1 //===- bolt/Rewrite/LinuxKernelRewriter.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Support for updating Linux Kernel metadata. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "bolt/Core/BinaryFunction.h" 14 #include "bolt/Rewrite/MetadataRewriter.h" 15 #include "bolt/Rewrite/MetadataRewriters.h" 16 #include "bolt/Utils/CommandLineOpts.h" 17 #include "llvm/ADT/DenseSet.h" 18 #include "llvm/Support/BinaryStreamWriter.h" 19 #include "llvm/Support/CommandLine.h" 20 #include "llvm/Support/Debug.h" 21 #include "llvm/Support/Errc.h" 22 23 #define DEBUG_TYPE "bolt-linux" 24 25 using namespace llvm; 26 using namespace bolt; 27 28 namespace opts { 29 30 static cl::opt<bool> 31 AltInstHasPadLen("alt-inst-has-padlen", 32 cl::desc("specify that .altinstructions has padlen field"), 33 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 34 35 static cl::opt<uint32_t> 36 AltInstFeatureSize("alt-inst-feature-size", 37 cl::desc("size of feature field in .altinstructions"), 38 cl::init(2), cl::Hidden, cl::cat(BoltCategory)); 39 40 static cl::opt<bool> 41 DumpAltInstructions("dump-alt-instructions", 42 cl::desc("dump Linux alternative instructions info"), 43 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 44 45 static cl::opt<bool> 46 DumpExceptions("dump-linux-exceptions", 47 cl::desc("dump Linux kernel exception table"), 48 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 49 50 static cl::opt<bool> 51 DumpORC("dump-orc", cl::desc("dump raw ORC unwind information (sorted)"), 52 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 53 54 static cl::opt<bool> DumpParavirtualPatchSites( 55 "dump-para-sites", cl::desc("dump Linux kernel paravitual patch sites"), 56 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 57 58 static cl::opt<bool> 59 DumpPCIFixups("dump-pci-fixups", 60 cl::desc("dump Linux kernel PCI fixup table"), 61 cl::init(false), cl::Hidden, cl::cat(BoltCategory)); 62 63 static cl::opt<bool> DumpStaticCalls("dump-static-calls", 64 cl::desc("dump Linux kernel static calls"), 65 cl::init(false), cl::Hidden, 66 cl::cat(BoltCategory)); 67 68 static cl::opt<bool> 69 PrintORC("print-orc", 70 cl::desc("print ORC unwind information for instructions"), 71 cl::init(true), cl::Hidden, cl::cat(BoltCategory)); 72 73 } // namespace opts 74 75 /// Linux Kernel supports stack unwinding using ORC (oops rewind capability). 76 /// ORC state at every IP can be described by the following data structure. 77 struct ORCState { 78 int16_t SPOffset; 79 int16_t BPOffset; 80 int16_t Info; 81 82 bool operator==(const ORCState &Other) const { 83 return SPOffset == Other.SPOffset && BPOffset == Other.BPOffset && 84 Info == Other.Info; 85 } 86 87 bool operator!=(const ORCState &Other) const { return !(*this == Other); } 88 }; 89 90 /// Section terminator ORC entry. 91 static ORCState NullORC = {0, 0, 0}; 92 93 /// Basic printer for ORC entry. It does not provide the same level of 94 /// information as objtool (for now). 95 inline raw_ostream &operator<<(raw_ostream &OS, const ORCState &E) { 96 if (!opts::PrintORC) 97 return OS; 98 if (E != NullORC) 99 OS << format("{sp: %d, bp: %d, info: 0x%x}", E.SPOffset, E.BPOffset, 100 E.Info); 101 else 102 OS << "{terminator}"; 103 104 return OS; 105 } 106 107 namespace { 108 109 class LinuxKernelRewriter final : public MetadataRewriter { 110 /// Linux Kernel special sections point to a specific instruction in many 111 /// cases. Unlike SDTMarkerInfo, these markers can come from different 112 /// sections. 113 struct LKInstructionMarkerInfo { 114 uint64_t SectionOffset; 115 int32_t PCRelativeOffset; 116 bool IsPCRelative; 117 StringRef SectionName; 118 }; 119 120 /// Map linux kernel program locations/instructions to their pointers in 121 /// special linux kernel sections 122 std::unordered_map<uint64_t, std::vector<LKInstructionMarkerInfo>> LKMarkers; 123 124 /// Linux ORC sections. 125 ErrorOr<BinarySection &> ORCUnwindSection = std::errc::bad_address; 126 ErrorOr<BinarySection &> ORCUnwindIPSection = std::errc::bad_address; 127 128 /// Size of entries in ORC sections. 129 static constexpr size_t ORC_UNWIND_ENTRY_SIZE = 6; 130 static constexpr size_t ORC_UNWIND_IP_ENTRY_SIZE = 4; 131 132 struct ORCListEntry { 133 uint64_t IP; /// Instruction address. 134 BinaryFunction *BF; /// Binary function corresponding to the entry. 135 ORCState ORC; /// Stack unwind info in ORC format. 136 137 /// ORC entries are sorted by their IPs. Terminator entries (NullORC) 138 /// should precede other entries with the same address. 139 bool operator<(const ORCListEntry &Other) const { 140 if (IP < Other.IP) 141 return 1; 142 if (IP > Other.IP) 143 return 0; 144 return ORC == NullORC && Other.ORC != NullORC; 145 } 146 }; 147 148 using ORCListType = std::vector<ORCListEntry>; 149 ORCListType ORCEntries; 150 151 /// Number of entries in the input file ORC sections. 152 uint64_t NumORCEntries = 0; 153 154 /// Section containing static call table. 155 ErrorOr<BinarySection &> StaticCallSection = std::errc::bad_address; 156 uint64_t StaticCallTableAddress = 0; 157 static constexpr size_t STATIC_CALL_ENTRY_SIZE = 8; 158 159 struct StaticCallInfo { 160 uint32_t ID; /// Identifier of the entry in the table. 161 BinaryFunction *Function; /// Function containing associated call. 162 MCSymbol *Label; /// Label attached to the call. 163 }; 164 using StaticCallListType = std::vector<StaticCallInfo>; 165 StaticCallListType StaticCallEntries; 166 167 /// Section containing the Linux exception table. 168 ErrorOr<BinarySection &> ExceptionsSection = std::errc::bad_address; 169 static constexpr size_t EXCEPTION_TABLE_ENTRY_SIZE = 12; 170 171 /// Functions with exception handling code. 172 DenseSet<BinaryFunction *> FunctionsWithExceptions; 173 174 /// Section with paravirtual patch sites. 175 ErrorOr<BinarySection &> ParavirtualPatchSection = std::errc::bad_address; 176 177 /// Alignment of paravirtual patch structures. 178 static constexpr size_t PARA_PATCH_ALIGN = 8; 179 180 /// .altinstructions section. 181 ErrorOr<BinarySection &> AltInstrSection = std::errc::bad_address; 182 183 /// Section containing Linux bug table. 184 ErrorOr<BinarySection &> BugTableSection = std::errc::bad_address; 185 186 /// Size of bug_entry struct. 187 static constexpr size_t BUG_TABLE_ENTRY_SIZE = 12; 188 189 /// .pci_fixup section. 190 ErrorOr<BinarySection &> PCIFixupSection = std::errc::bad_address; 191 static constexpr size_t PCI_FIXUP_ENTRY_SIZE = 16; 192 193 /// Insert an LKMarker for a given code pointer \p PC from a non-code section 194 /// \p SectionName. 195 void insertLKMarker(uint64_t PC, uint64_t SectionOffset, 196 int32_t PCRelativeOffset, bool IsPCRelative, 197 StringRef SectionName); 198 199 /// Process linux kernel special sections and their relocations. 200 void processLKSections(); 201 202 /// Process __ksymtab and __ksymtab_gpl. 203 void processLKKSymtab(bool IsGPL = false); 204 205 /// Process special linux kernel section, .smp_locks. 206 void processLKSMPLocks(); 207 208 /// Update LKMarkers' locations for the output binary. 209 void updateLKMarkers(); 210 211 /// Read ORC unwind information and annotate instructions. 212 Error readORCTables(); 213 214 /// Update ORC for functions once CFG is constructed. 215 Error processORCPostCFG(); 216 217 /// Update ORC data in the binary. 218 Error rewriteORCTables(); 219 220 /// Static call table handling. 221 Error readStaticCalls(); 222 Error rewriteStaticCalls(); 223 224 Error readExceptionTable(); 225 Error rewriteExceptionTable(); 226 227 /// Paravirtual instruction patch sites. 228 Error readParaInstructions(); 229 230 Error readBugTable(); 231 232 /// Read alternative instruction info from .altinstructions. 233 Error readAltInstructions(); 234 235 /// Read .pci_fixup 236 Error readPCIFixupTable(); 237 238 /// Mark instructions referenced by kernel metadata. 239 Error markInstructions(); 240 241 public: 242 LinuxKernelRewriter(BinaryContext &BC) 243 : MetadataRewriter("linux-kernel-rewriter", BC) {} 244 245 Error preCFGInitializer() override { 246 processLKSections(); 247 if (Error E = markInstructions()) 248 return E; 249 250 if (Error E = readORCTables()) 251 return E; 252 253 if (Error E = readStaticCalls()) 254 return E; 255 256 if (Error E = readExceptionTable()) 257 return E; 258 259 if (Error E = readParaInstructions()) 260 return E; 261 262 if (Error E = readBugTable()) 263 return E; 264 265 if (Error E = readAltInstructions()) 266 return E; 267 268 if (Error E = readPCIFixupTable()) 269 return E; 270 271 return Error::success(); 272 } 273 274 Error postCFGInitializer() override { 275 if (Error E = processORCPostCFG()) 276 return E; 277 278 return Error::success(); 279 } 280 281 Error preEmitFinalizer() override { 282 // Since rewriteExceptionTable() can mark functions as non-simple, run it 283 // before other rewriters that depend on simple/emit status. 284 if (Error E = rewriteExceptionTable()) 285 return E; 286 287 if (Error E = rewriteORCTables()) 288 return E; 289 290 if (Error E = rewriteStaticCalls()) 291 return E; 292 293 return Error::success(); 294 } 295 296 Error postEmitFinalizer() override { 297 updateLKMarkers(); 298 299 return Error::success(); 300 } 301 }; 302 303 Error LinuxKernelRewriter::markInstructions() { 304 for (const uint64_t PC : llvm::make_first_range(LKMarkers)) { 305 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(PC); 306 307 if (!BF || !BC.shouldEmit(*BF)) 308 continue; 309 310 const uint64_t Offset = PC - BF->getAddress(); 311 MCInst *Inst = BF->getInstructionAtOffset(Offset); 312 if (!Inst) 313 return createStringError(errc::executable_format_error, 314 "no instruction matches kernel marker offset"); 315 316 BC.MIB->setOffset(*Inst, static_cast<uint32_t>(Offset)); 317 318 BF->setHasSDTMarker(true); 319 } 320 321 return Error::success(); 322 } 323 324 void LinuxKernelRewriter::insertLKMarker(uint64_t PC, uint64_t SectionOffset, 325 int32_t PCRelativeOffset, 326 bool IsPCRelative, 327 StringRef SectionName) { 328 LKMarkers[PC].emplace_back(LKInstructionMarkerInfo{ 329 SectionOffset, PCRelativeOffset, IsPCRelative, SectionName}); 330 } 331 332 void LinuxKernelRewriter::processLKSections() { 333 processLKKSymtab(); 334 processLKKSymtab(true); 335 processLKSMPLocks(); 336 } 337 338 /// Process __ksymtab[_gpl] sections of Linux Kernel. 339 /// This section lists all the vmlinux symbols that kernel modules can access. 340 /// 341 /// All the entries are 4 bytes each and hence we can read them by one by one 342 /// and ignore the ones that are not pointing to the .text section. All pointers 343 /// are PC relative offsets. Always, points to the beginning of the function. 344 void LinuxKernelRewriter::processLKKSymtab(bool IsGPL) { 345 StringRef SectionName = "__ksymtab"; 346 if (IsGPL) 347 SectionName = "__ksymtab_gpl"; 348 ErrorOr<BinarySection &> SectionOrError = 349 BC.getUniqueSectionByName(SectionName); 350 assert(SectionOrError && 351 "__ksymtab[_gpl] section not found in Linux Kernel binary"); 352 const uint64_t SectionSize = SectionOrError->getSize(); 353 const uint64_t SectionAddress = SectionOrError->getAddress(); 354 assert((SectionSize % 4) == 0 && 355 "The size of the __ksymtab[_gpl] section should be a multiple of 4"); 356 357 for (uint64_t I = 0; I < SectionSize; I += 4) { 358 const uint64_t EntryAddress = SectionAddress + I; 359 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 360 assert(Offset && "Reading valid PC-relative offset for a ksymtab entry"); 361 const int32_t SignedOffset = *Offset; 362 const uint64_t RefAddress = EntryAddress + SignedOffset; 363 BinaryFunction *BF = BC.getBinaryFunctionAtAddress(RefAddress); 364 if (!BF) 365 continue; 366 367 BC.addRelocation(EntryAddress, BF->getSymbol(), Relocation::getPC32(), 0, 368 *Offset); 369 } 370 } 371 372 /// .smp_locks section contains PC-relative references to instructions with LOCK 373 /// prefix. The prefix can be converted to NOP at boot time on non-SMP systems. 374 void LinuxKernelRewriter::processLKSMPLocks() { 375 ErrorOr<BinarySection &> SectionOrError = 376 BC.getUniqueSectionByName(".smp_locks"); 377 if (!SectionOrError) 378 return; 379 380 uint64_t SectionSize = SectionOrError->getSize(); 381 const uint64_t SectionAddress = SectionOrError->getAddress(); 382 assert((SectionSize % 4) == 0 && 383 "The size of the .smp_locks section should be a multiple of 4"); 384 385 for (uint64_t I = 0; I < SectionSize; I += 4) { 386 const uint64_t EntryAddress = SectionAddress + I; 387 ErrorOr<uint64_t> Offset = BC.getSignedValueAtAddress(EntryAddress, 4); 388 assert(Offset && "Reading valid PC-relative offset for a .smp_locks entry"); 389 int32_t SignedOffset = *Offset; 390 uint64_t RefAddress = EntryAddress + SignedOffset; 391 392 BinaryFunction *ContainingBF = 393 BC.getBinaryFunctionContainingAddress(RefAddress); 394 if (!ContainingBF) 395 continue; 396 397 insertLKMarker(RefAddress, I, SignedOffset, true, ".smp_locks"); 398 } 399 } 400 401 void LinuxKernelRewriter::updateLKMarkers() { 402 if (LKMarkers.size() == 0) 403 return; 404 405 std::unordered_map<std::string, uint64_t> PatchCounts; 406 for (std::pair<const uint64_t, std::vector<LKInstructionMarkerInfo>> 407 &LKMarkerInfoKV : LKMarkers) { 408 const uint64_t OriginalAddress = LKMarkerInfoKV.first; 409 const BinaryFunction *BF = 410 BC.getBinaryFunctionContainingAddress(OriginalAddress, false, true); 411 if (!BF) 412 continue; 413 414 uint64_t NewAddress = BF->translateInputToOutputAddress(OriginalAddress); 415 if (NewAddress == 0) 416 continue; 417 418 // Apply base address. 419 if (OriginalAddress >= 0xffffffff00000000 && NewAddress < 0xffffffff) 420 NewAddress = NewAddress + 0xffffffff00000000; 421 422 if (OriginalAddress == NewAddress) 423 continue; 424 425 for (LKInstructionMarkerInfo &LKMarkerInfo : LKMarkerInfoKV.second) { 426 StringRef SectionName = LKMarkerInfo.SectionName; 427 SimpleBinaryPatcher *LKPatcher; 428 ErrorOr<BinarySection &> BSec = BC.getUniqueSectionByName(SectionName); 429 assert(BSec && "missing section info for kernel section"); 430 if (!BSec->getPatcher()) 431 BSec->registerPatcher(std::make_unique<SimpleBinaryPatcher>()); 432 LKPatcher = static_cast<SimpleBinaryPatcher *>(BSec->getPatcher()); 433 PatchCounts[std::string(SectionName)]++; 434 if (LKMarkerInfo.IsPCRelative) 435 LKPatcher->addLE32Patch(LKMarkerInfo.SectionOffset, 436 NewAddress - OriginalAddress + 437 LKMarkerInfo.PCRelativeOffset); 438 else 439 LKPatcher->addLE64Patch(LKMarkerInfo.SectionOffset, NewAddress); 440 } 441 } 442 BC.outs() << "BOLT-INFO: patching linux kernel sections. Total patches per " 443 "section are as follows:\n"; 444 for (const std::pair<const std::string, uint64_t> &KV : PatchCounts) 445 BC.outs() << " Section: " << KV.first << ", patch-counts: " << KV.second 446 << '\n'; 447 } 448 449 Error LinuxKernelRewriter::readORCTables() { 450 // NOTE: we should ignore relocations for orc tables as the tables are sorted 451 // post-link time and relocations are not updated. 452 ORCUnwindSection = BC.getUniqueSectionByName(".orc_unwind"); 453 ORCUnwindIPSection = BC.getUniqueSectionByName(".orc_unwind_ip"); 454 455 if (!ORCUnwindSection && !ORCUnwindIPSection) 456 return Error::success(); 457 458 if (!ORCUnwindSection || !ORCUnwindIPSection) 459 return createStringError(errc::executable_format_error, 460 "missing ORC section"); 461 462 NumORCEntries = ORCUnwindIPSection->getSize() / ORC_UNWIND_IP_ENTRY_SIZE; 463 if (ORCUnwindSection->getSize() != NumORCEntries * ORC_UNWIND_ENTRY_SIZE || 464 ORCUnwindIPSection->getSize() != NumORCEntries * ORC_UNWIND_IP_ENTRY_SIZE) 465 return createStringError(errc::executable_format_error, 466 "ORC entries number mismatch detected"); 467 468 const uint64_t IPSectionAddress = ORCUnwindIPSection->getAddress(); 469 DataExtractor OrcDE = DataExtractor(ORCUnwindSection->getContents(), 470 BC.AsmInfo->isLittleEndian(), 471 BC.AsmInfo->getCodePointerSize()); 472 DataExtractor IPDE = DataExtractor(ORCUnwindIPSection->getContents(), 473 BC.AsmInfo->isLittleEndian(), 474 BC.AsmInfo->getCodePointerSize()); 475 DataExtractor::Cursor ORCCursor(0); 476 DataExtractor::Cursor IPCursor(0); 477 uint64_t PrevIP = 0; 478 for (uint32_t Index = 0; Index < NumORCEntries; ++Index) { 479 const uint64_t IP = 480 IPSectionAddress + IPCursor.tell() + (int32_t)IPDE.getU32(IPCursor); 481 482 // Consume the status of the cursor. 483 if (!IPCursor) 484 return createStringError(errc::executable_format_error, 485 "out of bounds while reading ORC IP table: %s", 486 toString(IPCursor.takeError()).c_str()); 487 488 if (IP < PrevIP && opts::Verbosity) 489 BC.errs() << "BOLT-WARNING: out of order IP 0x" << Twine::utohexstr(IP) 490 << " detected while reading ORC\n"; 491 492 PrevIP = IP; 493 494 // Store all entries, includes those we are not going to update as the 495 // tables need to be sorted globally before being written out. 496 ORCEntries.push_back(ORCListEntry()); 497 ORCListEntry &Entry = ORCEntries.back(); 498 499 Entry.IP = IP; 500 Entry.ORC.SPOffset = (int16_t)OrcDE.getU16(ORCCursor); 501 Entry.ORC.BPOffset = (int16_t)OrcDE.getU16(ORCCursor); 502 Entry.ORC.Info = (int16_t)OrcDE.getU16(ORCCursor); 503 Entry.BF = nullptr; 504 505 // Consume the status of the cursor. 506 if (!ORCCursor) 507 return createStringError(errc::executable_format_error, 508 "out of bounds while reading ORC: %s", 509 toString(ORCCursor.takeError()).c_str()); 510 511 if (Entry.ORC == NullORC) 512 continue; 513 514 BinaryFunction *&BF = Entry.BF; 515 BF = BC.getBinaryFunctionContainingAddress(IP, /*CheckPastEnd*/ true); 516 517 // If the entry immediately pointing past the end of the function is not 518 // the terminator entry, then it does not belong to this function. 519 if (BF && BF->getAddress() + BF->getSize() == IP) 520 BF = 0; 521 522 if (!BF) { 523 if (opts::Verbosity) 524 BC.errs() << "BOLT-WARNING: no binary function found matching ORC 0x" 525 << Twine::utohexstr(IP) << ": " << Entry.ORC << '\n'; 526 continue; 527 } 528 529 BF->setHasORC(true); 530 531 if (!BF->hasInstructions()) 532 continue; 533 534 MCInst *Inst = BF->getInstructionAtOffset(IP - BF->getAddress()); 535 if (!Inst) 536 return createStringError( 537 errc::executable_format_error, 538 "no instruction at address 0x%" PRIx64 " in .orc_unwind_ip", IP); 539 540 // Some addresses will have two entries associated with them. The first 541 // one being a "weak" section terminator. Since we ignore the terminator, 542 // we should only assign one entry per instruction. 543 if (BC.MIB->hasAnnotation(*Inst, "ORC")) 544 return createStringError( 545 errc::executable_format_error, 546 "duplicate non-terminal ORC IP 0x%" PRIx64 " in .orc_unwind_ip", IP); 547 548 BC.MIB->addAnnotation(*Inst, "ORC", Entry.ORC); 549 } 550 551 BC.outs() << "BOLT-INFO: parsed " << NumORCEntries << " ORC entries\n"; 552 553 if (opts::DumpORC) { 554 BC.outs() << "BOLT-INFO: ORC unwind information:\n"; 555 for (const ORCListEntry &E : ORCEntries) { 556 BC.outs() << "0x" << Twine::utohexstr(E.IP) << ": " << E.ORC; 557 if (E.BF) 558 BC.outs() << ": " << *E.BF; 559 BC.outs() << '\n'; 560 } 561 } 562 563 // Add entries for functions that don't have explicit ORC info at the start. 564 // We'll have the correct info for them even if ORC for the preceding function 565 // changes. 566 ORCListType NewEntries; 567 for (BinaryFunction &BF : llvm::make_second_range(BC.getBinaryFunctions())) { 568 auto It = llvm::partition_point(ORCEntries, [&](const ORCListEntry &E) { 569 return E.IP <= BF.getAddress(); 570 }); 571 if (It != ORCEntries.begin()) 572 --It; 573 574 if (It->BF == &BF) 575 continue; 576 577 if (It->ORC == NullORC && It->IP == BF.getAddress()) { 578 assert(!It->BF); 579 It->BF = &BF; 580 continue; 581 } 582 583 NewEntries.push_back({BF.getAddress(), &BF, It->ORC}); 584 if (It->ORC != NullORC) 585 BF.setHasORC(true); 586 } 587 588 llvm::copy(NewEntries, std::back_inserter(ORCEntries)); 589 llvm::sort(ORCEntries); 590 591 if (opts::DumpORC) { 592 BC.outs() << "BOLT-INFO: amended ORC unwind information:\n"; 593 for (const ORCListEntry &E : ORCEntries) { 594 BC.outs() << "0x" << Twine::utohexstr(E.IP) << ": " << E.ORC; 595 if (E.BF) 596 BC.outs() << ": " << *E.BF; 597 BC.outs() << '\n'; 598 } 599 } 600 601 return Error::success(); 602 } 603 604 Error LinuxKernelRewriter::processORCPostCFG() { 605 if (!NumORCEntries) 606 return Error::success(); 607 608 // Propagate ORC to the rest of the function. We can annotate every 609 // instruction in every function, but to minimize the overhead, we annotate 610 // the first instruction in every basic block to reflect the state at the 611 // entry. This way, the ORC state can be calculated based on annotations 612 // regardless of the basic block layout. Note that if we insert/delete 613 // instructions, we must take care to attach ORC info to the new/deleted ones. 614 for (BinaryFunction &BF : llvm::make_second_range(BC.getBinaryFunctions())) { 615 616 std::optional<ORCState> CurrentState; 617 for (BinaryBasicBlock &BB : BF) { 618 for (MCInst &Inst : BB) { 619 ErrorOr<ORCState> State = 620 BC.MIB->tryGetAnnotationAs<ORCState>(Inst, "ORC"); 621 622 if (State) { 623 CurrentState = *State; 624 continue; 625 } 626 627 // Get state for the start of the function. 628 if (!CurrentState) { 629 // A terminator entry (NullORC) can match the function address. If 630 // there's also a non-terminator entry, it will be placed after the 631 // terminator. Hence, we are looking for the last ORC entry that 632 // matches the address. 633 auto It = 634 llvm::partition_point(ORCEntries, [&](const ORCListEntry &E) { 635 return E.IP <= BF.getAddress(); 636 }); 637 if (It != ORCEntries.begin()) 638 --It; 639 640 assert(It->IP == BF.getAddress() && (!It->BF || It->BF == &BF) && 641 "ORC info at function entry expected."); 642 643 if (It->ORC == NullORC && BF.hasORC()) { 644 BC.errs() << "BOLT-WARNING: ORC unwind info excludes prologue for " 645 << BF << '\n'; 646 } 647 648 It->BF = &BF; 649 650 CurrentState = It->ORC; 651 if (It->ORC != NullORC) 652 BF.setHasORC(true); 653 } 654 655 // While printing ORC, attach info to every instruction for convenience. 656 if (opts::PrintORC || &Inst == &BB.front()) 657 BC.MIB->addAnnotation(Inst, "ORC", *CurrentState); 658 } 659 } 660 } 661 662 return Error::success(); 663 } 664 665 Error LinuxKernelRewriter::rewriteORCTables() { 666 if (!NumORCEntries) 667 return Error::success(); 668 669 // Update ORC sections in-place. As we change the code, the number of ORC 670 // entries may increase for some functions. However, as we remove terminator 671 // redundancy (see below), more space is freed up and we should always be able 672 // to fit new ORC tables in the reserved space. 673 auto createInPlaceWriter = [&](BinarySection &Section) -> BinaryStreamWriter { 674 const size_t Size = Section.getSize(); 675 uint8_t *NewContents = new uint8_t[Size]; 676 Section.updateContents(NewContents, Size); 677 Section.setOutputFileOffset(Section.getInputFileOffset()); 678 return BinaryStreamWriter({NewContents, Size}, BC.AsmInfo->isLittleEndian() 679 ? endianness::little 680 : endianness::big); 681 }; 682 BinaryStreamWriter UnwindWriter = createInPlaceWriter(*ORCUnwindSection); 683 BinaryStreamWriter UnwindIPWriter = createInPlaceWriter(*ORCUnwindIPSection); 684 685 uint64_t NumEmitted = 0; 686 std::optional<ORCState> LastEmittedORC; 687 auto emitORCEntry = [&](const uint64_t IP, const ORCState &ORC, 688 MCSymbol *Label = 0, bool Force = false) -> Error { 689 if (LastEmittedORC && ORC == *LastEmittedORC && !Force) 690 return Error::success(); 691 692 LastEmittedORC = ORC; 693 694 if (++NumEmitted > NumORCEntries) 695 return createStringError(errc::executable_format_error, 696 "exceeded the number of allocated ORC entries"); 697 698 if (Label) 699 ORCUnwindIPSection->addRelocation(UnwindIPWriter.getOffset(), Label, 700 Relocation::getPC32(), /*Addend*/ 0); 701 702 const int32_t IPValue = 703 IP - ORCUnwindIPSection->getAddress() - UnwindIPWriter.getOffset(); 704 if (Error E = UnwindIPWriter.writeInteger(IPValue)) 705 return E; 706 707 if (Error E = UnwindWriter.writeInteger(ORC.SPOffset)) 708 return E; 709 if (Error E = UnwindWriter.writeInteger(ORC.BPOffset)) 710 return E; 711 if (Error E = UnwindWriter.writeInteger(ORC.Info)) 712 return E; 713 714 return Error::success(); 715 }; 716 717 // Emit new ORC entries for the emitted function. 718 auto emitORC = [&](const BinaryFunction &BF) -> Error { 719 assert(!BF.isSplit() && "Split functions not supported by ORC writer yet."); 720 721 ORCState CurrentState = NullORC; 722 for (BinaryBasicBlock *BB : BF.getLayout().blocks()) { 723 for (MCInst &Inst : *BB) { 724 ErrorOr<ORCState> ErrorOrState = 725 BC.MIB->tryGetAnnotationAs<ORCState>(Inst, "ORC"); 726 if (!ErrorOrState || *ErrorOrState == CurrentState) 727 continue; 728 729 // Issue label for the instruction. 730 MCSymbol *Label = 731 BC.MIB->getOrCreateInstLabel(Inst, "__ORC_", BC.Ctx.get()); 732 733 if (Error E = emitORCEntry(0, *ErrorOrState, Label)) 734 return E; 735 736 CurrentState = *ErrorOrState; 737 } 738 } 739 740 return Error::success(); 741 }; 742 743 for (ORCListEntry &Entry : ORCEntries) { 744 // Emit original entries for functions that we haven't modified. 745 if (!Entry.BF || !BC.shouldEmit(*Entry.BF)) { 746 // Emit terminator only if it marks the start of a function. 747 if (Entry.ORC == NullORC && !Entry.BF) 748 continue; 749 if (Error E = emitORCEntry(Entry.IP, Entry.ORC)) 750 return E; 751 continue; 752 } 753 754 // Emit all ORC entries for a function referenced by an entry and skip over 755 // the rest of entries for this function by resetting its ORC attribute. 756 if (Entry.BF->hasORC()) { 757 if (Error E = emitORC(*Entry.BF)) 758 return E; 759 Entry.BF->setHasORC(false); 760 } 761 } 762 763 LLVM_DEBUG(dbgs() << "BOLT-DEBUG: emitted " << NumEmitted 764 << " ORC entries\n"); 765 766 // Replicate terminator entry at the end of sections to match the original 767 // table sizes. 768 const BinaryFunction &LastBF = BC.getBinaryFunctions().rbegin()->second; 769 const uint64_t LastIP = LastBF.getAddress() + LastBF.getMaxSize(); 770 while (UnwindWriter.bytesRemaining()) { 771 if (Error E = emitORCEntry(LastIP, NullORC, nullptr, /*Force*/ true)) 772 return E; 773 } 774 775 return Error::success(); 776 } 777 778 /// The static call site table is created by objtool and contains entries in the 779 /// following format: 780 /// 781 /// struct static_call_site { 782 /// s32 addr; 783 /// s32 key; 784 /// }; 785 /// 786 Error LinuxKernelRewriter::readStaticCalls() { 787 const BinaryData *StaticCallTable = 788 BC.getBinaryDataByName("__start_static_call_sites"); 789 if (!StaticCallTable) 790 return Error::success(); 791 792 StaticCallTableAddress = StaticCallTable->getAddress(); 793 794 const BinaryData *Stop = BC.getBinaryDataByName("__stop_static_call_sites"); 795 if (!Stop) 796 return createStringError(errc::executable_format_error, 797 "missing __stop_static_call_sites symbol"); 798 799 ErrorOr<BinarySection &> ErrorOrSection = 800 BC.getSectionForAddress(StaticCallTableAddress); 801 if (!ErrorOrSection) 802 return createStringError(errc::executable_format_error, 803 "no section matching __start_static_call_sites"); 804 805 StaticCallSection = *ErrorOrSection; 806 if (!StaticCallSection->containsAddress(Stop->getAddress() - 1)) 807 return createStringError(errc::executable_format_error, 808 "__stop_static_call_sites not in the same section " 809 "as __start_static_call_sites"); 810 811 if ((Stop->getAddress() - StaticCallTableAddress) % STATIC_CALL_ENTRY_SIZE) 812 return createStringError(errc::executable_format_error, 813 "static call table size error"); 814 815 const uint64_t SectionAddress = StaticCallSection->getAddress(); 816 DataExtractor DE(StaticCallSection->getContents(), 817 BC.AsmInfo->isLittleEndian(), 818 BC.AsmInfo->getCodePointerSize()); 819 DataExtractor::Cursor Cursor(StaticCallTableAddress - SectionAddress); 820 uint32_t EntryID = 0; 821 while (Cursor && Cursor.tell() < Stop->getAddress() - SectionAddress) { 822 const uint64_t CallAddress = 823 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 824 const uint64_t KeyAddress = 825 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 826 827 // Consume the status of the cursor. 828 if (!Cursor) 829 return createStringError(errc::executable_format_error, 830 "out of bounds while reading static calls: %s", 831 toString(Cursor.takeError()).c_str()); 832 833 ++EntryID; 834 835 if (opts::DumpStaticCalls) { 836 BC.outs() << "Static Call Site: " << EntryID << '\n'; 837 BC.outs() << "\tCallAddress: 0x" << Twine::utohexstr(CallAddress) 838 << "\n\tKeyAddress: 0x" << Twine::utohexstr(KeyAddress) 839 << '\n'; 840 } 841 842 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(CallAddress); 843 if (!BF) 844 continue; 845 846 if (!BC.shouldEmit(*BF)) 847 continue; 848 849 if (!BF->hasInstructions()) 850 continue; 851 852 MCInst *Inst = BF->getInstructionAtOffset(CallAddress - BF->getAddress()); 853 if (!Inst) 854 return createStringError(errc::executable_format_error, 855 "no instruction at call site address 0x%" PRIx64, 856 CallAddress); 857 858 // Check for duplicate entries. 859 if (BC.MIB->hasAnnotation(*Inst, "StaticCall")) 860 return createStringError(errc::executable_format_error, 861 "duplicate static call site at 0x%" PRIx64, 862 CallAddress); 863 864 BC.MIB->addAnnotation(*Inst, "StaticCall", EntryID); 865 866 MCSymbol *Label = 867 BC.MIB->getOrCreateInstLabel(*Inst, "__SC_", BC.Ctx.get()); 868 869 StaticCallEntries.push_back({EntryID, BF, Label}); 870 } 871 872 BC.outs() << "BOLT-INFO: parsed " << StaticCallEntries.size() 873 << " static call entries\n"; 874 875 return Error::success(); 876 } 877 878 /// The static call table is sorted during boot time in 879 /// static_call_sort_entries(). This makes it possible to update existing 880 /// entries in-place ignoring their relative order. 881 Error LinuxKernelRewriter::rewriteStaticCalls() { 882 if (!StaticCallTableAddress || !StaticCallSection) 883 return Error::success(); 884 885 for (auto &Entry : StaticCallEntries) { 886 if (!Entry.Function) 887 continue; 888 889 BinaryFunction &BF = *Entry.Function; 890 if (!BC.shouldEmit(BF)) 891 continue; 892 893 // Create a relocation against the label. 894 const uint64_t EntryOffset = StaticCallTableAddress - 895 StaticCallSection->getAddress() + 896 (Entry.ID - 1) * STATIC_CALL_ENTRY_SIZE; 897 StaticCallSection->addRelocation(EntryOffset, Entry.Label, 898 ELF::R_X86_64_PC32, /*Addend*/ 0); 899 } 900 901 return Error::success(); 902 } 903 904 /// Instructions that access user-space memory can cause page faults. These 905 /// faults will be handled by the kernel and execution will resume at the fixup 906 /// code location if the address was invalid. The kernel uses the exception 907 /// table to match the faulting instruction to its fixup. The table consists of 908 /// the following entries: 909 /// 910 /// struct exception_table_entry { 911 /// int insn; 912 /// int fixup; 913 /// int data; 914 /// }; 915 /// 916 /// More info at: 917 /// https://www.kernel.org/doc/Documentation/x86/exception-tables.txt 918 Error LinuxKernelRewriter::readExceptionTable() { 919 ExceptionsSection = BC.getUniqueSectionByName("__ex_table"); 920 if (!ExceptionsSection) 921 return Error::success(); 922 923 if (ExceptionsSection->getSize() % EXCEPTION_TABLE_ENTRY_SIZE) 924 return createStringError(errc::executable_format_error, 925 "exception table size error"); 926 927 const uint64_t SectionAddress = ExceptionsSection->getAddress(); 928 DataExtractor DE(ExceptionsSection->getContents(), 929 BC.AsmInfo->isLittleEndian(), 930 BC.AsmInfo->getCodePointerSize()); 931 DataExtractor::Cursor Cursor(0); 932 uint32_t EntryID = 0; 933 while (Cursor && Cursor.tell() < ExceptionsSection->getSize()) { 934 const uint64_t InstAddress = 935 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 936 const uint64_t FixupAddress = 937 SectionAddress + Cursor.tell() + (int32_t)DE.getU32(Cursor); 938 const uint64_t Data = DE.getU32(Cursor); 939 940 // Consume the status of the cursor. 941 if (!Cursor) 942 return createStringError( 943 errc::executable_format_error, 944 "out of bounds while reading exception table: %s", 945 toString(Cursor.takeError()).c_str()); 946 947 ++EntryID; 948 949 if (opts::DumpExceptions) { 950 BC.outs() << "Exception Entry: " << EntryID << '\n'; 951 BC.outs() << "\tInsn: 0x" << Twine::utohexstr(InstAddress) << '\n' 952 << "\tFixup: 0x" << Twine::utohexstr(FixupAddress) << '\n' 953 << "\tData: 0x" << Twine::utohexstr(Data) << '\n'; 954 } 955 956 MCInst *Inst = nullptr; 957 MCSymbol *FixupLabel = nullptr; 958 959 BinaryFunction *InstBF = BC.getBinaryFunctionContainingAddress(InstAddress); 960 if (InstBF && BC.shouldEmit(*InstBF)) { 961 Inst = InstBF->getInstructionAtOffset(InstAddress - InstBF->getAddress()); 962 if (!Inst) 963 return createStringError(errc::executable_format_error, 964 "no instruction at address 0x%" PRIx64 965 " in exception table", 966 InstAddress); 967 BC.MIB->addAnnotation(*Inst, "ExceptionEntry", EntryID); 968 FunctionsWithExceptions.insert(InstBF); 969 } 970 971 if (!InstBF && opts::Verbosity) { 972 BC.outs() << "BOLT-INFO: no function matches instruction at 0x" 973 << Twine::utohexstr(InstAddress) 974 << " referenced by Linux exception table\n"; 975 } 976 977 BinaryFunction *FixupBF = 978 BC.getBinaryFunctionContainingAddress(FixupAddress); 979 if (FixupBF && BC.shouldEmit(*FixupBF)) { 980 const uint64_t Offset = FixupAddress - FixupBF->getAddress(); 981 if (!FixupBF->getInstructionAtOffset(Offset)) 982 return createStringError(errc::executable_format_error, 983 "no instruction at fixup address 0x%" PRIx64 984 " in exception table", 985 FixupAddress); 986 FixupLabel = Offset ? FixupBF->addEntryPointAtOffset(Offset) 987 : FixupBF->getSymbol(); 988 if (Inst) 989 BC.MIB->addAnnotation(*Inst, "Fixup", FixupLabel->getName()); 990 FunctionsWithExceptions.insert(FixupBF); 991 } 992 993 if (!FixupBF && opts::Verbosity) { 994 BC.outs() << "BOLT-INFO: no function matches fixup code at 0x" 995 << Twine::utohexstr(FixupAddress) 996 << " referenced by Linux exception table\n"; 997 } 998 } 999 1000 BC.outs() << "BOLT-INFO: parsed " 1001 << ExceptionsSection->getSize() / EXCEPTION_TABLE_ENTRY_SIZE 1002 << " exception table entries\n"; 1003 1004 return Error::success(); 1005 } 1006 1007 /// Depending on the value of CONFIG_BUILDTIME_TABLE_SORT, the kernel expects 1008 /// the exception table to be sorted. Hence we have to sort it after code 1009 /// reordering. 1010 Error LinuxKernelRewriter::rewriteExceptionTable() { 1011 // Disable output of functions with exceptions before rewrite support is 1012 // added. 1013 for (BinaryFunction *BF : FunctionsWithExceptions) 1014 BF->setSimple(false); 1015 1016 return Error::success(); 1017 } 1018 1019 /// .parainsrtuctions section contains information for patching parvirtual call 1020 /// instructions during runtime. The entries in the section are in the form: 1021 /// 1022 /// struct paravirt_patch_site { 1023 /// u8 *instr; /* original instructions */ 1024 /// u8 type; /* type of this instruction */ 1025 /// u8 len; /* length of original instruction */ 1026 /// }; 1027 /// 1028 /// Note that the structures are aligned at 8-byte boundary. 1029 Error LinuxKernelRewriter::readParaInstructions() { 1030 ParavirtualPatchSection = BC.getUniqueSectionByName(".parainstructions"); 1031 if (!ParavirtualPatchSection) 1032 return Error::success(); 1033 1034 DataExtractor DE = DataExtractor(ParavirtualPatchSection->getContents(), 1035 BC.AsmInfo->isLittleEndian(), 1036 BC.AsmInfo->getCodePointerSize()); 1037 uint32_t EntryID = 0; 1038 DataExtractor::Cursor Cursor(0); 1039 while (Cursor && !DE.eof(Cursor)) { 1040 const uint64_t NextOffset = alignTo(Cursor.tell(), Align(PARA_PATCH_ALIGN)); 1041 if (!DE.isValidOffset(NextOffset)) 1042 break; 1043 1044 Cursor.seek(NextOffset); 1045 1046 const uint64_t InstrLocation = DE.getU64(Cursor); 1047 const uint8_t Type = DE.getU8(Cursor); 1048 const uint8_t Len = DE.getU8(Cursor); 1049 1050 if (!Cursor) 1051 return createStringError( 1052 errc::executable_format_error, 1053 "out of bounds while reading .parainstructions: %s", 1054 toString(Cursor.takeError()).c_str()); 1055 1056 ++EntryID; 1057 1058 if (opts::DumpParavirtualPatchSites) { 1059 BC.outs() << "Paravirtual patch site: " << EntryID << '\n'; 1060 BC.outs() << "\tInstr: 0x" << Twine::utohexstr(InstrLocation) 1061 << "\n\tType: 0x" << Twine::utohexstr(Type) << "\n\tLen: 0x" 1062 << Twine::utohexstr(Len) << '\n'; 1063 } 1064 1065 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(InstrLocation); 1066 if (!BF && opts::Verbosity) { 1067 BC.outs() << "BOLT-INFO: no function matches address 0x" 1068 << Twine::utohexstr(InstrLocation) 1069 << " referenced by paravirutal patch site\n"; 1070 } 1071 1072 if (BF && BC.shouldEmit(*BF)) { 1073 MCInst *Inst = 1074 BF->getInstructionAtOffset(InstrLocation - BF->getAddress()); 1075 if (!Inst) 1076 return createStringError(errc::executable_format_error, 1077 "no instruction at address 0x%" PRIx64 1078 " in paravirtual call site %d", 1079 InstrLocation, EntryID); 1080 BC.MIB->addAnnotation(*Inst, "ParaSite", EntryID); 1081 } 1082 } 1083 1084 BC.outs() << "BOLT-INFO: parsed " << EntryID << " paravirtual patch sites\n"; 1085 1086 return Error::success(); 1087 } 1088 1089 /// Process __bug_table section. 1090 /// This section contains information useful for kernel debugging. 1091 /// Each entry in the section is a struct bug_entry that contains a pointer to 1092 /// the ud2 instruction corresponding to the bug, corresponding file name (both 1093 /// pointers use PC relative offset addressing), line number, and flags. 1094 /// The definition of the struct bug_entry can be found in 1095 /// `include/asm-generic/bug.h` 1096 /// 1097 /// NB: find_bug() uses linear search to match an address to an entry in the bug 1098 /// table. Hence there is no need to sort entries when rewriting the table. 1099 Error LinuxKernelRewriter::readBugTable() { 1100 BugTableSection = BC.getUniqueSectionByName("__bug_table"); 1101 if (!BugTableSection) 1102 return Error::success(); 1103 1104 if (BugTableSection->getSize() % BUG_TABLE_ENTRY_SIZE) 1105 return createStringError(errc::executable_format_error, 1106 "bug table size error"); 1107 1108 const uint64_t SectionAddress = BugTableSection->getAddress(); 1109 DataExtractor DE(BugTableSection->getContents(), BC.AsmInfo->isLittleEndian(), 1110 BC.AsmInfo->getCodePointerSize()); 1111 DataExtractor::Cursor Cursor(0); 1112 uint32_t EntryID = 0; 1113 while (Cursor && Cursor.tell() < BugTableSection->getSize()) { 1114 const uint64_t Pos = Cursor.tell(); 1115 const uint64_t InstAddress = 1116 SectionAddress + Pos + (int32_t)DE.getU32(Cursor); 1117 Cursor.seek(Pos + BUG_TABLE_ENTRY_SIZE); 1118 1119 if (!Cursor) 1120 return createStringError(errc::executable_format_error, 1121 "out of bounds while reading __bug_table: %s", 1122 toString(Cursor.takeError()).c_str()); 1123 1124 ++EntryID; 1125 1126 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(InstAddress); 1127 if (!BF && opts::Verbosity) { 1128 BC.outs() << "BOLT-INFO: no function matches address 0x" 1129 << Twine::utohexstr(InstAddress) 1130 << " referenced by bug table\n"; 1131 } 1132 1133 if (BF && BC.shouldEmit(*BF)) { 1134 MCInst *Inst = BF->getInstructionAtOffset(InstAddress - BF->getAddress()); 1135 if (!Inst) 1136 return createStringError(errc::executable_format_error, 1137 "no instruction at address 0x%" PRIx64 1138 " referenced by bug table entry %d", 1139 InstAddress, EntryID); 1140 BC.MIB->addAnnotation(*Inst, "BugEntry", EntryID); 1141 } 1142 } 1143 1144 BC.outs() << "BOLT-INFO: parsed " << EntryID << " bug table entries\n"; 1145 1146 return Error::success(); 1147 } 1148 1149 /// The kernel can replace certain instruction sequences depending on hardware 1150 /// it is running on and features specified during boot time. The information 1151 /// about alternative instruction sequences is stored in .altinstructions 1152 /// section. The format of entries in this section is defined in 1153 /// arch/x86/include/asm/alternative.h: 1154 /// 1155 /// struct alt_instr { 1156 /// s32 instr_offset; 1157 /// s32 repl_offset; 1158 /// uXX feature; 1159 /// u8 instrlen; 1160 /// u8 replacementlen; 1161 /// u8 padlen; // present in older kernels 1162 /// } __packed; 1163 /// 1164 /// Note the structures is packed. 1165 Error LinuxKernelRewriter::readAltInstructions() { 1166 AltInstrSection = BC.getUniqueSectionByName(".altinstructions"); 1167 if (!AltInstrSection) 1168 return Error::success(); 1169 1170 const uint64_t Address = AltInstrSection->getAddress(); 1171 DataExtractor DE = DataExtractor(AltInstrSection->getContents(), 1172 BC.AsmInfo->isLittleEndian(), 1173 BC.AsmInfo->getCodePointerSize()); 1174 uint64_t EntryID = 0; 1175 DataExtractor::Cursor Cursor(0); 1176 while (Cursor && !DE.eof(Cursor)) { 1177 const uint64_t OrgInstAddress = 1178 Address + Cursor.tell() + (int32_t)DE.getU32(Cursor); 1179 const uint64_t AltInstAddress = 1180 Address + Cursor.tell() + (int32_t)DE.getU32(Cursor); 1181 const uint64_t Feature = DE.getUnsigned(Cursor, opts::AltInstFeatureSize); 1182 const uint8_t OrgSize = DE.getU8(Cursor); 1183 const uint8_t AltSize = DE.getU8(Cursor); 1184 1185 // Older kernels may have the padlen field. 1186 const uint8_t PadLen = opts::AltInstHasPadLen ? DE.getU8(Cursor) : 0; 1187 1188 if (!Cursor) 1189 return createStringError( 1190 errc::executable_format_error, 1191 "out of bounds while reading .altinstructions: %s", 1192 toString(Cursor.takeError()).c_str()); 1193 1194 ++EntryID; 1195 1196 if (opts::DumpAltInstructions) { 1197 BC.outs() << "Alternative instruction entry: " << EntryID 1198 << "\n\tOrg: 0x" << Twine::utohexstr(OrgInstAddress) 1199 << "\n\tAlt: 0x" << Twine::utohexstr(AltInstAddress) 1200 << "\n\tFeature: 0x" << Twine::utohexstr(Feature) 1201 << "\n\tOrgSize: " << (int)OrgSize 1202 << "\n\tAltSize: " << (int)AltSize << '\n'; 1203 if (opts::AltInstHasPadLen) 1204 BC.outs() << "\tPadLen: " << (int)PadLen << '\n'; 1205 } 1206 1207 if (AltSize > OrgSize) 1208 return createStringError(errc::executable_format_error, 1209 "error reading .altinstructions"); 1210 1211 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(OrgInstAddress); 1212 if (!BF && opts::Verbosity) { 1213 BC.outs() << "BOLT-INFO: no function matches address 0x" 1214 << Twine::utohexstr(OrgInstAddress) 1215 << " of instruction from .altinstructions\n"; 1216 } 1217 1218 BinaryFunction *AltBF = 1219 BC.getBinaryFunctionContainingAddress(AltInstAddress); 1220 if (AltBF && BC.shouldEmit(*AltBF)) { 1221 BC.errs() 1222 << "BOLT-WARNING: alternative instruction sequence found in function " 1223 << *AltBF << '\n'; 1224 AltBF->setIgnored(); 1225 } 1226 1227 if (!BF || !BC.shouldEmit(*BF)) 1228 continue; 1229 1230 if (OrgInstAddress + OrgSize > BF->getAddress() + BF->getSize()) 1231 return createStringError(errc::executable_format_error, 1232 "error reading .altinstructions"); 1233 1234 MCInst *Inst = 1235 BF->getInstructionAtOffset(OrgInstAddress - BF->getAddress()); 1236 if (!Inst) 1237 return createStringError(errc::executable_format_error, 1238 "no instruction at address 0x%" PRIx64 1239 " referenced by .altinstructions entry %d", 1240 OrgInstAddress, EntryID); 1241 1242 // There could be more than one alternative instruction sequences for the 1243 // same original instruction. Annotate each alternative separately. 1244 std::string AnnotationName = "AltInst"; 1245 unsigned N = 2; 1246 while (BC.MIB->hasAnnotation(*Inst, AnnotationName)) 1247 AnnotationName = "AltInst" + std::to_string(N++); 1248 1249 BC.MIB->addAnnotation(*Inst, AnnotationName, EntryID); 1250 1251 // Annotate all instructions from the original sequence. Note that it's not 1252 // the most efficient way to look for instructions in the address range, 1253 // but since alternative instructions are uncommon, it will do for now. 1254 for (uint32_t Offset = 1; Offset < OrgSize; ++Offset) { 1255 Inst = BF->getInstructionAtOffset(OrgInstAddress + Offset - 1256 BF->getAddress()); 1257 if (Inst) 1258 BC.MIB->addAnnotation(*Inst, AnnotationName, EntryID); 1259 } 1260 } 1261 1262 BC.outs() << "BOLT-INFO: parsed " << EntryID 1263 << " alternative instruction entries\n"; 1264 1265 return Error::success(); 1266 } 1267 1268 /// When the Linux kernel needs to handle an error associated with a given PCI 1269 /// device, it uses a table stored in .pci_fixup section to locate a fixup code 1270 /// specific to the vendor and the problematic device. The section contains a 1271 /// list of the following structures defined in include/linux/pci.h: 1272 /// 1273 /// struct pci_fixup { 1274 /// u16 vendor; /* Or PCI_ANY_ID */ 1275 /// u16 device; /* Or PCI_ANY_ID */ 1276 /// u32 class; /* Or PCI_ANY_ID */ 1277 /// unsigned int class_shift; /* should be 0, 8, 16 */ 1278 /// int hook_offset; 1279 /// }; 1280 /// 1281 /// Normally, the hook will point to a function start and we don't have to 1282 /// update the pointer if we are not relocating functions. Hence, while reading 1283 /// the table we validate this assumption. If a function has a fixup code in the 1284 /// middle of its body, we issue a warning and ignore it. 1285 Error LinuxKernelRewriter::readPCIFixupTable() { 1286 PCIFixupSection = BC.getUniqueSectionByName(".pci_fixup"); 1287 if (!PCIFixupSection) 1288 return Error::success(); 1289 1290 if (PCIFixupSection->getSize() % PCI_FIXUP_ENTRY_SIZE) 1291 return createStringError(errc::executable_format_error, 1292 "PCI fixup table size error"); 1293 1294 const uint64_t Address = PCIFixupSection->getAddress(); 1295 DataExtractor DE = DataExtractor(PCIFixupSection->getContents(), 1296 BC.AsmInfo->isLittleEndian(), 1297 BC.AsmInfo->getCodePointerSize()); 1298 uint64_t EntryID = 0; 1299 DataExtractor::Cursor Cursor(0); 1300 while (Cursor && !DE.eof(Cursor)) { 1301 const uint16_t Vendor = DE.getU16(Cursor); 1302 const uint16_t Device = DE.getU16(Cursor); 1303 const uint32_t Class = DE.getU32(Cursor); 1304 const uint32_t ClassShift = DE.getU32(Cursor); 1305 const uint64_t HookAddress = 1306 Address + Cursor.tell() + (int32_t)DE.getU32(Cursor); 1307 1308 if (!Cursor) 1309 return createStringError(errc::executable_format_error, 1310 "out of bounds while reading .pci_fixup: %s", 1311 toString(Cursor.takeError()).c_str()); 1312 1313 ++EntryID; 1314 1315 if (opts::DumpPCIFixups) { 1316 BC.outs() << "PCI fixup entry: " << EntryID << "\n\tVendor 0x" 1317 << Twine::utohexstr(Vendor) << "\n\tDevice: 0x" 1318 << Twine::utohexstr(Device) << "\n\tClass: 0x" 1319 << Twine::utohexstr(Class) << "\n\tClassShift: 0x" 1320 << Twine::utohexstr(ClassShift) << "\n\tHookAddress: 0x" 1321 << Twine::utohexstr(HookAddress) << '\n'; 1322 } 1323 1324 BinaryFunction *BF = BC.getBinaryFunctionContainingAddress(HookAddress); 1325 if (!BF && opts::Verbosity) { 1326 BC.outs() << "BOLT-INFO: no function matches address 0x" 1327 << Twine::utohexstr(HookAddress) 1328 << " of hook from .pci_fixup\n"; 1329 } 1330 1331 if (!BF || !BC.shouldEmit(*BF)) 1332 continue; 1333 1334 if (const uint64_t Offset = HookAddress - BF->getAddress()) { 1335 BC.errs() << "BOLT-WARNING: PCI fixup detected in the middle of function " 1336 << *BF << " at offset 0x" << Twine::utohexstr(Offset) << '\n'; 1337 BF->setSimple(false); 1338 } 1339 } 1340 1341 BC.outs() << "BOLT-INFO: parsed " << EntryID << " PCI fixup entries\n"; 1342 1343 return Error::success(); 1344 } 1345 1346 } // namespace 1347 1348 std::unique_ptr<MetadataRewriter> 1349 llvm::bolt::createLinuxKernelRewriter(BinaryContext &BC) { 1350 return std::make_unique<LinuxKernelRewriter>(BC); 1351 } 1352