diff mbox

Create a hook for inspecting program headers during library load

Message ID 6D39441BF12EF246A7ABCE6654B0235320F199DC@LEMAIL01.le.imgtec.org
State Superseded
Headers

Commit Message

Matthew Fortune Oct. 2, 2014, 4:05 p.m. UTC 
  > > On 2 October 2014 16:02, Matthew Fortune <Matthew.Fortune@imgtec.com>

> > wrote:

> > > Patch updated below. Though I did remember Joseph steering me away

> from

> > > an ifdef based interface while reworking this:

> > >

> > > https://sourceware.org/ml/libc-alpha/2014-05/msg00045.html

> > >

> > > Does this seem more appropriate?

> >

> > You could implement it using the sysdeps mechanism, e.g. see how

> > dl-irel.h and similar headers operate.


Now using sysdeps...

No regression on x86_64-linux-gnu.

Thanks,
Matthew

	* elf/dl-load.c (dl-load-phdr.h): Include.
	(open_verify): Add hook for phdr check.
	* sysdeps/generic/dl-load-phdr.h: New file.
---
 elf/dl-load.c                  |  6 ++++++
 sysdeps/generic/dl-load-phdr.h | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 sysdeps/generic/dl-load-phdr.h

-- 
1.9.4

Comments

Roland McGrath Oct. 3, 2014, 6:32 p.m. UTC | #1 
> 	* elf/dl-load.c (dl-load-phdr.h): Include.

The (...) is only for citing where you are touching.  There is no function,
variable, or macro called dl-load-phdr.h, so this is not right.  I'm also
not crazy about the name, since it sounds more generic than it really is.
dl-machine-reject-phdr.h would be the most specific name.

> 	(open_verify): Add hook for phdr check.

This should be more clear about what the change is.

> 	* sysdeps/generic/dl-load-phdr.h: New file.

The new file can go into elf/ instead of sysdeps/generic/, because it is
only used by code that is compiled only in the elf/ subdirectory.  The
sysdeps/generic/ directory is used for files that need to be found from
builds in multiple subdirectories.

If I'd written it, the whole log entry would look like:

	* elf/dl-machine-reject-phdr.h: New file.
	* elf/dl-load.c: #include that.
	(open_verify): Call elf_machine_reject_phdr_p and ignore the file
	if that returned false.

> +      if (__glibc_unlikely (
> +	     elf_machine_reject_phdr_p (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
> +					fd, loader)))

The indentation for this should look like:

      if (__glibc_unlikely (elf_machine_reject_phdr_p
			    (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
			     fd, loader)))

> +/* Machine-dependent ELF loader functions.

This description is too generic for what's really here.

> +#ifndef _DL_LOAD_PHDR_H
> +#define _DL_LOAD_PHDR_H

We always define these to 1 rather than empty.

You should #include <stdbool.h> here before using bool.

> +/* Return true iff ELF program headers are incompatible with the running
> +   host.  */
> +static inline bool
> +elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, uint_fast16_t phnum,
> +			   const char *buf, size_t len, int fd,
> +			   struct link_map *map)

It would be better to swap the order of the last two arguments, so you
don't have to integer types next to each other where transposing them
accidentally would not produce a type error.


Thanks,
Roland
diff mbox

Patch

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 016a99c..c1fa923 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -41,6 +41,7 @@ 
 #include <dl-load.h>
 #include <dl-map-segments.h>
 #include <dl-unmap-segments.h>
+#include <dl-load-phdr.h>
 
 
 #include <endian.h>
@@ -1697,6 +1698,11 @@  open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
 	    }
 	}
 
+      if (__glibc_unlikely (
+	     elf_machine_reject_phdr_p (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
+					fd, loader)))
+	goto close_and_out;
+
       /* Check .note.ABI-tag if present.  */
       for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
 	if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
diff --git a/sysdeps/generic/dl-load-phdr.h b/sysdeps/generic/dl-load-phdr.h
new file mode 100644
index 0000000..4e98f92
--- /dev/null
+++ b/sysdeps/generic/dl-load-phdr.h
@@ -0,0 +1,32 @@ 
+/* Machine-dependent ELF loader functions.
+   Copyright (C) 2014 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#ifndef _DL_LOAD_PHDR_H
+#define _DL_LOAD_PHDR_H
+
+/* Return true iff ELF program headers are incompatible with the running
+   host.  */
+static inline bool
+elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, uint_fast16_t phnum,
+			   const char *buf, size_t len, int fd,
+			   struct link_map *map)
+{
+  return false;
+}
+
+#endif /* dl-load-phdr.h */