Date: Mon, 08 Dec 2025 13:32:08 +0000 From: bugzilla-noreply@freebsd.org To: riscv@FreeBSD.org Subject: [Bug 291446] /libexec/ld-elf.so.1 not branded properly on riscv, breaks manual activation via ldd Message-ID: <bug-291446-40250-pyO2Q4CKrF@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-291446-40250@https.bugs.freebsd.org/bugzilla/> References: <bug-291446-40250@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291446 --- Comment #11 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=5d58198ccc2b562098ee5fc4898013622b32b065 commit 5d58198ccc2b562098ee5fc4898013622b32b065 Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2025-12-08 13:01:57 +0000 Commit: Jessica Clarke <jrtc27@FreeBSD.org> CommitDate: 2025-12-08 13:01:57 +0000 imgact_elf: Fix off-by-one in note size check Prior to c86af2cc4cd1 ("imgact_elf: Check note body sizes"), this was note_name + n_namesz >= note_end, which checks that there is at least one byte after the unpadded name (which could be either padding or data), and given our notes always have data with them this was fine. However, once we started checking the padded name (note that "FreeBSD\0" is already a multiple of 4 bytes, so has no padding) and data, this turned into checking that there is at least one byte after the unpadded data, and since our ELF notes already have a multiple of 4 bytes for their data and therefore have no padding, this means that we are now checking that there is at least one byte after the ELF note, which is not going to be the case for the last ELF note. Instead, switch this to a strict greater than, as should be used when comparing one-past-the-end pointers, which both sides of the inequality are. For executables, this was generally not a problem in reality, since the last of our ELF notes is NT_FREEBSD_NOINIT_TAG, which isn't read by the kernel. However, ld-elf.so.1 (and libcompat variants), like shared libraries, only has NT_FREEBSD_ABI_TAG, which meant the kernel did not see this ELF note when directly executing it (e.g. as done by ldd), and on RISC-V this is the only branding present, so doing so would fail with ENOEXEC. This does also mean on non-RISC-V direct exec ld-elf.so.1 runs with the wrong p_osrel, but given it sets kern.proc.osrel.PID to the executable's NT_FREEBSD_ABI_TAG that it loads, this probably doesn't matter in practice. PR: 291446 Reported by: bdragon Tested by: bdragon Fixes: c86af2cc4cd1 ("imgact_elf: Check note body sizes") MFC after: 3 days sys/kern/imgact_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-291446-40250-pyO2Q4CKrF>