Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1014224pxb; Fri, 15 Apr 2022 18:23:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwaelJemC8HzF9tMhxfJbb/Sc1BZkaCqZNXAUgU2oDHIFlzqWSyveSgRX4ON+v4n7KdxFsj X-Received: by 2002:a05:6a00:1884:b0:508:3731:7f63 with SMTP id x4-20020a056a00188400b0050837317f63mr1554179pfh.2.1650072214559; Fri, 15 Apr 2022 18:23:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650072214; cv=none; d=google.com; s=arc-20160816; b=nkOOgH5GotWcW7U0McsB0yoXeo/C6Q96lHkYBepOPkRiyyYGftyP4Xp92n/XH6PjZw i/lHuB1pjhlfucLlTbTCNLbOsXTdUXzk14n5siJOts06qbcTg1rQvg6TtG8JYAj4Gav2 Mqp+8+bkAWZlRb8iLRi3krn0+0UOwiuAaZfjuChEQLUmQ4tshCWzEj1b5fGzs3OJBuqy ruUK0Jln6qYsEyMkDxGvlrOUr1oeqh7Z8hn40L9ewXk1wg/bxWrxb2pd87y/eRuZ53sy OJPBemPH4lZZ/DiOGDMJDhf3qM6hX83fbd89SMLY+reupfHy1oIZVKK9wbhsgpmbQXhR dFuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=/XWUIy8oN6QKHAB1C1Vu3bb0UZ4JIz+jyG09Dh3SUj4=; b=U3ZxmrGuS5S/mM+eOPnGyT1msg24qvly2LjVy+L8iLqZJNrdfgMC8jAyd+d/fFLPtx SivMrioDRdK3nb1lLCbae4PHltJK6fjMYuWmFWodB/MrG/Ncgd0kFmQIgG6D2oUUA8CT 5qq+X0oDlhK0nxUFk35nWqSv2qjhaK5fwmf1lI/0oSbT43Q2uOzbqAkKuGRVAx050Rw3 MyADXJ+Bhee3EPsiwpnxtOykiHcmsoKGHTra5o1kiDrdjfA121unaH5oPp2NXvM5pV4n kgKTD0owotDptxbJncxa0NDLv283M5MaFO43D3mrNae/yy/IL3aCNGMCY16jn4Ts1MNy 4Miw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=IDeKKjQQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id a23-20020a631a57000000b0039859d7cf84si2895592pgm.256.2022.04.15.18.23.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Apr 2022 18:23:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=IDeKKjQQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D54F510E06D; Fri, 15 Apr 2022 17:55:23 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1359328AbiDNPoG (ORCPT + 99 others); Thu, 14 Apr 2022 11:44:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57578 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352695AbiDNPRm (ORCPT ); Thu, 14 Apr 2022 11:17:42 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F33B5939E0; Thu, 14 Apr 2022 08:03:05 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id A4D401F748; Thu, 14 Apr 2022 15:03:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1649948584; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/XWUIy8oN6QKHAB1C1Vu3bb0UZ4JIz+jyG09Dh3SUj4=; b=IDeKKjQQFh8nc0aDbqyEJzsnaBw6AVSseDhOuryYgJ+CQalLRdmJjCYO1vJXS+qNY3ZV8t cur66SR4S7CR8PoVeLxqNyopNOtoTWZCHCTCPueZelpc8Q49/n7Wo/4jrnTt6PIHvM6GTw qZN7C3eX7K6BuUd3wUSFUnmEk0UWjDI= Received: from suse.cz (unknown [10.100.224.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 7E8B9A3B82; Thu, 14 Apr 2022 15:03:04 +0000 (UTC) Date: Thu, 14 Apr 2022 17:03:04 +0200 From: Petr Mladek To: Joe Lawrence Cc: live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org Subject: elf API: was: Re: [RFC PATCH v6 03/12] livepatch: Add klp-convert tool Message-ID: References: <20220216163940.228309-1-joe.lawrence@redhat.com> <20220216163940.228309-4-joe.lawrence@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220216163940.228309-4-joe.lawrence@redhat.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed 2022-02-16 11:39:31, Joe Lawrence wrote: > From: Josh Poimboeuf > klp-convert relies on libelf and on a list implementation. Add files > scripts/livepatch/elf.c and scripts/livepatch/elf.h, which are a libelf > interfacing layer and scripts/livepatch/list.h, which is a list > implementation. > > --- /dev/null > +++ b/scripts/livepatch/elf.c > +static int update_shstrtab(struct elf *elf) > +{ > + struct section *shstrtab, *sec; > + size_t orig_size, new_size = 0, offset, len; > + char *buf; > + > + shstrtab = find_section_by_name(elf, ".shstrtab"); > + if (!shstrtab) { > + WARN("can't find .shstrtab"); > + return -1; > + } > + > + orig_size = new_size = shstrtab->size; > + > + list_for_each_entry(sec, &elf->sections, list) { > + if (sec->sh.sh_name != -1) > + continue; > + new_size += strlen(sec->name) + 1; > + } > + > + if (new_size == orig_size) > + return 0; > + > + buf = malloc(new_size); > + if (!buf) { > + WARN("malloc failed"); > + return -1; > + } > + memcpy(buf, (void *)shstrtab->data, orig_size); > + > + offset = orig_size; > + list_for_each_entry(sec, &elf->sections, list) { > + if (sec->sh.sh_name != -1) > + continue; > + sec->sh.sh_name = offset; > + len = strlen(sec->name) + 1; > + memcpy(buf + offset, sec->name, len); > + offset += len; > + } > + > + shstrtab->elf_data->d_buf = shstrtab->data = buf; > + shstrtab->elf_data->d_size = shstrtab->size = new_size; > + shstrtab->sh.sh_size = new_size; All the update_*() functions have the same pattern. They replace the original buffer with a bigger one when needed. And the pointer to the original buffer gets lost. I guess that the original buffer could not be freed because it is part of a bigger allocated blob. Or it might even be a file mapped to memory. It looks like a memory leak. We could probably ignore it. But there is another related danger, see below. > + return 1; > +} > + [...] > +int elf_write_file(struct elf *elf, const char *file) > +{ > + int ret_shstrtab; > + int ret_strtab; > + int ret_symtab; > + int ret_relas; We do not free the bigger buffers when something goes wrong. Also this is not that important. But it is easy to fix: We might do: int ret_shstrtab = 0; int ret_strtab = 0; int ret_symtab = 0; int ret_relas = 0; > + int ret; > + > + ret_shstrtab = update_shstrtab(elf); > + if (ret_shstrtab < 0) > + return ret_shstrtab; > + > + ret_strtab = update_strtab(elf); > + if (ret_strtab < 0) > + return ret_strtab; if (ret_strtab < 0) { ret = ret_strtab; goto out; } > + ret_symtab = update_symtab(elf); > + if (ret_symtab < 0) > + return ret_symtab; if (ret_symtab < 0) { ret = ret_symtab; goto out; } > + ret_relas = update_relas(elf); > + if (ret_relas < 0) > + return ret_relas; if (ret_relas < 0) { ret = ret_relas; goto out; } > + update_groups(elf); > + > + ret = write_file(elf, file); > + if (ret) > + return ret; Continue even when write_file(elf, file) returns an error. out: > + if (ret_relas > 0) > + free_relas(elf); > + if (ret_symtab > 0) > + free_symtab(elf); > + if (ret_strtab > 0) > + free_strtab(elf); > + if (ret_shstrtab > 0) > + free_shstrtab(elf); > + > + return ret; Another problem is that the free_*() functions release the bigger buffers. But they do not put back the original ones. Also all the updated offsets and indexes point to the bigger buffers. As a result the structures can't be made consistent any longer. I am not sure if there is an easy way to fix it. IMHO, proper solution is not worth a big effort. klp-convert frees everthing after writing the elf file. Well, we should at least make a comment above elf_write_file() about that the structures are damaged in this way. Finally, my main concern: It brings a question whether the written data were consistent. I am not familiar with the elf format. I quess that it is rather stable. But there might still be some differences between architectures or some new extensions that might need special handing. I do not see any big consistency checks in the gelf_update_ehdr(), elf_update(), or elf_end() functions that are used when writing the changes. But there seems to be some thorough consistency checks provided by: readelf --enable-checks It currently see these warnings: $> readelf --lint lib/livepatch/test_klp_convert2.ko >/dev/null readelf: Warning: Section '.note.GNU-stack': has a size of zero - is this intended ? $> readelf --lint lib/livepatch/test_klp_callbacks_mod.ko >/dev/null readelf: Warning: Section '.data': has a size of zero - is this intended ? readelf: Warning: Section '.note.GNU-stack': has a size of zero - is this intended ? $> readelf --lint lib/test_printf.ko >/dev/null readelf: Warning: Section '.text': has a size of zero - is this intended ? readelf: Warning: Section '.data': has a size of zero - is this intended ? readelf: Warning: Section '.note.GNU-stack': has a size of zero - is this intended ? But I see this warnings even without this patchset. I wonder if it might really help to find problems introduced by klp-convert or if it would be a waste of time. Best Regards, Petr