From patchwork Thu Aug 23 05:52:16 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fangrui Song <maskray@google.com>
X-Patchwork-Id: 29024
Received: (qmail 91336 invoked by alias); 23 Aug 2018 05:52:22 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 91320 invoked by uid 89); 23 Aug 2018 05:52:21 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-30.9 required=5.0 tests=BAYES_00, BODY_8BITS,
	ENV_AND_HDR_SPF_MATCH, GARBLED_BODY, GIT_PATCH_0, GIT_PATCH_1,
	GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS,
	USER_IN_DEF_SPF_WL autolearn=ham version=3.3.2 spammy=H*r:sk:m3-v6so,
	H*MI:google, Hx-spam-relays-external:209.85.215.194,
	H*RU:209.85.215.194
X-HELO: mail-pg1-f194.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=date:from:to:subject:message-id:mime-version:content-disposition
	:content-transfer-encoding:user-agent;
	bh=NFSYdJPp84IlleXn8mnX4nabnNlFuoRA6hz9ENMoKDA=;
	b=kH6zJ/vyNCv8R4xgVfQ5RkHHZ99s5eGjnEomfv3Vwlz61ujBgouVaNqjDhuaXx24pQ
	wEXuIplD42/2PchCcYnIxwZei8wIV1vyAumDTqtgHcS4hvSN/JcSr9P5atH+ZKxQx+Kk
	qHTU80v2P6fO5v1NidY1EwBna61vlbOmfWDapX5pQSl6TF4ykMlhwrtvTqPY2MV1Lb4X
	fXG8ZTbm5g61TZIqIUxuTWIXbkebUC7IoVYObGvhfslDGd/DDmpOe9rZJm6zyofeexzW
	Tf1pvd9jMNMCprxi+MIUWYryxYxBAAigf4HwCaU9w0NiQ4LY5mLar/wUp012XcGGoHK6
	8y8w==
Return-Path: <maskray@google.com>
Date: Wed, 22 Aug 2018 22:52:16 -0700
From: Fangrui Song <maskray@google.com>
To: libc-alpha@sourceware.org
Subject: [PATCH] mprotect segments with extra PROT_WRITE bit when DT_TEXTREL
	bit is set
Message-ID: <20180823054723.wbiatxqzp775xfho@google.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: NeoMutt/20180223-112-0c5bf3

Currently, DT_TEXTREL is incompatible with IFUNC. When DT_TEXTREL or
DF_TEXTREL is seen, the dynamic linker calls __mprotect on the segments
with PROT_READ|PROT_WRITE before applying dynamic relocations. It leads
to segfault when performing IFUNC resolution.

This patch makes it call __mprotect with extra PROT_WRITE bit, which
will keep the PROT_EXEC bit if exists, and thus fixes the segfault.
FreeBSD rtld libexec/rtld-elf/rtld.c (reloc_textrel_prot) does the same.

2018-08-22  Fangrui Song  <maskray@google.com>

	* elf/dl-reloc.c (_dl_relocate_object): __mprotect with extra
	PROT_WRITE bit.

diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c
index 053916eeae..bd7d1ae84f 100644
--- a/elf/dl-reloc.c
+++ b/elf/dl-reloc.c
@@ -199,14 +199,6 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
 			- ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
 	    newp->start = PTR_ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize))
 			  + (caddr_t) l->l_addr;
-
-	    if (__mprotect (newp->start, newp->len, PROT_READ|PROT_WRITE) < 0)
-	      {
-		errstring = N_("cannot make segment writable for relocation");
-	      call_error:
-		_dl_signal_error (errno, l->l_name, NULL, errstring);
-	      }
-
 #if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
 	    newp->prot = (PF_TO_PROT
 			  >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
@@ -220,6 +212,14 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
 	      newp->prot |= PROT_EXEC;
 #endif
 	    newp->next = textrels;
+
+	    if (__mprotect (newp->start, newp->len, newp->prot|PROT_WRITE) < 0)
+	      {
+		errstring = N_("cannot make segment writable for relocation");
+	      call_error:
+		_dl_signal_error (errno, l->l_name, NULL, errstring);
+	      }
+
 	    textrels = newp;
 	  }
     }