[Qemu-devel] [RFC PATCH] elfload: load PIE executables to right address

["Timo Teräs" <timo.teras@iki.fi>]

PIE images are ET_DYN images. Check first for pinterp_name to make
sure the main executable always is loaded to correct place.

See below for current behaviour of PIE executables:

Reserved 0x7f000000 bytes of guest address space
host mmap_min_addr=0x1000
guest_base  0x7f7cb41d5000
start    end      size     prot
0037f400-003fe400 0007f000 r-x
003fe400-003ff400 00001000 ---
003ff400-003fe400 fffff000 rw-
003fe400-003ff400 00001000 ---
003ff400-003ffc00 00000800 rw-
003ffc00-003fec00 fffff000 r-x
003fec00-003ffc00 00001000 ---
003ffc00-0007f000 ffc7f400 rw-
start_brk   0x00000000
end_code    0x7eff7ac0
start_code  0x7eff7000
start_data  0x7efffac0
end_data    0x7efffc18
start_stack 0x7eff6dc8
brk         0x7efffc34
entry       0x7e799b30
00000000-00005000 ---p 00000000 00:00 0
00005000-00015000 rw-p 00000000 00:00 0
00015000-7e77d000 ---p 00000000 00:00 0
7e77d000-7e7ec000 r-xp 00000000 68:03 14326298          /lib/libc.so
7e7ec000-7e7f3000 ---p 00000000 00:00 0
7e7f3000-7e7f4000 rw-p 0006e000 68:03 14326298          /lib/libc.so
7e7f4000-7e7f6000 rw-p 00000000 00:00 0
7e7f6000-7e7f7000 ---p 00000000 00:00 0
7e7f7000-7eff7000 rw-p 00000000 00:00 0
7eff7000-7eff8000 r-xp 00000000 68:03 9731305          /usr/bin/brk
7eff8000-7efff000 ---p 00000000 00:00 0
7e7f7000-7eff7000 rw-p 00000000 00:00 0          [stack]

Showing how the main binary got loaded to wrong place.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
I assume pinterp_name is only ever set for the main executable.
Quick grep would indicate that this is indeed the case.

 linux-user/elfload.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index ddef23e..d6e00cd 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1660,7 +1660,12 @@ static void load_elf_image(const char *image_name, int image_fd,
     }
 
     load_addr = loaddr;
-    if (ehdr->e_type == ET_DYN) {
+    if (pinterp_name != NULL) {
+        /* This is the main executable.  Make sure that the low
+           address does not conflict with MMAP_MIN_ADDR or the
+           QEMU application itself.  */
+        probe_guest_base(image_name, loaddr, hiaddr);
+    } else if (ehdr->e_type == ET_DYN) {
         /* The image indicates that it can be loaded anywhere.  Find a
            location that can hold the memory space required.  If the
            image is pre-linked, LOADDR will be non-zero.  Since we do
@@ -1672,11 +1677,6 @@ static void load_elf_image(const char *image_name, int image_fd,
         if (load_addr == -1) {
             goto exit_perror;
         }
-    } else if (pinterp_name != NULL) {
-        /* This is the main executable.  Make sure that the low
-           address does not conflict with MMAP_MIN_ADDR or the
-           QEMU application itself.  */
-        probe_guest_base(image_name, loaddr, hiaddr);
     }
     load_bias = load_addr - loaddr;
 
-- 
1.8.3.2