From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MGz4C-0005Ed-Jj for qemu-devel@nongnu.org; Wed, 17 Jun 2009 13:36:56 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MGz47-00057Z-Fd for qemu-devel@nongnu.org; Wed, 17 Jun 2009 13:36:55 -0400 Received: from [199.232.76.173] (port=39799 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGz47-00056z-0l for qemu-devel@nongnu.org; Wed, 17 Jun 2009 13:36:51 -0400 Received: from smtp-out.google.com ([216.239.45.13]:49101) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MGz46-00045a-7C for qemu-devel@nongnu.org; Wed, 17 Jun 2009 13:36:50 -0400 Received: from spaceape7.eur.corp.google.com (spaceape7.eur.corp.google.com [172.28.16.141]) by smtp-out.google.com with ESMTP id n5HHafHX006638 for ; Wed, 17 Jun 2009 10:36:42 -0700 Received: from pxi6 (pxi6.prod.google.com [10.243.27.6]) by spaceape7.eur.corp.google.com with ESMTP id n5HHZqum012786 for ; Wed, 17 Jun 2009 10:36:39 -0700 Received: by pxi6 with SMTP id 6so539160pxi.14 for ; Wed, 17 Jun 2009 10:36:38 -0700 (PDT) MIME-Version: 1.0 Date: Wed, 17 Jun 2009 20:36:38 +0300 Message-ID: From: Kai Backman Content-Type: multipart/alternative; boundary=001636e911aeca73a3046c8ebb42 Subject: [Qemu-devel] Patch to fix mapping of elf pheaders specifying both .data and .bss segments List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --001636e911aeca73a3046c8ebb42 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I recently found an issue where an elf pheader mapping both a .data and a .bss segment would have its MemSiz ignored and only FileSiz bytes would end up in the memory map. The bug is exhibiting when an elf interpreter isn't available on the system. I've attached the output of readelf for such a file and a patch against the git repository that fixes the problem. Comments on the patch solicited, I'm also unclear on the commit flow for the project. Kai Section Headers: [Nr] Name Type Addr Off Size ES Flg Lk Inf Al [ 0] NULL 00000000 000000 000000 00 0 0 0 [ 1] .text PROGBITS 000082e0 0002e0 006d60 00 AX 0 0 8 [ 2] .data PROGBITS 00010000 008000 000c60 00 WA 0 0 8 [ 3] .bss NOBITS 00010c60 008c60 00bf00 00 WA 0 0 8 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x000000 0x00008000 0x00008000 0x07040 0x07040 R E 0x1000 LOAD 0x008000 0x00010000 0x00010000 0x00c60 0x0cb60 RW 0x1000 diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 190ad14..e4e75d5 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -1211,7 +1211,7 @@ int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, abi_ulong mapped_addr; struct elf_phdr * elf_ppnt; struct elf_phdr *elf_phdata; - abi_ulong elf_bss, k, elf_brk; + abi_ulong elf_bss, last_bss, mapped_bss, k, elf_brk; int retval; char * elf_interpreter; abi_ulong elf_entry, interp_load_addr = 0; @@ -1271,6 +1271,7 @@ int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, elf_ppnt = elf_phdata; elf_bss = 0; + last_bss = 0; elf_brk = 0; @@ -1495,12 +1496,24 @@ int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz; if (k > elf_bss) elf_bss = k; + k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz; + if (k > last_bss) + last_bss = k; if ((elf_ppnt->p_flags & PF_X) && end_code < k) end_code = k; if (end_data < k) end_data = k; k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz; if (k > elf_brk) elf_brk = k; + if (!elf_interpreter && last_bss > elf_bss) { + padzero(elf_bss, last_bss); + mapped_bss = TARGET_ELF_PAGESTART(elf_bss + qemu_host_page_size - 1); + + /* Map the last of the bss segment */ + target_mmap(load_bias + mapped_bss, last_bss-mapped_bss, + PROT_READ|PROT_WRITE|PROT_EXEC, + MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + } } elf_entry += load_bias; -- Kai Backman, Software Engineer, kaib@google.com --001636e911aeca73a3046c8ebb42 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I re= cently found an issue where an elf pheader mapping both a .data and a .bss = segment would have its MemSiz ignored and only FileSiz bytes would end up i= n the memory map. The bug is exhibiting when an elf interpreter isn't a= vailable on the system. I've attached the output of readelf for such a = file and a patch against the git repository that fixes the problem.<= div>
<= /span>
Comments on the patch solicited, I'm also unclear on the co= mmit flow for the project.
=
=A0Kai


Section Headers:
=A0=A0[Nr] Name =A0 =A0 =A0 =A0 =A0 =A0 =A0Type =A0 =A0 =A0 =A0 =A0 = =A0Addr =A0 =A0 Off =A0 =A0Size =A0 ES Flg Lk Inf Al
=A0= =A0[ 0] =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 NULL =A0 =A0 =A0 =A0 =A0 =A0000= 00000 000000 000000 00 =A0 =A0 =A00 =A0 0 =A00
=A0=A0[ 1] .text =A0 =A0 =A0 =A0 =A0 =A0 PROGBITS =A0 =A0 =A0 =A000008= 2e0 0002e0 006d60 00 =A0AX =A00 =A0 0 =A08
=A0=A0[ 2] .dat= a =A0 =A0 =A0 =A0 =A0 =A0 PROGBITS =A0 =A0 =A0 =A000010000 008000 000c60 00= =A0WA =A00 =A0 0 =A08
=A0=A0[ 3] .bss =A0 =A0 =A0 =A0 =A0 =A0 =A0NOBITS =A0 =A0 =A0 =A0 =A00= 0010c60 008c60 00bf00 00 =A0WA =A00 =A0 0 =A08

Program Headers:
=A0=A0Type =A0 =A0= =A0 =A0 =A0 Offset =A0 VirtAddr =A0 PhysAddr =A0 FileSiz MemSiz =A0Flg Ali= gn
=A0=A0LOAD =A0 =A0 =A0 =A0 =A0 0x000000 0x00008000 0x00008000 0x07040 = 0x07040 R E 0x1000
=A0=A0LOAD =A0 =A0 =A0 =A0 =A0 0x0080= 00 0x00010000 0x00010000 0x00c60 0x0cb60 RW =A00x1000

diff -= -git a/linux-user/elfload.c b/linux-user/elfload.c index 190ad14..e4e75d5 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -1211,7 +1211,7 @@ int load_elf_binary(struct linux_binprm * bprm, struc= t target_pt_regs * regs, abi_ulong mapped_addr; struct elf_phdr * elf_ppnt; struct elf_phdr *elf_phdata; - abi_ulong elf_bss, k, elf_brk; + abi_ulong elf_bss, last_bss, mapped_bss, k, elf_brk; int retval; char * elf_interpreter; abi_ulong elf_entry, interp_load_addr =3D 0; @@ -1271,6 +1271,7 @@ int load_elf_binary(struct linux_binprm * bprm, struc= t target_pt_regs * regs, elf_ppnt =3D elf_phdata; elf_bss =3D 0; + last_bss =3D 0; elf_brk =3D 0; @@ -1495,12 +1496,24 @@ int load_elf_binary(struct linux_binprm * bprm, str= uct target_pt_regs * regs, k =3D elf_ppnt->p_vaddr + elf_ppnt->p_filesz; if (k > elf_bss) elf_bss =3D k; + k =3D elf_ppnt->p_vaddr + elf_ppnt->p_memsz; + if (k > last_bss) + last_bss =3D k; if ((elf_ppnt->p_flags & PF_X) && end_code < k) end_code =3D k; if (end_data < k) end_data =3D k; k =3D elf_ppnt->p_vaddr + elf_ppnt->p_memsz; if (k > elf_brk) elf_brk =3D k; + if (!elf_interpreter && last_bss > elf_bss) { + padzero(elf_bss, last_bss); + mapped_bss =3D TARGET_ELF_PAGESTART(elf_bss + qemu_host_page_si= ze - 1); + + /* Map the last of the bss segment */ + target_mmap(load_bias + mapped_bss, last_bss-mapped_bss, + PROT_READ|PROT_WRITE|PROT_EXEC, + MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + } } elf_entry +=3D load_bias;


-- Kai Backman, Software Engineer, kaib@go= ogle.com
--001636e911aeca73a3046c8ebb42--