Re: [PATCH] riscv: elf: add .riscv.attributes parsing

[Vineet Gupta]

On 1/10/23 12:48, Jessica Clarke wrote:
> On 10 Jan 2023, at 20:18, Vineet Gupta <vineetg@xxxxxxxxxxxx> wrote:
> > This implements the elf loader hook to parse RV specific
> > .riscv.attributes section. This section is inserted by compilers
> > (gcc/llvm) with build related information such as -march organized as
> > tag/value attribute pairs.
> >
> > It identifies the various attribute tags (and corresponding values) as
> > currently specified in the psABI specification.
> >
> > This patch only implements the elf parsing mechanics, leaving out the
> > recording/usage of the attributes to subsequent patches.
> >
> > Reported-by: kernel test robot <lkp@xxxxxxxxx>  # code under CONFIG_COMPAT
> > Signed-off-by: Vineet Gupta <vineetg@xxxxxxxxxxxx>
> This code is full of buffer overruns and uninitialised reads in the
> presence of malicious files,

While the outer loop is bound, indeed the internal pointer increments 
could get oob.
I don't recall seeing existing explicit "safe" pointer, so thinking of 
cooking something up.
The conceptual idea is to replace

    p += 4

with

   PTR_INC(p, 4, p_max)

And similarly replace

    while (*p++ != '\0')

with

    while (*p != '\0')
          PTR_INC(p, 1, p_max)

Is that sufficient or you had something else in mind.


> and fails to check the version, vendor and sub-subsection tag.

That is now added.

> You also should handle more than one sub-subsection even if tools don’t
> emit it today.

Just to be on same page, a sub-section implies the following

      uint32:len, NTBS:vendor-name, uint8: Tag_file, uint32:data-len, 
<tag><value>....

If so, the code does support multiple of these

> You also have an unaligned access for reading the sub-subsection’s data
> length (maybe that’s ok in kernel land, but worth making sure).

True, I've added get_unaligned_le32 for those now

Thx,
-Vineet