diff options
| -rw-r--r-- | exception_lists/check_rtime | 53 | ||||
| -rw-r--r-- | usr/src/tools/scripts/check_rtime.1onbld | 18 | ||||
| -rw-r--r-- | usr/src/tools/scripts/check_rtime.pl | 106 | ||||
| -rw-r--r-- | usr/src/tools/scripts/find_elf.1onbld | 12 | ||||
| -rw-r--r-- | usr/src/tools/scripts/find_elf.pl | 12 |
5 files changed, 141 insertions, 60 deletions
diff --git a/exception_lists/check_rtime b/exception_lists/check_rtime index 13a07c417b..fd343dc5a6 100644 --- a/exception_lists/check_rtime +++ b/exception_lists/check_rtime @@ -285,3 +285,56 @@ NO_COMMENT ^usr/lib/raidcfg/sparcv9/mpt\.so\.1 NO_COMMENT ^usr/lib/sparcv9/libike\.so\.1 NO_COMMENT ^usr/sbin/chk_encodings NO_COMMENT ^usr/xpg4/bin/more +NO_COMMENT ^kernel/drv/amd64/acpi_toshiba +NO_COMMENT ^kernel/drv/amd64/adpu320 +NO_COMMENT ^kernel/drv/amd64/atiatom +NO_COMMENT ^kernel/drv/amd64/bcm_sata +NO_COMMENT ^kernel/drv/amd64/glm +NO_COMMENT ^kernel/drv/amd64/intel_nhmex +NO_COMMENT ^kernel/drv/amd64/ixgb +NO_COMMENT ^kernel/drv/amd64/lsimega +NO_COMMENT ^kernel/drv/amd64/marvell88sx +NO_COMMENT ^kernel/drv/amd64/mpt +NO_COMMENT ^kernel/drv/amd64/sdpib +NO_COMMENT ^kernel/drv/amd64/usbser_edge +NO_COMMENT ^kernel/kmdb/amd64/mpt +NO_COMMENT ^kernel/kmdb/amd64/nfs +NO_COMMENT ^kernel/misc/scsi_vhci/amd64/scsi_vhci_f_asym_emc +NO_COMMENT ^kernel/misc/scsi_vhci/amd64/scsi_vhci_f_asym_lsi +NO_COMMENT ^kernel/misc/scsi_vhci/amd64/scsi_vhci_f_sym_emc +NO_COMMENT ^kernel/strmod/amd64/sdpib +NO_COMMENT ^platform/i86pc/kernel/cpu/amd64/cpu_ms\.GenuineIntel\.6\.46 +NO_COMMENT ^platform/i86pc/kernel/cpu/amd64/cpu_ms\.GenuineIntel\.6\.47 + +# ath contains a binary HAL component which contains an incorrect .comment +# section and has a license which forbids modification. +NO_COMMENT ^kernel/drv/amd64/ath + +# mdb standalone library versions which are neither delivered nor are real +# shared objects +NO_COMMENT ^usr/lib/amd64/libstanddisasm\.so +NO_COMMENT ^usr/lib/amd64/libstandsaveargs\.so +NO_COMMENT ^usr/lib/amd64/libstanddisasm\.so +NO_COMMENT ^usr/lib/libstanddisasm\.so + +# closed binaries predate -ztype=kmod +NOT_KMOD ^kernel/drv/amd64/acpi_toshiba +NOT_KMOD ^kernel/drv/amd64/adpu320 +NOT_KMOD ^kernel/drv/amd64/atiatom +NOT_KMOD ^kernel/drv/amd64/bcm_sata +NOT_KMOD ^kernel/drv/amd64/glm +NOT_KMOD ^kernel/drv/amd64/intel_nhmex +NOT_KMOD ^kernel/drv/amd64/ixgb +NOT_KMOD ^kernel/drv/amd64/lsimega +NOT_KMOD ^kernel/drv/amd64/marvell88sx +NOT_KMOD ^kernel/drv/amd64/mpt +NOT_KMOD ^kernel/drv/amd64/sdpib +NOT_KMOD ^kernel/drv/amd64/usbser_edge +NOT_KMOD ^kernel/kmdb/amd64/mpt +NOT_KMOD ^kernel/kmdb/amd64/nfs +NOT_KMOD ^kernel/misc/scsi_vhci/amd64/scsi_vhci_f_asym_emc +NOT_KMOD ^kernel/misc/scsi_vhci/amd64/scsi_vhci_f_asym_lsi +NOT_KMOD ^kernel/misc/scsi_vhci/amd64/scsi_vhci_f_sym_emc +NOT_KMOD ^kernel/strmod/amd64/sdpib +NOT_KMOD ^platform/i86pc/kernel/cpu/amd64/cpu_ms\.GenuineIntel\.6\.46 +NOT_KMOD ^platform/i86pc/kernel/cpu/amd64/cpu_ms\.GenuineIntel\.6\.47 diff --git a/usr/src/tools/scripts/check_rtime.1onbld b/usr/src/tools/scripts/check_rtime.1onbld index e6825361ca..a965f98cde 100644 --- a/usr/src/tools/scripts/check_rtime.1onbld +++ b/usr/src/tools/scripts/check_rtime.1onbld @@ -19,7 +19,7 @@ .\" .\" CDDL HEADER END .\" -.Dd February 3, 2020 +.Dd December 3, 2021 .Dt CHECK_RTIME 1ONBLD .Os .Sh NAME @@ -55,13 +55,13 @@ is typically called from when the .Fl r option is in effect. -In this case the dynamic objects under +In this case the objects under the associated .Em proto area .Pq Ev $ROOT are checked. .Nm check_rtime -can also be run standalone against any set of dynamic objects. +can also be run standalone against any set of objects. .Pp .Nm check_rtime uses @@ -427,6 +427,14 @@ Changes to the symbols defined by an object, or the versions they belong to, do not necessarily indicate an error condition, but provides information that is often useful for gatekeepers to track changes in a release. +.Pp +.Nm check_rtime +uses +.Xr elfedit 1 +to verify that relocatable objects which seem likely to be kernel modules were +linked with the +.Fl z Ar type=kmod +flag. .Sh OPTIONS The following options are supported: .Bl -tag -width indent @@ -572,6 +580,10 @@ Executables that are not required to have non-executable writable data segments .It EXEC_STACK Executables that are not required to have a non-executable stack +.It KMOD +Objects that looks like kernel modules but don't have to be linked with the +.Fl z Ar type=kmod +flag. .It NOCRLEALT Objects that should be skipped when building the alternative dependency mapping via the diff --git a/usr/src/tools/scripts/check_rtime.pl b/usr/src/tools/scripts/check_rtime.pl index ebd49a79bb..12d805675f 100644 --- a/usr/src/tools/scripts/check_rtime.pl +++ b/usr/src/tools/scripts/check_rtime.pl @@ -28,10 +28,10 @@ # # Check ELF information. # -# This script descends a directory hierarchy inspecting ELF dynamic executables -# and shared objects. The general theme is to verify that common Makefile rules -# have been used to build these objects. Typical failures occur when Makefile -# rules are re-invented rather than being inherited from "cmd/lib" Makefiles. +# This script descends a directory hierarchy inspecting ELF objects. The +# general theme is to verify that common Makefile rules have been used to +# build these objects. Typical failures occur when Makefile rules are +# re-invented rather than being inherited from "cmd/lib" Makefiles. # # As always, a number of components don't follow the rules, and these are # excluded to reduce this scripts output. @@ -103,6 +103,10 @@ use vars qw($ErrFH $ErrTtl $InfoFH $InfoTtl $OutCnt1 $OutCnt2); # FORBIDDEN # Objects to which nobody not excepted with FORBIDDEN_DEP may link # +# NOT_KMOD +# Objects that we think should be linked with -ztype=kmod but are +# allowed to not be. +# # NOCRLEALT # Objects that should be skipped by AltObjectConfig() when building # the crle script that maps objects to the proto area. @@ -148,7 +152,7 @@ use vars qw($EXRE_exec_data $EXRE_exec_stack $EXRE_nocrlealt); use vars qw($EXRE_nodirect $EXRE_nosymsort $EXRE_forbidden_dep $EXRE_forbidden); use vars qw($EXRE_olddep $EXRE_skip $EXRE_stab $EXRE_textrel $EXRE_undef_ref); use vars qw($EXRE_unref_obj $EXRE_unused_deps $EXRE_unused_obj); -use vars qw($EXRE_unused_rpath $EXRE_no_comment); +use vars qw($EXRE_unused_rpath $EXRE_no_comment $EXRE_not_kmod); use strict; use Getopt::Std; @@ -184,10 +188,7 @@ sub ProcFile { my(@Elf, @Ldd, $Dyn, $Sym, $Stack); my($Sun, $Relsz, $Pltsz, $Tex, $Stab, $Strip, $Lddopt, $SymSort); my($Val, $Header, $IsX86, $RWX, $UnDep); - my($HasDirectBinding); - - # Only look at executables and sharable objects - return if ($Type ne 'EXEC') && ($Type ne 'DYN'); + my($HasDirectBinding, $HasKMOD); # Ignore symbolic links return if -l $FullPath; @@ -215,7 +216,8 @@ sub ProcFile { # shared object. @Elf = split(/\n/, `elfdump -epdcy $FullPath 2>&1`); - $Dyn = $Stack = $IsX86 = $RWX = 0; + $Dyn = $Stack = $IsX86 = $RWX = $HasKMOD = 0; + $Header = 'None'; foreach my $Line (@Elf) { # If we have an invalid file type (which we can tell from the @@ -240,7 +242,7 @@ sub ProcFile { if ($Line =~ /^Dynamic Section/) { # A dynamic section indicates we're a dynamic object - # (this makes sure we don't check static executables). + $Header = 'Dyn'; $Dyn = 1; next; } @@ -275,15 +277,20 @@ sub ProcFile { $Stack = 1; next; } + + if (($Header eq 'Dyn') && ($Line =~ /SUNW_KMOD/)) { + $HasKMOD = 1; + next; + } } - # Determine whether this ELF executable or shared object has a - # conforming mcs(1) comment section. If the correct $(POST_PROCESS) - # macros are used, only a 3 or 4 line .comment section should exist - # containing one or two "@(#)illumos" identifying comments (one comment - # for a non-debug build, and two for a debug build). The results of - # the following split should be three or four lines, the last empty - # line being discarded by the split. + # Determine whether this ELF object has a conforming mcs(1) comment + # section. If the correct $(POST_PROCESS) macros are used, only a 3 + # or 4 line .comment section should exist containing one or two + # "@(#)illumos" identifying comments (one comment for a non-debug + # build, and two for a debug build). The results of the following + # split should be three or four lines, the last empty line being + # discarded by the split. if ($opt{m} && (!defined($EXRE_no_comment) || ($RelPath !~ $EXRE_no_comment))) { my(@Mcs, $Con, $Dev); @@ -324,15 +331,9 @@ sub ProcFile { "non-executable stack required\t<no -Mmapfile_noexstk?>"); } - # Having caught any static executables in the mcs(1) check and non- - # executable stack definition check, continue with dynamic objects - # from now on. - if ($Dyn eq 0) { - return; - } - - # Use ldd unless its a 64-bit object and we lack the hardware. - if (($Class == 32) || $Ena64) { + # Use ldd on dynamic objects unless it's a 64-bit object and we lack + # the hardware. + if (($Type ne 'REL') && (($Class == 32) || $Ena64)) { my $LDDFullPath = $FullPath; if ($Secure) { @@ -343,7 +344,7 @@ sub ProcFile { # being investigated to a safe place first. In addition # remove its secure permission so that it can be # influenced by any alternative dependency mappings. - + my $File = $RelPath; $File =~ s!^.*/!!; # basename @@ -401,7 +402,8 @@ sub ProcFile { # Historically, ldd(1) likes executable objects to have # their execute bit set. - if ($Line =~ /not executable/) { + if (($Type eq 'EXEC' || $Type eq 'DYN' || + $HasKMOD == 1) && (!(-x $FullPath))) { onbld_elfmod::OutMsg($ErrFH, $ErrTtl, $RelPath, "is not executable"); next; @@ -411,7 +413,7 @@ sub ProcFile { # Look for "file" or "versions" that aren't found. Note that # these lines will occur before we find any symbol referencing # errors. - if (($Sym == 5) && ($Line =~ /not found\)/)) { + if (($Type ne 'REL') && ($Sym == 5) && ($Line =~ /not found\)/)) { if ($Line =~ /file not found\)/) { $Line =~ s/$/\t<no -zdefs?>/; } @@ -421,7 +423,7 @@ sub ProcFile { # Look for relocations whose symbols can't be found. Note, we # only print out the first 5 relocations for any file as this # output can be excessive. - if ($Sym && ($Line =~ /symbol not found/)) { + if (($Type ne 'REL') && $Sym && ($Line =~ /symbol not found/)) { # Determine if this file is allowed undefined # references. if (($Sym == 5) && defined($EXRE_undef_ref) && @@ -451,7 +453,7 @@ sub ProcFile { onbld_elfmod::OutMsg($ErrFH, $ErrTtl, $RelPath, $Line); next; } - + # Look for unreferenced dependencies. Note, if any unreferenced # objects are ignored, then set $UnDep so as to suppress any # associated unused-object messages. @@ -491,6 +493,7 @@ sub ProcFile { $Sun = $Relsz = $Pltsz = $Dyn = $Stab = $SymSort = 0; $Tex = $Strip = 1; $HasDirectBinding = 0; + $HasKMOD = 0; $Header = 'None'; ELF: foreach my $Line (@Elf) { @@ -549,7 +552,7 @@ ELF: foreach my $Line (@Elf) { } # Does this object contain text relocations. - if ($Tex && ($Line =~ /TEXTREL/)) { + if ($Tex && ($Type ne 'REL') && ($Line =~ /TEXTREL/)) { # Determine if this file is allowed text relocations. if (defined($EXRE_textrel) && ($RelPath =~ $EXRE_textrel)) { @@ -588,11 +591,11 @@ ELF: foreach my $Line (@Elf) { onbld_elfmod::OutMsg($ErrFH, $ErrTtl, $RelPath, "NEEDED=$Need\t<dependency no " . "longer necessary>"); - } elsif ((defined($EXRE_forbidden) && + } elsif ((defined($EXRE_forbidden) && ($Need =~ $EXRE_forbidden)) && - (!defined($EXRE_forbidden_dep) || + (!defined($EXRE_forbidden_dep) || ($FullPath !~ $EXRE_forbidden_dep))) { - onbld_elfmod::OutMsg($ErrFH, $ErrTtl, $RelPath, + onbld_elfmod::OutMsg($ErrFH, $ErrTtl, $RelPath, "NEEDED=$Need\t<forbidden dependency, " . "missing -nodefaultlibs?>"); } elsif ($opt{i}) { @@ -600,7 +603,7 @@ ELF: foreach my $Line (@Elf) { # any useful dynamic entries. onbld_elfmod::OutMsg($InfoFH, $InfoTtl, $RelPath, "NEEDED=$Need"); - } + } next; } @@ -609,6 +612,10 @@ ELF: foreach my $Line (@Elf) { $HasDirectBinding = 1; } + if (($Header eq 'Dyn') && ($Line =~ /SUNW_KMOD/)) { + $HasKMOD = 1; + } + # Does this object specify a runpath. if ($opt{i} && ($Line =~ /RPATH/)) { my($Rpath) = (split(' ', $Line))[3]; @@ -625,6 +632,15 @@ ELF: foreach my $Line (@Elf) { ".SUNW_reloc section missing\t\t<no -zcombreloc?>"); } + # A probable kernel module should be tagged + if (($Type eq 'REL') && ($RelPath =~ qr{(^|/)kernel/}) && + ($HasKMOD == 0)) { + if (!defined($EXRE_not_kmod) || ($RelPath !~ $EXRE_not_kmod)) { + onbld_elfmod::OutMsg($ErrFH, $ErrTtl, $RelPath, + "kernel object should be linked -ztype=kmod"); + } + } + # No objects released to a customer should have any .stabs sections # remaining, they should be stripped. if ($opt{s} && $Stab) { @@ -703,7 +719,7 @@ sub ProcSymSort { my $secname; while ($line = <SORT>) { chomp $line; - + next if ($line eq ''); # If this is a header line, pick up the section name @@ -726,9 +742,9 @@ sub ProcSymSort { # Process symbol line my @fields = split /\s+/, $line; - my $new_addr = $fields[2]; + my $new_addr = $fields[2]; my $new_type = $fields[8]; - my $new_name = $fields[9]; + my $new_name = $fields[9]; if ($new_type eq 'UNDEF') { onbld_elfmod::OutMsg($ErrFH, $ErrTtl, $RelPath, @@ -743,13 +759,13 @@ sub ProcSymSort { ProcSymSortOutMsg($RelPath, $secname, $last_addr, @dups) if (scalar(@dups) > 1); @dups = ( $new_name ); - $last_addr = $new_addr; + $last_addr = $new_addr; } } ProcSymSortOutMsg($RelPath, $secname, $last_addr, @dups) if (scalar(@dups) > 1); - + close SORT; } @@ -814,13 +830,13 @@ sub ProcVerdef { onbld_elfmod::OutMsg($InfoFH, $InfoTtl, $RelPath, "VERSION=$ver"); $cur_ver = $ver; - } + } onbld_elfmod::OutMsg($InfoFH, $InfoTtl, $RelPath, "SYMBOL=$sym"); } } } - + close PVS; } @@ -1031,7 +1047,7 @@ LINE: # ----------------------------------------------------------------------------- -# This script relies on ldd returning output reflecting only the binary +# This script relies on ldd returning output reflecting only the binary # contents. But if LD_PRELOAD* environment variables are present, libraries # named by them will also appear in the output, disrupting our analysis. # So, before we get too far, scrub the environment. diff --git a/usr/src/tools/scripts/find_elf.1onbld b/usr/src/tools/scripts/find_elf.1onbld index a2d3b205ee..ac578ea9df 100644 --- a/usr/src/tools/scripts/find_elf.1onbld +++ b/usr/src/tools/scripts/find_elf.1onbld @@ -19,18 +19,17 @@ .\" .\" CDDL HEADER END .\" -.TH FIND_ELF 1ONBLD "Mar 25, 2010" +.TH FIND_ELF 1ONBLD "December 3, 2021" .SH NAME -find_elf \- Locate ELF shared objects and executables +find_elf \- Locate ELF objects .SH SYNOPSIS \fBfind_elf [-afrs] path\fP .SH DESCRIPTION The .I find_elf command descends a directory hierarchy and produces one line -of output on stdout for each ELF executable or shared object found. +of output on stdout for each ELF object found. .SH OPTIONS -.LP The following options are supported: .TP 4 .B \-a @@ -54,7 +53,6 @@ instead of fully qualified. .B \-s Only report shared objects. .SH OUTPUT -.LP .I find_elf produces a series of PREFIX, OBJECT, and ALIAS lines, which collectively describe the ELF objects located. Whitespace is used within each @@ -76,14 +74,14 @@ For each object found, an OBJECT line is produced to describe it: .sp .in +4 .nf -OBJECT [32 | 64] [DYN | EXEC] [VERDEF | NOVERDEF] object-path +OBJECT [32 | 64] [DYN | EXEC | REL] [VERDEF | NOVERDEF] object-path .fi .in -4 .sp The first field provides the ELF class of the object, and will be either 32 or 64. The second field provides the type of object, either -a shared object (DYN) or executable (EXEC). +a shared object (DYN), an executable (EXEC), or a relocatable object (REL). The third field will be VERDEF if the object contains ELF version definitions, and NOVERDEF if the object is not versioned. The final field gives the path to the object. diff --git a/usr/src/tools/scripts/find_elf.pl b/usr/src/tools/scripts/find_elf.pl index 96d5b24c7a..a1e0afa1f0 100644 --- a/usr/src/tools/scripts/find_elf.pl +++ b/usr/src/tools/scripts/find_elf.pl @@ -228,11 +228,13 @@ sub ProcFile { # Obtain the ELF information for this object. @Elf = GetObjectInfo($FullPath); - # Return quietly if: - # - Not an executable or sharable object - # - An executable, but the -s option was used. - if ((($Elf[1] ne 'EXEC') && ($Elf[1] ne 'DYN')) || - (($Elf[1] eq 'EXEC') && $opt{s})) { + if ($Elf[1] eq 'NONE') { + return; + } + + # Return quietly if object is executable or relocatable but the -s + # option was used. + if ((($Elf[1] eq 'EXEC') || ($Elf[1] eq 'REL')) && $opt{s}) { return; } |