Re: [RFC V2 00/16] objtool: Add support for Arm64

[Raphael Gault]

Hi Josh,

On 5/28/19 11:24 PM, Josh Poimboeuf wrote:
> On Tue, May 21, 2019 at 12:50:57PM +0000, Raphael Gault wrote:
> > Hi Josh,
> >
> > Thanks for offering your help and sorry for the late answer.
> >
> > My understanding is that a table of offsets is built by GCC, those
> > offsets being scaled by 4 before adding them to the base label.
> > I believe the offsets are stored in the .rodata section. To find the
> > size of that table, it is needed to find a comparison, which can be
> > optimized out apprently. In that case the end of the array can be found
> > by locating labels pointing to data behind it (which is not 100% safe).
> >
> > On 5/16/19 3:29 PM, Josh Poimboeuf wrote:
> > > On Thu, May 16, 2019 at 11:36:39AM +0100, Raphael Gault wrote:
> > > > Noteworthy points:
> > > > * I still haven't figured out how to detect switch-tables on arm64. I
> > > > have a better understanding of them but still haven't implemented checks
> > > > as it doesn't look trivial at all.
> > >
> > > Switch tables were tricky to get right on x86.  If you share an example
> > > (or even just a .o file) I can take a look.  Hopefully they're somewhat
> > > similar to x86 switch tables.  Otherwise we may want to consider a
> > > different approach (for example maybe a GCC plugin could help annotate
> > > them).
> >
> > The case which made me realize the issue is the one of
> > arch/arm64/kernel/module.o:apply_relocate_add:
> >
> > ```
> > What seems to happen in the case of module.o is:
> >    334:   90000015        adrp    x21, 0 <do_reloc>
> > which retrieves the location of an offset in the rodata section, and a
> > bit later we do some extra computation with it in order to compute the
> > jump destination:
> >    3e0:   78625aa0        ldrh    w0, [x21, w2, uxtw #1]
> >    3e4:   10000061        adr     x1, 3f0 <apply_relocate_add+0xf8>
> >    3e8:   8b20a820        add     x0, x1, w0, sxth #2
> >    3ec:   d61f0000        br      x0
> > ```
> >
> > Please keep in mind that the actual offsets might vary.
> >
> > I'm happy to provide more details about what I have identified if you
> > want me to.
>
> I get the feeling this is going to be trickier than x86 switch tables
> (which have already been tricky enough).
>
> On x86, there's a .rela.rodata section which applies relocations to
> .rodata.  The presence of those relocations makes it relatively easy to
> differentiate switch tables from other read-only data.  For example, we
> can tell that a switch table ends when either a) there's not a text
> relocation or b) another switch table begins.
>
> But with arm64 I don't see a deterministic way to do that, because the
> table offsets are hard-coded in .rodata, with no relocations.
>
>  From talking with Kamalesh I got the impression that we might have a
> similar issue for powerpc.
>
> So I'm beginning to think we'll need compiler help.  Like a GCC plugin
> that annotates at least the following switch table metadata:
>
> - Branch instruction address
> - Switch table address
> - Switch table entry size
> - Switch table size
>
> The GCC plugin could write all the above metadata into a special section
> which gets discarded at link time.  I can look at implementing it,
> though I'll be traveling for two out of the next three weeks so it may
> be a while before I can get to it.

I am completely new to GCC plugins but I had a look and I think I found 
a possible solution to retrieve at least part of this information using 
the RTL representation in GCC. I can't say it will work for sure but I 
would be happy to discuss it with you if you want.
Although there are still some area I need to investigate related to 
interacting with the RTL representation and storing info into the ELF
I'd be interested in giving it a try, if you are okay with that.

Thanks,
--
Raphael Gault