powerpc/64/module: REL32 relocation range check
The recent module relocation overflow crash demonstrated that we have no range checking on REL32 relative relocations. This patch implements a basic check, the same kernel that previously oopsed and rebooted now continues with some of these errors when loading the module: module_64: x_tables: REL32 527703503449812 out of range! Possibly other relocations (ADDR32, REL16, TOC16, etc.) should also have overflow checks. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
This commit is contained in:
parent
dd76ff5af3
commit
b851ba02a6
|
@ -680,7 +680,14 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
|
||||||
|
|
||||||
case R_PPC64_REL32:
|
case R_PPC64_REL32:
|
||||||
/* 32 bits relative (used by relative exception tables) */
|
/* 32 bits relative (used by relative exception tables) */
|
||||||
*(u32 *)location = value - (unsigned long)location;
|
/* Convert value to relative */
|
||||||
|
value -= (unsigned long)location;
|
||||||
|
if (value + 0x80000000 > 0xffffffff) {
|
||||||
|
pr_err("%s: REL32 %li out of range!\n",
|
||||||
|
me->name, (long int)value);
|
||||||
|
return -ENOEXEC;
|
||||||
|
}
|
||||||
|
*(u32 *)location = value;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case R_PPC64_TOCSAVE:
|
case R_PPC64_TOCSAVE:
|
||||||
|
|
Loading…
Reference in New Issue