From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <michael.hudson@canonical.com>
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
 by sourceware.org (Postfix) with ESMTPS id 0CAAB3858D35
 for <libc-alpha@sourceware.org>; Mon, 31 Jan 2022 22:19:14 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0CAAB3858D35
Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com
 [209.85.208.71])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id DFFCA3F1C6
 for <libc-alpha@sourceware.org>; Mon, 31 Jan 2022 22:19:12 +0000 (UTC)
Received: by mail-ed1-f71.google.com with SMTP id
 j1-20020aa7c341000000b0040417b84efeso7656329edr.21
 for <libc-alpha@sourceware.org>; Mon, 31 Jan 2022 14:19:12 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=PQ1IjQDnsOBQmVyFHJmLU9tRno7BbAJtUZzbnMMOLtQ=;
 b=M2SsdkpuUvzQM+Y4lcKppMED2nk+giW04GHunrBR5XxV+qmvz+gUtgHxzrQCKtBBXX
 2XFK3VoDaKNdShaeqjYsoo3imBrcUhcPzM8EgZ9ZpmQ2sDQGNP38s97cYAlEmUVo1JL1
 ge/OFQXIlTfp1X2sBjOfvqinRuFDDME3WhZLvFRHRfydNHeGRRNnO5iOx0WUFMu4lSli
 gerJ/Zn7Ycs8fJbWd6koZ+cKNVA98gLDzlAOsMtPJt4srtr6RpVQUPJbQO2TfNQEyU+d
 4TB7ag8uMbev0mFhk2idQ6WO2PXlYoD46UT2Jd1YzAW3qSuR0qotzYAvE6uB7S2zmmZl
 cuDA==
X-Gm-Message-State: AOAM530TRckWoJFlVsMMnc7SHwdMowz6SDebY2aWpgtdfZWsi9tEH4lm
 R956kPAdDUS9ddxLhGxBD8/SKOx7N68/QHx8MutuT1RDTt4apRY6Ls+SKOQIsNMiq3q2CauWX+N
 C/QOHcb6kAGh3P8dipltSsnu5n8H/tBeiNb571L0bCr1PNkjXQafCsQ==
X-Received: by 2002:a17:906:a250:: with SMTP id
 bi16mr19093171ejb.732.1643667552623; 
 Mon, 31 Jan 2022 14:19:12 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx08wvVFnoKxjvwoM9c6NHRu21yc7yxPq0rck6hI1bF9M4ioac2rXU8a7UQ91rh4qsSp0EKtex7Xavkr2D+/Ro=
X-Received: by 2002:a17:906:a250:: with SMTP id
 bi16mr19093155ejb.732.1643667552410; 
 Mon, 31 Jan 2022 14:19:12 -0800 (PST)
MIME-Version: 1.0
References: <20220131152452.1061323-1-hjl.tools@gmail.com>
In-Reply-To: <20220131152452.1061323-1-hjl.tools@gmail.com>
From: Michael Hudson-Doyle <michael.hudson@canonical.com>
Date: Tue, 1 Feb 2022 11:19:01 +1300
Message-ID: <CAJ8wqteOC3pAc_RgxjBEvvcbjcrnjS1+3uTgEUYD__UpnEBbeg@mail.gmail.com>
Subject: Re: [PATCH] elf: Check invalid hole in PT_LOAD segments [BZ #28838]
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: libc-alpha@sourceware.org, Florian Weimer <fweimer@redhat.com>, 
 "Carlos O'Donell" <carlos@redhat.com>
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 HTML_MESSAGE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2022 22:19:15 -0000

On Tue, 1 Feb 2022 at 04:24, H.J. Lu <hjl.tools@gmail.com> wrote:

> commit 163f625cf9becbb82dfec63a29e566324129c0cd
> Author: H.J. Lu <hjl.tools@gmail.com>
> Date:   Tue Dec 21 12:35:47 2021 -0800
>
>     elf: Remove excessive p_align check on PT_LOAD segments [BZ #28688]
>
> removed the p_align check against the page size.  It caused the loader
> crash in shared objects with the invalid p_align.  Update _dl_map_segments
> to detect invalid holes.  This fixes BZ #28838.
>

I am not competent to have an opinion on the correctness of the change, but
the test passes on Launchapd's i386 and amd64 builders with it.

Cheers,
mwh


> ---
>  elf/dl-map-segments.h | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h
> index 172692b120..fd24cf5d01 100644
> --- a/elf/dl-map-segments.h
> +++ b/elf/dl-map-segments.h
> @@ -113,6 +113,9 @@ _dl_map_segments (struct link_map *l, int fd,
>               unallocated.  Then jump into the normal segment-mapping loop
> to
>               handle the portion of the segment past the end of the file
>               mapping.  */
> +         if (__glibc_unlikely (loadcmds[nloadcmds - 1].mapstart <
> +                               c->mapend))
> +           return N_("ELF load command address/offset not page-aligned");
>            if (__glibc_unlikely
>                (__mprotect ((caddr_t) (l->l_addr + c->mapend),
>                             loadcmds[nloadcmds - 1].mapstart - c->mapend,
> --
> 2.34.1
>
>