From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, kbuild test robot <lkp@intel.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.9 24/29] objtool: Detect RIP-relative switch table references, part 2
Date: Mon, 4 Jun 2018 08:58:20 +0200 [thread overview]
Message-ID: <20180604065803.121030885@linuxfoundation.org> (raw)
In-Reply-To: <20180604065802.157744637@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josh Poimboeuf <jpoimboe@redhat.com>
commit 7dec80ccbe310fb7e225bf21c48c672bb780ce7b upstream.
With the following commit:
fd35c88b7417 ("objtool: Support GCC 8 switch tables")
I added a "can't find switch jump table" warning, to stop covering up
silent failures if add_switch_table() can't find anything.
That warning found yet another bug in the objtool switch table detection
logic. For cases 1 and 2 (as described in the comments of
find_switch_table()), the find_symbol_containing() check doesn't adjust
the offset for RIP-relative switch jumps.
Incidentally, this bug was already fixed for case 3 with:
6f5ec2993b1f ("objtool: Detect RIP-relative switch table references")
However, that commit missed the fix for cases 1 and 2.
The different cases are now starting to look more and more alike. So
fix the bug by consolidating them into a single case, by checking the
original dynamic jump instruction in the case 3 loop.
This also simplifies the code and makes it more robust against future
switch table detection issues -- of which I'm sure there will be many...
Switch table detection has been the most fragile area of objtool, by
far. I long for the day when we'll have a GCC plugin for annotating
switch tables. Linus asked me to delay such a plugin due to the
flakiness of the plugin infrastructure in older versions of GCC, so this
rickety code is what we're stuck with for now. At least the code is now
a little simpler than it was.
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/f400541613d45689086329432f3095119ffbc328.1526674218.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/objtool/check.c | 37 ++++++++++++-------------------------
1 file changed, 12 insertions(+), 25 deletions(-)
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -900,40 +900,19 @@ static struct rela *find_switch_table(st
struct instruction *orig_insn = insn;
unsigned long table_offset;
- /* case 1 & 2 */
- text_rela = find_rela_by_dest_range(insn->sec, insn->offset, insn->len);
- if (text_rela && text_rela->sym == file->rodata->sym &&
- !find_symbol_containing(file->rodata, text_rela->addend)) {
-
- table_offset = text_rela->addend;
- if (text_rela->type == R_X86_64_PC32) {
- /* case 2 */
- table_offset += 4;
- file->ignore_unreachables = true;
- }
-
- rodata_rela = find_rela_by_dest(file->rodata, table_offset);
- if (!rodata_rela)
- return NULL;
-
- return rodata_rela;
- }
-
- /* case 3 */
/*
* Backward search using the @first_jump_src links, these help avoid
* much of the 'in between' code. Which avoids us getting confused by
* it.
*/
- for (insn = list_prev_entry(insn, list);
-
+ for (;
&insn->list != &file->insn_list &&
insn->sec == func->sec &&
insn->offset >= func->offset;
insn = insn->first_jump_src ?: list_prev_entry(insn, list)) {
- if (insn->type == INSN_JUMP_DYNAMIC)
+ if (insn != orig_insn && insn->type == INSN_JUMP_DYNAMIC)
break;
/* allow small jumps within the range */
@@ -960,10 +939,18 @@ static struct rela *find_switch_table(st
if (find_symbol_containing(file->rodata, table_offset))
continue;
- /* mov [rodata addr], %reg */
rodata_rela = find_rela_by_dest(file->rodata, table_offset);
- if (rodata_rela)
+ if (rodata_rela) {
+ /*
+ * Use of RIP-relative switch jumps is quite rare, and
+ * indicates a rare GCC quirk/bug which can leave dead
+ * code behind.
+ */
+ if (text_rela->type == R_X86_64_PC32)
+ file->ignore_unreachables = true;
+
return rodata_rela;
+ }
}
return NULL;
next prev parent reply other threads:[~2018-06-04 7:00 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-04 6:57 [PATCH 4.9 00/29] 4.9.106-stable review Greg Kroah-Hartman
2018-06-04 6:57 ` [PATCH 4.9 01/29] objtool: Improve detection of BUG() and other dead ends Greg Kroah-Hartman
2018-06-04 6:57 ` [PATCH 4.9 02/29] objtool: Move checking code to check.c Greg Kroah-Hartman
2018-06-04 6:57 ` [PATCH 4.9 03/29] tools lib: Add for_each_clear_bit macro Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 04/29] tools: add more bitmap functions Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 05/29] tools: enable endian checks for all sparse builds Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 06/29] tools include: Introduce linux/compiler-gcc.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 07/29] radix tree test suite: Remove types.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 08/29] tools include: Adopt __compiletime_error Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 09/29] tools include: Introduce atomic_cmpxchg_{relaxed,release}() Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 10/29] tools include: Add UINT_MAX def to kernel.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 11/29] tools include: Adopt kernels refcount.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 12/29] perf tools: Force fixdep compilation at the start of the build Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 13/29] perf tools: Move headers check into bash script Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 14/29] tools include uapi: Grab copies of stat.h and fcntl.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 15/29] tools include: Introduce linux/bug.h, from the kernel sources Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 16/29] tools include: Adopt __same_type() and __must_be_array() from the kernel Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 17/29] tools include: Move ARRAY_SIZE() to linux/kernel.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 18/29] tools include: Drop ARRAY_SIZE() definition from linux/hashtable.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 19/29] tools include: Include missing headers for fls() and types in linux/log2.h Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 20/29] objtool: sync up with the 4.14.47 version of objtool Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 21/29] objtool: Support GCC 8s cold subfunctions Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 22/29] objtool: Support GCC 8 switch tables Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 23/29] objtool: Detect RIP-relative switch table references Greg Kroah-Hartman
2018-06-04 6:58 ` Greg Kroah-Hartman [this message]
2018-06-04 6:58 ` [PATCH 4.9 25/29] objtool: Fix "noreturn" detection for recursive sibling calls Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 26/29] objtool, x86: Add several functions and files to the objtool whitelist Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 27/29] perf/tools: header file sync up Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 28/29] objtool: header file sync-up Greg Kroah-Hartman
2018-06-04 6:58 ` [PATCH 4.9 29/29] x86/xen: Add unwind hint annotations to xen_setup_gdt Greg Kroah-Hartman
2018-06-04 10:15 ` [PATCH 4.9 00/29] 4.9.106-stable review Guenter Roeck
2018-06-04 11:27 ` Greg Kroah-Hartman
2018-06-04 12:21 ` Greg Kroah-Hartman
2018-06-04 16:16 ` Guenter Roeck
2018-06-04 16:54 ` Guenter Roeck
2018-06-04 16:57 ` Greg Kroah-Hartman
2018-06-04 17:04 ` Guenter Roeck
2018-06-04 16:58 ` Greg Kroah-Hartman
2018-06-04 19:46 ` Shuah Khan
2018-06-05 6:14 ` Naresh Kamboju
[not found] ` <5b152b7c.1c69fb81.3f04a.096f@mx.google.com>
[not found] ` <7hr2lmjgcd.fsf@baylibre.com>
2018-06-05 10:51 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180604065803.121030885@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).