Re: KASSERT in exec_elf.c for DYN executable when p_align==0

[Alexander Nasonov <alnsn%yandex.ru@localhost>]

Alexander Nasonov wrote:
> Steps to reproduce (on amd64 compiled with MKPIE=yes):
> 
> bvi -s 0x0e2 /bin/echo # change 20 to 00
> bvi -s 0x11a /bin/echo # change 20 to 00
> 
> /bin/echo # boom!
> 
> I would be nice to perform sanity checks of tainted executable
> instead of panicing.

Attached is a simple patch. I don't know (yet) if it works.

Alex

Index: exec_elf.c
===================================================================
RCS file: /cvsroot/src/sys/kern/exec_elf.c,v
retrieving revision 1.94
diff -p -u -u -r1.94 exec_elf.c
--- exec_elf.c	17 Mar 2018 00:30:50 -0000	1.94
+++ exec_elf.c	17 Mar 2018 23:10:43 -0000
@@ -129,7 +129,8 @@ elf_placedynexec(struct exec_package *ep
 	Elf_Addr align, offset;
 	int i;
 
-	for (align = i = 0; i < eh->e_phnum; i++)
+	align = 1;
+	for (i = 0; i < eh->e_phnum; i++)
 		if (ph[i].p_type == PT_LOAD && ph[i].p_align > align)
 			align = ph[i].p_align;
 
@@ -679,6 +680,12 @@ exec_elf_makecmds(struct lwp *l, struct 
 
 	for (i = 0; i < eh->e_phnum; i++) {
 		pp = &ph[i];
+		if (pp->p_type == PT_LOAD &&
+		    (pp->p_align & (pp->p_align - 1)) != 0) {
+			DPRINTF("bad alignment %#jx", (uintmax_t)pp->p_align);
+			error = ENOEXEC;
+			goto bad;
+		}
 		if (pp->p_type == PT_INTERP) {
 			if (pp->p_filesz < 2 || pp->p_filesz > MAXPATHLEN) {
 				DPRINTF("bad interpreter namelen %#jx",