[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/8] libelf: loop safety: Introduce elf_iter_ok and elf_strcmp_safe

To: "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 12 Dec 2016 08:51:11 -0700
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 12 Dec 2016 15:51:29 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 09.12.16 at 16:44, <ian.jackson@xxxxxxxxxxxxx> wrote:
> --- a/xen/common/libelf/libelf-loader.c
> +++ b/xen/common/libelf/libelf-loader.c
> @@ -38,6 +38,7 @@ elf_errorstatus elf_init(struct elf_binary *elf, const char 
> *image_input, size_t
>      ELF_HANDLE_DECL(elf_shdr) shdr;
>      unsigned i, count, section, link;
>      uint64_t offset;
> +    const uint64_t max_size_for_deacc = (1UL << 63)/ELF_MAX_ITERATION_FACTOR;
>  
>      if ( !elf_is_elfbinary(image_input, size) )
>      {
> @@ -52,6 +53,10 @@ elf_errorstatus elf_init(struct elf_binary *elf, const 
> char *image_input, size_t
>      elf->class = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_CLASS]);
>      elf->data = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_DATA]);
>  
> +    elf->iteration_deaccumulator = 1024*1024 +
> +        (size > max_size_for_deacc ? max_size_for_deacc : size)
> +        * ELF_MAX_ITERATION_FACTOR;        

One more question here: Is this useful at all? You're allowing
for approximately 2**63 accounted operations - how big does
an image need to be to actually break this limit? XSA-25 already
limited image sizes to 1Gb (but I do understand that the
guarding here is also against e.g. redundant loading of the
same bits through multiple program header table entries).

And how long will it take you to reach that limit (and to cause
elf->broken to be set)? With 1ns per accounted operation,
that'll be on the order of 270 years. Am I missing something
here?

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/8] libelf: loop safety: Introduce elf_iter_ok and elf_strcmp_safe
  - From: Ian Jackson

References:
- Re: [Xen-devel] [PATCH] libelf: Fix div0 issues in elf_{shdr, phdr}_count()
  - From: Ian Jackson
- [Xen-devel] [PATCH 0/8] libelf: safety enhancements
  - From: Ian Jackson
- [Xen-devel] [PATCH 1/8] libelf: loop safety: Introduce elf_iter_ok and elf_strcmp_safe
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH 5/8] libelf: loop safety: Replace all calls to strcmp
Next by Date: Re: [Xen-devel] [PATCH v1 7/7] make-flight/mfi-common: Add them in the matrix.
Previous by thread: Re: [Xen-devel] [PATCH 1/8] libelf: loop safety: Introduce elf_iter_ok and elf_strcmp_safe
Next by thread: Re: [Xen-devel] [PATCH 1/8] libelf: loop safety: Introduce elf_iter_ok and elf_strcmp_safe
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.