Bug #14427
closed
amd64 kobj_reloc can infinite loop on bad reloc type
100%
Description
While doing development on a system, I had screwed things up and found myself in an infinite loop in krtld. The start of the message was:
module /kernel/misc/amd64/kmdbmod: text at [0xfffffffffc1f8000, 0xfffffffffc2c73a7] data at 0xfffffffffc2c73c0 module /kernel/misc/amd64/ctf: text at [0xfffffffffbd8f2e0, 0xfffffffffbd9a7d7] data at 0xfffffffffc300900 krtld: invalid relocation type 6304771 at 0x602403: file=/kernel/misc/amd64/kmdbmod ...
After that point, we'd continue to loop with invalid relocations. While there was certainly a problem with the input data in this case, we shouldn't have been in an infinite loop. If we dig into the ammd64 do_relocate, here are the relevant facts:
- We are processing through the
while (reladdr < rend) {loop here. - At the start of the loop, the first thing that we do is increment the
symnumvariable; however, that has no bearing on the actual relocation address - The relocation address is initially set before the loop and then critically adjusted after we check for the relocation type.
- When we have an invalid relocation type, note an error; however, we continue processing by restarting the loop, but this means that we never change the actual reladdr, leading us to always look at the same data
In this case, I believe we should just error out immediately like we do in the case of bad string table index. While normally we try to find all missing symbols so it's not a game of whackamole, in this case it probably is representative that we have bad data as opposed to merely a missing dependency (the usual reason do_relocate fails).
With this in place, the errant module in question ends up providing the following output:
module /kernel/misc/amd64/kmdbmod: text at [0xfffffffffc1f8000, 0xfffffffffc2c73a7] data at 0xfffffffffc2c73c0 module /kernel/misc/amd64/ctf: text at [0xfffffffffbd8f2e0, 0xfffffffffbd9a7d7] data at 0xfffffffffc300900 krtld: invalid relocation type 6304771 at 0x602403: file=/kernel/misc/amd64/kmdbmod do_relocations: /kernel/misc/amd64/kmdbmod do_relocate failed krtld: error during initial load/link phase
Updated by Robert Mustacchi almost 2 years ago
In addition to the broken systems, I also just tested this on normal bits that work and verified we still boot.
Updated by Electric Monk almost 2 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 6d25b15cb097cca4822fec6dcaf12fcd345b1a2a
commit 6d25b15cb097cca4822fec6dcaf12fcd345b1a2a
Author: Robert Mustacchi <rm@fingolfin.org>
Date: 2022-01-22T19:57:48.000Z
14427 amd64 kobj_reloc can infinite loop on bad reloc type
Reviewed by: Andy Fiddaman <andy@omnios.org>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Rich Lowe <richlowe@richlowe.net>