This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
RE: [MIPS] Check info->executable to create DT_MIPS_RLD_MAP
- From: "Maciej W. Rozycki" <macro at codesourcery dot com>
- To: Chao-Ying Fu <Chao-Ying dot Fu at imgtec dot com>
- Cc: 'David Daney' <ddaney dot cavm at gmail dot com>, 'Richard Sandiford' <rdsandiford at googlemail dot com>, "binutils at sourceware dot org" <binutils at sourceware dot org>
- Date: Wed, 26 Jun 2013 13:46:11 +0100
- Subject: RE: [MIPS] Check info->executable to create DT_MIPS_RLD_MAP
- References: <81D57523CB07B24881D63DE650C6ED82018D72B7 at BADAG02 dot ba dot imgtec dot org> <51C4ED0A dot 9010401 at gmail dot com> <81D57523CB07B24881D63DE650C6ED82018D7324 at BADAG02 dot ba dot imgtec dot org> <alpine dot LFD dot 2 dot 03 dot 1306220138240 dot 29828 at linux-mips dot org> <alpine dot DEB dot 1 dot 10 dot 1306241540190 dot 16287 at tp dot orcam dot me dot uk> <81D57523CB07B24881D63DE650C6ED82018D7D20 at BADAG02 dot ba dot imgtec dot org>
On Mon, 24 Jun 2013, Chao-Ying Fu wrote:
> > Please make sure ld.so handles it correctly first though as
> > I suspect it
> > may segfault. The thing is in a PIE the segment containing the word
> > pointed to by DT_MIPS_RLD_MAP may get mapped to an arbitrary
> > memory area
> > and it does not immediately appear to me that ld.so relocates
> > the value of
> > the DT_MIPS_RLD_MAP tag by the base address, which it has to
> > if it wants
> > to use it (it may be enough to add l->l_addr to the value
> > retrieved in
> > ELF_MACHINE_DEBUG_SETUP). But perhaps I'm missing something here.
>
> As your suggestion, here is a patch that can fix seg fault inside ld.so
> for a simple "hello" test.
> Ex:
> fu@debian6:~/dev/test$ ./ld.so.old ./hello-pie-new
> Segmentation fault
> fu@debian6:~/dev/test$ ./ld.so.new ./hello-pie-new
> Hello
>
> Ex:
> Index: mips/dl-machine.h
> ===================================================================
> --- mips.orig/dl-machine.h 2012-12-14 03:50:06.000000000 -0800
> +++ mips/dl-machine.h 2013-06-24 13:49:59.622179000 -0700
> @@ -69,7 +69,8 @@
> with the run-time address of the r_debug structure */
> #define ELF_MACHINE_DEBUG_SETUP(l,r) \
> do { if ((l)->l_info[DT_MIPS (RLD_MAP)]) \
> - *(ElfW(Addr) *)((l)->l_info[DT_MIPS (RLD_MAP)]->d_un.d_ptr) = \
> + *(ElfW(Addr) *)((l)->l_info[DT_MIPS (RLD_MAP)]->d_un.d_ptr \
> + + (l)->l_addr) = \
> (ElfW(Addr)) (r); \
> } while (0)
Please make sure this actually works for native GDB and gdbserver.
You may have to relocate the tag itself, as stored in memory. Please
take care though as the lone reason for DT_MIPS_RLD_MAP's existence is so
that the dynamic segment can be mapped read-only. Therefore you may have
to tweak map permissions temporarily (and then preferably only if the base
address is non-zero).
A better approach might be adding the base address in GDB/gdbserver so
that the dynamic segment remains unchanged, but having no experience with
PIE executables I'm not sure offhand if these programs will have this
information available -- hopefully yes.
> The question is how to deploy the changes in ld.so and GNU LD, without
> breaking existing systems. Thanks!
Well, this should have been addressed from the beginning by whoever added
PIE support -- then we wouldn't have this problem now, sigh.
Unfortunately nothing clever comes immediately to my mind, however I think
it should be safe to fix the ld.so/GDB side right away, and then we can
think what to do with the binutils side.
Maciej