From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hjl.tools@gmail.com>
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com
 [IPv6:2607:f8b0:4864:20::102f])
 by sourceware.org (Postfix) with ESMTPS id 4C4EA3858D28
 for <libc-alpha@sourceware.org>; Mon, 31 Jan 2022 04:49:39 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4C4EA3858D28
Received: by mail-pj1-x102f.google.com with SMTP id
 nn16-20020a17090b38d000b001b56b2bce31so12563729pjb.3
 for <libc-alpha@sourceware.org>; Sun, 30 Jan 2022 20:49:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc:content-transfer-encoding;
 bh=AohFGsErgiQqrCIrMOeawqocozzOcIWI6QQNumnkTpI=;
 b=Cz+qosSTFNb2Et62DjJoFXCFgRBKWMZWBfNKgf8DUGqtVErD+XS8GLy+x5dM/Atqsz
 EH5GrNk/HdhnnxGvq5TuUmIOLPX/p9DqGFY107tBxnmcfFeydQugBnbXN43QhidEdBS0
 yBMyO3/qbGTGUsb3v7IZ0kSh8CLPk3vT64TAQM/uRiXgL3wV2F2G2jTxq8at6IJlRbNo
 RqzyZ5EiyG1XpCXkCZnAFS/H5JB7xXct88Q/KMmQgAPg02HlP+lLU5lksxX4gvfyFXoh
 DjxugFbHPNikCrH07SFkxZD1sKjhH+TvXH2M0SPf3Oc/h5iyJBh+T8U4m0vvOP0flepS
 HQKA==
X-Gm-Message-State: AOAM533Jaho/DjvfGcVC9bf0JR0noychlgd7kapm+rtPrGCZumAnEYs8
 0rzTmFaF39Q81DcrvkD4qUK6bQDvqZLJueDKeHo=
X-Google-Smtp-Source: ABdhPJxTNBvh3FQ8y5YuGMqOxFJFWRsUvnIe4D96UAFFgsO+vuv843xYeR35PZCr74dBSbFWY3KIcR/bnqXIjoyQI8c=
X-Received: by 2002:a17:90b:1b46:: with SMTP id
 nv6mr31921673pjb.143.1643604577799; 
 Sun, 30 Jan 2022 20:49:37 -0800 (PST)
MIME-Version: 1.0
References: <20220126214100.2433851-1-hjl.tools@gmail.com>
 <CAJ8wqtcGSZVPxVHJWNXdp5yuvo5Ae2xCVhy2K0UZ17HVEDwqVw@mail.gmail.com>
In-Reply-To: <CAJ8wqtcGSZVPxVHJWNXdp5yuvo5Ae2xCVhy2K0UZ17HVEDwqVw@mail.gmail.com>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Sun, 30 Jan 2022 20:49:02 -0800
Message-ID: <CAMe9rOqeqT8ac4EtgBY+E61+iZJANSshkaQ0E3BnG5LrJbwdcw@mail.gmail.com>
Subject: Re: [PATCH] tst-p_alignmod3.so: Disable GNU_RELRO segment
To: Michael Hudson-Doyle <michael.hudson@canonical.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-3027.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2022 04:49:41 -0000

On Sun, Jan 30, 2022 at 6:36 PM Michael Hudson-Doyle
<michael.hudson@canonical.com> wrote:
>
>
>
> On Thu, 27 Jan 2022 at 10:41, H.J. Lu via Libc-alpha <libc-alpha@sourcewa=
re.org> wrote:
>>
>> tst-p_alignmod3.so has invalid p_align on LOAD segments which can't work
>> with GNU_RELRO.  Pass -z norelro to linker to disable GNU_RELRO segment
>> to trigger
>
>
> This helps for me on most Ubuntu architectures (s390x, arm64, ppc64el, pr=
obably armhf although that build hasn't finished yet) but I still see a fai=
lure on amd64 which still seems to hit the "cannot change memory protection=
s" case (full log here: https://launchpad.net/~mwhudson/+archive/ubuntu/dev=
irt/+build/23110381) and i386 (full log here: https://launchpad.net/~mwhuds=
on/+archive/ubuntu/devirt/+build/23110384) where the loader seems to be seg=
faulting:
>
> (gdb) r
> Starting program: /build/glibc-xBQSrs/glibc-2.34.9000-596-g4556b6edae/bui=
ld-tree/i386-libc/elf/ld-linux.so.2 --library-path ../build-tree/i386-libc:=
../build-tree/i386-libc/math:../build-tree/i386-libc/elf:../build-tree/i386=
-libc/dlfcn:../build-tree/i386-libc/nss:../build-tree/i386-libc/nis:../buil=
d-tree/i386-libc/rt:../build-tree/i386-libc/resolv:../build-tree/i386-libc/=
mathvec:../build-tree/i386-libc/support:../build-tree/i386-libc/nptl ../bui=
ld-tree/i386-libc/elf/tst-p_align3
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xf7fe9f08 in mprotect () at ../sysdeps/unix/syscall-template.S:120
> 120 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
> (gdb) bt
> #0  0xf7fe9f08 in mprotect () at ../sysdeps/unix/syscall-template.S:120
> #1  0xf7fcd299 in _dl_map_segments (loader=3D<optimized out>, has_holes=
=3Dtrue, maplength=3D2044, nloadcmds=3D<optimized out>, loadcmds=3D0xffffc6=
50, type=3D3,
>     header=3D<optimized out>, fd=3D3, l=3D0xf7fb7a70) at ./dl-map-segment=
s.h:116
> #2  _dl_map_object_from_fd (name=3Dname@entry=3D0xf7fb9b03 "/build/glibc-=
xBQSrs/glibc-2.34.9000-596-g4556b6edae/build-tree/i386-libc/elf/tst-p_align=
mod3.so",
>     origname=3Dorigname@entry=3D0x0, fd=3D<optimized out>, fbp=3D<optimiz=
ed out>, realname=3D<optimized out>, loader=3D<optimized out>, l_type=3D<op=
timized out>, mode=3D<optimized out>,
>     stack_endp=3D<optimized out>, nsid=3D<optimized out>) at dl-load.c:12=
58
> #3  0xf7fcebcd in _dl_map_object (loader=3D0xf7ffda70, name=3D0xf7fb9b03 =
"/build/glibc-xBQSrs/glibc-2.34.9000-596-g4556b6edae/build-tree/i386-libc/e=
lf/tst-p_alignmod3.so",
>     type=3D1, trace_mode=3D0, mode=3D0, nsid=3D<optimized out>) at dl-loa=
d.c:2327
> #4  0xf7fc8378 in openaux (a=3D0xffffcc98) at dl-deps.c:64
> #5  0xf7fdf8c4 in _dl_catch_exception (exception=3D0xffffcc8c, operate=3D=
0xf7fc8340 <openaux>, args=3D0xffffcc98) at dl-error-skeleton.c:208
> #6  0xf7fc87f0 in _dl_map_object_deps (map=3D<optimized out>, preloads=3D=
<optimized out>, npreloads=3D<optimized out>, trace_mode=3D<optimized out>,=
 open_mode=3D<optimized out>)
>     at dl-deps.c:248
> #7  0xf7fe5bcf in dl_main (phdr=3D<optimized out>, phnum=3D<optimized out=
>, user_entry=3D<optimized out>, auxv=3D<optimized out>) at rtld.c:1969
> #8  0xf7fe1c66 in _dl_sysdep_start (start_argptr=3D0xffffd440, dl_main=3D=
0xf7fe3ba0 <dl_main>) at ../elf/dl-sysdep.c:256
> #9  0xf7fe393f in _dl_start_final (arg=3D0xffffd440) at rtld.c:506
> #10 _dl_start (arg=3D<optimized out>) at rtld.c:595
> #11 0xf7fe273b in _start () from /build/glibc-xBQSrs/glibc-2.34.9000-596-=
g4556b6edae/build-tree/i386-libc/elf/ld-linux.so.2
>
> I think but am not sure that "loadcmds[nloadcmds - 1].mapstart" is 0 and =
"c->mapend" is 4096 so mprotect is getting called with an insane len in thi=
s code:
>
>           if (__glibc_unlikely
>               (__mprotect ((caddr_t) (l->l_addr + c->mapend),
>                            loadcmds[nloadcmds - 1].mapstart - c->mapend,
>                            PROT_NONE) < 0))
>             return DL_MAP_SEGMENTS_ERROR_MPROTECT;
>         }
>
> but it's all pretty new to me. It's also possible that this is something =
about how Ubuntu's binutils is configured, I suppose.

tst-p_alignmod3.so is invalid and is very sensitive to how it is built.
But the loader shouldn't crash in any case.  Please provide i386 and
x86-64 tst-p_alignmod3.so so that I can fix it.

> Cheers,
> mwh
>
>>
>> .../elf/tst-p_alignmod3.so: ELF load command address/offset not page-ali=
gned
>>
>> instead of
>>
>> .../elf/tst-p_alignmod3.so: cannot change memory protections
>> ---
>>  elf/Makefile | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/elf/Makefile b/elf/Makefile
>> index daafb5cf12..6229add1fc 100644
>> --- a/elf/Makefile
>> +++ b/elf/Makefile
>> @@ -2619,7 +2619,7 @@ $(objpfx)tst-p_alignmod2.so: $(objpfx)tst-p_alignm=
od-base.so
>>         cp $(objpfx)tst-p_alignmod-base.so $@
>>         $(PYTHON) $(..)scripts/tst-elf-edit.py -a 1 $@
>>
>> -LDFLAGS-tst-p_alignmod3.so +=3D -Wl,-z,max-page-size=3D0x100,-z,common-=
page-size=3D0x100
>> +LDFLAGS-tst-p_alignmod3.so +=3D -Wl,-z,max-page-size=3D0x100,-z,common-=
page-size=3D0x100,-z,norelro
>>
>>  $(objpfx)tst-p_align3: $(objpfx)tst-p_alignmod3.so
>>  $(objpfx)tst-p_align3.out: tst-p_align3.sh $(objpfx)tst-p_align3
>> --
>> 2.34.1
>>


--=20
H.J.