[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] xen/livepatch: Clean up arch relocation handling

To: Jan Beulich <JBeulich@xxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Wed, 14 Jun 2017 19:28:39 +0100
Cc: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Wed, 14 Jun 2017 18:29:21 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 14/06/17 15:02, Jan Beulich wrote:
>>>> On 14.06.17 at 15:44, <konrad.wilk@xxxxxxxxxx> wrote:
>> On Tue, Jun 13, 2017 at 09:51:35PM +0100, Andrew Cooper wrote:
>>> --- a/xen/arch/arm/arm32/livepatch.c
>>> +++ b/xen/arch/arm/arm32/livepatch.c
>>> @@ -224,21 +224,21 @@ int arch_livepatch_perform(struct livepatch_elf *elf,
>>>                             const struct livepatch_elf_sec *rela,
>>>                             bool use_rela)
>>>  {
>>> -    const Elf_RelA *r_a;
>>> -    const Elf_Rel *r;
>>> -    unsigned int symndx, i;
>>> -    uint32_t val;
>>> -    void *dest;
>>> +    unsigned int i;
>>>      int rc = 0;
>>>  
>>>      for ( i = 0; i < (rela->sec->sh_size / rela->sec->sh_entsize); i++ )
>>>      {
>>> +        unsigned int symndx;
>>> +        uint32_t val;
>>> +        void *dest;
>>>          unsigned char type;
>>> -        s32 addend = 0;
>>> +        s32 addend;
>>>  
>>>          if ( use_rela )
>>>          {
>>> -            r_a = rela->data + i * rela->sec->sh_entsize;
>>> +            const Elf_RelA *r_a = rela->data + i * rela->sec->sh_entsize;
>>> +
>>>              symndx = ELF32_R_SYM(r_a->r_info);
>>>              type = ELF32_R_TYPE(r_a->r_info);
>>>              dest = base->load_addr + r_a->r_offset; /* P */
>>> @@ -246,10 +246,12 @@ int arch_livepatch_perform(struct livepatch_elf *elf,
>>>          }
>>>          else
>>>          {
>>> -            r = rela->data + i * rela->sec->sh_entsize;
>>> +            const Elf_Rel *r = rela->data + i * rela->sec->sh_entsize;
>>> +
>>>              symndx = ELF32_R_SYM(r->r_info);
>>>              type = ELF32_R_TYPE(r->r_info);
>>>              dest = base->load_addr + r->r_offset; /* P */
>>> +            addend = get_addend(type, dest);
>>>          }
>>>  
>>>          if ( symndx > elf->nsym )
>>> @@ -259,13 +261,11 @@ int arch_livepatch_perform(struct livepatch_elf *elf,
>>>              return -EINVAL;
>>>          }
>>>  
>>> -        if ( !use_rela )
>>> -            addend = get_addend(type, dest);
>> This was added right after the symndx > elf->nsym check as
>> way to make sure we won't dereference the dest (b/c the symbol
>> may be outside the bounds).
> But symndx isn't being used here.

Indeed.  r->r_offset (and therefore dest) has no direct bearing on symndx.

Having said that, there is no sanity check that r->r_offset is within
base->load_addr + sec->sh_size in arm32, whereas both arm64 and x86
appear to do this check.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/2] xen/livepatch: Clean up arch relocation handling
  - From: Konrad Rzeszutek Wilk

References:
- [Xen-devel] [PATCH 1/2] xen/livepatch: Clean up arch relocation handling
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 1/2] xen/livepatch: Clean up arch relocation handling
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH 1/2] xen/livepatch: Clean up arch relocation handling
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v12 25/34] ARM: vITS: handle MAPD command
Next by Date: Re: [Xen-devel] [PATCH v11 01/34] ARM: vGIC: avoid rank lock when reading priority
Previous by thread: Re: [Xen-devel] [PATCH 1/2] xen/livepatch: Clean up arch relocation handling
Next by thread: Re: [Xen-devel] [PATCH 1/2] xen/livepatch: Clean up arch relocation handling
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.