From owner-svn-src-stable@freebsd.org Fri Sep 11 10:05:45 2020 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 04B973D48CF; Fri, 11 Sep 2020 10:05:45 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bnrx465SZz467k; Fri, 11 Sep 2020 10:05:44 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B4F672250E; Fri, 11 Sep 2020 10:05:44 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 08BA5iph038562; Fri, 11 Sep 2020 10:05:44 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 08BA5iGY038561; Fri, 11 Sep 2020 10:05:44 GMT (envelope-from kib@FreeBSD.org) Message-Id: <202009111005.08BA5iGY038561@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Fri, 11 Sep 2020 10:05:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r365627 - stable/12/libexec/rtld-elf X-SVN-Group: stable-12 X-SVN-Commit-Author: kib X-SVN-Commit-Paths: stable/12/libexec/rtld-elf X-SVN-Commit-Revision: 365627 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2020 10:05:45 -0000 Author: kib Date: Fri Sep 11 10:05:44 2020 New Revision: 365627 URL: https://svnweb.freebsd.org/changeset/base/365627 Log: MFC r365360, r365370: rtld: Handle ELF dso with program headers outside the first page. PR: 229708 Modified: stable/12/libexec/rtld-elf/map_object.c Directory Properties: stable/12/ (props changed) Modified: stable/12/libexec/rtld-elf/map_object.c ============================================================================== --- stable/12/libexec/rtld-elf/map_object.c Fri Sep 11 09:15:49 2020 (r365626) +++ stable/12/libexec/rtld-elf/map_object.c Fri Sep 11 10:05:44 2020 (r365627) @@ -40,11 +40,19 @@ #include "debug.h" #include "rtld.h" -static Elf_Ehdr *get_elf_header(int, const char *, const struct stat *); +static Elf_Ehdr *get_elf_header(int, const char *, const struct stat *, + Elf_Phdr **phdr); static int convert_flags(int); /* Elf flags -> mmap flags */ int __getosreldate(void); +static bool +phdr_in_zero_page(const Elf_Ehdr *hdr) +{ + return (hdr->e_phoff + hdr->e_phnum * sizeof(Elf_Phdr) <= + (size_t)PAGE_SIZE); +} + /* * Map a shared object into memory. The "fd" argument is a file descriptor, * which must be open on the object and positioned at its beginning. @@ -94,17 +102,15 @@ map_object(int fd, const char *path, const struct stat char *note_map; size_t note_map_len; - hdr = get_elf_header(fd, path, sb); + hdr = get_elf_header(fd, path, sb, &phdr); if (hdr == NULL) return (NULL); /* * Scan the program header entries, and save key information. - * * We expect that the loadable segments are ordered by load address. */ - phdr = (Elf_Phdr *)((char *)hdr + hdr->e_phoff); - phsize = hdr->e_phnum * sizeof (phdr[0]); + phsize = hdr->e_phnum * sizeof(phdr[0]); phlimit = phdr + hdr->e_phnum; nsegs = -1; phdyn = phinterp = phtls = NULL; @@ -327,14 +333,18 @@ error1: error: if (note_map != NULL && note_map != MAP_FAILED) munmap(note_map, note_map_len); + if (!phdr_in_zero_page(hdr)) + munmap(phdr, hdr->e_phnum * sizeof(phdr[0])); munmap(hdr, PAGE_SIZE); return (NULL); } static Elf_Ehdr * -get_elf_header(int fd, const char *path, const struct stat *sbp) +get_elf_header(int fd, const char *path, const struct stat *sbp, + Elf_Phdr **phdr_p) { Elf_Ehdr *hdr; + Elf_Phdr *phdr; /* Make sure file has enough data for the ELF header */ if (sbp != NULL && sbp->st_size < (off_t)sizeof(Elf_Ehdr)) { @@ -383,11 +393,19 @@ get_elf_header(int fd, const char *path, const struct "%s: invalid shared object: e_phentsize != sizeof(Elf_Phdr)", path); goto error; } - if (hdr->e_phoff + hdr->e_phnum * sizeof(Elf_Phdr) > - (size_t)PAGE_SIZE) { - _rtld_error("%s: program header too large", path); - goto error; + if (phdr_in_zero_page(hdr)) { + phdr = (Elf_Phdr *)((char *)hdr + hdr->e_phoff); + } else { + phdr = mmap(NULL, hdr->e_phnum * sizeof(phdr[0]), + PROT_READ, MAP_PRIVATE | MAP_PREFAULT_READ, fd, + hdr->e_phoff); + if (phdr == MAP_FAILED) { + _rtld_error("%s: error mapping phdr: %s", path, + rtld_strerror(errno)); + goto error; + } } + *phdr_p = phdr; return (hdr); error: