This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lld/trunk/
-
trunk/
-
ELF/
-
Writer.cpp
-
test/ELF/
-
ELF/
-
basic-mips.s
-
basic-ppc.s

Differential D28267

ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.
ClosedPublic

Authored by pcc on Jan 3 2017, 5:16 PM.

Download Raw Diff

Details

Reviewers

ruiu
davide
• rafael

Commits

rG7b5088b3b267: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.
rLLD290986: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.
rL290986: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.

Summary

The glibc dynamic loader rounds the size down, so without this the loader
will fail to change the memory protection for the last page.

Diff Detail

Repository: rL LLVM

Event Timeline

pcc updated this revision to Diff 82978.Jan 3 2017, 5:16 PM

pcc retitled this revision from to ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size..

pcc updated this object.

pcc added reviewers: ruiu, • rafael, davide.

pcc added a subscriber: llvm-commits.

Herald added a subscriber: nemanjai. · View Herald TranscriptJan 3 2017, 5:16 PM

emaste added a subscriber: emaste.Jan 3 2017, 7:00 PM

emaste added inline comments.

lld/ELF/Writer.cpp
1452–1453 ↗	(On Diff #82978)	For reference the FreeBSD rtld algorithm is: obj->relro_page = obj->relocbase + trunc_page(ph->p_vaddr); obj->relro_size = round_page(ph->p_memsz); https://svnweb.freebsd.org/base/head/libexec/rtld-elf/rtld.c?annotate=310422#l1334

Add a note about FreeBSD

lld/ELF/Writer.cpp
1452–1453 ↗	(On Diff #82978)	Thanks. `round_page` appears to be system-specific but always seems to round up [0]. I've added a note to the comment. [0] https://github.com/freebsd/freebsd/search?utf8=%E2%9C%93&q=%22define+round_page%22&type=Code

LGTM. Out of curiosity, how did you discover this?

This revision is now accepted and ready to land.Jan 4 2017, 5:01 AM

In D28267#635130, @davide wrote:

LGTM. Out of curiosity, how did you discover this?

To test my change D28272, I compiled and ran a small test program (essentially the one in figure 2 in the referenced paper). I was surprised to find that even after the copy relocation was moved to relro the program terminated without segfaulting. An strace revealed that the loader wasn't calling mprotect on the relro region at all, which turned out to be because it was smaller than the page size.

Closed by commit rL290986: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size. (authored by pcc). · Explain WhyJan 4 2017, 11:07 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lld/

trunk/

ELF/

Writer.cpp

7 lines

test/

ELF/

basic-mips.s

2 lines

basic-ppc.s

2 lines

Diff 83088

lld/trunk/ELF/Writer.cpp

Show First 20 Lines • Show All 1,438 Lines • ▼ Show 20 Lines	if (First) {
P.p_memsz = Last->Addr + Last->Size - First->Addr;		P.p_memsz = Last->Addr + Last->Size - First->Addr;
P.p_offset = First->Offset;		P.p_offset = First->Offset;
P.p_vaddr = First->Addr;		P.p_vaddr = First->Addr;
if (!P.HasLMA)		if (!P.HasLMA)
P.p_paddr = First->getLMA();		P.p_paddr = First->getLMA();
}		}
if (P.p_type == PT_LOAD)		if (P.p_type == PT_LOAD)
P.p_align = Config->MaxPageSize;		P.p_align = Config->MaxPageSize;
else if (P.p_type == PT_GNU_RELRO)		else if (P.p_type == PT_GNU_RELRO) {
P.p_align = 1;		P.p_align = 1;
		// The glibc dynamic loader rounds the size down, so we need to round up
		// to protect the last page. This is a no-op on FreeBSD which always
		// rounds up.
		P.p_memsz = alignTo(P.p_memsz, Config->MaxPageSize);
		}

// The TLS pointer goes after PT_TLS. At least glibc will align it,		// The TLS pointer goes after PT_TLS. At least glibc will align it,
// so round up the size to make sure the offsets are correct.		// so round up the size to make sure the offsets are correct.
if (P.p_type == PT_TLS) {		if (P.p_type == PT_TLS) {
Out<ELFT>::TlsPhdr = &P;		Out<ELFT>::TlsPhdr = &P;
if (P.p_memsz)		if (P.p_memsz)
P.p_memsz = alignTo(P.p_memsz, P.p_align);		P.p_memsz = alignTo(P.p_memsz, P.p_align);
}		}
▲ Show 20 Lines • Show All 262 Lines • Show Last 20 Lines

lld/trunk/test/ELF/basic-mips.s

	Show First 20 Lines • Show All 291 Lines • ▼ Show 20 Lines
	# CHECK-NEXT: Alignment: 65536			# CHECK-NEXT: Alignment: 65536
	# CHECK-NEXT: }			# CHECK-NEXT: }
	# CHECK-NEXT: ProgramHeader {			# CHECK-NEXT: ProgramHeader {
	# CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)			# CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)
	# CHECK-NEXT: Offset: 0x20000			# CHECK-NEXT: Offset: 0x20000
	# CHECK-NEXT: VirtualAddress: 0x30000			# CHECK-NEXT: VirtualAddress: 0x30000
	# CHECK-NEXT: PhysicalAddress: 0x30000			# CHECK-NEXT: PhysicalAddress: 0x30000
	# CHECK-NEXT: FileSize: 8			# CHECK-NEXT: FileSize: 8
	# CHECK-NEXT: MemSize: 8			# CHECK-NEXT: MemSize: 65536
	# CHECK-NEXT: Flags [ (0x4)			# CHECK-NEXT: Flags [ (0x4)
	# CHECK-NEXT: PF_R (0x4)			# CHECK-NEXT: PF_R (0x4)
	# CHECK-NEXT: ]			# CHECK-NEXT: ]
	# CHECK-NEXT: Alignment: 1			# CHECK-NEXT: Alignment: 1
	# CHECK-NEXT: }			# CHECK-NEXT: }
	# CHECK-NEXT: ProgramHeader {			# CHECK-NEXT: ProgramHeader {
	# CHECK-NEXT: Type: PT_GNU_STACK			# CHECK-NEXT: Type: PT_GNU_STACK
	# CHECK-NEXT: Offset: 0x0			# CHECK-NEXT: Offset: 0x0
	Show All 11 Lines

lld/trunk/test/ELF/basic-ppc.s

	Show First 20 Lines • Show All 289 Lines • ▼ Show 20 Lines
	// CHECK-NEXT: Alignment: 4			// CHECK-NEXT: Alignment: 4
	// CHECK-NEXT: }			// CHECK-NEXT: }
	// CHECK-NEXT: ProgramHeader {			// CHECK-NEXT: ProgramHeader {
	// CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)			// CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)
	// CHECK-NEXT: Offset: 0x2000			// CHECK-NEXT: Offset: 0x2000
	// CHECK-NEXT: VirtualAddress: 0x2000			// CHECK-NEXT: VirtualAddress: 0x2000
	// CHECK-NEXT: PhysicalAddress: 0x2000			// CHECK-NEXT: PhysicalAddress: 0x2000
	// CHECK-NEXT: FileSize: 48			// CHECK-NEXT: FileSize: 48
	// CHECK-NEXT: MemSize: 48			// CHECK-NEXT: MemSize: 4096
	// CHECK-NEXT: Flags [ (0x4)			// CHECK-NEXT: Flags [ (0x4)
	// CHECK-NEXT: PF_R (0x4)			// CHECK-NEXT: PF_R (0x4)
	// CHECK-NEXT: ]			// CHECK-NEXT: ]
	// CHECK-NEXT: Alignment: 1			// CHECK-NEXT: Alignment: 1
	// CHECK-NEXT: }			// CHECK-NEXT: }
	// CHECK-NEXT: ProgramHeader {			// CHECK-NEXT: ProgramHeader {
	// CHECK-NEXT: Type: PT_GNU_STACK (0x6474E551)			// CHECK-NEXT: Type: PT_GNU_STACK (0x6474E551)
	// CHECK-NEXT: Offset: 0x0			// CHECK-NEXT: Offset: 0x0
	Show All 11 Lines