powerpc/64/module: REL32 relocation range check

The recent module relocation overflow crash demonstrated that we
have no range checking on REL32 relative relocations. This patch
implements a basic check, the same kernel that previously oopsed
and rebooted now continues with some of these errors when loading
the module:

  module_64: x_tables: REL32 527703503449812 out of range!

Possibly other relocations (ADDR32, REL16, TOC16, etc.) should also have
overflow checks.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
This commit is contained in:
Nicholas Piggin 2018-08-29 21:56:56 +10:00 committed by Michael Ellerman
parent dd76ff5af3
commit b851ba02a6
1 changed files with 8 additions and 1 deletions

View File

@ -680,7 +680,14 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
case R_PPC64_REL32: case R_PPC64_REL32:
/* 32 bits relative (used by relative exception tables) */ /* 32 bits relative (used by relative exception tables) */
*(u32 *)location = value - (unsigned long)location; /* Convert value to relative */
value -= (unsigned long)location;
if (value + 0x80000000 > 0xffffffff) {
pr_err("%s: REL32 %li out of range!\n",
me->name, (long int)value);
return -ENOEXEC;
}
*(u32 *)location = value;
break; break;
case R_PPC64_TOCSAVE: case R_PPC64_TOCSAVE: