[PATCH 02/10] linux-user: Fix parse_elf_properties GNU0_MAGIC check

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH 02/10] linux-user: Fix parse_elf_properties GNU0_MAGIC check
Date: Sat,  5 Oct 2024 16:33:35 -0700	[thread overview]
Message-ID: <20241005233343.503426-3-richard.henderson@linaro.org> (raw)
In-Reply-To: <20241005233343.503426-1-richard.henderson@linaro.org>

Comparing a string of 4 bytes only works in little-endian.

Adjust bulk bswap to only apply to the note payload.
Perform swapping of the note header manually; the magic
is defined so that it does not need a runtime swap.

Fixes: 83f990eb5adb ("linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2596
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/elfload.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 0678c9d506..52c88a68a9 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3121,11 +3121,11 @@ static bool parse_elf_properties(const ImageSource *src,
     }
 
     /*
-     * The contents of a valid PT_GNU_PROPERTY is a sequence
-     * of uint32_t -- swap them all now.
+     * The contents of a valid PT_GNU_PROPERTY is a sequence of uint32_t.
+     * Swap most of them now, beyond the header and namesz.
      */
 #ifdef BSWAP_NEEDED
-    for (int i = 0; i < n / 4; i++) {
+    for (int i = 4; i < n / 4; i++) {
         bswap32s(note.data + i);
     }
 #endif
@@ -3135,15 +3135,15 @@ static bool parse_elf_properties(const ImageSource *src,
      * immediately follows nhdr and is thus at the 4th word.  Further, all
      * of the inputs to the kernel's round_up are multiples of 4.
      */
-    if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
-        note.nhdr.n_namesz != NOTE_NAME_SZ ||
+    if (tswap32(note.nhdr.n_type) != NT_GNU_PROPERTY_TYPE_0 ||
+        tswap32(note.nhdr.n_namesz) != NOTE_NAME_SZ ||
         note.data[3] != GNU0_MAGIC) {
         error_setg(errp, "Invalid note in PT_GNU_PROPERTY");
         return false;
     }
     off = sizeof(note.nhdr) + NOTE_NAME_SZ;
 
-    datasz = note.nhdr.n_descsz + off;
+    datasz = tswap32(note.nhdr.n_descsz) + off;
     if (datasz > n) {
         error_setg(errp, "Invalid note size in PT_GNU_PROPERTY");
         return false;
-- 
2.43.0

next prev parent reply	other threads:[~2024-10-05 23:36 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-05 23:33 [PATCH 00/10] linux-user pre-PR Richard Henderson
2024-10-05 23:33 ` [PATCH 01/10] linux-user/flatload: Take mmap_lock in load_flt_binary() Richard Henderson
2024-10-05 23:33 ` Richard Henderson [this message]
2024-10-07 19:50   ` [PATCH 02/10] linux-user: Fix parse_elf_properties GNU0_MAGIC check Philippe Mathieu-Daudé
2024-10-05 23:33 ` [PATCH 03/10] linux-user: add openat2 support in linux-user Richard Henderson
2024-10-05 23:33 ` [PATCH 04/10] linux-user: add strace support for openat2 Richard Henderson
2024-10-05 23:33 ` [PATCH 05/10] linux-user: Trace wait4()'s and waitpid()'s wstatus Richard Henderson
2024-10-05 23:33 ` [PATCH 06/10] linux-user: Correct print_sockaddr() format Richard Henderson
2024-10-07 19:50   ` Philippe Mathieu-Daudé
2024-10-05 23:33 ` [PATCH 07/10] linux-user: Display sockaddr buffer as pointer Richard Henderson
2024-10-05 23:33 ` [PATCH 08/10] linux-user: Factor print_buf_len() out Richard Henderson
2024-10-05 23:33 ` [PATCH 09/10] linux-user: Add strace for sendto() Richard Henderson
2024-10-05 23:33 ` [PATCH 10/10] linux-user: Add strace for recvfrom() Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0678c9d50 dfblob:52c88a68a )
 OR (
bs:"[PATCH 02/10] linux-user: Fix parse_elf_properties GNU0_MAGIC check" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241005233343.503426-3-richard.henderson@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).