>>> On 09.12.16 at 16:44, <ian.jack...@eu.citrix.com> wrote:
> --- a/xen/common/libelf/libelf-loader.c
> +++ b/xen/common/libelf/libelf-loader.c
> @@ -38,6 +38,7 @@ elf_errorstatus elf_init(struct elf_binary *elf, const char
> *image_input, size_t
> ELF_HANDLE_DECL(elf_shdr) shdr;
> unsigned i, count, section, link;
> uint64_t offset;
> + const uint64_t max_size_for_deacc = (1UL << 63)/ELF_MAX_ITERATION_FACTOR;
>
> if ( !elf_is_elfbinary(image_input, size) )
> {
> @@ -52,6 +53,10 @@ elf_errorstatus elf_init(struct elf_binary *elf, const
> char *image_input, size_t
> elf->class = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_CLASS]);
> elf->data = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_DATA]);
>
> + elf->iteration_deaccumulator = 1024*1024 +
> + (size > max_size_for_deacc ? max_size_for_deacc : size)
> + * ELF_MAX_ITERATION_FACTOR;
One more question here: Is this useful at all? You're allowing
for approximately 2**63 accounted operations - how big does
an image need to be to actually break this limit? XSA-25 already
limited image sizes to 1Gb (but I do understand that the
guarding here is also against e.g. redundant loading of the
same bits through multiple program header table entries).
And how long will it take you to reach that limit (and to cause
elf->broken to be set)? With 1ns per accounted operation,
that'll be on the order of 270 years. Am I missing something
here?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
