From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7CEFC433F5 for ; Tue, 12 Apr 2022 11:40:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 177856B0080; Tue, 12 Apr 2022 07:40:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 100F26B0081; Tue, 12 Apr 2022 07:40:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E94ED6B0082; Tue, 12 Apr 2022 07:40:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.a.hostedemail.com [64.99.140.24]) by kanga.kvack.org (Postfix) with ESMTP id D55CD6B0080 for ; Tue, 12 Apr 2022 07:40:35 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 9344F238F9 for ; Tue, 12 Apr 2022 11:40:35 +0000 (UTC) X-FDA: 79348034430.09.B4F78D5 Received: from esa6.hgst.iphmx.com (esa6.hgst.iphmx.com [216.71.154.45]) by imf23.hostedemail.com (Postfix) with ESMTP id BE0F1140006 for ; Tue, 12 Apr 2022 11:40:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1649763635; x=1681299635; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=CEPm7umbMupxMebiwkuP+fJcBJ3QXrLrjof4l//fGl0=; b=FMdQycSxtdsHMrVM5Cu5rq/lQmYXdzumeZleO3GEjYF4gWTvYndBGsXv LsL/xsdz0hDpHIMqnuXiqIMqgVOrqihM3Ca/cUp/TSEJbpdZeK4v4UK1C 78Dka2J3p5rUldC8OFvbrbAWSgRgP4YoRszmUGNroy0OXqw5zudmU8lN2 SdNGND8fGNOdJSQ3jxUUt3lS+1F0W6jN3lEKAQqnPh0LIKrf3K15PE5N1 hZlpcGorGYsRxk6uhNciirYkwXKAqNMj4Vh2OuhX1pGMU8sU2OkWHVJzv Zg4oGp64yPELna5uH6n2eLjdGjoIpxBRrfXsgPbr6uTUxqxFA/R4kRUeQ Q==; X-IronPort-AV: E=Sophos;i="5.90,253,1643644800"; d="scan'208";a="198620438" Received: from uls-op-cesaip01.wdc.com (HELO uls-op-cesaep01.wdc.com) ([199.255.45.14]) by ob1.hgst.iphmx.com with ESMTP; 12 Apr 2022 19:40:33 +0800 IronPort-SDR: UdJh/h2JYW9m6Oljvaz5oMz7WhWk2DxrhqYkFDjk6POl9fAPJgGrlYNz/YAetWX6WA9LlXA/LR 6MufNXjY131MUWFiYdmS29Bed5hGZVyWEK5wh1qjYigNGDP6BGq4eQ9Hq0O8/KV3d8C/lmyfMR kz91SYcrCF+Q+Qk5n5aQZXoXtNk3EekIqf2HAq43lbzvlb1KMCj+O6qgkCSVS12a/Uw1KQDTbA MqP8SWTf+7ZCznq5zY/mTszqAGFGCoBOmEzexV5OqOJcCDfzM93+7vps8XxhA10jMdq4vDFHfo NDesrnd1Opq8BeQUN0dSTjI8 Received: from uls-op-cesaip02.wdc.com ([10.248.3.37]) by uls-op-cesaep01.wdc.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 12 Apr 2022 04:11:49 -0700 IronPort-SDR: KaAFuCMjK6gtCEdhL5LDtB2QIL1dMdnESGxgm40h2LmonW4i7NbaIaGA15rnmmzVfl9awnx/oe OsA76lYO8X8wRLUQhwQZiIdZRvf/hba+iOw2N2cIRuWDqtP9FKX4KO4JhbzOOhWcBCJz8ou4Ax 0bpzcttBEXKbncC89mbcxyrp5i2bOef6kBACNKBsddKb+1PFkbxNGMJISwUs0XgQ+tCFR9ygUC EadGMGpZcwB3yp0ZjW0hDDGYSncb225FV6tWL8zWRenkpT4ThYMVKSbxkOMClMdPPRX79CtcuG Py4= WDCIronportException: Internal Received: from usg-ed-osssrv.wdc.com ([10.3.10.180]) by uls-op-cesaip02.wdc.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 12 Apr 2022 04:40:33 -0700 Received: from usg-ed-osssrv.wdc.com (usg-ed-osssrv.wdc.com [127.0.0.1]) by usg-ed-osssrv.wdc.com (Postfix) with ESMTP id 4Kd3gj02htz1SVp1 for ; Tue, 12 Apr 2022 04:40:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= opensource.wdc.com; h=content-transfer-encoding:content-type :in-reply-to:organization:from:references:to:content-language :subject:user-agent:mime-version:date:message-id; s=dkim; t= 1649763631; x=1652355632; bh=CEPm7umbMupxMebiwkuP+fJcBJ3QXrLrjof 4l//fGl0=; b=ShLvYqbc7ZlHbuJKbi61QqHOdYGpOLufVFi1DysgrX71oT87qkj ewEx4EutPBOvmS7DJDUVH2F6XZqqHh5jCJtICuraBHfciXIYOkZ7oj2ak8/fIgdT 1F8tP4ATGMn/Gvu08lL/cMemk0XoWWqMSWuzL84LVJ9izxB5FV6Q3Gj7YlvYeuE9 vefWPDyp1VznyAEoqUCadqDk66N4A9uTlRA/YjFuHw+5Vsr4//N6gyEtYCHlMSpE 0jAyJ3uJccWfVPlAfk274gvtro6vaQgvNTWjMEANmAj9HTRCxUZ+YpNDdI10cIBa xzXotA80k5/mMN9oVq4GwxGIw3JT+4pl9Zw== X-Virus-Scanned: amavisd-new at usg-ed-osssrv.wdc.com Received: from usg-ed-osssrv.wdc.com ([127.0.0.1]) by usg-ed-osssrv.wdc.com (usg-ed-osssrv.wdc.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id wma-0TDx4LgM for ; Tue, 12 Apr 2022 04:40:31 -0700 (PDT) Received: from [10.225.163.9] (unknown [10.225.163.9]) by usg-ed-osssrv.wdc.com (Postfix) with ESMTPSA id 4Kd3gd37GCz1Rvlx; Tue, 12 Apr 2022 04:40:29 -0700 (PDT) Message-ID: <9437ce7f-0553-3688-5695-69add6b2971c@opensource.wdc.com> Date: Tue, 12 Apr 2022 20:40:27 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH] binfmt_flat: do not stop relocating GOT entries prematurely Content-Language: en-US To: Niklas Cassel , Alexander Viro , Eric Biederman , Kees Cook , Paul Walmsley , Palmer Dabbelt , Albert Ou Cc: Greg Ungerer , Mike Frysinger , stable@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org References: <20220412100338.437308-1-niklas.cassel@wdc.com> From: Damien Le Moal Organization: Western Digital Research In-Reply-To: <20220412100338.437308-1-niklas.cassel@wdc.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: hzxj7epucitxzqpjqm7q7gzro61nahkx Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=wdc.com header.s=dkim.wdc.com header.b=FMdQycSx; dkim=pass header.d=opensource.wdc.com header.s=dkim header.b=ShLvYqbc; dmarc=pass (policy=quarantine) header.from=opensource.wdc.com; spf=pass (imf23.hostedemail.com: domain of "prvs=094ba6313=damien.lemoal@opensource.wdc.com" designates 216.71.154.45 as permitted sender) smtp.mailfrom="prvs=094ba6313=damien.lemoal@opensource.wdc.com" X-Rspamd-Queue-Id: BE0F1140006 X-HE-Tag: 1649763634-168986 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000199, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 4/12/22 19:03, Niklas Cassel wrote: > bFLT binaries are usually created using elf2flt. > > The linker script used by elf2flt has defined the .data section like the > following for the last 19 years: > > .data : { > _sdata = . ; > __data_start = . ; > data_start = . ; > *(.got.plt) > *(.got) > FILL(0) ; > . = ALIGN(0x20) ; > LONG(-1) > . = ALIGN(0x20) ; > ... > } > > It places the .got.plt input section before the .got input section. > The same is true for the default linker script (ld --verbose) on most > architectures except x86/x86-64. > > The binfmt_flat loader should relocate all GOT entries until it encounters > a -1 (the LONG(-1) in the linker script). > > The problem is that the .got.plt input section starts with a GOTPLT header > that has the first word (two u32 entries for 64-bit archs) set to -1. > See e.g. the binutils implementation for architectures [1] [2] [3] [4]. > > This causes the binfmt_flat loader to stop relocating GOT entries > prematurely and thus causes the application to crash when running. > > Fix this by ignoring -1 in the first two u32 entries in the .data section. > > A -1 will only be ignored for the first two entries for bFLT binaries with > FLAT_FLAG_GOTPIC set, which is unconditionally set by elf2flt if the > supplied ELF binary had the symbol _GLOBAL_OFFSET_TABLE_ defined, therefore > ELF binaries without a .got input section should remain unaffected. > > Tested on RISC-V Canaan Kendryte K210 and RISC-V QEMU nommu_virt_defconfig. > > [1] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elfnn-riscv.c;hb=binutils-2_38#l3275 > [2] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elfxx-tilegx.c;hb=binutils-2_38#l4023 > [3] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elf32-tilepro.c;hb=binutils-2_38#l3633 > [4] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elfnn-loongarch.c;hb=binutils-2_38#l2978 > > Cc: > Signed-off-by: Niklas Cassel > --- > RISC-V elf2flt patches are still not merged, they can be found here: > https://github.com/floatious/elf2flt/tree/riscv > > buildroot branch for k210 nommu (including this patch and elf2flt patches): > https://github.com/floatious/buildroot/tree/k210-v14 > > fs/binfmt_flat.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c > index 626898150011..b80009e6392e 100644 > --- a/fs/binfmt_flat.c > +++ b/fs/binfmt_flat.c > @@ -793,8 +793,17 @@ static int load_flat_file(struct linux_binprm *bprm, > u32 addr, rp_val; > if (get_user(rp_val, rp)) > return -EFAULT; > - if (rp_val == 0xffffffff) > + /* > + * The first word in the GOTPLT header is -1 on certain > + * architechtures. (On 64-bit, that is two u32 entries.) > + * Ignore these entries, so that we stop relocating GOT > + * entries first when we encounter the -1 after the GOT. > + */ /* * The first word in the GOTPLT header is -1 on certain * architectures (on 64-bit, that is two u32 entries). * Ignore these entries so that we stop relocating GOT * entries when we encounter the first -1 entry after * the GOTPLT header. */ > + if (rp_val == 0xffffffff) { > + if (rp - (u32 __user *)datapos < 2) > + continue; Would it be safer to check that the following rp_val is also -1 ? Also, does this work with 32-bits arch ? Shouldn't the "< 2" be "< 1" for 32-bits arch ? > break; > + } > if (rp_val) { > addr = calc_reloc(rp_val, libinfo, id, 0); > if (addr == RELOC_FAILED) { -- Damien Le Moal Western Digital Research