The initial patch:
11ff40fa7bb5fdcc69a58d0fec49c904ffca4793
"xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op" caps the
size of the binary at 2MB. We follow that in capping the size
of the .BSSes to be at maximum 2MB.
We also bubble up the payload limit and this one in one #define
called LIVEPATCH_MAX_SIZE to make it easier to find these
arbitrary limits.
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
if ( !upload->size )
return -EINVAL;
- if ( upload->size > MB(2) )
+ if ( upload->size > LIVEPATCH_MAX_SIZE )
return -EINVAL;
if ( !guest_handle_okay(upload->payload, upload->size) )
delta < sizeof(Elf_Ehdr) ? "at ELF header" : "is past end");
return -EINVAL;
}
+ else if ( (sec[i].sec->sh_flags & (SHF_WRITE | SHF_ALLOC)) &&
+ sec[i].sec->sh_type == SHT_NOBITS &&
+ sec[i].sec->sh_size > LIVEPATCH_MAX_SIZE )
+ return -EINVAL;
sec[i].data = data + delta;
/* Name is populated in elf_resolve_section_names. */
#define ELF_LIVEPATCH_FUNC ".livepatch.funcs"
#define ELF_LIVEPATCH_DEPENDS ".livepatch.depends"
#define ELF_BUILD_ID_NOTE ".note.gnu.build-id"
+/* Arbitrary limit for payload size and .bss section size. */
+#define LIVEPATCH_MAX_SIZE MB(2)
struct livepatch_symbol {
const char *name;
projects / xen.git / commitdiff