From patchwork Mon Nov 1 13:52:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1549176 X-Patchwork-Delegate: daniel@makrotopia.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=O+sBwWw1; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=hauke-m.de header.i=@hauke-m.de header.a=rsa-sha256 header.s=MBO0001 header.b=kHBtd6K7; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HjZLZ2jcLz9sXM for ; Tue, 2 Nov 2021 00:55:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=HoNGPf3OF4NiMdxyYj/m7hhsGxNxGz+dRzuBFAXuKo8=; b=O+sBwWw11kcPpF 9QQec1OOBFPTb6QdvdVEyfzOrrN6C2ftVurXBwLKQOj7hA5umueADn0YBcGcyuHSsPoJvyAx6K1Ob WDJuXH1qZgs11TcTSfd7hgnSBGP9cZ8j8voIDfpFP+aDz0Xrcn5YCpKnqlXq6JEOfcvj53wwQQ9IN wU4uqOWiv1SUVWH84fSZhA281paD+w/JwD2qklGRq3dO5Q748fPK6gZfAKa8tS8K44aPxAxC+s/3Z 6EiHkpW9agi7CwqMQbJweNb9NSc4rdSIWNLbevjgM2AYVse+renUaV+WA5NjNJVQZxexQqJafizdQ xofEeez/bNIcgHSguhhA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mhXkb-00GVBM-Ka; Mon, 01 Nov 2021 13:53:25 +0000 Received: from mout-p-202.mailbox.org ([80.241.56.172]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mhXkN-00GV91-FH for openwrt-devel@lists.openwrt.org; Mon, 01 Nov 2021 13:53:15 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:105:465:1:3:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4HjZHM0ThDzQjkY; Mon, 1 Nov 2021 14:53:03 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hauke-m.de; s=MBO0001; t=1635774779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=pew1gNqShXkUcmWNWAxXU92O0qRpWalJM6B3YqjfSLw=; b=kHBtd6K7O9FCiG391jLqqqJ7MJK/MQOpX8BzA08BqGeKD67q4/ftJ5b3gGluojO/Z3VHQT 3E53aGugSFTTruY3hsaP6ttxjFXnP4NmMInEePJW1ubTu0Hap4TL1jarYbA6rWkgBfFrnd 5iTdge581FTkqAHadI/IlpHlo0LE45PKvd7zScTiIhiRe+ke5jiWIzL799VaA+CqS8/IFT NxgqjNSueepjCVlWsSNtg3oD2HlzBNDmvWRm1G/HQROu8nM5S+FUihTFPsw/zi6fvVQvOY TSZKje2+Ze3OfhprNsjEeDiSjxS7CIbx9iYTkWSGaucy1qU3cdtTY834+kTHVA== From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Cc: Hauke Mehrtens Subject: [PATCH 1/2] jail: elf: Use 64 bit variables for elf offsets Date: Mon, 1 Nov 2021 14:52:54 +0100 Message-Id: <20211101135255.750200-1-hauke@hauke-m.de> MIME-Version: 1.0 X-Rspamd-Queue-Id: 32CBF26A X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211101_065311_708596_B7D0F0F7 X-CRM114-Status: GOOD ( 11.34 ) X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The members p_offset, p_filesz and p_vaddr of the structure Elf64_Phdr are all uint64_t. This structure is used for 64 bit applications. Without this change we would convert the 64 bit values into 32 bit values and an overflow could happen in this conversion. Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.172 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [80.241.56.172 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The members p_offset, p_filesz and p_vaddr of the structure Elf64_Phdr are all uint64_t. This structure is used for 64 bit applications. Without this change we would convert the 64 bit values into 32 bit values and an overflow could happen in this conversion. On MIPS 64 BE the variable load_vaddr has the value 0x120000000 which sets the 32th bit which will overflow when converted to a 32 bit value. On 32 bit systems Elf32_Phdr is used with uint32_t, converting this to 64 bit values too should not cause problems as this is not in the hot path. Without this fix I am getting error messages like this at bootup on MIPS 64 BE: [ 16.622602] do_page_fault(): sending SIGSEGV to ujail for invalid read access from 00000100f37251e3 [ 16.622907] epc = 000000aaab4ed0e0 in ujail[aaab4e0000+18000] [ 16.623237] ra = 000000aaab4ed694 in ujail[aaab4e0000+18000] Signed-off-by: Hauke Mehrtens --- jail/elf.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/jail/elf.c b/jail/elf.c index f67515b..18a7b7c 100644 --- a/jail/elf.c +++ b/jail/elf.c @@ -102,7 +102,7 @@ const char* find_lib(const char *file) return l->path; } -static int elf64_find_section(const char *map, unsigned int type, unsigned int *offset, unsigned int *size, unsigned int *vaddr) +static int elf64_find_section(const char *map, unsigned int type, unsigned long *offset, unsigned long *size, unsigned long *vaddr) { Elf64_Ehdr *e; Elf64_Phdr *ph; @@ -125,7 +125,7 @@ static int elf64_find_section(const char *map, unsigned int type, unsigned int * return -1; } -static int elf32_find_section(const char *map, unsigned int type, unsigned int *offset, unsigned int *size, unsigned int *vaddr) +static int elf32_find_section(const char *map, unsigned int type, unsigned long *offset, unsigned long *size, unsigned long *vaddr) { Elf32_Ehdr *e; Elf32_Phdr *ph; @@ -148,7 +148,7 @@ static int elf32_find_section(const char *map, unsigned int type, unsigned int * return -1; } -static int elf_find_section(const char *map, unsigned int type, unsigned int *offset, unsigned int *size, unsigned int *vaddr) +static int elf_find_section(const char *map, unsigned int type, unsigned long *offset, unsigned long *size, unsigned long *vaddr) { int clazz = map[EI_CLASS]; @@ -162,7 +162,7 @@ static int elf_find_section(const char *map, unsigned int type, unsigned int *of return -1; } -static int elf32_scan_dynamic(const char *map, int dyn_offset, int dyn_size, int load_offset) +static int elf32_scan_dynamic(const char *map, unsigned long dyn_offset, unsigned long dyn_size, long load_offset) { Elf32_Dyn *dynamic = (Elf32_Dyn *) (map + dyn_offset); const char *strtab = NULL; @@ -196,7 +196,7 @@ static int elf32_scan_dynamic(const char *map, int dyn_offset, int dyn_size, int return 0; } -static int elf64_scan_dynamic(const char *map, int dyn_offset, int dyn_size, int load_offset) +static int elf64_scan_dynamic(const char *map, unsigned long dyn_offset, unsigned long dyn_size, long load_offset) { Elf64_Dyn *dynamic = (Elf64_Dyn *) (map + dyn_offset); const char *strtab = NULL; @@ -232,9 +232,9 @@ static int elf64_scan_dynamic(const char *map, int dyn_offset, int dyn_size, int int elf_load_deps(const char *path, const char *map) { - unsigned int dyn_offset, dyn_size; - unsigned int load_offset, load_vaddr; - unsigned int interp_offset; + unsigned long dyn_offset, dyn_size; + unsigned long load_offset, load_vaddr; + unsigned long interp_offset; #if defined(__mips__) && (__mips == 64) static int gcc_mips64_bug_work_around; From patchwork Mon Nov 1 13:52:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1549175 X-Patchwork-Delegate: daniel@makrotopia.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=PGK7eHJR; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=hauke-m.de header.i=@hauke-m.de header.a=rsa-sha256 header.s=MBO0001 header.b=cW8MGK8J; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HjZLY3Lk4z9sVc for ; Tue, 2 Nov 2021 00:55:49 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=0aNHCQxmk4If8m03L+FurRhradwUNZiokmcOHzLWjaM=; b=PGK7eHJRwu4lSU 1YyyHB+Zcwh9F3tUgPWLahIWuMlDNohVWuegqNXLp8IUR+lszOiebzjrSOuD4UtRszuTEk+jxXkk7 Fa+rWr7Gr5u0ThSrU3UWVUjhWRjHrZasmjY8d8tjJcWdjC13vB9mRohHfiH3ZmqL9tHwaHeZojjk8 E40Tl0QRW+IPGcf7whjk61bBPjzuETTqAILCUiJhjGCeUx8k+G0tyBi+kBryN5tsVBMvurEiEbYVs lC/j5kg18xRbye4Rb0wUdkIs9g77RHp4V4e1ubjKuLSLEc+1fWe2nu4twlkdfdRm1xWFd/cr0yyvq Ad+ocmkjaXYY5qNnSV+Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mhXkP-00GV9n-CA; Mon, 01 Nov 2021 13:53:13 +0000 Received: from mout-p-202.mailbox.org ([2001:67c:2050::465:202]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mhXkL-00GV8z-0f for openwrt-devel@lists.openwrt.org; Mon, 01 Nov 2021 13:53:10 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:105:465:1:3:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4HjZHL5hBZzQjgk; Mon, 1 Nov 2021 14:53:02 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hauke-m.de; s=MBO0001; t=1635774780; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HY3D3N4Salz13mG7i8BR6VoWHLoS3yjQ3J+EYB9njx8=; b=cW8MGK8JorSn+xVjdmXIeavImbnNBdF0ZMi/wI4D83Z4zOq+gjmiDVFJ/AENQ8OZHUAdQK j+8zHaT6QYnyI12xve0qFSWOO0tGwKMDy4vHSEoJ+Dyy8rDpoM8ajf9Hq4D1ADWtCobKeO sFwDPO8dOr/u8qjbTvz/isTb5VU1X5ItmQ8AQ7Fbg15ySxeK8as6+fyfBQ9ac4FeBAQdS6 a/AIdIskGrExBtVmfEaHc44/Kh3KkrLCyx409O6beqW7CQMj6X6Zn/6+SNJiHIXEGsDPEH G6VmvdmXATolYJB+8//1+TSKKPSa9CYjr1kzYTaOTu3xiC2LnCLb2HazStQoRg== From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Cc: Hauke Mehrtens Subject: [PATCH 2/2] jail: elf: Remove MIPS 64 warning Date: Mon, 1 Nov 2021 14:52:55 +0100 Message-Id: <20211101135255.750200-2-hauke@hauke-m.de> In-Reply-To: <20211101135255.750200-1-hauke@hauke-m.de> References: <20211101135255.750200-1-hauke@hauke-m.de> MIME-Version: 1.0 X-Rspamd-Queue-Id: 44848731 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211101_065309_324280_AC125AB1 X-CRM114-Status: UNSURE ( 9.88 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The procd jails are working fine on MIPS64 too now. I saw this error message when add_path_and_deps() was called which calls elf_load_deps() again under some conditions. This is happening because gcc_mips64_bug_work_around is stored in the data segment [...] Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2001:67c:2050:0:0:0:465:202 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The procd jails are working fine on MIPS64 too now. I saw this error message when add_path_and_deps() was called which calls elf_load_deps() again under some conditions. This is happening because gcc_mips64_bug_work_around is stored in the data segment. We have a call trace like this: elf_load_deps() gcc_mips64_bug_work_around = 1; call add_path_and_deps() call elf_load_deps() gcc_mips64_bug_work_around = 1; error if gcc_mips64_bug_work_around =! 1 gcc_mips64_bug_work_around = 0; return; return; error if gcc_mips64_bug_work_around =! 1 return; I got the same error messages on MIPS 32 BE, when I removed the compile check. This was tested in qemu on MIPS 64 BE and MIPS64 LE. Signed-off-by: Hauke Mehrtens --- jail/elf.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/jail/elf.c b/jail/elf.c index 18a7b7c..176d046 100644 --- a/jail/elf.c +++ b/jail/elf.c @@ -235,11 +235,7 @@ int elf_load_deps(const char *path, const char *map) unsigned long dyn_offset, dyn_size; unsigned long load_offset, load_vaddr; unsigned long interp_offset; -#if defined(__mips__) && (__mips == 64) - static int gcc_mips64_bug_work_around; - gcc_mips64_bug_work_around = 1; -#endif if (elf_find_section(map, PT_LOAD, &load_offset, NULL, &load_vaddr)) { ERROR("failed to load the .load section from %s\n", path); return -1; @@ -256,14 +252,6 @@ int elf_load_deps(const char *path, const char *map) int clazz = map[EI_CLASS]; -#if defined(__mips__) && (__mips == 64) - if (gcc_mips64_bug_work_around != 1) { - ERROR("compiler bug: GCC for MIPS64 should be fixed!\n"); - return -1; - } - gcc_mips64_bug_work_around = 0; -#endif - if (clazz == ELFCLASS32) return elf32_scan_dynamic(map, dyn_offset, dyn_size, load_vaddr - load_offset); else if (clazz == ELFCLASS64)