Back to home page

LXR

 
 

    


0001 #! /bin/bash
0002 # (c) 2015, Quentin Casasnovas <quentin.casasnovas@oracle.com>
0003 
0004 obj=$1
0005 
0006 file ${obj} | grep -q ELF || (echo "${obj} is not and ELF file." 1>&2 ; exit 0)
0007 
0008 # Bail out early if there isn't an __ex_table section in this object file.
0009 objdump -hj __ex_table ${obj} 2> /dev/null > /dev/null
0010 [ $? -ne 0 ] && exit 0
0011 
0012 white_list=.text,.fixup
0013 
0014 suspicious_relocs=$(objdump -rj __ex_table ${obj}  | tail -n +6 |
0015                         grep -v $(eval echo -e{${white_list}}) | awk '{print $3}')
0016 
0017 # No suspicious relocs in __ex_table, jobs a good'un
0018 [ -z "${suspicious_relocs}" ] && exit 0
0019 
0020 
0021 # After this point, something is seriously wrong since we just found out we
0022 # have some relocations in __ex_table which point to sections which aren't
0023 # white listed.  If you're adding a new section in the Linux kernel, and
0024 # you're expecting this section to contain code which can fault (i.e. the
0025 # __ex_table relocation to your new section is expected), simply add your
0026 # new section to the white_list variable above.  If not, you're probably
0027 # doing something wrong and the rest of this code is just trying to print
0028 # you more information about it.
0029 
0030 function find_section_offset_from_symbol()
0031 {
0032     eval $(objdump -t ${obj} | grep ${1} | sed 's/\([0-9a-f]\+\) .\{7\} \([^ \t]\+\).*/section="\2"; section_offset="0x\1" /')
0033 
0034     # addr2line takes addresses in hexadecimal...
0035     section_offset=$(printf "0x%016x" $(( ${section_offset} + $2 )) )
0036 }
0037 
0038 function find_symbol_and_offset_from_reloc()
0039 {
0040     # Extract symbol and offset from the objdump output
0041     eval $(echo $reloc | sed 's/\([^+]\+\)+\?\(0x[0-9a-f]\+\)\?/symbol="\1"; symbol_offset="\2"/')
0042 
0043     # When the relocation points to the begining of a symbol or section, it
0044     # won't print the offset since it is zero.
0045     if [ -z "${symbol_offset}" ]; then
0046         symbol_offset=0x0
0047     fi
0048 }
0049 
0050 function find_alt_replacement_target()
0051 {
0052     # The target of the .altinstr_replacement is the relocation just before
0053     # the .altinstr_replacement one.
0054     eval $(objdump -rj .altinstructions ${obj} | grep -B1 "${section}+${section_offset}" | head -n1 | awk '{print $3}' |
0055            sed 's/\([^+]\+\)+\(0x[0-9a-f]\+\)/alt_target_section="\1"; alt_target_offset="\2"/')
0056 }
0057 
0058 function handle_alt_replacement_reloc()
0059 {
0060     # This will define alt_target_section and alt_target_section_offset
0061     find_alt_replacement_target ${section} ${section_offset}
0062 
0063     echo "Error: found a reference to .altinstr_replacement in __ex_table:"
0064     addr2line -fip -j ${alt_target_section} -e ${obj} ${alt_target_offset} | awk '{print "\t" $0}'
0065 
0066     error=true
0067 }
0068 
0069 function is_executable_section()
0070 {
0071     objdump -hwj ${section} ${obj} | grep -q CODE
0072     return $?
0073 }
0074 
0075 function handle_suspicious_generic_reloc()
0076 {
0077     if is_executable_section ${section}; then
0078         # We've got a relocation to a non white listed _executable_
0079         # section, print a warning so the developper adds the section to
0080         # the white list or fix his code.  We try to pretty-print the file
0081         # and line number where that relocation was added.
0082         echo "Warning: found a reference to section \"${section}\" in __ex_table:"
0083         addr2line -fip -j ${section} -e ${obj} ${section_offset} | awk '{print "\t" $0}'
0084     else
0085         # Something is definitively wrong here since we've got a relocation
0086         # to a non-executable section, there's no way this would ever be
0087         # running in the kernel.
0088         echo "Error: found a reference to non-executable section \"${section}\" in __ex_table at offset ${section_offset}"
0089         error=true
0090     fi
0091 }
0092 
0093 function handle_suspicious_reloc()
0094 {
0095     case "${section}" in
0096         ".altinstr_replacement")
0097             handle_alt_replacement_reloc ${section} ${section_offset}
0098             ;;
0099         *)
0100             handle_suspicious_generic_reloc ${section} ${section_offset}
0101             ;;
0102     esac
0103 }
0104 
0105 function diagnose()
0106 {
0107 
0108     for reloc in ${suspicious_relocs}; do
0109         # Let's find out where the target of the relocation in __ex_table
0110         # is, this will define ${symbol} and ${symbol_offset}
0111         find_symbol_and_offset_from_reloc ${reloc}
0112 
0113         # When there's a global symbol at the place of the relocation,
0114         # objdump will use it instead of giving us a section+offset, so
0115         # let's find out which section is this symbol in and the total
0116         # offset withing that section.
0117         find_section_offset_from_symbol ${symbol} ${symbol_offset}
0118 
0119         # In this case objdump was presenting us with a reloc to a symbol
0120         # rather than a section. Now that we've got the actual section,
0121         # we can skip it if it's in the white_list.
0122         if [ -z "$( echo $section | grep -v $(eval echo -e{${white_list}}))" ]; then
0123             continue;
0124         fi
0125 
0126         # Will either print a warning if the relocation happens to be in a
0127         # section we do not know but has executable bit set, or error out.
0128         handle_suspicious_reloc
0129     done
0130 }
0131 
0132 function check_debug_info() {
0133     objdump -hj .debug_info ${obj} 2> /dev/null > /dev/null ||
0134         echo -e "${obj} does not contain debug information, the addr2line output will be limited.\n" \
0135              "Recompile ${obj} with CONFIG_DEBUG_INFO to get a more useful output."
0136 }
0137 
0138 check_debug_info
0139 
0140 diagnose
0141 
0142 if [ "${error}" ]; then
0143     exit 1
0144 fi
0145 
0146 exit 0