@@ -145,8 +145,8 @@ int elf_load(const char *path, elf_info_t *info)
145145 long saved_pos = ftell (f );
146146 if (fseek (f , (long ) ph -> p_offset , SEEK_SET ) == 0 ) {
147147 size_t n = fread (info -> interp_path , 1 , interp_len , f );
148- /* interp_len includes the NUL from the ELF file.
149- * On short read, clear the path (unusable). On full read,
148+ /* interp_len includes the NUL from the ELF file. On short
149+ * read, clear the path (unusable). On full read,
150150 * force-terminate as insurance.
151151 */
152152 if (n < interp_len )
@@ -193,9 +193,9 @@ int elf_load(const char *path, elf_info_t *info)
193193 return -1 ;
194194 }
195195
196- /* Store program header file offset for later phdr_gpa calculation.
197- * The loader places program headers at the same GPA as they would be in
198- * the first PT_LOAD segment (they are typically within it).
196+ /* Store program header file offset for later phdr_gpa calculation. The
197+ * loader places program headers at the same GPA as they would be in the
198+ * first PT_LOAD segment (they are typically within it).
199199 */
200200 info -> phdr_gpa = info -> load_min + ehdr .e_phoff ;
201201
@@ -213,9 +213,9 @@ int elf_map_segments(const elf_info_t *info,
213213 uint64_t infra_hi )
214214{
215215 /* Half-open intersection test for [a, a+alen) and [b, b+blen). When
216- * infra_lo == infra_hi the caller opted out (early bring-up before
217- * guest_t is wired up); the host-side writes that follow still get
218- * the existing guest_size bound check.
216+ * infra_lo == infra_hi the caller opted out (early bring-up before guest_t
217+ * is wired up); the host-side writes that follow still get the existing
218+ * guest_size bound check.
219219 */
220220 bool infra_active = infra_lo < infra_hi ;
221221 FILE * f = fopen (path , "rb" );
@@ -231,9 +231,9 @@ int elf_map_segments(const elf_info_t *info,
231231 return -1 ;
232232 }
233233
234- /* Read and parse program headers again to get file offsets. The size
235- * was already bound-checked during elf_load(); recheck defensively in
236- * case the header sizes changed since (e.g. corrupt file races).
234+ /* Read and parse program headers again to get file offsets. The size was
235+ * already bound-checked during elf_load(); recheck defensively in case the
236+ * header sizes changed since (e.g. corrupt file races).
237237 */
238238 size_t ph_total = (size_t ) ehdr .e_phnum * ehdr .e_phentsize ;
239239 if (ph_total == 0 || ph_total > 65536 ) {
@@ -327,28 +327,28 @@ int elf_map_segments(const elf_info_t *info,
327327 return -1 ;
328328 }
329329
330- /* PT_LOAD with memsz == 0 maps no bytes, but the page-tail zero
331- * extent below still rounds up to the next page boundary. For an
332- * unaligned gpa that means a crafted ELF could splat zeros across
333- * the tail of a previously loaded segment in the same page, or
334- * trip the infra-overlap check with no live mapping behind it.
335- * Linux ignores zero-memsz PT_LOADs; mirror that here.
330+ /* PT_LOAD with memsz == 0 maps no bytes, but the page-tail zero extent
331+ * below still rounds up to the next page boundary. For an unaligned gpa
332+ * that means a crafted ELF could splat zeros across the tail of a
333+ * previously loaded segment in the same page, or trip the infra-overlap
334+ * check with no live mapping behind it. Linux ignores zero-memsz
335+ * PT_LOADs; mirror that here.
336336 */
337337 if (memsz == 0 ) {
338338 seg_idx ++ ;
339339 continue ;
340340 }
341341
342- /* The host memset zeros up to the next page boundary AFTER the
343- * segment ends, so the infra-overlap check has to use the same
344- * rounded extent. The end is PAGE_ALIGN_UP(gpa + memsz) rather
345- * than gpa + PAGE_ALIGN_UP(memsz) because gpa is not always
346- * page-aligned (e.g. ld.so's RW segment at vaddr 0x2f650): with
347- * the older bytes-from-gpa formula the page covering the last
348- * memsz byte kept its mid-page tail untouched, and execve into a
349- * dynamic-linked target then read stale state from the prior
350- * incarnation of the same interpreter at offsets ld.so allocates
351- * from beyond memsz (e.g. the first link_map in _dl_new_object).
342+ /* The host memset zeros up to the next page boundary AFTER the segment
343+ * ends, so the infra-overlap check has to use the same rounded extent.
344+ * The end is PAGE_ALIGN_UP(gpa + memsz) rather than gpa +
345+ * PAGE_ALIGN_UP(memsz) because gpa is not always page-aligned (e.g.
346+ * ld.so's RW segment at vaddr 0x2f650): with the older bytes-from-gpa
347+ * formula the page covering the last memsz byte kept its mid-page tail
348+ * untouched, and execve into a dynamic-linked target then read stale
349+ * state from the prior incarnation of the same interpreter at offsets
350+ * ld.so allocates from beyond memsz (e.g. the first link_map in
351+ * _dl_new_object).
352352 */
353353 uint64_t zero_len = PAGE_ALIGN_UP (gpa + memsz ) - gpa ;
354354 if (gpa + zero_len > guest_size )
@@ -415,8 +415,8 @@ void elf_resolve_interp(const char *sysroot,
415415 if (access (out , F_OK ) == 0 )
416416 return ;
417417
418- /* Strategy 2: sysroot/lib/basename. Handles store-style
419- * interpreter paths such as /.../lib/ld-musl-aarch64.so.1
418+ /* Strategy 2: sysroot/lib/basename. Handles store-style interpreter
419+ * paths such as /.../lib/ld-musl-aarch64.so.1
420420 */
421421 const char * base = strrchr (interp_path , '/' );
422422 base = base ? base + 1 : interp_path ;
0 commit comments