1 //===- bolt/Rewrite/LinuxKernelRewriter.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Support for updating Linux Kernel metadata. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "bolt/Core/BinaryFunction.h" 14 #include "bolt/Rewrite/MetadataRewriter.h" 15 #include "bolt/Rewrite/MetadataRewriters.h" 16 #include "bolt/Utils/CommandLineOpts.h" 17 #include "llvm/ADT/DenseSet.h" 18 #include "llvm/Support/BinaryStreamWriter.h" 19 #include "llvm/Support/CommandLine.h" 20 #include "llvm/Support/Debug.h" 21 #include "llvm/Support/Errc.h" 22 23 #define DEBUG_TYPE "bolt-linux" 24 25 using namespace llvm; 26 using namespace bolt; 27 28 namespace opts { 29 30 static cl::opt<bool> 31 DumpExceptions("dump-linux-exceptions", 32 cl::desc("dump Linux kernel exception table"), 33 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 34 35 static cl::opt<bool> 36 DumpORC("dump-orc", cl::desc("dump raw ORC unwind information (sorted)"), 37 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 38 39 static cl::opt<bool> DumpParavirtualPatchSites( 40 "dump-para-sites", cl::desc("dump Linux kernel paravitual patch sites"), 41 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 42 43 static cl::opt<bool> DumpStaticCalls("dump-static-calls", 44 cl::desc("dump Linux kernel static calls"), 45 cl::init(false), cl::Hidden, 46 cl::cat(BoltCategory)); 47 48 static cl::opt<bool> 49 PrintORC("print-orc", 50 cl::desc("print ORC unwind information for instructions"), 51 cl::init(true), cl::Hidden, cl::cat(BoltCategory)); 52 53 } // namespace opts 54 55 /// Linux Kernel supports stack unwinding using ORC (oops rewind capability). 56 /// ORC state at every IP can be described by the following data structure. 57 struct ORCState { 58 int16_t SPOffset; 59 int16_t BPOffset; 60 int16_t Info; 61 62 bool operator==(const ORCState &Other) const { 63 return SPOffset == Other.SPOffset && BPOffset == Other.BPOffset && 64 Info == Other.Info; 65 } 66 67 bool operator!=(const ORCState &Other) const { return !(*this == Other); } 68 }; 69 70 /// Section terminator ORC entry. 71 static ORCState NullORC = {0, 0, 0}; 72 73 /// Basic printer for ORC entry. It does not provide the same level of 74 /// information as objtool (for now). 75 inline raw_ostream &operator<<(raw_ostream &OS, const ORCState &E) { 76 if (!opts::PrintORC) 77 return OS; 78 if (E != NullORC) 79 OS << format("{sp: %d, bp: %d, info: 0x%x}", E.SPOffset, E.BPOffset, 80 E.Info); 81 else 82 OS << "{terminator}"; 83 84 return OS; 85 } 86 87 namespace { 88 89 class LinuxKernelRewriter final : public MetadataRewriter { 90 /// Linux Kernel special sections point to a specific instruction in many 91 /// cases. Unlike SDTMarkerInfo, these markers can come from different 92 /// sections. 93 struct LKInstructionMarkerInfo { 94 uint64_t SectionOffset; 95 int32_t PCRelativeOffset; 96 bool IsPCRelative; 97 StringRef SectionName; 98 }; 99 100 /// Map linux kernel program locations/instructions to their pointers in 101 /// special linux kernel sections 102 std::unordered_map<uint64_t, std::vector<LKInstructionMarkerInfo>> LKMarkers; 103 104 /// Linux ORC sections. 105 ErrorOr<BinarySection &> ORCUnwindSection = std::errc::bad_address; 106 ErrorOr<BinarySection &> ORCUnwindIPSection = std::errc::bad_address; 107 108 /// Size of entries in ORC sections. 109 static constexpr size_t ORC_UNWIND_ENTRY_SIZE = 6; 110 static constexpr size_t ORC_UNWIND_IP_ENTRY_SIZE = 4; 111 112 struct ORCListEntry { 113 uint64_t IP; /// Instruction address. 114 BinaryFunction *BF; /// Binary function corresponding to the entry. 115 ORCState ORC; /// Stack unwind info in ORC format. 116 117 /// ORC entries are sorted by their IPs. Terminator entries (NullORC) 118 /// should precede other entries with the same address. 119 bool operator<(const ORCListEntry &Other) const { 120 if (IP < Other.IP) 121 return 1; 122 if (IP > Other.IP) 123 return 0; 124 return ORC == NullORC && Other.ORC != NullORC; 125 } 126 }; 127 128 using ORCListType = std::vector<ORCListEntry>; 129 ORCListType ORCEntries; 130 131 /// Number of entries in the input file ORC sections. 132 uint64_t NumORCEntries = 0; 133 134 /// Section containing static call table. 135 ErrorOr<BinarySection &> StaticCallSection = std::errc::bad_address; 136 uint64_t StaticCallTableAddress = 0; 137 static constexpr size_t STATIC_CALL_ENTRY_SIZE = 8; 138 139 struct StaticCallInfo { 140 uint32_t ID; /// Identifier of the entry in the table. 141 BinaryFunction *Function; /// Function containing associated call. 142 MCSymbol *Label; /// Label attached to the call. 143 }; 144 using StaticCallListType = std::vector<StaticCallInfo>; 145 StaticCallListType StaticCallEntries; 146 147 /// Section containing the Linux exception table. 148 ErrorOr<BinarySection &> ExceptionsSection = std::errc::bad_address; 149 static constexpr size_t EXCEPTION_TABLE_ENTRY_SIZE = 12; 150 151 /// Functions with exception handling code. 152 DenseSet<BinaryFunction *> FunctionsWithExceptions; 153 154 /// Section with paravirtual patch sites. 155 ErrorOr<BinarySection &> ParavirtualPatchSection = std::errc::bad_address; 156 157 /// Alignment of paravirtual patch structures. 158 static constexpr size_t PARA_PATCH_ALIGN = 8; 159 160 /// Insert an LKMarker for a given code pointer \p PC from a non-code section 161 /// \p SectionName. 162 void insertLKMarker(uint64_t PC, uint64_t SectionOffset, 163 int32_t PCRelativeOffset, bool IsPCRelative, 164 StringRef SectionName); 165 166 /// Process linux kernel special sections and their relocations. 167 void processLKSections(); 168 169 /// Process special linux kernel section, .pci_fixup. 170 void processLKPCIFixup(); 171 172 /// Process __ksymtab and __ksymtab_gpl. 173 void processLKKSymtab(bool IsGPL = false); 174 175 /// Process special linux kernel section, __bug_table. 176 void processLKBugTable(); 177 178 /// Process special linux kernel section, .smp_locks. 179 void processLKSMPLocks(); 180 181 /// Update LKMarkers' locations for the output binary. 182 void updateLKMarkers(); 183 184 /// Read ORC unwind information and annotate instructions. 185 Error readORCTables(); 186 187 /// Update ORC for functions once CFG is constructed. 188 Error processORCPostCFG(); 189 190 /// Update ORC data in the binary. 191 Error rewriteORCTables(); 192 193 /// Static call table handling. 194 Error readStaticCalls(); 195 Error rewriteStaticCalls(); 196 197 Error readExceptionTable(); 198 Error rewriteExceptionTable(); 199 200 /// Paravirtual instruction patch sites. 201 Error readParaInstructions(); 202 203 /// Mark instructions referenced by kernel metadata. 204 Error markInstructions(); 205 206 public: 207 LinuxKernelRewriter(BinaryContext &BC) 208 : MetadataRewriter("linux-kernel-rewriter", BC) {} 209 210 Error preCFGInitializer() override { 211 processLKSections(); 212 if (Error E = markInstructions()) 213 return E; 214 215 if (Error E = readORCTables()) 216 return E; 217 218 if (Error E = readStaticCalls()) 219 return E; 220 221 if (Error E = readExceptionTable()) 222 return E; 223 224 if (Error E = readParaInstructions()) 225 return E; 226 227 return Error::success(); 228 } 229 230 Error postCFGInitializer() override { 231 if (Error E = processORCPostCFG()) 232 return E; 233 234 return Error::success(); 235 } 236 237 Error preEmitFinalizer() override { 238 // Since rewriteExceptionTable() can mark functions as non-simple, run it 239 // before other rewriters that depend on simple/emit status. 240 if (Error E = rewriteExceptionTable()) 241 return E; 242 243 if (Error E = rewriteORCTables()) 244 return E; 245 246 if (Error E = rewriteStaticCalls()) 247 return E; 248 249 return Error::success(); 250 } 251 252 Error postEmitFinalizer() override { 253 updateLKMarkers(); 254 255 return Error::success(); 256 } 257 }; 258 259 Error LinuxKernelRewriter::markInstructions() { 260 for (const uint64_t PC : llvm::make_first_range(LKMarkers)) { 261 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(PC); 262 263 if (!BF || !BC.shouldEmit(*BF)) 264 continue; 265 266 const uint64_t Offset = PC - BF->getAddress(); 267 MCInst *Inst = BF->getInstructionAtOffset(Offset); 268 if (!Inst) 269 return createStringError(errc::executable_format_error, 270 "no instruction matches kernel marker offset"); 271 272 BC.MIB->setOffset(*Inst, static_cast<uint32_t>(Offset)); 273 274 BF->setHasSDTMarker(true); 275 } 276 277 return Error::success(); 278 } 279 280 void LinuxKernelRewriter::insertLKMarker(uint64_t PC, uint64_t SectionOffset, 281 int32_t PCRelativeOffset, 282 bool IsPCRelative, 283 StringRef SectionName) { 284 LKMarkers[PC].emplace_back(LKInstructionMarkerInfo{ 285 SectionOffset, PCRelativeOffset, IsPCRelative, SectionName}); 286 } 287 288 void LinuxKernelRewriter::processLKSections() { 289 processLKPCIFixup(); 290 processLKKSymtab(); 291 processLKKSymtab(true); 292 processLKBugTable(); 293 processLKSMPLocks(); 294 } 295 296 /// Process .pci_fixup section of Linux Kernel. 297 /// This section contains a list of entries for different PCI devices and their 298 /// corresponding hook handler (code pointer where the fixup 299 /// code resides, usually on x86_64 it is an entry PC relative 32 bit offset). 300 /// Documentation is in include/linux/pci.h. 301 void LinuxKernelRewriter::processLKPCIFixup() { 302 ErrorOr<BinarySection &> SectionOrError = 303 BC.getUniqueSectionByName(".pci_fixup"); 304 if (!SectionOrError) 305 return; 306 307 const uint64_t SectionSize = SectionOrError->getSize(); 308 const uint64_t SectionAddress = SectionOrError->getAddress(); 309 assert((SectionSize % 16) == 0 && ".pci_fixup size is not a multiple of 16"); 310 311 for (uint64_t I = 12; I + 4 <= SectionSize; I += 16) { 312 const uint64_t PC = SectionAddress + I; 313 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(PC, 4); 314 assert(Offset && "cannot read value from .pci_fixup"); 315 const int32_t SignedOffset = *Offset; 316 const uint64_t HookupAddress = PC + SignedOffset; 317 BinaryFunction *HookupFunction = 318 BC.getBinaryFunctionAtAddress(HookupAddress); 319 assert(HookupFunction && "expected function for entry in .pci_fixup"); 320 BC.addRelocation(PC, HookupFunction->getSymbol(), Relocation::getPC32(), 0, 321 *Offset); 322 } 323 } 324 325 /// Process __ksymtab[_gpl] sections of Linux Kernel. 326 /// This section lists all the vmlinux symbols that kernel modules can access. 327 /// 328 /// All the entries are 4 bytes each and hence we can read them by one by one 329 /// and ignore the ones that are not pointing to the .text section. All pointers 330 /// are PC relative offsets. Always, points to the beginning of the function. 331 void LinuxKernelRewriter::processLKKSymtab(bool IsGPL) { 332 StringRef SectionName = "__ksymtab"; 333 if (IsGPL) 334 SectionName = "__ksymtab_gpl"; 335 ErrorOr<BinarySection &> SectionOrError = 336 BC.getUniqueSectionByName(SectionName); 337 assert(SectionOrError && 338 "__ksymtab[_gpl] section not found in Linux Kernel binary"); 339 const uint64_t SectionSize = SectionOrError->getSize(); 340 const uint64_t SectionAddress = SectionOrError->getAddress(); 341 assert((SectionSize % 4) == 0 && 342 "The size of the __ksymtab[_gpl] section should be a multiple of 4"); 343 344 for (uint64_t I = 0; I < SectionSize; I += 4) { 345 const uint64_t EntryAddress = SectionAddress + I; 346 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 347 assert(Offset && "Reading valid PC-relative offset for a ksymtab entry"); 348 const int32_t SignedOffset = *Offset; 349 const uint64_t RefAddress = EntryAddress + SignedOffset; 350 BinaryFunction *BF = BC.getBinaryFunctionAtAddress(RefAddress); 351 if (!BF) 352 continue; 353 354 BC.addRelocation(EntryAddress, BF->getSymbol(), Relocation::getPC32(), 0, 355 *Offset); 356 } 357 } 358 359 /// Process __bug_table section. 360 /// This section contains information useful for kernel debugging. 361 /// Each entry in the section is a struct bug_entry that contains a pointer to 362 /// the ud2 instruction corresponding to the bug, corresponding file name (both 363 /// pointers use PC relative offset addressing), line number, and flags. 364 /// The definition of the struct bug_entry can be found in 365 /// `include/asm-generic/bug.h` 366 void LinuxKernelRewriter::processLKBugTable() { 367 ErrorOr<BinarySection &> SectionOrError = 368 BC.getUniqueSectionByName("__bug_table"); 369 if (!SectionOrError) 370 return; 371 372 const uint64_t SectionSize = SectionOrError->getSize(); 373 const uint64_t SectionAddress = SectionOrError->getAddress(); 374 assert((SectionSize % 12) == 0 && 375 "The size of the __bug_table section should be a multiple of 12"); 376 for (uint64_t I = 0; I < SectionSize; I += 12) { 377 const uint64_t EntryAddress = SectionAddress + I; 378 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 379 assert(Offset && 380 "Reading valid PC-relative offset for a __bug_table entry"); 381 const int32_t SignedOffset = *Offset; 382 const uint64_t RefAddress = EntryAddress + SignedOffset; 383 assert(BC.getBinaryFunctionContainingAddress(RefAddress) && 384 "__bug_table entries should point to a function"); 385 386 insertLKMarker(RefAddress, I, SignedOffset, true, "__bug_table"); 387 } 388 } 389 390 /// .smp_locks section contains PC-relative references to instructions with LOCK 391 /// prefix. The prefix can be converted to NOP at boot time on non-SMP systems. 392 void LinuxKernelRewriter::processLKSMPLocks() { 393 ErrorOr<BinarySection &> SectionOrError = 394 BC.getUniqueSectionByName(".smp_locks"); 395 if (!SectionOrError) 396 return; 397 398 uint64_t SectionSize = SectionOrError->getSize(); 399 const uint64_t SectionAddress = SectionOrError->getAddress(); 400 assert((SectionSize % 4) == 0 && 401 "The size of the .smp_locks section should be a multiple of 4"); 402 403 for (uint64_t I = 0; I < SectionSize; I += 4) { 404 const uint64_t EntryAddress = SectionAddress + I; 405 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 406 assert(Offset && "Reading valid PC-relative offset for a .smp_locks entry"); 407 int32_t SignedOffset = *Offset; 408 uint64_t RefAddress = EntryAddress + SignedOffset; 409 410 BinaryFunction *ContainingBF = 411 BC.getBinaryFunctionContainingAddress(RefAddress); 412 if (!ContainingBF) 413 continue; 414 415 insertLKMarker(RefAddress, I, SignedOffset, true, ".smp_locks"); 416 } 417 } 418 419 void LinuxKernelRewriter::updateLKMarkers() { 420 if (LKMarkers.size() == 0) 421 return; 422 423 std::unordered_map<std::string, uint64_t> PatchCounts; 424 for (std::pair<const uint64_t, std::vector<LKInstructionMarkerInfo>> 425 &LKMarkerInfoKV : LKMarkers) { 426 const uint64_t OriginalAddress = LKMarkerInfoKV.first; 427 const BinaryFunction *BF = 428 BC.getBinaryFunctionContainingAddress(OriginalAddress, false, true); 429 if (!BF) 430 continue; 431 432 uint64_t NewAddress = BF->translateInputToOutputAddress(OriginalAddress); 433 if (NewAddress == 0) 434 continue; 435 436 // Apply base address. 437 if (OriginalAddress >= 0xffffffff00000000 && NewAddress < 0xffffffff) 438 NewAddress = NewAddress + 0xffffffff00000000; 439 440 if (OriginalAddress == NewAddress) 441 continue; 442 443 for (LKInstructionMarkerInfo &LKMarkerInfo : LKMarkerInfoKV.second) { 444 StringRef SectionName = LKMarkerInfo.SectionName; 445 SimpleBinaryPatcher *LKPatcher; 446 ErrorOr<BinarySection &> BSec = BC.getUniqueSectionByName(SectionName); 447 assert(BSec && "missing section info for kernel section"); 448 if (!BSec->getPatcher()) 449 BSec->registerPatcher(std::make_unique<SimpleBinaryPatcher>()); 450 LKPatcher = static_cast<SimpleBinaryPatcher *>(BSec->getPatcher()); 451 PatchCounts[std::string(SectionName)]++; 452 if (LKMarkerInfo.IsPCRelative) 453 LKPatcher->addLE32Patch(LKMarkerInfo.SectionOffset, 454 NewAddress - OriginalAddress + 455 LKMarkerInfo.PCRelativeOffset); 456 else 457 LKPatcher->addLE64Patch(LKMarkerInfo.SectionOffset, NewAddress); 458 } 459 } 460 BC.outs() << "BOLT-INFO: patching linux kernel sections. Total patches per " 461 "section are as follows:\n"; 462 for (const std::pair<const std::string, uint64_t> &KV : PatchCounts) 463 BC.outs() << " Section: " << KV.first << ", patch-counts: " << KV.second 464 << '\n'; 465 } 466 467 Error LinuxKernelRewriter::readORCTables() { 468 // NOTE: we should ignore relocations for orc tables as the tables are sorted 469 // post-link time and relocations are not updated. 470 ORCUnwindSection = BC.getUniqueSectionByName(".orc_unwind"); 471 ORCUnwindIPSection = BC.getUniqueSectionByName(".orc_unwind_ip"); 472 473 if (!ORCUnwindSection && !ORCUnwindIPSection) 474 return Error::success(); 475 476 if (!ORCUnwindSection || !ORCUnwindIPSection) 477 return createStringError(errc::executable_format_error, 478 "missing ORC section"); 479 480 NumORCEntries = ORCUnwindIPSection->getSize() / ORC_UNWIND_IP_ENTRY_SIZE; 481 if (ORCUnwindSection->getSize() != NumORCEntries * ORC_UNWIND_ENTRY_SIZE || 482 ORCUnwindIPSection->getSize() != NumORCEntries * ORC_UNWIND_IP_ENTRY_SIZE) 483 return createStringError(errc::executable_format_error, 484 "ORC entries number mismatch detected"); 485 486 const uint64_t IPSectionAddress = ORCUnwindIPSection->getAddress(); 487 DataExtractor OrcDE = DataExtractor(ORCUnwindSection->getContents(), 488 BC.AsmInfo->isLittleEndian(), 489 BC.AsmInfo->getCodePointerSize()); 490 DataExtractor IPDE = DataExtractor(ORCUnwindIPSection->getContents(), 491 BC.AsmInfo->isLittleEndian(), 492 BC.AsmInfo->getCodePointerSize()); 493 DataExtractor::Cursor ORCCursor(0); 494 DataExtractor::Cursor IPCursor(0); 495 uint64_t PrevIP = 0; 496 for (uint32_t Index = 0; Index < NumORCEntries; ++Index) { 497 const uint64_t IP = 498 IPSectionAddress + IPCursor.tell() + (int32_t)IPDE.getU32(IPCursor); 499 500 // Consume the status of the cursor. 501 if (!IPCursor) 502 return createStringError(errc::executable_format_error, 503 "out of bounds while reading ORC IP table"); 504 505 if (IP < PrevIP && opts::Verbosity) 506 BC.errs() << "BOLT-WARNING: out of order IP 0x" << Twine::utohexstr(IP) 507 << " detected while reading ORC\n"; 508 509 PrevIP = IP; 510 511 // Store all entries, includes those we are not going to update as the 512 // tables need to be sorted globally before being written out. 513 ORCEntries.push_back(ORCListEntry()); 514 ORCListEntry &Entry = ORCEntries.back(); 515 516 Entry.IP = IP; 517 Entry.ORC.SPOffset = (int16_t)OrcDE.getU16(ORCCursor); 518 Entry.ORC.BPOffset = (int16_t)OrcDE.getU16(ORCCursor); 519 Entry.ORC.Info = (int16_t)OrcDE.getU16(ORCCursor); 520 Entry.BF = nullptr; 521 522 // Consume the status of the cursor. 523 if (!ORCCursor) 524 return createStringError(errc::executable_format_error, 525 "out of bounds while reading ORC"); 526 527 if (Entry.ORC == NullORC) 528 continue; 529 530 BinaryFunction *&BF = Entry.BF; 531 BF = BC.getBinaryFunctionContainingAddress(IP, /*CheckPastEnd*/ true); 532 533 // If the entry immediately pointing past the end of the function is not 534 // the terminator entry, then it does not belong to this function. 535 if (BF && BF->getAddress() + BF->getSize() == IP) 536 BF = 0; 537 538 if (!BF) { 539 if (opts::Verbosity) 540 BC.errs() << "BOLT-WARNING: no binary function found matching ORC 0x" 541 << Twine::utohexstr(IP) << ": " << Entry.ORC << '\n'; 542 continue; 543 } 544 545 BF->setHasORC(true); 546 547 if (!BF->hasInstructions()) 548 continue; 549 550 MCInst *Inst = BF->getInstructionAtOffset(IP - BF->getAddress()); 551 if (!Inst) 552 return createStringError( 553 errc::executable_format_error, 554 "no instruction at address 0x%" PRIx64 " in .orc_unwind_ip", IP); 555 556 // Some addresses will have two entries associated with them. The first 557 // one being a "weak" section terminator. Since we ignore the terminator, 558 // we should only assign one entry per instruction. 559 if (BC.MIB->hasAnnotation(*Inst, "ORC")) 560 return createStringError( 561 errc::executable_format_error, 562 "duplicate non-terminal ORC IP 0x%" PRIx64 " in .orc_unwind_ip", IP); 563 564 BC.MIB->addAnnotation(*Inst, "ORC", Entry.ORC); 565 } 566 567 BC.outs() << "BOLT-INFO: parsed " << NumORCEntries << " ORC entries\n"; 568 569 if (opts::DumpORC) { 570 BC.outs() << "BOLT-INFO: ORC unwind information:\n"; 571 for (const ORCListEntry &E : ORCEntries) { 572 BC.outs() << "0x" << Twine::utohexstr(E.IP) << ": " << E.ORC; 573 if (E.BF) 574 BC.outs() << ": " << *E.BF; 575 BC.outs() << '\n'; 576 } 577 } 578 579 // Add entries for functions that don't have explicit ORC info at the start. 580 // We'll have the correct info for them even if ORC for the preceding function 581 // changes. 582 ORCListType NewEntries; 583 for (BinaryFunction &BF : llvm::make_second_range(BC.getBinaryFunctions())) { 584 auto It = llvm::partition_point(ORCEntries, [&](const ORCListEntry &E) { 585 return E.IP <= BF.getAddress(); 586 }); 587 if (It != ORCEntries.begin()) 588 --It; 589 590 if (It->BF == &BF) 591 continue; 592 593 if (It->ORC == NullORC && It->IP == BF.getAddress()) { 594 assert(!It->BF); 595 It->BF = &BF; 596 continue; 597 } 598 599 NewEntries.push_back({BF.getAddress(), &BF, It->ORC}); 600 if (It->ORC != NullORC) 601 BF.setHasORC(true); 602 } 603 604 llvm::copy(NewEntries, std::back_inserter(ORCEntries)); 605 llvm::sort(ORCEntries); 606 607 if (opts::DumpORC) { 608 BC.outs() << "BOLT-INFO: amended ORC unwind information:\n"; 609 for (const ORCListEntry &E : ORCEntries) { 610 BC.outs() << "0x" << Twine::utohexstr(E.IP) << ": " << E.ORC; 611 if (E.BF) 612 BC.outs() << ": " << *E.BF; 613 BC.outs() << '\n'; 614 } 615 } 616 617 return Error::success(); 618 } 619 620 Error LinuxKernelRewriter::processORCPostCFG() { 621 if (!NumORCEntries) 622 return Error::success(); 623 624 // Propagate ORC to the rest of the function. We can annotate every 625 // instruction in every function, but to minimize the overhead, we annotate 626 // the first instruction in every basic block to reflect the state at the 627 // entry. This way, the ORC state can be calculated based on annotations 628 // regardless of the basic block layout. Note that if we insert/delete 629 // instructions, we must take care to attach ORC info to the new/deleted ones. 630 for (BinaryFunction &BF : llvm::make_second_range(BC.getBinaryFunctions())) { 631 632 std::optional<ORCState> CurrentState; 633 for (BinaryBasicBlock &BB : BF) { 634 for (MCInst &Inst : BB) { 635 ErrorOr<ORCState> State = 636 BC.MIB->tryGetAnnotationAs<ORCState>(Inst, "ORC"); 637 638 if (State) { 639 CurrentState = *State; 640 continue; 641 } 642 643 // Get state for the start of the function. 644 if (!CurrentState) { 645 // A terminator entry (NullORC) can match the function address. If 646 // there's also a non-terminator entry, it will be placed after the 647 // terminator. Hence, we are looking for the last ORC entry that 648 // matches the address. 649 auto It = 650 llvm::partition_point(ORCEntries, [&](const ORCListEntry &E) { 651 return E.IP <= BF.getAddress(); 652 }); 653 if (It != ORCEntries.begin()) 654 --It; 655 656 assert(It->IP == BF.getAddress() && (!It->BF || It->BF == &BF) && 657 "ORC info at function entry expected."); 658 659 if (It->ORC == NullORC && BF.hasORC()) { 660 BC.errs() << "BOLT-WARNING: ORC unwind info excludes prologue for " 661 << BF << '\n'; 662 } 663 664 It->BF = &BF; 665 666 CurrentState = It->ORC; 667 if (It->ORC != NullORC) 668 BF.setHasORC(true); 669 } 670 671 // While printing ORC, attach info to every instruction for convenience. 672 if (opts::PrintORC || &Inst == &BB.front()) 673 BC.MIB->addAnnotation(Inst, "ORC", *CurrentState); 674 } 675 } 676 } 677 678 return Error::success(); 679 } 680 681 Error LinuxKernelRewriter::rewriteORCTables() { 682 if (!NumORCEntries) 683 return Error::success(); 684 685 // Update ORC sections in-place. As we change the code, the number of ORC 686 // entries may increase for some functions. However, as we remove terminator 687 // redundancy (see below), more space is freed up and we should always be able 688 // to fit new ORC tables in the reserved space. 689 auto createInPlaceWriter = [&](BinarySection &Section) -> BinaryStreamWriter { 690 const size_t Size = Section.getSize(); 691 uint8_t *NewContents = new uint8_t[Size]; 692 Section.updateContents(NewContents, Size); 693 Section.setOutputFileOffset(Section.getInputFileOffset()); 694 return BinaryStreamWriter({NewContents, Size}, BC.AsmInfo->isLittleEndian() 695 ? endianness::little 696 : endianness::big); 697 }; 698 BinaryStreamWriter UnwindWriter = createInPlaceWriter(*ORCUnwindSection); 699 BinaryStreamWriter UnwindIPWriter = createInPlaceWriter(*ORCUnwindIPSection); 700 701 uint64_t NumEmitted = 0; 702 std::optional<ORCState> LastEmittedORC; 703 auto emitORCEntry = [&](const uint64_t IP, const ORCState &ORC, 704 MCSymbol *Label = 0, bool Force = false) -> Error { 705 if (LastEmittedORC && ORC == *LastEmittedORC && !Force) 706 return Error::success(); 707 708 LastEmittedORC = ORC; 709 710 if (++NumEmitted > NumORCEntries) 711 return createStringError(errc::executable_format_error, 712 "exceeded the number of allocated ORC entries"); 713 714 if (Label) 715 ORCUnwindIPSection->addRelocation(UnwindIPWriter.getOffset(), Label, 716 Relocation::getPC32(), /*Addend*/ 0); 717 718 const int32_t IPValue = 719 IP - ORCUnwindIPSection->getAddress() - UnwindIPWriter.getOffset(); 720 if (Error E = UnwindIPWriter.writeInteger(IPValue)) 721 return E; 722 723 if (Error E = UnwindWriter.writeInteger(ORC.SPOffset)) 724 return E; 725 if (Error E = UnwindWriter.writeInteger(ORC.BPOffset)) 726 return E; 727 if (Error E = UnwindWriter.writeInteger(ORC.Info)) 728 return E; 729 730 return Error::success(); 731 }; 732 733 // Emit new ORC entries for the emitted function. 734 auto emitORC = [&](const BinaryFunction &BF) -> Error { 735 assert(!BF.isSplit() && "Split functions not supported by ORC writer yet."); 736 737 ORCState CurrentState = NullORC; 738 for (BinaryBasicBlock *BB : BF.getLayout().blocks()) { 739 for (MCInst &Inst : *BB) { 740 ErrorOr<ORCState> ErrorOrState = 741 BC.MIB->tryGetAnnotationAs<ORCState>(Inst, "ORC"); 742 if (!ErrorOrState || *ErrorOrState == CurrentState) 743 continue; 744 745 // Issue label for the instruction. 746 MCSymbol *Label = 747 BC.MIB->getOrCreateInstLabel(Inst, "__ORC_", BC.Ctx.get()); 748 749 if (Error E = emitORCEntry(0, *ErrorOrState, Label)) 750 return E; 751 752 CurrentState = *ErrorOrState; 753 } 754 } 755 756 return Error::success(); 757 }; 758 759 for (ORCListEntry &Entry : ORCEntries) { 760 // Emit original entries for functions that we haven't modified. 761 if (!Entry.BF || !BC.shouldEmit(*Entry.BF)) { 762 // Emit terminator only if it marks the start of a function. 763 if (Entry.ORC == NullORC && !Entry.BF) 764 continue; 765 if (Error E = emitORCEntry(Entry.IP, Entry.ORC)) 766 return E; 767 continue; 768 } 769 770 // Emit all ORC entries for a function referenced by an entry and skip over 771 // the rest of entries for this function by resetting its ORC attribute. 772 if (Entry.BF->hasORC()) { 773 if (Error E = emitORC(*Entry.BF)) 774 return E; 775 Entry.BF->setHasORC(false); 776 } 777 } 778 779 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: emitted " << NumEmitted 780 << " ORC entries\n"); 781 782 // Replicate terminator entry at the end of sections to match the original 783 // table sizes. 784 const BinaryFunction &LastBF = BC.getBinaryFunctions().rbegin()->second; 785 const uint64_t LastIP = LastBF.getAddress() + LastBF.getMaxSize(); 786 while (UnwindWriter.bytesRemaining()) { 787 if (Error E = emitORCEntry(LastIP, NullORC, nullptr, /*Force*/ true)) 788 return E; 789 } 790 791 return Error::success(); 792 } 793 794 /// The static call site table is created by objtool and contains entries in the 795 /// following format: 796 /// 797 /// struct static_call_site { 798 /// s32 addr; 799 /// s32 key; 800 /// }; 801 /// 802 Error LinuxKernelRewriter::readStaticCalls() { 803 const BinaryData *StaticCallTable = 804 BC.getBinaryDataByName("__start_static_call_sites"); 805 if (!StaticCallTable) 806 return Error::success(); 807 808 StaticCallTableAddress = StaticCallTable->getAddress(); 809 810 const BinaryData *Stop = BC.getBinaryDataByName("__stop_static_call_sites"); 811 if (!Stop) 812 return createStringError(errc::executable_format_error, 813 "missing __stop_static_call_sites symbol"); 814 815 ErrorOr<BinarySection &> ErrorOrSection = 816 BC.getSectionForAddress(StaticCallTableAddress); 817 if (!ErrorOrSection) 818 return createStringError(errc::executable_format_error, 819 "no section matching __start_static_call_sites"); 820 821 StaticCallSection = *ErrorOrSection; 822 if (!StaticCallSection->containsAddress(Stop->getAddress() - 1)) 823 return createStringError(errc::executable_format_error, 824 "__stop_static_call_sites not in the same section " 825 "as __start_static_call_sites"); 826 827 if ((Stop->getAddress() - StaticCallTableAddress) % STATIC_CALL_ENTRY_SIZE) 828 return createStringError(errc::executable_format_error, 829 "static call table size error"); 830 831 const uint64_t SectionAddress = StaticCallSection->getAddress(); 832 DataExtractor DE(StaticCallSection->getContents(), 833 BC.AsmInfo->isLittleEndian(), 834 BC.AsmInfo->getCodePointerSize()); 835 DataExtractor::Cursor Cursor(StaticCallTableAddress - SectionAddress); 836 uint32_t EntryID = 0; 837 while (Cursor && Cursor.tell() < Stop->getAddress() - SectionAddress) { 838 const uint64_t CallAddress = 839 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 840 const uint64_t KeyAddress = 841 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 842 843 // Consume the status of the cursor. 844 if (!Cursor) 845 return createStringError(errc::executable_format_error, 846 "out of bounds while reading static calls"); 847 848 ++EntryID; 849 850 if (opts::DumpStaticCalls) { 851 BC.outs() << "Static Call Site: " << EntryID << '\n'; 852 BC.outs() << "\tCallAddress: 0x" << Twine::utohexstr(CallAddress) 853 << "\n\tKeyAddress: 0x" << Twine::utohexstr(KeyAddress) 854 << '\n'; 855 } 856 857 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(CallAddress); 858 if (!BF) 859 continue; 860 861 if (!BC.shouldEmit(*BF)) 862 continue; 863 864 if (!BF->hasInstructions()) 865 continue; 866 867 MCInst *Inst = BF->getInstructionAtOffset(CallAddress - BF->getAddress()); 868 if (!Inst) 869 return createStringError(errc::executable_format_error, 870 "no instruction at call site address 0x%" PRIx64, 871 CallAddress); 872 873 // Check for duplicate entries. 874 if (BC.MIB->hasAnnotation(*Inst, "StaticCall")) 875 return createStringError(errc::executable_format_error, 876 "duplicate static call site at 0x%" PRIx64, 877 CallAddress); 878 879 BC.MIB->addAnnotation(*Inst, "StaticCall", EntryID); 880 881 MCSymbol *Label = 882 BC.MIB->getOrCreateInstLabel(*Inst, "__SC_", BC.Ctx.get()); 883 884 StaticCallEntries.push_back({EntryID, BF, Label}); 885 } 886 887 BC.outs() << "BOLT-INFO: parsed " << StaticCallEntries.size() 888 << " static call entries\n"; 889 890 return Error::success(); 891 } 892 893 /// The static call table is sorted during boot time in 894 /// static_call_sort_entries(). This makes it possible to update existing 895 /// entries in-place ignoring their relative order. 896 Error LinuxKernelRewriter::rewriteStaticCalls() { 897 if (!StaticCallTableAddress || !StaticCallSection) 898 return Error::success(); 899 900 for (auto &Entry : StaticCallEntries) { 901 if (!Entry.Function) 902 continue; 903 904 BinaryFunction &BF = *Entry.Function; 905 if (!BC.shouldEmit(BF)) 906 continue; 907 908 // Create a relocation against the label. 909 const uint64_t EntryOffset = StaticCallTableAddress - 910 StaticCallSection->getAddress() + 911 (Entry.ID - 1) * STATIC_CALL_ENTRY_SIZE; 912 StaticCallSection->addRelocation(EntryOffset, Entry.Label, 913 ELF::R_X86_64_PC32, /*Addend*/ 0); 914 } 915 916 return Error::success(); 917 } 918 919 /// Instructions that access user-space memory can cause page faults. These 920 /// faults will be handled by the kernel and execution will resume at the fixup 921 /// code location if the address was invalid. The kernel uses the exception 922 /// table to match the faulting instruction to its fixup. The table consists of 923 /// the following entries: 924 /// 925 /// struct exception_table_entry { 926 /// int insn; 927 /// int fixup; 928 /// int data; 929 /// }; 930 /// 931 /// More info at: 932 /// https://www.kernel.org/doc/Documentation/x86/exception-tables.txt 933 Error LinuxKernelRewriter::readExceptionTable() { 934 ExceptionsSection = BC.getUniqueSectionByName("__ex_table"); 935 if (!ExceptionsSection) 936 return Error::success(); 937 938 if (ExceptionsSection->getSize() % EXCEPTION_TABLE_ENTRY_SIZE) 939 return createStringError(errc::executable_format_error, 940 "exception table size error"); 941 942 const uint64_t SectionAddress = ExceptionsSection->getAddress(); 943 DataExtractor DE(ExceptionsSection->getContents(), 944 BC.AsmInfo->isLittleEndian(), 945 BC.AsmInfo->getCodePointerSize()); 946 DataExtractor::Cursor Cursor(0); 947 uint32_t EntryID = 0; 948 while (Cursor && Cursor.tell() < ExceptionsSection->getSize()) { 949 const uint64_t InstAddress = 950 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 951 const uint64_t FixupAddress = 952 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 953 const uint64_t Data = DE.getU32(Cursor); 954 955 // Consume the status of the cursor. 956 if (!Cursor) 957 return createStringError(errc::executable_format_error, 958 "out of bounds while reading exception table"); 959 960 ++EntryID; 961 962 if (opts::DumpExceptions) { 963 BC.outs() << "Exception Entry: " << EntryID << '\n'; 964 BC.outs() << "\tInsn: 0x" << Twine::utohexstr(InstAddress) << '\n' 965 << "\tFixup: 0x" << Twine::utohexstr(FixupAddress) << '\n' 966 << "\tData: 0x" << Twine::utohexstr(Data) << '\n'; 967 } 968 969 MCInst *Inst = nullptr; 970 MCSymbol *FixupLabel = nullptr; 971 972 BinaryFunction *InstBF = BC.getBinaryFunctionContainingAddress(InstAddress); 973 if (InstBF && BC.shouldEmit(*InstBF)) { 974 Inst = InstBF->getInstructionAtOffset(InstAddress - InstBF->getAddress()); 975 if (!Inst) 976 return createStringError(errc::executable_format_error, 977 "no instruction at address 0x%" PRIx64 978 " in exception table", 979 InstAddress); 980 BC.MIB->addAnnotation(*Inst, "ExceptionEntry", EntryID); 981 FunctionsWithExceptions.insert(InstBF); 982 } 983 984 if (!InstBF && opts::Verbosity) { 985 BC.outs() << "BOLT-INFO: no function matches instruction at 0x" 986 << Twine::utohexstr(InstAddress) 987 << " referenced by Linux exception table\n"; 988 } 989 990 BinaryFunction *FixupBF = 991 BC.getBinaryFunctionContainingAddress(FixupAddress); 992 if (FixupBF && BC.shouldEmit(*FixupBF)) { 993 const uint64_t Offset = FixupAddress - FixupBF->getAddress(); 994 if (!FixupBF->getInstructionAtOffset(Offset)) 995 return createStringError(errc::executable_format_error, 996 "no instruction at fixup address 0x%" PRIx64 997 " in exception table", 998 FixupAddress); 999 FixupLabel = Offset ? FixupBF->addEntryPointAtOffset(Offset) 1000 : FixupBF->getSymbol(); 1001 if (Inst) 1002 BC.MIB->addAnnotation(*Inst, "Fixup", FixupLabel->getName()); 1003 FunctionsWithExceptions.insert(FixupBF); 1004 } 1005 1006 if (!FixupBF && opts::Verbosity) { 1007 BC.outs() << "BOLT-INFO: no function matches fixup code at 0x" 1008 << Twine::utohexstr(FixupAddress) 1009 << " referenced by Linux exception table\n"; 1010 } 1011 } 1012 1013 BC.outs() << "BOLT-INFO: parsed " 1014 << ExceptionsSection->getSize() / EXCEPTION_TABLE_ENTRY_SIZE 1015 << " exception table entries\n"; 1016 1017 return Error::success(); 1018 } 1019 1020 /// Depending on the value of CONFIG_BUILDTIME_TABLE_SORT, the kernel expects 1021 /// the exception table to be sorted. Hence we have to sort it after code 1022 /// reordering. 1023 Error LinuxKernelRewriter::rewriteExceptionTable() { 1024 // Disable output of functions with exceptions before rewrite support is 1025 // added. 1026 for (BinaryFunction *BF : FunctionsWithExceptions) 1027 BF->setSimple(false); 1028 1029 return Error::success(); 1030 } 1031 1032 /// .parainsrtuctions section contains information for patching parvirtual call 1033 /// instructions during runtime. The entries in the section are in the form: 1034 /// 1035 /// struct paravirt_patch_site { 1036 /// u8 *instr; /* original instructions */ 1037 /// u8 type; /* type of this instruction */ 1038 /// u8 len; /* length of original instruction */ 1039 /// }; 1040 /// 1041 /// Note that the structures are aligned at 8-byte boundary. 1042 Error LinuxKernelRewriter::readParaInstructions() { 1043 ParavirtualPatchSection = BC.getUniqueSectionByName(".parainstructions"); 1044 if (!ParavirtualPatchSection) 1045 return Error::success(); 1046 1047 DataExtractor DE = DataExtractor(ParavirtualPatchSection->getContents(), 1048 BC.AsmInfo->isLittleEndian(), 1049 BC.AsmInfo->getCodePointerSize()); 1050 uint32_t EntryID = 0; 1051 DataExtractor::Cursor Cursor(0); 1052 while (Cursor && !DE.eof(Cursor)) { 1053 const uint64_t NextOffset = alignTo(Cursor.tell(), Align(PARA_PATCH_ALIGN)); 1054 if (!DE.isValidOffset(NextOffset)) 1055 break; 1056 1057 Cursor.seek(NextOffset); 1058 1059 const uint64_t InstrLocation = DE.getU64(Cursor); 1060 const uint8_t Type = DE.getU8(Cursor); 1061 const uint8_t Len = DE.getU8(Cursor); 1062 1063 if (!Cursor) 1064 return createStringError(errc::executable_format_error, 1065 "out of bounds while reading .parainstructions"); 1066 1067 ++EntryID; 1068 1069 if (opts::DumpParavirtualPatchSites) { 1070 BC.outs() << "Paravirtual patch site: " << EntryID << '\n'; 1071 BC.outs() << "\tInstr: 0x" << Twine::utohexstr(InstrLocation) 1072 << "\n\tType: 0x" << Twine::utohexstr(Type) << "\n\tLen: 0x" 1073 << Twine::utohexstr(Len) << '\n'; 1074 } 1075 1076 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(InstrLocation); 1077 if (!BF && opts::Verbosity) { 1078 BC.outs() << "BOLT-INFO: no function matches address 0x" 1079 << Twine::utohexstr(InstrLocation) 1080 << " referenced by paravirutal patch site\n"; 1081 } 1082 1083 if (BF && BC.shouldEmit(*BF)) { 1084 MCInst *Inst = 1085 BF->getInstructionAtOffset(InstrLocation - BF->getAddress()); 1086 if (!Inst) 1087 return createStringError(errc::executable_format_error, 1088 "no instruction at address 0x%" PRIx64 1089 " in paravirtual call site %d", 1090 InstrLocation, EntryID); 1091 BC.MIB->addAnnotation(*Inst, "ParaSite", EntryID); 1092 } 1093 } 1094 1095 BC.outs() << "BOLT-INFO: parsed " << EntryID << " paravirtual patch sites\n"; 1096 1097 return Error::success(); 1098 } 1099 1100 } // namespace 1101 1102 std::unique_ptr<MetadataRewriter> 1103 llvm::bolt::createLinuxKernelRewriter(BinaryContext &BC) { 1104 return std::make_unique<LinuxKernelRewriter>(BC); 1105 } 1106