Subject: Re: -current brokenness with dynamic executables
To: Simon Burge <>
From: Chris G. Demetriou <>
List: current-users
Date: 01/05/1999 21:32:45
Simon Burge <> writes:
> Um, exec_elf32.c is the problem.  Rev 1.39 of exec_elf32.c works, 1.40
> doesn't.  I'm not gonna pretend to understand what the diff does, but
> here's some info that may or may not help:
> 	mona:/tmp 37> objdump --headers hello

FWIW, the section headers are ~useless w.r.t. what execve() does (or
should be, if execve() isn't _horribly_ broken 8-).  you should be
looking at the program header, for a "NOTE" header entry.

e.g. from NetBSD/alpha (1.3F) /bin/cat:

Program Header:
    LOAD off    0x0000000000000000 vaddr 0x0000000120000000 paddr 0x0000000120000000 align 2**20
         filesz 0x000000000000ed90 memsz 0x000000000000ed90 flags r-x
    LOAD off    0x000000000000ed90 vaddr 0x000000012010ed90 paddr 0x000000012010ed90 align 2**20
         filesz 0x0000000000000b78 memsz 0x0000000000001c68 flags rw-
    NOTE off    0x00000000000000e8 vaddr 0x00000001200000e8 paddr 0x00000001200000e8 align 2**2
         filesz 0x0000000000000034 memsz 0x0000000000000034 flags r--

the NOTE corresponds to:

 11 .note.netbsd.ident 00000034  00000001200000e8  00000001200000e8000000e8  2**2

of course.

FYI, the correct section contents look something like:

Contents of section .note.netbsd.ident:
 1200000e8 07000000 04000000 01000000 4e657442  ............NetB
 1200000f8 53440000 7e0c0300 07000000 07000000  SD..~...........
 120000108 02000000 4e657442 53440000 6e657462  ....NetBSD..netb
 120000118 73640000                             sd..            

(on an alpha; little-endian.)  With the exception of the OS version
constant (7e0c0300), i'd expect it to all be the same on the pmax.

I didn't look too carefully at the exec code, but two things jumped
out at me:

                np = (Elf_Note *)malloc(ph->p_filesz + 1, M_TEMP, M_WAITOK);

that "+ 1" is, as far as I know, incorrect.

also, way ELFNAME2(netbsd,probe) sets *pos seems bogus.  the exec code does:

        pos = ELFDEFNNAME(NO_ADDR); 

	... probe loop, and other stuff ...

         * If no position to load the interpreter was set by a probe
         * function, pick the same address that a non-fixed mmap(0, ..)
         * would (i.e. something safely out of the way).
        if (pos == ELFDEFNNAME(NO_ADDR))
                pos = round_page(epp->ep_daddr + MAXDSIZ);

but the netbsd probe function sets 'pos' to be 0, which will cause
exec to try to map the interpreter at 0 if i understand the code

if you change:

        *pos = 0;

on line 788 of exec_elf32.c to


i think it might do the right thing.

if i understand this, i don't really think i understand how the new
code was tested and determined to work...

Chris Demetriou - -
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.