create-diff-object: more precisely identify .rodata sections

Commit Message

Wieczorkiewicz, Pawel Nov. 5, 2019, 3:37 p.m. UTC

This is needed for more precise patchability verification.
Only non-special .rodata sections should be subject
for such a non-referenced check in kpatch_verify_patchability().
Current check (non-standard, non-rela, non-debug) is too weak and
allows also non-rodata sections without referenced symbols to slip
through.

Detect .rodata section by checking section's type (SHT_PROGBITS),
flags (no exec, no write) and finally name prefix.

Signed-off-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Reviewed-by: Andra-Irina Paraschiv <andraprs@amazon.com>
Reviewed-by: Bjoern Doebel <doebel@amazon.de>
Reviewed-by: Norbert Manthey <nmanthey@amazon.de>
---
 common.c             |  7 +++++++
 common.h             |  1 +
 create-diff-object.c | 13 ++++++-------
 3 files changed, 14 insertions(+), 7 deletions(-)

Comments

Ross Lagerwall Nov. 25, 2019, 5:14 p.m. UTC | #1

On 11/5/19 3:37 PM, Pawel Wieczorkiewicz wrote:
> This is needed for more precise patchability verification.
> Only non-special .rodata sections should be subject
> for such a non-referenced check in kpatch_verify_patchability().
> Current check (non-standard, non-rela, non-debug) is too weak and
> allows also non-rodata sections without referenced symbols to slip
> through.
> 
> Detect .rodata section by checking section's type (SHT_PROGBITS),
> flags (no exec, no write) and finally name prefix.
> 
> Signed-off-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
> Reviewed-by: Andra-Irina Paraschiv <andraprs@amazon.com>
> Reviewed-by: Bjoern Doebel <doebel@amazon.de>
> Reviewed-by: Norbert Manthey <nmanthey@amazon.de>
> ---
Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Patch

diff --git a/common.c b/common.c
index 0ddc9fa..8f553ea 100644
--- a/common.c
+++ b/common.c
@@ -249,6 +249,13 @@  int is_text_section(struct section *sec)
 		(sec->sh.sh_flags & SHF_EXECINSTR));
 }
 
+int is_rodata_section(struct section *sec)
+{
+	return sec->sh.sh_type == SHT_PROGBITS &&
+	       !(sec->sh.sh_flags & (SHF_EXECINSTR | SHF_WRITE)) &&
+	       !strncmp(sec->name, ".rodata", 7);
+}
+
 int is_debug_section(struct section *sec)
 {
 	char *name;
diff --git a/common.h b/common.h
index 7c6fb73..b6489db 100644
--- a/common.h
+++ b/common.h
@@ -159,6 +159,7 @@  struct symbol *find_symbol_by_index(struct list_head *list, size_t index);
 struct symbol *find_symbol_by_name(struct list_head *list, const char *name);
 
 int is_text_section(struct section *sec);
+int is_rodata_section(struct section *sec);
 int is_debug_section(struct section *sec);
 int is_rela_section(struct section *sec);
 int is_standard_section(struct section *sec);
diff --git a/create-diff-object.c b/create-diff-object.c
index e4592a6..2f0e162 100644
--- a/create-diff-object.c
+++ b/create-diff-object.c
@@ -1672,13 +1672,12 @@  static void kpatch_verify_patchability(struct kpatch_elf *kelf)
 		}
 
 		if (sec->include) {
-			if (!is_standard_section(sec) && !is_rela_section(sec) &&
-			    !is_debug_section(sec) && !is_special_section(sec)) {
-				if (!is_referenced_section(sec, kelf)) {
-					log_normal("section %s included, but not referenced\n",
-						   sec->name);
-					errs++;
-				}
+			if (is_rodata_section(sec) &&
+			    !is_special_section(sec) &&
+			    !is_referenced_section(sec, kelf)) {
+				log_normal(".rodata section %s included, but not referenced\n",
+					   sec->name);
+				errs++;
 			}
 
 			/* Check if a RELA section does not contain any entries with