Commit b851ba02 authored Aug 29, 2018 by Nicholas Piggin Committed by Michael Ellerman Oct 20, 2018

powerpc/64/module: REL32 relocation range check



The recent module relocation overflow crash demonstrated that we
have no range checking on REL32 relative relocations. This patch
implements a basic check, the same kernel that previously oopsed
and rebooted now continues with some of these errors when loading
the module:

  module_64: x_tables: REL32 527703503449812 out of range!

Possibly other relocations (ADDR32, REL16, TOC16, etc.) should also have
overflow checks.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

parent dd76ff5a

arch/powerpc/kernel/module_64.c

+8 −1

Original line number	Original line	Diff line number	Diff line
	@@ -680,7 +680,14 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,

	case R_PPC64_REL32:		case R_PPC64_REL32:
	/* 32 bits relative (used by relative exception tables) */		/* 32 bits relative (used by relative exception tables) */
	(u32 )location = value - (unsigned long)location;		/* Convert value to relative */
			value -= (unsigned long)location;
			if (value + 0x80000000 > 0xffffffff) {
			pr_err("%s: REL32 %li out of range!\n",
			me->name, (long int)value);
			return -ENOEXEC;
			}
			(u32 )location = value;
	break;		break;

	case R_PPC64_TOCSAVE:		case R_PPC64_TOCSAVE: