* [PATCH] m32r: test before subtraction on unsigned relocation range
@ 2008-04-23 16:34 Roel Kluin
2008-04-25 2:36 ` Hirokazu Takata
0 siblings, 1 reply; 4+ messages in thread
From: Roel Kluin @ 2008-04-23 16:34 UTC (permalink / raw)
To: takata, linux-m32r; +Cc: lkml
relocation is unsigned
Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
---
diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c
index 8d42057..abecedf 100644
--- a/arch/m32r/kernel/module.c
+++ b/arch/m32r/kernel/module.c
@@ -171,13 +171,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_WORD (value, *location, align);
break;
case R_M32R_18_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x20000 || 0x1fffc < relocation)
+ if (relocation + 0x20000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffff)
{
@@ -203,13 +204,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_HWORD (hvalue, *hlocation, align);
break;
case R_M32R_26_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x2000000 || 0x1fffffc < relocation)
+ if (relocation + 0x20000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffffff)
{
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] m32r: test before subtraction on unsigned relocation range
2008-04-23 16:34 [PATCH] m32r: test before subtraction on unsigned relocation range Roel Kluin
@ 2008-04-25 2:36 ` Hirokazu Takata
2008-04-25 8:41 ` [PATCH v2] " Roel Kluin
2008-04-25 8:45 ` Roel Kluin
0 siblings, 2 replies; 4+ messages in thread
From: Hirokazu Takata @ 2008-04-25 2:36 UTC (permalink / raw)
To: Roel Kluin; +Cc: takata, linux-m32r, lkml
From: Roel Kluin <12o3l@tiscali.nl>
Subject: [PATCH] m32r: test before subtraction on unsigned relocation range
Date: Wed, 23 Apr 2008 18:34:16 +0200
> case R_M32R_26_PCREL_RELA:
> - relocation = (relocation - (Elf32_Addr) location);
> - if (relocation < -0x2000000 || 0x1fffffc < relocation)
> + if (relocation + 0x20000 < (Elf32_Addr) location ||
> + relocation >= 0x1fffc + (Elf32_Addr) location)
A slight fix is required.
The above range check is incorrect, because the R_M32R_26_PCREL_RELA is
26-bit relocation.
-- Takata
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] m32r: test before subtraction on unsigned relocation range
2008-04-25 2:36 ` Hirokazu Takata
@ 2008-04-25 8:41 ` Roel Kluin
2008-04-25 8:45 ` Roel Kluin
1 sibling, 0 replies; 4+ messages in thread
From: Roel Kluin @ 2008-04-25 8:41 UTC (permalink / raw)
To: Hirokazu Takata; +Cc: linux-m32r, lkml
Hirokazu Takata wrote:
> From: Roel Kluin <12o3l@tiscali.nl>
> Subject: [PATCH] m32r: test before subtraction on unsigned relocation range
> Date: Wed, 23 Apr 2008 18:34:16 +0200
>> case R_M32R_26_PCREL_RELA:
>> - relocation = (relocation - (Elf32_Addr) location);
>> - if (relocation < -0x2000000 || 0x1fffffc < relocation)
>> + if (relocation + 0x20000 < (Elf32_Addr) location ||
>> + relocation >= 0x1fffc + (Elf32_Addr) location)
>
> A slight fix is required.
>
> The above range check is incorrect, because the R_M32R_26_PCREL_RELA is
> 26-bit relocation.
>
> -- Takata
>
Thanks for spotting this!
---
Relocation is unsigned, test before subtraction
Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
---
diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c
index 8d42057..947def6 100644
--- a/arch/m32r/kernel/module.c
+++ b/arch/m32r/kernel/module.c
@@ -171,13 +171,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_WORD (value, *location, align);
break;
case R_M32R_18_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x20000 || 0x1fffc < relocation)
+ if (relocation + 0x20000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffff)
{
@@ -203,13 +204,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_HWORD (hvalue, *hlocation, align);
break;
case R_M32R_26_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x2000000 || 0x1fffffc < relocation)
+ if (relocation + 0x2000000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffffff)
{
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2] m32r: test before subtraction on unsigned relocation range
2008-04-25 2:36 ` Hirokazu Takata
2008-04-25 8:41 ` [PATCH v2] " Roel Kluin
@ 2008-04-25 8:45 ` Roel Kluin
1 sibling, 0 replies; 4+ messages in thread
From: Roel Kluin @ 2008-04-25 8:45 UTC (permalink / raw)
To: Hirokazu Takata; +Cc: linux-m32r, lkml
Hirokazu Takata wrote:
> From: Roel Kluin <12o3l@tiscali.nl>
> Subject: [PATCH] m32r: test before subtraction on unsigned relocation range
> Date: Wed, 23 Apr 2008 18:34:16 +0200
>> case R_M32R_26_PCREL_RELA:
>> - relocation = (relocation - (Elf32_Addr) location);
>> - if (relocation < -0x2000000 || 0x1fffffc < relocation)
>> + if (relocation + 0x20000 < (Elf32_Addr) location ||
>> + relocation >= 0x1fffc + (Elf32_Addr) location)
>
> A slight fix is required.
>
> The above range check is incorrect, because the R_M32R_26_PCREL_RELA is
> 26-bit relocation.
>
> -- Takata
>
Thanks for spotting this!
---
Relocation is unsigned, test before subtraction
Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
---
diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c
index 8d42057..947def6 100644
--- a/arch/m32r/kernel/module.c
+++ b/arch/m32r/kernel/module.c
@@ -171,13 +171,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_WORD (value, *location, align);
break;
case R_M32R_18_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x20000 || 0x1fffc < relocation)
+ if (relocation + 0x20000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffff)
{
@@ -203,13 +204,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_HWORD (hvalue, *hlocation, align);
break;
case R_M32R_26_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x2000000 || 0x1fffffc < relocation)
+ if (relocation + 0x2000000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffffff)
{
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-04-25 8:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-23 16:34 [PATCH] m32r: test before subtraction on unsigned relocation range Roel Kluin
2008-04-25 2:36 ` Hirokazu Takata
2008-04-25 8:41 ` [PATCH v2] " Roel Kluin
2008-04-25 8:45 ` Roel Kluin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox