This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/18801] New: PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64

From: "tmsriram at google dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Mon, 10 Aug 2015 20:11:54 +0000
Subject: [Bug libc/18801] New: PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=18801

            Bug ID: 18801
           Summary: PIE binary with STT_GNU_IFUNC symbol and TEXTREL
                    segfaults on x86_64
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: tmsriram at google dot com
                CC: drepper.fsp at gmail dot com, hjl.tools at gmail dot com,
                    ppluzhnikov at google dot com
  Target Milestone: ---

Created attachment 8500
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8500&action=edit
Preserve the original segment's execute permissions when protecting the page
for writing it.

We have a PIE binary with TEXTREL and a STT_GNU_IFUNC symbol that segfaults at
start-up.

How to reproduce the problem:

zoo.cc
-------
int zoo_1 () {
  return 0;
}

extern "C"
void *selector () {
  return (void *)&zoo_1;
}

int zoo() __attribute__ ((ifunc ("selector")));

int main() {
  return zoo ();
}

$ g++ -mcmodel=large -pie foo.cc

$readelf -Wta ./a.out | grep TEXTREL
0x0000000000000016 (TEXTREL)            0x0
0x000000000000001e (FLAGS)              TEXTREL

$ ./a.out
Segmentation Fault

Notes:
* Use mcmodel=large and -pie to create Text relocations.

$ gdb ./a.out
bt

(gdb) bt
#0  0x000055555555476b in selector ()
#1  0x00007ffff7de6638 in _dl_relocate_object () from
/usr/grte/v4/lib64/ld-linux-x86-64.so.2
#2  0x00007ffff7ddc84d in dl_main () from
/usr/grte/v4/lib64/ld-linux-x86-64.so.2


The segfault happens due to this:

 if (__glibc_unlikely (l->l_info[DT_TEXTREL] != NULL)) 
    {
       .....

           if (__mprotect (newp->start, newp->len, PROT_READ|PROT_WRITE) < 0)
             {
               ...
             }

The execute permission of the PT_LOAD segment is removed in the process of
marking for write.  

The attached patch seems to fix the problem.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: tmsriram at google dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: ppluzhnikov at google dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: hjl.tools at gmail dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: tmsriram at google dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: ppluzhnikov at google dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: hjl.tools at gmail dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: tmsriram at google dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: tmsriram at google dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: hjl.tools at gmail dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: tmsriram at google dot com
- [Bug libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
  - From: hjl.tools at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]