[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] mkelf32 uninitialized data and reproducible builds



The xen/arch/x86/boot/mkelf32 executable is preventing Xen hypervisors
from being reproducibly built.  It is using an uninitialized stack
buffer for padding after the ehdr and phdr are written to the xen file,
which leads to non-deterministic bytes in the binary.

Additionally, the file is then compressed with gzip -9 without the
-n or --no-name flag, which leads to the xen.gz file having
non-deterministric timestamp bytes in the compressed file.

The xen/Makefile variables XEN_WHOAMI, XEN_DOMAIN, XEN_BUILD_TIME,
XEN_BUILD_DATE and XEN_BUILD_HOST are also not reproducible, but
since they are defined with ?= it is possible for an outside
build script to override them.  Perhaps having a flag to set
these to a default value would be useful.

Fixing these allows a re-build of the binary to be the same on
a given host and avoids undefined behaviour in mkelf32.

-- 
Trammell

diff --recursive -u 
/home/hudson/build/clean/xen-4.6.3/xen/arch/x86/boot/mkelf32.c 
./xen/arch/x86/boot/mkelf32.c
--- /home/hudson/build/clean/xen-4.6.3/xen/arch/x86/boot/mkelf32.c      
2016-06-20 08:08:22.000000000 -0400
+++ ./xen/arch/x86/boot/mkelf32.c       2016-08-04 18:02:25.854371605 -0400
@@ -231,14 +231,14 @@
     u32        loadbase, dat_siz, mem_siz;
     char      *inimage, *outimage;
     int        infd, outfd;
-    char       buffer[1024];
+    char       buffer[1024] = {};
     int        bytes, todo, i;
 
-    Elf32_Ehdr in32_ehdr;
-    Elf32_Phdr in32_phdr;
+    Elf32_Ehdr in32_ehdr = {};
+    Elf32_Phdr in32_phdr = {};
 
-    Elf64_Ehdr in64_ehdr;
-    Elf64_Phdr in64_phdr;
+    Elf64_Ehdr in64_ehdr = {};
+    Elf64_Phdr in64_phdr = {};
 
     if ( argc != 5 )
     {
diff --recursive -u /home/hudson/build/clean/xen-4.6.3/xen/Makefile 
./xen/Makefile
--- /home/hudson/build/clean/xen-4.6.3/xen/Makefile     2016-06-20 
08:08:22.000000000 -0400
+++ ./xen/Makefile      2016-08-04 17:50:04.888970103 -0400
@@ -97,7 +103,7 @@
        rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out 
GTAGS GPATH GRTAGS GSYMS
 
 $(TARGET).gz: $(TARGET)
-       gzip -f -9 < $< > $@.new
+       gzip -n -f -9 < $< > $@.new
        mv $@.new $@
 
 $(TARGET): delete-unfresh-files

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.