From patchwork Thu Mar 17 11:08:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Roger Pau Monne X-Patchwork-Id: 12783888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BE718C433F5 for ; Thu, 17 Mar 2022 11:09:37 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.291501.494775 (Exim 4.92) (envelope-from ) id 1nUo0S-0008NP-4z; Thu, 17 Mar 2022 11:09:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291501.494775; Thu, 17 Mar 2022 11:09:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo0S-0008NI-1Y; Thu, 17 Mar 2022 11:09:24 +0000 Received: by outflank-mailman (input) for mailman id 291501; Thu, 17 Mar 2022 11:09:22 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo0Q-00080x-Jb for xen-devel@lists.xenproject.org; Thu, 17 Mar 2022 11:09:22 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id b16bb2bb-a5e2-11ec-853c-5f4723681683; Thu, 17 Mar 2022 12:09:21 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b16bb2bb-a5e2-11ec-853c-5f4723681683 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1647515361; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=fpKWCCUtR+/R9d1fr17rKD/uI5IeMN8VnwhiJs0DQeI=; b=Yw7CtvRkwwZk/udo9kE2Sp8uRvIJQS5rt3jLtChBIzLIb0QuhdMGE4W/ hpXRxMjf0jGE6jm/4WxeXnvHPBOYgounVtKBcf6BV2vhNkrajwLZuSrc2 J6mpvWPOTOeaGddLOyGCB9mivuPdIu9fSa3ua/SWJI6lPFZ9KqaGjtrDP 8=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com X-SBRS: 5.1 X-MesageID: 66496270 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:xAxTwK8imfBwi2eYLQAADrUDDX6TJUtcMsCJ2f8bNWPcYEJGY0x3n WYeCz3TPKzfZjHwf9x+b4zl8UoPu8fQnNQ3Hgpk+X88E34SpcT7XtnIdU2Y0wF+jyHgoOCLy +1EN7Es+ehtFie0Si+Fa+Sn9T8mvU2xbuKU5NTsY0idfic5DnZ54f5fs7Rh2NQw2oHmW1nlV e7a+KUzBnf0g1aYDUpMg06zgEsHUCPa4W5wUvQWPJinjXeG/5UnJMt3yZKZdhMUdrJ8DO+iL 9sv+Znilo/vE7XBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XnRfTAKtao2zhojx/9 DlCnYaiRTszHojRpNQceRJBFTFPOaFi+JaSdBBTseTLp6HHW37lwvEoB0AqJ4wIvO1wBAmi9 9RBdmpLNErawbvrnvTrEYGAhex6RCXvFJkYtXx6iynQEN4tQIzZQrWM7thdtNs1rp4QQaeAP ZVBAdZpREybOzlRHAwPM5IVu/uQjGfPfSNpq13A8MLb5ECMlVcsgdABKuH9RNuOQslEm1eCk UjP9W/5HxIyOcSWzHyO9XfEruXChz/hUYQeUrix7Od3gUa7z3YWThYRUDOTvv2RmkO4HdVFJ CQ8+CAjsKwz/0yDVcTmUluzp3vslh0bXcBZH6sl6QWO4q3O6g2dCy4PSTspQMwrsoo6SCIn0 neNnsj1Hnp/vbuNU3Wf+7yI6zSoNkA9L3IGZCICZRsI5Z/kuo5bpgnUUt9pHaqxj9v0MTL92 TaHqG45nbp7sCIQ//zlpxad2Wvq/8WXCF5ujunKYo67xhlraLK/R6m11Wjax/1ZKpaoSlWlv FFRzqBy89syJZ2KkSWMRsAEE7eo++uJPVXgvLJ/I3Uy32/zoiD+JOi89Bk7fR40aZhcJVcFd WeJ4WtsCIlv0GxGhEOdS6a4EIwUwKfpDrwJvdiEP4MVMvCdmOJqlRyChHJ8PUiwyCDAcollY P93lPpA615AVcyLKxLsG48gPUcDnHxW+I8qbcmTI+6b+bSffmWJbrwOLUGDaOs0hIvd/lmKr 4sAbpHUk0oCOAEbXsUx2dRPRbztBSJnba0aVuQNLrLTSuaYMDxJ5wDtLUMJJNU+wvU9ehbg9 XChQE5IoGcTdlWcQThmnktLMeu1Nb4m9CpTFXV1YT6AhihyCa7yvfx3X8ZmItEaGBlLkKcco w8tIJ7bXJyii13vplwgUHUKhNc7JUrx2l7WYXbNjfpWV8cIejElM+TMJ2PH3CIPEjC2pY05p bih3RncWp0NW0JpC8O+VR5l5wrZUaQ18A6qY3b1Hw== IronPort-HdrOrdr: A9a23:ZMq3MKo0ZwdJ+A+PZTyyPsoaV5vPL9V00zEX/kB9WHVpm5Oj+f xGzc516farslossREb+expOMG7MBThHPlOkPYs1NaZLXXbUQ6TTb2KgrGSugEIdxeOk9K1kJ 0QCZSWa+eAfWSS7/yKmDVQeuxIqLLsndHK9IXjJjVWPHxXgslbnnZE422gYytLrWd9dP4E/M 323Ls4m9PsQwVdUu2LQl0+G8TTrdzCk5zrJTYAGh4c8QGLyRel8qTzHRS01goXF2on+8ZuzU H11yjCoomzufCyzRHRk0fV8pRtgdPkjv9OHtaFhMQ5IijlziyoeINicbufuy1dmpDk1H8a1P 335zswNcV67H3cOkmzvBvWwgHllA0j7nfzoGXo90fLkIjcfnYXGsBBjYVWfl/y8Ew7puxx16 pNwiawq4dXJQmoplWy2/H4EzVR0makq3srluAey1ZFV5EFVbNXpYsDuGtIDZY7Gj7g4oxPKp ggMCjl3ocXTbqmVQGbgoE2q+bcHEjbXy32DnTqg/blkgS/xxtCvg4lLM92pAZ2yHtycegB2w 3+CNUbqFh/dL5kUUtDPpZ1fSLOMB23ffvtChPaHb21LtBOB5ryw6SHlIndotvaP6A18A== X-IronPort-AV: E=Sophos;i="5.90,188,1643691600"; d="scan'208";a="66496270" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xn2LMnkCgqbd1tMp4K/L4L5ni8CsCeu2FZcrK8C0In4KiBb8ESTsaXunzZYaxWQcUx3xHxrWhdB33aRW/Z/qs6XMGlEkDsFDdsxq5DRt9GgRcb23aQVdJXD6RxXadP/eRHOExbXwabE+eVBS/eXDPl/bkjssSRQmjaNG6/LJSJBIz+2Ju0aRv/DrQdnRH56lBZAnATEKi+4FE89F8i7UIkARL1jgGzgPc5BfsZSOipgg7tXEoL78dDuge76ZgXBK7kZc7E7QWLiEwYWlUwU/M0BeH1EcVd64hldqIz8O5Y3gE4fY31XSb7gX41MF05qatXMC0qRGHCB0w3hpHGRIPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ThI7FNLNj1qjzQJ85InJ5XwxtR+RxYNzUMMHvZI+Xew=; b=c2n1vAhBtjbvFq0pzUDZ4xTqD2eWCadALKWopb73NVqIOuAlgSRVHU91A4/B2AjIx3v4BFxOqf1iulIQ9wR8a5W/HbyOh3OssavggInXUbgZ7j2PRUvONZ1eJL/+7TsUSqBuYIQGnJYBU9mBY0+rlx6dj187KI4lefSN6cK6L2XCg4IfbVEsrs8ntY1/F0KVe8BBJW5hdH8U1zmbSc5rsfpaOuurMd5PyH/1qsiid2eZcgLj7uEn6Kty7XeWXOz65zM5rb0yirkvdLA4cUpnCav0R43dhHH8ybW9lquKZyQgw1DCrFpkT5h+WdK654Pp/jgie4XC31zAPIEPJUPJpQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ThI7FNLNj1qjzQJ85InJ5XwxtR+RxYNzUMMHvZI+Xew=; b=ACm97TaiD+KOsOX0HVQtgqd3U1M9MlT/MXC7KtcuAqe73oTITPm6s+8cccXdrYQlBX1qKgJuYx8kWE450omD9PeTTCqb0BqI0VOgt96V+wBnX8xdl3KWytll4Xtscg9kLD+XEfAyPBBvKNKUpjteEyFLRL6FHmeQXDxyKaHyF2E= From: Roger Pau Monne To: CC: Roger Pau Monne , Konrad Rzeszutek Wilk , Ross Lagerwall , "Stefano Stabellini" , Julien Grall , "Bertrand Marquis" , Volodymyr Babchuk , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH 2/2] livepatch: avoid relocations referencing ignored section symbols Date: Thu, 17 Mar 2022 12:08:54 +0100 Message-ID: <20220317110854.39050-3-roger.pau@citrix.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220317110854.39050-1-roger.pau@citrix.com> References: <20220317110854.39050-1-roger.pau@citrix.com> X-ClientProxiedBy: LO2P265CA0267.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a1::15) To DS7PR03MB5608.namprd03.prod.outlook.com (2603:10b6:5:2c9::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f79d9085-d628-4113-1a46-08da08069218 X-MS-TrafficTypeDiagnostic: BL1PR03MB6102:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pPgnejJ9C/oWZ0ZlHwxVHEA3YlAR6nZeOLn5S+6KqzfXiUT52GmmC//O/Fj6hsyk4J9RsMQrpMaPQF6wIg4wpLDoV2MpeFzNa/PxtIL0m/W6NOZ55gH4tWpq23JVDy8KZ+5g2n+UZr77QSexZmwmnyOl5FPX8+8DV2k/q/Y71gDsF5vpVSxUp1cxwmzHW1R+KmDCgtc4OeNbPtBPuIqprPyo1tRj+SSYGZAyk1bvgqEXzRL92kKIKoWRlYCFbptJ0RjgBa6Lj8OR47i7AjHZpe5CelWhlxvWNMA2POs3hGyrxbqJwiApUVVNcVlVIGR8oB/uB/brc84Cg+ITfV64cfZT3q6Rj+FsvnBPCvFPUR5M0V+DHniRpQcceQmFWR/myRS2Y8fZZGGrI2+Ju1nTpcHbN+29u9r5I+/cix2N05NGykTSC7hvi6wg7Q89fWnh+xp1h6BEO2kLHHkECCs67t/iP2ac2MUgZI7QaoVdZ3EJeYfIIwtaTWKejpsz5roICyH1sdYCnGQLS5CqNXIF85ZNVMnz2/YGZi7udnrh8x23oKznHKdN2Fh+QfYnRu4F6zKqBj9kP6F+iaHNtBABZYQNgwySVzt8QR7BPS1FuPRQe9tpqafuJDk+jJXDdLYmEycpDi5Y0iuNnDxFpEdM5w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR03MB5608.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(83380400001)(2906002)(4326008)(508600001)(8676002)(82960400001)(6512007)(86362001)(6506007)(5660300002)(6666004)(6916009)(8936002)(26005)(66946007)(66476007)(316002)(66556008)(186003)(36756003)(2616005)(6486002)(38100700002)(1076003)(54906003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?cywkV0b2sCBP5TARNh3GDPcFrnte?= =?utf-8?q?AfxcQF/FSo5LGDu/NzWZtdoW6ckZbpepu5DXw2kzNBfbUZ27F5x+LdSUUk9kQZQnG?= =?utf-8?q?FixoGBEiDLSzxCuB4scr7KOet2KDxwrau47+h3VgdUcbFmH/j06NKxKMPnK/Sqpkd?= =?utf-8?q?kvH/vPYTX1bNlBgYHEoPkfN3XxfvjlZ5jD2xfamZJMfrn0x7bhbRsVv47g87Z6fJc?= =?utf-8?q?gcDd9lzHGap/e7FFA7oZkeV3iWbUqsdwa7zq5nLlAaa/dtYdJOoKOeH/hrywcuhGF?= =?utf-8?q?pDDL1/9LunJpj/pVrNyF0E5zz+8YIVqXQJgsCvHklp5UtUcAFr0FMqgcUYnlvmhf4?= =?utf-8?q?yuZ0nJIupCT7o/eKDjiS275lVJukVC81wYGvR6fCZZ3FE5O9YdUqBWSRrZy1qfcd/?= =?utf-8?q?MNduCS8lTXScAlnhtPHtULupZljEj0Wg6cj8V1G7SqjS3fbSRQKLOJ5hdpNps/yKg?= =?utf-8?q?Q6Nw0WcJg1FSv9/FYUPDa6DyXceelj8LkKBvfpEr4+h+q9xXm8ducgSFqhJ/4ezDu?= =?utf-8?q?TTa7OhcI6M0nIQ4Gdg0IV4tn+ZasXkiWAX5/8GKgPbWJw9ZanhrlPQjzKlW80lbBw?= =?utf-8?q?iNq3gVeNfQv+yHdzefOfX5lGFohBc8L0ecfTOJGoPNHeHZ3NhQGvCkj1RzGndp4+p?= =?utf-8?q?+LG1N825IeB1xwKRcaNLz3dikyl8/LQC0Iyj3NBtihF1yNLtTZhFa8ZGOi5o2WrL/?= =?utf-8?q?TqF3DCBpOBtxQ8tUF4fYgin0hu7Vh6TDdlCKkO7mQAU9K9LgMqwjmwXnftB98sY2+?= =?utf-8?q?fmUNSuPxpaDIv5m750xhwKzUlrh0Qzjj45i+8oCZZSIKiGpIT2mpNW40gJbvgWls1?= =?utf-8?q?DGKNn7iNsDbJqtEi36FWKoRKMj4j7jQRBJuaobxw29sUsRU7X3B3zirYx0Ee6KIlG?= =?utf-8?q?aHQaPBFhLhSUGozlmsvgvgJthbcMJ5IbBIpnL8zOuKhXA2YmHmKmXvJLtGY3ZNBcK?= =?utf-8?q?iP2G9TeE6wH+ps1UBM4jAqdlTISWDtVMc2C3eZduJn1TEJEwoVAmpRp5p9HmLyQl3?= =?utf-8?q?P5oXbwjZp8XrFUq6b9zMfBnjVPjLaN19fD3BMzEziQqRICFpS1tqclw2qlctLsWaz?= =?utf-8?q?ifj0ll9BAZtyh51+v12e8musRCxyPZBoZxa38nrzV72T73ByFMzvkN19J/aZCe0Ie?= =?utf-8?q?/YEzILZqDMYOcxH0TRq7hA6LtFkQpUKqN6XINU0d7XgtnlzAbf8mnEqhw2kyWnQN3?= =?utf-8?q?NPAO3eMHOzHou4yZ49Xa3x7W/C+4YWdtOgYadaKnWwKGCUfNjChYMrYqrigd7QSGc?= =?utf-8?q?sm3Z7mgJILb8c3AHM1t30/diYkruCasz4MgokcMqw7YwahLLfxG5ZP3dS21ldcNEp?= =?utf-8?q?KIV/hwQhJsCyipYnYXLQWskv2jxO21DyybTuE21S8TmEgjFpCvvZ99sHjhYuYXhTe?= =?utf-8?q?Vz9lDD2+UQj3kxIoh6ZmL5sbOxD4iOxajLJA=3D=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: f79d9085-d628-4113-1a46-08da08069218 X-MS-Exchange-CrossTenant-AuthSource: DS7PR03MB5608.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2022 11:09:14.1174 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CCxUG53zduJ8rvKhDmhAHfsZpE8T8s45J9rBwamCnl00wWkY7X2CX5rYgom9oICh55R6OI4hX3gu8c4+En+Bvg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR03MB6102 X-OriginatorOrg: citrix.com Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..6aed227818 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..655ded33d2 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 37c9b8435e..a928e5bfcd 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -262,6 +262,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf {