livepatch: avoid relocations referencing ignored section symbols

Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau Monné <[email protected]> Tested-by: Bjoern Doebel <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Reviewed-by: Ross Lagerwall <[email protected]> master commit: 9120b57 master date: 2022-04-08 10:27:11 +0200
olafhering · Apr 8, 2022 · b953760 · b953760
1 parent 46d80ba
commit b953760
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 0 deletions.
diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c
@@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf,
                    elf->name, symndx);
             return -EINVAL;
         }
+        else if ( elf->sym[symndx].ignored )
+        {
+            printk(XENLOG_ERR LIVEPATCH
+                   "%s: Relocation against ignored symbol %s cannot be resolved\n",
+                   elf->name, elf->sym[symndx].name);
+            return -EINVAL;
+        }
 
         val = elf->sym[symndx].sym->st_value; /* S */
 

diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c
@@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf,
                    elf->name, symndx);
             return -EINVAL;
         }
+        else if ( elf->sym[symndx].ignored )
+        {
+            printk(XENLOG_ERR LIVEPATCH
+                   "%s: Relocation against ignored symbol %s cannot be resolved\n",
+                   elf->name, elf->sym[symndx].name);
+            return -EINVAL;
+        }
 
         val = elf->sym[symndx].sym->st_value +  r->r_addend; /* S+A */
 

diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c
@@ -290,6 +290,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf,
                    elf->name, symndx);
             return -EINVAL;
         }
+        else if ( elf->sym[symndx].ignored )
+        {
+            printk(XENLOG_ERR LIVEPATCH
+                   "%s: Relocation against ignored symbol %s cannot be resolved\n",
+                   elf->name, elf->sym[symndx].name);
+            return -EINVAL;
+        }
 
         val = r->r_addend + elf->sym[symndx].sym->st_value;
 

diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c
@@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf)
             }
 
             if ( livepatch_elf_ignore_section(elf->sec[idx].sec) )
+            {
+                dprintk(XENLOG_DEBUG, LIVEPATCH
+                        "%s: Symbol %s from section %s ignored\n",
+                        elf->name, elf->sym[i].name, elf->sec[idx].name);
+                elf->sym[i].ignored = true;
                 break;
+            }
 
             st_value += (unsigned long)elf->sec[idx].load_addr;
             if ( elf->sym[i].name )

diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h
@@ -22,6 +22,7 @@ struct livepatch_elf_sec {
 struct livepatch_elf_sym {
     const Elf_Sym *sym;
     const char *name;
+    bool ignored;
 };
 
 struct livepatch_elf {