diff mbox series

elf: Use the 64-bit wide 'seen' variable

Message ID 20210807142223.58295-1-sh1r4s3@mail.si-head.nl
State New
Headers show
Series elf: Use the 64-bit wide 'seen' variable | expand

Checks

Context Check Description
dj/TryBot-apply_patch success Patch applied to master at the time it was sent
dj/TryBot-32bit success Build for i686

Commit Message

Nikita Ermakov Aug. 7, 2021, 2:22 p.m. UTC
The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
type with a value greater than 31 as it leads to wrapping and crumbling
of the 'seen' variable.

For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
(which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
value.

Using 64-bit wide 'seen' variable allows to handle such situations.

Signed-off-by: Nikita Ermakov <sh1r4s3@mail.si-head.nl>
---
 elf/dl-sysdep.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Dmitry V. Levin Aug. 9, 2021, 12:46 a.m. UTC | #1
On Sat, Aug 07, 2021 at 05:22:23PM +0300, Nikita Ermakov via Libc-alpha wrote:
> The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
> type with a value greater than 31 as it leads to wrapping and crumbling
> of the 'seen' variable.
> 
> For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
> (which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
> value.
> 
> Using 64-bit wide 'seen' variable allows to handle such situations.

I agree with the analysis, but I'm not sure uint64_t would be the most
appropriate type in this case.  I'd suggest to consider using uintmax_t
instead.
Andreas Schwab Aug. 9, 2021, 7:48 a.m. UTC | #2
On Aug 09 2021, Dmitry V. Levin wrote:

> On Sat, Aug 07, 2021 at 05:22:23PM +0300, Nikita Ermakov via Libc-alpha wrote:
>> The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
>> type with a value greater than 31 as it leads to wrapping and crumbling
>> of the 'seen' variable.
>> 
>> For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
>> (which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
>> value.
>> 
>> Using 64-bit wide 'seen' variable allows to handle such situations.
>
> I agree with the analysis, but I'm not sure uint64_t would be the most
> appropriate type in this case.  I'd suggest to consider using uintmax_t
> instead.

AT_* constants can be arbitrary so no type will fit.  The right way to
fix that is to check the range.

Of course, this is only relevant for non-linux configurations.

Andreas.
Nikita Ermakov Aug. 17, 2021, 6:03 p.m. UTC | #3
Hi Andreas, Dmitry,

Thank you for the comments!
I'm sorry, I was rather busy past week so couldn't reply.

On Mon, Aug 09, 2021 at 09:48:38AM +0200, Andreas Schwab wrote:
> On Aug 09 2021, Dmitry V. Levin wrote:
> 
> > On Sat, Aug 07, 2021 at 05:22:23PM +0300, Nikita Ermakov via Libc-alpha wrote:
> >> The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
> >> type with a value greater than 31 as it leads to wrapping and crumbling
> >> of the 'seen' variable.
> >> 
> >> For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
> >> (which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
> >> value.
> >> 
> >> Using 64-bit wide 'seen' variable allows to handle such situations.
> >
> > I agree with the analysis, but I'm not sure uint64_t would be the most
> > appropriate type in this case.  I'd suggest to consider using uintmax_t
> > instead.
> 
> AT_* constants can be arbitrary so no type will fit.  The right way to
> fix that is to check the range.
> 
> Of course, this is only relevant for non-linux configurations.
> 

So, if AT_* constants can be arbitrary, then we could probably skip all
constants with a value > sizeof(uintmax_t)*8 and process the rest with the uintmax_t variable?
diff mbox series

Patch

diff --git a/elf/dl-sysdep.c b/elf/dl-sysdep.c
index d47bef1340..bb81d3be57 100644
--- a/elf/dl-sysdep.c
+++ b/elf/dl-sysdep.c
@@ -96,12 +96,12 @@  _dl_sysdep_start (void **start_argptr,
 #else
   uid_t uid = 0;
   gid_t gid = 0;
-  unsigned int seen = 0;
+  uint64_t seen = 0;
 # define set_seen_secure() (seen = -1)
 # ifdef HAVE_AUX_XID
 #  define set_seen(tag) (tag)	/* Evaluate for the side effects.  */
 # else
-#  define M(type) (1 << (type))
+#  define M(type) ((uint64_t)1 << (type))
 #  define set_seen(tag) seen |= M ((tag)->a_type)
 # endif
 #endif