[Valgrind-developers] [valgrind] Bug 290061 - pie elf always loaded at 0x108000

[Paul F. <pa...@so...>]

https://sourceware.org/git/gitweb.cgi?p=valgrind.git;h=3d7fdf7ecf2c0e50fc45a9ef97686f5a99261944

commit 3d7fdf7ecf2c0e50fc45a9ef97686f5a99261944
Author: Paul Floyd <pj...@wa...>
Date:   Sun May 19 11:55:30 2024 +0200

    Bug 290061 - pie elf always loaded at 0x108000
    
    Initial patch from Amir Szekely <ki...@gm...

Diff:
---
 .gitignore                      |  1 +
 NEWS                            |  1 +
 coregrind/m_ume/elf.c           | 22 +++++++++++++---------
 none/tests/Makefile.am          |  6 +++++-
 none/tests/bug290061.c          |  5 +++++
 none/tests/bug290061.stderr.exp |  0
 none/tests/bug290061.vgtest     |  3 +++
 7 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
index f58e91dd83..43b5d9b6ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1552,6 +1552,7 @@
 /none/tests/blockfault
 /none/tests/bug129866
 /none/tests/bug234814
+/none/tests/bug290061
 /none/tests/bug491394
 /none/tests/bug492678
 /none/tests/closeall
diff --git a/NEWS b/NEWS
index ee501aef69..98270e95e6 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,7 @@ bugzilla (https://bugs.kde.org/enter_bug.cgi?product=valgrind) rather
 than mailing the developers (or mailing lists) directly -- bugs that
 are not entered into bugzilla tend to get forgotten about or ignored.
 
+290061  pie elf always loaded at 0x108000
 396415  Valgrind is not looking up $ORIGIN rpath of shebang programs
 420682  io_pgetevents is not supported
 469782  Valgrind does not support zstd-compressed debug sections
diff --git a/coregrind/m_ume/elf.c b/coregrind/m_ume/elf.c
index bad7e5ee6b..67d3139d29 100644
--- a/coregrind/m_ume/elf.c
+++ b/coregrind/m_ume/elf.c
@@ -513,8 +513,8 @@ Bool VG_(match_ELF)(const void *hdr, SizeT len)
      required.  mapelf() returns the address just beyond the end of
      the furthest-along mapping it creates.  The executable is mapped
      starting at EBASE, which is usually read from it (eg, 0x8048000
-     etc) except if it's a PIE, in which case I'm not sure what
-     happens.
+     etc) except if it's a PIE, in which case aspacem is queried for
+     the first adequately sized segement.
 
      The returned address is recorded in info->brkbase as the start
      point of the brk (data) segment, as it is traditional to place
@@ -566,10 +566,8 @@ Int VG_(load_ELF)(Int fd, const HChar* name, /*MOD*/ExeInfo* info)
       return VKI_ENOEXEC;
 
    /* The kernel maps position-independent executables at TASK_SIZE*2/3;
-      duplicate this behavior as close as we can. */
+      for us it's good enough to just load it somewhere with enough free space. */
    if (e->e.e_type == ET_DYN && ebase == 0) {
-      ebase = VG_PGROUNDDN(info->exe_base 
-                           + (info->exe_end - info->exe_base) * 2 / 3);
       /* We really don't want to load PIEs at zero or too close.  It
          works, but it's unrobust (NULL pointer reads and writes
          become legit, which is really bad) and causes problems for
@@ -582,13 +580,19 @@ Int VG_(load_ELF)(Int fd, const HChar* name, /*MOD*/ExeInfo* info)
       /* Later .. on mips64 we can't use 0x108000, because mapelf will
          fail. */
 #     if defined(VGP_mips64_linux)
+      ebase = VG_PGROUNDDN(info->exe_base
+                           + (info->exe_end - info->exe_base) * 2 / 3);
       if (ebase < 0x100000)
          ebase = 0x100000;
 #     else
-      vg_assert(VKI_PAGE_SIZE >= 4096); /* stay sane */
-      ESZ(Addr) hacky_load_address = 0x100000 + 8 * VKI_PAGE_SIZE;
-      if (ebase < hacky_load_address)
-         ebase = hacky_load_address;
+      Bool ok = False;
+      ebase = VG_(am_get_advisory_client_simple)( 0, e->p->p_filesz, &ok );
+
+      if (!ok) {
+         VG_(printf)( "Cannot find segment large enough to contain %llx bytes\n", (ULong)e->p->p_filesz );
+         return VKI_ENOMEM;
+      }
+
 #     endif
 
 #     if defined(VGO_solaris)
diff --git a/none/tests/Makefile.am b/none/tests/Makefile.am
index d119c74a1d..8bd4b9bf28 100644
--- a/none/tests/Makefile.am
+++ b/none/tests/Makefile.am
@@ -106,6 +106,7 @@ EXTRA_DIST = \
 	bitfield1.stderr.exp bitfield1.vgtest \
 	bug129866.vgtest bug129866.stderr.exp bug129866.stdout.exp \
 	bug234814.vgtest bug234814.stderr.exp bug234814.stdout.exp \
+	bug290061.vgtest bug290061.stderr.exp \
 	bug491394.vgtest bug491394.stderr.exp \
 	bug492678.vgtest bug492678.stderr.exp \
 	closeall.stderr.exp closeall.vgtest \
@@ -273,7 +274,9 @@ check_PROGRAMS = \
 	args \
 	async-sigs \
 	bitfield1 \
-	bug129866 bug234814 bug492678\
+	bug129866 bug234814 \
+	bug290061 \
+	bug492678 \
 	closeall coolo_strlen \
 	discard exec-sigmask execve faultstatus fcntl_setown \
 	fdleak_cmsg fdleak_creat fdleak_dup fdleak_dup2 \
@@ -371,6 +374,7 @@ AM_CXXFLAGS += $(AM_FLAG_M3264_PRI)
 
 # Extra stuff for C tests
 ansi_CFLAGS		= $(AM_CFLAGS) -ansi
+bug290061_CFLAGS	= ${AM_CFLAGS} -pie
 bug491394_LDADD		= -lc
 bug491394_LDFLAGS	= -nostdlib -static
 bug491394_CFLAGS	= ${AM_CFLAGS} -Os
diff --git a/none/tests/bug290061.c b/none/tests/bug290061.c
new file mode 100644
index 0000000000..40d847e8e1
--- /dev/null
+++ b/none/tests/bug290061.c
@@ -0,0 +1,5 @@
+static char meh[3000000]; // ~3mb
+int main(void)
+{
+}
+
diff --git a/none/tests/bug290061.stderr.exp b/none/tests/bug290061.stderr.exp
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/none/tests/bug290061.vgtest b/none/tests/bug290061.vgtest
new file mode 100644
index 0000000000..ab6217ac0c
--- /dev/null
+++ b/none/tests/bug290061.vgtest
@@ -0,0 +1,3 @@
+prereq: ! ../../tests/arch_test mips64
+prog: bug290061
+vgopts: -q