From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.2 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by inbox.vuxu.org (OpenSMTPD) with SMTP id da3ebff4 for ; Wed, 26 Feb 2020 05:25:02 +0000 (UTC) Received: (qmail 25865 invoked by uid 550); 26 Feb 2020 05:25:01 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 25835 invoked from network); 26 Feb 2020 05:25:00 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1582694689; bh=qszrniiyPWn9W7bJ7+6U0CjUM8MklI6/bqN7lNAi2A8=; h=X-UI-Sender-Class:Date:From:To:Subject; b=azr4W2PMMopkRvtAluGYWE5OYc3BLE2OJYfsh2race6HLoX1Ks7onXKEBZhwCqs/B kmFnfZAlXFAKCiB8k3KyGib+ZDUi8b/WxALIrK9jBa6Zf0tbGmr6JS/gMCz1C2hP1M +fcfiLnl6hdTxSrMB1qO7vMTZQ6r5WgGLonuaDsw= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Date: Wed, 26 Feb 2020 06:24:48 +0100 From: Markus Wichmann To: musl@lists.openwall.com Message-ID: <20200226052448.GA2769@voyager> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="82I3+IH0IqGh5yIs" Content-Disposition: inline User-Agent: Mutt/1.9.4 (2018-02-28) X-Provags-ID: V03:K1:UCnflAEtiOKkcGylySqPcHpAPI5ZlhaTn+32gbvFFNFlc3WJLGY eDsB9zy3kiUlJ9wntUeOHjYyYRRGydOMzitZ99mdf7PLNigMrCNzjZLvv3reLhWd+rtU7Cd mOr1aNbJUAoRtATMnCaKWvTcRXKn4SjoFiUXa0rOjuN+CO8TPA2VJeDWiygmCnxUNVfWnyZ fWu1tL0Lsd03z6fB7aVMA== X-UI-Out-Filterresults: notjunk:1;V03:K0:YRVBdoJffhg=:reoWPS4FMwLImY6MVbe0De L4FIkMxbdBHdgJGZbqGcGi7aHPyH1fUmIDUmtMOZVarex29ZhTI5L86llu1PQMfS1WlzVyZh4 xD0BMmXstLuApZDNzaXv+TR3LkvtDuCU4Ze+WlHezQqEPTrVkIEYxFvd7d2XHv+hXZXcgcNN7 2L0tK4/K+rjNMxePuVZcrG4yErNsLGSWkCI05OTsugepD6kBxwMpsbKXlzWIQ3YlWazIrbUig GAiOKCe1Ztknmn8WnzggyexTW1Ma3qTwtdBIEm9k2lbf/EqAzvXwPEr2qUl8hAMWiFLSX1TlE qHb9PfF6VN2g7fsBiBFvdC6tljnKpdJaHhOQf68ZeU+qJmWxOWkxm7Xy+QdScufoSKkSjodU7 wFu8lIgHlrks34B1YAYqS0mF2GEcvupTfa2h/1e4qtlGnan4H6YkrLE36RjgmK3Apo3p5YmYY Xa9GPOXqxowFi5tN31SvF9iWMKHoEwDqMnLoEvQ6eqv+hA9mi/FavltyL5bBD3DTfKlzeEFhN byviSQ+7fuKemVEDeUppe7/M0TU3/Vr/vcgo/yC4acXyWAAnUt8GdeALFM+MXY9v54o6Jhg/Y fLt24Xtgs3BJ6EYlBlWDSM+GOnp6joncbgCzTep85ers8CTCXL2IYvr/wt05897ZlwGCONnSE hm+h8uu5V/urkAEJ7sieGdjn/WB5vuByUguw4ertMSmOrD7INbQu405kcC4XCU1osTeRNCM78 KL2oEVgU+D8MOB3Z3EBENbmBsBm0FtWHPVVF0QdGe//FSnY3GWiCDGDUR2HzX/u1kK122jgmo y7YFSIP5v9zEWAgipY0Gi+rBVyPTLd4+70D30II7BQWoKYgJRA8/UEM/zlZCSJkVIYiImbG9r V+oZOJ7e5vDgcM3a5s0l6ui/pxtBiw4L+k56H2UA+SZkmPF40hSrQKsPsfFKzOSfrgr6FomgV +bejMji0nmyzKIg+8NDgYLTf1NmT61A7X5FJo8sqQmSzyD0SBOIoRynxthab2PFVqmDgtNNUi 49r7gz5twWn9H+kF/9ui9lNgtZxn7PDnNXsZR519XsScxVtqe4V9YYKikprh2+vM145oF0iCW j6oLVixqONTYSDau/zDVfx9oloavWjk8Uy/Go/+RRT5Zfl1kMlFEmLgPhZE8ovqpEEMyb5I9M aJE25yjL9v0o5k1BUOVHRss+zuNG0Fj1Pn8hKPUaxuUaogoahwkOoWxMU1qLZhPHf+j/EQCfy wY3h1puyzrKR4QPGU Subject: [musl] [PATCH] Add REL_COPY size change detection --82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi all, I was recently reading the Oracle docs about the ELF, and I came across their chapter about the COPY relocation. They discuraged its use, since with those relocations, a binding exists between importing and exporting module. If the semantics of the imported object changes, then this is an ABI mismatch. So I looked at the musl source code and noticed that COPY relocations are simply processed, and an ABI mismatch is simply accepted. So, since I am of the opinion that detectable errors should be detected, rather than left to fester and spring a hard-to-explain bug on you, usually five minutes before deadline, I wrote the attached patch to add detection for at least a changed size. This won't detect all changes to ABI regarding COPY relocation (e.g.int-->float, or in an array of structs, a change to the struct size and to the array size cancelling each other out), but it should find most of them. Also, I wondered whether COPY relocations are even still in use. But on my system (currently some Ubuntu version) I found over 15000 of the things. Mostly for stdout and stderr, though. Ciao, Markus --82I3+IH0IqGh5yIs Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0001-Add-detection-for-changed-size-of-a-COPY-relocation.patch" Content-Transfer-Encoding: quoted-printable =46rom 75e98f4e4cef2eb2b867062aebc481c3b1f66498 Mon Sep 17 00:00:00 2001 From: Markus Wichmann Date: Wed, 26 Feb 2020 06:09:14 +0100 Subject: [PATCH] Add detection for changed size of a COPY relocation. COPY relocations create an ABI binding between importing and exporting module. Should anything about the object in question change, that would be an ABI change, and therefore incompatible. While the dynamic linker is not capable of detecting all changes, it can detect most of them by detecting a changed size between import and export. Any change is a problem, since the source buffer will be either overread or underread. In any case, if the semantics of the imported object changed, the ABI contract is broken, and it is better to detect this than to silently allow it and inexplicably crash later on. =2D-- ldso/dynlink.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ldso/dynlink.c b/ldso/dynlink.c index afec985a..618c2cbd 100644 =2D-- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -435,6 +435,15 @@ static void do_relocs(struct dso *dso, size_t *rel, s= ize_t rel_size, size_t stri else *reloc_addr =3D (size_t)base + addend; break; case REL_COPY: + if (def.sym && sym->st_size !=3D def.sym->st_size) { + error("Error relocating %s: %s: Size mismatch in COPY" + " relocation (exp %lu, got %lu)", + dso->name, name + sym->st_size + 0ul, + def.sym->st_size + 0ul); + if (runtime) longjmp(*rtld_fail, 1); + continue; + } memcpy(reloc_addr, (void *)sym_val, sym->st_size); break; case REL_OFFSET32: =2D- 2.17.1 --82I3+IH0IqGh5yIs--