* [PATCH] VFS: fix passing of AT_PHDR value in auxv to ELF interpreter
@ 2008-09-03 22:32 Quentin Godfroy
0 siblings, 0 replies; only message in thread
From: Quentin Godfroy @ 2008-09-03 22:32 UTC (permalink / raw)
To: linux-fsdevel; +Cc: Bart van der Werf
On a dynamic ELF executable, the current kernel loader gives to the
interpreter (in the AUXV vector) the AT_PHDR argument as :
offset_of_phdr_in_file + first address.
It can be wrong for an executable where the program headers are not located
in the first loaded segment.
An example of such a binary on x86 can be found on
http://www.eleves.ens.fr/~godfroy/sample_code_32
The following patch corrects the behaviour. It applies cleanly on 2.6.26.2
(probably 2.6.26.3 too), and was tested on debian x86_64 (both ELF32 and
ELF64) as well as on x86. Normal executables, static and PIE continue to
work.
Signed-off-by: Quentin Godfroy <godfroy@clipper.ens.fr>
---
diff -ruNp linux-2.6.26.2/fs/binfmt_elf.c linux-2.6.26.2-patch/fs/binfmt_elf.c
--- linux-2.6.26.2/fs/binfmt_elf.c 2008-08-06 18:19:01.000000000 +0200
+++ linux-2.6.26.2-patch/fs/binfmt_elf.c 2008-08-09 02:39:03.033179733 +0200
@@ -133,7 +133,7 @@ static int padzero(unsigned long elf_bss
static int
create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
- unsigned long load_addr, unsigned long interp_load_addr)
+ unsigned long phdr_addr, unsigned long interp_load_addr)
{
unsigned long p = bprm->p;
int argc = bprm->argc;
@@ -193,7 +193,7 @@ create_elf_tables(struct linux_binprm *b
NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
- NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
+ NEW_AUX_ENT(AT_PHDR, phdr_addr);
NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
NEW_AUX_ENT(AT_BASE, interp_load_addr);
@@ -529,7 +529,7 @@ static unsigned long randomize_stack_top
static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
{
struct file *interpreter = NULL; /* to shut gcc up */
- unsigned long load_addr = 0, load_bias = 0;
+ unsigned long load_addr = 0, load_bias = 0, phdr_addr = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
unsigned long error;
@@ -685,14 +685,19 @@ static int load_elf_binary(struct linux_
}
elf_ppnt = elf_phdata;
- for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
+ for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
+ if (elf_ppnt->p_type == PT_PHDR) {
+ phdr_addr = elf_ppnt->p_vaddr;
+ continue;
+ }
if (elf_ppnt->p_type == PT_GNU_STACK) {
if (elf_ppnt->p_flags & PF_X)
executable_stack = EXSTACK_ENABLE_X;
else
executable_stack = EXSTACK_DISABLE_X;
- break;
+ continue;
}
+ }
/* Some simple consistency checks for the interpreter */
if (elf_interpreter) {
@@ -861,6 +866,10 @@ static int load_elf_binary(struct linux_
end_code += load_bias;
start_data += load_bias;
end_data += load_bias;
+ if (phdr_addr)
+ phdr_addr += load_bias;
+ else
+ phdr_addr = load_addr + loc->elf_ex.e_phoff;
/* Calling set_brk effectively mmaps the pages that we need
* for the bss and break sections. We must do this before
@@ -930,7 +939,7 @@ static int load_elf_binary(struct linux_
compute_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
retval = create_elf_tables(bprm, &loc->elf_ex,
- load_addr, interp_load_addr);
+ phdr_addr, interp_load_addr);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
goto out;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-09-03 23:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-09-03 22:32 [PATCH] VFS: fix passing of AT_PHDR value in auxv to ELF interpreter Quentin Godfroy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).