Subject: Re: -current brokenness with dynamic executables
To: Simon Burge <email@example.com>
From: Chris G. Demetriou <firstname.lastname@example.org>
Date: 01/05/1999 21:32:45
Simon Burge <email@example.com> writes:
> Um, exec_elf32.c is the problem. Rev 1.39 of exec_elf32.c works, 1.40
> doesn't. I'm not gonna pretend to understand what the diff does, but
> here's some info that may or may not help:
> mona:/tmp 37> objdump --headers hello
FWIW, the section headers are ~useless w.r.t. what execve() does (or
should be, if execve() isn't _horribly_ broken 8-). you should be
looking at the program header, for a "NOTE" header entry.
e.g. from NetBSD/alpha (1.3F) /bin/cat:
LOAD off 0x0000000000000000 vaddr 0x0000000120000000 paddr 0x0000000120000000 align 2**20
filesz 0x000000000000ed90 memsz 0x000000000000ed90 flags r-x
LOAD off 0x000000000000ed90 vaddr 0x000000012010ed90 paddr 0x000000012010ed90 align 2**20
filesz 0x0000000000000b78 memsz 0x0000000000001c68 flags rw-
NOTE off 0x00000000000000e8 vaddr 0x00000001200000e8 paddr 0x00000001200000e8 align 2**2
filesz 0x0000000000000034 memsz 0x0000000000000034 flags r--
the NOTE corresponds to:
11 .note.netbsd.ident 00000034 00000001200000e8 00000001200000e8000000e8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
FYI, the correct section contents look something like:
Contents of section .note.netbsd.ident:
1200000e8 07000000 04000000 01000000 4e657442 ............NetB
1200000f8 53440000 7e0c0300 07000000 07000000 SD..~...........
120000108 02000000 4e657442 53440000 6e657462 ....NetBSD..netb
120000118 73640000 sd..
(on an alpha; little-endian.) With the exception of the OS version
constant (7e0c0300), i'd expect it to all be the same on the pmax.
I didn't look too carefully at the exec code, but two things jumped
out at me:
np = (Elf_Note *)malloc(ph->p_filesz + 1, M_TEMP, M_WAITOK);
that "+ 1" is, as far as I know, incorrect.
also, way ELFNAME2(netbsd,probe) sets *pos seems bogus. the exec code does:
pos = ELFDEFNNAME(NO_ADDR);
... probe loop, and other stuff ...
* If no position to load the interpreter was set by a probe
* function, pick the same address that a non-fixed mmap(0, ..)
* would (i.e. something safely out of the way).
if (pos == ELFDEFNNAME(NO_ADDR))
pos = round_page(epp->ep_daddr + MAXDSIZ);
but the netbsd probe function sets 'pos' to be 0, which will cause
exec to try to map the interpreter at 0 if i understand the code
if you change:
*pos = 0;
on line 788 of exec_elf32.c to
*pos = ELFDEFNNAME(NO_ADDR);
i think it might do the right thing.
if i understand this, i don't really think i understand how the new
code was tested and determined to work...
Chris Demetriou - firstname.lastname@example.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.