From nobody Wed Apr 9 00:54:09 2025 Return-Path: qemu-devel-bounces+famz=redhat.com@nongnu.org Received: from zmta03.collab.prod.int.phx2.redhat.com (LHLO zmta03.collab.prod.int.phx2.redhat.com) (10.5.81.10) by zmail26.collab.prod.int.phx2.redhat.com with LMTP; Mon, 4 Sep 2017 08:39:22 -0400 (EDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 76DD145005 for ; Mon, 4 Sep 2017 08:39:22 -0400 (EDT) Received: by smtp.corp.redhat.com (Postfix) id 733047F1A0; Mon, 4 Sep 2017 12:39:22 +0000 (UTC) Delivered-To: famz@redhat.com Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6B91C11CC02 for ; Mon, 4 Sep 2017 12:39:19 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D4D246DDB6 for ; Mon, 4 Sep 2017 12:39:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D4D246DDB6 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=qemu-devel-bounces+famz=redhat.com@nongnu.org DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com D4D246DDB6 Received: from localhost ([::1]:59607 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1doqes-0006JR-2x for famz@redhat.com; Mon, 04 Sep 2017 08:39:18 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52602) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1doqST-00051b-1j for qemu-devel@nongnu.org; Mon, 04 Sep 2017 08:26:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1doqSD-0004n2-Rs for qemu-devel@nongnu.org; Mon, 04 Sep 2017 08:26:29 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37118) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1doqSD-0004ma-KI for qemu-devel@nongnu.org; Mon, 04 Sep 2017 08:26:13 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1doqSC-0005W7-Lg for qemu-devel@nongnu.org; Mon, 04 Sep 2017 13:26:12 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Mon, 4 Sep 2017 13:25:47 +0100 Message-Id: <1504527967-29248-17-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1504527967-29248-1-git-send-email-peter.maydell@linaro.org> References: <1504527967-29248-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 16/36] loader: Handle ELF files with overlapping zero-initialized data X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+famz=redhat.com@nongnu.org Sender: "Qemu-devel" X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 205 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 04 Sep 2017 12:39:19 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 04 Sep 2017 12:39:19 +0000 (UTC) for IP:'208.118.235.17' DOMAIN:'lists.gnu.org' HELO:'lists.gnu.org' FROM:'redhat.com@nongnu.org' RCPT:'' X-RedHat-Spam-Score: -5.02 (HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS) 208.118.235.17 lists.gnu.org 208.118.235.17 lists.gnu.org X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Content-Length: 5390 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" For embedded systems, notably ARM, one common use of ELF file segments is that the 'physical addresses' represent load addresses and the 'virtual addresses' execution addresses, such that the load addresses are packed into ROM or flash, and the relocation and zero-initialization of data is done at runtime. This means that the 'memsz' in the segment header represents the runtime size of the segment, but the size that needs to be loaded is only the 'filesz'. In particular, paddr+memsz may overlap with the next segment to be loaded, as in this example: 0x70000001 off 0x00007f68 vaddr 0x00008150 paddr 0x00008150 align 2**2 filesz 0x00000008 memsz 0x00000008 flags r-- LOAD off 0x000000f4 vaddr 0x00000000 paddr 0x00000000 align 2**2 filesz 0x00000124 memsz 0x00000124 flags r-- LOAD off 0x00000218 vaddr 0x00000400 paddr 0x00000400 align 2**3 filesz 0x00007d58 memsz 0x00007d58 flags r-x LOAD off 0x00007f70 vaddr 0x20000140 paddr 0x00008158 align 2**3 filesz 0x00000a80 memsz 0x000022f8 flags rw- LOAD off 0x000089f0 vaddr 0x20002438 paddr 0x00008bd8 align 2**0 filesz 0x00000000 memsz 0x00004000 flags rw- LOAD off 0x000089f0 vaddr 0x20000000 paddr 0x20000000 align 2**0 filesz 0x00000000 memsz 0x00000140 flags rw- where the segment at paddr 0x8158 has a memsz of 0x2258 and would overlap with the segment at paddr 0x8bd8 if QEMU's loader tried to honour it. (At runtime the segments will not overlap since their vaddrs are more widely spaced than their paddrs.) Currently if you try to load an ELF file like this with QEMU then it will fail with an error "rom: requested regions overlap", because we create a ROM image for each segment using the memsz as the size. Support ELF files using this scheme, by truncating the zero-initialized part of the segment if it would overlap another segment. This will retain the existing loader behaviour for all ELF files we currently accept, and also accept ELF files which only need 'filesz' bytes to be loaded. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1502116754-18867-2-git-send-email-peter.maydell@linaro.org --- include/hw/elf_ops.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h index a172a60..2e526d3 100644 --- a/include/hw/elf_ops.h +++ b/include/hw/elf_ops.h @@ -362,6 +362,54 @@ static int glue(load_elf, SZ)(const char *name, int fd, goto fail; } } + + /* The ELF spec is somewhat vague about the purpose of the + * physical address field. One common use in the embedded world + * is that physical address field specifies the load address + * and the virtual address field specifies the execution addre= ss. + * Segments are packed into ROM or flash, and the relocation + * and zero-initialization of data is done at runtime. This + * means that the memsz header represents the runtime size of = the + * segment, but the filesz represents the loadtime size. If + * we try to honour the memsz value for an ELF file like this + * we will end up with overlapping segments (which the + * loader.c code will later reject). + * We support ELF files using this scheme by by checking wheth= er + * paddr + memsz for this segment would overlap with any other + * segment. If so, then we assume it's using this scheme and + * truncate the loaded segment to the filesz size. + * If the segment considered as being memsz size doesn't overl= ap + * then we use memsz for the segment length, to handle ELF fil= es + * which assume that the loader will do the zero-initializatio= n. + */ + if (mem_size > file_size) { + /* If this segment's zero-init portion overlaps another + * segment's data or zero-init portion, then truncate this= one. + * Invalid ELF files where the segments overlap even when + * only file_size bytes are loaded will be rejected by + * the ROM overlap check in loader.c, so we don't try to + * explicitly detect those here. + */ + int j; + elf_word zero_start =3D ph->p_paddr + file_size; + elf_word zero_end =3D ph->p_paddr + mem_size; + + for (j =3D 0; j < ehdr.e_phnum; j++) { + struct elf_phdr *jph =3D &phdr[j]; + + if (i !=3D j && jph->p_type =3D=3D PT_LOAD) { + elf_word other_start =3D jph->p_paddr; + elf_word other_end =3D jph->p_paddr + jph->p_memsz; + + if (!(other_start >=3D zero_end || + zero_start >=3D other_end)) { + mem_size =3D file_size; + break; + } + } + } + } + /* address_offset is hack for kernel images that are linked at the wrong physical address. */ if (translate_fn) { --=20 2.7.4