From nobody Fri Oct 21 12:54:59 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mv4F160Gkz4gVCx; Fri, 21 Oct 2022 12:55:01 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mv4F15bMlz3hfH; Fri, 21 Oct 2022 12:55:01 +0000 (UTC) (envelope-from kp@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666356901; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Eruo7qDWBY/9Ow/UysLm3YNfoWw9EAYVq12+guILHYQ=; b=JikUx3LFzLj1zdgF9fxV1xESLK72zwYEPpepadtlOvhjwP0+fYZ/eYHRZLUkrInzKCrLwf Ejo9bnJkI7ApgPwoA44T9wBpBpUhUY747KEa+QLznXCjLDsRozISH8e2b7K08W2xfJLwFj qxTK/ws0pqEEWgHDNgRm6bcgOk/n7tRa/7p4LFGsvYHxBOSfrrYHs62kHCPDiAdo2jAqqC ZTLCiHDe1Ltj7afSAdVuMy0qdRlhxmUVusbNnAk8law1HiboRHvSQrTxg7ILt45PVmth9g 8eIu9nVMGu90FUw8sSSoSCNZB71XeNVLSqyI2H6ZZuwbVTrVlZhEVO0+HUX8oA== Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Mv4F12m3yzZYC; Fri, 21 Oct 2022 12:55:01 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id CA0F933D4D; Fri, 21 Oct 2022 14:54:59 +0200 (CEST) From: Kristof Provost To: Konstantin Belousov Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 9cabef3d146e - main - ldd: use direct exec mode unconditionally Date: Fri, 21 Oct 2022 14:54:59 +0200 X-Mailer: MailMate (1.14r5918) Message-ID: In-Reply-To: References: <202210061550.296FoVrm088661@gitrepo.freebsd.org> <7F982005-246F-4607-A17B-08C81CE65E0B@FreeBSD.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_MailMate_F10CBA37-0676-48B6-A799-35DC2356068D_=" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666356901; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Eruo7qDWBY/9Ow/UysLm3YNfoWw9EAYVq12+guILHYQ=; b=dqZ1vq7/3ILncDno/IpPNXKn4lKti56hnVc34mhjIOIr2iDUNLgDnZqQQe4K+GQnLl44OM pGVpeWzi/5XYRLqk2tgTVq6zm/XDwwIB75Sl2lU2k87+fE5CYyJl5FzGN5hb2ZT840zdma 1QX8yva5GR7T9i3ezPrQKUeeSmBTfgQbK0VR4piTPgsQQcba4BcNKsDGMUDPEXbclnwNuS 9JeMZePqS6zPaxuiH9vB5Jkaf0gkYmTaNzPM5T6Br4B8fY2Z5rLXqvdHw5w2x9aeJsOsY5 fd4cdI3X5s0784N/RNv/fAXkfRj+GYpMDoN1hGLZqe39cyPt8xcu5ixrid/lSA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1666356901; a=rsa-sha256; cv=none; b=UMEzhVmn5i28GD5ovxMQRIOHHQ6QArb8h5PaAK8oaS823wu8GSML0DckZYprrwT30kHsz1 rxhnYOOCS5WFhZZPM85CPlVUlAbGDSml4Aa7IkRnzewT7QyksrI8IwrzCJTydkZ0X5E7vk JlSOrUoLVH4/RQOOnS7s/lcIwCMa7lO4bF++BjSZn9VVe+CJ+FY8BGC7HGYDYhaveJ3Gxa 7Wm1ZzuY5M8zvuDaNqcxrNHqSKwJBABSJ1ziRe36m1zJ/V1A53bT5yT/MujlSJYaBO8DIN MbPNo6BNCNR8xMFwRsDhx2h/m8Gm1U/dneo1q4lUPHySgMec9q1Wh/w3kGcbBA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N --=_MailMate_F10CBA37-0676-48B6-A799-35DC2356068D_= Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 21 Oct 2022, at 14:50, Konstantin Belousov wrote: > On Fri, Oct 21, 2022 at 02:18:04PM +0200, Kristof Provost wrote: >> On 6 Oct 2022, at 17:50, Konstantin Belousov wrote: >>> The branch main has been updated by kib: >>> >>> URL: = >>> https://cgit.FreeBSD.org/src/commit/?id=3D9cabef3d146e9a844813b6bc895= 2d6cf2e9d45e5 >>> >>> commit 9cabef3d146e9a844813b6bc8952d6cf2e9d45e5 >>> Author: Konstantin Belousov >>> AuthorDate: 2022-09-21 13:55:44 +0000 >>> Commit: Konstantin Belousov >>> CommitDate: 2022-10-06 15:50:26 +0000 >>> >>> ldd: use direct exec mode unconditionally >>> >>> Trying to exec malformed or unusual binary, for instance, a >>> non-FreeBSD >>> ABI, or using a non-standard interpreter, might give unexpected >>> outcome. >>> >>> Reported by: The UK's National Cyber Security Centre (NCSC) >>> Reviewed by: emaste, markj, philip >>> Discussed with: jhb >>> Sponsored by: The FreeBSD Foundation >>> admbug: 991 >>> PR: 127276, 175339, 231926 >>> MFC after: 1 week >>> Differential revision: https://reviews.freebsd.org/D36650 >>> >> This appears to break things for armv7 (running on aarch64). >> >> This manifests while building pfsense (for 3100 / armv7), which we do = >> on an >> aarch64 vm (to avoid having to deal with qemu, and because it=E2=80=99= s = >> faster). >> >> During that build a couple ports fail to build, including = >> databases/sqlite3. >> It fails running `/usr/bin/ldd -a = >> "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin= /sqlite3" = >> "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/lib= /libsqlite3.so=E2=80=9D`, >> which produces: >> >> ld-elf.so.1: = >> /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/= sqlite3: >> mmap of entire address space failed: Cannot allocate memory >> /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin= /sqlite3: >> exit status 1 >> >> That fails doing the `mapbase =3D mmap(base_addr, mapsize, PROT_NONE, >> base_flags, -1, 0);` call in rtld-elf=E2=80=99s map_object():217. That= call = >> does >> `mmap(0x10000, 0x1dc000, PROT_NONE, 0x6010, -1, 0) =3D> 0xffffffff`. >> >> With this patch reverted we can build successfully. > > Can you manually invoke ldd on the binary under ktrace -i, and show me = > the > kdump output? > I might be doing something wrong: # ktrace -i /usr/obj/usr/src/arm.armv7/usr.bin/ldd/ldd -a = "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sq= lite3" ld-elf.so.1: = /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sql= ite3: = mmap of entire address space failed: Cannot allocate memory /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sq= lite3: = exit status 1 # kdump -f ktrace.out 16 @ UNKNOWN(265) kdump: data too short # Perhaps because this is running in a jail? Here=E2=80=99s truss at least: # truss -f /usr/obj/usr/src/arm.armv7/usr.bin/ldd/ldd -a = "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sq= lite3" 95910: = mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 1074327552 (0x4008f000) 95910: mprotect(0x4007d000,4096,PROT_READ) =3D 0 (0x0) 95910: issetugid() =3D 0 (0x0) 95910: sigfastblock(0x1,0x4008df70) =3D 0 (0x0) 95910: open("/etc/libmap.conf",O_RDONLY|O_CLOEXEC,01) =3D 3 (0x3) 95910: fstat(3,{ mode=3D-rw-r--r-- ,inode=3D108965,size=3D47,blksize=3D4= 096 }) = =3D 0 (0x0) 95910: read(3,"# $FreeBSD$\nincludedir /usr/loc"...,47) =3D 47 (0x2f) 95910: close(3) =3D 0 (0x0) 95910: = open("/usr/local/etc/libmap.d",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,= 0145) = ERR#2 'No such file or directory' 95910: open("/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,0204411) =3D 3= = (0x3) 95910: read(3,"Ehnt\^A\0\0\0\M^@\0\0\0|\0\0\0\0"...,128) =3D 128 (0x80) 95910: fstat(3,{ mode=3D-r--r--r-- ,inode=3D270241,size=3D252,blksize=3D= 4096 }) = =3D 0 (0x0) 95910: pread(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,124,0x80) =3D 124 = (0x7c) 95910: close(3) =3D 0 (0x0) 95910: = open("/lib/libelf.so.2",O_RDONLY|O_CLOEXEC|O_VERIFY,010002250025) =3D 3 = (0x3) 95910: fstat(3,{ mode=3D-r--r--r-- ,inode=3D109043,size=3D88428,blksize=3D= 88576 = }) =3D 0 (0x0) 95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 1074028544 (0x40046000) 95910: mmap(0x0,282624,PROT_NONE,MAP_GUARD,-1,0x0) =3D 1074462720 = (0x400b0000) 95910: = mmap(0x400b0000,12288,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREF= AULT_READ,3,0x0) = =3D 1074462720 (0x400b0000) 95910: = mmap(0x400c2000,77824,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCOR= E|MAP_PREFAULT_READ,3,0x2000) = =3D 1074536448 (0x400c2000) 95910: = mmap(0x400e4000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFA= ULT_READ,3,0x14000) = =3D 1074675712 (0x400e4000) 95910: = mmap(0x400f4000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFA= ULT_READ,3,0x14000) = =3D 1074741248 (0x400f4000) 95910: munmap(0x40046000,4096) =3D 0 (0x0) 95910: close(3) =3D 0 (0x0) 95910: = open("/lib/libgcc_s.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,010002250027) =3D 3= = (0x3) 95910: fstat(3,{ mode=3D-r--r--r-- ,inode=3D109245,size=3D44108,blksize=3D= 44544 = }) =3D 0 (0x0) 95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 1074028544 (0x40046000) 95910: mmap(0x0,241664,PROT_NONE,MAP_GUARD,-1,0x0) =3D 1074745344 = (0x400f5000) 95910: = mmap(0x400f5000,12288,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREF= AULT_READ,3,0x0) = =3D 1074745344 (0x400f5000) 95910: = mmap(0x40107000,36864,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCOR= E|MAP_PREFAULT_READ,3,0x2000) = =3D 1074819072 (0x40107000) 95910: = mmap(0x4011f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFA= ULT_READ,3,0xa000) = =3D 1074917376 (0x4011f000) 95910: = mmap(0x4012f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFA= ULT_READ,3,0xa000) = =3D 1074982912 (0x4012f000) 95910: munmap(0x40046000,4096) =3D 0 (0x0) 95910: close(3) =3D 0 (0x0) 95910: open("/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,010002250023) = =3D 3 (0x3) 95910: fstat(3,{ mode=3D-r--r--r-- = ,inode=3D109132,size=3D1708716,blksize=3D131072 }) =3D 0 (0x0) 95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 1074028544 (0x40046000) 95910: mmap(0x0,2056192,PROT_NONE,MAP_GUARD,-1,0x0) =3D 1074987008 = (0x40130000) 95910: = mmap(0x40130000,294912,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PRE= FAULT_READ,3,0x0) = =3D 1074987008 (0x40130000) 95910: = mmap(0x40187000,1388544,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOC= ORE|MAP_PREFAULT_READ,3,0x47000) = =3D 1075343360 (0x40187000) 95910: = mmap(0x402e9000,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x199000) = =3D 1076793344 (0x402e9000) 95910: = mmap(0x402fd000,16384,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x19d000) = =3D 1076875264 (0x402fd000) 95910: = mmap(0x40301000,151552,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANO= N,-1,0x0) = =3D 1076891648 (0x40301000) 95910: munmap(0x40046000,4096) =3D 0 (0x0) 95910: close(3) =3D 0 (0x0) 95910: mprotect(0x402e9000,16384,PROT_READ) =3D 0 (0x0) 95910: sysarch(ARM_SET_TP,0x4009f010) =3D 0 (0x0) 95910: __sysctl("hw.10",2,0x40303698,0xffffcc78,0x0,0) ERR#2 'No such = file or directory' 95910: readlink("/etc/malloc.conf",0xffffc847,1024) ERR#2 'No such file = or directory' 95910: issetugid() =3D 0 (0x0) 95910: = mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(21= ),-1,0x0) = =3D 1077936128 (0x40400000) 95910: clock_gettime(4,{ 80683.109657689 }) =3D 0 (0x0) 95910: clock_gettime(4,{ 80683.109707855 }) =3D 0 (0x0) 95910: clock_gettime(4,{ 80683.109765151 }) =3D 0 (0x0) 95910: = mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074028544 (0x40046000) 95910: = mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-= 1,0x0) = =3D 1074049024 (0x4004b000) 95910: = openat(AT_FDCWD,"/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/= usr/local/bin/sqlite3",O_RDONLY|O_VERIFY,00) = =3D 3 (0x3) 95910: fstat(3,{ mode=3D-rwxr-xr-x ,inode=3D3021,size=3D1752272,blksize=3D= 4096 = }) =3D 0 (0x0) 95910: mmap(0x0,1752272,PROT_READ,MAP_PRIVATE,3,0x0) =3D 1080033280 = (0x40600000) 95910: = mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074053120 (0x4004c000) 95910: = mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074192384 (0x4006e000) 95910: = mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074065408 (0x4004f000) 95910: munmap(0x40600000,1752272) =3D 0 (0x0) 95910: close(3) =3D 0 (0x0) 95910: = mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074221056 (0x40075000) 95910: = mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-= 1,0x0) = =3D 1074077696 (0x40052000) 95910: = mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-= 1,0x0) = =3D 1074081792 (0x40053000) 95910: = mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074241536 (0x4007a000) 95910: = mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074257920 (0x4007e000) 95910: = mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074278400 (0x40083000) 95910: = mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-= 1,0x0) = =3D 1074085888 (0x40054000) 95910: = mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),= -1,0x0) = =3D 1074290688 (0x40086000) 95911: 95910: fork() =3D 95911 (0x176a7) 95911: execve("/libexec/ld-elf.so.1",0xffffda78,0x40054000) EJUSTRETURN 95911: = mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 1074126848 (0x4005e000) 95911: mprotect(0x4e000,4096,PROT_READ) =3D 0 (0x0) 95911: issetugid() =3D 0 (0x0) 95911: = open("/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/b= in/sqlite3",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = =3D 3 (0x3) 95911: fstat(3,{ mode=3D-rwxr-xr-x ,inode=3D3021,size=3D1752272,blksize=3D= 4096 = }) =3D 0 (0x0) 95911: geteuid() =3D 0 (0x0) 95911: sigfastblock(0x1,0x5ef70) =3D 0 (0x0) 95911: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 1074262016 (0x4007f000) 95911: = mmap(0x10000,1949696,PROT_NONE,MAP_FIXED|MAP_GUARD|MAP_EXCL,-1,0x0) = ERR#12 'Cannot allocate memory' 95911: munmap(0x4007f000,4096) =3D 0 (0x0) 95911: close(3) =3D 0 (0x0) ld-elf.so.1: 95911: write(2,"ld-elf.so.1: ",13) =3D 13 (0xd) /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sq= lite3: = mmap of entire address space failed: Cannot allocate memory95911: = write(2,"/wrkdirs/usr/ports/databases/sql"...,138) =3D 138 (0x8a) 95911: write(2,"\n",1) =3D 1 (0x1) 95911: exit(0x1) 95911: process exit, rval =3D 1 95910: wait4(-1,{ EXITED,val=3D1 },0x0,0x0) =3D 95911 (0x176a7) /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sq= lite3: = exit status 1 95910: write(2,"/wrkdirs/usr/ports/databases/sql"...,93) =3D 93 (0x5d) 95910: exit(0x1) 95910: process exit, rval =3D 1 Best regards, Kristof --=_MailMate_F10CBA37-0676-48B6-A799-35DC2356068D_= Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On 21 Oct 2022, at 14:50, Konstantin Belousov wrote:

On Fri, Oct 21, 2022 at 02:18:04PM = +0200, Kristof Provost wrote:

On 6 Oct 2022, at 17:50, Konstantin Belousov wrote:

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/co= mmit/?id=3D9cabef3d146e9a844813b6bc8952d6cf2e9d45e5

commit 9cabef3d146e9a844813b6bc8952d6cf2e9d45e5
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2022-09-21 13:55:44 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2022-10-06 15:50:26 +0000

ldd: use direct exec mode unconditionally

Trying to exec malformed or unusual binary, for insta= nce, a
non-FreeBSD
ABI, or using a non-standard interpreter, might give unexpected
outcome.

Reported by: The UK's National Cyber Security Cent= re (NCSC)
Reviewed by: emaste, markj, philip
Discussed with: jhb
Sponsored by: The FreeBSD Foundation
admbug: 991
PR: 127276, 175339, 231926
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D36650

This appears to break things for armv7 (runn= ing on aarch64).

This manifests while building pfsense (for 3100 / armv7),= which we do on an
aarch64 vm (to avoid having to deal with qemu, and because it=E2=80=99s f= aster).

During that build a couple ports fail to build, including= databases/sqlite3.
It fails running `/usr/bin/ldd -a "/wrkdirs/usr/ports/databases/sqlite3/w= ork-default/stage/usr/local/bin/sqlite3" "/wrkdirs/usr/ports/databases/sq= lite3/work-default/stage/usr/local/lib/libsqlite3.so=E2=80=9D`,
which produces:

ld-elf.so.1: /wrkdirs/usr/ports/databases/sqlite3/work-d= efault/stage/usr/local/bin/sqlite3:
mmap of entire address space failed: Cannot allocate memory
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sq= lite3:
exit status 1

That fails doing the `mapbase =3D mmap(base_addr, mapsize= , PROT_NONE,
base_flags, -1, 0);` call in rtld-elf=E2=80=99s map_object():217. That ca= ll does
`mmap(0x10000, 0x1dc000, PROT_NONE, 0x6010, -1, 0) =3D> 0xffffffff`.

With this patch reverted we can build successfully.

Can you manually invoke ldd on the binary un= der ktrace -i, and show me the
kdump output?


I might be doing something wrong:

# =
ktrace -i /usr/obj/usr/src/arm.armv7/usr.bin/ldd/ldd -a "/wrkdirs/us=
r/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3"
ld-elf.so.1: /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/=
local/bin/sqlite3: mmap of entire address space failed: Cannot allocate m=
emory
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sql=
ite3: exit status 1
# kdump -f ktrace.out
    16 @      UNKNOWN(265)
kdump: data too short
#

Perhaps because this is running in a jail?

Here=E2=80=99s truss at least:

# =
truss -f /usr/obj/usr/src/arm.armv7/usr.bin/ldd/ldd -a "/wrkdirs/usr=
/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3"
95910: mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =
=3D 1074327552 (0x4008f000)
95910: mprotect(0x4007d000,4096,PROT_READ)	 =3D 0 (0x0)
95910: issetugid()				 =3D 0 (0x0)
95910: sigfastblock(0x1,0x4008df70)		 =3D 0 (0x0)
95910: open("/etc/libmap.conf",O_RDONLY|O_CLOEXEC,01) =3D 3 (0x=
3)
95910: fstat(3,{ mode=3D-rw-r--r-- ,inode=3D108965,size=3D47,blksize=3D40=
96 }) =3D 0 (0x0)
95910: read(3,"# $FreeBSD$\nincludedir /usr/loc"...,47) =3D 47 =
(0x2f)
95910: close(3)					 =3D 0 (0x0)
95910: open("/usr/local/etc/libmap.d",O_RDONLY|O_NONBLOCK|O_DIR=
ECTORY|O_CLOEXEC,0145) ERR#2 'No such file or directory'
95910: open("/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,02044=
11) =3D 3 (0x3)
95910: read(3,"Ehnt\^A\0\0\0\M^@\0\0\0|\0\0\0\0"...,128) =3D 12=
8 (0x80)
95910: fstat(3,{ mode=3D-r--r--r-- ,inode=3D270241,size=3D252,blksize=3D4=
096 }) =3D 0 (0x0)
95910: pread(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,124,0x80) =
=3D 124 (0x7c)
95910: close(3)					 =3D 0 (0x0)
95910: open("/lib/libelf.so.2",O_RDONLY|O_CLOEXEC|O_VERIFY,0100=
02250025) =3D 3 (0x3)
95910: fstat(3,{ mode=3D-r--r--r-- ,inode=3D109043,size=3D88428,blksize=3D=
88576 }) =3D 0 (0x0)
95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D 1=
074028544 (0x40046000)
95910: mmap(0x0,282624,PROT_NONE,MAP_GUARD,-1,0x0) =3D 1074462720 (0x400b=
0000)
95910: mmap(0x400b0000,12288,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|M=
AP_PREFAULT_READ,3,0x0) =3D 1074462720 (0x400b0000)
95910: mmap(0x400c2000,77824,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MA=
P_NOCORE|MAP_PREFAULT_READ,3,0x2000) =3D 1074536448 (0x400c2000)
95910: mmap(0x400e4000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MA=
P_PREFAULT_READ,3,0x14000) =3D 1074675712 (0x400e4000)
95910: mmap(0x400f4000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MA=
P_PREFAULT_READ,3,0x14000) =3D 1074741248 (0x400f4000)
95910: munmap(0x40046000,4096)			 =3D 0 (0x0)
95910: close(3)					 =3D 0 (0x0)
95910: open("/lib/libgcc_s.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,01=
0002250027) =3D 3 (0x3)
95910: fstat(3,{ mode=3D-r--r--r-- ,inode=3D109245,size=3D44108,blksize=3D=
44544 }) =3D 0 (0x0)
95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D 1=
074028544 (0x40046000)
95910: mmap(0x0,241664,PROT_NONE,MAP_GUARD,-1,0x0) =3D 1074745344 (0x400f=
5000)
95910: mmap(0x400f5000,12288,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|M=
AP_PREFAULT_READ,3,0x0) =3D 1074745344 (0x400f5000)
95910: mmap(0x40107000,36864,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MA=
P_NOCORE|MAP_PREFAULT_READ,3,0x2000) =3D 1074819072 (0x40107000)
95910: mmap(0x4011f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MA=
P_PREFAULT_READ,3,0xa000) =3D 1074917376 (0x4011f000)
95910: mmap(0x4012f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MA=
P_PREFAULT_READ,3,0xa000) =3D 1074982912 (0x4012f000)
95910: munmap(0x40046000,4096)			 =3D 0 (0x0)
95910: close(3)					 =3D 0 (0x0)
95910: open("/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,010002=
250023) =3D 3 (0x3)
95910: fstat(3,{ mode=3D-r--r--r-- ,inode=3D109132,size=3D1708716,blksize=
=3D131072 }) =3D 0 (0x0)
95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D 1=
074028544 (0x40046000)
95910: mmap(0x0,2056192,PROT_NONE,MAP_GUARD,-1,0x0) =3D 1074987008 (0x401=
30000)
95910: mmap(0x40130000,294912,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|=
MAP_PREFAULT_READ,3,0x0) =3D 1074987008 (0x40130000)
95910: mmap(0x40187000,1388544,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|=
MAP_NOCORE|MAP_PREFAULT_READ,3,0x47000) =3D 1075343360 (0x40187000)
95910: mmap(0x402e9000,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|M=
AP_PREFAULT_READ,3,0x199000) =3D 1076793344 (0x402e9000)
95910: mmap(0x402fd000,16384,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|M=
AP_PREFAULT_READ,3,0x19d000) =3D 1076875264 (0x402fd000)
95910: mmap(0x40301000,151552,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|=
MAP_ANON,-1,0x0) =3D 1076891648 (0x40301000)
95910: munmap(0x40046000,4096)			 =3D 0 (0x0)
95910: close(3)					 =3D 0 (0x0)
95910: mprotect(0x402e9000,16384,PROT_READ)	 =3D 0 (0x0)
95910: sysarch(ARM_SET_TP,0x4009f010)		 =3D 0 (0x0)
95910: __sysctl("hw.10",2,0x40303698,0xffffcc78,0x0,0) ERR#2 'N=
o such file or directory'
95910: readlink("/etc/malloc.conf",0xffffc847,1024) ERR#2 'No s=
uch file or directory'
95910: issetugid()				 =3D 0 (0x0)
95910: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALI=
GNED(21),-1,0x0) =3D 1077936128 (0x40400000)
95910: clock_gettime(4,{ 80683.109657689 })	 =3D 0 (0x0)
95910: clock_gettime(4,{ 80683.109707855 })	 =3D 0 (0x0)
95910: clock_gettime(4,{ 80683.109765151 })	 =3D 0 (0x0)
95910: mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074028544 (0x40046000)
95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNE=
D(12),-1,0x0) =3D 1074049024 (0x4004b000)
95910: openat(AT_FDCWD,"/wrkdirs/usr/ports/databases/sqlite3/work-de=
fault/stage/usr/local/bin/sqlite3",O_RDONLY|O_VERIFY,00) =3D 3 (0x3)=

95910: fstat(3,{ mode=3D-rwxr-xr-x ,inode=3D3021,size=3D1752272,blksize=3D=
4096 }) =3D 0 (0x0)
95910: mmap(0x0,1752272,PROT_READ,MAP_PRIVATE,3,0x0) =3D 1080033280 (0x40=
600000)
95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074053120 (0x4004c000)
95910: mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074192384 (0x4006e000)
95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074065408 (0x4004f000)
95910: munmap(0x40600000,1752272)		 =3D 0 (0x0)
95910: close(3)					 =3D 0 (0x0)
95910: mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074221056 (0x40075000)
95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNE=
D(12),-1,0x0) =3D 1074077696 (0x40052000)
95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNE=
D(12),-1,0x0) =3D 1074081792 (0x40053000)
95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074241536 (0x4007a000)
95910: mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074257920 (0x4007e000)
95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074278400 (0x40083000)
95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNE=
D(12),-1,0x0) =3D 1074085888 (0x40054000)
95910: mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGN=
ED(12),-1,0x0) =3D 1074290688 (0x40086000)
95911: <new process>
95910: fork()					 =3D 95911 (0x176a7)
95911: execve("/libexec/ld-elf.so.1",0xffffda78,0x40054000) EJU=
STRETURN
95911: mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =
=3D 1074126848 (0x4005e000)
95911: mprotect(0x4e000,4096,PROT_READ)		 =3D 0 (0x0)
95911: issetugid()				 =3D 0 (0x0)
95911: open("/wrkdirs/usr/ports/databases/sqlite3/work-default/stage=
/usr/local/bin/sqlite3",O_RDONLY|O_CLOEXEC|O_VERIFY,00) =3D 3 (0x3)
95911: fstat(3,{ mode=3D-rwxr-xr-x ,inode=3D3021,size=3D1752272,blksize=3D=
4096 }) =3D 0 (0x0)
95911: geteuid()				 =3D 0 (0x0)
95911: sigfastblock(0x1,0x5ef70)		 =3D 0 (0x0)
95911: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D 1=
074262016 (0x4007f000)
95911: mmap(0x10000,1949696,PROT_NONE,MAP_FIXED|MAP_GUARD|MAP_EXCL,-1,0x0=
) ERR#12 'Cannot allocate memory'
95911: munmap(0x4007f000,4096)			 =3D 0 (0x0)
95911: close(3)					 =3D 0 (0x0)
ld-elf.so.1: 95911: write(2,"ld-elf.so.1: ",13)		 =3D 13 (0xd)
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sql=
ite3: mmap of entire address space failed: Cannot allocate memory95911: w=
rite(2,"/wrkdirs/usr/ports/databases/sql"...,138) =3D 138 (0x8a=
)

95911: write(2,"\n",1)				 =3D 1 (0x1)
95911: exit(0x1)
95911: process exit, rval =3D 1
95910: wait4(-1,{ EXITED,val=3D1 },0x0,0x0)	 =3D 95911 (0x176a7)
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sql=
ite3: exit status 1
95910: write(2,"/wrkdirs/usr/ports/databases/sql"...,93) =3D 93=
 (0x5d)
95910: exit(0x1)
95910: process exit, rval =3D 1

Best regards,
Kristof

--=_MailMate_F10CBA37-0676-48B6-A799-35DC2356068D_=--