From patchwork Wed Sep 21 16:57:07 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Konrad Rzeszutek Wilk X-Patchwork-Id: 9343949 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 99FC3607D4 for ; Wed, 21 Sep 2016 16:59:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9B6572A80D for ; Wed, 21 Sep 2016 16:59:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8F8672A80E; Wed, 21 Sep 2016 16:59:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4FCDC2A80D for ; Wed, 21 Sep 2016 16:59:51 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bmkpw-0000HW-Rb; Wed, 21 Sep 2016 16:57:32 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bmkpw-0000H8-2J for xen-devel@lists.xenproject.org; Wed, 21 Sep 2016 16:57:32 +0000 Received: from [85.158.139.211] by server-17.bemta-5.messagelabs.com id B6/4D-03778-BFBB2E75; Wed, 21 Sep 2016 16:57:31 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFLMWRWlGSWpSXmKPExsUyZ7p8oO6v3Y/ CDa5/0LT4vmUykwOjx+EPV1gCGKNYM/OS8isSWDMaF65gK/giVnHm1xymBsaLQl2MXBxCApOZ JI53rGaHcL4xSsxfv54FwtnIKHGytZ0VwpnFKDHhxlagDAcHm4CJxJtVjl2MnBwiAhESfVNfM 4LYzAJlEg8XP2EFsYUFfCVWHNoGZrMIqEp8P/qeGcTmFXCTWNHyHGyMhIC8xLPb9SBhTgF3iY /vtoOFhYBKFvxIBQlLCBhLtL+9yDaBkW8BI8MqRo3i1KKy1CJdI0u9pKLM9IyS3MTMHF1DA1O 93NTi4sT01JzEpGK95PzcTYzAMKlnYGDcwXh5i98hRkkOJiVR3u4tj8KF+JLyUyozEosz4otK c1KLDzHKcHAoSfD+3wWUEyxKTU+tSMvMAQYsTFqCg0dJhNcXJM1bXJCYW5yZDpE6xagoJc67H SQhAJLIKM2Da4NFySVGWSlhXkYGBgYhnoLUotzMElT5V4ziHIxKwryvQKbwZOaVwE1/BbSYCW jxlp8PQBaXJCKkpBoYlfwKuU+3TrM8+H8f0/7vV4LnT8n6Z2mdbM+45p1ngGHfLRnu6x87li/ mTDcVl404r5m3OqbIYc7H9lclmZP90191zrNpiyl8ujw0ai7Tvs37P3dpsWjLKFy5yf97TkWJ uV/6vsdm9SsEFsYIOB7/wLei5//pfqE9cZdsWk+un9LDdSr0WMplJZbijERDLeai4kQAji8wd o0CAAA= X-Env-Sender: konrad.wilk@oracle.com X-Msg-Ref: server-9.tower-206.messagelabs.com!1474477048!60887425!1 X-Originating-IP: [156.151.31.81] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogMTU2LjE1MS4zMS44MSA9PiAyODgzMzk=\n X-StarScan-Received: X-StarScan-Version: 8.84; banners=-,-,- X-VirusChecked: Checked Received: (qmail 25247 invoked from network); 21 Sep 2016 16:57:30 -0000 Received: from userp1040.oracle.com (HELO userp1040.oracle.com) (156.151.31.81) by server-9.tower-206.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 21 Sep 2016 16:57:30 -0000 Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u8LGvOQh002478 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 21 Sep 2016 16:57:25 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id u8LGvOcV011023 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 21 Sep 2016 16:57:24 GMT Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u8LGvL00005837; Wed, 21 Sep 2016 16:57:23 GMT Received: from localhost.localdomain.localdomain (/172.58.216.202) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 21 Sep 2016 09:57:21 -0700 From: Konrad Rzeszutek Wilk To: konrad@kernel.org, xen-devel@lists.xenproject.org, ross.lagerwall@citrix.com Date: Wed, 21 Sep 2016 12:57:07 -0400 Message-Id: <1474477030-10722-3-git-send-email-konrad.wilk@oracle.com> X-Mailer: git-send-email 2.4.11 In-Reply-To: <1474477030-10722-1-git-send-email-konrad.wilk@oracle.com> References: <1474477030-10722-1-git-send-email-konrad.wilk@oracle.com> X-Source-IP: aserv0022.oracle.com [141.146.126.234] Cc: andrew.cooper3@citrix.com, Jan Beulich , Konrad Rzeszutek Wilk Subject: [Xen-devel] [PATCH v7 2/5] livepatch: Add limit of 2MB to payload .bss sections. X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP The initial patch: 11ff40fa7bb5fdcc69a58d0fec49c904ffca4793 "xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op" caps the size of the binary at 2MB. We follow that in capping the size of the .BSSes to be at maximum 2MB. We also bubble up the payload limit and this one in one #define called LIVEPATCH_MAX_SIZE to make it easier to find these arbitrary limits. Reviewed-by: Ross Lagerwall Signed-off-by: Konrad Rzeszutek Wilk Reviewed-by: Jan Beulich --- Cc: Ross Lagerwall Cc: Jan Beulich v5: Initial submission. Came about from conversation about "livepatch: Clear .bss when payload is reverted" - Use only one sh_flags comparison instead of two. - And check for the _right_ combination (WA). v6: Remove the logging - Move the MB(2) to a #define in the header file. - Add the newline after the addition in livepatch_elf.c. - Added Reviewed-by from Ross. v7:- s/MAX_BSS_SIZE/LIVEPATCH_MAX_SIZE/ - Also use this LIVEPATHCH_MAX_SIZE in verify_payload --- xen/common/livepatch.c | 2 +- xen/common/livepatch_elf.c | 4 ++++ xen/include/xen/livepatch.h | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 1f527a3..c9e5318 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -123,7 +123,7 @@ static int verify_payload(const xen_sysctl_livepatch_upload_t *upload, char *n) if ( !upload->size ) return -EINVAL; - if ( upload->size > MB(2) ) + if ( upload->size > LIVEPATCH_MAX_SIZE ) return -EINVAL; if ( !guest_handle_okay(upload->payload, upload->size) ) diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index 303115f..f46990e 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -86,6 +86,10 @@ static int elf_resolve_sections(struct livepatch_elf *elf, const void *data) delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past end"); return -EINVAL; } + else if ( (sec[i].sec->sh_flags & (SHF_WRITE | SHF_ALLOC)) && + sec[i].sec->sh_type == SHT_NOBITS && + sec[i].sec->sh_size > LIVEPATCH_MAX_SIZE ) + return -EINVAL; sec[i].data = data + delta; /* Name is populated in elf_resolve_section_names. */ diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index 243e240..29c9b31 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -30,6 +30,8 @@ struct xen_sysctl_livepatch_op; #define ELF_LIVEPATCH_FUNC ".livepatch.funcs" #define ELF_LIVEPATCH_DEPENDS ".livepatch.depends" #define ELF_BUILD_ID_NOTE ".note.gnu.build-id" +/* Arbitrary limit for payload size and .bss section size. */ +#define LIVEPATCH_MAX_SIZE MB(2) struct livepatch_symbol { const char *name;