From c1d255584c31d242900cecad2c73158a27e3fa29 Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Tue, 6 Sep 2016 12:45:50 -0400 Subject: [PATCH] livepatch: Add limit of 2MB to payload .bss sections. The initial patch: 11ff40fa7bb5fdcc69a58d0fec49c904ffca4793 "xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op" caps the size of the binary at 2MB. We follow that in capping the size of the .BSSes to be at maximum 2MB. We also bubble up the payload limit and this one in one #define called LIVEPATCH_MAX_SIZE to make it easier to find these arbitrary limits. Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall Signed-off-by: Konrad Rzeszutek Wilk --- xen/common/livepatch.c | 2 +- xen/common/livepatch_elf.c | 4 ++++ xen/include/xen/livepatch.h | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 912729e969..f5ce28c726 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -123,7 +123,7 @@ static int verify_payload(const xen_sysctl_livepatch_upload_t *upload, char *n) if ( !upload->size ) return -EINVAL; - if ( upload->size > MB(2) ) + if ( upload->size > LIVEPATCH_MAX_SIZE ) return -EINVAL; if ( !guest_handle_okay(upload->payload, upload->size) ) diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index 6c7773bf75..dec904a48f 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -86,6 +86,10 @@ static int elf_resolve_sections(struct livepatch_elf *elf, const void *data) delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past end"); return -EINVAL; } + else if ( (sec[i].sec->sh_flags & (SHF_WRITE | SHF_ALLOC)) && + sec[i].sec->sh_type == SHT_NOBITS && + sec[i].sec->sh_size > LIVEPATCH_MAX_SIZE ) + return -EINVAL; sec[i].data = data + delta; /* Name is populated in elf_resolve_section_names. */ diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index 243e240511..29c9b3141b 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -30,6 +30,8 @@ struct xen_sysctl_livepatch_op; #define ELF_LIVEPATCH_FUNC ".livepatch.funcs" #define ELF_LIVEPATCH_DEPENDS ".livepatch.depends" #define ELF_BUILD_ID_NOTE ".note.gnu.build-id" +/* Arbitrary limit for payload size and .bss section size. */ +#define LIVEPATCH_MAX_SIZE MB(2) struct livepatch_symbol { const char *name; -- 2.30.2