[coreboot] [PATCH] v3: section correctness checker

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Thu Aug 21 04:22:55 CEST 2008


Hi Ron,

you're going to like this checker.
Remember when MSR name printing in initram blew up and you had to
disable it? My checker found the real bug. We discarded the strings in
our linker script because they were in a special section, however, this
would have blown up even if we hand not discarded them because
relocations for an array of strings are needed.

On 20.08.2008 18:46, Carl-Daniel Hailfinger wrote:
> On 20.08.2008 17:49, Stefan Reinauer wrote:
>   
>> Carl-Daniel Hailfinger wrote:
>>   
>>     
>>> On 20.08.2008 15:33, Carl-Daniel Hailfinger wrote:
>>>   
>>>     
>>>       
>>>> v3 does not handle .data and .bss sections in stage1 and initram. We
>>>> simply hope they are unused/empty and will get runtime
>>>> crashes/corruption/malfunction if they are not empty.
>>>>
>>>> Check for the emptiness of these sections and abort the build on error.
>>>> This triggers on all stage1/initram global variables which are not
>>>> declared the right way.
>>>>
>>>> This found a long-standing bug introduced in r729 and fixed in r576.
>>>> It also breaks the build of every Geode target in the v3 tree because
>>>> they have multiple bugs. And it breaks the build of the K8 code because
>>>> of a bug there.
>>>>
>>>> Tested for all possible variations of .data and .bss usage.
>>>>
>>>> Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
>>>>   
>>>>     
>>>>       
>>>>         
>>> Better checker follows. It does not only tell you the name of the object
>>> file with the bug, it even gives you the variable name which caused the bug:
>>>   CHECK   initram (non-empty .data sections)
>>> /sources/tmptrees/corebootv3-check_illegal_global_vars/build/coreboot.initram_partiallylinked.o:
>>> first_time.3526
>>> make: ***
>>> [/sources/tmptrees/corebootv3-check_illegal_global_vars/build/coreboot.initram]
>>> Error 1
>>>
>>> Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
>>>   
>>>     
>>>       
>> Hm.. should we pack this into a small shell script (similar to xcompile) ?
>> Duplicating (almost) the same code 4 times is a bit ugly.
>>
>> Also,  please use $(OBJDUMP), as on any cross compiling system objdump
>> will not be there, or for a different architecture.
>>   
>>     
>
> Script follows. It will be called with the correct $(OBJDUMP). What do
> you think?
>
> Regards,
> Carl-Daniel
>
> Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
>   

The makefile integration needs to substitute readelf and objdump in the
call with variables.

This is my totally rewritten and perfect(TM) checker.
- It doesn't only check for non-empty .data and .bss, but also for
unknown sections which would be a problem.
- It gives you the offending filename, the section and the variable name.
- It won't stop after the first error and will tell you about all errors
for a given file list.

Sample output follows:
  CC      build/coreboot.initram (XIP)
  CHECK   initram (non-empty writable/allocatable sections)
build/coreboot.initram_partiallylinked.o: section .data: foo1
build/coreboot.initram_partiallylinked.o: section .bss: foo2
build/coreboot.initram_partiallylinked.o: section .data.rel.ro.local:
msrnames.2746
make: ***
[/sources/tmptrees/corebootv3-check_illegal_global_vars/build/coreboot.initram]Error
1

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>

Index: corebootv3-check_illegal_global_vars/util/sectionchecker/sectionchecker
===================================================================
--- corebootv3-check_illegal_global_vars/util/sectionchecker/sectionchecker	(revision 0)
+++ corebootv3-check_illegal_global_vars/util/sectionchecker/sectionchecker	(revision 0)
@@ -0,0 +1,58 @@
+#!/bin/bash
+#
+# This file is part of the coreboot project.
+#
+# Copyright (C) 2008 Carl-Daniel Hailfinger
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+#
+#
+# This program checks whether a given list of files ($3+) has any writable
+# and allocatable non-empty sections. If so, the name of the file, the name of
+# the section and the symbols in that section are printed and an error is
+# returned.
+#
+# This is extremely useful for stage1 and initram correctness because
+# the .data* and .bss sections are silently dropped. All accesses there
+# would wreak havoc (silent discard of writes or silent corruption of
+# unspecified memory or cache).
+#
+# The string parsing used here heavily depends on the textual form of
+# GNU objdump output and on the instruction architecture of the files.
+
+LANG=C
+OBJDUMP=$1
+READELF=$2
+shift 2
+for a in $*; do
+	# Look for sections which have WRITE and ALLOC flags set.
+	$READELF -St $a|
+		grep -B2 "WRITE.*ALLOC"|
+		grep -B1 "^ \+[[:alnum:]]\+ \+[0-9a-f]\+ \+[0-9a-f]\+ \+0*[1-9a-f]"|
+		grep "^ \+\[ *[0-9]\+"|
+		cut -f 2 -d"]"|
+		sed "s/^[[:blank:]]*//"|
+		while read b; do
+			echo -n "$a: section $b: "
+			$OBJDUMP -t --section=$b $a|
+				grep -i "^[0-9a-f]\{8\}"|
+				grep -v "00000000 [^ ]\+$"|
+				sed "s/.* //"|
+				xargs echo
+		done
+done|
+	grep ""
+
+# Invert the result
+test $? -ne 0
Index: corebootv3-check_illegal_global_vars/arch/x86/Makefile
===================================================================
--- corebootv3-check_illegal_global_vars/arch/x86/Makefile	(revision 790)
+++ corebootv3-check_illegal_global_vars/arch/x86/Makefile	(working copy)
@@ -143,6 +143,10 @@
 	$(Q)# 0x4000 - 0x100, we will end up with a 4 gig file.
 	$(Q)# I wonder if that behavior is on purpose.
 
+	$(Q)# .data and .bss must be empty because they aren't handled
+	$(Q)printf "  CHECK   stage0 (non-empty writable/allocatable sections)\n"
+	$(Q)./util/sectionchecker/sectionchecker objdump readelf $(STAGE0_OBJ)
+
 	$(Q)# Note: we invoke gcc (instead of ld directly) here, as we hit
 	$(Q)# strange problems in the past. It seems that only gcc knows how
 	$(Q)# to properly invoke ld.
@@ -264,6 +268,11 @@
 $(obj)/coreboot.initram $(obj)/coreboot.initram.map: $(obj)/stage0.init $(obj)/stage0-prefixed.o $(INITRAM_SRC)
 	$(Q)printf "  CC      $(subst $(shell pwd)/,,$(@)) (XIP)\n"
 	$(Q)$(CC) $(INITCFLAGS) -fPIE -c -combine $(INITRAM_SRC) -o $(obj)/coreboot.initram_partiallylinked.o
+
+	$(Q)# .data and .bss must be empty because they aren't handled
+	$(Q)printf "  CHECK   initram (non-empty writable/allocatable sections)\n"
+	$(Q)./util/sectionchecker/sectionchecker objdump readelf $(obj)/coreboot.initram_partiallylinked.o
+
 	$(Q)printf "  WRAP    $(subst $(shell pwd)/,,$(@)) (PIC->non-PIC)\n"
 	$(Q)$(NM) --undefined-only $(obj)/coreboot.initram_partiallylinked.o |\
 		grep -v _GLOBAL_OFFSET_TABLE_ | grep " U " | sed "s/^ *U //" |\


-- 
http://www.hailfinger.org/





More information about the coreboot mailing list