MFC r339877-r339879,r343564-r343566,r343580,r343754:
Untangle jemalloc and mutexes initialization.

The merge includes required warnings cleanup by arichardson, both to
avoid conflicts and to make rt

MFC r339877-r339879,r343564-r343566,r343580,r343754:
Untangle jemalloc and mutexes initialization.

The merge includes required warnings cleanup by arichardson, both to
avoid conflicts and to make rtld_malloc.c compilable with the libthr
WARNS settings.

show more ...

libexec: adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone -

libexec: adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

show more ...

Use address space guard to implement inter-segment gap.

Rtld checks and use old MAP_ANON/PROT_NONE method of creating gap if
running on old kernel.

Reviewed by: alc, markj
Tested by: pho, Qualys
Sp

Use address space guard to implement inter-segment gap.

Rtld checks and use old MAP_ANON/PROT_NONE method of creating gap if
running on old kernel.

Reviewed by: alc, markj
Tested by: pho, Qualys
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

show more ...

Fix the AT_EXECFD functionality.

If the mapped object is linked at specific address, we must obey it.
If AT_EXECFD is not used, only in-kernel ELF image activator needed to
keep the mapping address,

Fix the AT_EXECFD functionality.

If the mapped object is linked at specific address, we must obey it.
If AT_EXECFD is not used, only in-kernel ELF image activator needed to
keep the mapping address, since only binaries are linked at the fixed
address, and binaries are mapped by kernel in this case.

Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
X-Differential revision: https://reviews.freebsd.org/D10701

show more ...

Fix handling of DT_TEXTREL for an object with more than one read-only
segment. According to gABI spec, presence of the tag indicates that
dynamic linker must be prepared to handle relocations agains

Fix handling of DT_TEXTREL for an object with more than one read-only
segment. According to gABI spec, presence of the tag indicates that
dynamic linker must be prepared to handle relocations against any
read-only segment, not only the segment which we, somewhat arbitrary,
declared the text.

For each read-only segment, add write permission before relocs are
processed, and return to the mapping mode requested by the phdr, after
relocs are done.

Reported, tested, and reviewed by: emaste
PR: 207631
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

show more ...

This seems like a very trivial bug that should have been squashed a long
time ago, but for some reason it was not. Basically, without this change
dlopen(3)'ing an empty .so file would just cause appl

This seems like a very trivial bug that should have been squashed a long
time ago, but for some reason it was not. Basically, without this change
dlopen(3)'ing an empty .so file would just cause application to dump core
with SIGSEGV.

Make sure the file has enough data for at least the ELF header before
mmap'ing it.

Add a test case to check that dlopen an empty file return an error.

There were a separate discussion as to whether it should be SIGBUS
instead when you try to access region mapped from an empty file,
but it's definitely SIGSEGV now, so if anyone want to check that please
be my guest.
Reviewed by: mjg, cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D5112

show more ...

Allow PT_NOTES segments to be located anywhere in the executable
image.

The dynamic linker still requires that program headers of the
executable or dso are mapped by a PT_LOAD segment.

Reviewed by:

Allow PT_NOTES segments to be located anywhere in the executable
image.

The dynamic linker still requires that program headers of the
executable or dso are mapped by a PT_LOAD segment.

Reviewed by: emaste, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D3871

show more ...

Before calling mmap() on a shared library's text and data sections, rtld
first calls mmap() with the arguments PROT_NONE and MAP_ANON to reserve a
single, contiguous range of virtual addresses for th

Before calling mmap() on a shared library's text and data sections, rtld
first calls mmap() with the arguments PROT_NONE and MAP_ANON to reserve a
single, contiguous range of virtual addresses for the entire shared library.
Later, rtld calls mmap() with the the shared library's file descriptor
and the argument MAP_FIXED to place the text and data sections within the
reserved range. The rationale for mapping shared libraries in this way is
explained in the commit message for Revision 190885. However, this approach
does have an unintended, negative consequence. Since the first call to
mmap() specifies MAP_ANON and not the shared library's file descriptor, the
kernel has no idea what alignment the vm object backing the file prefers.
As a result, the reserved range's alignment is unlikely to be the same as
the vm object's, and so mapping with superpages becomes impossible. To
address this problem, this revision adds the argument MAP_ALIGNED_SUPER to
the first call to mmap() if the text section is larger than the smallest
superpage size.

To determine if the text section is larger than the smallest superpage
size, rtld must always fetch the page size information. As a result, the
private code for fetching the base page size in rtld's builtin malloc is
redundant. Eliminate it. Requested by: kib

Tested by: zbb (on arm)
Reviewed by: kib (an earlier version)
Discussed with: jhb

show more ...

Map libraries linked with -Ttext-segment=base_addr at base_addr.
Normal libraries have base address 0 and are unaffected by this change.

PR: 176216
Submitted by: Damjan Jovanovic <damjan.jov@gmail.

Map libraries linked with -Ttext-segment=base_addr at base_addr.
Normal libraries have base address 0 and are unaffected by this change.

PR: 176216
Submitted by: Damjan Jovanovic <[email protected]>
Reviewed by: kib
MFC after: 1 week

show more ...

Parse notes only after object structure had been allocated.

Reported by: kargl
Reviewed by: kib (sans whitespace)

Merge r197808 from head to stable/8:

In rtld's map_object(), use pread(..., 0) rather than read() to read the
ELF header from the front of the file. As all other I/O on the binary
is done usi

Merge r197808 from head to stable/8:

In rtld's map_object(), use pread(..., 0) rather than read() to read the
ELF header from the front of the file. As all other I/O on the binary
is done using mmap(), this avoids the need for seek privileges on the
file descriptor during run-time linking.

Sponsored by: Google

show more ...

Eliminate the static buffer used to read the first page of the mapped
object, and eliminate the pread(2) call as well [1]. Mmap the first
page of the object temporaly, and unmap it on error or last u

Eliminate the static buffer used to read the first page of the mapped
object, and eliminate the pread(2) call as well [1]. Mmap the first
page of the object temporaly, and unmap it on error or last use.
Potentially, this leaves one-page gap between succeeding dlopen(3),
but there are other mmap(2) consumers as well.

Fix several cases were the whole mapping of the object leaked on error.

Use MAP_PREFAULT_READ for mmap(2) calls which map real object pages [2].

Insipired by the patch by: Ian Lepore <freebsd damnhippie dyndns org> [1]
Suggested by: alc [2]
MFC after: 2 weeks

show more ...

Remove write-only variable.

MFC after: 3 days

Rtld on diet 3.

Stop using strerror(3) in rtld, which brings in msgcat and stdio.
Directly access sys_errlist array of errno messages with private
rtld_strerror() function.

Now,
$ size /libexec/ld-

Rtld on diet 3.

Stop using strerror(3) in rtld, which brings in msgcat and stdio.
Directly access sys_errlist array of errno messages with private
rtld_strerror() function.

Now,
$ size /libexec/ld-elf.so.1
text data bss dec hex filename
96983 2480 8744 108207 1a6af /libexec/ld-elf.so.1

Reviewed by: dim, kan
MFC after: 2 weeks

show more ...

When iterating over the dso program headers, the object is not initialized
yet, and object segments are not yet mapped. Only parse the notes that
appear in the first page of the dso (as it should be

When iterating over the dso program headers, the object is not initialized
yet, and object segments are not yet mapped. Only parse the notes that
appear in the first page of the dso (as it should be anyway), and use
the preloaded page content.

Reported and tested by: stass
MFC after: 20 days

show more ...

Add support for preinit, init and fini arrays. Some ABIs, in
particular on ARM, do require working init arrays.

Traditional FreeBSD crt1 calls _init and _fini of the binary, instead
of allowing run

Add support for preinit, init and fini arrays. Some ABIs, in
particular on ARM, do require working init arrays.

Traditional FreeBSD crt1 calls _init and _fini of the binary, instead
of allowing runtime linker to arrange the calls. This was probably
done to have the same crt code serve both statically and dynamically
linked binaries. Since ABI mandates that first is called preinit
array functions, then init, and then init array functions, the init
have to be called from rtld now.

To provide binary compatibility to old FreeBSD crt1, which calls _init
itself, rtld only calls intializers and finalizers for main binary if
binary has a note indicating that new crt was used for linking. Add
parsing of ELF notes to rtld, and cache p_osrel value since we parsed
it anyway.

The patch is inspired by init_array support for DragonflyBSD, written
by John Marino.

Reviewed by: kan
Tested by: andrew (arm, previous version), flo (sparc64, previous version)
MFC after: 3 weeks

show more ...

Add support for GNU RELRO.

Submitted by: John Marino <draco marino st>
MFC after: 2 weeks

Restore the writing of the .bss sections of the dsos (not the main
executable) after r190885. The whole region for the dso is mmaped with
MAP_NOCORE flag, doing only mprotect(2) over .bss prevented i

Restore the writing of the .bss sections of the dsos (not the main
executable) after r190885. The whole region for the dso is mmaped with
MAP_NOCORE flag, doing only mprotect(2) over .bss prevented it from
writing .bss to core files.

Revert the optimization of using mprotect(2) to establish .bss, overlap
the section with mmap(2).

Reported by: attilio
Reviewed by: attilio, emaste
Approved by: re (bz)
MFC after: 2 weeks

show more ...

When loading dso without PT_GNU_STACK phdr, only call
__pthread_map_stacks_exec() on architectures that allow executable
stacks.

Reported and tested by: marcel (ia64)

In rtld, read the initial stack access mode from AT_STACKPROT as set
by kernel, and parse PT_GNU_STACK phdr from linked and loaded dsos.

If the loaded dso requires executable stack, as specified by

In rtld, read the initial stack access mode from AT_STACKPROT as set
by kernel, and parse PT_GNU_STACK phdr from linked and loaded dsos.

If the loaded dso requires executable stack, as specified by PF_X bit
of p_flags of PT_GNU_STACK phdr, but current stack protection does not
permit execution, the __pthread_map_stacks_exec symbol is looked up
and called. It should be implemented in libc or threading library and
change the protection mode of all thread stacks to be executable.

Provide a private interface _rtld_get_stack_prot() to export the stack
access mode as calculated by rtld.

Reviewed by: kan

show more ...

In rtld's map_object(), use pread(..., 0) rather than read() to read the
ELF header from the front of the file. As all other I/O on the binary
is done using mmap(), this avoids the need for seek pri

In rtld's map_object(), use pread(..., 0) rather than read() to read the
ELF header from the front of the file. As all other I/O on the binary
is done using mmap(), this avoids the need for seek privileges on the
file descriptor during run-time linking.

MFC after: 1 month
Sponsored by: Google

show more ...

Only perform .bss mapping and cleaning operations when segment file size
is not equal to its memory size.

This eliminates unneeded clearing of the text segment that often
happens due to text end not

Only perform .bss mapping and cleaning operations when segment file size
is not equal to its memory size.

This eliminates unneeded clearing of the text segment that often
happens due to text end not being page-aligned.

For instance,
$ readelf -l /lib/libedit.so.6
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x139e1 0x139e1 R E 0x1000
LOAD 0x014000 0x00014000 0x00014000 0x00f04 0x00f14 RW 0x1000
DYNAMIC 0x014cc4 0x00014cc4 0x00014cc4 0x000d0 0x000d0 RW 0x4
$ procstat -v $$ (for /bin/sh)
68585 0x28097000 0x280aa000 r-x 6 0 21 14 CN vn /lib/libedit.so.6
68585 0x280aa000 0x280ab000 r-x 1 0 1 0 CN vn /lib/libedit.so.6 <==
68585 0x280ab000 0x280ac000 rwx 1 0 1 0 CN vn /lib/libedit.so.6
Note the splitted map entry marked by '<=='.

Reviewed by: kan
Approved by: re (kensmith)
MFC after: 1 month

show more ...

Currently, when mapping an object, rtld reserves the whole address space
for the mapping by the object' file with the protection and mode of
the first loadable segment over the whole region. Then, it

Currently, when mapping an object, rtld reserves the whole address space
for the mapping by the object' file with the protection and mode of
the first loadable segment over the whole region. Then, it maps other
segments at the appropriate addresses inside the region.

On amd64, due to default alignment of the segments being 1Gb, the
subsequent segment mappings leave the holes in the region, that usually
contain mapping of the object' file past eof. Such mappings prevent
wiring of the address space, because the pages cannot be faulted in.

Change the way the mapping of the ELF objects is constructed, by first
mapping PROT_NONE anonymous memory over the whole range, and then
mapping the segments of the object over it. Take advantage of this new
order and allocate .bss by changing the protection of the range instead
of remapping.

Note that we cannot simply keep the holes between segments, because
other mappings may be made there. Among other issues, when the dso is
unloaded, rtld unmaps the whole region, deleting unrelated mappings.

The kernel ELF image activator does put the holes between segments, but
this is not critical for now because kernel loads only executable image
and interpreter, both cannot be unloaded. This will be fixed later, if
needed.

Reported and tested by: Hans Ottevanger <fbsdhackers beasties demon nl>
Suggested and reviewed by: kan, alc

show more ...

Update comment to the reality, rtld supports any number of loadable segments.
Fix spacing.

Reviewed by: kan

Implement the dynamic string token substitution in the rpath and
soneeded pathes. The $ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens
are supported. Enabling the substitution requires DF_ORIGIN flag in

Implement the dynamic string token substitution in the rpath and
soneeded pathes. The $ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens
are supported. Enabling the substitution requires DF_ORIGIN flag in
DT_FLAGS or DF_1_ORIGIN if DF_FLAGS_1, that may be set with -z origin
gnu ld flag. Translation is unconditionally disabled for setuid/setgid
processes.

The $ORIGIN translation relies on the AT_EXECPATH auxinfo supplied
by kernel.

Requested by: maho
Tested by: maho, pho
Reviewed by: kan

show more ...