Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-23 Thread Jan Beulich 
>>> On 22.06.17 at 19:05,  wrote:
> Do you recall perchance this thread: 
> http://www.mail-archive.com/xen-devel@lists.xen.org/msg80633.html 

Vaguely.

> I am thinking to ressurect it but to follow the same spirit as here,
> that is return -ENOTSUPPO if the sh_addralign is not the correct
> value.

Let's see how that looks.

Jan


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-22 Thread Konrad Rzeszutek Wilk 
On Thu, Jun 22, 2017 at 12:33:57PM -0400, Konrad Rzeszutek Wilk wrote:
> On Thu, Jun 22, 2017 at 12:10:46PM -0400, Konrad Rzeszutek Wilk wrote:
> > On Thu, Jun 22, 2017 at 11:27:50AM -0400, Konrad Rzeszutek Wilk wrote:
> > > On Wed, Jun 21, 2017 at 09:26:15PM -0400, Konrad Rzeszutek Wilk wrote:
> > > > On Wed, Jun 21, 2017 at 07:13:36PM +0100, Andrew Cooper wrote:
> > > > > A symndx of STN_UNDEF is special, and means a symbol value of 0.  
> > > > > While
> > > > > legitimate in the ELF standard, its existance in a livepatch is 
> > > > > questionable
> > > > > at best.  Until a plausible usecase presents itself, reject such a 
> > > > > relocation
> > > > > with -EOPNOTSUPP.
> > > > > 
> > > > > Additionally, perform a safety check on elf->sym[symndx].sym before
> > > > > derefencing it, to avoid tripping over a NULL pointer when 
> > > > > calculating val.
> > > > > 
> > > > > Signed-off-by: Andrew Cooper 
> > > > 
> > > > Reviewed-by: Konrad Rzeszutek Wilk 
> > > > Tested-by: Konrad Rzeszutek Wilk  [x86 right 
> > > > now, will do
> > > > arm32 tomorrow]
> > > 
> > > I did that on my Cubietruck and I made the rookie mistake of not trying
> > > a hypervisor _without_ your changes, so I don't know if this crash
> > > (see inline) is due to your patch or something else.
> > > 
> > > Also I messed up and made the livepatch test run every time it boots, so
> > > now it is stuck in a loop of crashes :-(
> > > 
> > > The git tree is:
> > > 
> > > git://xenbits.xen.org/people/konradwilk/xen.git staging-4.9
> > > 
> > > Stay tuned.
> > 
> > And I see the same thing with b38b147 (that is the top of 'origin/staging').
> > 
> > So time to dig in.
> 
> /me blushes.
> 
> I compiled the hypervisor and the livepatches on a cross compiler.
> arm-linux-gnueabi-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609
> 
> 
> But if I compile both on the Cubietruck (natively) it all works nicely.
> gcc (Ubuntu/Linaro 4.8.2-19ubuntu1) 4.8.2
> 
> So:
> 
> Tested-by: Konrad Rzeszutek Wilk  [x86, arm32]
> 
> for both of the patches. Sorry for the alarm.


Jan,

Do you recall perchance this thread: 
http://www.mail-archive.com/xen-devel@lists.xen.org/msg80633.html

I am thinking to ressurect it but to follow the same spirit as here,
that is return -ENOTSUPPO if the sh_addralign is not the correct
value.

> 
> Julien, would you be OK with these two going in 4.9? Please?

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-22 Thread Konrad Rzeszutek Wilk 
On Thu, Jun 22, 2017 at 12:10:46PM -0400, Konrad Rzeszutek Wilk wrote:
> On Thu, Jun 22, 2017 at 11:27:50AM -0400, Konrad Rzeszutek Wilk wrote:
> > On Wed, Jun 21, 2017 at 09:26:15PM -0400, Konrad Rzeszutek Wilk wrote:
> > > On Wed, Jun 21, 2017 at 07:13:36PM +0100, Andrew Cooper wrote:
> > > > A symndx of STN_UNDEF is special, and means a symbol value of 0.  While
> > > > legitimate in the ELF standard, its existance in a livepatch is 
> > > > questionable
> > > > at best.  Until a plausible usecase presents itself, reject such a 
> > > > relocation
> > > > with -EOPNOTSUPP.
> > > > 
> > > > Additionally, perform a safety check on elf->sym[symndx].sym before
> > > > derefencing it, to avoid tripping over a NULL pointer when calculating 
> > > > val.
> > > > 
> > > > Signed-off-by: Andrew Cooper 
> > > 
> > > Reviewed-by: Konrad Rzeszutek Wilk 
> > > Tested-by: Konrad Rzeszutek Wilk  [x86 right now, 
> > > will do
> > > arm32 tomorrow]
> > 
> > I did that on my Cubietruck and I made the rookie mistake of not trying
> > a hypervisor _without_ your changes, so I don't know if this crash
> > (see inline) is due to your patch or something else.
> > 
> > Also I messed up and made the livepatch test run every time it boots, so
> > now it is stuck in a loop of crashes :-(
> > 
> > The git tree is:
> > 
> > git://xenbits.xen.org/people/konradwilk/xen.git staging-4.9
> > 
> > Stay tuned.
> 
> And I see the same thing with b38b147 (that is the top of 'origin/staging').
> 
> So time to dig in.

/me blushes.

I compiled the hypervisor and the livepatches on a cross compiler.
arm-linux-gnueabi-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609


But if I compile both on the Cubietruck (natively) it all works nicely.
gcc (Ubuntu/Linaro 4.8.2-19ubuntu1) 4.8.2

So:

Tested-by: Konrad Rzeszutek Wilk  [x86, arm32]

for both of the patches. Sorry for the alarm.

Julien, would you be OK with these two going in 4.9? Please?

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-22 Thread Konrad Rzeszutek Wilk 
On Thu, Jun 22, 2017 at 11:27:50AM -0400, Konrad Rzeszutek Wilk wrote:
> On Wed, Jun 21, 2017 at 09:26:15PM -0400, Konrad Rzeszutek Wilk wrote:
> > On Wed, Jun 21, 2017 at 07:13:36PM +0100, Andrew Cooper wrote:
> > > A symndx of STN_UNDEF is special, and means a symbol value of 0.  While
> > > legitimate in the ELF standard, its existance in a livepatch is 
> > > questionable
> > > at best.  Until a plausible usecase presents itself, reject such a 
> > > relocation
> > > with -EOPNOTSUPP.
> > > 
> > > Additionally, perform a safety check on elf->sym[symndx].sym before
> > > derefencing it, to avoid tripping over a NULL pointer when calculating 
> > > val.
> > > 
> > > Signed-off-by: Andrew Cooper 
> > 
> > Reviewed-by: Konrad Rzeszutek Wilk 
> > Tested-by: Konrad Rzeszutek Wilk  [x86 right now, 
> > will do
> > arm32 tomorrow]
> 
> I did that on my Cubietruck and I made the rookie mistake of not trying
> a hypervisor _without_ your changes, so I don't know if this crash
> (see inline) is due to your patch or something else.
> 
> Also I messed up and made the livepatch test run every time it boots, so
> now it is stuck in a loop of crashes :-(
> 
> The git tree is:
> 
> git://xenbits.xen.org/people/konradwilk/xen.git staging-4.9
> 
> Stay tuned.

And I see the same thing with b38b147 (that is the top of 'origin/staging').

So time to dig in.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-22 Thread Konrad Rzeszutek Wilk 
On Wed, Jun 21, 2017 at 09:26:15PM -0400, Konrad Rzeszutek Wilk wrote:
> On Wed, Jun 21, 2017 at 07:13:36PM +0100, Andrew Cooper wrote:
> > A symndx of STN_UNDEF is special, and means a symbol value of 0.  While
> > legitimate in the ELF standard, its existance in a livepatch is questionable
> > at best.  Until a plausible usecase presents itself, reject such a 
> > relocation
> > with -EOPNOTSUPP.
> > 
> > Additionally, perform a safety check on elf->sym[symndx].sym before
> > derefencing it, to avoid tripping over a NULL pointer when calculating val.
> > 
> > Signed-off-by: Andrew Cooper 
> 
> Reviewed-by: Konrad Rzeszutek Wilk 
> Tested-by: Konrad Rzeszutek Wilk  [x86 right now, 
> will do
> arm32 tomorrow]

I did that on my Cubietruck and I made the rookie mistake of not trying
a hypervisor _without_ your changes, so I don't know if this crash
(see inline) is due to your patch or something else.

Also I messed up and made the livepatch test run every time it boots, so
now it is stuck in a loop of crashes :-(

The git tree is:

git://xenbits.xen.org/people/konradwilk/xen.git staging-4.9

Stay tuned.


U-Boot SPL 2015.04 (Mar 14 2016 - 12:00:28)
DRAM: 2048 MiB
CPU: 91200Hz, AXI/AHB/APB: 3/2/2


U-Boot 2015.04 (Mar 14 2016 - 12:00:28) Allwinner Technology

CPU:   Allwinner A20 (SUN7I)
I2C:   ready
DRAM:  2 GiB
MMC:   SUNXI SD/MMC: 0
Setting up a 1024x768 vga console
In:serial
Out:   vga
Err:   vga
SCSI:  SUNXI SCSI INIT
SATA link 0 timeout.
AHCI 0001.0100 32 slots 1 ports 3 Gbps 0x1 impl SATA mode
flags: ncq stag pm led clo only pmp pio slum part ccc apst 
Net:   dwmac.1c5
starting USB...
USB0:   USB EHCI 1.00
scanning bus 0 for devices... 1 USB Device(s) found
USB1:   USB EHCI 1.00
scanning bus 1 for devices... 1 USB Device(s) found
   scanning usb for storage devices... 0 Storage Device(s) found
Hit any key to stop autoboot:  2  1  0 
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0:1...
Found U-Boot script /boot.scr
reading /boot.scr
1629 bytes read in 22 ms (72.3 KiB/s)
## Executing script at 4310
reading /xen
884744 bytes read in 72 ms (11.7 MiB/s)
reading /sun7i-a20-cubietruck.dtb
30801 bytes read in 42 ms (715.8 KiB/s)
reading /vmlinuz
5662136 bytes read in 382 ms (14.1 MiB/s)
Kernel image @ 0xaea0 [ 0x00 - 0x11b700 ]
## Flattened Device Tree blob at aec0
   Booting using the fdt blob at 0xaec0
   reserving fdt memory region: addr=aec0 size=8000
   Using Device Tree in place at aec0, end aec0afff

Starting kernel ...

 Xen 4.9-rc
(XEN) Xen version 4.9-rc (kon...@dumpdata.com) (arm-linux-gnueabihf-gcc 
(Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609) debug=y  Wed Jun 21 
21:55:01 EDT 2017
(XEN) Latest ChangeSet: Wed Jun 21 19:13:36 2017 +0100 git:e199fd6
(XEN) Processor: 410fc074: "ARM Limited", variant: 0x0, part 0xc07, rev 0x4
(XEN) 32-bit Execution:
(XEN)   Processor Features: 1131:00011011
(XEN) Instruction Sets: AArch32 A32 Thumb Thumb-2 ThumbEE Jazelle
(XEN) Extensions: GenericTimer Security
(XEN)   Debug Features: 02010555
(XEN)   Auxiliary Features: 
(XEN)   Memory Model Features: 10101105 4000 0124 02102211
(XEN)  ISA Features: 02101110 13112111 21232041 2131 10011142 
(XEN) Using PSCI-0.1 for SMP bringup
(XEN) SMP: Allowing 2 CPUs
(XEN) Generic Timer IRQ: phys=30 hyp=26 virt=27 Freq: 24000 KHz
(XEN) GICv2: WARNING: The GICC size is too small: 0x1000 expected 0x2000
(XEN) GICv2 initialization:
(XEN) gic_dist_addr=01c81000
(XEN) gic_cpu_addr=01c82000
(XEN) gic_hyp_addr=01c84000
(XEN) gic_vcpu_addr=01c86000
(XEN) gic_maintenance_irq=25
(XEN) GICv2: 160 lines, 2 cpus, secure (IID 0100143b).
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Allocated console ring of 16 KiB.
(XEN) VFP implementer 0x41 architecture 2 part 0x30 variant 0x7 rev 0x4
(XEN) Bringing up CPU1
(XEN) CPU 1 booted.
(XEN) Brought up 2 CPUs
(XEN) P2M: 40-bit IPA
(XEN) P2M: 3 levels with order-1 root, VTCR 0x80003558
(XEN) I/O virtualisation disabled
(XEN) build-id: d406e500724be7c1443df04d783419bc70fa75b9
(XEN) alternatives: Patching with alt table 100c1464 -> 100c1494
(XEN) *** LOADING DOMAIN 0 ***
(XEN) Loading kernel from boot module @ af60
(XEN) Allocating 1:1 mappings totalling 512MB for dom0:
(XEN) BANK[0] 0x006000-0x008000 (512MB)
(XEN) Grant table range: 0x00bfa0-0x00bfa6d000
(XEN) Loading zImage from af60 to 67a0-67f665b8
(XEN) Allocating PPI 16 for event channel interrupt
(XEN) Loading dom0 DTB to 0x6800-0x680072e0
(XEN) Scrubbing Free RAM on 1 nodes using 2 CPUs
(XEN) done.
(XEN) Initial low memory virq threshold set at 0x4000 pages.
(XEN) Std. Loglevel: All
(XEN) Guest Loglevel: All
(XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch

Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-22 Thread Ross Lagerwall 

On 06/21/2017 07:13 PM, Andrew Cooper wrote:

A symndx of STN_UNDEF is special, and means a symbol value of 0.  While
legitimate in the ELF standard, its existance in a livepatch is questionable
at best.  Until a plausible usecase presents itself, reject such a relocation
with -EOPNOTSUPP.

Additionally, perform a safety check on elf->sym[symndx].sym before
derefencing it, to avoid tripping over a NULL pointer when calculating val.

Signed-off-by: Andrew Cooper 

Reviewed-by: Ross Lagerwall 

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-22 Thread Jan Beulich 
>>> On 21.06.17 at 20:13,  wrote:
> --- a/xen/arch/x86/livepatch.c
> +++ b/xen/arch/x86/livepatch.c
> @@ -170,14 +170,27 @@ int arch_livepatch_perform_rela(struct livepatch_elf 
> *elf,
>  uint8_t *dest = base->load_addr + r->r_offset;
>  uint64_t val;
>  
> +if ( symndx == STN_UNDEF )
> +{
> +dprintk(XENLOG_ERR, LIVEPATCH "%s: Encountered STN_UNDEF\n",
> +elf->name);
> +return -EOPNOTSUPP;
> +}
> +
>  if ( symndx > elf->nsym )

Would you mind fixing the off-by-one mistake here at once?

>  {
>  dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative relocation wants 
> symbol@%u which is past end!\n",
>  elf->name, symndx);
>  return -EINVAL;
>  }
> -
> -val = r->r_addend + elf->sym[symndx].sym->st_value;
> +else if ( !elf->sym[symndx].sym )
> +{

With this it may also be a good idea to have elf_get_sym() set
sym[0].sym (and sym[0].name) to NULL.

> +dprintk(XENLOG_ERR, LIVEPATCH "%s: No symbol@%u\n",
> +elf->name, symndx);
> +return -EINVAL;
> +}
> +else
> +val = r->r_addend + elf->sym[symndx].sym->st_value;

In the spirit of the earlier code here I'd suggest omitting both "else".

Jan


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-21 Thread Konrad Rzeszutek Wilk 
On Wed, Jun 21, 2017 at 07:13:36PM +0100, Andrew Cooper wrote:
> A symndx of STN_UNDEF is special, and means a symbol value of 0.  While
> legitimate in the ELF standard, its existance in a livepatch is questionable
> at best.  Until a plausible usecase presents itself, reject such a relocation
> with -EOPNOTSUPP.
> 
> Additionally, perform a safety check on elf->sym[symndx].sym before
> derefencing it, to avoid tripping over a NULL pointer when calculating val.
> 
> Signed-off-by: Andrew Cooper 

Reviewed-by: Konrad Rzeszutek Wilk 
Tested-by: Konrad Rzeszutek Wilk  [x86 right now, will 
do
arm32 tomorrow]

I naturally had to have "xen/livepatch: Clean up arch relocation handling"
on top of this.

> ---
> CC: Konrad Rzeszutek Wilk 
> CC: Ross Lagerwall 
> CC: Jan Beulich 
> CC: Stefano Stabellini 
> CC: Julien Grall 
> 
> v2:
>  * Reject STN_UNDEF with -EOPNOTSUPP
> ---
>  xen/arch/arm/arm32/livepatch.c | 17 +++--
>  xen/arch/arm/arm64/livepatch.c | 17 +++--
>  xen/arch/x86/livepatch.c   | 17 +++--
>  3 files changed, 45 insertions(+), 6 deletions(-)
> 
> diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c
> index a328179..53fee91 100644
> --- a/xen/arch/arm/arm32/livepatch.c
> +++ b/xen/arch/arm/arm32/livepatch.c
> @@ -254,14 +254,27 @@ int arch_livepatch_perform(struct livepatch_elf *elf,
>  addend = get_addend(type, dest);
>  }
>  
> +if ( symndx == STN_UNDEF )
> +{
> +dprintk(XENLOG_ERR, LIVEPATCH "%s: Encountered STN_UNDEF\n",
> +elf->name);
> +return -EOPNOTSUPP;
> +}
> +
>  if ( symndx > elf->nsym )
>  {
>  dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative symbol wants 
> symbol@%u which is past end!\n",
>  elf->name, symndx);
>  return -EINVAL;
>  }
> -
> -val = elf->sym[symndx].sym->st_value; /* S */
> +else if ( !elf->sym[symndx].sym )
> +{
> +dprintk(XENLOG_ERR, LIVEPATCH "%s: No relative symbol@%u\n",
> +elf->name, symndx);
> +return -EINVAL;
> +}
> +else
> +val = elf->sym[symndx].sym->st_value; /* S */
>  
>  rc = perform_rel(type, dest, val, addend);
>  switch ( rc )
> diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c
> index 63929b1..b033763 100644
> --- a/xen/arch/arm/arm64/livepatch.c
> +++ b/xen/arch/arm/arm64/livepatch.c
> @@ -252,14 +252,27 @@ int arch_livepatch_perform_rela(struct livepatch_elf 
> *elf,
>  int ovf = 0;
>  uint64_t val;
>  
> +if ( symndx == STN_UNDEF )
> +{
> +dprintk(XENLOG_ERR, LIVEPATCH "%s: Encountered STN_UNDEF\n",
> +elf->name);
> +return -EOPNOTSUPP;
> +}
> +
>  if ( symndx > elf->nsym )
>  {
>  dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative relocation wants 
> symbol@%u which is past end!\n",
>  elf->name, symndx);
>  return -EINVAL;
>  }
> -
> -val = elf->sym[symndx].sym->st_value +  r->r_addend; /* S+A */
> +else if ( !elf->sym[symndx].sym )
> +{
> +dprintk(XENLOG_ERR, LIVEPATCH "%s: No relative symbol@%u\n",
> +elf->name, symndx);
> +return -EINVAL;
> +}
> +else
> +val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */
>  
>  /* ARM64 operations at minimum are always 32-bit. */
>  if ( r->r_offset >= base->sec->sh_size ||
> diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c
> index 7917610..bfa576c 100644
> --- a/xen/arch/x86/livepatch.c
> +++ b/xen/arch/x86/livepatch.c
> @@ -170,14 +170,27 @@ int arch_livepatch_perform_rela(struct livepatch_elf 
> *elf,
>  uint8_t *dest = base->load_addr + r->r_offset;
>  uint64_t val;
>  
> +if ( symndx == STN_UNDEF )
> +{
> +dprintk(XENLOG_ERR, LIVEPATCH "%s: Encountered STN_UNDEF\n",
> +elf->name);
> +return -EOPNOTSUPP;
> +}
> +
>  if ( symndx > elf->nsym )
>  {
>  dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative relocation wants 
> symbol@%u which is past end!\n",
>  elf->name, symndx);
>  return -EINVAL;
>  }
> -
> -val = r->r_addend + elf->sym[symndx].sym->st_value;
> +else if ( !elf->sym[symndx].sym )
> +{
> +dprintk(XENLOG_ERR, LIVEPATCH "%s: No symbol@%u\n",
> +elf->name, symndx);
> +return -EINVAL;
> +}
> +else
> +val = r->r_addend +

[Xen-devel] [PATCH for-4.9 v2] xen/livepatch: Don't crash on encountering STN_UNDEF relocations

2017-06-21 Thread Andrew Cooper 
A symndx of STN_UNDEF is special, and means a symbol value of 0.  While
legitimate in the ELF standard, its existance in a livepatch is questionable
at best.  Until a plausible usecase presents itself, reject such a relocation
with -EOPNOTSUPP.

Additionally, perform a safety check on elf->sym[symndx].sym before
derefencing it, to avoid tripping over a NULL pointer when calculating val.

Signed-off-by: Andrew Cooper 
---
CC: Konrad Rzeszutek Wilk 
CC: Ross Lagerwall 
CC: Jan Beulich 
CC: Stefano Stabellini 
CC: Julien Grall 

v2:
 * Reject STN_UNDEF with -EOPNOTSUPP
---
 xen/arch/arm/arm32/livepatch.c | 17 +++--
 xen/arch/arm/arm64/livepatch.c | 17 +++--
 xen/arch/x86/livepatch.c   | 17 +++--
 3 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c
index a328179..53fee91 100644
--- a/xen/arch/arm/arm32/livepatch.c
+++ b/xen/arch/arm/arm32/livepatch.c
@@ -254,14 +254,27 @@ int arch_livepatch_perform(struct livepatch_elf *elf,
 addend = get_addend(type, dest);
 }
 
+if ( symndx == STN_UNDEF )
+{
+dprintk(XENLOG_ERR, LIVEPATCH "%s: Encountered STN_UNDEF\n",
+elf->name);
+return -EOPNOTSUPP;
+}
+
 if ( symndx > elf->nsym )
 {
 dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative symbol wants symbol@%u 
which is past end!\n",
 elf->name, symndx);
 return -EINVAL;
 }
-
-val = elf->sym[symndx].sym->st_value; /* S */
+else if ( !elf->sym[symndx].sym )
+{
+dprintk(XENLOG_ERR, LIVEPATCH "%s: No relative symbol@%u\n",
+elf->name, symndx);
+return -EINVAL;
+}
+else
+val = elf->sym[symndx].sym->st_value; /* S */
 
 rc = perform_rel(type, dest, val, addend);
 switch ( rc )
diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c
index 63929b1..b033763 100644
--- a/xen/arch/arm/arm64/livepatch.c
+++ b/xen/arch/arm/arm64/livepatch.c
@@ -252,14 +252,27 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf,
 int ovf = 0;
 uint64_t val;
 
+if ( symndx == STN_UNDEF )
+{
+dprintk(XENLOG_ERR, LIVEPATCH "%s: Encountered STN_UNDEF\n",
+elf->name);
+return -EOPNOTSUPP;
+}
+
 if ( symndx > elf->nsym )
 {
 dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative relocation wants 
symbol@%u which is past end!\n",
 elf->name, symndx);
 return -EINVAL;
 }
-
-val = elf->sym[symndx].sym->st_value +  r->r_addend; /* S+A */
+else if ( !elf->sym[symndx].sym )
+{
+dprintk(XENLOG_ERR, LIVEPATCH "%s: No relative symbol@%u\n",
+elf->name, symndx);
+return -EINVAL;
+}
+else
+val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */
 
 /* ARM64 operations at minimum are always 32-bit. */
 if ( r->r_offset >= base->sec->sh_size ||
diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c
index 7917610..bfa576c 100644
--- a/xen/arch/x86/livepatch.c
+++ b/xen/arch/x86/livepatch.c
@@ -170,14 +170,27 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf,
 uint8_t *dest = base->load_addr + r->r_offset;
 uint64_t val;
 
+if ( symndx == STN_UNDEF )
+{
+dprintk(XENLOG_ERR, LIVEPATCH "%s: Encountered STN_UNDEF\n",
+elf->name);
+return -EOPNOTSUPP;
+}
+
 if ( symndx > elf->nsym )
 {
 dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative relocation wants 
symbol@%u which is past end!\n",
 elf->name, symndx);
 return -EINVAL;
 }
-
-val = r->r_addend + elf->sym[symndx].sym->st_value;
+else if ( !elf->sym[symndx].sym )
+{
+dprintk(XENLOG_ERR, LIVEPATCH "%s: No symbol@%u\n",
+elf->name, symndx);
+return -EINVAL;
+}
+else
+val = r->r_addend + elf->sym[symndx].sym->st_value;
 
 switch ( ELF64_R_TYPE(r->r_info) )
 {
-- 
2.1.4


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel