1
// SPDX-License-Identifier: GPL-2.0-or-later
2
/*
3
 * elf.c - ELF access library
4
 *
5
 * Adapted from kpatch (https://github.com/dynup/kpatch):
6
 * Copyright (C) 2013-2015 Josh Poimboeuf <[email protected]>
7
 * Copyright (C) 2014 Seth Jennings <[email protected]>
8
 */
9

10
#include <sys/types.h>
11
#include <sys/stat.h>
12
#include <sys/mman.h>
13
#include <fcntl.h>
14
#include <stdio.h>
15
#include <stdlib.h>
16
#include <string.h>
17
#include <unistd.h>
18
#include <errno.h>
19
#include <linux/interval_tree_generic.h>
20
#include <objtool/builtin.h>
21

22
#include <objtool/elf.h>
23
#include <objtool/warn.h>
24

25
static inline u32 str_hash(const char *str)
26
{
27
	return jhash(str, strlen(str), 0);
28
}
29

30
#define __elf_table(name)	(elf->name##_hash)
31
#define __elf_bits(name)	(elf->name##_bits)
32

33
#define __elf_table_entry(name, key) \
34
	__elf_table(name)[hash_min(key, __elf_bits(name))]
35

36
#define elf_hash_add(name, node, key)					\
37
({									\
38
	struct elf_hash_node *__node = node;				\
39
	__node->next = __elf_table_entry(name, key);			\
40
	__elf_table_entry(name, key) = __node;				\
41
})
42

43
static inline void __elf_hash_del(struct elf_hash_node *node,
44
				  struct elf_hash_node **head)
45
{
46
	struct elf_hash_node *cur, *prev;
47

48
	if (node == *head) {
49
		*head = node->next;
50
		return;
51
	}
52

53
	for (prev = NULL, cur = *head; cur; prev = cur, cur = cur->next) {
54
		if (cur == node) {
55
			prev->next = cur->next;
56
			break;
57
		}
58
	}
59
}
60

61
#define elf_hash_del(name, node, key) \
62
	__elf_hash_del(node, &__elf_table_entry(name, key))
63

64
#define elf_list_entry(ptr, type, member)				\
65
({									\
66
	typeof(ptr) __ptr = (ptr);					\
67
	__ptr ? container_of(__ptr, type, member) : NULL;		\
68
})
69

70
#define elf_hash_for_each_possible(name, obj, member, key)		\
71
	for (obj = elf_list_entry(__elf_table_entry(name, key), typeof(*obj), member); \
72
	     obj;							\
73
	     obj = elf_list_entry(obj->member.next, typeof(*(obj)), member))
74

75
#define elf_alloc_hash(name, size)					\
76
({									\
77
	__elf_bits(name) = max(10, ilog2(size));			\
78
	__elf_table(name) = mmap(NULL, sizeof(struct elf_hash_node *) << __elf_bits(name), \
79
				 PROT_READ|PROT_WRITE,			\
80
				 MAP_PRIVATE|MAP_ANON, -1, 0);		\
81
	if (__elf_table(name) == (void *)-1L) {				\
82
		ERROR_GLIBC("mmap fail " #name);			\
83
		__elf_table(name) = NULL;				\
84
	}								\
85
	__elf_table(name);						\
86
})
87

88
static inline unsigned long __sym_start(struct symbol *s)
89
{
90
	return s->offset;
91
}
92

93
static inline unsigned long __sym_last(struct symbol *s)
94
{
95
	return s->offset + s->len - 1;
96
}
97

98
INTERVAL_TREE_DEFINE(struct symbol, node, unsigned long, __subtree_last,
99
		     __sym_start, __sym_last, static, __sym)
100

101
#define __sym_for_each(_iter, _tree, _start, _end)			\
102
	for (_iter = __sym_iter_first((_tree), (_start), (_end));	\
103
	     _iter; _iter = __sym_iter_next(_iter, (_start), (_end)))
104

105
struct symbol_hole {
106
	unsigned long key;
107
	const struct symbol *sym;
108
};
109

110
/*
111
 * Find !section symbol where @offset is after it.
112
 */
113
static int symbol_hole_by_offset(const void *key, const struct rb_node *node)
114
{
115
	const struct symbol *s = rb_entry(node, struct symbol, node);
116
	struct symbol_hole *sh = (void *)key;
117

118
	if (sh->key < s->offset)
119
		return -1;
120

121
	if (sh->key >= s->offset + s->len) {
122
		if (s->type != STT_SECTION)
123
			sh->sym = s;
124
		return 1;
125
	}
126

127
	return 0;
128
}
129

130
struct section *find_section_by_name(const struct elf *elf, const char *name)
131
{
132
	struct section *sec;
133

134
	elf_hash_for_each_possible(section_name, sec, name_hash, str_hash(name)) {
135
		if (!strcmp(sec->name, name))
136
			return sec;
137
	}
138

139
	return NULL;
140
}
141

142
static struct section *find_section_by_index(struct elf *elf,
143
					     unsigned int idx)
144
{
145
	struct section *sec;
146

147
	elf_hash_for_each_possible(section, sec, hash, idx) {
148
		if (sec->idx == idx)
149
			return sec;
150
	}
151

152
	return NULL;
153
}
154

155
static struct symbol *find_symbol_by_index(struct elf *elf, unsigned int idx)
156
{
157
	struct symbol *sym;
158

159
	elf_hash_for_each_possible(symbol, sym, hash, idx) {
160
		if (sym->idx == idx)
161
			return sym;
162
	}
163

164
	return NULL;
165
}
166

167
struct symbol *find_symbol_by_offset(struct section *sec, unsigned long offset)
168
{
169
	struct rb_root_cached *tree = (struct rb_root_cached *)&sec->symbol_tree;
170
	struct symbol *iter;
171

172
	__sym_for_each(iter, tree, offset, offset) {
173
		if (iter->offset == offset && iter->type != STT_SECTION)
174
			return iter;
175
	}
176

177
	return NULL;
178
}
179

180
struct symbol *find_func_by_offset(struct section *sec, unsigned long offset)
181
{
182
	struct rb_root_cached *tree = (struct rb_root_cached *)&sec->symbol_tree;
183
	struct symbol *iter;
184

185
	__sym_for_each(iter, tree, offset, offset) {
186
		if (iter->offset == offset && iter->type == STT_FUNC)
187
			return iter;
188
	}
189

190
	return NULL;
191
}
192

193
struct symbol *find_symbol_containing(const struct section *sec, unsigned long offset)
194
{
195
	struct rb_root_cached *tree = (struct rb_root_cached *)&sec->symbol_tree;
196
	struct symbol *iter;
197

198
	__sym_for_each(iter, tree, offset, offset) {
199
		if (iter->type != STT_SECTION)
200
			return iter;
201
	}
202

203
	return NULL;
204
}
205

206
/*
207
 * Returns size of hole starting at @offset.
208
 */
209
int find_symbol_hole_containing(const struct section *sec, unsigned long offset)
210
{
211
	struct symbol_hole hole = {
212
		.key = offset,
213
		.sym = NULL,
214
	};
215
	struct rb_node *n;
216
	struct symbol *s;
217

218
	/*
219
	 * Find the rightmost symbol for which @offset is after it.
220
	 */
221
	n = rb_find(&hole, &sec->symbol_tree.rb_root, symbol_hole_by_offset);
222

223
	/* found a symbol that contains @offset */
224
	if (n)
225
		return 0; /* not a hole */
226

227
	/*
228
	 * @offset >= sym->offset + sym->len, find symbol after it.
229
	 * When hole.sym is empty, use the first node to compute the hole.
230
	 * If there is no symbol in the section, the first node will be NULL,
231
	 * in which case, -1 is returned to skip the whole section.
232
	 */
233
	if (hole.sym)
234
		n = rb_next(&hole.sym->node);
235
	else
236
		n = rb_first_cached(&sec->symbol_tree);
237

238
	if (!n)
239
		return -1; /* until end of address space */
240

241
	/* hole until start of next symbol */
242
	s = rb_entry(n, struct symbol, node);
243
	return s->offset - offset;
244
}
245

246
struct symbol *find_func_containing(struct section *sec, unsigned long offset)
247
{
248
	struct rb_root_cached *tree = (struct rb_root_cached *)&sec->symbol_tree;
249
	struct symbol *iter;
250

251
	__sym_for_each(iter, tree, offset, offset) {
252
		if (iter->type == STT_FUNC)
253
			return iter;
254
	}
255

256
	return NULL;
257
}
258

259
struct symbol *find_symbol_by_name(const struct elf *elf, const char *name)
260
{
261
	struct symbol *sym;
262

263
	elf_hash_for_each_possible(symbol_name, sym, name_hash, str_hash(name)) {
264
		if (!strcmp(sym->name, name))
265
			return sym;
266
	}
267

268
	return NULL;
269
}
270

271
struct reloc *find_reloc_by_dest_range(const struct elf *elf, struct section *sec,
272
				     unsigned long offset, unsigned int len)
273
{
274
	struct reloc *reloc, *r = NULL;
275
	struct section *rsec;
276
	unsigned long o;
277

278
	rsec = sec->rsec;
279
	if (!rsec)
280
		return NULL;
281

282
	for_offset_range(o, offset, offset + len) {
283
		elf_hash_for_each_possible(reloc, reloc, hash,
284
					   sec_offset_hash(rsec, o)) {
285
			if (reloc->sec != rsec)
286
				continue;
287

288
			if (reloc_offset(reloc) >= offset &&
289
			    reloc_offset(reloc) < offset + len) {
290
				if (!r || reloc_offset(reloc) < reloc_offset(r))
291
					r = reloc;
292
			}
293
		}
294
		if (r)
295
			return r;
296
	}
297

298
	return NULL;
299
}
300

301
struct reloc *find_reloc_by_dest(const struct elf *elf, struct section *sec, unsigned long offset)
302
{
303
	return find_reloc_by_dest_range(elf, sec, offset, 1);
304
}
305

306
static bool is_dwarf_section(struct section *sec)
307
{
308
	return !strncmp(sec->name, ".debug_", 7);
309
}
310

311
static int read_sections(struct elf *elf)
312
{
313
	Elf_Scn *s = NULL;
314
	struct section *sec;
315
	size_t shstrndx, sections_nr;
316
	int i;
317

318
	if (elf_getshdrnum(elf->elf, &sections_nr)) {
319
		ERROR_ELF("elf_getshdrnum");
320
		return -1;
321
	}
322

323
	if (elf_getshdrstrndx(elf->elf, &shstrndx)) {
324
		ERROR_ELF("elf_getshdrstrndx");
325
		return -1;
326
	}
327

328
	if (!elf_alloc_hash(section, sections_nr) ||
329
	    !elf_alloc_hash(section_name, sections_nr))
330
		return -1;
331

332
	elf->section_data = calloc(sections_nr, sizeof(*sec));
333
	if (!elf->section_data) {
334
		ERROR_GLIBC("calloc");
335
		return -1;
336
	}
337
	for (i = 0; i < sections_nr; i++) {
338
		sec = &elf->section_data[i];
339

340
		INIT_LIST_HEAD(&sec->symbol_list);
341

342
		s = elf_getscn(elf->elf, i);
343
		if (!s) {
344
			ERROR_ELF("elf_getscn");
345
			return -1;
346
		}
347

348
		sec->idx = elf_ndxscn(s);
349

350
		if (!gelf_getshdr(s, &sec->sh)) {
351
			ERROR_ELF("gelf_getshdr");
352
			return -1;
353
		}
354

355
		sec->name = elf_strptr(elf->elf, shstrndx, sec->sh.sh_name);
356
		if (!sec->name) {
357
			ERROR_ELF("elf_strptr");
358
			return -1;
359
		}
360

361
		if (sec->sh.sh_size != 0 && !is_dwarf_section(sec)) {
362
			sec->data = elf_getdata(s, NULL);
363
			if (!sec->data) {
364
				ERROR_ELF("elf_getdata");
365
				return -1;
366
			}
367
			if (sec->data->d_off != 0 ||
368
			    sec->data->d_size != sec->sh.sh_size) {
369
				ERROR("unexpected data attributes for %s", sec->name);
370
				return -1;
371
			}
372
		}
373

374
		list_add_tail(&sec->list, &elf->sections);
375
		elf_hash_add(section, &sec->hash, sec->idx);
376
		elf_hash_add(section_name, &sec->name_hash, str_hash(sec->name));
377

378
		if (is_reloc_sec(sec))
379
			elf->num_relocs += sec_num_entries(sec);
380
	}
381

382
	if (opts.stats) {
383
		printf("nr_sections: %lu\n", (unsigned long)sections_nr);
384
		printf("section_bits: %d\n", elf->section_bits);
385
	}
386

387
	/* sanity check, one more call to elf_nextscn() should return NULL */
388
	if (elf_nextscn(elf->elf, s)) {
389
		ERROR("section entry mismatch");
390
		return -1;
391
	}
392

393
	return 0;
394
}
395

396
static void elf_add_symbol(struct elf *elf, struct symbol *sym)
397
{
398
	struct list_head *entry;
399
	struct rb_node *pnode;
400
	struct symbol *iter;
401

402
	INIT_LIST_HEAD(&sym->pv_target);
403
	sym->alias = sym;
404

405
	sym->type = GELF_ST_TYPE(sym->sym.st_info);
406
	sym->bind = GELF_ST_BIND(sym->sym.st_info);
407

408
	if (sym->type == STT_FILE)
409
		elf->num_files++;
410

411
	sym->offset = sym->sym.st_value;
412
	sym->len = sym->sym.st_size;
413

414
	__sym_for_each(iter, &sym->sec->symbol_tree, sym->offset, sym->offset) {
415
		if (iter->offset == sym->offset && iter->type == sym->type)
416
			iter->alias = sym;
417
	}
418

419
	__sym_insert(sym, &sym->sec->symbol_tree);
420
	pnode = rb_prev(&sym->node);
421
	if (pnode)
422
		entry = &rb_entry(pnode, struct symbol, node)->list;
423
	else
424
		entry = &sym->sec->symbol_list;
425
	list_add(&sym->list, entry);
426
	elf_hash_add(symbol, &sym->hash, sym->idx);
427
	elf_hash_add(symbol_name, &sym->name_hash, str_hash(sym->name));
428

429
	/*
430
	 * Don't store empty STT_NOTYPE symbols in the rbtree.  They
431
	 * can exist within a function, confusing the sorting.
432
	 */
433
	if (!sym->len)
434
		__sym_remove(sym, &sym->sec->symbol_tree);
435
}
436

437
static int read_symbols(struct elf *elf)
438
{
439
	struct section *symtab, *symtab_shndx, *sec;
440
	struct symbol *sym, *pfunc;
441
	int symbols_nr, i;
442
	char *coldstr;
443
	Elf_Data *shndx_data = NULL;
444
	Elf32_Word shndx;
445

446
	symtab = find_section_by_name(elf, ".symtab");
447
	if (symtab) {
448
		symtab_shndx = find_section_by_name(elf, ".symtab_shndx");
449
		if (symtab_shndx)
450
			shndx_data = symtab_shndx->data;
451

452
		symbols_nr = sec_num_entries(symtab);
453
	} else {
454
		/*
455
		 * A missing symbol table is actually possible if it's an empty
456
		 * .o file. This can happen for thunk_64.o. Make sure to at
457
		 * least allocate the symbol hash tables so we can do symbol
458
		 * lookups without crashing.
459
		 */
460
		symbols_nr = 0;
461
	}
462

463
	if (!elf_alloc_hash(symbol, symbols_nr) ||
464
	    !elf_alloc_hash(symbol_name, symbols_nr))
465
		return -1;
466

467
	elf->symbol_data = calloc(symbols_nr, sizeof(*sym));
468
	if (!elf->symbol_data) {
469
		ERROR_GLIBC("calloc");
470
		return -1;
471
	}
472
	for (i = 0; i < symbols_nr; i++) {
473
		sym = &elf->symbol_data[i];
474

475
		sym->idx = i;
476

477
		if (!gelf_getsymshndx(symtab->data, shndx_data, i, &sym->sym,
478
				      &shndx)) {
479
			ERROR_ELF("gelf_getsymshndx");
480
			goto err;
481
		}
482

483
		sym->name = elf_strptr(elf->elf, symtab->sh.sh_link,
484
				       sym->sym.st_name);
485
		if (!sym->name) {
486
			ERROR_ELF("elf_strptr");
487
			goto err;
488
		}
489

490
		if ((sym->sym.st_shndx > SHN_UNDEF &&
491
		     sym->sym.st_shndx < SHN_LORESERVE) ||
492
		    (shndx_data && sym->sym.st_shndx == SHN_XINDEX)) {
493
			if (sym->sym.st_shndx != SHN_XINDEX)
494
				shndx = sym->sym.st_shndx;
495

496
			sym->sec = find_section_by_index(elf, shndx);
497
			if (!sym->sec) {
498
				ERROR("couldn't find section for symbol %s", sym->name);
499
				goto err;
500
			}
501
			if (GELF_ST_TYPE(sym->sym.st_info) == STT_SECTION) {
502
				sym->name = sym->sec->name;
503
				sym->sec->sym = sym;
504
			}
505
		} else
506
			sym->sec = find_section_by_index(elf, 0);
507

508
		elf_add_symbol(elf, sym);
509
	}
510

511
	if (opts.stats) {
512
		printf("nr_symbols: %lu\n", (unsigned long)symbols_nr);
513
		printf("symbol_bits: %d\n", elf->symbol_bits);
514
	}
515

516
	/* Create parent/child links for any cold subfunctions */
517
	list_for_each_entry(sec, &elf->sections, list) {
518
		sec_for_each_sym(sec, sym) {
519
			char *pname;
520
			size_t pnamelen;
521
			if (sym->type != STT_FUNC)
522
				continue;
523

524
			if (sym->pfunc == NULL)
525
				sym->pfunc = sym;
526

527
			if (sym->cfunc == NULL)
528
				sym->cfunc = sym;
529

530
			coldstr = strstr(sym->name, ".cold");
531
			if (!coldstr)
532
				continue;
533

534
			pnamelen = coldstr - sym->name;
535
			pname = strndup(sym->name, pnamelen);
536
			if (!pname) {
537
				ERROR("%s(): failed to allocate memory", sym->name);
538
				return -1;
539
			}
540

541
			pfunc = find_symbol_by_name(elf, pname);
542
			free(pname);
543

544
			if (!pfunc) {
545
				ERROR("%s(): can't find parent function", sym->name);
546
				return -1;
547
			}
548

549
			sym->pfunc = pfunc;
550
			pfunc->cfunc = sym;
551

552
			/*
553
			 * Unfortunately, -fnoreorder-functions puts the child
554
			 * inside the parent.  Remove the overlap so we can
555
			 * have sane assumptions.
556
			 *
557
			 * Note that pfunc->len now no longer matches
558
			 * pfunc->sym.st_size.
559
			 */
560
			if (sym->sec == pfunc->sec &&
561
			    sym->offset >= pfunc->offset &&
562
			    sym->offset + sym->len == pfunc->offset + pfunc->len) {
563
				pfunc->len -= sym->len;
564
			}
565
		}
566
	}
567

568
	return 0;
569

570
err:
571
	free(sym);
572
	return -1;
573
}
574

575
static int mark_group_syms(struct elf *elf)
576
{
577
	struct section *symtab, *sec;
578
	struct symbol *sym;
579

580
	symtab = find_section_by_name(elf, ".symtab");
581
	if (!symtab) {
582
		ERROR("no .symtab");
583
		return -1;
584
	}
585

586
	list_for_each_entry(sec, &elf->sections, list) {
587
		if (sec->sh.sh_type == SHT_GROUP &&
588
		    sec->sh.sh_link == symtab->idx) {
589
			sym = find_symbol_by_index(elf, sec->sh.sh_info);
590
			if (!sym) {
591
				ERROR("%s: can't find SHT_GROUP signature symbol",
592
				      sec->name);
593
				return -1;
594
			}
595

596
			sym->group_sec = sec;
597
		}
598
	}
599

600
	return 0;
601
}
602

603
/*
604
 * @sym's idx has changed.  Update the relocs which reference it.
605
 */
606
static int elf_update_sym_relocs(struct elf *elf, struct symbol *sym)
607
{
608
	struct reloc *reloc;
609

610
	for (reloc = sym->relocs; reloc; reloc = sym_next_reloc(reloc))
611
		set_reloc_sym(elf, reloc, reloc->sym->idx);
612

613
	return 0;
614
}
615

616
/*
617
 * The libelf API is terrible; gelf_update_sym*() takes a data block relative
618
 * index value, *NOT* the symbol index. As such, iterate the data blocks and
619
 * adjust index until it fits.
620
 *
621
 * If no data block is found, allow adding a new data block provided the index
622
 * is only one past the end.
623
 */
624
static int elf_update_symbol(struct elf *elf, struct section *symtab,
625
			     struct section *symtab_shndx, struct symbol *sym)
626
{
627
	Elf32_Word shndx = sym->sec ? sym->sec->idx : SHN_UNDEF;
628
	Elf_Data *symtab_data = NULL, *shndx_data = NULL;
629
	Elf64_Xword entsize = symtab->sh.sh_entsize;
630
	int max_idx, idx = sym->idx;
631
	Elf_Scn *s, *t = NULL;
632
	bool is_special_shndx = sym->sym.st_shndx >= SHN_LORESERVE &&
633
				sym->sym.st_shndx != SHN_XINDEX;
634

635
	if (is_special_shndx)
636
		shndx = sym->sym.st_shndx;
637

638
	s = elf_getscn(elf->elf, symtab->idx);
639
	if (!s) {
640
		ERROR_ELF("elf_getscn");
641
		return -1;
642
	}
643

644
	if (symtab_shndx) {
645
		t = elf_getscn(elf->elf, symtab_shndx->idx);
646
		if (!t) {
647
			ERROR_ELF("elf_getscn");
648
			return -1;
649
		}
650
	}
651

652
	for (;;) {
653
		/* get next data descriptor for the relevant sections */
654
		symtab_data = elf_getdata(s, symtab_data);
655
		if (t)
656
			shndx_data = elf_getdata(t, shndx_data);
657

658
		/* end-of-list */
659
		if (!symtab_data) {
660
			/*
661
			 * Over-allocate to avoid O(n^2) symbol creation
662
			 * behaviour.  The down side is that libelf doesn't
663
			 * like this; see elf_truncate_section() for the fixup.
664
			 */
665
			int num = max(1U, sym->idx/3);
666
			void *buf;
667

668
			if (idx) {
669
				/* we don't do holes in symbol tables */
670
				ERROR("index out of range");
671
				return -1;
672
			}
673

674
			/* if @idx == 0, it's the next contiguous entry, create it */
675
			symtab_data = elf_newdata(s);
676
			if (t)
677
				shndx_data = elf_newdata(t);
678

679
			buf = calloc(num, entsize);
680
			if (!buf) {
681
				ERROR_GLIBC("calloc");
682
				return -1;
683
			}
684

685
			symtab_data->d_buf = buf;
686
			symtab_data->d_size = num * entsize;
687
			symtab_data->d_align = 1;
688
			symtab_data->d_type = ELF_T_SYM;
689

690
			mark_sec_changed(elf, symtab, true);
691
			symtab->truncate = true;
692

693
			if (t) {
694
				buf = calloc(num, sizeof(Elf32_Word));
695
				if (!buf) {
696
					ERROR_GLIBC("calloc");
697
					return -1;
698
				}
699

700
				shndx_data->d_buf = buf;
701
				shndx_data->d_size = num * sizeof(Elf32_Word);
702
				shndx_data->d_align = sizeof(Elf32_Word);
703
				shndx_data->d_type = ELF_T_WORD;
704

705
				mark_sec_changed(elf, symtab_shndx, true);
706
				symtab_shndx->truncate = true;
707
			}
708

709
			break;
710
		}
711

712
		/* empty blocks should not happen */
713
		if (!symtab_data->d_size) {
714
			ERROR("zero size data");
715
			return -1;
716
		}
717

718
		/* is this the right block? */
719
		max_idx = symtab_data->d_size / entsize;
720
		if (idx < max_idx)
721
			break;
722

723
		/* adjust index and try again */
724
		idx -= max_idx;
725
	}
726

727
	/* something went side-ways */
728
	if (idx < 0) {
729
		ERROR("negative index");
730
		return -1;
731
	}
732

733
	/* setup extended section index magic and write the symbol */
734
	if ((shndx >= SHN_UNDEF && shndx < SHN_LORESERVE) || is_special_shndx) {
735
		sym->sym.st_shndx = shndx;
736
		if (!shndx_data)
737
			shndx = 0;
738
	} else {
739
		sym->sym.st_shndx = SHN_XINDEX;
740
		if (!shndx_data) {
741
			ERROR("no .symtab_shndx");
742
			return -1;
743
		}
744
	}
745

746
	if (!gelf_update_symshndx(symtab_data, shndx_data, idx, &sym->sym, shndx)) {
747
		ERROR_ELF("gelf_update_symshndx");
748
		return -1;
749
	}
750

751
	return 0;
752
}
753

754
static struct symbol *
755
__elf_create_symbol(struct elf *elf, struct symbol *sym)
756
{
757
	struct section *symtab, *symtab_shndx;
758
	Elf32_Word first_non_local, new_idx;
759
	struct symbol *old;
760

761
	symtab = find_section_by_name(elf, ".symtab");
762
	if (symtab) {
763
		symtab_shndx = find_section_by_name(elf, ".symtab_shndx");
764
	} else {
765
		ERROR("no .symtab");
766
		return NULL;
767
	}
768

769
	new_idx = sec_num_entries(symtab);
770

771
	if (GELF_ST_BIND(sym->sym.st_info) != STB_LOCAL)
772
		goto non_local;
773

774
	/*
775
	 * Move the first global symbol, as per sh_info, into a new, higher
776
	 * symbol index. This frees up a spot for a new local symbol.
777
	 */
778
	first_non_local = symtab->sh.sh_info;
779
	old = find_symbol_by_index(elf, first_non_local);
780
	if (old) {
781

782
		elf_hash_del(symbol, &old->hash, old->idx);
783
		elf_hash_add(symbol, &old->hash, new_idx);
784
		old->idx = new_idx;
785

786
		if (elf_update_symbol(elf, symtab, symtab_shndx, old)) {
787
			ERROR("elf_update_symbol move");
788
			return NULL;
789
		}
790

791
		if (elf_update_sym_relocs(elf, old))
792
			return NULL;
793

794
		if (old->group_sec) {
795
			old->group_sec->sh.sh_info = new_idx;
796
			mark_sec_changed(elf, old->group_sec, true);
797
		}
798

799
		new_idx = first_non_local;
800
	}
801

802
	/*
803
	 * Either way, we will add a LOCAL symbol.
804
	 */
805
	symtab->sh.sh_info += 1;
806

807
non_local:
808
	sym->idx = new_idx;
809
	if (elf_update_symbol(elf, symtab, symtab_shndx, sym)) {
810
		ERROR("elf_update_symbol");
811
		return NULL;
812
	}
813

814
	symtab->sh.sh_size += symtab->sh.sh_entsize;
815
	mark_sec_changed(elf, symtab, true);
816

817
	if (symtab_shndx) {
818
		symtab_shndx->sh.sh_size += sizeof(Elf32_Word);
819
		mark_sec_changed(elf, symtab_shndx, true);
820
	}
821

822
	return sym;
823
}
824

825
static struct symbol *
826
elf_create_section_symbol(struct elf *elf, struct section *sec)
827
{
828
	struct symbol *sym = calloc(1, sizeof(*sym));
829

830
	if (!sym) {
831
		ERROR_GLIBC("malloc");
832
		return NULL;
833
	}
834

835
	sym->name = sec->name;
836
	sym->sec = sec;
837

838
	// st_name 0
839
	sym->sym.st_info = GELF_ST_INFO(STB_LOCAL, STT_SECTION);
840
	// st_other 0
841
	// st_value 0
842
	// st_size 0
843

844
	sym = __elf_create_symbol(elf, sym);
845
	if (sym)
846
		elf_add_symbol(elf, sym);
847

848
	return sym;
849
}
850

851
static int elf_add_string(struct elf *elf, struct section *strtab, char *str);
852

853
struct symbol *
854
elf_create_prefix_symbol(struct elf *elf, struct symbol *orig, long size)
855
{
856
	struct symbol *sym = calloc(1, sizeof(*sym));
857
	size_t namelen = strlen(orig->name) + sizeof("__pfx_");
858
	char *name = malloc(namelen);
859

860
	if (!sym || !name) {
861
		ERROR_GLIBC("malloc");
862
		return NULL;
863
	}
864

865
	snprintf(name, namelen, "__pfx_%s", orig->name);
866

867
	sym->name = name;
868
	sym->sec = orig->sec;
869

870
	sym->sym.st_name = elf_add_string(elf, NULL, name);
871
	sym->sym.st_info = orig->sym.st_info;
872
	sym->sym.st_value = orig->sym.st_value - size;
873
	sym->sym.st_size = size;
874

875
	sym = __elf_create_symbol(elf, sym);
876
	if (sym)
877
		elf_add_symbol(elf, sym);
878

879
	return sym;
880
}
881

882
static struct reloc *elf_init_reloc(struct elf *elf, struct section *rsec,
883
				    unsigned int reloc_idx,
884
				    unsigned long offset, struct symbol *sym,
885
				    s64 addend, unsigned int type)
886
{
887
	struct reloc *reloc, empty = { 0 };
888

889
	if (reloc_idx >= sec_num_entries(rsec)) {
890
		ERROR("%s: bad reloc_idx %u for %s with %d relocs",
891
		      __func__, reloc_idx, rsec->name, sec_num_entries(rsec));
892
		return NULL;
893
	}
894

895
	reloc = &rsec->relocs[reloc_idx];
896

897
	if (memcmp(reloc, &empty, sizeof(empty))) {
898
		ERROR("%s: %s: reloc %d already initialized!",
899
		      __func__, rsec->name, reloc_idx);
900
		return NULL;
901
	}
902

903
	reloc->sec = rsec;
904
	reloc->sym = sym;
905

906
	set_reloc_offset(elf, reloc, offset);
907
	set_reloc_sym(elf, reloc, sym->idx);
908
	set_reloc_type(elf, reloc, type);
909
	set_reloc_addend(elf, reloc, addend);
910

911
	elf_hash_add(reloc, &reloc->hash, reloc_hash(reloc));
912
	set_sym_next_reloc(reloc, sym->relocs);
913
	sym->relocs = reloc;
914

915
	return reloc;
916
}
917

918
struct reloc *elf_init_reloc_text_sym(struct elf *elf, struct section *sec,
919
				      unsigned long offset,
920
				      unsigned int reloc_idx,
921
				      struct section *insn_sec,
922
				      unsigned long insn_off)
923
{
924
	struct symbol *sym = insn_sec->sym;
925
	int addend = insn_off;
926

927
	if (!(insn_sec->sh.sh_flags & SHF_EXECINSTR)) {
928
		ERROR("bad call to %s() for data symbol %s", __func__, sym->name);
929
		return NULL;
930
	}
931

932
	if (!sym) {
933
		/*
934
		 * Due to how weak functions work, we must use section based
935
		 * relocations. Symbol based relocations would result in the
936
		 * weak and non-weak function annotations being overlaid on the
937
		 * non-weak function after linking.
938
		 */
939
		sym = elf_create_section_symbol(elf, insn_sec);
940
		if (!sym)
941
			return NULL;
942

943
		insn_sec->sym = sym;
944
	}
945

946
	return elf_init_reloc(elf, sec->rsec, reloc_idx, offset, sym, addend,
947
			      elf_text_rela_type(elf));
948
}
949

950
struct reloc *elf_init_reloc_data_sym(struct elf *elf, struct section *sec,
951
				      unsigned long offset,
952
				      unsigned int reloc_idx,
953
				      struct symbol *sym,
954
				      s64 addend)
955
{
956
	if (sym->sec && (sec->sh.sh_flags & SHF_EXECINSTR)) {
957
		ERROR("bad call to %s() for text symbol %s", __func__, sym->name);
958
		return NULL;
959
	}
960

961
	return elf_init_reloc(elf, sec->rsec, reloc_idx, offset, sym, addend,
962
			      elf_data_rela_type(elf));
963
}
964

965
static int read_relocs(struct elf *elf)
966
{
967
	unsigned long nr_reloc, max_reloc = 0;
968
	struct section *rsec;
969
	struct reloc *reloc;
970
	unsigned int symndx;
971
	struct symbol *sym;
972
	int i;
973

974
	if (!elf_alloc_hash(reloc, elf->num_relocs))
975
		return -1;
976

977
	list_for_each_entry(rsec, &elf->sections, list) {
978
		if (!is_reloc_sec(rsec))
979
			continue;
980

981
		rsec->base = find_section_by_index(elf, rsec->sh.sh_info);
982
		if (!rsec->base) {
983
			ERROR("can't find base section for reloc section %s", rsec->name);
984
			return -1;
985
		}
986

987
		rsec->base->rsec = rsec;
988

989
		nr_reloc = 0;
990
		rsec->relocs = calloc(sec_num_entries(rsec), sizeof(*reloc));
991
		if (!rsec->relocs) {
992
			ERROR_GLIBC("calloc");
993
			return -1;
994
		}
995
		for (i = 0; i < sec_num_entries(rsec); i++) {
996
			reloc = &rsec->relocs[i];
997

998
			reloc->sec = rsec;
999
			symndx = reloc_sym(reloc);
1000
			reloc->sym = sym = find_symbol_by_index(elf, symndx);
1001
			if (!reloc->sym) {
1002
				ERROR("can't find reloc entry symbol %d for %s", symndx, rsec->name);
1003
				return -1;
1004
			}
1005

1006
			elf_hash_add(reloc, &reloc->hash, reloc_hash(reloc));
1007
			set_sym_next_reloc(reloc, sym->relocs);
1008
			sym->relocs = reloc;
1009

1010
			nr_reloc++;
1011
		}
1012
		max_reloc = max(max_reloc, nr_reloc);
1013
	}
1014

1015
	if (opts.stats) {
1016
		printf("max_reloc: %lu\n", max_reloc);
1017
		printf("num_relocs: %lu\n", elf->num_relocs);
1018
		printf("reloc_bits: %d\n", elf->reloc_bits);
1019
	}
1020

1021
	return 0;
1022
}
1023

1024
struct elf *elf_open_read(const char *name, int flags)
1025
{
1026
	struct elf *elf;
1027
	Elf_Cmd cmd;
1028

1029
	elf_version(EV_CURRENT);
1030

1031
	elf = malloc(sizeof(*elf));
1032
	if (!elf) {
1033
		ERROR_GLIBC("malloc");
1034
		return NULL;
1035
	}
1036
	memset(elf, 0, sizeof(*elf));
1037

1038
	INIT_LIST_HEAD(&elf->sections);
1039

1040
	elf->fd = open(name, flags);
1041
	if (elf->fd == -1) {
1042
		fprintf(stderr, "objtool: Can't open '%s': %s\n",
1043
			name, strerror(errno));
1044
		goto err;
1045
	}
1046

1047
	if ((flags & O_ACCMODE) == O_RDONLY)
1048
		cmd = ELF_C_READ_MMAP;
1049
	else if ((flags & O_ACCMODE) == O_RDWR)
1050
		cmd = ELF_C_RDWR;
1051
	else /* O_WRONLY */
1052
		cmd = ELF_C_WRITE;
1053

1054
	elf->elf = elf_begin(elf->fd, cmd, NULL);
1055
	if (!elf->elf) {
1056
		ERROR_ELF("elf_begin");
1057
		goto err;
1058
	}
1059

1060
	if (!gelf_getehdr(elf->elf, &elf->ehdr)) {
1061
		ERROR_ELF("gelf_getehdr");
1062
		goto err;
1063
	}
1064

1065
	if (read_sections(elf))
1066
		goto err;
1067

1068
	if (read_symbols(elf))
1069
		goto err;
1070

1071
	if (mark_group_syms(elf))
1072
		goto err;
1073

1074
	if (read_relocs(elf))
1075
		goto err;
1076

1077
	return elf;
1078

1079
err:
1080
	elf_close(elf);
1081
	return NULL;
1082
}
1083

1084
static int elf_add_string(struct elf *elf, struct section *strtab, char *str)
1085
{
1086
	Elf_Data *data;
1087
	Elf_Scn *s;
1088
	int len;
1089

1090
	if (!strtab)
1091
		strtab = find_section_by_name(elf, ".strtab");
1092
	if (!strtab) {
1093
		ERROR("can't find .strtab section");
1094
		return -1;
1095
	}
1096

1097
	s = elf_getscn(elf->elf, strtab->idx);
1098
	if (!s) {
1099
		ERROR_ELF("elf_getscn");
1100
		return -1;
1101
	}
1102

1103
	data = elf_newdata(s);
1104
	if (!data) {
1105
		ERROR_ELF("elf_newdata");
1106
		return -1;
1107
	}
1108

1109
	data->d_buf = str;
1110
	data->d_size = strlen(str) + 1;
1111
	data->d_align = 1;
1112

1113
	len = strtab->sh.sh_size;
1114
	strtab->sh.sh_size += data->d_size;
1115

1116
	mark_sec_changed(elf, strtab, true);
1117

1118
	return len;
1119
}
1120

1121
struct section *elf_create_section(struct elf *elf, const char *name,
1122
				   size_t entsize, unsigned int nr)
1123
{
1124
	struct section *sec, *shstrtab;
1125
	size_t size = entsize * nr;
1126
	Elf_Scn *s;
1127

1128
	sec = malloc(sizeof(*sec));
1129
	if (!sec) {
1130
		ERROR_GLIBC("malloc");
1131
		return NULL;
1132
	}
1133
	memset(sec, 0, sizeof(*sec));
1134

1135
	INIT_LIST_HEAD(&sec->symbol_list);
1136

1137
	s = elf_newscn(elf->elf);
1138
	if (!s) {
1139
		ERROR_ELF("elf_newscn");
1140
		return NULL;
1141
	}
1142

1143
	sec->name = strdup(name);
1144
	if (!sec->name) {
1145
		ERROR_GLIBC("strdup");
1146
		return NULL;
1147
	}
1148

1149
	sec->idx = elf_ndxscn(s);
1150

1151
	sec->data = elf_newdata(s);
1152
	if (!sec->data) {
1153
		ERROR_ELF("elf_newdata");
1154
		return NULL;
1155
	}
1156

1157
	sec->data->d_size = size;
1158
	sec->data->d_align = 1;
1159

1160
	if (size) {
1161
		sec->data->d_buf = malloc(size);
1162
		if (!sec->data->d_buf) {
1163
			ERROR_GLIBC("malloc");
1164
			return NULL;
1165
		}
1166
		memset(sec->data->d_buf, 0, size);
1167
	}
1168

1169
	if (!gelf_getshdr(s, &sec->sh)) {
1170
		ERROR_ELF("gelf_getshdr");
1171
		return NULL;
1172
	}
1173

1174
	sec->sh.sh_size = size;
1175
	sec->sh.sh_entsize = entsize;
1176
	sec->sh.sh_type = SHT_PROGBITS;
1177
	sec->sh.sh_addralign = 1;
1178
	sec->sh.sh_flags = SHF_ALLOC;
1179

1180
	/* Add section name to .shstrtab (or .strtab for Clang) */
1181
	shstrtab = find_section_by_name(elf, ".shstrtab");
1182
	if (!shstrtab)
1183
		shstrtab = find_section_by_name(elf, ".strtab");
1184
	if (!shstrtab) {
1185
		ERROR("can't find .shstrtab or .strtab section");
1186
		return NULL;
1187
	}
1188
	sec->sh.sh_name = elf_add_string(elf, shstrtab, sec->name);
1189
	if (sec->sh.sh_name == -1)
1190
		return NULL;
1191

1192
	list_add_tail(&sec->list, &elf->sections);
1193
	elf_hash_add(section, &sec->hash, sec->idx);
1194
	elf_hash_add(section_name, &sec->name_hash, str_hash(sec->name));
1195

1196
	mark_sec_changed(elf, sec, true);
1197

1198
	return sec;
1199
}
1200

1201
static struct section *elf_create_rela_section(struct elf *elf,
1202
					       struct section *sec,
1203
					       unsigned int reloc_nr)
1204
{
1205
	struct section *rsec;
1206
	char *rsec_name;
1207

1208
	rsec_name = malloc(strlen(sec->name) + strlen(".rela") + 1);
1209
	if (!rsec_name) {
1210
		ERROR_GLIBC("malloc");
1211
		return NULL;
1212
	}
1213
	strcpy(rsec_name, ".rela");
1214
	strcat(rsec_name, sec->name);
1215

1216
	rsec = elf_create_section(elf, rsec_name, elf_rela_size(elf), reloc_nr);
1217
	free(rsec_name);
1218
	if (!rsec)
1219
		return NULL;
1220

1221
	rsec->data->d_type = ELF_T_RELA;
1222
	rsec->sh.sh_type = SHT_RELA;
1223
	rsec->sh.sh_addralign = elf_addr_size(elf);
1224
	rsec->sh.sh_link = find_section_by_name(elf, ".symtab")->idx;
1225
	rsec->sh.sh_info = sec->idx;
1226
	rsec->sh.sh_flags = SHF_INFO_LINK;
1227

1228
	rsec->relocs = calloc(sec_num_entries(rsec), sizeof(struct reloc));
1229
	if (!rsec->relocs) {
1230
		ERROR_GLIBC("calloc");
1231
		return NULL;
1232
	}
1233

1234
	sec->rsec = rsec;
1235
	rsec->base = sec;
1236

1237
	return rsec;
1238
}
1239

1240
struct section *elf_create_section_pair(struct elf *elf, const char *name,
1241
					size_t entsize, unsigned int nr,
1242
					unsigned int reloc_nr)
1243
{
1244
	struct section *sec;
1245

1246
	sec = elf_create_section(elf, name, entsize, nr);
1247
	if (!sec)
1248
		return NULL;
1249

1250
	if (!elf_create_rela_section(elf, sec, reloc_nr))
1251
		return NULL;
1252

1253
	return sec;
1254
}
1255

1256
int elf_write_insn(struct elf *elf, struct section *sec,
1257
		   unsigned long offset, unsigned int len,
1258
		   const char *insn)
1259
{
1260
	Elf_Data *data = sec->data;
1261

1262
	if (data->d_type != ELF_T_BYTE || data->d_off) {
1263
		ERROR("write to unexpected data for section: %s", sec->name);
1264
		return -1;
1265
	}
1266

1267
	memcpy(data->d_buf + offset, insn, len);
1268

1269
	mark_sec_changed(elf, sec, true);
1270

1271
	return 0;
1272
}
1273

1274
/*
1275
 * When Elf_Scn::sh_size is smaller than the combined Elf_Data::d_size
1276
 * do you:
1277
 *
1278
 *   A) adhere to the section header and truncate the data, or
1279
 *   B) ignore the section header and write out all the data you've got?
1280
 *
1281
 * Yes, libelf sucks and we need to manually truncate if we over-allocate data.
1282
 */
1283
static int elf_truncate_section(struct elf *elf, struct section *sec)
1284
{
1285
	u64 size = sec->sh.sh_size;
1286
	bool truncated = false;
1287
	Elf_Data *data = NULL;
1288
	Elf_Scn *s;
1289

1290
	s = elf_getscn(elf->elf, sec->idx);
1291
	if (!s) {
1292
		ERROR_ELF("elf_getscn");
1293
		return -1;
1294
	}
1295

1296
	for (;;) {
1297
		/* get next data descriptor for the relevant section */
1298
		data = elf_getdata(s, data);
1299

1300
		if (!data) {
1301
			if (size) {
1302
				ERROR("end of section data but non-zero size left\n");
1303
				return -1;
1304
			}
1305
			return 0;
1306
		}
1307

1308
		if (truncated) {
1309
			/* when we remove symbols */
1310
			ERROR("truncated; but more data\n");
1311
			return -1;
1312
		}
1313

1314
		if (!data->d_size) {
1315
			ERROR("zero size data");
1316
			return -1;
1317
		}
1318

1319
		if (data->d_size > size) {
1320
			truncated = true;
1321
			data->d_size = size;
1322
		}
1323

1324
		size -= data->d_size;
1325
	}
1326
}
1327

1328
int elf_write(struct elf *elf)
1329
{
1330
	struct section *sec;
1331
	Elf_Scn *s;
1332

1333
	/* Update changed relocation sections and section headers: */
1334
	list_for_each_entry(sec, &elf->sections, list) {
1335
		if (sec->truncate)
1336
			elf_truncate_section(elf, sec);
1337

1338
		if (sec_changed(sec)) {
1339
			s = elf_getscn(elf->elf, sec->idx);
1340
			if (!s) {
1341
				ERROR_ELF("elf_getscn");
1342
				return -1;
1343
			}
1344

1345
			/* Note this also flags the section dirty */
1346
			if (!gelf_update_shdr(s, &sec->sh)) {
1347
				ERROR_ELF("gelf_update_shdr");
1348
				return -1;
1349
			}
1350

1351
			mark_sec_changed(elf, sec, false);
1352
		}
1353
	}
1354

1355
	/* Make sure the new section header entries get updated properly. */
1356
	elf_flagelf(elf->elf, ELF_C_SET, ELF_F_DIRTY);
1357

1358
	/* Write all changes to the file. */
1359
	if (elf_update(elf->elf, ELF_C_WRITE) < 0) {
1360
		ERROR_ELF("elf_update");
1361
		return -1;
1362
	}
1363

1364
	elf->changed = false;
1365

1366
	return 0;
1367
}
1368

1369
void elf_close(struct elf *elf)
1370
{
1371
	if (elf->elf)
1372
		elf_end(elf->elf);
1373

1374
	if (elf->fd > 0)
1375
		close(elf->fd);
1376

1377
	/*
1378
	 * NOTE: All remaining allocations are leaked on purpose.  Objtool is
1379
	 * about to exit anyway.
1380
	 */
1381
}
1382

1383