From owner-svn-src-all@freebsd.org Sat Sep 5 10:16:25 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 267FE3E79C1; Sat, 5 Sep 2020 10:16:25 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bk9S908Ymz4K6Z; Sat, 5 Sep 2020 10:16:25 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DCAA51C60B; Sat, 5 Sep 2020 10:16:24 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 085AGOIP091406; Sat, 5 Sep 2020 10:16:24 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 085AGOU7091405; Sat, 5 Sep 2020 10:16:24 GMT (envelope-from kib@FreeBSD.org) Message-Id: <202009051016.085AGOU7091405@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Sat, 5 Sep 2020 10:16:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r365360 - head/libexec/rtld-elf X-SVN-Group: head X-SVN-Commit-Author: kib X-SVN-Commit-Paths: head/libexec/rtld-elf X-SVN-Commit-Revision: 365360 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Sep 2020 10:16:25 -0000 Author: kib Date: Sat Sep 5 10:16:24 2020 New Revision: 365360 URL: https://svnweb.freebsd.org/changeset/base/365360 Log: rtld: Handle ELF dso with program headers outside the first page. Reported by: Alex Arslan PR: 229708 Reviewed by: dim (previous version), emaste Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D26323 Modified: head/libexec/rtld-elf/map_object.c Modified: head/libexec/rtld-elf/map_object.c ============================================================================== --- head/libexec/rtld-elf/map_object.c Sat Sep 5 10:12:06 2020 (r365359) +++ head/libexec/rtld-elf/map_object.c Sat Sep 5 10:16:24 2020 (r365360) @@ -40,11 +40,19 @@ #include "debug.h" #include "rtld.h" -static Elf_Ehdr *get_elf_header(int, const char *, const struct stat *); +static Elf_Ehdr *get_elf_header(int, const char *, const struct stat *, + Elf_Phdr **phdr); static int convert_flags(int); /* Elf flags -> mmap flags */ int __getosreldate(void); +static bool +phdr_in_zero_page(const Elf_Ehdr *hdr) +{ + return (hdr->e_phoff + hdr->e_phnum * sizeof(Elf_Phdr) < + (size_t)PAGE_SIZE); +} + /* * Map a shared object into memory. The "fd" argument is a file descriptor, * which must be open on the object and positioned at its beginning. @@ -95,17 +103,15 @@ map_object(int fd, const char *path, const struct stat size_t note_map_len; Elf_Addr text_end; - hdr = get_elf_header(fd, path, sb); + hdr = get_elf_header(fd, path, sb, &phdr); if (hdr == NULL) return (NULL); /* * Scan the program header entries, and save key information. - * * We expect that the loadable segments are ordered by load address. */ - phdr = (Elf_Phdr *)((char *)hdr + hdr->e_phoff); - phsize = hdr->e_phnum * sizeof (phdr[0]); + phsize = hdr->e_phnum * sizeof(phdr[0]); phlimit = phdr + hdr->e_phnum; nsegs = -1; phdyn = phinterp = phtls = NULL; @@ -332,14 +338,18 @@ error1: error: if (note_map != NULL && note_map != MAP_FAILED) munmap(note_map, note_map_len); + if (!phdr_in_zero_page(hdr)) + munmap(phdr, hdr->e_phnum * sizeof(phdr[0])); munmap(hdr, PAGE_SIZE); return (NULL); } static Elf_Ehdr * -get_elf_header(int fd, const char *path, const struct stat *sbp) +get_elf_header(int fd, const char *path, const struct stat *sbp, + Elf_Phdr **phdr_p) { Elf_Ehdr *hdr; + Elf_Phdr *phdr; /* Make sure file has enough data for the ELF header */ if (sbp != NULL && sbp->st_size < (off_t)sizeof(Elf_Ehdr)) { @@ -388,11 +398,19 @@ get_elf_header(int fd, const char *path, const struct "%s: invalid shared object: e_phentsize != sizeof(Elf_Phdr)", path); goto error; } - if (hdr->e_phoff + hdr->e_phnum * sizeof(Elf_Phdr) > - (size_t)PAGE_SIZE) { - _rtld_error("%s: program header too large", path); - goto error; + if (phdr_in_zero_page(hdr)) { + phdr = (Elf_Phdr *)((char *)hdr + hdr->e_phoff); + } else { + phdr = mmap(NULL, hdr->e_phnum * sizeof(phdr[0]), + PROT_READ, MAP_PRIVATE | MAP_PREFAULT_READ, fd, + hdr->e_phoff); + if (phdr == MAP_FAILED) { + _rtld_error("%s: error mapping phdr: %s", path, + rtld_strerror(errno)); + goto error; + } } + *phdr_p = phdr; return (hdr); error: