Merge branch 'i386-VDSO' into devel

src/stub/src/i386-linux.elf-entry.S

@@ -172,6 +172,7 @@ unfold:
         mov eax, edx    // %eax= &Elf32_Ehdr of this program
 // esi= &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
 
+section LEXECEXE  // in: eax= roundup(PAGE_SIZE, hi(.text))
 // Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
 // but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
 // So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
@@ -180,7 +181,6 @@ unfold:
         add eax,   PAGE_SIZE -1
         and eax, 0-PAGE_SIZE
 
-section LEXECEXE  // in: eax= roundup(PAGE_SIZE, hi(.text))
         pop ecx  // O_BINFO
         push edx  // ADRU
         push edx  // space for LENU
@@ -208,44 +208,44 @@ section LEXECEXE  // in: eax= roundup(PAGE_SIZE, hi(.text))
         xchg eax,edx  // edx= new fold_begin
         push ebp  // P_12  old f_exp  (also new f_exp)
 
-section LEXECDYN  // in: eax= roundup(PAGE_SIZE, hi(.text))
+section LEXECDYN
-// VDSO might be at [eax]; if so, then erase AT_SYSINFO and AT_SYSINFO_EHDR.
+// VDSO might interfere with our desired placement; move down to avoid it
-// This happens with some kernels (Linux-2.6.34) for ET_DYN when stack is
+//  edx= &Elf32_Ehdr this ET_DYN (stub and compressed data)
-// unlimited (ulimit -s unlimited), because the only PT_LOAD of compressed
+//  esi= &b_info of fold_begin
-// ET_DYN is placed at TASK_UNMAPPED_BASE (TASK_SIZE/3, typically 0x40000000)
+//  edi= sz_pack2
-// and VDSO follows.  When stack is limited, then allocation is from high
+//  esp/ O_BINFO,%entry,argc,...
-// (just below stack) to low: VDSO will be below our PT_LOAD, and mmap()
+        add edi,[esi]  // sz_pack2 + {fold_begin}.sz_unc
-// below will steal the lowest page of stack.
+        add edi,offset eof  // + sizeof(this_stub)
-        mov ecx,[2*4+ esp]  // argc
+        push edx; push edi  // P_03
-        push esi
+        mov ecx,edx  // hi_va of desired placement
-        push eax  // P_05
+        sub edx,edi  // tentative placement
-        lea esi,[esp + 4*ecx + (3+2+1)*4]  // &env
+        and edx,-PAGE_SIZE  // on page boundary
+        mov edi,ecx  // hi_va
+        sub edi,edx  // length in whole pages
+
+        mov ecx,[4*4+ esp]  // argc
+        push esi  // P_05
+        lea esi,[esp + 4*ecx + (3+3+1)*4]  // &env
 1:
         lodsd; test eax,eax; jne 1b  // skip env
 2:
-        lodsd; test eax,eax; je 5f  // done with auxv
+        lodsd; test eax,eax; je 5f  // AT_NULL; done with auxv
-AT_IGNORE=  1
 AT_SYSINFO= 32
 AT_SYSINFO_EHDR=33
         subb al,AT_SYSINFO
         cmpb al,AT_SYSINFO_EHDR - AT_SYSINFO
         lodsd
         ja 2b  // not AT_SYSINFO*
-        xor eax,[esp]  // P_05
+        sub eax,edx  // offset
-        shr eax,PAGE_SHIFT
+        sub eax,edi  // length
-        jne 2b  // no conflict with decompressed fold_elf86
+        jnb 2b  // no conflict with the pages we will map
-        movb [esi - 2*4],AT_IGNORE
+        add edx,eax  // move down
+        and edx,-PAGE_SIZE  // to page boundary
         jmp 2b
 5:
-        pop eax  // P_05
+        pop esi  // P_05
-        pop esi
+        mov eax,edx  // placement
-
+        pop edi; pop edx  // P_03
-// 2017-06-10 -pie is not so easy
-        mov eax,edx  // &Elf32_Ehdr of this stub
-        add edi,[esi]  // sz_pack2 + {fold_begin}.sz_unc
-        add edi,offset eof  // sz_this_stub
-        sub eax,edi  // dst for new pages
-        and eax,-PAGE_SIZE  // round down
 
 // mmap new pages
         push 0  // offset
@@ -277,7 +277,7 @@ AT_SYSINFO_EHDR=33
 // Copy to new pages
         push ebp  // P_11  old f_exp
         sub edi,[esi]  // - {fold_begin}.sz_unc
-        lea ecx,[3+ edi]  // len
+        lea ecx,[3+ edi]  // len; 3: decompressor overrun on x86*
         push edi; mov edi,edx  // dst
         push esi; mov esi,ebx  // src
           sub ebp,ebx  // reloc &f_exp

src/stub/tmp/i386-linux.elf-entry.bin.dump

@@ -169,10 +169,17 @@ Idx Name          Size      VMA       LMA       File off  Algn  Flags
 164 ctok32.30     0000000a  00000000  00000000  00001aa8  2**0  CONTENTS, RELOC, READONLY
 165 ctok32.40     00000005  00000000  00000000  00001ab2  2**0  CONTENTS, RELOC, READONLY
 166 LEXEC017      00000002  00000000  00000000  00001ab7  2**0  CONTENTS, READONLY
+<<<<<<< HEAD
 167 LEXEC020      0000003e  00000000  00000000  00001ab9  2**0  CONTENTS, READONLY
 168 LEXECEXE      00000033  00000000  00000000  00001af7  2**0  CONTENTS, RELOC, READONLY
 169 LEXECDYN      0000009b  00000000  00000000  00001b2a  2**0  CONTENTS, RELOC, READONLY
 170 LEXEC025      00000041  00000000  00000000  00001bc5  2**0  CONTENTS, RELOC, READONLY
+=======
+167 LEXEC020      00000041  00000000  00000000  00001ab9  2**0  CONTENTS, READONLY
+168 LEXECEXE      0000003f  00000000  00000000  00001afa  2**0  CONTENTS, RELOC, READONLY
+169 LEXECDYN      0000008f  00000000  00000000  00001b39  2**0  CONTENTS, RELOC, READONLY
+170 LEXEC025      00000020  00000000  00000000  00001bc8  2**0  CONTENTS, RELOC, READONLY
+>>>>>>> i386-VDSO
 SYMBOL TABLE:
 00000000 l    d  N2BSMA10	00000000 N2BSMA10
 00000000 l    d  N2BFAS11	00000000 N2BFAS11
@@ -663,13 +670,19 @@ OFFSET   TYPE              VALUE
 
 RELOCATION RECORDS FOR [LEXECEXE]:
 OFFSET   TYPE              VALUE
-00000020 R_386_PC32        LEXEC020
+0000002d R_386_PC32        LEXEC020
 
 RELOCATION RECORDS FOR [LEXECDYN]:
 OFFSET   TYPE              VALUE
+<<<<<<< HEAD
 00000031 R_386_32          LEXEC025
 00000095 R_386_32          LEXEC025
 00000065 R_386_PC32        LEXEC020
+=======
+00000004 R_386_32          LEXEC025
+0000008a R_386_32          LEXEC025
+0000005c R_386_PC32        LEXEC020
+>>>>>>> i386-VDSO
 
 RELOCATION RECORDS FOR [LEXEC025]:
 OFFSET   TYPE              VALUE