Bug 206017 - mips binary has segments with different permissions in same page
Summary: mips binary has segments with different permissions in same page
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: CURRENT
Hardware: mips Any
: --- Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-08 00:47 UTC by Ed Maste
Modified: 2018-10-04 01:18 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ed Maste freebsd_committer 2016-01-08 00:47:07 UTC
MIPS binary has a PT_DYNAMIC segment with RWE perms in the same page as PT_NOTE with R only; rtld cannot actually accommodate this.


volta% readelf -l sh

Elf file type is EXEC (Executable file)
Entry point 0x4037e0
There are 8 program headers, starting at offset 52

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  PHDR           0x000034 0x00400034 0x00400034 0x00100 0x00100 R E 0x4
  INTERP         0x000134 0x00400134 0x00400134 0x00015 0x00015 R   0x1
      [Requesting program interpreter: /libexec/ld-elf.so.1]
  LOPROC+0       0x00017c 0x0040017c 0x0040017c 0x00018 0x00018 R   0x4
  LOAD           0x000000 0x00400000 0x00400000 0x2b42c 0x2b42c R E 0x10000
  LOAD           0x02b42c 0x0043b42c 0x0043b42c 0x00b68 0x01bb8 RW  0x10000
  DYNAMIC        0x000194 0x00400194 0x00400194 0x000f8 0x000f8 RWE 0x4
  NOTE           0x00014c 0x0040014c 0x0040014c 0x00030 0x00030 R   0x4
  NULL           0x000000 0x00000000 0x00000000 0x00000 0x00000     0x4

 Section to Segment mapping:
  Segment Sections...
   00     
   01     .interp 
   02     .reginfo 
   03     .interp .note.tag .reginfo .dynamic .hash .dynsym .dynstr .gnu.version .gnu.version_r .init .text .MIPS.stubs .fini .rodata .eh_frame 
   04     .ctors .dtors .jcr .data.rel.ro .data .rld_map .got .sdata .bss 
   05     .dynamic 
   06     .note.tag 
   07
Comment 1 commit-hook freebsd_committer 2016-01-08 00:57:25 UTC
A commit references this bug:

Author: emaste
Date: Fri Jan  8 00:56:42 UTC 2016
New revision: 293403
URL: https://svnweb.freebsd.org/changeset/base/293403

Log:
  Revert r293201, r293202 (rtld: populate DT_DEBUG iff DYNAMIC segment is writable)

  It turns out MIPS binaries may have other oddities that can trigger a
  fault at startup.

  PR:		206017
  Reported by:	ray

Changes:
  head/libexec/rtld-elf/rtld.c
  head/libexec/rtld-elf/rtld.h
Comment 2 Brooks Davis freebsd_committer 2016-01-12 00:37:09 UTC
It seems like fixing this wouldn't be too hard so long as we track the extent and permissions of the last mapping (I believe everyone relies on segments being sorted).  I'd argue that this is a linker/linker-script bug as well.