1. 30 Apr, 2020 1 commit
  2. 26 Apr, 2020 1 commit
    • Josh Poimboeuf's avatar
      objtool: Fix infinite loop in for_offset_range() · 53fb6e99
      Josh Poimboeuf authored
      Randy reported that objtool got stuck in an infinite loop when
      processing drivers/i2c/busses/i2c-parport.o.  It was caused by the
      following code:
      
        00000000000001fd <line_set>:
         1fd:	48 b8 00 00 00 00 00	movabs $0x0,%rax
         204:	00 00 00
      			1ff: R_X86_64_64	.rodata-0x8
         207:	41 55                	push   %r13
         209:	41 89 f5             	mov    %esi,%r13d
         20c:	41 54                	push   %r12
         20e:	49 89 fc             	mov    %rdi,%r12
         211:	55                   	push   %rbp
         212:	48 89 d5             	mov    %rdx,%rbp
         215:	53                   	push   %rbx
         216:	0f b6 5a 01          	movzbl 0x1(%rdx),%ebx
         21a:	48 8d 34 dd 00 00 00 	lea    0x0(,%rbx,8),%rsi
         221:	00
      			21e: R_X86_64_32S	.rodata
         222:	48 89 f1             	mov    %rsi,%rcx
         225:	48 29 c1             	sub    %rax,%rcx
      
      find_jump_table() saw the .rodata reference and tried to find a jump
      table associated with it (though there wasn't one).  The -0x8 rela
      addend is unusual.  It caused find_jump_table() to send a negative
      table_offset (unsigned 0xfffffffffffffff8) to find_rela_by_dest().
      
      The negative offset should have been harmless, but it actually threw
      for_offset_range() for a loop... literally.  When the mask value got
      incremented past the end value, it also wrapped to zero, causing the
      loop exit condition to remain true forever.
      
      Prevent this scenario from happening by ensuring the incremented value
      is always >= the starting value.
      
      Fixes: 74b873e4 ("objtool: Optimize find_rela_by_dest_range()")
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Tested-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Acked-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Julien Thierry <jthierry@redhat.com>
      Cc: Miroslav Benes <mbenes@suse.cz>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: https://lore.kernel.org/r/02b719674b031800b61e33c30b2e823183627c19.1587842122.git.jpoimboe@redhat.com
      53fb6e99
  3. 25 Apr, 2020 24 commits
  4. 24 Apr, 2020 14 commits