Message ID | 20160906165118.GB2161@char.us.oracle.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
>>> On 06.09.16 at 18:51, <konrad.wilk@oracle.com> wrote: > --- a/xen/common/livepatch_elf.c > +++ b/xen/common/livepatch_elf.c > @@ -86,7 +86,16 @@ static int elf_resolve_sections(struct livepatch_elf *elf, const void *data) > delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past end"); > return -EINVAL; > } > - > + else if ( !(sec[i].sec->sh_flags & SHF_EXECINSTR) && > + (sec[i].sec->sh_flags & SHF_WRITE) && > + sec[i].sec->sh_type == SHT_NOBITS && > + sec[i].sec->sh_size > MB(2) ) What good do the two sh_flags checks do here? Jan
diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index 789e8fc..4a4111d 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -86,7 +86,16 @@ static int elf_resolve_sections(struct livepatch_elf *elf, const void *data) delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past end"); return -EINVAL; } - + else if ( !(sec[i].sec->sh_flags & SHF_EXECINSTR) && + (sec[i].sec->sh_flags & SHF_WRITE) && + sec[i].sec->sh_type == SHT_NOBITS && + sec[i].sec->sh_size > MB(2) ) + { + /* Arbitrary limit. */ + dprintk(XENLOG_ERR, LIVEPATCH "%s: Section [%u] .bss is bigger than 2MB!\n", + elf->name, i); + return -EINVAL; + } sec[i].data = data + delta; /* Name is populated in elf_resolve_section_names. */ sec[i].name = NULL;