This is an archive of the discontinued LLVM Phabricator instance.

Differential D49607

[ELF] Check eh_frame_hdr overflow with PC offsets instead of PC absolute addresses
ClosedPublic

Authored by MaskRay on Jul 20 2018, 10:09 AM.

Details

Reviewers
grimar
ruiu
espindola
Commits
rGa66d77b22bee: [ELF] Check eh_frame_hdr overflow with PC offsets instead of PC absolute…
rL337610: [ELF] Check eh_frame_hdr overflow with PC offsets instead of PC absolute…
rLLD337610: [ELF] Check eh_frame_hdr overflow with PC offsets instead of PC absolute…

Diff Detail

Event Timeline

MaskRay created this revision.Jul 20 2018, 10:09 AM
Herald added a reviewer: espindola. · View Herald TranscriptJul 20 2018, 10:09 AM
Herald added subscribers: llvm-commits, arichardson, emaste. · View Herald Transcript
Harbormaster completed remote builds in B20552: Diff 156527.Jul 20 2018, 10:09 AM
ruiu added inline comments.Jul 20 2018, 10:25 AM
ELF/SyntheticSections.cpp
510–513

I don't think this is a good place to check for this error. I'd move this to EhFrameHeader::writeTo(), so that getFdeData can just return FDE data without doing any extra work, as the name of that function implies.

513

Can't FdeVA overflow?

MaskRay updated this revision to Diff 156538.Jul 20 2018, 10:40 AM

Add test

Harbormaster completed remote builds in B20553: Diff 156538.Jul 20 2018, 10:40 AM
MaskRay added inline comments.Jul 20 2018, 10:51 AM
ELF/SyntheticSections.cpp
510–513

Then we would not know which object file causes .eh_frame_hdr pcrel overflow. But if you think this information is minor, I can move the check to EhFrameHeader::writeTo()

FdeVA is the address of the .eh_frame FDE entry. I think it is very unlikely to overflow

ruiu added a comment.Jul 20 2018, 10:59 AM

As to FdeVA, I wanted to ask if it could theoretically overflow. Since the new FdeData struct takes 16 bytes anyway, there's no point to keep FdeVA uint32_t instead of uint64_t.

ruiu added a comment.Jul 20 2018, 11:02 AM

Can you investigate how many FdeData are instantiated for common exception-heavy large programs? If it is not that many (so that we don't have to optimize), we could just include Fde->Sec to all FdeData.

ruiu added a comment.Jul 20 2018, 11:22 AM

I read the code again, and I believe the easiest way to fix this without hurting the readability of the code is to move more code from EhFrameHeader::writeTo to EhFrame::getFdeData, so that getFdeData returns a ready-made .eh_frame_hdr table entries, instead of something that needs to be sorted and then be subtracted by some value. You can do that in getFdeData, not after getFdeData.

MaskRay updated this revision to Diff 156567.Jul 20 2018, 12:32 PM

Move sorting logic from EhFrameHeader to EhFrame

Harbormaster completed remote builds in B20560: Diff 156567.Jul 20 2018, 12:32 PM
ruiu added inline comments.Jul 20 2018, 12:33 PM
ELF/SyntheticSections.h
83–84

Now you can use uint32_t, no?

MaskRay marked 2 inline comments as done.Jul 20 2018, 12:33 PM
MaskRay added inline comments.
ELF/SyntheticSections.cpp
513
uint32_t Pc -> uint64_t PcRel
uint32_t FdeVA -> uint64_t FdeVARel
MaskRay marked 2 inline comments as done.Jul 20 2018, 12:34 PM
MaskRay updated this revision to Diff 156569.Jul 20 2018, 12:40 PM

Use uint32_t for PcRel and FdeVARel

ruiu added inline comments.Jul 20 2018, 12:44 PM
ELF/SyntheticSections.cpp
515

I think you can use isInt<32>(Pc - VA).

521–527

Why did you inline only one and not the two? Maybe you should keep the original code.

MaskRay updated this revision to Diff 156572.Jul 20 2018, 12:51 PM

Use isInt<32> and Less

Harbormaster completed remote builds in B20562: Diff 156572.Jul 20 2018, 12:51 PM
MaskRay marked 2 inline comments as done.Jul 20 2018, 12:51 PM
ruiu accepted this revision.Jul 20 2018, 12:53 PM

LGTM

Thanks!

This revision is now accepted and ready to land.Jul 20 2018, 12:53 PM
Closed by commit rLLD337610: [ELF] Check eh_frame_hdr overflow with PC offsets instead of PC absolute… (authored by MaskRay). · Explain WhyJul 20 2018, 1:32 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

Diff 156538

ELF/SyntheticSections.h

Show First 20 LinesShow All 73 Lines▼ Show 20 Linespublic:
size_t getSize() const override { return Size; } size_t getSize() const override { return Size; }
template <class ELFT> void addSection(InputSectionBase *S); template <class ELFT> void addSection(InputSectionBase *S);
std::vector<EhInputSection *> Sections; std::vector<EhInputSection *> Sections;
size_t NumFdes = 0; size_t NumFdes = 0;
struct FdeData { struct FdeData {
uint32_t Pc; uint64_t Pc;
uint32_t FdeVA; uint32_t FdeVA;
}; };
ruiuUnsubmitted
Done
ReplyInline Actions

Now you can use uint32_t, no?

ruiu: Now you can use uint32_t, no?
std::vector<FdeData> getFdeData() const; std::vector<FdeData> getFdeData() const;
ArrayRef<CieRecord *> getCieRecords() const { return CieRecords; } ArrayRef<CieRecord *> getCieRecords() const { return CieRecords; }
private: private:
// This is used only when parsing EhInputSection. We keep it here to avoid // This is used only when parsing EhInputSection. We keep it here to avoid
// allocating one for each EhInputSection. // allocating one for each EhInputSection.
llvm::DenseMap<size_t, CieRecord *> OffsetToCie; llvm::DenseMap<size_t, CieRecord *> OffsetToCie;
▲ Show 20 LinesShow All 917 LinesShow Last 20 Lines

ELF/SyntheticSections.cpp

Show First 20 LinesShow All 496 Lines▼ Show 20 Lines
// Returns data for .eh_frame_hdr. .eh_frame_hdr is a binary search table // Returns data for .eh_frame_hdr. .eh_frame_hdr is a binary search table
// to get an FDE from an address to which FDE is applied. This function // to get an FDE from an address to which FDE is applied. This function
// returns a list of such pairs. // returns a list of such pairs.
std::vector<EhFrameSection::FdeData> EhFrameSection::getFdeData() const { std::vector<EhFrameSection::FdeData> EhFrameSection::getFdeData() const {
uint8_t *Buf = getParent()->Loc + OutSecOff; uint8_t *Buf = getParent()->Loc + OutSecOff;
std::vector<FdeData> Ret; std::vector<FdeData> Ret;
uint64_t VA = InX::EhFrameHdr->getVA();
for (CieRecord *Rec : CieRecords) { for (CieRecord *Rec : CieRecords) {
uint8_t Enc = getFdeEncoding(Rec->Cie); uint8_t Enc = getFdeEncoding(Rec->Cie);
for (EhSectionPiece *Fde : Rec->Fdes) { for (EhSectionPiece *Fde : Rec->Fdes) {
uint64_t Pc = getFdePc(Buf, Fde->OutputOff, Enc); uint64_t Pc = getFdePc(Buf, Fde->OutputOff, Enc);
if (Pc > UINT32_MAX) if (Pc - VA != (uint64_t)signExtend(Pc - VA, 32))
fatal(toString(Fde->Sec) + ": PC address is too large: " + Twine(Pc)); fatal(toString(Fde->Sec) + ": PC offset is too large: 0x" +
Twine::utohexstr(Pc - VA));
uint32_t FdeVA = getParent()->Addr + Fde->OutputOff; uint32_t FdeVA = getParent()->Addr + Fde->OutputOff;
ruiuUnsubmitted
Done
ReplyInline Actions

I don't think this is a good place to check for this error. I'd move this to EhFrameHeader::writeTo(), so that getFdeData can just return FDE data without doing any extra work, as the name of that function implies.

ruiu: I don't think this is a good place to check for this error. I'd move this to EhFrameHeader…
MaskRayAuthorUnsubmitted
Not Done
ReplyInline Actions

Then we would not know which object file causes .eh_frame_hdr pcrel overflow. But if you think this information is minor, I can move the check to EhFrameHeader::writeTo()

FdeVA is the address of the .eh_frame FDE entry. I think it is very unlikely to overflow

MaskRay: Then we would not know which object file causes .eh_frame_hdr pcrel overflow. But if you think…
ruiuUnsubmitted
Done
ReplyInline Actions

Can't FdeVA overflow?

ruiu: Can't FdeVA overflow?
MaskRayAuthorUnsubmitted
Not Done
ReplyInline Actions
uint32_t Pc -> uint64_t PcRel
uint32_t FdeVA -> uint64_t FdeVARel
MaskRay: ``` uint32_t Pc -> uint64_t PcRel uint32_t FdeVA -> uint64_t FdeVARel ```
Ret.push_back({(uint32_t)Pc, FdeVA}); Ret.push_back({Pc, FdeVA});
} }
ruiuUnsubmitted
Done
ReplyInline Actions

I think you can use isInt<32>(Pc - VA).

ruiu: I think you can use `isInt<32>(Pc - VA)`.
} }
return Ret; return Ret;
} }
static uint64_t readFdeAddr(uint8_t *Buf, int Size) { static uint64_t readFdeAddr(uint8_t *Buf, int Size) {
switch (Size) { switch (Size) {
case DW_EH_PE_udata2: case DW_EH_PE_udata2:
return read16(Buf); return read16(Buf);
case DW_EH_PE_udata4: case DW_EH_PE_udata4:
return read32(Buf); return read32(Buf);
case DW_EH_PE_udata8: case DW_EH_PE_udata8:
return read64(Buf); return read64(Buf);
ruiuUnsubmitted
Done
ReplyInline Actions

Why did you inline only one and not the two? Maybe you should keep the original code.

ruiu: Why did you inline only one and not the two? Maybe you should keep the original code.
case DW_EH_PE_absptr: case DW_EH_PE_absptr:
return readUint(Buf); return readUint(Buf);
} }
fatal("unknown FDE size encoding"); fatal("unknown FDE size encoding");
} }
// Returns the VA to which a given FDE (on a mmap'ed buffer) is applied to. // Returns the VA to which a given FDE (on a mmap'ed buffer) is applied to.
// We need it to create .eh_frame_hdr section. // We need it to create .eh_frame_hdr section.
▲ Show 20 LinesShow All 2,557 LinesShow Last 20 Lines

test/ELF/Inputs/eh-frame-pcrel-overflow.s

  • This file was added.
.text
.global foo
foo:
ret
.section .eh_frame, "a"
.long 12 # Size
.long 0x00 # ID
.byte 0x01 # Version.
.byte 0x52 # Augmentation string: 'R','\0'
.byte 0x00
.byte 0x01
.byte 0x01 # LEB128
.byte 0x01 # LEB128
.byte 0x00 # DW_EH_PE_absptr
.byte 0xFF
.long 12 # Size
.long 0x14 # ID
.quad foo + 0x90000000

test/ELF/eh-frame-pcaddr-overflow.s

  • This file was deleted.
# REQUIRES: x86
# RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t.o
# RUN: not ld.lld --eh-frame-hdr --section-start .text=0x1000000000000000 \
# RUN: %t.o -o /dev/null 2>&1 | FileCheck %s
# CHECK: error: {{.*}}.o:(.eh_frame): PC address is too large: 2387527121043355528
.text
.global foo
foo:
nop
.section .eh_frame, "a"
.long 12 # Size
.long 0x00 # ID
.byte 0x01 # Version.
.byte 0x52 # Augmentation string: 'R','\0'
.byte 0x00
.byte 0x01
.byte 0x01 # LEB128
.byte 0x01 # LEB128
.byte 0x00 # DW_EH_PE_absptr
.byte 0xFF
.long 12 # Size
.long 0x14 # ID
.quad foo + 0x1122334455667788

test/ELF/eh-frame-pcrel-overflow.s

  • This file was added.
# REQUIRES: x86
# RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t.o
# RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %p/Inputs/eh-frame-pcrel-overflow.s -o %t1.o
# RUN: ld.lld --eh-frame-hdr -Ttext=0x90000000 %t.o -o /dev/null
# RUN: not ld.lld --eh-frame-hdr %t.o %t1.o -o /dev/null 2>&1 | FileCheck %s
# CHECK: error: {{.*}}.o:(.eh_frame): PC offset is too large: 0x90000eac
.text
.global _start
_start:
ret
.section .eh_frame, "a"
.long 12 # Size
.long 0x00 # ID
.byte 0x01 # Version.
.byte 0x52 # Augmentation string: 'R','\0'
.byte 0x00
.byte 0x01
.byte 0x01 # LEB128
.byte 0x01 # LEB128
.byte 0x00 # DW_EH_PE_absptr
.byte 0xFF
.long 12 # Size
.long 0x14 # ID
.quad _start + 0x70000000
test/ELF/Inputs/eh-frame-pcrel-overflow.s