Re: [tip: objtool/core] objtool: Fix segfault on unknown alternatives
From: Josh Poimboeuf
Date: Mon Dec 01 2025 - 15:05:59 EST
On Mon, Dec 01, 2025 at 09:52:51AM +0000, tip-bot2 for Ingo Molnar wrote:
> The following commit has been merged into the objtool/core branch of tip:
>
> Commit-ID: 6ec33db1aaf06a76fb063610e668f8e12f32ebbf
> Gitweb: https://git.kernel.org/tip/6ec33db1aaf06a76fb063610e668f8e12f32ebbf
> Author: Ingo Molnar <mingo@xxxxxxxxxx>
> AuthorDate: Mon, 01 Dec 2025 10:42:27 +01:00
> Committer: Ingo Molnar <mingo@xxxxxxxxxx>
> CommitterDate: Mon, 01 Dec 2025 10:42:27 +01:00
>
> objtool: Fix segfault on unknown alternatives
>
> So 'objtool --link -d vmlinux.o' gets surprised by this endbr64+endbr64 pattern
> in ___bpf_prog_run():
>
> ___bpf_prog_run:
> 1e7680: ___bpf_prog_run+0x0 push %r12
> 1e7682: ___bpf_prog_run+0x2 mov %rdi,%r12
> 1e7685: ___bpf_prog_run+0x5 push %rbp
> 1e7686: ___bpf_prog_run+0x6 xor %ebp,%ebp
> 1e7688: ___bpf_prog_run+0x8 push %rbx
> 1e7689: ___bpf_prog_run+0x9 mov %rsi,%rbx
> 1e768c: ___bpf_prog_run+0xc movzbl (%rbx),%esi
> 1e768f: ___bpf_prog_run+0xf movzbl %sil,%edx
> 1e7693: ___bpf_prog_run+0x13 mov %esi,%eax
> 1e7695: ___bpf_prog_run+0x15 mov 0x0(,%rdx,8),%rdx
> 1e769d: ___bpf_prog_run+0x1d jmp 0x1e76a2 <__x86_indirect_thunk_rdx>
The problem is actually that indirect jump. That's a jump table (not to
be confused with a jump *label*) which is an objtool "alt" type which
the disas code doesn't seem to know about yet.
They're used for C indirect goto (___bpf_prog_run) and switch
statements. The latter are currently disabled in most x86 configs via
-fno-jump-tables.
They're indirect jumps with a known set of jump targets. It should be
possible to graphically display the possible targets with lines and
arrows, something similar to "objdump -d --visualize-jumps".
If the code isn't expecting that "alt" type, it might explode in other
ways. So at least for now, those alts need to at least be recognized
and ignored.
--
Josh