From: Roel Kluin <12o3l@tiscali.nl>
To: Hirokazu Takata <takata@linux-m32r.org>
Cc: linux-m32r@ml.linux-m32r.org, lkml <linux-kernel@vger.kernel.org>
Subject: [PATCH v2] m32r: test before subtraction on unsigned relocation range
Date: Fri, 25 Apr 2008 10:45:23 +0200 [thread overview]
Message-ID: <48119A23.1030604@tiscali.nl> (raw)
In-Reply-To: <swfabjiacf1.wl%takata.hirokazu@renesas.com>
Hirokazu Takata wrote:
> From: Roel Kluin <12o3l@tiscali.nl>
> Subject: [PATCH] m32r: test before subtraction on unsigned relocation range
> Date: Wed, 23 Apr 2008 18:34:16 +0200
>> case R_M32R_26_PCREL_RELA:
>> - relocation = (relocation - (Elf32_Addr) location);
>> - if (relocation < -0x2000000 || 0x1fffffc < relocation)
>> + if (relocation + 0x20000 < (Elf32_Addr) location ||
>> + relocation >= 0x1fffc + (Elf32_Addr) location)
>
> A slight fix is required.
>
> The above range check is incorrect, because the R_M32R_26_PCREL_RELA is
> 26-bit relocation.
>
> -- Takata
>
Thanks for spotting this!
---
Relocation is unsigned, test before subtraction
Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
---
diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c
index 8d42057..947def6 100644
--- a/arch/m32r/kernel/module.c
+++ b/arch/m32r/kernel/module.c
@@ -171,13 +171,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_WORD (value, *location, align);
break;
case R_M32R_18_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x20000 || 0x1fffc < relocation)
+ if (relocation + 0x20000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffff)
{
@@ -203,13 +204,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_HWORD (hvalue, *hlocation, align);
break;
case R_M32R_26_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x2000000 || 0x1fffffc < relocation)
+ if (relocation + 0x2000000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffffff)
{
prev parent reply other threads:[~2008-04-25 8:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-23 16:34 [PATCH] m32r: test before subtraction on unsigned relocation range Roel Kluin
2008-04-25 2:36 ` Hirokazu Takata
2008-04-25 8:41 ` [PATCH v2] " Roel Kluin
2008-04-25 8:45 ` Roel Kluin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48119A23.1030604@tiscali.nl \
--to=12o3l@tiscali.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m32r@ml.linux-m32r.org \
--cc=takata@linux-m32r.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox