[lld] r290986 - ELF: Round p_memsz of the PT_GNU_RELRO program header up to the page size.

Ed Maste via llvm-commits llvm-commits at lists.llvm.org
Fri Jan 27 13:08:37 PST 2017 

On 27 January 2017 at 16:01, Ed Maste <emaste at freebsd.org> wrote:
> On 27 January 2017 at 13:36, Rafael Avila de Espindola
> <rafael.espindola at gmail.com> wrote:
>>
>> Can you expand a bit on how this crashes? The first section after
>> PT_GNU_RELRO is also aligned to MaxPageSize:
>
> But the end of the final PT_LOAD is not aligned to MaxPageSize.
>
> I don't have the exact details (they were relayed to me over IRC), but
> this isn't an allocation from LLD, it's e.g. a malloc() from the
> application. It might be that it requires multiple threads, with
> simultaneous dlopen() and malloc().
>
> The problem here is that the PT_GNU_RELRO covered up to 15 pages
> beyond the final PT_LOAD, with MaxPageSize=64K and 4K pages. So rtld
> maps the final PT_LOAD and then after relocation applies mprotect to
> pages that were never mapped by rtld.

Ah, here are the .so's phdrs from the report:

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flg    Align
  PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
                 0x0000000000000188 0x0000000000000188  R      0x8
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000001030 0x0000000000001030  R      0x10000
  LOAD           0x0000000000010000 0x0000000000010000 0x0000000000010000
                 0x0000000000002690 0x0000000000002690  R E    0x10000
  LOAD           0x0000000000020000 0x0000000000020000 0x0000000000020000
                 0x0000000000010220 0x0000000000010220  RW     0x10000
  DYNAMIC        0x0000000000030078 0x0000000000030078 0x0000000000030078
                 0x0000000000000190 0x0000000000000190  RW     0x8
  GNU_RELRO      0x0000000000030000 0x0000000000030000 0x0000000000030000
                 0x0000000000000220 0x0000000000010000  R      0x1
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     0

So the final PT_LOAD is 0x20000-0x3021F (0x20000-0x30FFF with 4K
pages). GNU_RELRO will cause 0x30000-0x3FFFF to be mapped RO, which
includes any non-rtld allocations in 0x31000-0x3FFFF

More information about the llvm-commits mailing list