From patchwork Fri Jun 23 17:24:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joe Simmons-Talbott <josimmon@redhat.com>
X-Patchwork-Id: 1799096
Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=8.43.85.97; helo=sourceware.org;
 envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (1024-bit key;
 secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256
 header.s=default header.b=eyRaRhIw;
	dkim-atps=neutral
Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Qnkd35GGsz20XB
	for <incoming@patchwork.ozlabs.org>; Sat, 24 Jun 2023 03:24:39 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id B1B503858288
	for <incoming@patchwork.ozlabs.org>; Fri, 23 Jun 2023 17:24:37 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B1B503858288
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1687541077;
	bh=QA/Zzr0iM12S7NoSqz0086Hcr7TMMPaYaNMgBasa3v4=;
	h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=eyRaRhIw32RXujKFxEpmCTBm2RoP2/4YWutA2Fk5XxVnKCGISwg1YJ5gPgjGVr7RY
	 9gnuCSdkfDty0tu5gTln+HzC6evtHyMiSLEcaz/ExWD9WUwgneQGbhVU+Z7fPJIqQv
	 eXUTB4m2W+k10mzGY09CXxnLsdTgQfxo0d3wQEhA=
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 95E3A3858C2F
 for <libc-alpha@sourceware.org>; Fri, 23 Jun 2023 17:24:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 95E3A3858C2F
Received: from mail-yw1-f199.google.com (mail-yw1-f199.google.com
 [209.85.128.199]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-373-odADkbiFNM-8K_RTAOoiig-1; Fri, 23 Jun 2023 13:24:19 -0400
X-MC-Unique: odADkbiFNM-8K_RTAOoiig-1
Received: by mail-yw1-f199.google.com with SMTP id
 00721157ae682-5704995f964so12482377b3.2
 for <libc-alpha@sourceware.org>; Fri, 23 Jun 2023 10:24:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1687541058; x=1690133058;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=QA/Zzr0iM12S7NoSqz0086Hcr7TMMPaYaNMgBasa3v4=;
 b=TWBf9lRlVWZKtegSzvg3yZDkZRZGfDX3PI4DPzQYgAIAXvBUZhdHT6+9/WYszVDb+M
 tVJpEfNF9v5a6uvCepnJKHXXD7beFZ8iz0N5m0rrR1SvVkEQtSh/wfQAEhnJa9uQvKkD
 cjWggbymW7uKG0+mBt4PEfgEcZ7AjhRAxpIW8BohiH+QddTjfBARLQbol3hhH03J3yey
 zdo/KEWp7njfIpXEoSy/ZtwwYl2WqJS6Ab746C87Eb/8MMBO2TqkjYJ4Sw347DpmHBS/
 XLX0q/Pym6aQAnosZnQr6brjdrKP00oxM+43jB+TNflc8y0PE+v87MpD+Phlo2nvscPZ
 N9pw==
X-Gm-Message-State: AC+VfDwOYQy8dfkbWanbXcppvexhjiejDrmUDQ/qyyOVZeAg/jwSsTrZ
 kL4+tH4mPqYPKYErL2sM93bKbp375ieYO0XVzPWurskHYAZoeqlmRXFgDSPbn8ur0IsCxkgC170
 5YEe+gFoa0yRQnu61Nye/e6JMKGw/6HMT+21ceOSVONCPyVwvL9vt3HXT1lT4X9Iv/tZ6iJtRBt
 OPgKW4
X-Received: by 2002:a0d:d9c7:0:b0:565:a3e6:1b7b with SMTP id
 b190-20020a0dd9c7000000b00565a3e61b7bmr20642729ywe.18.1687541057942;
 Fri, 23 Jun 2023 10:24:17 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ7S2Ac9AIN+vz/KZDiMl/mN4MiOcboPS5Qv0E/xpu1o8IVjNiu7G+g82Sw2Dh0x2GJ+/oHVDg==
X-Received: by 2002:a0d:d9c7:0:b0:565:a3e6:1b7b with SMTP id
 b190-20020a0dd9c7000000b00565a3e61b7bmr20642701ywe.18.1687541057531;
 Fri, 23 Jun 2023 10:24:17 -0700 (PDT)
Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net.
 [71.206.142.238]) by smtp.gmail.com with ESMTPSA id
 l192-20020a0de2c9000000b0056ffb605d40sm2568872ywe.79.2023.06.23.10.24.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 23 Jun 2023 10:24:17 -0700 (PDT)
To: libc-alpha@sourceware.org
Cc: Joe Simmons-Talbott <josimmon@redhat.com>
Subject: [PATCH v2] mips: dl-machine-reject-phdr: Get rid of alloca.
Date: Fri, 23 Jun 2023 13:24:15 -0400
Message-Id: <20230623172415.3495004-1-josimmon@redhat.com>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Joe Simmons-Talbott via Libc-alpha
 <libc-alpha@sourceware.org>
From: Joe Simmons-Talbott <josimmon@redhat.com>
Reply-To: Joe Simmons-Talbott <josimmon@redhat.com>
Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>

Use a scratch_buffer rather than alloca to avoid potential stack overflow.

Checked with build-many-glibcs.py on mips-linux-gnu
---
Changes to v1:
  * Only allocate space for and read the ABI flags data rather than the
    whole segment.

 sysdeps/mips/dl-machine-reject-phdr.h | 86 ++++++++++++++++++++-------
 1 file changed, 65 insertions(+), 21 deletions(-)

diff --git a/sysdeps/mips/dl-machine-reject-phdr.h b/sysdeps/mips/dl-machine-reject-phdr.h
index 104b590661..7645e5a517 100644
--- a/sysdeps/mips/dl-machine-reject-phdr.h
+++ b/sysdeps/mips/dl-machine-reject-phdr.h
@@ -20,6 +20,7 @@
 #define _DL_MACHINE_REJECT_PHDR_H 1
 
 #include <unistd.h>
+#include <scratch_buffer.h>
 #include <sys/prctl.h>
 
 #if defined PR_GET_FP_MODE && defined PR_SET_FP_MODE
@@ -172,27 +173,41 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
   cur_mode = __prctl (PR_GET_FP_MODE);
 # endif
 #endif
+  struct scratch_buffer sbuf;
+  scratch_buffer_init (&sbuf);
 
   /* Read the attributes section.  */
   if (ph != NULL)
     {
-      ElfW(Addr) size = ph->p_filesz;
+      ElfW(Addr) size = sizeof (Elf_MIPS_ABIFlags_v0);
+
+      if (ph->p_filesz < sizeof (Elf_MIPS_ABIFlags_v0))
+	{
+	  scratch_buffer_free (&sbuf);
+	  REJECT ("   contains malformed PT_MIPS_ABIFLAGS\n");
+	}
 
       if (ph->p_offset + size <= len)
 	mips_abiflags = (Elf_MIPS_ABIFlags_v0 *) (buf + ph->p_offset);
       else
 	{
-	  mips_abiflags = alloca (size);
+	  if (!scratch_buffer_set_array_size (&sbuf, 1, size))
+	    REJECT ("   unable to allocate memory\n");
+	  mips_abiflags = sbuf.data;
+
 	  __lseek (fd, ph->p_offset, SEEK_SET);
 	  if (__libc_read (fd, (void *) mips_abiflags, size) != size)
-	    REJECT ("   unable to read PT_MIPS_ABIFLAGS\n");
+	    {
+	      scratch_buffer_free (&sbuf);
+	      REJECT ("   unable to read PT_MIPS_ABIFLAGS\n");
+	    }
 	}
 
-      if (size < sizeof (Elf_MIPS_ABIFlags_v0))
-	REJECT ("   contains malformed PT_MIPS_ABIFLAGS\n");
-
       if (__glibc_unlikely (mips_abiflags->flags2 != 0))
-	REJECT ("   unknown MIPS.abiflags flags2: %u\n", mips_abiflags->flags2);
+	{
+	  scratch_buffer_free (&sbuf);
+	  REJECT ("   unknown MIPS.abiflags flags2: %u\n", mips_abiflags->flags2);
+	}
 
       in_abi = mips_abiflags->fp_abi;
     }
@@ -202,7 +217,10 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 
   /* Unknown ABIs are rejected.  */
   if (in_abi != -1 && in_abi > Val_GNU_MIPS_ABI_FP_MAX)
-    REJECT ("   uses unknown FP ABI: %u\n", in_abi);
+    {
+      scratch_buffer_free (&sbuf);
+      REJECT ("   uses unknown FP ABI: %u\n", in_abi);
+    }
 
   /* Obtain the initial requirements.  */
   in_req = (in_abi == -1) ? none_req : reqs[in_abi];
@@ -215,7 +233,10 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 	struct abi_req existing_req;
 
 	if (cached_fpabi_reject_phdr_p (l))
-	  return true;
+	  {
+	    scratch_buffer_free (&sbuf);
+	    return true;
+	  }
 
 #if _MIPS_SIM == _ABIO32
 	/* A special case arises for O32 FP64 and FP64A where the kernel
@@ -229,8 +250,11 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 	if ((l->l_mach.fpabi == Val_GNU_MIPS_ABI_FP_64A
 	     || l->l_mach.fpabi == Val_GNU_MIPS_ABI_FP_64)
 	    && cur_mode == -1)
-	  REJECT ("   found %s running in the wrong mode\n",
-		  fpabi_string (l->l_mach.fpabi));
+	  {
+	    scratch_buffer_free (&sbuf);
+	    REJECT ("   found %s running in the wrong mode\n",
+		    fpabi_string (l->l_mach.fpabi));
+	  }
 #endif
 
 	/* Found a perfect match, success.  */
@@ -238,7 +262,10 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 
 	/* Unknown ABIs are rejected.  */
 	if (l->l_mach.fpabi != -1 && l->l_mach.fpabi > Val_GNU_MIPS_ABI_FP_MAX)
-	  REJECT ("   found unknown FP ABI: %u\n", l->l_mach.fpabi);
+	  {
+	    scratch_buffer_free (&sbuf);
+	    REJECT ("   found unknown FP ABI: %u\n", l->l_mach.fpabi);
+	  }
 
 	existing_req = (l->l_mach.fpabi == -1 ? none_req
 			: reqs[l->l_mach.fpabi]);
@@ -262,9 +289,12 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 #endif
 	  }
 	else
-	  REJECT ("   uses %s, already loaded %s\n",
-		  fpabi_string (in_abi),
-		  fpabi_string (l->l_mach.fpabi));
+	  {
+	    scratch_buffer_free (&sbuf);
+	    REJECT ("   uses %s, already loaded %s\n",
+		    fpabi_string (in_abi),
+		    fpabi_string (l->l_mach.fpabi));
+	  }
       }
 
 #if _MIPS_SIM == _ABIO32
@@ -281,7 +311,10 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 	 If the overall requirements cannot be met by FR0 then reject the
 	 object.  */
       if (cur_mode == -1)
-	return !in_req.fr0;
+	{
+	  scratch_buffer_free (&sbuf);
+	  return !in_req.fr0;
+	}
 
 # if HAVE_PRCTL_FP_MODE
       {
@@ -293,9 +326,12 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 	   can be either the FR1 mode or FR0 if the requirements are met by
 	   FR0.  */
 	if (cannot_mode_switch)
-	  return (!(in_req.fre && cur_mode == (PR_FP_MODE_FR | PR_FP_MODE_FRE))
-		  && !(in_req.fr1 && cur_mode == PR_FP_MODE_FR)
-		  && !(in_req.fr0 && cur_mode == 0));
+	  {
+	    scratch_buffer_free (&sbuf);
+	    return (!(in_req.fre && cur_mode == (PR_FP_MODE_FR | PR_FP_MODE_FRE))
+		    && !(in_req.fr1 && cur_mode == PR_FP_MODE_FR)
+		    && !(in_req.fr0 && cur_mode == 0));
+	  }
 
 	/* If the overall requirements can be satisfied by FRE but not FR1 then
 	   fr1_mode must become FRE.  */
@@ -305,14 +341,21 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
 	/* Set the new mode.  Use fr1_mode if the requirements cannot be met by
 	   FR0.  */
 	if (!in_req.fr0)
-	  return __prctl (PR_SET_FP_MODE, fr1_mode) != 0;
+	  {
+	    scratch_buffer_free (&sbuf);
+	    return __prctl (PR_SET_FP_MODE, fr1_mode) != 0;
+	  }
 	else if (__prctl (PR_SET_FP_MODE, /* fr0_mode */ 0) != 0)
 	  {
 	    /* Setting FR0 can validly fail on an R6 core so retry with the FR1
 	       mode as a fall back.  */
 	    if (errno != ENOTSUP)
-	      return true;
+	      {
+		scratch_buffer_free (&sbuf);
+		return true;
+	      }
 
+	    scratch_buffer_free (&sbuf);
 	    return __prctl (PR_SET_FP_MODE, fr1_mode) != 0;
 	  }
       }
@@ -320,6 +363,7 @@ elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, unsigned int phnum,
     }
 #endif /* _MIPS_SIM == _ABIO32 */
 
+  scratch_buffer_free (&sbuf);
   return false;
 }