diff options
author | Olof Johansson <olof@lixom.net> | 2010-12-10 02:09:23 -0600 |
---|---|---|
committer | Michal Marek <mmarek@suse.cz> | 2010-12-28 00:22:58 +0100 |
commit | 731ece41fb1047816303295a0cdfed90a528137e (patch) | |
tree | 432d7a12f14d6ca02fe139ed305c128885847de3 /usr/gen_init_cpio.c | |
parent | a3ba81131aca243bfecfa78c42edec0cd69f72d6 (diff) | |
download | linux-stable-731ece41fb1047816303295a0cdfed90a528137e.tar.gz linux-stable-731ece41fb1047816303295a0cdfed90a528137e.tar.bz2 linux-stable-731ece41fb1047816303295a0cdfed90a528137e.zip |
modpost: Fix address calculation in reloc_location()
This patch fixes a segfault in modpost that is observed when the gold
linker is used to link the input objects.
The problem is that reloc_location (modpost.c) is computing the
address of the relocation target incorrectly. Here, elf->hdr points
to the beginning of the ELF file in memory, sechdr points to the
relocation section header, section is the index of the section
being relocated, and sechdrs[section].sh_offset would be the offset
of that section, relative to the beginning of the ELF file. Adding
elf->hdr + sechdrs[section].sh_offset gives you the address of the
beginning of the section, and adding r->r_offset to that gives you the
address of the location to be relocated. You do not need to subtract
sechdrs[section].sh_addr from that -- the result of this is an address
outside the file, and causes the segfault when addend_386_rel tries to
dereference it.
This bug is not observed when GNU ld is used to link the inputs. The
object file ubuntu/omnibook/omnibook.o is the result of an ld -r of
several other files. When GNU ld does an ld -r, it sets the vaddr
field for each section to 0, but gold lays out the section addresses
sequentially instead:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 004794 00 AX 0 0 4
[ 2] .data PROGBITS 0000b9d0 0047c8 0009c0 00 WA 0 0 4
[ 3] .bss NOBITS 000162f8 005188 00013c 00 WA 0 0 4
[ 4] .rodata.str1.1 PROGBITS 00004f2d 0052c4 001b1a 01 AMS 0 0 1
[ 5] .init.text PROGBITS 00004794 006dde 0005fa 00 AX 0 0 1
[ 6] .exit.text PROGBITS 00004d8e 0073d8 00018a 00 AX 0 0 1
...
So the bug in the tool remained undiscovered because the section's vaddr
always happened to be 0.
Signed-off-by: Raymes Khoury <raymes@google.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Diffstat (limited to 'usr/gen_init_cpio.c')
0 files changed, 0 insertions, 0 deletions