[Qemu-devel] [PATCH 0/2] loader: Handle ELF files with overlapping zero-init data

Peter Maydell posted 2 patches 6 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1502116754-18867-1-git-send-email-peter.maydell@linaro.org
Test FreeBSD passed
Test checkpatch passed
Test docker passed
Test s390x passed
include/hw/elf_ops.h | 72 +++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 65 insertions(+), 7 deletions(-)
[Qemu-devel] [PATCH 0/2] loader: Handle ELF files with overlapping zero-init data
Posted by Peter Maydell 6 years, 7 months ago
For embedded systems, notably ARM, one common use of ELF file
segments is that the 'physical addresses' represent load addresses
and the 'virtual addresses' execution addresses, such that the load
addresses are packed into ROM or flash, and the relocation and
zero-initialization of data is done at runtime.  This means that the
'memsz' in the segment header represents the runtime size of the
segment, but the size that needs to be loaded is only the 'filesz'. 
In particular, paddr+memsz may overlap with another segment to be
loaded, as in this example:

0x70000001 off    0x00007f68 vaddr 0x00008150 paddr 0x00008150 align 2**2
         filesz 0x00000008 memsz 0x00000008 flags r--
    LOAD off    0x000000f4 vaddr 0x00000000 paddr 0x00000000 align 2**2
         filesz 0x00000124 memsz 0x00000124 flags r--
    LOAD off    0x00000218 vaddr 0x00000400 paddr 0x00000400 align 2**3
         filesz 0x00007d58 memsz 0x00007d58 flags r-x
    LOAD off    0x00007f70 vaddr 0x20000140 paddr 0x00008158 align 2**3
         filesz 0x00000a80 memsz 0x000022f8 flags rw-
    LOAD off    0x000089f0 vaddr 0x20002438 paddr 0x00008bd8 align 2**0
         filesz 0x00000000 memsz 0x00004000 flags rw-
    LOAD off    0x000089f0 vaddr 0x20000000 paddr 0x20000000 align 2**0
         filesz 0x00000000 memsz 0x00000140 flags rw-

where the segment at paddr 0x8158 has a memsz of 0x2258 and
would overlap with the segment at paddr 0x8bd8 if QEMU's loader
tried to honour it. (At runtime the segments will not overlap
since their vaddrs are more widely spaced than their paddrs.)

Currently if you try to load an ELF file like this with QEMU then
it will fail with an error "rom: requested regions overlap",
because we create a ROM image for each segment using the memsz
as the size.

This patchset adds support for ELF files using this scheme, by
truncating the zero-initialized part of the segment if it would
overlap another segment.  This will retain the existing loader
behaviour for all ELF files we currently accept, and also accept ELF
files which only need 'filesz' bytes to be loaded.

Patch 2 deals with a vaguely related issue which is that if the ELF
file specified a zero-length segment we would happily try to create
a zero-length ROM blob, which could then falsely trigger the
ROM-overlap check. (The zero-length case is more common after patch
1 has done its truncation thing, but I have seen real-world ELF
files with both filesz and memsz zero...)

thanks
-- PMM

Peter Maydell (2):
  loader: Handle ELF files with overlapping zero-initialized data
  loader: Ignore zero-sized ELF segments

 include/hw/elf_ops.h | 72 +++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 65 insertions(+), 7 deletions(-)

-- 
2.7.4