This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lld/
-
ELF/
2
Writer.cpp
-
test/ELF/
-
ELF/
-
basic-mips.s
-
basic-ppc.s

Differential D28267

ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.
ClosedPublic

Authored by pcc on Jan 3 2017, 5:16 PM.

Download Raw Diff

Details

Reviewers

ruiu
davide
• rafael

Commits

rG7b5088b3b267: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.
rLLD290986: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.
rL290986: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.

Summary

The glibc dynamic loader rounds the size down, so without this the loader
will fail to change the memory protection for the last page.

Diff Detail

Build Status

Buildable 2548
Build 2548: arc lint + arc unit

Event Timeline

pcc updated this revision to Diff 82978.Jan 3 2017, 5:16 PM

pcc retitled this revision from to ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size..

pcc updated this object.

pcc added reviewers: ruiu, • rafael, davide.

pcc added a subscriber: llvm-commits.

Herald added a subscriber: nemanjai. · View Herald TranscriptJan 3 2017, 5:16 PM

emaste added a subscriber: emaste.Jan 3 2017, 7:00 PM

emaste added inline comments.

lld/ELF/Writer.cpp
1452–1453	For reference the FreeBSD rtld algorithm is: obj->relro_page = obj->relocbase + trunc_page(ph->p_vaddr); obj->relro_size = round_page(ph->p_memsz); https://svnweb.freebsd.org/base/head/libexec/rtld-elf/rtld.c?annotate=310422#l1334

Add a note about FreeBSD

lld/ELF/Writer.cpp
1452–1453	Thanks. `round_page` appears to be system-specific but always seems to round up [0]. I've added a note to the comment. [0] https://github.com/freebsd/freebsd/search?utf8=%E2%9C%93&q=%22define+round_page%22&type=Code

LGTM. Out of curiosity, how did you discover this?

This revision is now accepted and ready to land.Jan 4 2017, 5:01 AM

In D28267#635130, @davide wrote:

LGTM. Out of curiosity, how did you discover this?

To test my change D28272, I compiled and ran a small test program (essentially the one in figure 2 in the referenced paper). I was surprised to find that even after the copy relocation was moved to relro the program terminated without segfaulting. An strace revealed that the loader wasn't calling mprotect on the relro region at all, which turned out to be because it was smaller than the page size.

Closed by commit rL290986: ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size. (authored by pcc). · Explain WhyJan 4 2017, 11:07 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lld/

ELF/

Writer.cpp

7 lines

test/

ELF/

basic-mips.s

2 lines

basic-ppc.s

2 lines

Diff 82992

lld/ELF/Writer.cpp

Show First 20 Lines • Show All 1,441 Lines • ▼ Show 20 Lines	if (First) {
P.p_memsz = Last->Addr + Last->Size - First->Addr;		P.p_memsz = Last->Addr + Last->Size - First->Addr;
P.p_offset = First->Offset;		P.p_offset = First->Offset;
P.p_vaddr = First->Addr;		P.p_vaddr = First->Addr;
if (!P.HasLMA)		if (!P.HasLMA)
P.p_paddr = First->getLMA();		P.p_paddr = First->getLMA();
}		}
if (P.p_type == PT_LOAD)		if (P.p_type == PT_LOAD)
P.p_align = Config->MaxPageSize;		P.p_align = Config->MaxPageSize;
else if (P.p_type == PT_GNU_RELRO)		else if (P.p_type == PT_GNU_RELRO) {
P.p_align = 1;		P.p_align = 1;
		// The glibc dynamic loader rounds the size down, so we need to round up
		// to protect the last page. This is a no-op on FreeBSD which always
		emasteUnsubmitted Not Done Reply Inline Actions For reference the FreeBSD rtld algorithm is: obj->relro_page = obj->relocbase + trunc_page(ph->p_vaddr); obj->relro_size = round_page(ph->p_memsz); https://svnweb.freebsd.org/base/head/libexec/rtld-elf/rtld.c?annotate=310422#l1334 emaste: For reference the FreeBSD rtld algorithm is: ``` obj->relro_page = obj->relocbase +…
		pccAuthorUnsubmitted Not Done Reply Inline Actions Thanks. `round_page` appears to be system-specific but always seems to round up [0]. I've added a note to the comment. [0] https://github.com/freebsd/freebsd/search?utf8=%E2%9C%93&q=%22define+round_page%22&type=Code pcc: Thanks. `round_page` appears to be system-specific but always seems to round up [0]. I've added…
		// rounds up.
		P.p_memsz = alignTo(P.p_memsz, Config->MaxPageSize);
		}

// The TLS pointer goes after PT_TLS. At least glibc will align it,		// The TLS pointer goes after PT_TLS. At least glibc will align it,
// so round up the size to make sure the offsets are correct.		// so round up the size to make sure the offsets are correct.
if (P.p_type == PT_TLS) {		if (P.p_type == PT_TLS) {
Out<ELFT>::TlsPhdr = &P;		Out<ELFT>::TlsPhdr = &P;
if (P.p_memsz)		if (P.p_memsz)
P.p_memsz = alignTo(P.p_memsz, P.p_align);		P.p_memsz = alignTo(P.p_memsz, P.p_align);
}		}
▲ Show 20 Lines • Show All 262 Lines • Show Last 20 Lines

lld/test/ELF/basic-mips.s

	Show First 20 Lines • Show All 291 Lines • ▼ Show 20 Lines
	# CHECK-NEXT: Alignment: 65536			# CHECK-NEXT: Alignment: 65536
	# CHECK-NEXT: }			# CHECK-NEXT: }
	# CHECK-NEXT: ProgramHeader {			# CHECK-NEXT: ProgramHeader {
	# CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)			# CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)
	# CHECK-NEXT: Offset: 0x20000			# CHECK-NEXT: Offset: 0x20000
	# CHECK-NEXT: VirtualAddress: 0x30000			# CHECK-NEXT: VirtualAddress: 0x30000
	# CHECK-NEXT: PhysicalAddress: 0x30000			# CHECK-NEXT: PhysicalAddress: 0x30000
	# CHECK-NEXT: FileSize: 8			# CHECK-NEXT: FileSize: 8
	# CHECK-NEXT: MemSize: 8			# CHECK-NEXT: MemSize: 65536
	# CHECK-NEXT: Flags [ (0x4)			# CHECK-NEXT: Flags [ (0x4)
	# CHECK-NEXT: PF_R (0x4)			# CHECK-NEXT: PF_R (0x4)
	# CHECK-NEXT: ]			# CHECK-NEXT: ]
	# CHECK-NEXT: Alignment: 1			# CHECK-NEXT: Alignment: 1
	# CHECK-NEXT: }			# CHECK-NEXT: }
	# CHECK-NEXT: ProgramHeader {			# CHECK-NEXT: ProgramHeader {
	# CHECK-NEXT: Type: PT_GNU_STACK			# CHECK-NEXT: Type: PT_GNU_STACK
	# CHECK-NEXT: Offset: 0x0			# CHECK-NEXT: Offset: 0x0
	Show All 11 Lines

lld/test/ELF/basic-ppc.s

	Show First 20 Lines • Show All 289 Lines • ▼ Show 20 Lines
	// CHECK-NEXT: Alignment: 4			// CHECK-NEXT: Alignment: 4
	// CHECK-NEXT: }			// CHECK-NEXT: }
	// CHECK-NEXT: ProgramHeader {			// CHECK-NEXT: ProgramHeader {
	// CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)			// CHECK-NEXT: Type: PT_GNU_RELRO (0x6474E552)
	// CHECK-NEXT: Offset: 0x2000			// CHECK-NEXT: Offset: 0x2000
	// CHECK-NEXT: VirtualAddress: 0x2000			// CHECK-NEXT: VirtualAddress: 0x2000
	// CHECK-NEXT: PhysicalAddress: 0x2000			// CHECK-NEXT: PhysicalAddress: 0x2000
	// CHECK-NEXT: FileSize: 48			// CHECK-NEXT: FileSize: 48
	// CHECK-NEXT: MemSize: 48			// CHECK-NEXT: MemSize: 4096
	// CHECK-NEXT: Flags [ (0x4)			// CHECK-NEXT: Flags [ (0x4)
	// CHECK-NEXT: PF_R (0x4)			// CHECK-NEXT: PF_R (0x4)
	// CHECK-NEXT: ]			// CHECK-NEXT: ]
	// CHECK-NEXT: Alignment: 1			// CHECK-NEXT: Alignment: 1
	// CHECK-NEXT: }			// CHECK-NEXT: }
	// CHECK-NEXT: ProgramHeader {			// CHECK-NEXT: ProgramHeader {
	// CHECK-NEXT: Type: PT_GNU_STACK (0x6474E551)			// CHECK-NEXT: Type: PT_GNU_STACK (0x6474E551)
	// CHECK-NEXT: Offset: 0x0			// CHECK-NEXT: Offset: 0x0
	Show All 11 Lines