| Message ID | 87b4cfec091538d664e78a46ad2d784d820e1fec.1712251001.git.quic_mathbern@quicinc.com |
|---|---|
| State | Committed |
| Headers |
Return-Path: <elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4E867385840D for <patchwork@sourceware.org>; Thu, 4 Apr 2024 17:20:07 +0000 (GMT) X-Original-To: elfutils-devel@sourceware.org Delivered-To: elfutils-devel@sourceware.org Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by sourceware.org (Postfix) with ESMTPS id 7090A3858C50 for <elfutils-devel@sourceware.org>; Thu, 4 Apr 2024 17:19:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7090A3858C50 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=quicinc.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7090A3858C50 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712251197; cv=none; b=XWNGT51PwayJcfog56lNEKKQMtzTuara7aW7q8PybDm8ImgBYZooloLDYJlck/8fGdaksX4Y+bodZLk1hdqvYOTre0oo8S69pONsD/UuUzT7AEZw7fhLUt95ImWIM8fyyHG3ofUBM9xAVDLrmDbfmy53HnA9VLegNH/jKP9Uf/0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712251197; c=relaxed/simple; bh=PP3MOoVBs7w6BuhTE5dqGUHu3/vs/7ziZcEtrwiGnD8=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=O3fNbBkP3p6emFIyA5QKutaCq+ORLDgHcW/jL4e+MNLEq735zMMvYc44h7b9kSinlWsCSE8Qp++1RnTm1DLjCKCz8QTG2j+eyOkywkItLkUT8QYYbTLGRwdx3JQlY+JxaIcXFYMz7b2QFi+LXIitQrAK8a20MLanKxySZpSn2a4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 434EUKQ9026182; Thu, 4 Apr 2024 17:19:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:content-type; s=qcppdkim1; bh=9B4Es53 aOx3L2lVOWITOw47jKftvDzwWcTCzH69jLsA=; b=nbmsyRhgvgrQctXePF1bLb2 4jjrwroGklM/jCuU4Dyyrn1iqMnh6JzMUwPYuUnQAgQBIWdtOqqv1IjOujtksxy9 KcpEsNm4Tl23nBc+N70XtwyGAgXJxOAzurp8ksEBVeEXtAP4SBWKF3JzhxXloiJO 7BN+/219chrI94P5J07lPlCsXEbRhVcYZ0lw6pv9cjZXuw314nQRLod1G2V+yu8N k6aBzSlZ7hnXQtR/ATym+JKN5ZnD1/PeLJ6u2j+rY5n7LLCCnevzngOsdf2rCRzI ziCB4dHCcfJfDegRUUmLrngAMZYxuiBBHHRULVV5+3Vt39nyYUnH4o4FVoQOw0A= = Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3x9taf0ycw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Apr 2024 17:19:52 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 434HJpLB031981 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 4 Apr 2024 17:19:51 GMT Received: from hu-mathbern-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 4 Apr 2024 10:19:50 -0700 From: Matheus Tavares Bernardino <quic_mathbern@quicinc.com> To: <elfutils-devel@sourceware.org> CC: <bcain@quicinc.com>, <sidneym@quicinc.com>, <mark@klomp.org>, <quic_apinski@quicinc.com>, <quic_mathbern@quicinc.com> Subject: [PATCH v3] Hexagon: implement machine flag check Date: Thu, 4 Apr 2024 14:19:40 -0300 Message-ID: <87b4cfec091538d664e78a46ad2d784d820e1fec.1712251001.git.quic_mathbern@quicinc.com> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.49.16.6] X-ClientProxiedBy: nalasex01b.na.qualcomm.com (10.47.209.197) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: nu35f1fPI0eYm0BA_bnKbjyLwN4uKMIC X-Proofpoint-ORIG-GUID: nu35f1fPI0eYm0BA_bnKbjyLwN4uKMIC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-04_13,2024-04-04_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 lowpriorityscore=0 impostorscore=0 priorityscore=1501 mlxlogscore=620 suspectscore=0 mlxscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2404010003 definitions=main-2404040121 X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>, <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/elfutils-devel/> List-Post: <mailto:elfutils-devel@sourceware.org> List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>, <mailto:elfutils-devel-request@sourceware.org?subject=subscribe> Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org |
| Series |
[v3] Hexagon: implement machine flag check
|
|
Commit Message
Matheus Tavares Bernardino
April 4, 2024, 5:19 p.m. UTC
This fixes the "invalid machine flag" error from eu-elflint when passing
hexagon binaries.
* backends/hexagon_init.c (hexagon_init): Hook
machine_flag_check
* backends/hexagon_symbol.c (hexagon_machine_flag_check):
new function
* libelf/elf-knowledge.h: add EF_HEXAGON_TINY constant
Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
---
v2: https://sourceware.org/pipermail/elfutils-devel/2024q2/006987.html
Changes in v3:
- Added ChangeLog to commit message.
- Implemented better machine_flag_check operation, as suggested by
bcain.
- Extracted only patch 2/2 as 1/2 was already merged.
backends/hexagon_init.c | 1 +
backends/hexagon_symbol.c | 7 +++++++
libelf/elf-knowledge.h | 1 +
3 files changed, 9 insertions(+)
Comments
Hi Matheus, On Thu, Apr 04, 2024 at 02:19:40PM -0300, Matheus Tavares Bernardino wrote: > This fixes the "invalid machine flag" error from eu-elflint when passing > hexagon binaries. > > * backends/hexagon_init.c (hexagon_init): Hook > machine_flag_check > * backends/hexagon_symbol.c (hexagon_machine_flag_check): > new function > * libelf/elf-knowledge.h: add EF_HEXAGON_TINY constant > > Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com> > --- > > v2: https://sourceware.org/pipermail/elfutils-devel/2024q2/006987.html Note that we also have a public-inbox instance, which is useful in some cases since you can address patches by message-id: https://inbox.sourceware.org/elfutils-devel/d198f1806a486bd5129c996f10680b947ecdc581.1712087613.git.quic_mathbern@quicinc.com/ > Changes in v3: > - Added ChangeLog to commit message. > - Implemented better machine_flag_check operation, as suggested by > bcain. > - Extracted only patch 2/2 as 1/2 was already merged. This looks good. Pushed, Mark
On Thu, Apr 04, 2024 at 21:43:11 +0200, Mark Wielaard wrote: > > > Note that we also have a public-inbox instance, which is useful in > some cases since you can address patches by message-id: > https://inbox.sourceware.org/elfutils-devel/d198f1806a486bd5129c996f10680b947ecdc581.1712087613.git.quic_mathbern@quicinc.com/ Awesome! I much rather prefer the public-inbox interface :) Thanks! BTW, just out of curiosity, since the last incident with xz's backdoor (which apparently involved malicious code disguised as a test binary), has the elfutils community already considered using something like Dockerfiles to generate the tests/*.ko.bz2 binaries instead of checking than in the git repo? Just something that crossed my mind while I was developing these patches.
> -----Original Message----- > From: Matheus Bernardino (QUIC) <quic_mathbern@quicinc.com> > Sent: Thursday, April 4, 2024 12:57 PM > To: mark@klomp.org > Cc: Brian Cain <bcain@quicinc.com>; elfutils-devel@sourceware.org; Andrew > Pinski (QUIC) <quic_apinski@quicinc.com>; Matheus Bernardino (QUIC) > <quic_mathbern@quicinc.com>; Sid Manning <sidneym@quicinc.com> > Subject: Re: [PATCH v3] Hexagon: implement machine flag check > > On Thu, Apr 04, 2024 at 21:43:11 +0200, Mark Wielaard wrote: > > > > > > Note that we also have a public-inbox instance, which is useful in > > some cases since you can address patches by message-id: > > https://inbox.sourceware.org/elfutils- > devel/d198f1806a486bd5129c996f10 > > 680b947ecdc581.1712087613.git.quic_mathbern@quicinc.com/ > > Awesome! I much rather prefer the public-inbox interface :) Thanks! > > BTW, just out of curiosity, since the last incident with xz's backdoor (which > apparently involved malicious code disguised as a test binary), has the elfutils > community already considered using something like Dockerfiles to generate > the tests/*.ko.bz2 binaries instead of checking than in the git repo? Just > something that crossed my mind while I was developing these patches. That came across my mind too. Especially after Mark wrote backdoor on what might need to be improved for sourceware and what tooling is needed for the projects hosted on sourceware (which is most of the GNU toolchain): https://inbox.sourceware.org/gcc/20240329203909.GS9427@gnu.wildebeest.org/T/#mc980204081b149132aeace4bf3d83cf35dad72d8 Thanks, Andrew Pinski
Hi Matheus, On Thu, 2024-04-04 at 16:56 -0300, Matheus Tavares Bernardino wrote: > BTW, just out of curiosity, since the last incident with xz's backdoor > (which apparently involved malicious code disguised as a test binary), > has the elfutils community already considered using something like > Dockerfiles to generate the tests/*.ko.bz2 binaries instead of checking > than in the git repo? Just something that crossed my mind while I was > developing these patches. Good question. Especially since I have been poking backend developers to add more of them... I think the honest question is, no we haven't considered, or even discussed, getting rid of them. So lets :) In the xz-backdoor case it was actually hidden in a test binary which wasn't actually used in the testsuite. So that is certainly something to watch out for. Does someone add a binary file for no good reason? Also this seems to be a somewhat sophisticated hack and the would probably found some other way to hide something. But you are right of course that hiding something is much easier in a binary file. So it is reasonable to ask what the alternatives are. We do actually have native testcases. So we could just rely on those. But it is really helpful to see if the code works cross-32/64 bit and cross-endian. Because one of the advantages of elfutils is that you can inspect and manipulate binaries from other arches. Another might be what bzip2 does, have all these binaries in a separate test git repo https://sourceware.org/cgit/bzip2-tests/tree/README But that kind of just moves the issue. We would encourage people to always check out that repo and run all tests in it. Another would be what you suggest. Create containers for all arches supported and (re)generate all test binaries in that container. But that would be a lot of containers and for some arches you like to have different versions of the tools to generate them. And can that be done for all arches? e.g. Does hexagon have qemu support? One advantage of this might be that you could just rely on the native tests. Assuming we add them all to builder.sourceware.org and run them on each commit. Finally we might want to only create binary files from some easily understood textual representation. Maybe using GNU Poke ELF pickles? https://jemarch.net/poke-elf-1.0-manual/poke-elf.html That sounds really attractive, but it would be a lot of work recreating the existing binary test files. And nobody has tried yet, so we don't know if this (or some other tool) is expressive enough. Cheers, Mark
On Fri, 05 Apr 2024 16:45:40 +0200 Mark Wielaard <mark@klomp.org> wrote: > > Hi Matheus, > > On Thu, 2024-04-04 at 16:56 -0300, Matheus Tavares Bernardino wrote: > > BTW, just out of curiosity, since the last incident with xz's backdoor > > (which apparently involved malicious code disguised as a test binary), > > has the elfutils community already considered using something like > > Dockerfiles to generate the tests/*.ko.bz2 binaries instead of checking > > than in the git repo? Just something that crossed my mind while I was > > developing these patches. > > [...] > In the xz-backdoor case it was actually hidden in a test binary which > wasn't actually used in the testsuite. So that is certainly something > to watch out for. Does someone add a binary file for no good reason? > Also this seems to be a somewhat sophisticated hack and the would > probably found some other way to hide something. Good point :) > Another would be what you suggest. Create containers for all arches > supported and (re)generate all test binaries in that container. But > that would be a lot of containers and for some arches you like to have > different versions of the tools to generate them. And can that be done > for all arches? e.g. Does hexagon have qemu support? It does :) But I was actually thinking about using the containers to cross-build the binaries, like we do for the QEMU tests. E.g. https://github.com/qemu/qemu/blob/master/tests/docker/dockerfiles/debian-hexagon-cross.docker Nonetheless, yeah, that will be a lot of containers, and a significant ammount of work.
diff --git a/backends/hexagon_init.c b/backends/hexagon_init.c index 9c8c6d8d..1cd27513 100644 --- a/backends/hexagon_init.c +++ b/backends/hexagon_init.c @@ -45,6 +45,7 @@ hexagon_init (Elf *elf __attribute__ ((unused)), { hexagon_init_reloc (eh); HOOK (eh, reloc_simple_type); + HOOK (eh, machine_flag_check); return eh; } diff --git a/backends/hexagon_symbol.c b/backends/hexagon_symbol.c index b341243e..5f6e0fe5 100644 --- a/backends/hexagon_symbol.c +++ b/backends/hexagon_symbol.c @@ -56,3 +56,10 @@ hexagon_reloc_simple_type (Ebl *ebl __attribute__ ((unused)), int type, return ELF_T_NUM; } } + +bool +hexagon_machine_flag_check (GElf_Word flags) +{ + GElf_Word reserved_flags = ~(EF_HEXAGON_TINY | EF_HEXAGON_MACH); + return (flags & reserved_flags) == 0; +} diff --git a/libelf/elf-knowledge.h b/libelf/elf-knowledge.h index 71535934..23e34ca1 100644 --- a/libelf/elf-knowledge.h +++ b/libelf/elf-knowledge.h @@ -119,6 +119,7 @@ #define EF_HEXAGON_MACH_V71T 0x00008071 /* Hexagon V71T */ #define EF_HEXAGON_MACH_V73 0x00000073 /* Hexagon V73 */ #define EF_HEXAGON_MACH 0x000003ff /* Hexagon V.. */ +#define EF_HEXAGON_TINY 0x00008000 /* Hexagon V..T */ /* Special section indices. */ #define SHN_HEXAGON_SCOMMON 0xff00 /* Other access sizes */