Project

General

Profile

Actions

Bug #14236

closed

signed math leads getelfshdr astray

Added by Andy Fiddaman over 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

This is an upstream of https://smartos.org/bugview/OS-6158 from illumos-joyent.

As several crashdumps have demonstrated, there are several parts of the in-kernel ELF handling which could benefit from having their unnecessary and incorrect use of signed types be cleaned up.

As part of the integration into illumos-joyent, the code was tested using https://github.com/IOActive/Melkor_ELF_Fuzzer
The same approach should be taken with the merge into gate.


Related issues

Related to illumos gate - Bug #10505: elfexec() should keep to unsigned types when processing PT_DYNAMICClosedCody Mello2019-03-04

Actions
Related to illumos gate - Bug #14242: programs that lack PT_PHDR are not properly loadedClosedAndy Fiddaman

Actions
Actions #1

Updated by Andy Fiddaman over 1 year ago

  • Related to Bug #10505: elfexec() should keep to unsigned types when processing PT_DYNAMIC added
Actions #2

Updated by Andy Fiddaman over 1 year ago

  • Related to Bug #14242: programs that lack PT_PHDR are not properly loaded added
Actions #3

Updated by Electric Monk over 1 year ago

  • Gerrit CR set to 1805
Actions #4

Updated by Andy Fiddaman over 1 year ago

I've tested this with a suite of corrupt and crafted ELF files that previously caused the system to variously panic, hang (usually due to all kernel memory being consumed) or end up with unkillable processes. In all cases, the patched system dealt with them correctly.

I also ran 50,000 fuzzed ELF files generated by https://github.com/omniosorg/Melkor_ELF_Fuzzer (the illumos branch there) with no problems. Previously, a run would stop within the first 100 or so files.

Using systems onud to these DEBUG and non-DEBUG bits, I've done full illumos-gate and omnios-userland builds with no problems.

Actions #5

Updated by Andy Fiddaman 9 months ago

In addition to the above testing, I also re-ran the core file content tests introduced in #13925

% ./coretests
TEST PASSED: kernel dumper.32 none
TEST PASSED: gcore dumper.32 none
TEST PASSED: kernel dumper.64 none
TEST PASSED: gcore dumper.64 none
TEST PASSED: kernel dumper.32 ctf
TEST PASSED: gcore dumper.32 ctf
TEST PASSED: kernel dumper.64 ctf
TEST PASSED: gcore dumper.64 ctf
TEST PASSED: kernel dumper.32 debug
TEST PASSED: gcore dumper.32 debug
TEST PASSED: kernel dumper.64 debug
TEST PASSED: gcore dumper.64 debug
TEST PASSED: kernel dumper.32 symtab
TEST PASSED: gcore dumper.32 symtab
TEST PASSED: kernel dumper.64 symtab
TEST PASSED: gcore dumper.64 symtab
TEST PASSED: kernel dumper.32 ctf+debug+symtab
TEST PASSED: gcore dumper.32 ctf+debug+symtab
TEST PASSED: kernel dumper.64 ctf+debug+symtab
TEST PASSED: gcore dumper.64 ctf+debug+symtab
TEST PASSED: kernel dumper.32 anon+data+ctf+debug+symtab
TEST PASSED: gcore dumper.32 anon+data+ctf+debug+symtab
TEST PASSED: kernel dumper.64 anon+data+ctf+debug+symtab
TEST PASSED: gcore dumper.64 anon+data+ctf+debug+symtab
TEST PASSED: kernel dumper.32 default
TEST PASSED: gcore dumper.32 default
TEST PASSED: kernel dumper.64 default
TEST PASSED: gcore dumper.64 default
TEST PASSED: kernel dumper.32 default-ctf-debug-symtab
TEST PASSED: gcore dumper.32 default-ctf-debug-symtab
TEST PASSED: kernel dumper.64 default-ctf-debug-symtab
TEST PASSED: gcore dumper.64 default-ctf-debug-symtab
TEST PASSED: kernel dumper.32 default+debug
TEST PASSED: gcore dumper.32 default+debug
TEST PASSED: kernel dumper.64 default+debug
TEST PASSED: gcore dumper.64 default+debug
TEST PASSED: kernel dumper.32 default-symtab
TEST PASSED: gcore dumper.32 default-symtab
TEST PASSED: kernel dumper.64 default-symtab
TEST PASSED: gcore dumper.64 default-symtab
All tests passed successfully
Actions #6

Updated by Electric Monk 9 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 4e18e297380f99d39327599157792494d044942a

commit  4e18e297380f99d39327599157792494d044942a
Author: Patrick Mooney <pmooney@pfmooney.com>
Date:   2022-09-13T19:40:22.000Z

    14236 signed math leads getelfshdr astray
    14242 programs that lack PT_PHDR are not properly loaded
    Portions contributed by: Bryan Cantrill <bryan@joyent.com>
    Portions contributed by: Andy Fiddaman <illumos@fiddaman.net>
    Reviewed by: Robert Mustacchi <rm+illumos@fingolfin.org>
    Reviewed by: Patrick Mooney <pmooney@pfmooney.com>
    Reviewed by: Andy Fiddaman <illumos@fiddaman.net>
    Approved by: Rich Lowe <richlowe@richlowe.net>

Actions

Also available in: Atom PDF