Remove the limitation of only being able to load binaries with 2 PT_LOAD

sections, like the kernel can. From FreeBSD.
2023-01-06 15:33:47 +00:00 · 2023-01-06 15:33:47 +00:00 · acf7fb3abf
parent 8abbf48823
commit acf7fb3abf
1 changed files with 154 additions and 122 deletions
--- a/libexec/ld.elf_so/map_object.c
+++ b/libexec/ld.elf_so/map_object.c
@ -1,4 +1,4 @@
-/*	$NetBSD: map_object.c,v 1.62 2022/03/30 08:26:45 hannken Exp $	 */
+/*	$NetBSD: map_object.c,v 1.63 2023/01/06 15:33:47 christos Exp $	 */

 /*
 * Copyright 1996 John D. Polstra.
@ -34,7 +34,7 @@

 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: map_object.c,v 1.62 2022/03/30 08:26:45 hannken Exp $");
+__RCSID("$NetBSD: map_object.c,v 1.63 2023/01/06 15:33:47 christos Exp $");
 #endif /* not lint */

 #include <errno.h>
@ -49,7 +49,8 @@ __RCSID("$NetBSD: map_object.c,v 1.62 2022/03/30 08:26:45 hannken Exp $");
 #include "debug.h"
 #include "rtld.h"

-static int protflags(int);	/* Elf flags -> mmap protection */
+static int convert_prot(int);	/* Elf flags -> mmap protection */
+static int convert_flags(int);  /* Elf flags -> mmap flags */

 #define EA_UNDEF		(~(Elf_Addr)0)

@ -69,35 +70,35 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II)
 	Elf_Phdr	*phtls;
 #endif
-	size_t		 phsize;
 	Elf_Phdr	*phlimit;
-	Elf_Phdr	*segs[2];
+	Elf_Phdr       **segs = NULL;
 	int		 nsegs;
 	caddr_t		 mapbase = MAP_FAILED;
 	size_t		 mapsize = 0;
 	int		 mapflags;
-	Elf_Off		 base_offset;
 	Elf_Addr	 base_alignment;
 	Elf_Addr	 base_vaddr;
 	Elf_Addr	 base_vlimit;
 	Elf_Addr	 text_vlimit;
-	int		 text_flags;
+	Elf_Addr	 text_end;
 	void		*base_addr;
 	Elf_Off		 data_offset;
 	Elf_Addr	 data_vaddr;
 	Elf_Addr	 data_vlimit;
 	int		 data_flags;
+	int		 data_prot;
 	caddr_t		 data_addr;
+	Elf_Addr	 bss_vaddr;
+	Elf_Addr	 bss_vlimit;
+	caddr_t		 bss_addr;
 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II)
 	Elf_Addr	 tls_vaddr = 0; /* Noise GCC */
 #endif
 	Elf_Addr	 phdr_vaddr;
-	size_t		 phdr_memsz;
-	caddr_t		 gap_addr;
-	size_t		 gap_size;
 	int i;
 #ifdef RTLD_LOADER
 	Elf_Addr	 clear_vaddr;
+	caddr_t	 	 clear_page;
 	caddr_t		 clear_addr;
 	size_t		 nclear;
 #endif
@ -105,6 +106,9 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 	Elf_Addr 	 relro_page;
 	size_t		 relro_size;
 #endif
+#ifdef notyet
+	int		 stack_flags;
+#endif

 	if (sb != NULL && sb->st_size < (off_t)sizeof (Elf_Ehdr)) {
 		_rtld_error("%s: not ELF file (too short)", path);
@ -124,34 +128,34 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 	obj->ehdr = ehdr;
 	if (ehdr == MAP_FAILED) {
 		_rtld_error("%s: read error: %s", path, xstrerror(errno));
-		goto bad;
+		goto error;
 	}
 	/* Make sure the file is valid */
 	if (memcmp(ELFMAG, ehdr->e_ident, SELFMAG) != 0) {
 		_rtld_error("%s: not ELF file (magic number bad)", path);
-		goto bad;
+		goto error;
 	}
 	if (ehdr->e_ident[EI_CLASS] != ELFCLASS) {
 		_rtld_error("%s: invalid ELF class %x; expected %x", path,
 		    ehdr->e_ident[EI_CLASS], ELFCLASS);
-		goto bad;
+		goto error;
 	}
 	/* Elf_e_ident includes class */
 	if (ehdr->e_ident[EI_VERSION] != EV_CURRENT ||
 	    ehdr->e_version != EV_CURRENT ||
 	    ehdr->e_ident[EI_DATA] != ELFDEFNNAME(MACHDEP_ENDIANNESS)) {
 		_rtld_error("%s: unsupported file version", path);
-		goto bad;
+		goto error;
 	}
 	if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) {
 		_rtld_error("%s: unsupported file type", path);
-		goto bad;
+		goto error;
 	}
 	switch (ehdr->e_machine) {
 		ELFDEFNNAME(MACHDEP_ID_CASES)
 	default:
 		_rtld_error("%s: unsupported machine", path);
-		goto bad;
+		goto error;
 	}

 	/*
@ -173,16 +177,22 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II)
 	phtls = NULL;
 #endif
-	phsize = ehdr->e_phnum * sizeof(phdr[0]);
 	obj->phdr = NULL;
 #ifdef GNU_RELRO
 	relro_page = 0;
 	relro_size = 0;
 #endif
 	phdr_vaddr = EA_UNDEF;
-	phdr_memsz = 0;
 	phlimit = phdr + ehdr->e_phnum;
-	nsegs = 0;
+	segs = xmalloc(sizeof(segs[0]) * ehdr->e_phnum);
+	if (segs == NULL) {
+		_rtld_error("No memory for segs");
+		goto error;
+	}
+#ifdef notyet
+	stack_flags = PF_R | PF_W;
+#endif
+	nsegs = -1;
 	while (phdr < phlimit) {
 		switch (phdr->p_type) {
 		case PT_INTERP:
@ -191,21 +201,37 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 			break;

 		case PT_LOAD:
-			if (nsegs < 2)
-				segs[nsegs] = phdr;
-			++nsegs;
+			segs[++nsegs] = phdr;
+			if ((segs[nsegs]->p_align & (_rtld_pagesz - 1)) != 0) {
+				_rtld_error(
+				    "%s: PT_LOAD segment %d not page-aligned",
+				    path, nsegs);
+				goto error;
+			}
+			if ((segs[nsegs]->p_flags & PF_X) == PF_X) {
+				text_end = MAX(text_end,
+				    round_up(segs[nsegs]->p_vaddr +
+				    segs[nsegs]->p_memsz));
+			}

-			dbg(("%s: %s %p phsize %" PRImemsz, obj->path, "PT_LOAD",
+			dbg(("%s: %s %p phsize %" PRImemsz, obj->path,
+			    "PT_LOAD",
 			    (void *)(uintptr_t)phdr->p_vaddr, phdr->p_memsz));
 			break;

 		case PT_PHDR:
 			phdr_vaddr = phdr->p_vaddr;
-			phdr_memsz = phdr->p_memsz;
-			dbg(("%s: %s %p phsize %" PRImemsz, obj->path, "PT_PHDR",
+			dbg(("%s: %s %p phsize %" PRImemsz, obj->path,
+			    "PT_PHDR",
 			    (void *)(uintptr_t)phdr->p_vaddr, phdr->p_memsz));
 			break;

+#ifdef notyet
+		case PT_GNU_STACK:
+			stack_flags = phdr->p_flags;
+			break;
+#endif
+
 #ifdef GNU_RELRO
 		case PT_GNU_RELRO:
 			relro_page = phdr->p_vaddr;
@ -215,7 +241,8 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)

 		case PT_DYNAMIC:
 			obj->dynamic = (void *)(uintptr_t)phdr->p_vaddr;
-			dbg(("%s: %s %p phsize %" PRImemsz, obj->path, "PT_DYNAMIC",
+			dbg(("%s: %s %p phsize %" PRImemsz, obj->path,
+			    "PT_DYNAMIC",
 			    (void *)(uintptr_t)phdr->p_vaddr, phdr->p_memsz));
 			break;

@ -240,12 +267,7 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 	obj->entry = (void *)(uintptr_t)ehdr->e_entry;
 	if (!obj->dynamic) {
 		_rtld_error("%s: not dynamically linked", path);
-		goto bad;
-	}
-	if (nsegs != 2) {
-		_rtld_error("%s: wrong number of segments (%d != 2)", path,
-		    nsegs);
-		goto bad;
+		goto error;
 	}

 	/*
@ -261,17 +283,15 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 	 */

 	base_alignment = segs[0]->p_align;
-	base_offset = round_down(segs[0]->p_offset);
 	base_vaddr = round_down(segs[0]->p_vaddr);
-	base_vlimit = round_up(segs[1]->p_vaddr + segs[1]->p_memsz);
+	base_vlimit = round_up(segs[nsegs]->p_vaddr + segs[nsegs]->p_memsz);
 	text_vlimit = round_up(segs[0]->p_vaddr + segs[0]->p_memsz);
-	text_flags = protflags(segs[0]->p_flags);
-	data_offset = round_down(segs[1]->p_offset);
-	data_vaddr = round_down(segs[1]->p_vaddr);
-	data_vlimit = round_up(segs[1]->p_vaddr + segs[1]->p_filesz);
-	data_flags = protflags(segs[1]->p_flags);
+	data_offset = round_down(segs[nsegs]->p_offset);
+	data_vaddr = round_down(segs[nsegs]->p_vaddr);
+	data_vlimit = round_up(segs[nsegs]->p_vaddr + segs[nsegs]->p_filesz);
+	data_flags = convert_prot(segs[nsegs]->p_flags);
 #ifdef RTLD_LOADER
-	clear_vaddr = segs[1]->p_vaddr + segs[1]->p_filesz;
+	clear_vaddr = segs[nsegs]->p_vaddr + segs[nsegs]->p_filesz;
 #endif

 	obj->textsize = text_vlimit - base_vaddr;
@ -289,54 +309,15 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 	}
 #endif

-	obj->phdr_loaded = false;
-	for (i = 0; i < nsegs; i++) {
-		if (phdr_vaddr != EA_UNDEF &&
-		    segs[i]->p_vaddr <= phdr_vaddr &&
-		    segs[i]->p_memsz >= phdr_memsz) {
-			obj->phdr_loaded = true;
-			break;
-		}
-		if (segs[i]->p_offset <= ehdr->e_phoff &&
-		    segs[i]->p_memsz >= phsize) {
-			phdr_vaddr = segs[i]->p_vaddr + ehdr->e_phoff;
-			phdr_memsz = phsize;
-			obj->phdr_loaded = true;
-			break;
-		}
-	}
-	if (obj->phdr_loaded) {
-		obj->phdr = (void *)(uintptr_t)phdr_vaddr;
-		obj->phsize = phdr_memsz;
-	} else {
-		Elf_Phdr *buf;
-		buf = xmalloc(phsize);
-		if (buf == NULL) {
-			_rtld_error("%s: cannot allocate program header", path);
-			goto bad;
-		}
-		memcpy(buf, phdr, phsize);
-		obj->phdr = buf;
-		obj->phsize = phsize;
-	}
-	dbg(("%s: phdr %p phsize %zu (%s)", obj->path, obj->phdr, obj->phsize,
-	     obj->phdr_loaded ? "loaded" : "allocated"));
-
-	/* Unmap header if it overlaps the first load section. */
-	if (base_offset < _rtld_pagesz) {
-		munmap(ehdr, _rtld_pagesz);
-		obj->ehdr = MAP_FAILED;
-	}
-
 	/*
 	 * Calculate log2 of the base section alignment.
 	 */
-	mapflags = 0;
+	mapflags = MAP_PRIVATE | MAP_ANON;
 	if (base_alignment > _rtld_pagesz) {
 		unsigned int log2 = 0;
 		for (; base_alignment > 1; base_alignment >>= 1)
 			log2++;
-		mapflags = MAP_ALIGNED(log2);
+		mapflags |= MAP_ALIGNED(log2);
 	}

 	base_addr = NULL;
@ -347,57 +328,90 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 	}
 #endif
 	mapsize = base_vlimit - base_vaddr;
-	mapbase = mmap(base_addr, mapsize, text_flags,
-	    mapflags | MAP_FILE | MAP_PRIVATE, fd, base_offset);
+	mapbase = mmap(base_addr, mapsize, PROT_NONE, mapflags, -1, 0);
 	if (mapbase == MAP_FAILED) {
 		_rtld_error("mmap of entire address space failed: %s",
 		    xstrerror(errno));
-		goto bad;
+		goto error;
 	}
 #ifdef RTLD_LOADER
 	if (!obj->isdynamic && mapbase != base_addr) {
 		_rtld_error("mmap of executable at correct address failed");
-		goto bad;
+		goto error;
 	}
 #endif

-	/* Overlay the data segment onto the proper region. */
-	data_addr = mapbase + (data_vaddr - base_vaddr);
-	if (mmap(data_addr, data_vlimit - data_vaddr, data_flags,
-	    MAP_FILE | MAP_PRIVATE | MAP_FIXED, fd, data_offset) ==
-	    MAP_FAILED) {
-		_rtld_error("mmap of data failed: %s", xstrerror(errno));
-		goto bad;
-	}
+	for (i = 0; i <= nsegs; i++) {
+		/* Overlay the segment onto the proper region. */
+		data_offset = round_down(segs[i]->p_offset);
+		data_vaddr = round_down(segs[i]->p_vaddr);
+		data_vlimit = round_up(segs[i]->p_vaddr
+		    + segs[i]->p_filesz);
+		data_addr = mapbase + (data_vaddr - base_vaddr);
+		data_prot = convert_prot(segs[i]->p_flags);
+		data_flags = convert_flags(segs[i]->p_flags) | MAP_FIXED;
+		if (data_vlimit != data_vaddr &&
+		    mmap(data_addr, data_vlimit - data_vaddr, data_prot, 
+		    data_flags, fd, data_offset) == MAP_FAILED) {
+			_rtld_error("%s: mmap of data failed: %s", path,
+			    xstrerror(errno));
+			goto error;
+		}

-	/* Overlay the bss segment onto the proper region. */
-	if (base_vlimit > data_vlimit) {
-		if (mmap(mapbase + data_vlimit - base_vaddr,
-		    base_vlimit - data_vlimit, data_flags,
-		    MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) == MAP_FAILED) {
-			_rtld_error("mmap of bss failed: %s", xstrerror(errno));
-			goto bad;
+		/* Do BSS setup */
+		if (segs[i]->p_filesz != segs[i]->p_memsz) {
+#ifdef RTLD_LOADER
+			/* Clear any BSS in the last page of the segment. */
+			clear_vaddr = segs[i]->p_vaddr + segs[i]->p_filesz;
+			clear_addr = mapbase + (clear_vaddr - base_vaddr);
+			clear_page = mapbase + (round_down(clear_vaddr)
+			    - base_vaddr);
+
+			if ((nclear = data_vlimit - clear_vaddr) > 0) {
+				/* Make sure the end of the segment is writable
+				 */
+				if ((data_prot & PROT_WRITE) == 0 && -1 ==
+				     mprotect(clear_page, _rtld_pagesz,
+				     data_prot|PROT_WRITE)) {
+					_rtld_error("%s: mprotect failed: %s",
+					    path, xstrerror(errno));
+					goto error;
+				}
+
+				memset(clear_addr, 0, nclear);
+
+				/* Reset the data protection back */
+				if ((data_prot & PROT_WRITE) == 0)
+					mprotect(clear_page, _rtld_pagesz,
+					    data_prot);
+			}
+#endif
+
+			/* Overlay the BSS segment onto the proper region. */
+			bss_vaddr = data_vlimit;
+			bss_vlimit = round_up(segs[i]->p_vaddr +
+			    segs[i]->p_memsz);
+			bss_addr = mapbase + (bss_vaddr - base_vaddr);
+			if (bss_vlimit > bss_vaddr) {
+				/* There is something to do */
+				if (mmap(bss_addr, bss_vlimit - bss_vaddr,
+				    data_prot, data_flags | MAP_ANON, -1, 0)
+				    == MAP_FAILED) {
+					_rtld_error(
+					    "%s: mmap of bss failed: %s",
+					    path, xstrerror(errno));
+					goto error;
+				}
+			}
+		}
+
+		if (phdr_vaddr == 0 && data_offset <= ehdr->e_phoff &&
+		    (data_vlimit - data_vaddr + data_offset) >=
+		    (ehdr->e_phoff + ehdr->e_phnum * sizeof (Elf_Phdr))) {
+			phdr_vaddr = data_vaddr + ehdr->e_phoff - data_offset;
 		}
 	}

-	/* Unmap the gap between the text and data. */
-	gap_addr = mapbase + round_up(text_vlimit - base_vaddr);
-	gap_size = data_addr - gap_addr;
-	if (gap_size != 0 && mprotect(gap_addr, gap_size, PROT_NONE) == -1) {
-		_rtld_error("mprotect of text -> data gap failed: %s",
-		    xstrerror(errno));
-		goto bad;
-	}
-
-#ifdef RTLD_LOADER
-	/* Clear any BSS in the last page of the data segment. */
-	clear_addr = mapbase + (clear_vaddr - base_vaddr);
-	if ((nclear = data_vlimit - clear_vaddr) > 0)
-		memset(clear_addr, 0, nclear);
-
-	/* Non-file portion of BSS mapped above. */
-#endif
-
 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II)
 	if (phtls != NULL)
 		obj->tlsinit = mapbase + tls_vaddr;
@ -425,15 +439,17 @@ _rtld_map_object(const char *path, int fd, const struct stat *sb)
 	if (obj->exidx_start)
 		obj->exidx_start = (void *)(obj->relocbase + (Elf_Addr)(uintptr_t)obj->exidx_start);
 #endif
+	xfree(segs);

 	return obj;

-bad:
-	if (obj->ehdr != MAP_FAILED)
-		munmap(obj->ehdr, _rtld_pagesz);
+error:
 	if (mapbase != MAP_FAILED)
 		munmap(mapbase, mapsize);
+	if (obj->ehdr != MAP_FAILED)
+		munmap(obj->ehdr, _rtld_pagesz);
 	_rtld_obj_free(obj);
+	xfree(segs);
 	return NULL;
 }

@ -487,7 +503,7 @@ _rtld_obj_new(void)
 * flags for MMAP.
 */
 static int
-protflags(int elfflags)
+convert_prot(int elfflags)
 {
 	int prot = 0;

@ -501,3 +517,19 @@ protflags(int elfflags)
 		prot |= PROT_EXEC;
 	return prot;
 }
+
+static int
+convert_flags(int elfflags __unused)
+{
+	int flags = MAP_PRIVATE; /* All mappings are private */
+
+#ifdef MAP_NOCORE
+	/*
+	 * Readonly mappings are marked "MAP_NOCORE", because they can be
+	 * reconstructed by a debugger.
+	 */
+	if (!(elfflags & PF_W))
+		flags |= MAP_NOCORE;
+#endif
+	return flags;
+}