From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1nHTMZ-0008ES-64 for mharc-grub-devel@gnu.org; Tue, 08 Feb 2022 11:29:07 -0500 Received: from eggs.gnu.org ([209.51.188.92]:36498) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nHTMV-0008BV-NU for grub-devel@gnu.org; Tue, 08 Feb 2022 11:29:03 -0500 Received: from mx0b-00069f02.pphosted.com ([205.220.177.32]:38906) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nHTMT-0003FK-3W for grub-devel@gnu.org; Tue, 08 Feb 2022 11:29:03 -0500 Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 218GNO0s011786 for ; Tue, 8 Feb 2022 16:28:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : content-type : in-reply-to : mime-version; s=corp-2021-07-09; bh=vwXsF6Ikn9fv05cBfwNnxaW6YuuUgWeC+N0lb4u9k88=; b=XxqHCr12fzaBpK7DyvLK5yM/HBfPnmYiC1cnL9Q84kumRydbeDKoEQi0bKAzoiYC/ol+ ZpmXRjyK5YV4QuN2ViYVYQEt9lPT07xjpbAO6wzMWdYSVhan7uUbK8MMmlc3WEFKEf3i gkhe6CTtJRQglb5bYFOhSyyNlDdbvV8igEfP1HI4DMm7UGlH6GIzznhWx41+W+TFtMW8 hIUUuqRzzzBj4IW79pvUpeI2F2+iaFOa2IYd+aUkX1OvgFac3lrHc0Pucf1SVQe2Duxb uolFm1Q88Z5cItAo7qt+JV94Wc9plzUTbfI7XkGKa+DrYdU/0v1vrLWz449nrh7KYoqX Lw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by mx0b-00069f02.pphosted.com with ESMTP id 3e345sktn1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 08 Feb 2022 16:28:45 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.1.2/8.16.1.2) with SMTP id 218GB3Au103000 for ; Tue, 8 Feb 2022 16:28:44 GMT Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2101.outbound.protection.outlook.com [104.47.55.101]) by userp3020.oracle.com with ESMTP id 3e1jpr266a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 08 Feb 2022 16:28:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=myuQUhWgjPOdkbFsjahvl+mvtHYnB4qsCy6qki+y94a54jkWDZevCYJ3v97NllL7mezoyqUElyzZ+U0tn8yaeE29vuT7j1S6mixjV5EidmS2sIp2NBzoGGIypc8F0MxGZo4x0rBo3RwksZTRHludwdxeWr+wOAoUu9rNAnqN04D/Pn7icl/QpLQIiLcxhFSWERL6zIAX7DebbgHRCcZqtNCHUyAdqWMe3gAPgvDDSGwvLWUH6BLeloQG9BPItO5jH4nbLHscOCkA6kRg1b1DJUiaTFGnaz5ocQtX3vTiGHPihkdoAPsj9rOji7swTZZ3dFKQAo7acefoJsSAutcDVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vwXsF6Ikn9fv05cBfwNnxaW6YuuUgWeC+N0lb4u9k88=; b=TOD70V1s3PUWgX2ND4nUNMu8x9sckTWZuUUntnn4N2raVVIlFK56I125h2YSRyiX+jJu4jAKyNBABxmQFl/6PDcOIQ0WxuPcf6uOonw3Apx/Pky+2DbbOC5mGEMchJhZEbtDblIYZ7zW0VWskYHxD1w937NTIu+ZcbsEdSejBYscm7Ftrz/Sqs8G5V7tKaHwaqxyCkDs0oJ4/6N0/w3wqMqaCmSL/pY+jmye3rN3OlEX46Y2m50fONv1v8N5ctAzPz5CYTrUJzwXdv37DVT0DFyyhvQwBIzzjyrQlxTQu//REPDKLhrKOCklOHHZhBNZqMomCCGgwMaZWMHfSXGIeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vwXsF6Ikn9fv05cBfwNnxaW6YuuUgWeC+N0lb4u9k88=; b=xbd5qFOEokzw2lDDRzDvI7m4okMRIEaPIfMeApBwer9Z62xqjqAFplgQoZrL/4qwiMtr6zr7j3q+I3xEVwP1XYEOwfZKUr/dpFz3gQFeRZqI5RnsgbZSUC0nHDRS+0mGnvHz5pSb5UMLknTISnVTbjh15MBHb6LgEaZOo99eHDw= Received: from PH0PR10MB5705.namprd10.prod.outlook.com (2603:10b6:510:146::20) by SA1PR10MB5712.namprd10.prod.outlook.com (2603:10b6:806:23f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.18; Tue, 8 Feb 2022 16:28:41 +0000 Received: from PH0PR10MB5705.namprd10.prod.outlook.com ([fe80::e4d6:c689:51ac:9883]) by PH0PR10MB5705.namprd10.prod.outlook.com ([fe80::e4d6:c689:51ac:9883%6]) with mapi id 15.20.4951.018; Tue, 8 Feb 2022 16:28:41 +0000 Date: Tue, 8 Feb 2022 17:28:34 +0100 From: Daniel Kiper To: Alec Brown Cc: grub-devel@gnu.org, darren.kenny@oracle.com Subject: Re: [PATCH 4/4] util/grub-module-verifierXX.c: Add module_size parameter to functions for sanity checking Message-ID: <20220208162834.zeioicx7f76sruz4@tomti.i.net-space.pl> References: <1643848020-8197-1-git-send-email-alec.r.brown@oracle.com> <1643848020-8197-5-git-send-email-alec.r.brown@oracle.com> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1643848020-8197-5-git-send-email-alec.r.brown@oracle.com> User-Agent: NeoMutt/20170113 (1.7.2) X-ClientProxiedBy: FR3P281CA0009.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::8) To PH0PR10MB5705.namprd10.prod.outlook.com (2603:10b6:510:146::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c6350278-12da-4030-b1aa-08d9eb2011a4 X-MS-TrafficTypeDiagnostic: SA1PR10MB5712:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MlwY89gFksAO/Uu7TtUwgOUrqdu+5HJl6dctOCUTVJondqQjQPWYt3f0dC7sQnY+LOQjcNEpb9XBveyR5TeYgHy1qaOcRaPDpWY2vBbkyP2RZ2kRoAlhab+BLqot9A7Adti0MKXVyISGSnQ2Vb3Ig3VpRYAuVP4vZ3XlU3p8JoZ96EI853heQyQOdqYPt6yvClKr9UcL5P+oKHQQE2AG/GM8byou/kfx5IF6VoNi4VaBtyfY8Z44LjShH3XTtERu9l3L6w0y5r9p5aciTTkQ93B51iBDdOQ4VPLph1aXdq2vSHeW+9P6cHw7l5dvElrWHvW/YKWiSPZfeC8/UCPj0ASHULK7MD7+1eHadoFnnmFDKVOF/QTemhqWt0iKXiZ45IspFZ7r8q8ls5fADvDZfj+vTHZOuqpB5IuGv1GHGurzgKuGCjozGBmDo7T3u/s/ccvQMIhRYTAQAHxOVsIUtrZyzFzKdYwXRPS7mRrIniUUwC2j0yT5i9H8H/xN7ESPO9fFbBvRYHpU4Kv4ceOG1HY1eSa7fwo4Ggtc1b/2e7mCy0O6HiV7YpKU0q8zeFRPzNitHd2Z4+7Nmgk5y1tzU73TwiYcCH1IItJaIQNUhVz8eQNnqxVeA1xEqPmleZiSl64qlVIrCC1MX4ercDZ64ICvSgrcHexD/fEiE6jdXaaA/OVJR+g2+VwyRJCc6F9xPZ+B0zPLErs843jOwzYp0Q== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR10MB5705.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(6486002)(66946007)(107886003)(6512007)(83380400001)(8936002)(6862004)(86362001)(8676002)(6636002)(66476007)(1076003)(66556008)(38100700002)(316002)(4326008)(38350700002)(52116002)(6506007)(44832011)(2906002)(9686003)(5660300002)(508600001)(26005)(186003)(6666004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?fS4asiwtGEji6XpCvt8G0aR7jQP3GoYmYlh1wV8z0tVmxp4Mg1eo/D5h5ztZ?= =?us-ascii?Q?fqgR8TKwK8pqXglgFwiAdCatspdpDqIAtr37lBc1HhyzMsLX9X2eafvU0Fum?= =?us-ascii?Q?uFWhnDgZV/sYrKD0yTn1dQexIp4QFHfPIi9+sxKLPpSdiX/hwMOEI+XU1ih0?= =?us-ascii?Q?+0Z6TEXpLjwpzoAowJh8sJmwMNFJ9ddkU8sHPRokrjdV4y8RPC3Pjg2MLf5r?= =?us-ascii?Q?qx/aa366IT/uDL3es5O+TXzU9wpAu4OxMOSFt+K+L2cAVuUpTd6r+akXl/FI?= =?us-ascii?Q?+uv1JstywM15bPbehYUwW204bIKQi23kH71Zk7PUShC4z45zGQjOFVXb4Oup?= =?us-ascii?Q?pBwbgI90Fcw68qU2Fm10snUMq88xiy9nUu24rk0TgyoYgENgH1dzE0dYL/34?= =?us-ascii?Q?iDn3LajPrg8dgPFlUZ13aI5g/JzjYQ1GJI8fpDtUFYU4FcojJVhSSc2fy2ea?= =?us-ascii?Q?fGE9YAZd5bhioIPpoSAm0QzsklCXC5bHc2Au+Fzf/WxGEc7HJMTb8BekCMPI?= =?us-ascii?Q?9ppU1dCRBfKa8uFKuDJpy3NmZ4RGQn+PO9aahC1Vfhx1mTE321OZk+jOXtiu?= =?us-ascii?Q?r49GfkN2aFaBNj8VRBpE3KQHgKwzo0hmdtBJ8djCAxjgh+U0FMoEIrJABG1j?= =?us-ascii?Q?91G63Do8jwa7lAPyAmtz8a1yfAKR84Yonbarc89VdwSie3T1gigE/LsG5AQL?= =?us-ascii?Q?2prWJF/Je6LpjvKvxcH63JYBuEmTsToTqJI6v6EH27PvJOUpoxvP9jZ475wW?= =?us-ascii?Q?TWIU/Ug994DPxowBsndVhPwjuDw44wuv6qE/lPny7MVuEf1HwWzmUMUMYCdu?= =?us-ascii?Q?7Xh0/9vh0RG1HKnaaWDEDxNE0/iYDP3WlV6cuo1x3574X7mjbnadEdUROnzd?= =?us-ascii?Q?1lbeEcCfZsVvzGLEQ4UUKJ52VChwYe4EwDVpHRH647RwQeQwwY3qBWgUikZ7?= =?us-ascii?Q?gVYi/W3fnTuVwkKDrOgHOBZ2Rq3VBC1Nu0yjuB8iGj3bgf6tMYwMJ0i/czEq?= =?us-ascii?Q?CI4fCzEgYJ154AOkW0UY6+YVbGD8B2OVGju6beMZnk8cp9wFVCD5bstebJOF?= =?us-ascii?Q?u6/shNUHUGQd4yCLFcju/kz69Sox7x49rHX+Zk1/hg2i+leSKUziB0hu63DD?= =?us-ascii?Q?JhC485qoa5d7OsbycQm9E9QhzuiX/MiQ3MTsNQvwg6RZiw4bDSUYmiERk4Cy?= =?us-ascii?Q?828Tmkw379UjWvqHUqjZiZGvf3IcIM4iLrMBSpFxHnFcD/ou/F7g5cbi5Zw7?= =?us-ascii?Q?1LA64Oug58VpiSw2RM7H2SlYAxVUhiDD+RMH+Nmbf5e0+HWt5+61EwNsUWbf?= =?us-ascii?Q?H+n/zTsou/81H52SZ1+09OMsfC/HPexPX5O4ceN06ewUgC4rUrAYeSPS89Kd?= =?us-ascii?Q?a/26bPaZNYdb2bqhjrZSBj+qDTSbfEthESY9undsC1dhxPebblmbvhXYNgpC?= =?us-ascii?Q?CYTyvxUYN1/8WMQbKv9luEMEqhU0aRcZ2m/Hh3GRIGj8eOiHgk79Qvh8px/n?= =?us-ascii?Q?CSjYo71CmMRslvXH/CtKaB0QxMCgVIiaUFJrSrgw4tZTDC9ApsN9NotjIOsL?= =?us-ascii?Q?+0INow12wdzHtnMfHvVeHJ2s/tiQ0WBwpBrveivIolr3l7dO5AeFQfXwmfwt?= =?us-ascii?Q?OPQP0SEkRpVlUn4hxr8mjHs=3D?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: c6350278-12da-4030-b1aa-08d9eb2011a4 X-MS-Exchange-CrossTenant-AuthSource: PH0PR10MB5705.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2022 16:28:41.8684 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: GyJ2ao4/llqWHzxwxk9SsRUeEAzzaCD9f/1BD/QdgzvRbvYlPiH2H4X3dFQMARRm/ywWK6DIV8mL0eU9zoYLqg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR10MB5712 X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10252 signatures=673431 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 mlxscore=0 bulkscore=0 malwarescore=0 suspectscore=0 phishscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202080100 X-Proofpoint-GUID: q0yV_Txojquksi9Uxq7ewmCtmO8nDGt9 X-Proofpoint-ORIG-GUID: q0yV_Txojquksi9Uxq7ewmCtmO8nDGt9 Received-SPF: pass client-ip=205.220.177.32; envelope-from=daniel.kiper@oracle.com; helo=mx0b-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2022 16:29:04 -0000 On Wed, Feb 02, 2022 at 07:27:00PM -0500, Alec Brown wrote: > In grub-module-verifierXX.c, the function grub_module_verifyXX() performs an > initial check that the ELF section headers are within the module's size but > doesn't check if the sections being accessed have contents that are within the > module's size. In particular, we need to check that sh_offset and sh_size are > less than the module's size. However, for some section header types we don't > need to make these checks. For the type SHT_NULL, the section header is marked > as inactive and the rest of the members within the section header have undefined > values, so we don't need to check for sh_offset or sh_size. In the case of the > type SHT_NOBITS, sh_offset has a conceptual offset which may be beyond the > module size. Also, this type's sh_size may have a non-zero size, but a section > of this type will take up no space in the module. This can all be checked in the > function get_shdr(), but in order to do so, the parameter module_size must be > added to functions so that the value of the module size can be used in > get_shdr() from grub_module_verifyXX(). > > Signed-off-by: Alec Brown Sadly this patch breaks one of ARM builds: build-grub-module-verifier: error: Section 12 starts after the end of the module. Makefile:47473: recipe for target 'disk.mod' failed make[3]: *** [disk.mod] Error 1 make[3]: *** Waiting for unfinished jobs.... build-grub-module-verifier: error: Section 12 starts after the end of the module. Makefile:47473: recipe for target 'boot.mod' failed make[3]: *** [boot.mod] Error 1 ... You can reproduce this by doing: ./configure --target=arm-linux-gnueabihf --with-platform=coreboot --enable-grub-mkfont --prefix="`pwd`/grub-dist" make install I have taken the rest of patches and skipped this one. Daniel