[PATCH] Recognize and parse GNU Property notes.

2018-10-19 Thread Mark Wielaard 
GNU Property notes are different from normal notes because they use
variable alignment/padding of their fields. They are 8 byte aligned,
but use 4 byte fields. The name is aligned at 4 bytes and padded so
that, the desc is aligned at 8 bytes. The whole note is padded to
8 bytes again. For normal notes all fields are both 4 bytes wide and
4 bytes aligned.

To recognize these new kind of ELF Notes a new Elf_Type is introduced,
ELF_T_NHDR8. This type is used in the xlate functions to determine
how to align and pad the various fields. Since the fields themselves
can now have different alignments we will have to keep track of the
current alignement and use either NOTE_ALIGN4 or NOTE_ALIGN8 tor
determine the padding.

To set the correct Elf_Type on the Elf_Data we use either the section
sh_addralign or the segment p_align values. Assuming 8 means the
section or segment contains the new style notes, otherwise normal
notes.

When we cannot determine the "alignment" directly, like when parsing
special kernel sys files, we check the name "GNU" and type
"GNU_PROPERTY_TYPE_0" fields.

ebl_object_note now parses the new NT_GNU_PROPERTY_TYPE_0 and can
extract the GNU_PROPERTY_STACK_SIZE, GNU_PROPERTY_NO_COPY_ON_PROTECTED
and GNU_PROPERTY_X86_FEATURE_1_AND types GNU_PROPERTY_X86_FEATURE_1_IBT
and GNU_PROPERTY_X86_FEATURE_1_SHSTK.

Tests are added for extracting the note from sections or segments
as set by gcc -fcf-protection.

Signed-off-by: Mark Wielaard 
---
 libdwelf/ChangeLog |   5 +
 libdwelf/dwelf_elf_gnu_build_id.c  |   4 +-
 libdwfl/ChangeLog  |  10 ++
 libdwfl/core-file.c|   4 +-
 libdwfl/dwfl_segment_report_module.c   |  38 ---
 libdwfl/linux-core-attach.c|   4 +-
 libdwfl/linux-kernel-modules.c |  35 ++-
 libebl/ChangeLog   |   6 ++
 libebl/eblobjnote.c| 185 -
 libebl/eblobjnotetypename.c|   1 +
 libelf/ChangeLog   |  28 +
 libelf/elf32_xlatetom.c|   2 +-
 libelf/elf_compress.c  |   3 +-
 libelf/elf_compress_gnu.c  |   2 +-
 libelf/elf_getdata.c   |  19 +++-
 libelf/gelf_fsize.c|   2 +
 libelf/gelf_getnote.c  |  47 ++---
 libelf/gelf_xlate.c|   3 +-
 libelf/libelf.h|   2 +
 libelf/libelfP.h   |  12 ++-
 libelf/note_xlate.h|  52 ++---
 src/ChangeLog  |   7 ++
 src/elflint.c  |   4 +-
 src/readelf.c  |   3 +-
 tests/ChangeLog|   9 ++
 tests/Makefile.am  |   3 +
 tests/run-readelf-n.sh |  55 ++
 tests/testfile-gnu-property-note.bz2   | Bin 0 -> 1146 bytes
 tests/testfile-gnu-property-note.o.bz2 | Bin 0 -> 482 bytes
 29 files changed, 479 insertions(+), 66 deletions(-)
 create mode 100755 tests/run-readelf-n.sh
 create mode 100755 tests/testfile-gnu-property-note.bz2
 create mode 100644 tests/testfile-gnu-property-note.o.bz2

diff --git a/libdwelf/ChangeLog b/libdwelf/ChangeLog
index a332655..ba92134 100644
--- a/libdwelf/ChangeLog
+++ b/libdwelf/ChangeLog
@@ -1,3 +1,8 @@
+2018-10-18  Mark Wielaard  
+
+   * dwelf_elf_gnu_build_id.c (find_elf_build_id): Check p_align to
+   set ELF type.
+
 2015-10-11  Akihiko Odaki  
 
* dwelf_strtab.c: Remove sys/param.h include.
diff --git a/libdwelf/dwelf_elf_gnu_build_id.c 
b/libdwelf/dwelf_elf_gnu_build_id.c
index 8c78c70..dbcfc82 100644
--- a/libdwelf/dwelf_elf_gnu_build_id.c
+++ b/libdwelf/dwelf_elf_gnu_build_id.c
@@ -88,7 +88,9 @@ find_elf_build_id (Dwfl_Module *mod, int e_type, Elf *elf,
result = check_notes (elf_getdata_rawchunk (elf,
phdr->p_offset,
phdr->p_filesz,
-   ELF_T_NHDR),
+   (phdr->p_align == 8
+? ELF_T_NHDR8
+: ELF_T_NHDR)),
  phdr->p_vaddr,
  build_id_bits,
  build_id_elfaddr,
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index c5ea563..b491b6e 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,13 @@
+2018-10-18  Mark Wielaard  
+
+   * dwfl_segment_report_module.c (consider_note): Take align as new
+   argument.  Use align to set d_type and calculate padding.
+   (dwfl_segment_report_module): Pass align to consider_notes.
+   * core-file.c (dwfl_core_file_report): Check p_align to set ELF
+   type.
+   * linux-kernel-modules.c (check_notes): Check nam

[PATCH] Check sh_entsize is not zero.

2018-10-19 Thread Mark Wielaard 
There were some recent bug reports where we trusted the ELF section header
to be sane and divided the sh_size by the sh_entsize to get the number of
objects in the section. This would cause a divide by zero if the file was
corrupt and the sh_entsize was zero. Add checks for any such code.

Signed-off-by: Mark Wielaard 
---
 libasm/ChangeLog   |  4 
 libasm/disasm_cb.c |  2 ++
 libdwfl/ChangeLog  |  4 
 libdwfl/dwfl_module_getdwarf.c |  2 ++
 src/ChangeLog  |  7 +++
 src/unstrip.c  | 27 ++-
 6 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/libasm/ChangeLog b/libasm/ChangeLog
index 2efd85f..92dfd72 100644
--- a/libasm/ChangeLog
+++ b/libasm/ChangeLog
@@ -1,3 +1,7 @@
+2018-10-19  Mark Wielaard  
+
+   * disasm_cb.c (read_symtab_exec): Check sh_entsize is not zero.
+
 2018-07-04  Ross Burton 
 
* asm_end.c: Remove error.h include.
diff --git a/libasm/disasm_cb.c b/libasm/disasm_cb.c
index cf278c7..80f8b25 100644
--- a/libasm/disasm_cb.c
+++ b/libasm/disasm_cb.c
@@ -93,6 +93,8 @@ read_symtab_exec (DisasmCtx_t *ctx)
xndxdata = elf_getdata (elf_getscn (ctx->elf, xndxscnidx), NULL);
 
   /* Iterate over all symbols.  Add all defined symbols.  */
+  if (shdr->sh_entsize == 0)
+   continue;
   int nsyms = shdr->sh_size / shdr->sh_entsize;
   for (int cnt = 1; cnt < nsyms; ++cnt)
{
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 2e7efd4..6c333d8 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2018-10-19  Mark Wielaard  
+
+   * dwfl_module_getdwarf.c (find_aux_sym): Check sh_entsize is not zero.
+
 2018-10-14  Mark Wielaard  
 
* dwfl_segment_report_module.c (read_portion): Check requested
diff --git a/libdwfl/dwfl_module_getdwarf.c b/libdwfl/dwfl_module_getdwarf.c
index af6838a..56e6105 100644
--- a/libdwfl/dwfl_module_getdwarf.c
+++ b/libdwfl/dwfl_module_getdwarf.c
@@ -1007,6 +1007,8 @@ find_aux_sym (Dwfl_Module *mod __attribute__ ((unused)),
switch (shdr->sh_type)
  {
  case SHT_SYMTAB:
+   if (shdr->sh_entsize == 0)
+ return;
minisymtab = true;
*aux_symscn = scn;
*aux_strshndx = shdr->sh_link;
diff --git a/src/ChangeLog b/src/ChangeLog
index 3d2214f..32eaa84 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,10 @@
+2018-10-19  Mark Wielaard  
+
+   * dwfl_module_getdwarf.c (adjust_relocs): Check sh_entsize is not
+   zero.
+   (add_new_section_symbols): Likewise.
+   (copy_elided_sections): Likewise.
+
 2018-10-18  Mark Wielaard  
 
* size.c (handle_ar): Only close elf if prefix was NULL.
diff --git a/src/unstrip.c b/src/unstrip.c
index 03a0346..9dc468f 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -446,6 +446,9 @@ adjust_relocs (Elf_Scn *outscn, Elf_Scn *inscn, const 
GElf_Shdr *shdr,
   switch (shdr->sh_type)
 {
 case SHT_REL:
+  if (shdr->sh_entsize == 0)
+   error (EXIT_FAILURE, 0, "REL section cannot have zero sh_entsize");
+
   for (size_t i = 0; i < shdr->sh_size / shdr->sh_entsize; ++i)
{
  GElf_Rel rel_mem;
@@ -457,6 +460,9 @@ adjust_relocs (Elf_Scn *outscn, Elf_Scn *inscn, const 
GElf_Shdr *shdr,
   break;
 
 case SHT_RELA:
+  if (shdr->sh_entsize == 0)
+   error (EXIT_FAILURE, 0, "RELA section cannot have zero sh_entsize");
+
   for (size_t i = 0; i < shdr->sh_size / shdr->sh_entsize; ++i)
{
  GElf_Rela rela_mem;
@@ -483,6 +489,10 @@ adjust_relocs (Elf_Scn *outscn, Elf_Scn *inscn, const 
GElf_Shdr *shdr,
 case SHT_HASH:
   /* We must expand the table and rejigger its contents.  */
   {
+   if (shdr->sh_entsize == 0)
+ error (EXIT_FAILURE, 0, "HASH section cannot have zero sh_entsize");
+   if (symshdr->sh_entsize == 0)
+ error (EXIT_FAILURE, 0, "Symbol table cannot have zero sh_entsize");
const size_t nsym = symshdr->sh_size / symshdr->sh_entsize;
const size_t onent = shdr->sh_size / shdr->sh_entsize;
assert (data->d_size == shdr->sh_size);
@@ -538,6 +548,11 @@ adjust_relocs (Elf_Scn *outscn, Elf_Scn *inscn, const 
GElf_Shdr *shdr,
 case SHT_GNU_versym:
   /* We must expand the table and move its elements around.  */
   {
+   if (shdr->sh_entsize == 0)
+ error (EXIT_FAILURE, 0,
+"GNU_versym section cannot have zero sh_entsize");
+   if (symshdr->sh_entsize == 0)
+ error (EXIT_FAILURE, 0, "Symbol table cannot have zero sh_entsize");
const size_t nent = symshdr->sh_size / symshdr->sh_entsize;
const size_t onent = shdr->sh_size / shdr->sh_entsize;
assert (nent >= onent);
@@ -603,6 +618,8 @@ add_new_section_symbols (Elf_Scn *old_symscn, size_t 
old_shnum,
   GElf_Shdr shdr_mem;
   GElf_Sh

Re: [PATCH] strip, unstrip: Handle SHT_GROUP correctly.

2018-10-19 Thread Mark Wielaard 
After a bit more testing found one other issue.
It can happen that the section indexes in the group need to be
renumbered when eu-unstrip puts the stripped and debug file together
again. So we need to explicitly do that.commit eee4269e53154daaf0251371aacd91ec5db3eb30
Author: Mark Wielaard 
Date:   Sat Oct 13 10:27:47 2018 +0200

unstrip: Renumber the group section indexes.

When unstripping we might need to renumber the group section indexes.
Just like we do when stripping.

Signed-off-by: Mark Wielaard 

diff --git a/src/ChangeLog b/src/ChangeLog
index d151e0d..5aa31fc 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2018-10-19  Mark Wielaard  
+
+	* unstrip.c (copy_elided_sections): Renumber group section indexes.
+
 2018-10-12  Mark Wielaard  
 
 	* strip.c (handle_elf): Don't remove SHF_GROUP flag from sections.
diff --git a/src/unstrip.c b/src/unstrip.c
index 03a0346..2cfd3b3 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -1708,6 +1708,20 @@ more sections in stripped file than debug file -- arguments reversed?"));
 	if (shdr_mem.sh_type == SHT_DYNSYM)
 	  stripped_dynsym = sec;
 	  }
+
+	if (shdr_mem.sh_type == SHT_GROUP)
+	  {
+	/* We must adjust all the section indices in the group.
+	   Skip the first word, which is the section group flag.
+	   Everything else is a section index.  */
+	Elf32_Word *shndx = (Elf32_Word *) outdata->d_buf;
+	for (size_t i = 1; i < shdr_mem.sh_size / sizeof (Elf32_Word); ++i)
+	  if (shndx[i]  == SHN_UNDEF || shndx[i] >= stripped_shnum)
+		error (EXIT_FAILURE, 0,
+		   _("group has invalid section index [%zd]"), i);
+	  else
+		shndx[i] = ndx_section[shndx[i] - 1];
+	  }
   }
 
   /* We may need to update the symbol table.  */

Re: [PATCH] readelf: Handle multiple .debug_macro sections and decode header flag.

2018-10-19 Thread Mark Wielaard 
On Sat, 2018-10-13 at 15:17 +0200, Mark Wielaard wrote:
> In object files there could be multiple .debug_macro sections.
> These are COMDAT sections used as imports. Note that the output for
> DW_MACRO_import isn't ideal since the offset is printed against the
> start of the .debug_macro section, but it doesn't show which one.
> We currently don't have that information and no interface yet for
> libdw users.
> 
> Also decode the macro header flag byte for convenience.

Pushed to master.

Re: [PATCH] libdwfl: Sanity check partial core file data reads.

2018-10-19 Thread Mark Wielaard 
On Sun, 2018-10-14 at 16:48 +0200, Mark Wielaard wrote:
> There were two issues when reading note data from a core file.
> We didn't check if the data we already had in a buffer was big
> enough. And if we did get the data, we should check if we got
> everything, or just a part of the data.

Pushed to master.

[Bug libdw/23752] Invalid Address Read problem in dwfl_segment_report_module.c when executing ./eu-stack --core=$POC

2018-10-19 Thread mark at klomp dot org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23752

Mark Wielaard  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #5 from Mark Wielaard  ---
commit 20f9de9b5f704cec55df92406a50bcbcfca96acd
Author: Mark Wielaard 
Date:   Sun Oct 14 16:45:48 2018 +0200

libdwfl: Sanity check partial core file data reads.

There were two issues when reading note data from a core file.
We didn't check if the data we already had in a buffer was big
enough. And if we did get the data, we should check if we got
everything, or just a part of the data.

https://sourceware.org/bugzilla/show_bug.cgi?id=23752

Signed-off-by: Mark Wielaard 

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Re: [PATCH] findtextrel: Check that sh_entsize isn't zero.

2018-10-19 Thread Mark Wielaard 
On Sun, 2018-10-14 at 16:59 +0200, Mark Wielaard wrote:
> A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
> but just assume there are no entries in the section.

Pushed to master.

Re: [PATCH] ar: Assume epoch if ar_date is bogus.

2018-10-19 Thread Mark Wielaard 
On Sun, 2018-10-14 at 17:31 +0200, Mark Wielaard wrote:
> If the ar header contains a bogus ar_date then in verbose mode we
> would
> get a NULL pointer from localtime. Just assume the entry was created
> during the epoch.

Pushed to master.

[Bug tools/23755] Multiple floating point exception in findtextrel.c in eu-findtextrel biniary of elfutils-v.0174.

2018-10-19 Thread mark at klomp dot org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23755

Mark Wielaard  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #6 from Mark Wielaard  ---
commit 577511f66842c324c811d1530eea32792f2bee29
Author: Mark Wielaard 
Date:   Sun Oct 14 16:58:51 2018 +0200

findtextrel: Check that sh_entsize isn't zero.

A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
but just assume there are no entries in the section.

https://sourceware.org/bugzilla/show_bug.cgi?id=23755

Signed-off-by: Mark Wielaard 

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tools/23754] NULL-Pointer dereference problem in function do_oper_extract in the eu-ar binaries

2018-10-19 Thread mark at klomp dot org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23754

Mark Wielaard  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #5 from Mark Wielaard  ---
commit 4cdb0fd0d3b4255a9994ce302d6df76d251f7b75
Author: Mark Wielaard 
Date:   Sun Oct 14 17:29:51 2018 +0200

ar: Assume epoch if ar_date is bogus.

If the ar header contains a bogus ar_date then in verbose mode we would
get a NULL pointer from localtime. Just assume the entry was created
during the epoch.

https://sourceware.org/bugzilla/show_bug.cgi?id=23754

Signed-off-by: Mark Wielaard 

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Re: [PATCH] readelf: Make sure readp is smaller than cieend in print_debug_frame_section.

2018-10-19 Thread Mark Wielaard 
On Tue, 2018-10-16 at 14:22 +0200, Mark Wielaard wrote:
> We could end up with a negative length in a call to memchr.

Pushed to master.

[Bug libdw/23782] Negative-size-param in call to in memchr from readelf print_debug_frame_section

2018-10-19 Thread mark at klomp dot org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23782

Mark Wielaard  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #4 from Mark Wielaard  ---
commit 72d023b35f3639864b61bd1c11aaadc4957e6286
Author: Mark Wielaard 
Date:   Tue Oct 16 14:22:33 2018 +0200

readelf: Make sure readp is smaller than cieend in
print_debug_frame_section.

We could end up with a negative length in a call to memchr.

https://sourceware.org/bugzilla/show_bug.cgi?id=23782

Signed-off-by: Mark Wielaard 

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Re: [PATCH] arlib: Check that sh_entsize isn't zero.

2018-10-19 Thread Mark Wielaard 
On Thu, 2018-10-18 at 19:02 +0200, Mark Wielaard wrote:
> A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
> but just assume there are no symbols in the section.

Pushed to master.

[Bug general/23786] Divide-by-zero Problem in function arlib_add_symbols() in arlib.c in elfutils-0.174

2018-10-19 Thread mark at klomp dot org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23786

Mark Wielaard  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #4 from Mark Wielaard  ---
commit 2b16a9be69939822dcafe075413468daac98b327
Author: Mark Wielaard 
Date:   Thu Oct 18 19:01:52 2018 +0200

arlib: Check that sh_entsize isn't zero.

A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
but just assume there are no symbols in the section.

https://sourceware.org/bugzilla/show_bug.cgi?id=23786

Signed-off-by: Mark Wielaard 

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libelf/23787] eu-size: Bad handling of ar files inside are files

2018-10-19 Thread mark at klomp dot org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23787

Mark Wielaard  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #3 from Mark Wielaard  ---
commit 22d2d082d57a7470fadc0eae67179553f4919209
Author: Mark Wielaard 
Date:   Thu Oct 18 23:15:48 2018 +0200

size: Handle recursive ELF ar files.

eu-size didn't handle an ELF ar file that contained an ar file itself
correctly. handle_ar would recursively call itself but close the ELF
file before returning. Only close the ELF file at the top-level.

https://sourceware.org/bugzilla/show_bug.cgi?id=23787

Signed-off-by: Mark Wielaard 

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Re: [PATCH] size: Handle recursive ELF ar files.

2018-10-19 Thread Mark Wielaard 
On Fri, 2018-10-19 at 01:02 +0200, Mark Wielaard wrote:
> eu-size didn't handle an ELF ar file that contained an ar file itself
> correctly. handle_ar would recursively call itself but close the ELF
> file before returning. Only close the ELF file at the top-level.

Pushed to master.

Re: [PATCH] Check sh_entsize is not zero.

2018-10-19 Thread Mark Wielaard 
On Fri, 2018-10-19 at 15:03 +0200, Mark Wielaard wrote:
> There were some recent bug reports where we trusted the ELF section
> header
> to be sane and divided the sh_size by the sh_entsize to get the
> number of
> objects in the section. This would cause a divide by zero if the file
> was
> corrupt and the sh_entsize was zero. Add checks for any such code.

Pushed to master.