From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id A29FF3850412
 for <libc-alpha@sourceware.org>; Mon, 31 Jan 2022 15:40:05 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A29FF3850412
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-15-v4ZvmbnZMwiXbY99o5eXow-1; Mon, 31 Jan 2022 10:40:01 -0500
X-MC-Unique: v4ZvmbnZMwiXbY99o5eXow-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5F3541091DA2;
 Mon, 31 Jan 2022 15:40:00 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.193.205])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 87C1674E8E;
 Mon, 31 Jan 2022 15:39:51 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: libc-alpha@sourceware.org,  Carlos O'Donell <carlos@redhat.com>,
 Michael Hudson-Doyle <michael.hudson@canonical.com>
Subject: Re: [PATCH] elf: Check invalid hole in PT_LOAD segments [BZ #28838]
References: <20220131152452.1061323-1-hjl.tools@gmail.com>
Date: Mon, 31 Jan 2022 16:39:49 +0100
In-Reply-To: <20220131152452.1061323-1-hjl.tools@gmail.com> (H. J. Lu's
 message of "Mon, 31 Jan 2022 07:24:52 -0800")
Message-ID: <877daf9anu.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-12.2 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2022 15:40:06 -0000

* H. J. Lu:

> commit 163f625cf9becbb82dfec63a29e566324129c0cd
> Author: H.J. Lu <hjl.tools@gmail.com>
> Date:   Tue Dec 21 12:35:47 2021 -0800
>
>     elf: Remove excessive p_align check on PT_LOAD segments [BZ #28688]
>
> removed the p_align check against the page size.  It caused the loader
> crash in shared objects with the invalid p_align.  Update _dl_map_segments
> to detect invalid holes.  This fixes BZ #28838.

Commit message should reference commit ID and mention the failing
test/module name.

> ---
>  elf/dl-map-segments.h | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h
> index 172692b120..fd24cf5d01 100644
> --- a/elf/dl-map-segments.h
> +++ b/elf/dl-map-segments.h
> @@ -113,6 +113,9 @@ _dl_map_segments (struct link_map *l, int fd,
>               unallocated.  Then jump into the normal segment-mapping loop to
>               handle the portion of the segment past the end of the file
>               mapping.  */
> +	  if (__glibc_unlikely (loadcmds[nloadcmds - 1].mapstart <
> +				c->mapend))
> +	    return N_("ELF load command address/offset not page-aligned");
>            if (__glibc_unlikely
>                (__mprotect ((caddr_t) (l->l_addr + c->mapend),
>                             loadcmds[nloadcmds - 1].mapstart - c->mapend,

This seems to be fairly risky because I don't think that so far, we
enforce increasing LOAD segment addresses (although required by te EHF
specification).

Given

LDFLAGS-tst-p_alignmod3.so += -Wl,-z,max-page-size=0x100,-z,common-page-size=0x100

and RELRO construction for that

  .../elf/tst-p_alignmod3.so: cannot change memory protections

seems to be a valid failure string for this test.  However, worst case,
there could be a different kind of failure, if the RELRO mprotect start
is page-aligned by chance, and the kernel rounds up the end address to a
page boundary.  The RELRO protection then covers more than what the link
editor expected, and this can cause crashes later on.  But this isn't
something we can detect easily, I think.

Thanks,
Florian