Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Sun, 8 Mar 2020 10:22:29 +0000
From: "Martin Husemann" <martin@netbsd.org>
Subject: CVS commit: [netbsd-9] src/libexec/ld.elf_so
To: source-changes@NetBSD.org
Message-Id: <20200308102229.E36ECFB27@cvs.NetBSD.org>
Sender: source-changes-owner@NetBSD.org
Precedence: bulk
Reply-To: source-changes-d@NetBSD.org
Mail-Reply-To: "Martin Husemann" <martin@netbsd.org>
Mail-Followup-To: source-changes-d@NetBSD.org

Module Name:	src
Committed By:	martin
Date:		Sun Mar  8 10:22:29 UTC 2020

Modified Files:
	src/libexec/ld.elf_so [netbsd-9]: headers.c map_object.c rtld.c

Log Message:
Pull up following revision(s) (requested by thorpej in ticket #758):

	libexec/ld.elf_so/map_object.c: revision 1.61
	libexec/ld.elf_so/headers.c: revision 1.68
	libexec/ld.elf_so/rtld.c: revision 1.203

PT_GNU_RELRO segments are arranged such that their vaddr + memsz ends
on a linker common page size boundary.  However, if the common page size
used by the linker is less than the VM page size being used by the kernel,
this can end up in the middle of a VM page and when the region is write-
protected, this can cause objects in neighboring .data to get incorrectly
write-protected, resulting in a crash.

Avoid this situation by calculating the end of the RELRO region not by
rounding memsz up to the VM page size, but rather by adding vaddr + memsz
and then truncating to the VM page size.

Fixes PR toolchain/55043.

XXX pullup-9


To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.65.2.1 src/libexec/ld.elf_so/headers.c
cvs rdiff -u -r1.60 -r1.60.2.1 src/libexec/ld.elf_so/map_object.c
cvs rdiff -u -r1.197.2.2 -r1.197.2.3 src/libexec/ld.elf_so/rtld.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.