Re: [Xen-devel] [PATCH v6 2/6] livepatch: Add limit of 2MB to payload .bss sections.
>>> On 16.09.16 at 17:29,wrote: > --- a/xen/common/livepatch_elf.c > +++ b/xen/common/livepatch_elf.c > @@ -86,6 +86,10 @@ static int elf_resolve_sections(struct livepatch_elf *elf, > const void *data) > delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past > end"); > return -EINVAL; > } > +else if ( (sec[i].sec->sh_flags & (SHF_WRITE | SHF_ALLOC)) && > + sec[i].sec->sh_type == SHT_NOBITS && > + sec[i].sec->sh_size > BSS_MAX_SIZE ) > +return -EINVAL; > > sec[i].data = data + delta; > /* Name is populated in elf_resolve_section_names. */ > --- a/xen/include/xen/livepatch.h > +++ b/xen/include/xen/livepatch.h > @@ -30,6 +30,8 @@ struct xen_sysctl_livepatch_op; > #define ELF_LIVEPATCH_FUNC".livepatch.funcs" > #define ELF_LIVEPATCH_DEPENDS ".livepatch.depends" > #define ELF_BUILD_ID_NOTE ".note.gnu.build-id" > +/* Arbitrary limit. */ > +#define BSS_MAX_SIZEMB(2) Hmm, this wasn't quite what I was thinking about in the v5 comments: I really meant to unify this and the other 2Mb limit into one (and then obviously with a name that's more generic). I'm sorry for not having expressed this in an explicit enough way. Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
[Xen-devel] [PATCH v6 2/6] livepatch: Add limit of 2MB to payload .bss sections.
The initial patch: 11ff40fa7bb5fdcc69a58d0fec49c904ffca4793 "xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op" caps the size of the binary at 2MB. We follow that in capping the size of the .BSSes to be at maximum 2MB. Reviewed-by: Ross LagerwallSigned-off-by: Konrad Rzeszutek Wilk --- Cc: Ross Lagerwall Cc: Jan Beulich v5: Initial submission. Came about from conversation about "livepatch: Clear .bss when payload is reverted" - Use only one sh_flags comparison instead of two. - And check for the _right_ combination (WA). v6: Remove the logging Move the MB(2) to a #define in the header file. Add the newline after the addition in livepatch_elf.c. Added Reviewed-by from Ross. --- xen/common/livepatch_elf.c | 4 xen/include/xen/livepatch.h | 2 ++ 2 files changed, 6 insertions(+) diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index cda9b27..79c290e 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -86,6 +86,10 @@ static int elf_resolve_sections(struct livepatch_elf *elf, const void *data) delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past end"); return -EINVAL; } +else if ( (sec[i].sec->sh_flags & (SHF_WRITE | SHF_ALLOC)) && + sec[i].sec->sh_type == SHT_NOBITS && + sec[i].sec->sh_size > BSS_MAX_SIZE ) +return -EINVAL; sec[i].data = data + delta; /* Name is populated in elf_resolve_section_names. */ diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index 243e240..46b9fc2 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -30,6 +30,8 @@ struct xen_sysctl_livepatch_op; #define ELF_LIVEPATCH_FUNC".livepatch.funcs" #define ELF_LIVEPATCH_DEPENDS ".livepatch.depends" #define ELF_BUILD_ID_NOTE ".note.gnu.build-id" +/* Arbitrary limit. */ +#define BSS_MAX_SIZEMB(2) struct livepatch_symbol { const char *name; -- 2.5.5 ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel