[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 4 00/16] XSA55 libelf fixes for unstable

Andrew Cooper writes ("Re: [PATCH 4 00/16] XSA55 libelf fixes for unstable"):
>  Xen warning: dom0 kernel broken ELF: program segments total to more
> than the input image size

I had a total brain fart when I wrote this, and forgot about
uninitialised data.  I think this patch (added to the end of the
series) should fix it.

If you report success I intend to provide a v5 of my series with this
integrated in its proper place.


Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

diff --git a/xen/common/libelf/libelf-loader.c 
index fbc8de7..1e3c869 100644
--- a/xen/common/libelf/libelf-loader.c
+++ b/xen/common/libelf/libelf-loader.c
@@ -298,7 +298,12 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf)
     ELF_HANDLE_DECL(elf_phdr) phdr;
     uint64_t i, count, paddr, offset, filesz, memsz;
     elf_ptrval dest;
-    elf_ptrval remain_allow_copy = elf->size;
+    uint64_t remain_allow_copy = (uint64_t)elf->dest_size * 2;
+    /*
+     * Let bizarre ELFs write the output image up to twice; this
+     * calculation is just to ensure our copying loop is no worse than
+     * O(domain_size).
+     */
     count = elf_uval(elf, elf->ehdr, e_phnum);
     for ( i = 0; i < count; i++ )

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.