git: 0d12f495d8d9 - main - rtld-elf: Use clear pointer provenance when updating DTV pointer

From: Jessica Clarke <jrtc27_at_FreeBSD.org>
Date: Wed, 07 May 2025 19:22:12 UTC
The branch main has been updated by jrtc27:

URL: https://cgit.FreeBSD.org/src/commit/?id=0d12f495d8d9442352afa9dfc59a0b078c7b2852

commit 0d12f495d8d9442352afa9dfc59a0b078c7b2852
Author:     Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2025-05-07 19:20:20 +0000
Commit:     Jessica Clarke <jrtc27@FreeBSD.org>
CommitDate: 2025-05-07 19:20:20 +0000

    rtld-elf: Use clear pointer provenance when updating DTV pointer
    
    On traditional architectures where uintptr_t is just a plain integer,
    there is no provenance from the order of operations. However, on CHERI
    there is even for uintptr_t, and in future this code will use actual
    pointer types anyway, where the provenance does technically matter even
    for non-CHERI. Commute and associate the operands appropriately to
    ensure the provenance is for the new allocation, not the old one.
    
    Reviewed by:    kib
    Differential Revision:  https://reviews.freebsd.org/D50230
---
 libexec/rtld-elf/rtld.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
index 44347e482c64..cd564daa94a6 100644
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@@ -5472,8 +5472,8 @@ allocate_tls(Obj_Entry *objs, void *oldtcb, size_t tcbsize, size_t tcbalign)
 		for (i = 0; i < dtv[1]; i++) {
 			if (dtv[i + 2] >= (uintptr_t)oldtcb &&
 			    dtv[i + 2] < (uintptr_t)oldtcb + tls_static_space) {
-				dtv[i + 2] = dtv[i + 2] - (uintptr_t)oldtcb +
-				    (uintptr_t)tcb;
+				dtv[i + 2] = (uintptr_t)((char *)tcb +
+				    ((char *)dtv[i + 2] - (char *)oldtcb));
 			}
 		}
 	} else {