grub-module-verifier: Report the filename or modname in errors

Make it so that when grub-module-verifier complains of an issue, it tells you
which module the issue was with.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones 2018-08-01 12:23:03 -04:00 committed by Vincent Batts
parent 380ce92d70
commit 65fdb2de04
3 changed files with 36 additions and 32 deletions

View file

@ -16,5 +16,5 @@ struct grub_module_verifier_arch {
const int *short_relocations; const int *short_relocations;
}; };
void grub_module_verify64(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); void grub_module_verify64(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
void grub_module_verify32(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); void grub_module_verify32(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);

View file

@ -157,7 +157,7 @@ main (int argc, char **argv)
if (strcmp(archs[arch].name, argv[2]) == 0) if (strcmp(archs[arch].name, argv[2]) == 0)
break; break;
if (arch == ARRAY_SIZE(archs)) if (arch == ARRAY_SIZE(archs))
grub_util_error("unknown arch: %s", argv[2]); grub_util_error("%s: unknown arch: %s", argv[1], argv[2]);
for (whitelist = 0; whitelist < ARRAY_SIZE(whitelists); whitelist++) for (whitelist = 0; whitelist < ARRAY_SIZE(whitelists); whitelist++)
if (strcmp(whitelists[whitelist].arch, argv[2]) == 0 if (strcmp(whitelists[whitelist].arch, argv[2]) == 0
@ -169,8 +169,8 @@ main (int argc, char **argv)
module_size = grub_util_get_image_size (argv[1]); module_size = grub_util_get_image_size (argv[1]);
module_img = grub_util_read_image (argv[1]); module_img = grub_util_read_image (argv[1]);
if (archs[arch].voidp_sizeof == 8) if (archs[arch].voidp_sizeof == 8)
grub_module_verify64(module_img, module_size, &archs[arch], whitelist_empty); grub_module_verify64(argv[1], module_img, module_size, &archs[arch], whitelist_empty);
else else
grub_module_verify32(module_img, module_size, &archs[arch], whitelist_empty); grub_module_verify32(argv[1], module_img, module_size, &archs[arch], whitelist_empty);
return 0; return 0;
} }

View file

@ -151,14 +151,15 @@ find_section (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e, const c
} }
static void static void
check_license (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) check_license (const char * const filename,
const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
{ {
Elf_Shdr *s = find_section (arch, e, ".module_license"); Elf_Shdr *s = find_section (arch, e, ".module_license");
if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0 if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0
|| strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0 || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0
|| strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0)) || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0))
return; return;
grub_util_error ("incompatible license"); grub_util_error ("%s: incompatible license", filename);
} }
static Elf_Sym * static Elf_Sym *
@ -224,10 +225,10 @@ check_symbols (const struct grub_module_verifier_arch *arch,
s = find_section (arch, e, ".moddeps"); s = find_section (arch, e, ".moddeps");
if (!s) if (!s)
grub_util_error ("no symbol table and no .moddeps section"); grub_util_error ("%s: no symbol table and no .moddeps section", modname);
if (!s->sh_size) if (!s->sh_size)
grub_util_error ("no symbol table and empty .moddeps section"); grub_util_error ("%s: no symbol table and empty .moddeps section", modname);
return; return;
} }
@ -248,7 +249,7 @@ check_symbols (const struct grub_module_verifier_arch *arch,
break; break;
default: default:
return grub_util_error ("unknown symbol type `%d'", (int) type); return grub_util_error ("%s: unknown symbol type `%d'", modname, (int) type);
} }
} }
} }
@ -274,7 +275,8 @@ is_symbol_local(Elf_Sym *sym)
} }
static void static void
section_check_relocations (const struct grub_module_verifier_arch *arch, void *ehdr, section_check_relocations (const char * const modname,
const struct grub_module_verifier_arch *arch, void *ehdr,
Elf_Shdr *s, size_t target_seg_size) Elf_Shdr *s, size_t target_seg_size)
{ {
Elf_Rel *rel, *max; Elf_Rel *rel, *max;
@ -283,7 +285,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
symtab = get_symtab (arch, ehdr, &symtabsize, &symtabentsize); symtab = get_symtab (arch, ehdr, &symtabsize, &symtabentsize);
if (!symtab) if (!symtab)
grub_util_error ("relocation without symbol table"); grub_util_error ("%s: relocation without symbol table", modname);
for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)), for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)),
max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size)); max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size));
@ -294,7 +296,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
unsigned i; unsigned i;
if (target_seg_size < grub_target_to_host (rel->r_offset)) if (target_seg_size < grub_target_to_host (rel->r_offset))
grub_util_error ("reloc offset is out of the segment"); grub_util_error ("%s: reloc offset is out of the segment", modname);
grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info)); grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info));
@ -307,17 +309,17 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
if (arch->supported_relocations[i] != -1) if (arch->supported_relocations[i] != -1)
continue; continue;
if (!arch->short_relocations) if (!arch->short_relocations)
grub_util_error ("unsupported relocation 0x%x", type); grub_util_error ("%s: unsupported relocation 0x%x", modname, type);
for (i = 0; arch->short_relocations[i] != -1; i++) for (i = 0; arch->short_relocations[i] != -1; i++)
if (type == arch->short_relocations[i]) if (type == arch->short_relocations[i])
break; break;
if (arch->short_relocations[i] == -1) if (arch->short_relocations[i] == -1)
grub_util_error ("unsupported relocation 0x%x", type); grub_util_error ("%s: unsupported relocation 0x%x", modname, type);
sym = (Elf_Sym *) ((char *) symtab + symtabentsize * ELF_R_SYM (grub_target_to_host (rel->r_info))); sym = (Elf_Sym *) ((char *) symtab + symtabentsize * ELF_R_SYM (grub_target_to_host (rel->r_info)));
if (is_symbol_local (sym)) if (is_symbol_local (sym))
continue; continue;
grub_util_error ("relocation 0x%x is not module-local", type); grub_util_error ("%s: relocation 0x%x is not module-local", modname, type);
} }
#if defined(MODULEVERIFIER_ELF64) #if defined(MODULEVERIFIER_ELF64)
if (arch->machine == EM_AARCH64) if (arch->machine == EM_AARCH64)
@ -342,11 +344,11 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
&& ELF_R_TYPE (rel2->r_info) == R_AARCH64_LD64_GOT_LO12_NC) && ELF_R_TYPE (rel2->r_info) == R_AARCH64_LD64_GOT_LO12_NC)
break; break;
if (rel2 >= (Elf_Rela *) max) if (rel2 >= (Elf_Rela *) max)
grub_util_error ("ADR_GOT_PAGE without matching LD64_GOT_LO12_NC"); grub_util_error ("%s: ADR_GOT_PAGE without matching LD64_GOT_LO12_NC", modname);
break; break;
case R_AARCH64_LD64_GOT_LO12_NC: case R_AARCH64_LD64_GOT_LO12_NC:
if (unmatched_adr_got_page == 0) if (unmatched_adr_got_page == 0)
grub_util_error ("LD64_GOT_LO12_NC without matching ADR_GOT_PAGE"); grub_util_error ("%s: LD64_GOT_LO12_NC without matching ADR_GOT_PAGE", modname);
unmatched_adr_got_page--; unmatched_adr_got_page--;
break; break;
} }
@ -356,7 +358,8 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
} }
static void static void
check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) check_relocations (const char * const modname,
const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
{ {
Elf_Shdr *s; Elf_Shdr *s;
unsigned i; unsigned i;
@ -369,21 +372,22 @@ check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
Elf_Shdr *ts; Elf_Shdr *ts;
if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL)) if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL))
grub_util_error ("unsupported SHT_REL"); grub_util_error ("%s: unsupported SHT_REL", modname);
if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA)) if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA))
grub_util_error ("unsupported SHT_RELA"); grub_util_error ("%s: unsupported SHT_RELA", modname);
/* Find the target segment. */ /* Find the target segment. */
if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum)) if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum))
grub_util_error ("orphaned reloc section"); grub_util_error ("%s: orphaned reloc section", modname);
ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize)); ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize));
section_check_relocations (arch, e, s, grub_target_to_host (ts->sh_size)); section_check_relocations (modname, arch, e, s, grub_target_to_host (ts->sh_size));
} }
} }
void void
SUFFIX(grub_module_verify) (void *module_img, size_t size, SUFFIX(grub_module_verify) (const char * const filename,
void *module_img, size_t size,
const struct grub_module_verifier_arch *arch, const struct grub_module_verifier_arch *arch,
const char **whitelist_empty) const char **whitelist_empty)
{ {
@ -391,7 +395,7 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size,
/* Check the header size. */ /* Check the header size. */
if (size < sizeof (Elf_Ehdr)) if (size < sizeof (Elf_Ehdr))
grub_util_error ("ELF header smaller than expected"); grub_util_error ("%s: ELF header smaller than expected", filename);
/* Check the magic numbers. */ /* Check the magic numbers. */
if (e->e_ident[EI_MAG0] != ELFMAG0 if (e->e_ident[EI_MAG0] != ELFMAG0
@ -400,36 +404,36 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size,
|| e->e_ident[EI_MAG3] != ELFMAG3 || e->e_ident[EI_MAG3] != ELFMAG3
|| e->e_ident[EI_VERSION] != EV_CURRENT || e->e_ident[EI_VERSION] != EV_CURRENT
|| grub_target_to_host32 (e->e_version) != EV_CURRENT) || grub_target_to_host32 (e->e_version) != EV_CURRENT)
grub_util_error ("invalid arch-independent ELF magic"); grub_util_error ("%s: invalid arch-independent ELF magic", filename);
if (e->e_ident[EI_CLASS] != ELFCLASSXX if (e->e_ident[EI_CLASS] != ELFCLASSXX
|| e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB) || e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB)
|| grub_target_to_host16 (e->e_machine) != arch->machine) || grub_target_to_host16 (e->e_machine) != arch->machine)
grub_util_error ("invalid arch-dependent ELF magic"); grub_util_error ("%s: invalid arch-dependent ELF magic", filename);
if (grub_target_to_host16 (e->e_type) != ET_REL) if (grub_target_to_host16 (e->e_type) != ET_REL)
{ {
grub_util_error ("this ELF file is not of the right type"); grub_util_error ("%s: this ELF file is not of the right type", filename);
} }
/* Make sure that every section is within the core. */ /* Make sure that every section is within the core. */
if (size < grub_target_to_host (e->e_shoff) if (size < grub_target_to_host (e->e_shoff)
+ (grub_uint32_t) grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum)) + (grub_uint32_t) grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum))
{ {
grub_util_error ("ELF sections outside core"); grub_util_error ("%s: ELF sections outside core", filename);
} }
check_license (arch, e); check_license (filename, arch, e);
Elf_Shdr *s; Elf_Shdr *s;
const char *modname; const char *modname;
s = find_section (arch, e, ".modname"); s = find_section (arch, e, ".modname");
if (!s) if (!s)
grub_util_error ("no module name found"); grub_util_error ("%s: no module name found", filename);
modname = (const char *) e + grub_target_to_host (s->sh_offset); modname = (const char *) e + grub_target_to_host (s->sh_offset);
check_symbols(arch, e, modname, whitelist_empty); check_symbols(arch, e, modname, whitelist_empty);
check_relocations(arch, e); check_relocations(modname, arch, e);
} }