +=3D 4; + /* + * Each table entry has a rela associated with it. The rela + * should reference text in the same function as the original + * instruction. + */ + rodata_reloc =3D find_rodata_sym_reference(file, insn, &sym); =20 /* - * Make sure the .rodata address isn't associated with a - * symbol. GCC jump tables are anonymous data. + * Annotations, if present, are attached to the indirect jump + * instruction directly. In this case, a symbol annotation is + * expected. + * + * Otherwise, make sure the .rodata address isn't associated with + * a symbol. Unannotated GCC jump tables are anonymous data. * * Also support C jump tables which are in the same format as * switch jump tables. For objtool to recognize them, they * need to be placed in the C_JUMP_TABLE_SECTION section. They * have symbols associated with them. */ - if (find_symbol_containing(table_sec, table_offset) && - strcmp(table_sec->name, C_JUMP_TABLE_SECTION)) - return NULL; - - /* - * Each table entry has a rela associated with it. The rela - * should reference text in the same function as the original - * instruction. - */ - rodata_reloc =3D find_reloc_by_dest(file->elf, table_sec, table_offset); - if (!rodata_reloc) + if (insn->type !=3D INSN_JUMP_DYNAMIC && sym && + strcmp(sym->sec->name, C_JUMP_TABLE_SECTION)) return NULL; =20 - *table_size =3D 0; + *table_size =3D sym ? sym->len : 0; return rodata_reloc; } =20 diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 389475dde47c..b923d4a4efcb 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1372,6 +1372,8 @@ __weak const char *arch_nop_fentry_call(int len) =20 static struct reloc *insn_reloc(struct objtool_file *file, struct instruct= ion *insn) { + unsigned long offset =3D insn->offset; + unsigned int len =3D insn->len; struct reloc *reloc; =20 if (insn->no_reloc) @@ -1380,8 +1382,12 @@ static struct reloc *insn_reloc(struct objtool_file = *file, struct instruction *i if (!file) return NULL; =20 - reloc =3D find_reloc_by_dest_range(file->elf, insn->sec, - insn->offset, insn->len); + do { + /* Skip any R_*_NONE relocations */ + reloc =3D find_reloc_by_dest_range(file->elf, insn->sec, + offset++, len--); + } while (len && reloc && reloc_type(reloc) =3D=3D R_NONE); + if (!reloc) { insn->no_reloc =3D 1; return NULL; @@ -2169,10 +2175,86 @@ int add_jump_table(struct objtool_file *file, struc= t instruction *insn, return 0; } =20 +struct reloc *find_rodata_sym_reference(struct objtool_file *file, + struct instruction *insn, + struct symbol **table_sym) +{ + struct reloc *text_reloc, *rodata_reloc; + unsigned long addend; + struct symbol *sym; + + /* + * Look for a relocation which references .rodata. We must use + * find_reloc_by_dest_range() directly here, as insn_reloc() filters + * out R_*_NONE relocations which are used for jump table annotations. + */ + text_reloc =3D find_reloc_by_dest_range(file->elf, insn->sec, + insn->offset, insn->len); + if (!text_reloc) { + insn->no_reloc =3D 1; + return NULL; + } + + sym =3D text_reloc->sym; + if (!sym->sec->rodata) + return NULL; + + if (reloc_type(text_reloc) =3D=3D elf_data_rela_type(file->elf)) + addend =3D arch_dest_reloc_offset(reloc_addend(text_reloc)); + else + addend =3D reloc_addend(text_reloc); + + rodata_reloc =3D find_reloc_by_dest(file->elf, sym->sec, + sym->offset + addend); + if (!rodata_reloc) + return NULL; + + /* + * Find the ELF symbol covering the destination of the relocation. This + * is trivial if the reloc refers to a STT_OBJECT directly, but it may + * have been emitted as section relative as well. + */ + if (sym->type =3D=3D STT_SECTION) + sym =3D find_symbol_containing(sym->sec, addend); + + *table_sym =3D sym; + return rodata_reloc; +} + +/* + * Generic version of jump table handling, relying strictly on annotations + * provided by the compiler. Overridden for x86 using heuristics that atte= mpt + * to correlate indirect jump instructions with preceding .rodata referenc= es. + */ int __weak add_func_jump_tables(struct objtool_file *file, struct symbol *func) { - return 0; + struct instruction *insn; + int ret =3D 0; + + func_for_each_insn(file, func, insn) { + struct reloc *reloc; + struct symbol *sym; + + if (insn->type !=3D INSN_JUMP_DYNAMIC) + continue; + + /* + * Look for a relocation attached to this indirect jump that + * references an ELF object in .rodata. This should be the jump + * table annotation emitted by the compiler. + */ + reloc =3D find_rodata_sym_reference(file, insn, &sym); + if (reloc && sym && sym->len) { + insn->_jump_table =3D reloc; + insn->_jump_table_size =3D sym->len; + + ret =3D add_jump_table(file, insn, NULL); + if (ret) + break; + } + } + return ret; } =20 /* diff --git a/tools/objtool/include/objtool/check.h b/tools/objtool/include/= objtool/check.h index e2f755484c4a..7781100c9340 100644 --- a/tools/objtool/include/objtool/check.h +++ b/tools/objtool/include/objtool/check.h @@ -140,4 +140,8 @@ struct instruction *next_insn_same_func(struct objtool_= file *file, struct instru insn; \ insn =3D next_insn_same_func(file, insn)) =20 +struct reloc *find_rodata_sym_reference(struct objtool_file *file, + struct instruction *insn, + struct symbol **sym); + #endif /* _CHECK_H */ --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Wed Nov 27 07:48:02 2024 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE2011CF29E for ; Fri, 11 Oct 2024 17:09:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666561; cv=none; b=Hl3mnrof1jOEJ/Cw3T8pHf7scFqFgfgLNP1bMJxWf4mIYN9dzfL3lu3PYKhZBDtXc3jbjLdwc6lnYEqdNg/dNHoHuEQJUGRfaLpcYF7EQPlpGG/VKTDlXLC1qrGZuDaO6zackpb4WQozQQssZrVpw5SfLjKX9nc2/n1mV1uGQNw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666561; c=relaxed/simple; bh=Je70niWxlsrHVgag6J/kzDZ6SflRUbpCOeNQjbweCs8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=gjVIizUDLafDbJKMfG+gLOqDTWTLfW5X1QI58bq1frzfrOcnTfIilulHAxjJw0RruQgf6fEj9H4C9KSw1Mp4Kv7ipIi5AUlACEewnQMeOaHARbJvJIkUHDZK6meufzcRoHuIPlDABdnPi8uMTLKKqSnOr4C6K2tuqFgnDovf0wo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mzfnNnwH; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mzfnNnwH" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e28fea2adb6so2681155276.3 for ; Fri, 11 Oct 2024 10:09:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666559; x=1729271359; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2msbXnFeBvXSlHbQOfDHqTuvhI8e8tpl7Wq7z97LNd0=; b=mzfnNnwHaxDnfkX5ZxIdisNTJyi+NDR1XopfwMtbs7Sxj09jCi1azBj7e4fVEI0xTQ T7yg+RvgHotT4CQDCP2Y8bQa8MnSf7TCtJV9iD4lC1U+oINAe8W+kYSpxAp605A+eE41 2MX38vZHArTVuKAK/kieNb6mcgKyS+greqrmEjoOYx9sFB698WkyOT94gswjZG0fd1JU f6wMkMmxotCyAj0bXm/edYVl85J6w/klRXt0RMxeKGnPu+LGNnzNMOD2V+hg1Ot8zS9p gAfFetdvaO4hKBFneRJU/iZYtexL6SL+JVGHIKWPn5H+GOH+pJZ91AZmAkJIO7CKQpoI v+0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666559; x=1729271359; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2msbXnFeBvXSlHbQOfDHqTuvhI8e8tpl7Wq7z97LNd0=; b=YXkeedfrWDTiZtIGkoI/nNTl5u9DncUEEdNcTfGQsOBHcQHQIWsJejNctXkzVTiTZn LWD94CI517OzjV7QQUaTE+NSsKdsoRzZ2itacGPhmlEeIqykLYr0khMeUntsG//niPkh b8GRnPCk9aFuJCdP8ee65SojmATt8C/pq2tCBGH6huSrXDADCaCvWWGTld4fkg3XdB61 rxKKeqKytQIKeWzWKge1ECQmSJw/z9HYRuDgPkBhvMdm4FckAcGAommjQHrELpIZ1X7i 6JW2eqIHXFhBD3C4GbcQl9vQxHMtMpYT2sYqD2N9EdfhkOuTBLkZamZxK/rcnLNzbN2J nK9w== X-Gm-Message-State: AOJu0YxHyLB4ku+D7v2vOwvWn7+DCccJf7dZ0skvH9/yko/6KmNd/Xyv 4Sm1sHYvwrmXDFjNIXlcPeDU0ByL1JbD+ePOX8MJ58nD4RC3tLgH9mvMnX53iWzyL9lPEmdTHrD IarPSA5YsCuaBV5P4CyvR1JMMavjVeoyih15DvFMdt0O4jLbP/9/Yjzwqm/P1Edy8x4wlVzG61n Cbgl/sYCydjKwPypV8ifBq8fLsx1WKLA== X-Google-Smtp-Source: AGHT+IENvAkwhnL9xlh8jftp93Hwt0IxXAkKRHhznXl4M3FYlzwM5kPXAaj0d7TOhJKUCzOqrr+HUbBx X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a25:8050:0:b0:e11:584c:76e2 with SMTP id 3f1490d57ef6-e2919d82cf4mr6763276.2.1728666558271; Fri, 11 Oct 2024 10:09:18 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:54 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1552; i=ardb@kernel.org; h=from:subject; bh=gpTsTI/SBCSlqxjQQW/Apkngf1lwQqJWx5rnk4mqsKs=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zesVLQ/4ILm0m3gzzi8t+H5uyXLmzrXVBp+fyFyIi2 5hyBSs6SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwETOZDIydBzYErU8dkXsl0N1 UzvNQll2yxz6sciz7Knz2Rmny7UkqhkZpi2fGtp7k5eFx1K/hIlvhupTrt8fQjr+SSl//VjDsM2 dBwA= X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-16-ardb+git@google.com> Subject: [PATCH v3 6/8] crypto: x86/crc32c - Use idiomatic relative jump table From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The original crc32c code used a place-relative jump table but with a slightly awkward use of two separate symbols. To help objtool, this was replaced with a bog-standard position dependent jump table call, which was subsequently tweaked to use a RIP-relative reference to the table, but still populate it with absolute 64-bit references. Given that objtool will need to be taught about the jump table idiom that compilers use when running with -fpie enabled, let's update the jump table in the crc32c code once again to use this standard idiom, where the jump table carries 32-bit references relative to the start of the table, and the destination address can be obtained by adding the two. Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/cr= c32c-pcl-intel-asm_64.S index bbcff1fb78cb..45b005935194 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -53,7 +53,7 @@ .endm =20 .macro JMPTBL_ENTRY i -.quad .Lcrc_\i +.long .Lcrc_\i - jump_table .endm =20 .macro JNC_LESS_THAN j @@ -169,7 +169,8 @@ SYM_FUNC_START(crc_pcl) =20 ## branch into array leaq jump_table(%rip), %bufp - mov (%bufp,%rax,8), %bufp + movslq (%bufp,%rax,4), len + addq len, %bufp JMP_NOSPEC bufp =20 ################################################################ --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Wed Nov 27 07:48:02 2024 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44C831CF7C6 for ; Fri, 11 Oct 2024 17:09:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666563; cv=none; b=VuhsCXJBrJcYYylJlCE7ye2Y1a91/JurCaENsMs5BvB06S+jpy96M6eWG1mTyvPYi/lE8ospcegvV7+pc8VoaW+4vMBUhCfEi5zJL8fp8eZbd7/tiuvY4itbjya36H7j/FPhnzeAIwkkU5UGPzVv3iO07MS9kPUx5QoGHkWl9JM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666563; c=relaxed/simple; bh=2PjQVk510tcbfgZib7AgPxWnnYDh0QAwPChoXMnvxLk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=rz/OY2c79yAFBFWIkQm70/I+pHUscuvJzSLQH6ioqYJqSv1s8TSd9WCLe43sUnyOeUcREB8WNfTbtkB98OH6E3RwWbaY9Gy3CrlSsNu9QhqcwqiUv1cU1Kw9QfVt9poq1FP31O2IkivF6OMOgImbZOLo8lyRjRyhwFK5QFm3nQc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0pU1pj/n; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0pU1pj/n" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e24a31ad88aso2842515276.1 for ; Fri, 11 Oct 2024 10:09:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666561; x=1729271361; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=EqKDRpMnKUFDCBzPjda6uGGHQMDnCKHOVUyUzH1aSkY=; b=0pU1pj/nOtxR1b9qf2oydny5YZiBFCdQo/bvL3t88g7ESgUDmCE/fsPperThBrJ2zo gG2YBaNw3RhQJvX6ZisFZaTh0Ww2aEWf92dNWu6JraqfmQrzY1V7+izF5f/r7ZaoNv09 m80IuAaZqqmBMZp1kts535w08WCVKnd27Eupw58j7n29ULi2lwzuzIuLGudfC5IKqPt0 MD3N6QW/Kaes6pAWRSry8svpJi4+qXUqkN7kCwOLPHFIwTEaDXpu6Pf4mMeiiysRPHyn COZWh6+3/x5gSijXPABL+JM5ZtmVKtI/icuaD/vujC2UYo0FYpSR8S+pxHjzdpvhl9g1 Q9Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666561; x=1729271361; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=EqKDRpMnKUFDCBzPjda6uGGHQMDnCKHOVUyUzH1aSkY=; b=WAkDKYp8Glyzi8UXcFekyPG3d7mtBWaGAg3+1hxh4NkDwNy3WhDCHLc0+hDNIL7ho9 V1pOyipASB+EYtFMOyyw/OSt3Sei8CHqcD13mftgENt5c2meP4oDW7kJeUkbh3Mfvy31 IdOtDTboLdFjTV3TaQOejAVvUzyeLbdTD1d6R1XF3gjZGQceQNoKRwfIp2IDP4OONq5j TgpdCQGrTZtcZOk0A8NHYLPxcGKTTceKL3/dUhil4s7YEIp8sm0QxuEgv3IM6iBhSNxk zj6NhU2kMETXu0jNwTWUpvUg745vDRb2KJdjD8wcARqCxy6mKEvkxut4seUwaSt5R/th m3vw== X-Gm-Message-State: AOJu0YzmmXp4zN0q7DLQnFp66m/94qmvIbcoxPUlvqRw9PUDqrpNqXj2 RikXV9T+8Z+hM+IhoJPUJthjq7OChP3S74isldAxi2LSuH90WSFULi2UcB29HYan7iME9ap8p59 qF/KvxJqkl6XWenVd6WXrR2bEj7Pzcc0pj0xHfcWm8LKuc9Y+YiAIVU5mwGbCGGyfsSsIks8HhF makucE+ckj9aFsAECCIBhzvoBWg/tLnA== X-Google-Smtp-Source: AGHT+IGig0d5gAOPvWubCGMNO+HS6pD/uIfah+XgCdryUbEN/NLF/DgvzT5KU18B+Vqf6kzsVXzoL8F5 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a25:ef0c:0:b0:e1c:ed3d:7bb7 with SMTP id 3f1490d57ef6-e2919c5a54bmr1972276.1.1728666560536; Fri, 11 Oct 2024 10:09:20 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:55 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1122; i=ardb@kernel.org; h=from:subject; bh=O1XJt0IMD45pv2Yzif9KcFzsw4OlwGa7+DE3CnbJzlw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zehXXKTcG3hKH5ilqN7VPNj45fmOiRemqqZWcpXs++ IUkec3qKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNhM2JkeLw7Ybp/inLsketP lx1a+fIA5+GjMSmi/rejKnVb7vCfPMXwPyxi5YQ3XxViDx1bJ8Bs1tXxo+r6YkO91rWPWL/sCUt N4wEA X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-17-ardb+git@google.com> Subject: [PATCH v3 7/8] crypto: x86/crc32c - Add jump table annotation From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Annotate the indirect jump with a relocation that correlates it with the jump table emitted into .rodata. This helps objtool identify the jump table, allowing it to infer the places in the code that are reachable from the jump. Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/cr= c32c-pcl-intel-asm_64.S index 45b005935194..7292090e76dd 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -171,6 +171,7 @@ SYM_FUNC_START(crc_pcl) leaq jump_table(%rip), %bufp movslq (%bufp,%rax,4), len addq len, %bufp + .reloc ., R_X86_64_NONE, jump_table JMP_NOSPEC bufp =20 ################################################################ @@ -327,6 +328,8 @@ JMPTBL_ENTRY %i i=3Di+1 .endr =20 +.size jump_table, . - jump_table +.type jump_table, @object =20 ################################################################ ## PCLMULQDQ tables --=20 2.47.0.rc1.288.g06298d1525-goog From nobody Wed Nov 27 07:48:02 2024 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C6B51CFEC5 for ; Fri, 11 Oct 2024 17:09:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666565; cv=none; b=GRuxdsXUy8RIuEQbjLlYXnT5zpmiVvTqCoDp5TzKwnC8FEjOZ2y9AG7fbGe4PJDNU5uapDZZR37gjQU5uRNPaa/Wv2U5bsiyHbHRoWatbYMMVOYPOKHXUsCMA15bn5TOCMHRWRH7VauXvnjtVWm0rHWKJQxmIQoscjmTd4UHRZ8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728666565; c=relaxed/simple; bh=dmzPGrFW6aOYMzz1IH4ndQp0FtWFFlmkgAnMYm8LZsM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XB7zLOmeuudW287hKJ3aSm/fM/nd0AFW+2HN7O1fZ78WwGd+OHrUXjvAkHuJ/3Q4+5PoiPZY3i4JPCVTlBKxTV39kLxvm2n6B29CHW2rKishl3sRNZThm5+Gqxh/2MPPrTpX/7d++FNR2W/Bq74Ks2biENcRdE/8azPS26n2L1Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GI35fbnM; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GI35fbnM" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e22f8dc491so42603827b3.1 for ; Fri, 11 Oct 2024 10:09:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728666563; x=1729271363; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=e8u1CNDm2+Bhw3m92z5B6moO+Nki7WTk10wOgvZqSdE=; b=GI35fbnMCkySVNH2TvfqLhyFIeEiYu2bCrc6zquv+r7LOeNciqEOaqWoaI9gR4BtnP sxvyx2trxM3rx954sxtyswuACZ2ICjFVNgxiQuhA4npiAFb4PFrOMaZ9oUvzZoq2dp71 1e8CYOvGj6lCFoqx220whbnLJJUXOfOBjMjGmoF3mNpRI/sSS9OpGdxAvDnan1DEwTiK EIwQkTxZgh8trrZ7Kr0ooT4pN/MH4ADkaoF4e7ANmNuV0gRWb75HVA6nfdO/xzPNiCIF O36CdW0iM1H1TTNrYTc8CA91+GLo9ZKvhf6Mjc0111laX5Bv44GO7Jn1r5z6qCqdar7H ML3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728666563; x=1729271363; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=e8u1CNDm2+Bhw3m92z5B6moO+Nki7WTk10wOgvZqSdE=; b=w6jeFXJpiWZ60ZybjoCRJ/nPQsf13wMbIxKFL20pf/JN3Ugty+oB/5V2TQkJ9SibHn WXsCudEjPLK+Ykl83ud/S8oxwm9HLxPn0xW0vLnUtRaJLr3HpBxpvf1gfPA2un73+nnj 2KJ595jiX1ZW4C0y5RU2jSr+B6VYGciuMxj93mA7I3HenCecjrrum/oIpct0quaRhuTx t6rTvPb3C0sRDvcELeqilPGJuIepMdXG/UWjZ4Dy5TjTpofc2+dBUhmg53/MMRdo/sIv o3iRL33eJJxXNpRKqVUbr1ImP6oLLzD8ItmQxDE2ORni8KgatXamwdbdI4iltzxtoGcB a+mg== X-Gm-Message-State: AOJu0YwsgiU8gnSeDJD6aM/YUq7zBSL5oro/rDKu1tLsAb3ZOvAyeX01 YwrfXmOp4VcZsZWp50DVUF7vOQYgfFfQyXSG5hqJThK0pK9SF8XeuRQ4rihUp2B+5jFfPjYLH/d TxSMCfVxO2VuK/PxeJrLLr8yw1TbgVwfpVjnfU7iCfDFvof/oBD6E9Gpua68IU9WRwR+iLJuC0q hIdVaGqIeGiAuJ8XQhh+FsaAvcKayETw== X-Google-Smtp-Source: AGHT+IELPWPtiT4Q82wAv9kxv2a+A02raZYpuKW6YkhpqdM8qkrH2v2YSZ25ymK9rG/ipEu3ysaoSds0 X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:7b:198d:ac11:8138]) (user=ardb job=sendgmr) by 2002:a05:690c:3190:b0:6e2:120b:be57 with SMTP id 00721157ae682-6e347b4aec8mr83757b3.5.1728666562988; Fri, 11 Oct 2024 10:09:22 -0700 (PDT) Date: Fri, 11 Oct 2024 19:08:56 +0200 In-Reply-To: <20241011170847.334429-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241011170847.334429-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3351; i=ardb@kernel.org; h=from:subject; bh=Hfh910Y5sSnn5hBkeQ8p28eswlQr4LHqPbKbxMAVhc0=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIZ0zenW+ZiGDhuwr6Rk3jm4WtI45MFlvU1xb1zP3k1/yF Rq5VdI7SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwEQW9zMyrPey+hV86aRT/v8I 8defMvfutpU/FbW3Yf+0ugM2qzYLZDH8D5urnSY/RSlbw4UtxHhzheGW9zE9B0xVErOyXG3KbtV xAAA= X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog Message-ID: <20241011170847.334429-18-ardb+git@google.com> Subject: [PATCH v3 8/8] crypto: x86/crc32c-intel - Tweaks to make objtool's life harder From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: llvm@lists.linux.dev, keescook@chromium.org, linux-hardening@vger.kernel.org, nathan@kernel.org, Ard Biesheuvel , Josh Poimboeuf , Peter Zijlstra , Jan Beulich , "Jose E. Marchesi" , Kees Cook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Tweak the asm crc32c asm code so that the jump table is more difficult to decipher for objtool: - load the address in the prologue - move the jump table to the middle of .rodata, so that the section offset and the symbol offset differ - emit an entry following the jump table that is unrelated - add unconditional ENDBRs so we can test --ibt regardless of the kernel config Test code only. Not intended for merging. --- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 50 +++++++++++--------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/cr= c32c-pcl-intel-asm_64.S index 7292090e76dd..cbedf5820e30 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -93,10 +93,14 @@ SYM_FUNC_START(crc_pcl) #define crc1 %r9 #define crc2 %r10 =20 + endbr64 + pushq %rbp pushq %rbx pushq %rdi pushq %rsi =20 + leaq jump_table(%rip), %rbp + ## Move crc_init for Linux to a different mov crc_init_arg, crc_init =20 @@ -168,9 +172,8 @@ SYM_FUNC_START(crc_pcl) xor crc2, crc2 =20 ## branch into array - leaq jump_table(%rip), %bufp - movslq (%bufp,%rax,4), len - addq len, %bufp + movslq (%rbp,%rax,4), %bufp + addq %rbp, %bufp .reloc ., R_X86_64_NONE, jump_table JMP_NOSPEC bufp =20 @@ -197,7 +200,7 @@ SYM_FUNC_START(crc_pcl) .altmacro LABEL crc_ %i .noaltmacro - ENDBR + endbr64 crc32q -i*8(block_0), crc_init crc32q -i*8(block_1), crc1 crc32q -i*8(block_2), crc2 @@ -207,7 +210,7 @@ LABEL crc_ %i .altmacro LABEL crc_ %i .noaltmacro - ENDBR + endbr64 crc32q -i*8(block_0), crc_init crc32q -i*8(block_1), crc1 # SKIP crc32 -i*8(block_2), crc2 ; Don't do this one yet @@ -241,7 +244,7 @@ LABEL crc_ %i ################################################################ =20 LABEL crc_ 0 - ENDBR + endbr64 mov tmp, len cmp $128*24, tmp jae .Lfull_block @@ -311,26 +314,11 @@ LABEL less_than_ %j # less_than_j: Length should be= in popq %rsi popq %rdi popq %rbx + popq %rbp RET SYM_FUNC_END(crc_pcl) =20 .section .rodata, "a", @progbits - ################################################################ - ## jump table Table is 129 entries x 2 bytes each - ################################################################ -.align 4 -jump_table: - i=3D0 -.rept 129 -.altmacro -JMPTBL_ENTRY %i -.noaltmacro - i=3Di+1 -.endr - -.size jump_table, . - jump_table -.type jump_table, @object - ################################################################ ## PCLMULQDQ tables ## Table is 128 entries x 2 words (8 bytes) each @@ -465,3 +453,21 @@ K_table: .long 0x45cddf4e, 0xe0ac139e .long 0xacfa3103, 0x6c23e841 .long 0xa51b6135, 0x170076fa + + ################################################################ + ## jump table Table is 129 entries x 2 bytes each + ################################################################ +.align 4 +jump_table: + i=3D0 +.rept 129 +.altmacro +JMPTBL_ENTRY %i +.noaltmacro + i=3Di+1 +.endr + +.size jump_table, . - jump_table +.type jump_table, @object + + .long crc_pcl - . --=20 2.47.0.rc1.288.g06298d1525-goog