arm-linux.shlib escape hatch: munmap temporary pages
This commit is contained in:
John Reiser
parent
d8ed259bce
commit
4e1c342e55
@ -1671,6 +1671,9 @@ void PackLinuxElf32::pack1(OutputFile */*fo*/, Filter &/*ft*/)
|
||||
while (x>>=1) {
|
||||
++lg2_page;
|
||||
}
|
||||
if (hatch_off < 16 && Elf32_Ehdr::EM_ARM==e_machine) {
|
||||
hatch_off = get_te32(&phdr->p_offset) + get_te32(&phdr->p_memsz);
|
||||
}
|
||||
}
|
||||
}
|
||||
page_size = 1u<<lg2_page;
|
||||
@ -2269,10 +2272,10 @@ void PackLinuxElf32::pack4(OutputFile *fo, Filter &ft)
|
||||
|
||||
fo->seek(0, SEEK_SET);
|
||||
if (0!=xct_off) { // shared library
|
||||
ehdri.e_ident[0+hatch_off] = 0xcd; // INT 0x80 (syscall [munmap])
|
||||
ehdri.e_ident[1+hatch_off] = 0x80;
|
||||
ehdri.e_ident[2+hatch_off] = 0x61; // POPA
|
||||
ehdri.e_ident[3+hatch_off] = 0xc3; // RET
|
||||
ehdri.e_ident[12] = 0xcd; // INT 0x80 (syscall [munmap])
|
||||
ehdri.e_ident[13] = 0x80;
|
||||
ehdri.e_ident[14] = 0x61; // POPA
|
||||
ehdri.e_ident[15] = 0xc3; // RET
|
||||
fo->rewrite(&ehdri, sizeof(ehdri));
|
||||
fo->rewrite(phdri, e_phnum * sizeof(*phdri));
|
||||
}
|
||||
@ -2328,11 +2331,11 @@ void PackLinuxElf64::pack4(OutputFile *fo, Filter &ft)
|
||||
|
||||
fo->seek(0, SEEK_SET);
|
||||
if (0!=xct_off) { // shared library
|
||||
ehdri.e_ident[0+hatch_off] = 0x0f; // syscall [munmap]
|
||||
ehdri.e_ident[1+hatch_off] = 0x05;
|
||||
ehdri.e_ident[2+hatch_off] = 0x5f; // pop %rdi (arg1)
|
||||
ehdri.e_ident[3+hatch_off] = 0x5e; // pop %rsi (arg2)
|
||||
ehdri.e_ident[4+hatch_off] = 0xc3; // RET
|
||||
ehdri.e_ident[11] = 0x0f; // syscall [munmap]
|
||||
ehdri.e_ident[12] = 0x05;
|
||||
ehdri.e_ident[13] = 0x5f; // pop %rdi (arg1)
|
||||
ehdri.e_ident[14] = 0x5e; // pop %rsi (arg2)
|
||||
ehdri.e_ident[15] = 0xc3; // RET
|
||||
fo->rewrite(&ehdri, sizeof(ehdri));
|
||||
fo->rewrite(phdri, e_phnum * sizeof(*phdri));
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -86,12 +86,10 @@ __ARM_NR_cacheflush = 2 + __ARM_NR_BASE
|
||||
|
||||
_start: .globl _start
|
||||
|
||||
stmdb sp!,{arg1,arg2,arg3, eax,ecx,r6,r7, fp,ip,lr}
|
||||
o_uinit= (3+4+1)*4 // ip
|
||||
|
||||
stmdb sp!,{arg1,arg2,arg3, eax,ecx,r6,r7, fp,lr,pc}
|
||||
mov fp,sp
|
||||
sub sp,sp,#4
|
||||
o_hatch= -1*4
|
||||
o_uinit= (3+4+2)*4 // pc
|
||||
|
||||
bl main // push &f_decompress
|
||||
f_decompress:
|
||||
#define LINUX_ARM_CACHEFLUSH 1
|
||||
@ -177,7 +175,8 @@ main:
|
||||
mov ecx,esi
|
||||
lodsl; sub ecx,ecx,eax; //str ecx,[fp,#o_reloc]
|
||||
lodsl; add eax,ecx,eax; str eax,[fp,#o_uinit] // reloc DT_INIT for step 12
|
||||
lodsl; add eax,ecx,eax; str eax,[fp,#o_hatch] // reloc &hatch for step 10
|
||||
lodsl; add eax,ecx,eax; push eax // reloc &hatch for step 10
|
||||
o_hatch= -1*4
|
||||
lodsl; add edi,ecx,eax // &p_info; also destination for decompress
|
||||
add esi,edi,#sz_p_info // &b_info
|
||||
|
||||
@ -289,6 +288,17 @@ supervise:
|
||||
ldmia sp!,{arg1,arg2,arg3,arg4, eax}
|
||||
blx eax // decompress
|
||||
add sp,sp,#4 // toss arg5
|
||||
|
||||
bl L620
|
||||
//hatch:
|
||||
do_sys7t __NR_munmap
|
||||
ldmia sp!,{arg1,arg2,arg3, eax,ecx,r6,r7, fp,lr,pc}
|
||||
|
||||
L620: // Implant escape hatch at end of .text
|
||||
ldr eax,[fp,#o_hatch]
|
||||
ldmia lr,{arg1,arg2,arg3}
|
||||
stmia eax,{arg1,arg2,arg3}
|
||||
|
||||
//p_unflt
|
||||
ldmia sp!,{arg1,arg2,arg3,arg4, eax}
|
||||
tst arg4,arg4; beq 0f // 0==ftid ==> no filter
|
||||
@ -300,6 +310,7 @@ supervise:
|
||||
ldr arg2,[sp,#1*4] // len
|
||||
mov arg3,#0
|
||||
add arg2,arg2,arg1 // hi(dst)
|
||||
add arg2,arg2,#3*4 // len(hatch)
|
||||
do_sys7t2 __ARM_NR_cacheflush
|
||||
|
||||
ldmia sp!,{arg1,arg2}
|
||||
@ -308,12 +319,7 @@ supervise:
|
||||
|
||||
//p_unmap
|
||||
ldmia sp!,{arg1,arg2, r3} // r3= &hatch
|
||||
// Eventually:
|
||||
// bx r3
|
||||
//hatch:
|
||||
// do_sys7t __NR_munmap
|
||||
ldmia sp!,{arg1,arg2,arg3, eax,ecx,r6,r7, fp,ip,lr}
|
||||
bx ip // allows thumb interworking
|
||||
bx r3
|
||||
|
||||
movsl_subr:
|
||||
ldr ecx,[esi,#-4] // 'bl <over>' instruction word
|
||||
|
||||
@ -2,18 +2,18 @@ file format elf32-littlearm
|
||||
|
||||
Sections:
|
||||
Idx Name Size VMA LMA File off Algn Flags
|
||||
0 ELFMAINX 00000010 00000000 00000000 00000034 2**0 CONTENTS, RELOC, READONLY
|
||||
1 NRV_HEAD 00000000 00000000 00000000 00000044 2**0 CONTENTS, READONLY
|
||||
2 NRV_TAIL 00000000 00000000 00000000 00000044 2**0 CONTENTS, READONLY
|
||||
3 NRV2E 0000012c 00000000 00000000 00000044 2**0 CONTENTS, RELOC, READONLY
|
||||
4 NRV2D 00000118 00000000 00000000 00000170 2**0 CONTENTS, RELOC, READONLY
|
||||
5 NRV2B 000000dc 00000000 00000000 00000288 2**0 CONTENTS, RELOC, READONLY
|
||||
6 LZMA_ELF00 000000a8 00000000 00000000 00000364 2**0 CONTENTS, RELOC, READONLY
|
||||
7 LZMA_DEC20 00000938 00000000 00000000 0000040c 2**0 CONTENTS, RELOC, READONLY
|
||||
8 LZMA_DEC10 00000478 00000000 00000000 00000d44 2**0 CONTENTS, RELOC, READONLY
|
||||
9 LZMA_DEC30 00000000 00000000 00000000 000011bc 2**0 CONTENTS, READONLY
|
||||
10 ELFMAINY 00000036 00000000 00000000 000011bc 2**0 CONTENTS, READONLY
|
||||
11 ELFMAINZ 000002a8 00000000 00000000 000011f2 2**0 CONTENTS, RELOC, READONLY
|
||||
0 ELFMAINX 0000000c 00000000 00000000 00000034 2**0 CONTENTS, RELOC, READONLY
|
||||
1 NRV_HEAD 00000000 00000000 00000000 00000040 2**0 CONTENTS, READONLY
|
||||
2 NRV_TAIL 00000000 00000000 00000000 00000040 2**0 CONTENTS, READONLY
|
||||
3 NRV2E 0000012c 00000000 00000000 00000040 2**0 CONTENTS, RELOC, READONLY
|
||||
4 NRV2D 00000118 00000000 00000000 0000016c 2**0 CONTENTS, RELOC, READONLY
|
||||
5 NRV2B 000000dc 00000000 00000000 00000284 2**0 CONTENTS, RELOC, READONLY
|
||||
6 LZMA_ELF00 000000a8 00000000 00000000 00000360 2**0 CONTENTS, RELOC, READONLY
|
||||
7 LZMA_DEC20 00000938 00000000 00000000 00000408 2**0 CONTENTS, RELOC, READONLY
|
||||
8 LZMA_DEC10 00000478 00000000 00000000 00000d40 2**0 CONTENTS, RELOC, READONLY
|
||||
9 LZMA_DEC30 00000000 00000000 00000000 000011b8 2**0 CONTENTS, READONLY
|
||||
10 ELFMAINY 00000036 00000000 00000000 000011b8 2**0 CONTENTS, READONLY
|
||||
11 ELFMAINZ 000002c0 00000000 00000000 000011ee 2**0 CONTENTS, RELOC, READONLY
|
||||
SYMBOL TABLE:
|
||||
00000000 l d NRV2E 00000000 NRV2E
|
||||
00000000 l d NRV2D 00000000 NRV2D
|
||||
@ -36,7 +36,7 @@ SYMBOL TABLE:
|
||||
|
||||
RELOCATION RECORDS FOR [ELFMAINX]:
|
||||
OFFSET TYPE VALUE
|
||||
0000000c R_ARM_PC24 ELFMAINZ
|
||||
00000008 R_ARM_PC24 ELFMAINZ
|
||||
|
||||
RELOCATION RECORDS FOR [NRV2E]:
|
||||
OFFSET TYPE VALUE
|
||||
@ -256,12 +256,13 @@ OFFSET TYPE VALUE
|
||||
00000128 R_ARM_PC24 ELFMAINZ
|
||||
0000014c R_ARM_PC24 ELFMAINZ
|
||||
0000015c R_ARM_PC24 ELFMAINZ
|
||||
00000174 R_ARM_PC24 ELFMAINZ
|
||||
000001c4 R_ARM_PC24 ELFMAINZ
|
||||
000001d4 R_ARM_PC24 ELFMAINZ
|
||||
000001f8 R_ARM_PC24 ELFMAINZ
|
||||
0000020c R_ARM_PC24 ELFMAINZ
|
||||
00000234 R_ARM_PC24 ELFMAINZ
|
||||
00000244 R_ARM_PC24 ELFMAINZ
|
||||
00000250 R_ARM_PC24 ELFMAINZ
|
||||
0000016c R_ARM_PC24 ELFMAINZ
|
||||
0000018c R_ARM_PC24 ELFMAINZ
|
||||
000001dc R_ARM_PC24 ELFMAINZ
|
||||
000001ec R_ARM_PC24 ELFMAINZ
|
||||
00000210 R_ARM_PC24 ELFMAINZ
|
||||
00000224 R_ARM_PC24 ELFMAINZ
|
||||
0000024c R_ARM_PC24 ELFMAINZ
|
||||
0000025c R_ARM_PC24 ELFMAINZ
|
||||
00000268 R_ARM_PC24 ELFMAINZ
|
||||
00000274 R_ARM_PC24 ELFMAINZ
|
||||
|
||||
@ -2,18 +2,18 @@ file format elf32-littlearm
|
||||
|
||||
Sections:
|
||||
Idx Name Size VMA LMA File off Algn Flags
|
||||
0 ELFMAINX 00000010 00000000 00000000 00000034 2**0 CONTENTS, RELOC, READONLY
|
||||
1 NRV_HEAD 00000000 00000000 00000000 00000044 2**0 CONTENTS, READONLY
|
||||
2 NRV_TAIL 00000000 00000000 00000000 00000044 2**0 CONTENTS, READONLY
|
||||
3 NRV2E 0000013c 00000000 00000000 00000044 2**0 CONTENTS, RELOC, READONLY
|
||||
4 NRV2D 00000128 00000000 00000000 00000180 2**0 CONTENTS, RELOC, READONLY
|
||||
5 NRV2B 000000ec 00000000 00000000 000002a8 2**0 CONTENTS, RELOC, READONLY
|
||||
6 LZMA_ELF00 000000b8 00000000 00000000 00000394 2**0 CONTENTS, RELOC, READONLY
|
||||
7 LZMA_DEC20 00000938 00000000 00000000 0000044c 2**0 CONTENTS, RELOC, READONLY
|
||||
8 LZMA_DEC10 00000478 00000000 00000000 00000d84 2**0 CONTENTS, RELOC, READONLY
|
||||
9 LZMA_DEC30 00000000 00000000 00000000 000011fc 2**0 CONTENTS, READONLY
|
||||
10 ELFMAINY 0000003e 00000000 00000000 000011fc 2**0 CONTENTS, READONLY
|
||||
11 ELFMAINZ 000002c4 00000000 00000000 0000123a 2**0 CONTENTS, RELOC, READONLY
|
||||
0 ELFMAINX 0000000c 00000000 00000000 00000034 2**0 CONTENTS, RELOC, READONLY
|
||||
1 NRV_HEAD 00000000 00000000 00000000 00000040 2**0 CONTENTS, READONLY
|
||||
2 NRV_TAIL 00000000 00000000 00000000 00000040 2**0 CONTENTS, READONLY
|
||||
3 NRV2E 0000013c 00000000 00000000 00000040 2**0 CONTENTS, RELOC, READONLY
|
||||
4 NRV2D 00000128 00000000 00000000 0000017c 2**0 CONTENTS, RELOC, READONLY
|
||||
5 NRV2B 000000ec 00000000 00000000 000002a4 2**0 CONTENTS, RELOC, READONLY
|
||||
6 LZMA_ELF00 000000b8 00000000 00000000 00000390 2**0 CONTENTS, RELOC, READONLY
|
||||
7 LZMA_DEC20 00000938 00000000 00000000 00000448 2**0 CONTENTS, RELOC, READONLY
|
||||
8 LZMA_DEC10 00000478 00000000 00000000 00000d80 2**0 CONTENTS, RELOC, READONLY
|
||||
9 LZMA_DEC30 00000000 00000000 00000000 000011f8 2**0 CONTENTS, READONLY
|
||||
10 ELFMAINY 0000003e 00000000 00000000 000011f8 2**0 CONTENTS, READONLY
|
||||
11 ELFMAINZ 000002e0 00000000 00000000 00001236 2**0 CONTENTS, RELOC, READONLY
|
||||
SYMBOL TABLE:
|
||||
00000000 l d NRV2E 00000000 NRV2E
|
||||
00000000 l d NRV2D 00000000 NRV2D
|
||||
@ -36,7 +36,7 @@ SYMBOL TABLE:
|
||||
|
||||
RELOCATION RECORDS FOR [ELFMAINX]:
|
||||
OFFSET TYPE VALUE
|
||||
0000000c R_ARM_PC24 ELFMAINZ
|
||||
00000008 R_ARM_PC24 ELFMAINZ
|
||||
|
||||
RELOCATION RECORDS FOR [NRV2E]:
|
||||
OFFSET TYPE VALUE
|
||||
@ -256,12 +256,13 @@ OFFSET TYPE VALUE
|
||||
00000128 R_ARM_PC24 ELFMAINZ
|
||||
00000150 R_ARM_PC24 ELFMAINZ
|
||||
00000160 R_ARM_PC24 ELFMAINZ
|
||||
00000178 R_ARM_PC24 ELFMAINZ
|
||||
000001d4 R_ARM_PC24 ELFMAINZ
|
||||
000001e4 R_ARM_PC24 ELFMAINZ
|
||||
0000020c R_ARM_PC24 ELFMAINZ
|
||||
00000220 R_ARM_PC24 ELFMAINZ
|
||||
00000248 R_ARM_PC24 ELFMAINZ
|
||||
00000258 R_ARM_PC24 ELFMAINZ
|
||||
00000170 R_ARM_PC24 ELFMAINZ
|
||||
00000194 R_ARM_PC24 ELFMAINZ
|
||||
000001f0 R_ARM_PC24 ELFMAINZ
|
||||
00000200 R_ARM_PC24 ELFMAINZ
|
||||
00000228 R_ARM_PC24 ELFMAINZ
|
||||
0000023c R_ARM_PC24 ELFMAINZ
|
||||
00000264 R_ARM_PC24 ELFMAINZ
|
||||
00000270 R_ARM_PC24 ELFMAINZ
|
||||
00000274 R_ARM_PC24 ELFMAINZ
|
||||
00000280 R_ARM_PC24 ELFMAINZ
|
||||
0000028c R_ARM_PC24 ELFMAINZ
|
||||
|
||||
Loading…
Reference in New Issue
Block a user