From owner-dev-commits-src-all@freebsd.org  Thu Jul 29 14:49:11 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id EE4B8675472;
 Thu, 29 Jul 2021 14:49:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4GbD1z6JFQz4mcs;
 Thu, 29 Jul 2021 14:49:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BCA9013659;
 Thu, 29 Jul 2021 14:49:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 16TEnB1j055929;
 Thu, 29 Jul 2021 14:49:11 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 16TEnBYC055928;
 Thu, 29 Jul 2021 14:49:11 GMT (envelope-from git)
Date: Thu, 29 Jul 2021 14:49:11 GMT
Message-Id: <202107291449.16TEnBYC055928@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 9e575fadf491 - main - link_elf_obj: Invoke fini callbacks
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 9e575fadf491152fb3445d4837d49a9cb87dd6e2
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 14:49:12 -0000

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=9e575fadf491152fb3445d4837d49a9cb87dd6e2

commit 9e575fadf491152fb3445d4837d49a9cb87dd6e2
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-07-29 13:46:25 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-07-29 13:46:25 +0000

    link_elf_obj: Invoke fini callbacks
    
    This is required for KASAN: when a module is unloaded, poisoned regions
    (e.g., pad areas between global variables) are left as such, so if they
    are reused as KLDs are loaded, false positives can arise.
    
    Reported by:    pho, Jenkins
    Reviewed by:    kib
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D31339
---
 sys/kern/kern_linker.c  |  2 ++
 sys/kern/link_elf_obj.c | 32 +++++++++++++++++++++++++++++---
 sys/sys/linker.h        |  6 ++++--
 3 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index bb17c020e98a..c0005f2f5cf6 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -613,6 +613,8 @@ linker_make_file(const char *pathname, linker_class_t lc)
 		return (NULL);
 	lf->ctors_addr = 0;
 	lf->ctors_size = 0;
+	lf->dtors_addr = 0;
+	lf->dtors_size = 0;
 	lf->refs = 1;
 	lf->userrefs = 0;
 	lf->flags = 0;
diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c
index 65b997b513e3..91852939e5e8 100644
--- a/sys/kern/link_elf_obj.c
+++ b/sys/kern/link_elf_obj.c
@@ -544,6 +544,17 @@ link_elf_link_preload(linker_class_t cls, const char *filename,
 					lf->ctors_addr = ef->progtab[pb].addr;
 					lf->ctors_size = shdr[i].sh_size;
 				}
+			} else if ((ef->progtab[pb].name != NULL &&
+			    strcmp(ef->progtab[pb].name, ".dtors") == 0) ||
+			    shdr[i].sh_type == SHT_FINI_ARRAY) {
+				if (lf->dtors_addr != 0) {
+					printf(
+				    "%s: multiple dtor sections in %s\n",
+					    __func__, filename);
+				} else {
+					lf->dtors_addr = ef->progtab[pb].addr;
+					lf->dtors_size = shdr[i].sh_size;
+				}
 			}
 
 			/* Update all symbol values with the offset. */
@@ -612,7 +623,7 @@ out:
 }
 
 static void
-link_elf_invoke_ctors(caddr_t addr, size_t size)
+link_elf_invoke_cbs(caddr_t addr, size_t size)
 {
 	void (**ctor)(void);
 	size_t i, cnt;
@@ -653,7 +664,7 @@ link_elf_link_preload_finish(linker_file_t lf)
 	/* Apply protections now that relocation processing is complete. */
 	link_elf_protect(ef);
 
-	link_elf_invoke_ctors(lf->ctors_addr, lf->ctors_size);
+	link_elf_invoke_cbs(lf->ctors_addr, lf->ctors_size);
 	return (0);
 }
 
@@ -1012,6 +1023,19 @@ link_elf_load_file(linker_class_t cls, const char *filename,
 						lf->ctors_size =
 						    shdr[i].sh_size;
 					}
+				} else if (!strcmp(ef->progtab[pb].name,
+				    ".dtors") ||
+				    shdr[i].sh_type == SHT_FINI_ARRAY) {
+					if (lf->dtors_addr != 0) {
+						printf(
+				    "%s: multiple dtor sections in %s\n",
+						    __func__, filename);
+					} else {
+						lf->dtors_addr =
+						    (caddr_t)mapbase;
+						lf->dtors_size =
+						    shdr[i].sh_size;
+					}
 				}
 			} else if (shdr[i].sh_type == SHT_PROGBITS)
 				ef->progtab[pb].name = "<<PROGBITS>>";
@@ -1196,7 +1220,7 @@ link_elf_load_file(linker_class_t cls, const char *filename,
 #endif
 
 	link_elf_protect(ef);
-	link_elf_invoke_ctors(lf->ctors_addr, lf->ctors_size);
+	link_elf_invoke_cbs(lf->ctors_addr, lf->ctors_size);
 	*result = lf;
 
 out:
@@ -1216,6 +1240,8 @@ link_elf_unload_file(linker_file_t file)
 	elf_file_t ef = (elf_file_t) file;
 	u_int i;
 
+	link_elf_invoke_cbs(file->dtors_addr, file->dtors_size);
+
 	/* Notify MD code that a module is being unloaded. */
 	elf_cpu_unload_file(file);
 
diff --git a/sys/sys/linker.h b/sys/sys/linker.h
index a3d5eb0e72cf..2d65630cd66b 100644
--- a/sys/sys/linker.h
+++ b/sys/sys/linker.h
@@ -82,8 +82,10 @@ struct linker_file {
     int			id;		/* unique id */
     caddr_t		address;	/* load address */
     size_t		size;		/* size of file */
-    caddr_t		ctors_addr;	/* address of .ctors */
-    size_t		ctors_size;	/* size of .ctors */
+    caddr_t		ctors_addr;	/* address of .ctors/.init_array */
+    size_t		ctors_size;	/* size of .ctors/.init_array */
+    caddr_t		dtors_addr;	/* address of .dtors/.fini_array */
+    size_t		dtors_size;	/* size of .dtors/.fini_array */
     int			ndeps;		/* number of dependencies */
     linker_file_t*	deps;		/* list of dependencies */
     STAILQ_HEAD(, common_symbol) common; /* list of common symbols */