hw/elf_ops: Ignore loadable segments with zero size

Message ID	20240116155049.390301-1-bmeng@tinylab.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: Bin Meng <bmeng@tinylab.org> To: qemu-devel@nongnu.org, Richard Henderson <richard.henderson@linaro.org>, Thomas Huth <thuth@redhat.com> Subject: [PATCH] hw/elf_ops: Ignore loadable segments with zero size Date: Tue, 16 Jan 2024 23:50:49 +0800 Message-Id: <20240116155049.390301-1-bmeng@tinylab.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: bizesmtp:tinylab.org:qybglogicsvrgz:qybglogicsvrgz7a-0 Received-SPF: pass client-ip=43.154.221.58; envelope-from=bmeng@tinylab.org; helo=bg4.exmail.qq.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Series	hw/elf_ops: Ignore loadable segments with zero size \| expand hw/elf_ops: Ignore loadable segments with zero size

Message ID

20240116155049.390301-1-bmeng@tinylab.org (mailing list archive)

State

New, archived

Headers

From: Bin Meng <bmeng@tinylab.org>
To: qemu-devel@nongnu.org, Richard Henderson <richard.henderson@linaro.org>,
 Thomas Huth <thuth@redhat.com>
Subject: [PATCH] hw/elf_ops: Ignore loadable segments with zero size
Date: Tue, 16 Jan 2024 23:50:49 +0800
Message-Id: <20240116155049.390301-1-bmeng@tinylab.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: bizesmtp:tinylab.org:qybglogicsvrgz:qybglogicsvrgz7a-0
Received-SPF: pass client-ip=43.154.221.58; envelope-from=bmeng@tinylab.org;
 helo=bg4.exmail.qq.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Series

hw/elf_ops: Ignore loadable segments with zero size | expand

Commit Message

Bin Meng Jan. 16, 2024, 3:50 p.m. UTC

Some ELF files really do have segments of zero size, e.g.:

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  RISCV_ATTRIBUT 0x00000000000025b8 0x0000000000000000 0x0000000000000000
                 0x000000000000003e 0x0000000000000000  R      0x1
  LOAD           0x0000000000001000 0x0000000080200000 0x0000000080200000
                 0x00000000000001d1 0x00000000000001d1  R E    0x1000
  LOAD           0x00000000000011d1 0x00000000802001d1 0x00000000802001d1
                 0x0000000000000e37 0x0000000000000e37  RW     0x1000
  LOAD           0x0000000000000120 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000         0x1000

The current logic does not check for this condition, resulting in
the incorrect assignment of 'lowaddr' as zero.

There is already a piece of codes inside the segment traversal loop
that checks for zero-sized loadable segments for not creating empty
ROM blobs. Let's move this check to the beginning of the loop to
cover both scenarios.

Signed-off-by: Bin Meng <bmeng@tinylab.org>
---

 include/hw/elf_ops.h | 75 +++++++++++++++++++++++---------------------
 1 file changed, 39 insertions(+), 36 deletions(-)

Comments

Richard Henderson Jan. 16, 2024, 4:38 p.m. UTC | #1

On 1/17/24 02:50, Bin Meng wrote:
> Some ELF files really do have segments of zero size, e.g.:
> 
> Program Headers:
>    Type           Offset             VirtAddr           PhysAddr
>                   FileSiz            MemSiz              Flags  Align
>    RISCV_ATTRIBUT 0x00000000000025b8 0x0000000000000000 0x0000000000000000
>                   0x000000000000003e 0x0000000000000000  R      0x1
>    LOAD           0x0000000000001000 0x0000000080200000 0x0000000080200000
>                   0x00000000000001d1 0x00000000000001d1  R E    0x1000
>    LOAD           0x00000000000011d1 0x00000000802001d1 0x00000000802001d1
>                   0x0000000000000e37 0x0000000000000e37  RW     0x1000
>    LOAD           0x0000000000000120 0x0000000000000000 0x0000000000000000
>                   0x0000000000000000 0x0000000000000000         0x1000
> 
> The current logic does not check for this condition, resulting in
> the incorrect assignment of 'lowaddr' as zero.
> 
> There is already a piece of codes inside the segment traversal loop
> that checks for zero-sized loadable segments for not creating empty
> ROM blobs. Let's move this check to the beginning of the loop to
> cover both scenarios.
> 
> Signed-off-by: Bin Meng <bmeng@tinylab.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

But please report this as a bug to whatever tool produced such nonsense.


r~

Philippe Mathieu-Daudé Jan. 17, 2024, 8:18 a.m. UTC | #2

On 16/1/24 16:50, Bin Meng wrote:
> Some ELF files really do have segments of zero size, e.g.:
> 
> Program Headers:
>    Type           Offset             VirtAddr           PhysAddr
>                   FileSiz            MemSiz              Flags  Align
>    RISCV_ATTRIBUT 0x00000000000025b8 0x0000000000000000 0x0000000000000000
>                   0x000000000000003e 0x0000000000000000  R      0x1
>    LOAD           0x0000000000001000 0x0000000080200000 0x0000000080200000
>                   0x00000000000001d1 0x00000000000001d1  R E    0x1000
>    LOAD           0x00000000000011d1 0x00000000802001d1 0x00000000802001d1
>                   0x0000000000000e37 0x0000000000000e37  RW     0x1000
>    LOAD           0x0000000000000120 0x0000000000000000 0x0000000000000000
>                   0x0000000000000000 0x0000000000000000         0x1000
> 
> The current logic does not check for this condition, resulting in
> the incorrect assignment of 'lowaddr' as zero.
> 
> There is already a piece of codes inside the segment traversal loop
> that checks for zero-sized loadable segments for not creating empty
> ROM blobs. Let's move this check to the beginning of the loop to
> cover both scenarios.
> 
> Signed-off-by: Bin Meng <bmeng@tinylab.org>
> ---
> 
>   include/hw/elf_ops.h | 75 +++++++++++++++++++++++---------------------
>   1 file changed, 39 insertions(+), 36 deletions(-)

Thanks, patch queued.

Michael Tokarev Jan. 20, 2024, 10:28 a.m. UTC | #3

16.01.2024 19:38, Richard Henderson wrote:
> On 1/17/24 02:50, Bin Meng wrote:
>> Some ELF files really do have segments of zero size, e.g.:
>>
>> Program Headers:
>>    Type           Offset             VirtAddr           PhysAddr
>>                   FileSiz            MemSiz              Flags  Align
>>    RISCV_ATTRIBUT 0x00000000000025b8 0x0000000000000000 0x0000000000000000
>>                   0x000000000000003e 0x0000000000000000  R      0x1
>>    LOAD           0x0000000000001000 0x0000000080200000 0x0000000080200000
>>                   0x00000000000001d1 0x00000000000001d1  R E    0x1000
>>    LOAD           0x00000000000011d1 0x00000000802001d1 0x00000000802001d1
>>                   0x0000000000000e37 0x0000000000000e37  RW     0x1000
>>    LOAD           0x0000000000000120 0x0000000000000000 0x0000000000000000
>>                   0x0000000000000000 0x0000000000000000         0x1000
>>
>> The current logic does not check for this condition, resulting in
>> the incorrect assignment of 'lowaddr' as zero.
>>
>> There is already a piece of codes inside the segment traversal loop
>> that checks for zero-sized loadable segments for not creating empty
>> ROM blobs. Let's move this check to the beginning of the loop to
>> cover both scenarios.
>>
>> Signed-off-by: Bin Meng <bmeng@tinylab.org>
> 
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> 
> But please report this as a bug to whatever tool produced such nonsense.

I think we've an old bug about this in debian bts, https://bugs.debian.org/919921 .

/mjt

Richard Henderson Jan. 20, 2024, 9:25 p.m. UTC | #4

On 1/20/24 21:28, Michael Tokarev wrote:
> 16.01.2024 19:38, Richard Henderson wrote:
>> On 1/17/24 02:50, Bin Meng wrote:
>>> Some ELF files really do have segments of zero size, e.g.:
>>>
>>> Program Headers:
>>>    Type           Offset             VirtAddr           PhysAddr
>>>                   FileSiz            MemSiz              Flags  Align
>>>    RISCV_ATTRIBUT 0x00000000000025b8 0x0000000000000000 0x0000000000000000
>>>                   0x000000000000003e 0x0000000000000000  R      0x1
>>>    LOAD           0x0000000000001000 0x0000000080200000 0x0000000080200000
>>>                   0x00000000000001d1 0x00000000000001d1  R E    0x1000
>>>    LOAD           0x00000000000011d1 0x00000000802001d1 0x00000000802001d1
>>>                   0x0000000000000e37 0x0000000000000e37  RW     0x1000
>>>    LOAD           0x0000000000000120 0x0000000000000000 0x0000000000000000
>>>                   0x0000000000000000 0x0000000000000000         0x1000
>>>
>>> The current logic does not check for this condition, resulting in
>>> the incorrect assignment of 'lowaddr' as zero.
>>>
>>> There is already a piece of codes inside the segment traversal loop
>>> that checks for zero-sized loadable segments for not creating empty
>>> ROM blobs. Let's move this check to the beginning of the loop to
>>> cover both scenarios.
>>>
>>> Signed-off-by: Bin Meng <bmeng@tinylab.org>
>>
>> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
>>
>> But please report this as a bug to whatever tool produced such nonsense.
> 
> I think we've an old bug about this in debian bts, https://bugs.debian.org/919921 .

That's different -- file size == 0, mem size != 0.


r~

diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index 0a5c258fe6..f014399b50 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -427,6 +427,16 @@  static ssize_t glue(load_elf, SZ)(const char *name, int fd,
             file_size = ph->p_filesz; /* Size of the allocated data */
             data_offset = ph->p_offset; /* Offset where the data is located */
 
+            /*
+             * Some ELF files really do have segments of zero size;
+             * just ignore them rather than trying to set the wrong addr,
+             * or create empty ROM blobs, because the zero-length blob can
+             * falsely trigger the overlapping-ROM-blobs check.
+             */
+            if (mem_size == 0) {
+                continue;
+            }
+
             if (file_size > 0) {
                 if (g_mapped_file_get_length(mapped_file) <
                     file_size + data_offset) {
@@ -530,45 +540,38 @@  static ssize_t glue(load_elf, SZ)(const char *name, int fd,
                 *pentry = ehdr.e_entry - ph->p_vaddr + ph->p_paddr;
             }
 
-            /* Some ELF files really do have segments of zero size;
-             * just ignore them rather than trying to create empty
-             * ROM blobs, because the zero-length blob can falsely
-             * trigger the overlapping-ROM-blobs check.
-             */
-            if (mem_size != 0) {
-                if (load_rom) {
-                    g_autofree char *label =
-                        g_strdup_printf("%s ELF program header segment %d",
-                                        name, i);
-
-                    /*
-                     * rom_add_elf_program() takes its own reference to
-                     * 'mapped_file'.
-                     */
-                    rom_add_elf_program(label, mapped_file, data, file_size,
-                                        mem_size, addr, as);
-                } else {
-                    MemTxResult res;
-
-                    res = address_space_write(as ? as : &address_space_memory,
-                                              addr, MEMTXATTRS_UNSPECIFIED,
-                                              data, file_size);
+            if (load_rom) {
+                g_autofree char *label =
+                    g_strdup_printf("%s ELF program header segment %d",
+                                    name, i);
+
+                /*
+                 * rom_add_elf_program() takes its own reference to
+                 * 'mapped_file'.
+                 */
+                rom_add_elf_program(label, mapped_file, data, file_size,
+                                    mem_size, addr, as);
+            } else {
+                MemTxResult res;
+
+                res = address_space_write(as ? as : &address_space_memory,
+                                          addr, MEMTXATTRS_UNSPECIFIED,
+                                          data, file_size);
+                if (res != MEMTX_OK) {
+                    goto fail;
+                }
+                /*
+                 * We need to zero'ify the space that is not copied
+                 * from file
+                 */
+                if (file_size < mem_size) {
+                    res = address_space_set(as ? as : &address_space_memory,
+                                            addr + file_size, 0,
+                                            mem_size - file_size,
+                                            MEMTXATTRS_UNSPECIFIED);
                     if (res != MEMTX_OK) {
                         goto fail;
                     }
-                    /*
-                     * We need to zero'ify the space that is not copied
-                     * from file
-                     */
-                    if (file_size < mem_size) {
-                        res = address_space_set(as ? as : &address_space_memory,
-                                                addr + file_size, 0,
-                                                mem_size - file_size,
-                                                MEMTXATTRS_UNSPECIFIED);
-                        if (res != MEMTX_OK) {
-                            goto fail;
-                        }
-                    }
                 }
             }

hw/elf_ops: Ignore loadable segments with zero size

Commit Message

Comments

Patch