1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Copyright (C) 2001 Rusty Russell.
5 * Copyright (C) 2003, 2004 Ralf Baechle (ralf@linux-mips.org)
6 * Copyright (C) 2005 Thiemo Seufer
7 */
8
9 #undef DEBUG
10
11 #include <linux/extable.h>
12 #include <linux/moduleloader.h>
13 #include <linux/elf.h>
14 #include <linux/mm.h>
15 #include <linux/numa.h>
16 #include <linux/vmalloc.h>
17 #include <linux/slab.h>
18 #include <linux/fs.h>
19 #include <linux/string.h>
20 #include <linux/kernel.h>
21 #include <linux/spinlock.h>
22 #include <linux/jump_label.h>
23
24 #include <asm/pgtable.h> /* MODULE_START */
25
26 struct mips_hi16 {
27 struct mips_hi16 *next;
28 Elf_Addr *addr;
29 Elf_Addr value;
30 };
31
32 static LIST_HEAD(dbe_list);
33 static DEFINE_SPINLOCK(dbe_lock);
34
35 #ifdef MODULE_START
module_alloc(unsigned long size)36 void *module_alloc(unsigned long size)
37 {
38 return __vmalloc_node_range(size, 1, MODULE_START, MODULE_END,
39 GFP_KERNEL, PAGE_KERNEL, 0, NUMA_NO_NODE,
40 __builtin_return_address(0));
41 }
42 #endif
43
apply_r_mips_none(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)44 static int apply_r_mips_none(struct module *me, u32 *location,
45 u32 base, Elf_Addr v, bool rela)
46 {
47 return 0;
48 }
49
apply_r_mips_32(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)50 static int apply_r_mips_32(struct module *me, u32 *location,
51 u32 base, Elf_Addr v, bool rela)
52 {
53 *location = base + v;
54
55 return 0;
56 }
57
apply_r_mips_26(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)58 static int apply_r_mips_26(struct module *me, u32 *location,
59 u32 base, Elf_Addr v, bool rela)
60 {
61 if (v % 4) {
62 pr_err("module %s: dangerous R_MIPS_26 relocation\n",
63 me->name);
64 return -ENOEXEC;
65 }
66
67 if ((v & 0xf0000000) != (((unsigned long)location + 4) & 0xf0000000)) {
68 pr_err("module %s: relocation overflow\n",
69 me->name);
70 return -ENOEXEC;
71 }
72
73 *location = (*location & ~0x03ffffff) |
74 ((base + (v >> 2)) & 0x03ffffff);
75
76 return 0;
77 }
78
apply_r_mips_hi16(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)79 static int apply_r_mips_hi16(struct module *me, u32 *location,
80 u32 base, Elf_Addr v, bool rela)
81 {
82 struct mips_hi16 *n;
83
84 if (rela) {
85 *location = (*location & 0xffff0000) |
86 ((((long long) v + 0x8000LL) >> 16) & 0xffff);
87 return 0;
88 }
89
90 /*
91 * We cannot relocate this one now because we don't know the value of
92 * the carry we need to add. Save the information, and let LO16 do the
93 * actual relocation.
94 */
95 n = kmalloc(sizeof *n, GFP_KERNEL);
96 if (!n)
97 return -ENOMEM;
98
99 n->addr = (Elf_Addr *)location;
100 n->value = v;
101 n->next = me->arch.r_mips_hi16_list;
102 me->arch.r_mips_hi16_list = n;
103
104 return 0;
105 }
106
free_relocation_chain(struct mips_hi16 * l)107 static void free_relocation_chain(struct mips_hi16 *l)
108 {
109 struct mips_hi16 *next;
110
111 while (l) {
112 next = l->next;
113 kfree(l);
114 l = next;
115 }
116 }
117
apply_r_mips_lo16(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)118 static int apply_r_mips_lo16(struct module *me, u32 *location,
119 u32 base, Elf_Addr v, bool rela)
120 {
121 unsigned long insnlo = base;
122 struct mips_hi16 *l;
123 Elf_Addr val, vallo;
124
125 if (rela) {
126 *location = (*location & 0xffff0000) | (v & 0xffff);
127 return 0;
128 }
129
130 /* Sign extend the addend we extract from the lo insn. */
131 vallo = ((insnlo & 0xffff) ^ 0x8000) - 0x8000;
132
133 if (me->arch.r_mips_hi16_list != NULL) {
134 l = me->arch.r_mips_hi16_list;
135 while (l != NULL) {
136 struct mips_hi16 *next;
137 unsigned long insn;
138
139 /*
140 * The value for the HI16 had best be the same.
141 */
142 if (v != l->value)
143 goto out_danger;
144
145 /*
146 * Do the HI16 relocation. Note that we actually don't
147 * need to know anything about the LO16 itself, except
148 * where to find the low 16 bits of the addend needed
149 * by the LO16.
150 */
151 insn = *l->addr;
152 val = ((insn & 0xffff) << 16) + vallo;
153 val += v;
154
155 /*
156 * Account for the sign extension that will happen in
157 * the low bits.
158 */
159 val = ((val >> 16) + ((val & 0x8000) != 0)) & 0xffff;
160
161 insn = (insn & ~0xffff) | val;
162 *l->addr = insn;
163
164 next = l->next;
165 kfree(l);
166 l = next;
167 }
168
169 me->arch.r_mips_hi16_list = NULL;
170 }
171
172 /*
173 * Ok, we're done with the HI16 relocs. Now deal with the LO16.
174 */
175 val = v + vallo;
176 insnlo = (insnlo & ~0xffff) | (val & 0xffff);
177 *location = insnlo;
178
179 return 0;
180
181 out_danger:
182 free_relocation_chain(l);
183 me->arch.r_mips_hi16_list = NULL;
184
185 pr_err("module %s: dangerous R_MIPS_LO16 relocation\n", me->name);
186
187 return -ENOEXEC;
188 }
189
apply_r_mips_pc(struct module * me,u32 * location,u32 base,Elf_Addr v,unsigned int bits)190 static int apply_r_mips_pc(struct module *me, u32 *location, u32 base,
191 Elf_Addr v, unsigned int bits)
192 {
193 unsigned long mask = GENMASK(bits - 1, 0);
194 unsigned long se_bits;
195 long offset;
196
197 if (v % 4) {
198 pr_err("module %s: dangerous R_MIPS_PC%u relocation\n",
199 me->name, bits);
200 return -ENOEXEC;
201 }
202
203 /* retrieve & sign extend implicit addend if any */
204 offset = base & mask;
205 offset |= (offset & BIT(bits - 1)) ? ~mask : 0;
206
207 offset += ((long)v - (long)location) >> 2;
208
209 /* check the sign bit onwards are identical - ie. we didn't overflow */
210 se_bits = (offset & BIT(bits - 1)) ? ~0ul : 0;
211 if ((offset & ~mask) != (se_bits & ~mask)) {
212 pr_err("module %s: relocation overflow\n", me->name);
213 return -ENOEXEC;
214 }
215
216 *location = (*location & ~mask) | (offset & mask);
217
218 return 0;
219 }
220
apply_r_mips_pc16(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)221 static int apply_r_mips_pc16(struct module *me, u32 *location,
222 u32 base, Elf_Addr v, bool rela)
223 {
224 return apply_r_mips_pc(me, location, base, v, 16);
225 }
226
apply_r_mips_pc21(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)227 static int apply_r_mips_pc21(struct module *me, u32 *location,
228 u32 base, Elf_Addr v, bool rela)
229 {
230 return apply_r_mips_pc(me, location, base, v, 21);
231 }
232
apply_r_mips_pc26(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)233 static int apply_r_mips_pc26(struct module *me, u32 *location,
234 u32 base, Elf_Addr v, bool rela)
235 {
236 return apply_r_mips_pc(me, location, base, v, 26);
237 }
238
apply_r_mips_64(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)239 static int apply_r_mips_64(struct module *me, u32 *location,
240 u32 base, Elf_Addr v, bool rela)
241 {
242 if (WARN_ON(!rela))
243 return -EINVAL;
244
245 *(Elf_Addr *)location = v;
246
247 return 0;
248 }
249
apply_r_mips_higher(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)250 static int apply_r_mips_higher(struct module *me, u32 *location,
251 u32 base, Elf_Addr v, bool rela)
252 {
253 if (WARN_ON(!rela))
254 return -EINVAL;
255
256 *location = (*location & 0xffff0000) |
257 ((((long long)v + 0x80008000LL) >> 32) & 0xffff);
258
259 return 0;
260 }
261
apply_r_mips_highest(struct module * me,u32 * location,u32 base,Elf_Addr v,bool rela)262 static int apply_r_mips_highest(struct module *me, u32 *location,
263 u32 base, Elf_Addr v, bool rela)
264 {
265 if (WARN_ON(!rela))
266 return -EINVAL;
267
268 *location = (*location & 0xffff0000) |
269 ((((long long)v + 0x800080008000LL) >> 48) & 0xffff);
270
271 return 0;
272 }
273
274 /**
275 * reloc_handler() - Apply a particular relocation to a module
276 * @me: the module to apply the reloc to
277 * @location: the address at which the reloc is to be applied
278 * @base: the existing value at location for REL-style; 0 for RELA-style
279 * @v: the value of the reloc, with addend for RELA-style
280 *
281 * Each implemented reloc_handler function applies a particular type of
282 * relocation to the module @me. Relocs that may be found in either REL or RELA
283 * variants can be handled by making use of the @base & @v parameters which are
284 * set to values which abstract the difference away from the particular reloc
285 * implementations.
286 *
287 * Return: 0 upon success, else -ERRNO
288 */
289 typedef int (*reloc_handler)(struct module *me, u32 *location,
290 u32 base, Elf_Addr v, bool rela);
291
292 /* The handlers for known reloc types */
293 static reloc_handler reloc_handlers[] = {
294 [R_MIPS_NONE] = apply_r_mips_none,
295 [R_MIPS_32] = apply_r_mips_32,
296 [R_MIPS_26] = apply_r_mips_26,
297 [R_MIPS_HI16] = apply_r_mips_hi16,
298 [R_MIPS_LO16] = apply_r_mips_lo16,
299 [R_MIPS_PC16] = apply_r_mips_pc16,
300 [R_MIPS_64] = apply_r_mips_64,
301 [R_MIPS_HIGHER] = apply_r_mips_higher,
302 [R_MIPS_HIGHEST] = apply_r_mips_highest,
303 [R_MIPS_PC21_S2] = apply_r_mips_pc21,
304 [R_MIPS_PC26_S2] = apply_r_mips_pc26,
305 };
306
__apply_relocate(Elf_Shdr * sechdrs,const char * strtab,unsigned int symindex,unsigned int relsec,struct module * me,bool rela)307 static int __apply_relocate(Elf_Shdr *sechdrs, const char *strtab,
308 unsigned int symindex, unsigned int relsec,
309 struct module *me, bool rela)
310 {
311 union {
312 Elf_Mips_Rel *rel;
313 Elf_Mips_Rela *rela;
314 } r;
315 reloc_handler handler;
316 Elf_Sym *sym;
317 u32 *location, base;
318 unsigned int i, type;
319 Elf_Addr v;
320 int err = 0;
321 size_t reloc_sz;
322
323 pr_debug("Applying relocate section %u to %u\n", relsec,
324 sechdrs[relsec].sh_info);
325
326 r.rel = (void *)sechdrs[relsec].sh_addr;
327 reloc_sz = rela ? sizeof(*r.rela) : sizeof(*r.rel);
328 me->arch.r_mips_hi16_list = NULL;
329 for (i = 0; i < sechdrs[relsec].sh_size / reloc_sz; i++) {
330 /* This is where to make the change */
331 location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
332 + r.rel->r_offset;
333 /* This is the symbol it is referring to */
334 sym = (Elf_Sym *)sechdrs[symindex].sh_addr
335 + ELF_MIPS_R_SYM(*r.rel);
336 if (sym->st_value >= -MAX_ERRNO) {
337 /* Ignore unresolved weak symbol */
338 if (ELF_ST_BIND(sym->st_info) == STB_WEAK)
339 continue;
340 pr_warn("%s: Unknown symbol %s\n",
341 me->name, strtab + sym->st_name);
342 err = -ENOENT;
343 goto out;
344 }
345
346 type = ELF_MIPS_R_TYPE(*r.rel);
347 if (type < ARRAY_SIZE(reloc_handlers))
348 handler = reloc_handlers[type];
349 else
350 handler = NULL;
351
352 if (!handler) {
353 pr_err("%s: Unknown relocation type %u\n",
354 me->name, type);
355 err = -EINVAL;
356 goto out;
357 }
358
359 if (rela) {
360 v = sym->st_value + r.rela->r_addend;
361 base = 0;
362 r.rela = &r.rela[1];
363 } else {
364 v = sym->st_value;
365 base = *location;
366 r.rel = &r.rel[1];
367 }
368
369 err = handler(me, location, base, v, rela);
370 if (err)
371 goto out;
372 }
373
374 out:
375 /*
376 * Normally the hi16 list should be deallocated at this point. A
377 * malformed binary however could contain a series of R_MIPS_HI16
378 * relocations not followed by a R_MIPS_LO16 relocation, or if we hit
379 * an error processing a reloc we might have gotten here before
380 * reaching the R_MIPS_LO16. In either case, free up the list and
381 * return an error.
382 */
383 if (me->arch.r_mips_hi16_list) {
384 free_relocation_chain(me->arch.r_mips_hi16_list);
385 me->arch.r_mips_hi16_list = NULL;
386 err = err ?: -ENOEXEC;
387 }
388
389 return err;
390 }
391
apply_relocate(Elf_Shdr * sechdrs,const char * strtab,unsigned int symindex,unsigned int relsec,struct module * me)392 int apply_relocate(Elf_Shdr *sechdrs, const char *strtab,
393 unsigned int symindex, unsigned int relsec,
394 struct module *me)
395 {
396 return __apply_relocate(sechdrs, strtab, symindex, relsec, me, false);
397 }
398
399 #ifdef CONFIG_MODULES_USE_ELF_RELA
apply_relocate_add(Elf_Shdr * sechdrs,const char * strtab,unsigned int symindex,unsigned int relsec,struct module * me)400 int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab,
401 unsigned int symindex, unsigned int relsec,
402 struct module *me)
403 {
404 return __apply_relocate(sechdrs, strtab, symindex, relsec, me, true);
405 }
406 #endif /* CONFIG_MODULES_USE_ELF_RELA */
407
408 /* Given an address, look for it in the module exception tables. */
search_module_dbetables(unsigned long addr)409 const struct exception_table_entry *search_module_dbetables(unsigned long addr)
410 {
411 unsigned long flags;
412 const struct exception_table_entry *e = NULL;
413 struct mod_arch_specific *dbe;
414
415 spin_lock_irqsave(&dbe_lock, flags);
416 list_for_each_entry(dbe, &dbe_list, dbe_list) {
417 e = search_extable(dbe->dbe_start,
418 dbe->dbe_end - dbe->dbe_start, addr);
419 if (e)
420 break;
421 }
422 spin_unlock_irqrestore(&dbe_lock, flags);
423
424 /* Now, if we found one, we are running inside it now, hence
425 we cannot unload the module, hence no refcnt needed. */
426 return e;
427 }
428
429 /* Put in dbe list if necessary. */
module_finalize(const Elf_Ehdr * hdr,const Elf_Shdr * sechdrs,struct module * me)430 int module_finalize(const Elf_Ehdr *hdr,
431 const Elf_Shdr *sechdrs,
432 struct module *me)
433 {
434 const Elf_Shdr *s;
435 char *secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;
436
437 /* Make jump label nops. */
438 jump_label_apply_nops(me);
439
440 INIT_LIST_HEAD(&me->arch.dbe_list);
441 for (s = sechdrs; s < sechdrs + hdr->e_shnum; s++) {
442 if (strcmp("__dbe_table", secstrings + s->sh_name) != 0)
443 continue;
444 me->arch.dbe_start = (void *)s->sh_addr;
445 me->arch.dbe_end = (void *)s->sh_addr + s->sh_size;
446 spin_lock_irq(&dbe_lock);
447 list_add(&me->arch.dbe_list, &dbe_list);
448 spin_unlock_irq(&dbe_lock);
449 }
450 return 0;
451 }
452
module_arch_cleanup(struct module * mod)453 void module_arch_cleanup(struct module *mod)
454 {
455 spin_lock_irq(&dbe_lock);
456 list_del(&mod->arch.dbe_list);
457 spin_unlock_irq(&dbe_lock);
458 }
459