1 //===- bolt/Rewrite/LinuxKernelRewriter.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Support for updating Linux Kernel metadata. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "bolt/Core/BinaryFunction.h" 14 #include "bolt/Rewrite/MetadataRewriter.h" 15 #include "bolt/Rewrite/MetadataRewriters.h" 16 #include "bolt/Utils/CommandLineOpts.h" 17 #include "llvm/ADT/DenseSet.h" 18 #include "llvm/Support/BinaryStreamWriter.h" 19 #include "llvm/Support/CommandLine.h" 20 #include "llvm/Support/Debug.h" 21 #include "llvm/Support/Errc.h" 22 23 #define DEBUG_TYPE "bolt-linux" 24 25 using namespace llvm; 26 using namespace bolt; 27 28 namespace opts { 29 30 static cl::opt<bool> 31 DumpExceptions("dump-linux-exceptions", 32 cl::desc("dump Linux kernel exception table"), 33 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 34 35 static cl::opt<bool> 36 DumpORC("dump-orc", cl::desc("dump raw ORC unwind information (sorted)"), 37 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 38 39 static cl::opt<bool> DumpStaticCalls("dump-static-calls", 40 cl::desc("dump Linux kernel static calls"), 41 cl::init(false), cl::Hidden, 42 cl::cat(BoltCategory)); 43 44 static cl::opt<bool> 45 PrintORC("print-orc", 46 cl::desc("print ORC unwind information for instructions"), 47 cl::init(true), cl::Hidden, cl::cat(BoltCategory)); 48 49 } // namespace opts 50 51 /// Linux Kernel supports stack unwinding using ORC (oops rewind capability). 52 /// ORC state at every IP can be described by the following data structure. 53 struct ORCState { 54 int16_t SPOffset; 55 int16_t BPOffset; 56 int16_t Info; 57 58 bool operator==(const ORCState &Other) const { 59 return SPOffset == Other.SPOffset && BPOffset == Other.BPOffset && 60 Info == Other.Info; 61 } 62 63 bool operator!=(const ORCState &Other) const { return !(*this == Other); } 64 }; 65 66 /// Section terminator ORC entry. 67 static ORCState NullORC = {0, 0, 0}; 68 69 /// Basic printer for ORC entry. It does not provide the same level of 70 /// information as objtool (for now). 71 inline raw_ostream &operator<<(raw_ostream &OS, const ORCState &E) { 72 if (!opts::PrintORC) 73 return OS; 74 if (E != NullORC) 75 OS << format("{sp: %d, bp: %d, info: 0x%x}", E.SPOffset, E.BPOffset, 76 E.Info); 77 else 78 OS << "{terminator}"; 79 80 return OS; 81 } 82 83 namespace { 84 85 class LinuxKernelRewriter final : public MetadataRewriter { 86 /// Linux Kernel special sections point to a specific instruction in many 87 /// cases. Unlike SDTMarkerInfo, these markers can come from different 88 /// sections. 89 struct LKInstructionMarkerInfo { 90 uint64_t SectionOffset; 91 int32_t PCRelativeOffset; 92 bool IsPCRelative; 93 StringRef SectionName; 94 }; 95 96 /// Map linux kernel program locations/instructions to their pointers in 97 /// special linux kernel sections 98 std::unordered_map<uint64_t, std::vector<LKInstructionMarkerInfo>> LKMarkers; 99 100 /// Linux ORC sections. 101 ErrorOr<BinarySection &> ORCUnwindSection = std::errc::bad_address; 102 ErrorOr<BinarySection &> ORCUnwindIPSection = std::errc::bad_address; 103 104 /// Size of entries in ORC sections. 105 static constexpr size_t ORC_UNWIND_ENTRY_SIZE = 6; 106 static constexpr size_t ORC_UNWIND_IP_ENTRY_SIZE = 4; 107 108 struct ORCListEntry { 109 uint64_t IP; /// Instruction address. 110 BinaryFunction *BF; /// Binary function corresponding to the entry. 111 ORCState ORC; /// Stack unwind info in ORC format. 112 113 /// ORC entries are sorted by their IPs. Terminator entries (NullORC) 114 /// should precede other entries with the same address. 115 bool operator<(const ORCListEntry &Other) const { 116 if (IP < Other.IP) 117 return 1; 118 if (IP > Other.IP) 119 return 0; 120 return ORC == NullORC && Other.ORC != NullORC; 121 } 122 }; 123 124 using ORCListType = std::vector<ORCListEntry>; 125 ORCListType ORCEntries; 126 127 /// Number of entries in the input file ORC sections. 128 uint64_t NumORCEntries = 0; 129 130 /// Section containing static call table. 131 ErrorOr<BinarySection &> StaticCallSection = std::errc::bad_address; 132 uint64_t StaticCallTableAddress = 0; 133 static constexpr size_t STATIC_CALL_ENTRY_SIZE = 8; 134 135 struct StaticCallInfo { 136 uint32_t ID; /// Identifier of the entry in the table. 137 BinaryFunction *Function; /// Function containing associated call. 138 MCSymbol *Label; /// Label attached to the call. 139 }; 140 using StaticCallListType = std::vector<StaticCallInfo>; 141 StaticCallListType StaticCallEntries; 142 143 /// Section containing the Linux exception table. 144 ErrorOr<BinarySection &> ExceptionsSection = std::errc::bad_address; 145 static constexpr size_t EXCEPTION_TABLE_ENTRY_SIZE = 12; 146 147 /// Functions with exception handling code. 148 DenseSet<BinaryFunction *> FunctionsWithExceptions; 149 150 /// Insert an LKMarker for a given code pointer \p PC from a non-code section 151 /// \p SectionName. 152 void insertLKMarker(uint64_t PC, uint64_t SectionOffset, 153 int32_t PCRelativeOffset, bool IsPCRelative, 154 StringRef SectionName); 155 156 /// Process linux kernel special sections and their relocations. 157 void processLKSections(); 158 159 /// Process special linux kernel section, .pci_fixup. 160 void processLKPCIFixup(); 161 162 /// Process __ksymtab and __ksymtab_gpl. 163 void processLKKSymtab(bool IsGPL = false); 164 165 /// Process special linux kernel section, __bug_table. 166 void processLKBugTable(); 167 168 /// Process special linux kernel section, .smp_locks. 169 void processLKSMPLocks(); 170 171 /// Update LKMarkers' locations for the output binary. 172 void updateLKMarkers(); 173 174 /// Read ORC unwind information and annotate instructions. 175 Error readORCTables(); 176 177 /// Update ORC for functions once CFG is constructed. 178 Error processORCPostCFG(); 179 180 /// Update ORC data in the binary. 181 Error rewriteORCTables(); 182 183 /// Static call table handling. 184 Error readStaticCalls(); 185 Error rewriteStaticCalls(); 186 187 Error readExceptionTable(); 188 Error rewriteExceptionTable(); 189 190 /// Mark instructions referenced by kernel metadata. 191 Error markInstructions(); 192 193 public: 194 LinuxKernelRewriter(BinaryContext &BC) 195 : MetadataRewriter("linux-kernel-rewriter", BC) {} 196 197 Error preCFGInitializer() override { 198 processLKSections(); 199 if (Error E = markInstructions()) 200 return E; 201 202 if (Error E = readORCTables()) 203 return E; 204 205 if (Error E = readStaticCalls()) 206 return E; 207 208 if (Error E = readExceptionTable()) 209 return E; 210 211 return Error::success(); 212 } 213 214 Error postCFGInitializer() override { 215 if (Error E = processORCPostCFG()) 216 return E; 217 218 return Error::success(); 219 } 220 221 Error preEmitFinalizer() override { 222 // Since rewriteExceptionTable() can mark functions as non-simple, run it 223 // before other rewriters that depend on simple/emit status. 224 if (Error E = rewriteExceptionTable()) 225 return E; 226 227 if (Error E = rewriteORCTables()) 228 return E; 229 230 if (Error E = rewriteStaticCalls()) 231 return E; 232 233 return Error::success(); 234 } 235 236 Error postEmitFinalizer() override { 237 updateLKMarkers(); 238 239 return Error::success(); 240 } 241 }; 242 243 Error LinuxKernelRewriter::markInstructions() { 244 for (const uint64_t PC : llvm::make_first_range(LKMarkers)) { 245 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(PC); 246 247 if (!BF || !BC.shouldEmit(*BF)) 248 continue; 249 250 const uint64_t Offset = PC - BF->getAddress(); 251 MCInst *Inst = BF->getInstructionAtOffset(Offset); 252 if (!Inst) 253 return createStringError(errc::executable_format_error, 254 "no instruction matches kernel marker offset"); 255 256 BC.MIB->setOffset(*Inst, static_cast<uint32_t>(Offset)); 257 258 BF->setHasSDTMarker(true); 259 } 260 261 return Error::success(); 262 } 263 264 void LinuxKernelRewriter::insertLKMarker(uint64_t PC, uint64_t SectionOffset, 265 int32_t PCRelativeOffset, 266 bool IsPCRelative, 267 StringRef SectionName) { 268 LKMarkers[PC].emplace_back(LKInstructionMarkerInfo{ 269 SectionOffset, PCRelativeOffset, IsPCRelative, SectionName}); 270 } 271 272 void LinuxKernelRewriter::processLKSections() { 273 processLKPCIFixup(); 274 processLKKSymtab(); 275 processLKKSymtab(true); 276 processLKBugTable(); 277 processLKSMPLocks(); 278 } 279 280 /// Process .pci_fixup section of Linux Kernel. 281 /// This section contains a list of entries for different PCI devices and their 282 /// corresponding hook handler (code pointer where the fixup 283 /// code resides, usually on x86_64 it is an entry PC relative 32 bit offset). 284 /// Documentation is in include/linux/pci.h. 285 void LinuxKernelRewriter::processLKPCIFixup() { 286 ErrorOr<BinarySection &> SectionOrError = 287 BC.getUniqueSectionByName(".pci_fixup"); 288 if (!SectionOrError) 289 return; 290 291 const uint64_t SectionSize = SectionOrError->getSize(); 292 const uint64_t SectionAddress = SectionOrError->getAddress(); 293 assert((SectionSize % 16) == 0 && ".pci_fixup size is not a multiple of 16"); 294 295 for (uint64_t I = 12; I + 4 <= SectionSize; I += 16) { 296 const uint64_t PC = SectionAddress + I; 297 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(PC, 4); 298 assert(Offset && "cannot read value from .pci_fixup"); 299 const int32_t SignedOffset = *Offset; 300 const uint64_t HookupAddress = PC + SignedOffset; 301 BinaryFunction *HookupFunction = 302 BC.getBinaryFunctionAtAddress(HookupAddress); 303 assert(HookupFunction && "expected function for entry in .pci_fixup"); 304 BC.addRelocation(PC, HookupFunction->getSymbol(), Relocation::getPC32(), 0, 305 *Offset); 306 } 307 } 308 309 /// Process __ksymtab[_gpl] sections of Linux Kernel. 310 /// This section lists all the vmlinux symbols that kernel modules can access. 311 /// 312 /// All the entries are 4 bytes each and hence we can read them by one by one 313 /// and ignore the ones that are not pointing to the .text section. All pointers 314 /// are PC relative offsets. Always, points to the beginning of the function. 315 void LinuxKernelRewriter::processLKKSymtab(bool IsGPL) { 316 StringRef SectionName = "__ksymtab"; 317 if (IsGPL) 318 SectionName = "__ksymtab_gpl"; 319 ErrorOr<BinarySection &> SectionOrError = 320 BC.getUniqueSectionByName(SectionName); 321 assert(SectionOrError && 322 "__ksymtab[_gpl] section not found in Linux Kernel binary"); 323 const uint64_t SectionSize = SectionOrError->getSize(); 324 const uint64_t SectionAddress = SectionOrError->getAddress(); 325 assert((SectionSize % 4) == 0 && 326 "The size of the __ksymtab[_gpl] section should be a multiple of 4"); 327 328 for (uint64_t I = 0; I < SectionSize; I += 4) { 329 const uint64_t EntryAddress = SectionAddress + I; 330 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 331 assert(Offset && "Reading valid PC-relative offset for a ksymtab entry"); 332 const int32_t SignedOffset = *Offset; 333 const uint64_t RefAddress = EntryAddress + SignedOffset; 334 BinaryFunction *BF = BC.getBinaryFunctionAtAddress(RefAddress); 335 if (!BF) 336 continue; 337 338 BC.addRelocation(EntryAddress, BF->getSymbol(), Relocation::getPC32(), 0, 339 *Offset); 340 } 341 } 342 343 /// Process __bug_table section. 344 /// This section contains information useful for kernel debugging. 345 /// Each entry in the section is a struct bug_entry that contains a pointer to 346 /// the ud2 instruction corresponding to the bug, corresponding file name (both 347 /// pointers use PC relative offset addressing), line number, and flags. 348 /// The definition of the struct bug_entry can be found in 349 /// `include/asm-generic/bug.h` 350 void LinuxKernelRewriter::processLKBugTable() { 351 ErrorOr<BinarySection &> SectionOrError = 352 BC.getUniqueSectionByName("__bug_table"); 353 if (!SectionOrError) 354 return; 355 356 const uint64_t SectionSize = SectionOrError->getSize(); 357 const uint64_t SectionAddress = SectionOrError->getAddress(); 358 assert((SectionSize % 12) == 0 && 359 "The size of the __bug_table section should be a multiple of 12"); 360 for (uint64_t I = 0; I < SectionSize; I += 12) { 361 const uint64_t EntryAddress = SectionAddress + I; 362 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 363 assert(Offset && 364 "Reading valid PC-relative offset for a __bug_table entry"); 365 const int32_t SignedOffset = *Offset; 366 const uint64_t RefAddress = EntryAddress + SignedOffset; 367 assert(BC.getBinaryFunctionContainingAddress(RefAddress) && 368 "__bug_table entries should point to a function"); 369 370 insertLKMarker(RefAddress, I, SignedOffset, true, "__bug_table"); 371 } 372 } 373 374 /// .smp_locks section contains PC-relative references to instructions with LOCK 375 /// prefix. The prefix can be converted to NOP at boot time on non-SMP systems. 376 void LinuxKernelRewriter::processLKSMPLocks() { 377 ErrorOr<BinarySection &> SectionOrError = 378 BC.getUniqueSectionByName(".smp_locks"); 379 if (!SectionOrError) 380 return; 381 382 uint64_t SectionSize = SectionOrError->getSize(); 383 const uint64_t SectionAddress = SectionOrError->getAddress(); 384 assert((SectionSize % 4) == 0 && 385 "The size of the .smp_locks section should be a multiple of 4"); 386 387 for (uint64_t I = 0; I < SectionSize; I += 4) { 388 const uint64_t EntryAddress = SectionAddress + I; 389 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 390 assert(Offset && "Reading valid PC-relative offset for a .smp_locks entry"); 391 int32_t SignedOffset = *Offset; 392 uint64_t RefAddress = EntryAddress + SignedOffset; 393 394 BinaryFunction *ContainingBF = 395 BC.getBinaryFunctionContainingAddress(RefAddress); 396 if (!ContainingBF) 397 continue; 398 399 insertLKMarker(RefAddress, I, SignedOffset, true, ".smp_locks"); 400 } 401 } 402 403 void LinuxKernelRewriter::updateLKMarkers() { 404 if (LKMarkers.size() == 0) 405 return; 406 407 std::unordered_map<std::string, uint64_t> PatchCounts; 408 for (std::pair<const uint64_t, std::vector<LKInstructionMarkerInfo>> 409 &LKMarkerInfoKV : LKMarkers) { 410 const uint64_t OriginalAddress = LKMarkerInfoKV.first; 411 const BinaryFunction *BF = 412 BC.getBinaryFunctionContainingAddress(OriginalAddress, false, true); 413 if (!BF) 414 continue; 415 416 uint64_t NewAddress = BF->translateInputToOutputAddress(OriginalAddress); 417 if (NewAddress == 0) 418 continue; 419 420 // Apply base address. 421 if (OriginalAddress >= 0xffffffff00000000 && NewAddress < 0xffffffff) 422 NewAddress = NewAddress + 0xffffffff00000000; 423 424 if (OriginalAddress == NewAddress) 425 continue; 426 427 for (LKInstructionMarkerInfo &LKMarkerInfo : LKMarkerInfoKV.second) { 428 StringRef SectionName = LKMarkerInfo.SectionName; 429 SimpleBinaryPatcher *LKPatcher; 430 ErrorOr<BinarySection &> BSec = BC.getUniqueSectionByName(SectionName); 431 assert(BSec && "missing section info for kernel section"); 432 if (!BSec->getPatcher()) 433 BSec->registerPatcher(std::make_unique<SimpleBinaryPatcher>()); 434 LKPatcher = static_cast<SimpleBinaryPatcher *>(BSec->getPatcher()); 435 PatchCounts[std::string(SectionName)]++; 436 if (LKMarkerInfo.IsPCRelative) 437 LKPatcher->addLE32Patch(LKMarkerInfo.SectionOffset, 438 NewAddress - OriginalAddress + 439 LKMarkerInfo.PCRelativeOffset); 440 else 441 LKPatcher->addLE64Patch(LKMarkerInfo.SectionOffset, NewAddress); 442 } 443 } 444 BC.outs() << "BOLT-INFO: patching linux kernel sections. Total patches per " 445 "section are as follows:\n"; 446 for (const std::pair<const std::string, uint64_t> &KV : PatchCounts) 447 BC.outs() << " Section: " << KV.first << ", patch-counts: " << KV.second 448 << '\n'; 449 } 450 451 Error LinuxKernelRewriter::readORCTables() { 452 // NOTE: we should ignore relocations for orc tables as the tables are sorted 453 // post-link time and relocations are not updated. 454 ORCUnwindSection = BC.getUniqueSectionByName(".orc_unwind"); 455 ORCUnwindIPSection = BC.getUniqueSectionByName(".orc_unwind_ip"); 456 457 if (!ORCUnwindSection && !ORCUnwindIPSection) 458 return Error::success(); 459 460 if (!ORCUnwindSection || !ORCUnwindIPSection) 461 return createStringError(errc::executable_format_error, 462 "missing ORC section"); 463 464 NumORCEntries = ORCUnwindIPSection->getSize() / ORC_UNWIND_IP_ENTRY_SIZE; 465 if (ORCUnwindSection->getSize() != NumORCEntries * ORC_UNWIND_ENTRY_SIZE || 466 ORCUnwindIPSection->getSize() != NumORCEntries * ORC_UNWIND_IP_ENTRY_SIZE) 467 return createStringError(errc::executable_format_error, 468 "ORC entries number mismatch detected"); 469 470 const uint64_t IPSectionAddress = ORCUnwindIPSection->getAddress(); 471 DataExtractor OrcDE = DataExtractor(ORCUnwindSection->getContents(), 472 BC.AsmInfo->isLittleEndian(), 473 BC.AsmInfo->getCodePointerSize()); 474 DataExtractor IPDE = DataExtractor(ORCUnwindIPSection->getContents(), 475 BC.AsmInfo->isLittleEndian(), 476 BC.AsmInfo->getCodePointerSize()); 477 DataExtractor::Cursor ORCCursor(0); 478 DataExtractor::Cursor IPCursor(0); 479 uint64_t PrevIP = 0; 480 for (uint32_t Index = 0; Index < NumORCEntries; ++Index) { 481 const uint64_t IP = 482 IPSectionAddress + IPCursor.tell() + (int32_t)IPDE.getU32(IPCursor); 483 484 // Consume the status of the cursor. 485 if (!IPCursor) 486 return createStringError(errc::executable_format_error, 487 "out of bounds while reading ORC IP table"); 488 489 if (IP < PrevIP && opts::Verbosity) 490 BC.errs() << "BOLT-WARNING: out of order IP 0x" << Twine::utohexstr(IP) 491 << " detected while reading ORC\n"; 492 493 PrevIP = IP; 494 495 // Store all entries, includes those we are not going to update as the 496 // tables need to be sorted globally before being written out. 497 ORCEntries.push_back(ORCListEntry()); 498 ORCListEntry &Entry = ORCEntries.back(); 499 500 Entry.IP = IP; 501 Entry.ORC.SPOffset = (int16_t)OrcDE.getU16(ORCCursor); 502 Entry.ORC.BPOffset = (int16_t)OrcDE.getU16(ORCCursor); 503 Entry.ORC.Info = (int16_t)OrcDE.getU16(ORCCursor); 504 Entry.BF = nullptr; 505 506 // Consume the status of the cursor. 507 if (!ORCCursor) 508 return createStringError(errc::executable_format_error, 509 "out of bounds while reading ORC"); 510 511 if (Entry.ORC == NullORC) 512 continue; 513 514 BinaryFunction *&BF = Entry.BF; 515 BF = BC.getBinaryFunctionContainingAddress(IP, /*CheckPastEnd*/ true); 516 517 // If the entry immediately pointing past the end of the function is not 518 // the terminator entry, then it does not belong to this function. 519 if (BF && BF->getAddress() + BF->getSize() == IP) 520 BF = 0; 521 522 if (!BF) { 523 if (opts::Verbosity) 524 BC.errs() << "BOLT-WARNING: no binary function found matching ORC 0x" 525 << Twine::utohexstr(IP) << ": " << Entry.ORC << '\n'; 526 continue; 527 } 528 529 BF->setHasORC(true); 530 531 if (!BF->hasInstructions()) 532 continue; 533 534 MCInst *Inst = BF->getInstructionAtOffset(IP - BF->getAddress()); 535 if (!Inst) 536 return createStringError( 537 errc::executable_format_error, 538 "no instruction at address 0x%" PRIx64 " in .orc_unwind_ip", IP); 539 540 // Some addresses will have two entries associated with them. The first 541 // one being a "weak" section terminator. Since we ignore the terminator, 542 // we should only assign one entry per instruction. 543 if (BC.MIB->hasAnnotation(*Inst, "ORC")) 544 return createStringError( 545 errc::executable_format_error, 546 "duplicate non-terminal ORC IP 0x%" PRIx64 " in .orc_unwind_ip", IP); 547 548 BC.MIB->addAnnotation(*Inst, "ORC", Entry.ORC); 549 } 550 551 BC.outs() << "BOLT-INFO: parsed " << NumORCEntries << " ORC entries\n"; 552 553 if (opts::DumpORC) { 554 BC.outs() << "BOLT-INFO: ORC unwind information:\n"; 555 for (const ORCListEntry &E : ORCEntries) { 556 BC.outs() << "0x" << Twine::utohexstr(E.IP) << ": " << E.ORC; 557 if (E.BF) 558 BC.outs() << ": " << *E.BF; 559 BC.outs() << '\n'; 560 } 561 } 562 563 // Add entries for functions that don't have explicit ORC info at the start. 564 // We'll have the correct info for them even if ORC for the preceding function 565 // changes. 566 ORCListType NewEntries; 567 for (BinaryFunction &BF : llvm::make_second_range(BC.getBinaryFunctions())) { 568 auto It = llvm::partition_point(ORCEntries, [&](const ORCListEntry &E) { 569 return E.IP <= BF.getAddress(); 570 }); 571 if (It != ORCEntries.begin()) 572 --It; 573 574 if (It->BF == &BF) 575 continue; 576 577 if (It->ORC == NullORC && It->IP == BF.getAddress()) { 578 assert(!It->BF); 579 It->BF = &BF; 580 continue; 581 } 582 583 NewEntries.push_back({BF.getAddress(), &BF, It->ORC}); 584 if (It->ORC != NullORC) 585 BF.setHasORC(true); 586 } 587 588 llvm::copy(NewEntries, std::back_inserter(ORCEntries)); 589 llvm::sort(ORCEntries); 590 591 if (opts::DumpORC) { 592 BC.outs() << "BOLT-INFO: amended ORC unwind information:\n"; 593 for (const ORCListEntry &E : ORCEntries) { 594 BC.outs() << "0x" << Twine::utohexstr(E.IP) << ": " << E.ORC; 595 if (E.BF) 596 BC.outs() << ": " << *E.BF; 597 BC.outs() << '\n'; 598 } 599 } 600 601 return Error::success(); 602 } 603 604 Error LinuxKernelRewriter::processORCPostCFG() { 605 if (!NumORCEntries) 606 return Error::success(); 607 608 // Propagate ORC to the rest of the function. We can annotate every 609 // instruction in every function, but to minimize the overhead, we annotate 610 // the first instruction in every basic block to reflect the state at the 611 // entry. This way, the ORC state can be calculated based on annotations 612 // regardless of the basic block layout. Note that if we insert/delete 613 // instructions, we must take care to attach ORC info to the new/deleted ones. 614 for (BinaryFunction &BF : llvm::make_second_range(BC.getBinaryFunctions())) { 615 616 std::optional<ORCState> CurrentState; 617 for (BinaryBasicBlock &BB : BF) { 618 for (MCInst &Inst : BB) { 619 ErrorOr<ORCState> State = 620 BC.MIB->tryGetAnnotationAs<ORCState>(Inst, "ORC"); 621 622 if (State) { 623 CurrentState = *State; 624 continue; 625 } 626 627 // Get state for the start of the function. 628 if (!CurrentState) { 629 // A terminator entry (NullORC) can match the function address. If 630 // there's also a non-terminator entry, it will be placed after the 631 // terminator. Hence, we are looking for the last ORC entry that 632 // matches the address. 633 auto It = 634 llvm::partition_point(ORCEntries, [&](const ORCListEntry &E) { 635 return E.IP <= BF.getAddress(); 636 }); 637 if (It != ORCEntries.begin()) 638 --It; 639 640 assert(It->IP == BF.getAddress() && (!It->BF || It->BF == &BF) && 641 "ORC info at function entry expected."); 642 643 if (It->ORC == NullORC && BF.hasORC()) { 644 BC.errs() << "BOLT-WARNING: ORC unwind info excludes prologue for " 645 << BF << '\n'; 646 } 647 648 It->BF = &BF; 649 650 CurrentState = It->ORC; 651 if (It->ORC != NullORC) 652 BF.setHasORC(true); 653 } 654 655 // While printing ORC, attach info to every instruction for convenience. 656 if (opts::PrintORC || &Inst == &BB.front()) 657 BC.MIB->addAnnotation(Inst, "ORC", *CurrentState); 658 } 659 } 660 } 661 662 return Error::success(); 663 } 664 665 Error LinuxKernelRewriter::rewriteORCTables() { 666 if (!NumORCEntries) 667 return Error::success(); 668 669 // Update ORC sections in-place. As we change the code, the number of ORC 670 // entries may increase for some functions. However, as we remove terminator 671 // redundancy (see below), more space is freed up and we should always be able 672 // to fit new ORC tables in the reserved space. 673 auto createInPlaceWriter = [&](BinarySection &Section) -> BinaryStreamWriter { 674 const size_t Size = Section.getSize(); 675 uint8_t *NewContents = new uint8_t[Size]; 676 Section.updateContents(NewContents, Size); 677 Section.setOutputFileOffset(Section.getInputFileOffset()); 678 return BinaryStreamWriter({NewContents, Size}, BC.AsmInfo->isLittleEndian() 679 ? endianness::little 680 : endianness::big); 681 }; 682 BinaryStreamWriter UnwindWriter = createInPlaceWriter(*ORCUnwindSection); 683 BinaryStreamWriter UnwindIPWriter = createInPlaceWriter(*ORCUnwindIPSection); 684 685 uint64_t NumEmitted = 0; 686 std::optional<ORCState> LastEmittedORC; 687 auto emitORCEntry = [&](const uint64_t IP, const ORCState &ORC, 688 MCSymbol *Label = 0, bool Force = false) -> Error { 689 if (LastEmittedORC && ORC == *LastEmittedORC && !Force) 690 return Error::success(); 691 692 LastEmittedORC = ORC; 693 694 if (++NumEmitted > NumORCEntries) 695 return createStringError(errc::executable_format_error, 696 "exceeded the number of allocated ORC entries"); 697 698 if (Label) 699 ORCUnwindIPSection->addRelocation(UnwindIPWriter.getOffset(), Label, 700 Relocation::getPC32(), /*Addend*/ 0); 701 702 const int32_t IPValue = 703 IP - ORCUnwindIPSection->getAddress() - UnwindIPWriter.getOffset(); 704 if (Error E = UnwindIPWriter.writeInteger(IPValue)) 705 return E; 706 707 if (Error E = UnwindWriter.writeInteger(ORC.SPOffset)) 708 return E; 709 if (Error E = UnwindWriter.writeInteger(ORC.BPOffset)) 710 return E; 711 if (Error E = UnwindWriter.writeInteger(ORC.Info)) 712 return E; 713 714 return Error::success(); 715 }; 716 717 // Emit new ORC entries for the emitted function. 718 auto emitORC = [&](const BinaryFunction &BF) -> Error { 719 assert(!BF.isSplit() && "Split functions not supported by ORC writer yet."); 720 721 ORCState CurrentState = NullORC; 722 for (BinaryBasicBlock *BB : BF.getLayout().blocks()) { 723 for (MCInst &Inst : *BB) { 724 ErrorOr<ORCState> ErrorOrState = 725 BC.MIB->tryGetAnnotationAs<ORCState>(Inst, "ORC"); 726 if (!ErrorOrState || *ErrorOrState == CurrentState) 727 continue; 728 729 // Issue label for the instruction. 730 MCSymbol *Label = 731 BC.MIB->getOrCreateInstLabel(Inst, "__ORC_", BC.Ctx.get()); 732 733 if (Error E = emitORCEntry(0, *ErrorOrState, Label)) 734 return E; 735 736 CurrentState = *ErrorOrState; 737 } 738 } 739 740 return Error::success(); 741 }; 742 743 for (ORCListEntry &Entry : ORCEntries) { 744 // Emit original entries for functions that we haven't modified. 745 if (!Entry.BF || !BC.shouldEmit(*Entry.BF)) { 746 // Emit terminator only if it marks the start of a function. 747 if (Entry.ORC == NullORC && !Entry.BF) 748 continue; 749 if (Error E = emitORCEntry(Entry.IP, Entry.ORC)) 750 return E; 751 continue; 752 } 753 754 // Emit all ORC entries for a function referenced by an entry and skip over 755 // the rest of entries for this function by resetting its ORC attribute. 756 if (Entry.BF->hasORC()) { 757 if (Error E = emitORC(*Entry.BF)) 758 return E; 759 Entry.BF->setHasORC(false); 760 } 761 } 762 763 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: emitted " << NumEmitted 764 << " ORC entries\n"); 765 766 // Replicate terminator entry at the end of sections to match the original 767 // table sizes. 768 const BinaryFunction &LastBF = BC.getBinaryFunctions().rbegin()->second; 769 const uint64_t LastIP = LastBF.getAddress() + LastBF.getMaxSize(); 770 while (UnwindWriter.bytesRemaining()) { 771 if (Error E = emitORCEntry(LastIP, NullORC, nullptr, /*Force*/ true)) 772 return E; 773 } 774 775 return Error::success(); 776 } 777 778 /// The static call site table is created by objtool and contains entries in the 779 /// following format: 780 /// 781 /// struct static_call_site { 782 /// s32 addr; 783 /// s32 key; 784 /// }; 785 /// 786 Error LinuxKernelRewriter::readStaticCalls() { 787 const BinaryData *StaticCallTable = 788 BC.getBinaryDataByName("__start_static_call_sites"); 789 if (!StaticCallTable) 790 return Error::success(); 791 792 StaticCallTableAddress = StaticCallTable->getAddress(); 793 794 const BinaryData *Stop = BC.getBinaryDataByName("__stop_static_call_sites"); 795 if (!Stop) 796 return createStringError(errc::executable_format_error, 797 "missing __stop_static_call_sites symbol"); 798 799 ErrorOr<BinarySection &> ErrorOrSection = 800 BC.getSectionForAddress(StaticCallTableAddress); 801 if (!ErrorOrSection) 802 return createStringError(errc::executable_format_error, 803 "no section matching __start_static_call_sites"); 804 805 StaticCallSection = *ErrorOrSection; 806 if (!StaticCallSection->containsAddress(Stop->getAddress() - 1)) 807 return createStringError(errc::executable_format_error, 808 "__stop_static_call_sites not in the same section " 809 "as __start_static_call_sites"); 810 811 if ((Stop->getAddress() - StaticCallTableAddress) % STATIC_CALL_ENTRY_SIZE) 812 return createStringError(errc::executable_format_error, 813 "static call table size error"); 814 815 const uint64_t SectionAddress = StaticCallSection->getAddress(); 816 DataExtractor DE(StaticCallSection->getContents(), 817 BC.AsmInfo->isLittleEndian(), 818 BC.AsmInfo->getCodePointerSize()); 819 DataExtractor::Cursor Cursor(StaticCallTableAddress - SectionAddress); 820 uint32_t EntryID = 0; 821 while (Cursor && Cursor.tell() < Stop->getAddress() - SectionAddress) { 822 const uint64_t CallAddress = 823 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 824 const uint64_t KeyAddress = 825 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 826 827 // Consume the status of the cursor. 828 if (!Cursor) 829 return createStringError(errc::executable_format_error, 830 "out of bounds while reading static calls"); 831 832 ++EntryID; 833 834 if (opts::DumpStaticCalls) { 835 BC.outs() << "Static Call Site: " << EntryID << '\n'; 836 BC.outs() << "\tCallAddress: 0x" << Twine::utohexstr(CallAddress) 837 << "\n\tKeyAddress: 0x" << Twine::utohexstr(KeyAddress) 838 << '\n'; 839 } 840 841 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(CallAddress); 842 if (!BF) 843 continue; 844 845 if (!BC.shouldEmit(*BF)) 846 continue; 847 848 if (!BF->hasInstructions()) 849 continue; 850 851 MCInst *Inst = BF->getInstructionAtOffset(CallAddress - BF->getAddress()); 852 if (!Inst) 853 return createStringError(errc::executable_format_error, 854 "no instruction at call site address 0x%" PRIx64, 855 CallAddress); 856 857 // Check for duplicate entries. 858 if (BC.MIB->hasAnnotation(*Inst, "StaticCall")) 859 return createStringError(errc::executable_format_error, 860 "duplicate static call site at 0x%" PRIx64, 861 CallAddress); 862 863 BC.MIB->addAnnotation(*Inst, "StaticCall", EntryID); 864 865 MCSymbol *Label = 866 BC.MIB->getOrCreateInstLabel(*Inst, "__SC_", BC.Ctx.get()); 867 868 StaticCallEntries.push_back({EntryID, BF, Label}); 869 } 870 871 BC.outs() << "BOLT-INFO: parsed " << StaticCallEntries.size() 872 << " static call entries\n"; 873 874 return Error::success(); 875 } 876 877 /// The static call table is sorted during boot time in 878 /// static_call_sort_entries(). This makes it possible to update existing 879 /// entries in-place ignoring their relative order. 880 Error LinuxKernelRewriter::rewriteStaticCalls() { 881 if (!StaticCallTableAddress || !StaticCallSection) 882 return Error::success(); 883 884 for (auto &Entry : StaticCallEntries) { 885 if (!Entry.Function) 886 continue; 887 888 BinaryFunction &BF = *Entry.Function; 889 if (!BC.shouldEmit(BF)) 890 continue; 891 892 // Create a relocation against the label. 893 const uint64_t EntryOffset = StaticCallTableAddress - 894 StaticCallSection->getAddress() + 895 (Entry.ID - 1) * STATIC_CALL_ENTRY_SIZE; 896 StaticCallSection->addRelocation(EntryOffset, Entry.Label, 897 ELF::R_X86_64_PC32, /*Addend*/ 0); 898 } 899 900 return Error::success(); 901 } 902 903 /// Instructions that access user-space memory can cause page faults. These 904 /// faults will be handled by the kernel and execution will resume at the fixup 905 /// code location if the address was invalid. The kernel uses the exception 906 /// table to match the faulting instruction to its fixup. The table consists of 907 /// the following entries: 908 /// 909 /// struct exception_table_entry { 910 /// int insn; 911 /// int fixup; 912 /// int data; 913 /// }; 914 /// 915 /// More info at: 916 /// https://www.kernel.org/doc/Documentation/x86/exception-tables.txt 917 Error LinuxKernelRewriter::readExceptionTable() { 918 ExceptionsSection = BC.getUniqueSectionByName("__ex_table"); 919 if (!ExceptionsSection) 920 return Error::success(); 921 922 if (ExceptionsSection->getSize() % EXCEPTION_TABLE_ENTRY_SIZE) 923 return createStringError(errc::executable_format_error, 924 "exception table size error"); 925 926 const uint64_t SectionAddress = ExceptionsSection->getAddress(); 927 DataExtractor DE(ExceptionsSection->getContents(), 928 BC.AsmInfo->isLittleEndian(), 929 BC.AsmInfo->getCodePointerSize()); 930 DataExtractor::Cursor Cursor(0); 931 uint32_t EntryID = 0; 932 while (Cursor && Cursor.tell() < ExceptionsSection->getSize()) { 933 const uint64_t InstAddress = 934 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 935 const uint64_t FixupAddress = 936 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 937 const uint64_t Data = DE.getU32(Cursor); 938 939 // Consume the status of the cursor. 940 if (!Cursor) 941 return createStringError(errc::executable_format_error, 942 "out of bounds while reading exception table"); 943 944 ++EntryID; 945 946 if (opts::DumpExceptions) { 947 BC.outs() << "Exception Entry: " << EntryID << '\n'; 948 BC.outs() << "\tInsn: 0x" << Twine::utohexstr(InstAddress) << '\n' 949 << "\tFixup: 0x" << Twine::utohexstr(FixupAddress) << '\n' 950 << "\tData: 0x" << Twine::utohexstr(Data) << '\n'; 951 } 952 953 MCInst *Inst = nullptr; 954 MCSymbol *FixupLabel = nullptr; 955 956 BinaryFunction *InstBF = BC.getBinaryFunctionContainingAddress(InstAddress); 957 if (InstBF && BC.shouldEmit(*InstBF)) { 958 Inst = InstBF->getInstructionAtOffset(InstAddress - InstBF->getAddress()); 959 if (!Inst) 960 return createStringError(errc::executable_format_error, 961 "no instruction at address 0x%" PRIx64 962 " in exception table", 963 InstAddress); 964 BC.MIB->addAnnotation(*Inst, "ExceptionEntry", EntryID); 965 FunctionsWithExceptions.insert(InstBF); 966 } 967 968 if (!InstBF && opts::Verbosity) { 969 BC.outs() << "BOLT-INFO: no function matches instruction at 0x" 970 << Twine::utohexstr(InstAddress) 971 << " referenced by Linux exception table\n"; 972 } 973 974 BinaryFunction *FixupBF = 975 BC.getBinaryFunctionContainingAddress(FixupAddress); 976 if (FixupBF && BC.shouldEmit(*FixupBF)) { 977 const uint64_t Offset = FixupAddress - FixupBF->getAddress(); 978 if (!FixupBF->getInstructionAtOffset(Offset)) 979 return createStringError(errc::executable_format_error, 980 "no instruction at fixup address 0x%" PRIx64 981 " in exception table", 982 FixupAddress); 983 FixupLabel = Offset ? FixupBF->addEntryPointAtOffset(Offset) 984 : FixupBF->getSymbol(); 985 if (Inst) 986 BC.MIB->addAnnotation(*Inst, "Fixup", FixupLabel->getName()); 987 FunctionsWithExceptions.insert(FixupBF); 988 } 989 990 if (!FixupBF && opts::Verbosity) { 991 BC.outs() << "BOLT-INFO: no function matches fixup code at 0x" 992 << Twine::utohexstr(FixupAddress) 993 << " referenced by Linux exception table\n"; 994 } 995 } 996 997 BC.outs() << "BOLT-INFO: parsed " 998 << ExceptionsSection->getSize() / EXCEPTION_TABLE_ENTRY_SIZE 999 << " exception table entries\n"; 1000 1001 return Error::success(); 1002 } 1003 1004 /// Depending on the value of CONFIG_BUILDTIME_TABLE_SORT, the kernel expects 1005 /// the exception table to be sorted. Hence we have to sort it after code 1006 /// reordering. 1007 Error LinuxKernelRewriter::rewriteExceptionTable() { 1008 // Disable output of functions with exceptions before rewrite support is 1009 // added. 1010 for (BinaryFunction *BF : FunctionsWithExceptions) 1011 BF->setSimple(false); 1012 1013 return Error::success(); 1014 } 1015 1016 } // namespace 1017 1018 std::unique_ptr<MetadataRewriter> 1019 llvm::bolt::createLinuxKernelRewriter(BinaryContext &BC) { 1020 return std::make_unique<LinuxKernelRewriter>(BC); 1021 } 1022