From patchwork Tue Mar 21 11:49:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ricardo Ribalda X-Patchwork-Id: 72841 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp1744871wrt; Tue, 21 Mar 2023 05:26:12 -0700 (PDT) X-Google-Smtp-Source: AK7set9eh8blh/cW2haNnq+FwISQEYJmCwli0iSZzJ281eTm6gd9I1/zYRndsxzhwwloes1+7beh X-Received: by 2002:a05:6a20:4a17:b0:da:c40:8d8 with SMTP id fr23-20020a056a204a1700b000da0c4008d8mr2055501pzb.4.1679401572154; Tue, 21 Mar 2023 05:26:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679401572; cv=none; d=google.com; s=arc-20160816; b=r5p1Cb6Rgx9X90os0fU+w2UQkIwhAuEofgnd0sbocU3Zg1EgSZxoTVtneXFyy+Wd7j Vt3lhWkejFvX0lpZVJroDCnLQJzOG22R+x6M89c+XtZ5o8tlLGjTBnKbBSck7s0TuNAg rGDhS98etbObtauhKwsKPL32VQCxbORisq1FGNo3aQ/JzUcxYZFIyj+eWNuDk4xHb9uf 1w/oshWUdq8IPowtjPPGjtGkFPCLJpjnc8sDAlvdfP4b5wpRFmFu1H3m7p/04fiOObDC w5LP42HNm3NE4uXVBJF3hb/J6Hf+fXELcGy/RP0xcAtP1SdckpcID6X7LGuke1aeymJS apAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:message-id:content-transfer-encoding :mime-version:subject:date:from:dkim-signature; bh=wfc/MKwL6R69K5wz8AOeHXnxOrck8uBBMJXOwwRZiMA=; b=rmBZfm88ky817kgtJ/taxq0yv9ual3VXpxAnlnE6rAAJC6ybkAGaKN6RdZGJiVm+af jcRgfpsTdXf0DN5E1JMqRiSzjd4+elDCGj3CZBkOLMg9v/sxngx3vOddJL3NOXvpxaR5 pAVHSRylCElb4zc5TztBTfOYaCdc4CaKka7dN9l8l4uil0g1DdHv76I9FlmhPiwLqCHW uxkg9qoDwhWjmGLfpm5XQ+GIS+ZQPj2yK28EHlLqx36888WT2v04lXXz0c8DKRDHsjp3 T/CcCHQVt2L+OVwBsT/3lYbR7UMzpoJsPj0ysO3u1i8rVDLZSqxmqwVulmWvCMw94m8T YNnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=hqeF1dzv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w22-20020a056a0014d600b005a919052520si13295961pfu.317.2023.03.21.05.25.56; Tue, 21 Mar 2023 05:26:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=hqeF1dzv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230436AbjCULtu (ORCPT + 99 others); Tue, 21 Mar 2023 07:49:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230381AbjCULto (ORCPT ); Tue, 21 Mar 2023 07:49:44 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB106DBC0 for ; Tue, 21 Mar 2023 04:49:31 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id t5so21684666edd.7 for ; Tue, 21 Mar 2023 04:49:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1679399370; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=wfc/MKwL6R69K5wz8AOeHXnxOrck8uBBMJXOwwRZiMA=; b=hqeF1dzvKFnVOu3pPvTcvVWaYPURtGrMkJs+VoOA7NeCEwSjuKUV4S9Jgi41+DRCVT nDgoCi9okHijFcq+EEepOhHzvQxsO7NU/XnDFGwfu0Wj1Fs7dwZ2x6mIZfve0hZWYCw4 bhO2WkmO1otQ9wjov9G0w3pX3Sa/qRbQ7FEnY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679399370; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wfc/MKwL6R69K5wz8AOeHXnxOrck8uBBMJXOwwRZiMA=; b=LTmeuYMlK6Nfl2yoXFk2vuYpbAP496+ZkuqLchJ1VafRw64Rh7xbZlAiJ5KzUkNnag oO7f7SLYL42GnjW9L3Cp35SPpYciPIE8Vp7fJOfMlbY3FXj5iPeIpXuaCG9e7NT5PzSQ YAOIJX6oeTBgoWX30Z7zj4wg7WFPm0UruNmCATHlzJY6z+22zBmbHK+Qb/Armdg+2iO+ FX5cOhdYXhGq8RLDi/AD7JOUBXgMhd6DK9BGP3AA4W/YRltYZWATxoUQR86Ya/G+KQia aUH4HRwb7XQdKmR1q/11Pcf3Nm5vtTjI25qtU6c4bD8GEBJDXuRfaDVnf/z7t6UUy3Zc BlSQ== X-Gm-Message-State: AO0yUKW3rsjmdxFDU7rnS7d7KxZKu4AoW44waEfBv8QeNJq5jeCs7a8M OeUsxf+tilTJccI+gDQPS0+9Nw== X-Received: by 2002:a17:906:f8c2:b0:930:3916:df17 with SMTP id lh2-20020a170906f8c200b009303916df17mr2808888ejb.0.1679399370203; Tue, 21 Mar 2023 04:49:30 -0700 (PDT) Received: from alco.roam.corp.google.com ([2620:0:1059:10:1066:a3f0:9dfa:4604]) by smtp.gmail.com with ESMTPSA id gv27-20020a1709072bdb00b008b9b4ab6ad1sm5682835ejc.102.2023.03.21.04.49.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Mar 2023 04:49:29 -0700 (PDT) From: Ricardo Ribalda Date: Tue, 21 Mar 2023 12:49:08 +0100 Subject: [PATCH] kexec: Support purgatories with .text.hot sections MIME-Version: 1.0 Message-Id: <20230321-kexec_clang16-v1-0-a768fc2c7c4d@chromium.org> To: Eric Biederman Cc: Philipp Rudo , Ricardo Ribalda , linux-kernel@vger.kernel.org, kexec@lists.infradead.org X-Mailer: b4 0.11.0-dev-696ae X-Developer-Signature: v=1; a=openpgp-sha256; l=3075; i=ribalda@chromium.org; h=from:subject:message-id; bh=L5iy/RBbUSnp18lqg34HLuwN0ZubleWR8YgXa0JvyoY=; b=owEBbQKS/ZANAwAKAdE30T7POsSIAcsmYgBkGZnBY8DH4DLVJKyCFvKrPsDgIulVhZBdn63lYLCA ZGHPU66JAjMEAAEKAB0WIQREDzjr+/4oCDLSsx7RN9E+zzrEiAUCZBmZwQAKCRDRN9E+zzrEiH89D/ 0SBPLgBlsByQkpnKEHmdb/+FGZhQdP8pzvqICJzE5FSm5AbLQkkBGsbsn/OCJbxZgz48M/nyXISz3P eqo5os9lgQJrZR0402pKlYMaY6WxbToVesC2SjKKFC15bESzf60lL8KNnIxhwsFDwiCRv1sgCn2jgl HOsT2/RIIOAQ6fdKoWAzZ0m/UOt9gPfjQqh9jce4oW2tYQ/gKHvJohcczJIxQn8d14eYGZWbQOdxjO pWTSz9JlQssUwykW3m30ZAFZ3eDmFpUldV1fIDfDE9ADDymeAzIXKF7mjbzqhWEJW6S8/g26MQCq1n Xx+4+n1m84Pj9iSIoBRDQ5tNGJSpvCXJ3Xdp3WrSaun9eSFKOuv2skMZP8tDvh5D+/yNzcYLMPgHD9 yYV9j6R3tGc2oV3CWBrkmzzU4ZtzZLJFJpP60Rck+Vl/FPQ/qmd67OD4qzOnlNrSSuo3c9LxAu5Jcy hlSyzOkrtRhfsAfU4hjQDEl2IxXvvcz87J6R+BKUjPBf5xAor3aIiYDGrplVGgtVddCOZOJQpAiPQc MajN346hQO3biY2LLKWtL7nVDwV9iOaMpe0grfmV7vL+o5kLxqyHsMHQyzz4bb97FyDoKYalaHiyao gNd6rdc0NCUTUV2g5xsUXHYK/axh475DE/LsZNhecsEeGSUaL6C4di6XPw7g== X-Developer-Key: i=ribalda@chromium.org; a=openpgp; fpr=9EC3BB66E2FC129A6F90B39556A0D81F9F782DA9 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760980182945794112?= X-GMAIL-MSGID: =?utf-8?q?1760980182945794112?= Clang16 links the purgatory text in two sections: [ 1] .text PROGBITS 0000000000000000 00000040 00000000000011a1 0000000000000000 AX 0 0 16 [ 2] .rela.text RELA 0000000000000000 00003498 0000000000000648 0000000000000018 I 24 1 8 ... [17] .text.hot. PROGBITS 0000000000000000 00003220 000000000000020b 0000000000000000 AX 0 0 1 [18] .rela.text.hot. RELA 0000000000000000 00004428 0000000000000078 0000000000000018 I 24 17 8 And both of them have their range [sh_addr ... sh_addr+sh_size] on the area pointed by `e_entry`. This causes that image->start is calculated twice, once for .text and another time for .text.hot. The second calculation leaves image->start in a random location. Because of this, the system crashes inmediatly after: kexec_core: Starting new kernel Signed-off-by: Ricardo Ribalda Reviewed-by: Ross Zwisler --- kexec: Support purgatories with .text.hot sections Clang16 links the purgatory text in two sections: [ 1] .text PROGBITS 0000000000000000 00000040 00000000000011a1 0000000000000000 AX 0 0 16 [ 2] .rela.text RELA 0000000000000000 00003498 0000000000000648 0000000000000018 I 24 1 8 ... [17] .text.hot. PROGBITS 0000000000000000 00003220 000000000000020b 0000000000000000 AX 0 0 1 [18] .rela.text.hot. RELA 0000000000000000 00004428 0000000000000078 0000000000000018 I 24 17 8 And both of them have their range [sh_addr ... sh_addr+sh_size] on the area pointed by `e_entry`. This causes that image->start is calculated twice, once for .text and another time for .text.hot. The second calculation leaves image->start in a random location. Because of this, the system crashes inmediatly after: kexec_core: Starting new kernel To: Eric Biederman Cc: Philipp Rudo Cc: kexec@lists.infradead.org Cc: linux-kernel@vger.kernel.org --- kernel/kexec_file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- base-commit: 17214b70a159c6547df9ae204a6275d983146f6b change-id: 20230321-kexec_clang16-4510c23d129c Best regards, diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index f1a0e4e3fb5c..b1a25d97d5e2 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -904,7 +904,8 @@ static int kexec_purgatory_setup_sechdrs(struct purgatory_info *pi, if (sechdrs[i].sh_flags & SHF_EXECINSTR && pi->ehdr->e_entry >= sechdrs[i].sh_addr && pi->ehdr->e_entry < (sechdrs[i].sh_addr - + sechdrs[i].sh_size)) { + + sechdrs[i].sh_size) && + kbuf->image->start != pi->ehdr->e_shnum) { kbuf->image->start -= sechdrs[i].sh_addr; kbuf->image->start += kbuf->mem + offset; }