From patchwork Wed Jun  1 11:42:31 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: vincent <cedric.vincent@st.com>
X-Patchwork-Id: 98171
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [140.186.70.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 43FE3B6F71
	for <incoming@patchwork.ozlabs.org>;
	Wed,  1 Jun 2011 21:49:17 +1000 (EST)
Received: from localhost ([::1]:60820 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1QRjvG-0001sM-5m
	for incoming@patchwork.ozlabs.org; Wed, 01 Jun 2011 07:49:14 -0400
Received: from eggs.gnu.org ([140.186.70.92]:46193)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cedric.vincent@st.com>) id 1QRjs7-0001rq-Ql
	for qemu-devel@nongnu.org; Wed, 01 Jun 2011 07:46:00 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cedric.vincent@st.com>) id 1QRjs3-00033v-Gm
	for qemu-devel@nongnu.org; Wed, 01 Jun 2011 07:45:59 -0400
Received: from eu1sys200aog104.obsmtp.com ([207.126.144.117]:43176)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cedric.vincent@st.com>) id 1QRjs2-00033l-VF
	for qemu-devel@nongnu.org; Wed, 01 Jun 2011 07:45:55 -0400
Received: from beta.dmz-eu.st.com ([164.129.1.35]) (using TLSv1) by
	eu1sys200aob104.postini.com ([207.126.147.11]) with SMTP
	ID DSNKTeYmbYojKrXOyxFMxEvNORcHB51D1lbp@postini.com;
	Wed, 01 Jun 2011 11:45:54 UTC
Received: from zeta.dmz-eu.st.com (ns2.st.com [164.129.230.9])
	by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 8935911B;
	Wed,  1 Jun 2011 11:45:38 +0000 (GMT)
Received: from Webmail-eu.st.com (safex1hubcas3.st.com [10.75.90.18])
	by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 524B32909;
	Wed,  1 Jun 2011 11:45:38 +0000 (GMT)
Received: from localhost.localdomain (164.129.122.152) by webmail-eu.st.com
	(10.75.90.13) with Microsoft SMTP Server (TLS) id 8.2.234.1;
	Wed, 1 Jun 2011 13:45:37 +0200
From: =?UTF-8?q?C=C3=A9dric=20VINCENT?= <cedric.vincent@st.com>
To: <qemu-devel@nongnu.org>
Date: Wed, 1 Jun 2011 13:42:31 +0200
Message-ID: <1306928551-31723-1-git-send-email-cedric.vincent@st.com>
X-Mailer: git-send-email 1.7.5.1
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6,
	seldom 2.4 (older, 4)
X-Received-From: 207.126.144.117
Cc: Laurent ALFONSI <laurent.alfonsi@st.com>,
	=?UTF-8?q?C=C3=A9dric=20VINCENT?= <cedric.vincent@st.com>,
	Riku Voipio <riku.voipio@iki.fi>
Subject: [Qemu-devel] [PATCH] linux-user: Define AT_RANDOM to support target
	dynamic linkers that do ASLR
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: </archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Laurent ALFONSI <laurent.alfonsi@st.com>

The dynamic linker of the GNU C library v2.10+ uses the ELF auxialiary
vector AT_RANDOM as a pointer to a 16-bit random value.  Prior this
patch the value of AT_RANDOM was not defined by the ELF loader of QEMU
so the GNU dynamic linker de-referenced the NULL pointer instead.  As
a consequence any target program linked to the GNU C library v2.10+
crashed due to a SEGFAULT.

Note AT_RANDOM now points to the start of the text segment thus the
16-bit value is not random at all, however it is definitively
readable.  This "dummy" behavior could be improved later.

Signed-off-by: Laurent ALFONSI <laurent.alfonsi@st.com>
Signed-off-by: Cédric VINCENT <cedric.vincent@st.com>
---

You can easily test this patch with ARMedSlack-13+:

    ftp://ftp.armedslack.org/armedslack/armedslack-devtools/minirootfs/roots/

 linux-user/elfload.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index dcfeb7a..6f67286 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -927,7 +927,7 @@ struct exec
 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
 
-#define DLINFO_ITEMS 12
+#define DLINFO_ITEMS 13
 
 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
 {
@@ -1271,6 +1271,13 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
     NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
     NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
     NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
+
+    /* The dynamic linker of the GNU C library v2.10+ uses the ELF
+     * auxialiary vector AT_RANDOM as a pointer to a 16-bit random
+     * value.  Note the start of the text segment is not random at
+     * all, however it is definitively readeable. */
+    NEW_AUX_ENT(AT_RANDOM, (abi_ulong) info->start_code);
+
     if (k_platform)
         NEW_AUX_ENT(AT_PLATFORM, u_platform);
 #ifdef ARCH_DLINFO