From patchwork Thu Nov 16 13:24:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 24292
Received: (qmail 36374 invoked by alias); 16 Nov 2017 13:24:43 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 36359 invoked by uid 89); 16 Nov 2017 13:24:42 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-25.0 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2,
	GIT_PATCH_3, KB_WAM_FROM_NAME_SINGLEWORD, RCVD_IN_DNSWL_NONE,
	SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mail-ot0-f178.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
	bh=d85+TdW9uMVWCCJnKR8h6W7RKgi7XsNeYQ5U4dVHRSY=;
	b=JDYB4TFpcy8sL0Nvfjn8pS6KGZE92lhPMO5cFYJyQqjLSf62Qx2ulIEiChvw/RrZyV
	b6u+j47NiNR5T39r98Wg8ZQPAky1r+pwTwqoncPcktLdgaD+lZB9sc8JnJwJAyYPRm7s
	JKaPqlJl8tCP+THCe4Q+fJKpsFklvVHZ8z1n0Mil5Ma054KA2hSO5KtrXCoCNTg8W5EQ
	eEK57miBIBJtxReCFqvZ8NV/A1biwzVr3uQpUwNfO2x+Y+PgKvFpZOxgQHH/e4BXy1PG
	6mmM0a8M8D2CaoqTKnbaSrZubYatEAN3AGQcmRGnShaB6xnCzOUeB+aAIPLipBUH7p6Z
	UJNQ==
X-Gm-Message-State: AJaThX5UV6wG0yGgZ+38f3O7BacM0H9KuMGS3KYwcdOd5oMCqW7CpGd9
	6hlsOWXaLTzQ5XBjA0VonCRn1jnUj/n7GSAoRBg=
X-Google-Smtp-Source: 
 AGs4zMa55cj/jKwJH0+iHS85AOUMxWY4SDQzZFnTR01VESKXfszcmFDAh5s4KcVsfvauhYv4TDCwJgL4T/rwPN2TuOY=
X-Received: by 10.157.65.213 with SMTP id v21mr1153400oti.392.1510838678966;
	Thu, 16 Nov 2017 05:24:38 -0800 (PST)
MIME-Version: 1.0
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 16 Nov 2017 05:24:38 -0800
Message-ID: 
 <CAMe9rOoBdhpLRDxbkx3MbOHRpLifa0-SHO46XT9QKYWNPQxMTQ@mail.gmail.com>
Subject: [PATCH] Properly compute offsets of note descriptor and next note
	[BZ #22370]
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: GNU C Library <libc-alpha@sourceware.org>

On Wed, Nov 15, 2017 at 3:03 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
> On Sun, Nov 12, 2017 at 8:03 AM, Andreas Schwab <schwab@linux-m68k.org> wrote:
>> On Nov 12 2017, "H.J. Lu" <hjl.tools@gmail.com> wrote:
>>
>>> Data after Elf64_Nhdr is the "name" field which is a 4-byte string, "GNU".
>>> There is no misalignment.
>>
>> That's not what your patch does.  You are aligning both the name length
>> and the data length to a 8 byte boundary, making the note size
>> unaligned.
>>
>
> You are right.  Both glibc and binutils get this wrong.  I opened a
> binutils bug:
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=22444
>
> I will fix it first and take care of glibc next.
>

Here is the glibc path.

Any comments?

From 0dfdda09f7b0faef5ff166f3e4e099b20571b76c Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 31 Oct 2017 04:51:41 -0700
Subject: [PATCH] Properly compute offsets of note descriptor and next note [BZ
 #22370]

A note header has 3 4-bytes fields, followed by note name and note
descriptor.  According to gABI, in a note entry, the note name field,
not note name size, is padded for the note descriptor.  And the note
descriptor field, not note descriptor size, is padded for the next
note entry.  Notes are aligned to 4 bytes in 32-bit objects and 8 bytes
in 64-bit objects.

For all GNU notes, the name is "GNU" which is 4 bytes.  They have the
same format in the first 16 bytes in both 32-bit and 64-bit objects.
They differ by note descriptor size and note type.  So far, .note.ABI-tag
and .note.gnu.build-id notes are always aligned to 4 bytes.  The exsting
codes compute the note size by aligning the note name size and note
descriptor size to 4 bytes.  It happens to produce the same value as
the actual note size by luck since the name size is 4 and offset of the
note descriptor is 16.  But it will produce the wrong size when note
alignment is 8 bytes in 64-bit objects.

This patch defines ELF_NOTE_DESC_OFFSET and ELF_NOTE_NEXT_OFFSET to
properly compute offsets of note descriptor and next note.  It uses
alignment of PT_NOTE segment to support both 4-byte and 8-byte note
alignments in 64-bit objects.

	[BZ #22370]
	* dl-hwcaps.c (ROUND): Removed.
	(_dl_important_hwcaps): Replace ROUND with ELF_NOTE_DESC_OFFSET
	and ELF_NOTE_NEXT_OFFSET.
	* elf/dl-load.c (ROUND): Removed.
	(open_verify): Replace ROUND with ELF_NOTE_NEXT_OFFSET.
	* elf/readelflib.c (ROUND): Removed.
	(process_elf_file): Replace ROUND with ELF_NOTE_NEXT_OFFSET.
	* include/elf.h [!_ISOMAC]: Include <libc-pointer-arith.h>.
	[!_ISOMAC] (ELF_NOTE_DESC_OFFSET): New.
	[!_ISOMAC] (ELF_NOTE_NEXT_OFFSET): Likewise.
---
 elf/dl-hwcaps.c  | 13 +++++++------
 elf/dl-load.c    |  8 ++++----
 elf/readelflib.c |  8 ++++----
 include/elf.h    | 16 ++++++++++++++--
 4 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/elf/dl-hwcaps.c b/elf/dl-hwcaps.c
index 92f2eb45ce..16da4191f0 100644
--- a/elf/dl-hwcaps.c
+++ b/elf/dl-hwcaps.c
@@ -67,6 +67,7 @@ _dl_important_hwcaps (const char *platform, size_t platform_len, size_t *sz,
 	  {
 	    const ElfW(Addr) start = (phdr[i].p_vaddr
 				      + GLRO(dl_sysinfo_map)->l_addr);
+	    const ElfW(Addr) align = phdr[i].p_align;
 	    /* The standard ELF note layout is exactly as the anonymous struct.
 	       The next element is a variable length vendor name of length
 	       VENDORLEN (with a real length rounded to ElfW(Word)), followed
@@ -80,7 +81,6 @@ _dl_important_hwcaps (const char *platform, size_t platform_len, size_t *sz,
 	    } *note = (const void *) start;
 	    while ((ElfW(Addr)) (note + 1) - start < phdr[i].p_memsz)
 	      {
-#define ROUND(len) (((len) + sizeof (ElfW(Word)) - 1) & -sizeof (ElfW(Word)))
 		/* The layout of the type 2, vendor "GNU" note is as follows:
 		   .long <Number of capabilities enabled by this note>
 		   .long <Capabilities mask> (as mask >> _DL_FIRST_EXTRA).
@@ -91,17 +91,18 @@ _dl_important_hwcaps (const char *platform, size_t platform_len, size_t *sz,
 		    && !memcmp ((note + 1), "GNU", sizeof "GNU")
 		    && note->datalen > 2 * sizeof (ElfW(Word)) + 2)
 		  {
-		    const ElfW(Word) *p = ((const void *) (note + 1)
-					   + ROUND (sizeof "GNU"));
+		    const ElfW(Word) *p
+		      = ((const void *) note
+			 + ELF_NOTE_DESC_OFFSET (sizeof "GNU", align));
 		    cnt += *p++;
 		    ++p;	/* Skip mask word.  */
 		    dsocaps = (const char *) p; /* Pseudo-string "<b>name"  */
 		    dsocapslen = note->datalen - sizeof *p * 2;
 		    break;
 		  }
-		note = ((const void *) (note + 1)
-			+ ROUND (note->vendorlen) + ROUND (note->datalen));
-#undef ROUND
+		note = ((const void *) note
+			+ ELF_NOTE_NEXT_OFFSET (note->vendorlen,
+						note->datalen, align));
 	      }
 	    if (dsocaps != NULL)
 	      break;
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 1220183ce2..388135f4ae 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1683,6 +1683,7 @@ open_verify (const char *name, int fd,
 	if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
 	  {
 	    ElfW(Addr) size = ph->p_filesz;
+	    ElfW(Addr) align = ph->p_align;
 
 	    if (ph->p_offset + size <= (size_t) fbp->len)
 	      abi_note = (void *) (fbp->buf + ph->p_offset);
@@ -1696,10 +1697,9 @@ open_verify (const char *name, int fd,
 
 	    while (memcmp (abi_note, &expected_note, sizeof (expected_note)))
 	      {
-#define ROUND(len) (((len) + sizeof (ElfW(Word)) - 1) & -sizeof (ElfW(Word)))
-		ElfW(Addr) note_size = 3 * sizeof (ElfW(Word))
-				       + ROUND (abi_note[0])
-				       + ROUND (abi_note[1]);
+		ElfW(Addr) note_size
+		  = ELF_NOTE_NEXT_OFFSET (abi_note[0], abi_note[1],
+					  align);
 
 		if (size - 32 < note_size)
 		  {
diff --git a/elf/readelflib.c b/elf/readelflib.c
index 9ad56dcc34..b168cb8804 100644
--- a/elf/readelflib.c
+++ b/elf/readelflib.c
@@ -131,15 +131,15 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
 	      ElfW(Word) *abi_note = (ElfW(Word) *) (file_contents
 						     + segment->p_offset);
 	      ElfW(Addr) size = segment->p_filesz;
+	      ElfW(Addr) align = segment->p_align;
 
 	      while (abi_note [0] != 4 || abi_note [1] != 16
 		     || abi_note [2] != 1
 		     || memcmp (abi_note + 3, "GNU", 4) != 0)
 		{
-#define ROUND(len) (((len) + sizeof (ElfW(Word)) - 1) & -sizeof (ElfW(Word)))
-		  ElfW(Addr) note_size = 3 * sizeof (ElfW(Word))
-					 + ROUND (abi_note[0])
-					 + ROUND (abi_note[1]);
+		  ElfW(Addr) note_size
+		    = ELF_NOTE_NEXT_OFFSET (abi_note[0], abi_note[1],
+					    align);
 
 		  if (size - 32 < note_size || note_size == 0)
 		    {
diff --git a/include/elf.h b/include/elf.h
index f06a33f256..ab76aafb1e 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -1,7 +1,19 @@
 #ifndef _ELF_H
 #include <elf/elf.h>
 
-# ifndef _ISOMAC
+#ifndef _ISOMAC
+
+# include <libc-pointer-arith.h>
+
+/* Compute the offset of the note descriptor from size of note entry's
+   owner string and note alignment.  */
+# define ELF_NOTE_DESC_OFFSET(namesz, align) \
+  ALIGN_UP (sizeof (ElfW(Nhdr)) + (namesz), (align))
+
+/* Compute the offset of the next note entry from size of note entry's
+   owner string, size of the note descriptor and note alignment.  */
+# define ELF_NOTE_NEXT_OFFSET(namesz, descsz, align) \
+  ALIGN_UP (ELF_NOTE_DESC_OFFSET ((namesz), (align)) + (descsz), (align))
 
 /* Some information which is not meant for the public and therefore not
    in <elf.h>.  */
@@ -13,5 +25,5 @@
    (DF_1_NOW | DF_1_NODELETE | DF_1_INITFIRST | DF_1_NOOPEN \
     | DF_1_ORIGIN | DF_1_NODEFLIB)
 
-# endif /* !_ISOMAC */
+#endif /* !_ISOMAC */
 #endif /* elf.h */
-- 
2.13.6