Re: git: 9cabef3d146e - main - ldd: use direct exec mode unconditionally

Fri, 21 Oct 2022 05:55:19 -0700 

On 21 Oct 2022, at 14:50, Konstantin Belousov wrote:

On Fri, Oct 21, 2022 at 02:18:04PM +0200, Kristof Provost wrote:

On 6 Oct 2022, at 17:50, Konstantin Belousov wrote:

The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=9cabef3d146e9a844813b6bc8952d6cf2e9d45e5 

commit 9cabef3d146e9a844813b6bc8952d6cf2e9d45e5
Author:     Konstantin Belousov <[email protected]>
AuthorDate: 2022-09-21 13:55:44 +0000
Commit:     Konstantin Belousov <[email protected]>
CommitDate: 2022-10-06 15:50:26 +0000

    ldd: use direct exec mode unconditionally

    Trying to exec malformed or unusual binary, for instance, a
non-FreeBSD
    ABI, or using a non-standard interpreter, might give unexpected
outcome.

    Reported by:    The UK's National Cyber Security Centre (NCSC)
    Reviewed by:    emaste, markj, philip
    Discussed with: jhb
    Sponsored by:   The FreeBSD Foundation
    admbug: 991
    PR:     127276, 175339, 231926
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D36650


This appears to break things for armv7 (running on aarch64).
This manifests while building pfsense (for 3100 / armv7), which we do on an aarch64 vm (to avoid having to deal with qemu, and because it’s faster).
During that build a couple ports fail to build, including databases/sqlite3. It fails running `/usr/bin/ldd -a "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3" "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/lib/libsqlite3.so”`, 
which produces:
ld-elf.so.1: /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3: 
mmap of entire address space failed: Cannot allocate memory
        
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3:
exit status 1

That fails doing the `mapbase = mmap(base_addr, mapsize, PROT_NONE,
base_flags, -1, 0);` call in rtld-elf’s map_object():217. That call does 
`mmap(0x10000, 0x1dc000, PROT_NONE, 0x6010, -1, 0) => 0xffffffff`.

With this patch reverted we can build successfully.
Can you manually invoke ldd on the binary under ktrace -i, and show me the 
kdump output?


I might be doing something wrong:
# ktrace -i /usr/obj/usr/src/arm.armv7/usr.bin/ldd/ldd -a "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3" ld-elf.so.1: /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3: mmap of entire address space failed: Cannot allocate memory /wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3: exit status 1 
        # kdump -f ktrace.out
            16 @      UNKNOWN(265)
        kdump: data too short
        #

Perhaps because this is running in a jail?

Here’s truss at least:
# truss -f /usr/obj/usr/src/arm.armv7/usr.bin/ldd/ldd -a "/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3" 95910: mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 1074327552 (0x4008f000) 
        95910: mprotect(0x4007d000,4096,PROT_READ)       = 0 (0x0)
        95910: issetugid()                               = 0 (0x0)
        95910: sigfastblock(0x1,0x4008df70)              = 0 (0x0)
        95910: open("/etc/libmap.conf",O_RDONLY|O_CLOEXEC,01) = 3 (0x3)
95910: fstat(3,{ mode=-rw-r--r-- ,inode=108965,size=47,blksize=4096 }) = 0 (0x0) 
        95910: read(3,"# $FreeBSD$\nincludedir /usr/loc"...,47) = 47 (0x2f)
        95910: close(3)                                  = 0 (0x0)
95910: open("/usr/local/etc/libmap.d",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,0145) ERR#2 'No such file or directory' 95910: open("/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,0204411) = 3 (0x3) 
        95910: read(3,"Ehnt\^A\0\0\0\M^@\0\0\0|\0\0\0\0"...,128) = 128 (0x80)
95910: fstat(3,{ mode=-r--r--r-- ,inode=270241,size=252,blksize=4096 }) = 0 (0x0) 95910: pread(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,124,0x80) = 124 (0x7c) 
        95910: close(3)                                  = 0 (0x0)
95910: open("/lib/libelf.so.2",O_RDONLY|O_CLOEXEC|O_VERIFY,010002250025) = 3 (0x3) 95910: fstat(3,{ mode=-r--r--r-- ,inode=109043,size=88428,blksize=88576 }) = 0 (0x0) 95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1074028544 (0x40046000) 95910: mmap(0x0,282624,PROT_NONE,MAP_GUARD,-1,0x0) = 1074462720 (0x400b0000) 95910: mmap(0x400b0000,12288,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 1074462720 (0x400b0000) 95910: mmap(0x400c2000,77824,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x2000) = 1074536448 (0x400c2000) 95910: mmap(0x400e4000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x14000) = 1074675712 (0x400e4000) 95910: mmap(0x400f4000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x14000) = 1074741248 (0x400f4000) 
        95910: munmap(0x40046000,4096)                   = 0 (0x0)
        95910: close(3)                                  = 0 (0x0)
95910: open("/lib/libgcc_s.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,010002250027) = 3 (0x3) 95910: fstat(3,{ mode=-r--r--r-- ,inode=109245,size=44108,blksize=44544 }) = 0 (0x0) 95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1074028544 (0x40046000) 95910: mmap(0x0,241664,PROT_NONE,MAP_GUARD,-1,0x0) = 1074745344 (0x400f5000) 95910: mmap(0x400f5000,12288,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 1074745344 (0x400f5000) 95910: mmap(0x40107000,36864,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x2000) = 1074819072 (0x40107000) 95910: mmap(0x4011f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xa000) = 1074917376 (0x4011f000) 95910: mmap(0x4012f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xa000) = 1074982912 (0x4012f000) 
        95910: munmap(0x40046000,4096)                   = 0 (0x0)
        95910: close(3)                                  = 0 (0x0)
95910: open("/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,010002250023) = 3 (0x3) 95910: fstat(3,{ mode=-r--r--r-- ,inode=109132,size=1708716,blksize=131072 }) = 0 (0x0) 95910: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1074028544 (0x40046000) 95910: mmap(0x0,2056192,PROT_NONE,MAP_GUARD,-1,0x0) = 1074987008 (0x40130000) 95910: mmap(0x40130000,294912,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 1074987008 (0x40130000) 95910: mmap(0x40187000,1388544,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x47000) = 1075343360 (0x40187000) 95910: mmap(0x402e9000,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x199000) = 1076793344 (0x402e9000) 95910: mmap(0x402fd000,16384,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x19d000) = 1076875264 (0x402fd000) 95910: mmap(0x40301000,151552,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 1076891648 (0x40301000) 
        95910: munmap(0x40046000,4096)                   = 0 (0x0)
        95910: close(3)                                  = 0 (0x0)
        95910: mprotect(0x402e9000,16384,PROT_READ)      = 0 (0x0)
        95910: sysarch(ARM_SET_TP,0x4009f010)            = 0 (0x0)
95910: __sysctl("hw.10",2,0x40303698,0xffffcc78,0x0,0) ERR#2 'No such file or directory' 95910: readlink("/etc/malloc.conf",0xffffc847,1024) ERR#2 'No such file or directory' 
        95910: issetugid()                               = 0 (0x0)
95910: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(21),-1,0x0) = 1077936128 (0x40400000) 
        95910: clock_gettime(4,{ 80683.109657689 })      = 0 (0x0)
        95910: clock_gettime(4,{ 80683.109707855 })      = 0 (0x0)
        95910: clock_gettime(4,{ 80683.109765151 })      = 0 (0x0)
95910: mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074028544 (0x40046000) 95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074049024 (0x4004b000) 95910: openat(AT_FDCWD,"/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3",O_RDONLY|O_VERIFY,00) = 3 (0x3) 95910: fstat(3,{ mode=-rwxr-xr-x ,inode=3021,size=1752272,blksize=4096 }) = 0 (0x0) 95910: mmap(0x0,1752272,PROT_READ,MAP_PRIVATE,3,0x0) = 1080033280 (0x40600000) 95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074053120 (0x4004c000) 95910: mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074192384 (0x4006e000) 95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074065408 (0x4004f000) 
        95910: munmap(0x40600000,1752272)                = 0 (0x0)
        95910: close(3)                                  = 0 (0x0)
95910: mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074221056 (0x40075000) 95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074077696 (0x40052000) 95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074081792 (0x40053000) 95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074241536 (0x4007a000) 95910: mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074257920 (0x4007e000) 95910: mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074278400 (0x40083000) 95910: mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074085888 (0x40054000) 95910: mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1074290688 (0x40086000) 
        95911: <new process>
        95910: fork()                                    = 95911 (0x176a7)
        95911: execve("/libexec/ld-elf.so.1",0xffffda78,0x40054000) EJUSTRETURN
95911: mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 1074126848 (0x4005e000) 
        95911: mprotect(0x4e000,4096,PROT_READ)          = 0 (0x0)
        95911: issetugid()                               = 0 (0x0)
95911: open("/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) 95911: fstat(3,{ mode=-rwxr-xr-x ,inode=3021,size=1752272,blksize=4096 }) = 0 (0x0) 
        95911: geteuid()                                 = 0 (0x0)
        95911: sigfastblock(0x1,0x5ef70)                 = 0 (0x0)
95911: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1074262016 (0x4007f000) 95911: mmap(0x10000,1949696,PROT_NONE,MAP_FIXED|MAP_GUARD|MAP_EXCL,-1,0x0) ERR#12 'Cannot allocate memory' 
        95911: munmap(0x4007f000,4096)                   = 0 (0x0)
        95911: close(3)                                  = 0 (0x0)
        ld-elf.so.1: 95911: write(2,"ld-elf.so.1: ",13)                = 13 
(0xd)
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3: mmap of entire address space failed: Cannot allocate memory95911: write(2,"/wrkdirs/usr/ports/databases/sql"...,138) = 138 (0x8a) 

        95911: write(2,"\n",1)                                 = 1 (0x1)
        95911: exit(0x1)
        95911: process exit, rval = 1
        95910: wait4(-1,{ EXITED,val=1 },0x0,0x0)        = 95911 (0x176a7)
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3: exit status 1 
        95910: write(2,"/wrkdirs/usr/ports/databases/sql"...,93) = 93 (0x5d)
        95910: exit(0x1)
        95910: process exit, rval = 1

Best regards,
Kristof

Reply via email to