From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Tue, 6 Sep 2016 16:45:50 +0000 (-0400)
Subject: livepatch: Add limit of 2MB to payload .bss sections.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~363
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c1d255584c31d242900cecad2c73158a27e3fa29;p=xen.git

livepatch: Add limit of 2MB to payload .bss sections.

The initial patch: 11ff40fa7bb5fdcc69a58d0fec49c904ffca4793
"xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op" caps the
size of the binary at 2MB. We follow that in capping the size
of the .BSSes to be at maximum 2MB.

We also bubble up the payload limit and this one in one #define
called LIVEPATCH_MAX_SIZE to make it easier to find these
arbitrary limits.

Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---

diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c
index 912729e969..f5ce28c726 100644
--- a/xen/common/livepatch.c
+++ b/xen/common/livepatch.c
@@ -123,7 +123,7 @@ static int verify_payload(const xen_sysctl_livepatch_upload_t *upload, char *n)
     if ( !upload->size )
         return -EINVAL;
 
-    if ( upload->size > MB(2) )
+    if ( upload->size > LIVEPATCH_MAX_SIZE )
         return -EINVAL;
 
     if ( !guest_handle_okay(upload->payload, upload->size) )
diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c
index 6c7773bf75..dec904a48f 100644
--- a/xen/common/livepatch_elf.c
+++ b/xen/common/livepatch_elf.c
@@ -86,6 +86,10 @@ static int elf_resolve_sections(struct livepatch_elf *elf, const void *data)
                     delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past end");
             return -EINVAL;
         }
+        else if ( (sec[i].sec->sh_flags & (SHF_WRITE | SHF_ALLOC)) &&
+                  sec[i].sec->sh_type == SHT_NOBITS &&
+                  sec[i].sec->sh_size > LIVEPATCH_MAX_SIZE )
+            return -EINVAL;
 
         sec[i].data = data + delta;
         /* Name is populated in elf_resolve_section_names. */
diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h
index 243e240511..29c9b3141b 100644
--- a/xen/include/xen/livepatch.h
+++ b/xen/include/xen/livepatch.h
@@ -30,6 +30,8 @@ struct xen_sysctl_livepatch_op;
 #define ELF_LIVEPATCH_FUNC    ".livepatch.funcs"
 #define ELF_LIVEPATCH_DEPENDS ".livepatch.depends"
 #define ELF_BUILD_ID_NOTE      ".note.gnu.build-id"
+/* Arbitrary limit for payload size and .bss section size. */
+#define LIVEPATCH_MAX_SIZE     MB(2)
 
 struct livepatch_symbol {
     const char *name;