[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] create-diff-object: handle missing padding at end of special section

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Date: Fri, 14 Apr 2023 17:19:33 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1p+jVcCxqzh6neMgNDhH9OkgSf5UEdomAAqkuunpqpE=; b=ZGEm+0IDixL5x2Rii4qzaksWrl1r3eH1HH+dMiYCvJgYOSypVIzYxXzcums3XA7tVufYQmklpUKm8HbviKAD1RzT/k+IyHZNekyzEYrS2bYukFt653pnkzt9Rj/Q6Ofy3qGNJqEzv6tem7wM9cW5h+wReOFn7JLtCHZbnNxJO8cuII74xqm/sSIhV4kPTiaSDZKwlvEUtOEkfl4dOpO3O2NOJ+knqX205wgaq+iG5iOmdudatw+PxT6lf+zTo4ud1hzf6XRxb5SoxGEA1LApd+rklGWzvPi28/4SvZyiHmzR0uJX3tVIlLGI3LEsYyhKWCqR/uOk151YYt+9pBNxzA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dYN+lxuu97RJHO2KlJdpI6kgwB6sLFE0RXADMxGi2OwqKy7f9forBs0JSw0nViXUe0r1ufJY9yFz7tbVIpZMIzGy+RNRdVz8LiaY8L+WuHkE6lZIITNwj9dDNg3CJ5VBf4++IzyFk4nXOMIVSC8OAqtIq9DyAYH8HbQDh/fi4s8nh9n5qbglLVfoisW13SmKZbt20+K9uYuLw2t9eGyQqqZAAG8jCdsVRaJR9Y9V11z2YI5NbKw0k4M77vgEBmNujuOeAzStj6wd4dXO3mHm9+RSmU2hw5MzFMRpOGoB5/DXhdeGPxqMUGqAE7y9OMJ6xyk7d13qIsCk033bd931EA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
  • Delivery-date: Fri, 14 Apr 2023 15:20:29 +0000
  • Ironport-data: A9a23:PMUg7aD6EOmkpxVW/x3iw5YqxClBgxIJ4kV8jS/XYbTApD0h1zRUz 2tKWWqAPP+LN2ajedt2a97g9UpS6MTdndYwQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFuspvlDs15K6p4G9B4gRkDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw+ttLX2Yf6 sMjEwtWQDCyutu4zqCSRbw57igjBJGD0II3nFhFlW2cJ9B2BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTK+exruAA/zyQouFTpGMDSddGQA91cg26Tp 37c/nS/CRYfXDCa4WPdry7w3LCTw0sXXqooEo/o0a86vWau7UkIUEMdDkGqpqm23xvWt9V3b hZ8FjAVhbg/8gmnQ8fwWzW8oWWYpVgMVtxICeo45QqRjK3O7G6xBHADTztLb9EOrsI6RTU2k FSOmrvBBjtpqrSZD22c8rS8qim7MiwYa2QFYEc5oRAt5tDipMQ5iELJR9M7TKqt1IWpQnf33 iyAqzU4i/MLl8kX2q6n/FfBxTWxupzOSQ1z7QLSNo640j5EiEeeT9TAwTDmATxodd7xooWp1 JTcp/Wj0Q==
  • Ironport-hdrordr: A9a23:MRFC2aDKzDKQcg7lHejHsseALOsnbusQ8zAXPh9KJCC9I/bzqy nxpp8mPH/P5wr5lktQ++xoX5PwOU80lKQFmLX5WI3PYOCIghrNEGgP1+vfKl7balDDH5BmpM BdmsFFYbWfbGSS5fyKmjVQeOxQpeVvnprY5ts3mBxWPHpXguxbnnBE4kHxKDwGeCB2Qb4CUL aM7MtOoDStPVwRc8SAH3EAG8TTutHRk5riQBgeQzoq8hOHgz+E4KPzV0Hw5GZUbxp/hZMZtU TVmQ3w4auu99m91x/nzmfWq7hGhdf7zdNHJcqUzuwYMC/lhAqEbJloH5eCoDc2iuey70tCqq iFnz4Qe+BIr1/BdGC8phXgnyHmzTYV8nfnjXuVm2Hqr8DVTC8zT5Mpv/MRTjLpr24b+P1s2q NC2GyU87JREBP7hSz4o/zFTQtjmEaYqWcr1cQTk3tce40Db6I5l/1owGplVLM7WA7q4oEuF+ djSOna+fZtaFufK0vUu2F+qebcLEgbL1OjeAwvq8aV2z9ZkDRS1E0D3vESmX8G6dYUV4REz/ 6sCNUmqJh+CustKY5tDuYIRsW6TkbXRwjXDW6UKVP7UIkaJnP2rYLt6rld3pDnRHUx9upypH 39aiIZiYZrEHieSvFmnac7vywleV/NEwgEkaplltpEUr6VfsuZDcTMciFqryKamYRgPiTqYY fOBHtoOY6dEYKXI/cu4+TfYegmFZBMarxghv8LH3Szn+nsFqrG8sTmTde7HsucLd9jYBK0Pk c+
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
From: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>

The paravirt_patch_site struct has 12 bytes of data and 4 bytes of
padding, for a total of 16 bytes.  However, when laying out the structs
in the .parainstructions section, the vmlinux script only aligns before
each struct's data, not after.  So the last entry doesn't have the
4-byte padding, which breaks kpatch_regenerate_special_section()'s
assumption of a 16-byte struct, resulting in a memcpy past the end of
the section.

Fixes #747.

Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>

This is commit:

c2dc3836e862 create-diff-object: handle missing padding at end of special 
section

In kpatch repository.

I've seen the .fixup section get an alignment of 16 but a size of 81,
which makes the error removed in this patch trigger.  Overall I'm not
sure why the original alignment check was done against the size of the
section, the alignment applies to the address of the section, not its
size.

Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Cc: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
---
 create-diff-object.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/create-diff-object.c b/create-diff-object.c
index d8a003216096..67784642bcd7 100644
--- a/create-diff-object.c
+++ b/create-diff-object.c
@@ -1204,7 +1204,7 @@ static void kpatch_regenerate_special_section(struct 
kpatch_elf *kelf,
 {
        struct rela *rela, *safe;
        char *src, *dest;
-       int group_size, src_offset, dest_offset, include, align, aligned_size;
+       int group_size, src_offset, dest_offset, include;
 
        LIST_HEAD(newrelas);
 
@@ -1234,6 +1234,18 @@ static void kpatch_regenerate_special_section(struct 
kpatch_elf *kelf,
        for ( ; src_offset < sec->base->sh.sh_size; src_offset += group_size) {
 
                group_size = special->group_size(kelf, src_offset);
+
+               /*
+                * In some cases the struct has padding at the end to ensure
+                * that all structs after it are properly aligned.  But the
+                * last struct in the section may not be padded.  In that case,
+                * shrink the group_size such that it still (hopefully)
+                * contains the data but doesn't go past the end of the
+                * section.
+                */
+               if (src_offset + group_size > sec->base->sh.sh_size)
+                       group_size = sec->base->sh.sh_size - src_offset;
+
                include = should_keep_rela_group(sec, src_offset, group_size);
 
                if (!include)
@@ -1269,12 +1281,6 @@ static void kpatch_regenerate_special_section(struct 
kpatch_elf *kelf,
                dest_offset += group_size;
        }
 
-       /* verify that group_size is a divisor of aligned section size */
-       align = sec->base->sh.sh_addralign;
-       aligned_size = ((sec->base->sh.sh_size + align - 1) / align) * align;
-       if (src_offset != aligned_size)
-               ERROR("group size mismatch for section %s\n", sec->base->name);
-
        if (!dest_offset) {
                /* no changed or global functions referenced */
                sec->status = sec->base->status = SAME;
-- 
2.40.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.