jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix memfd_create in shared libraries on amd64 Linux < kernel 6.3

Browse Source 
https://github.com/upx/upx/issues/929
	modified:   stub/src/amd64-linux.elf-so_fold.S
           plus generated .h .dump
This commit is contained in:
John Reiser 2025-09-09 14:58:00 -07:00
parent 26ca21f6cb
commit aef93548f9
3 changed files with 1220 additions and 1202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2365
src/stub/amd64-linux.elf-so_fold.h generated
View File

File diff suppressed because it is too large Load Diff

21
src/stub/src/amd64-linux.elf-so_fold.S
View File

@ -102,7 +102,7 @@ memcpy: .globl memcpy // void *memcpy(void *dst, void const *src, size_t n)
/* 64-bit mode only! */ /* 64-bit mode only! */
__NR_read= 0 __NR_read= 0
__NR_write= 1 __NR_write= 1
//__NR_open= 2 __NR_open= 2
__NR_openat= 257 __NR_openat= 257
FD_CWD= -100 FD_CWD= -100
__NR_close= 3 __NR_close= 3
@ -190,8 +190,6 @@ exit: .globl exit
push $ __NR_exit; 5: jmp 5f push $ __NR_exit; 5: jmp 5f
ftruncate: .globl ftruncate ftruncate: .globl ftruncate
push $__NR_ftruncate; 5: jmp 5f push $__NR_ftruncate; 5: jmp 5f
memfd_create: .globl memfd_create
push $__NR_memfd_create; 5: jmp 5f
close: .globl close close: .globl close
push $ __NR_close; 5: jmp 5f push $ __NR_close; 5: jmp 5f
openat: .globl openat openat: .globl openat
@ -202,4 +200,21 @@ write: .globl write
read: .globl read read: .globl read
push $ __NR_read; 5: jmp sysgo push $ __NR_read; 5: jmp sysgo
memfd_create: .globl memfd_create
0:
movl $__NR_memfd_create,%eax; syscall
test %eax,%eax; js 1f; ret // success
1:
test %arg2l,%arg2l; jz no_memfd // memfd_create failed twice
xor %arg2l,%arg2l; jmp 0b // try again without MFD_EXEC
no_memfd: // so try /dev/shm
O_RDWR= 2
O_DIRECTORY= 0200000 // 0x010000
O_TMPFILE= 020000000 // 0x400000
call 0f; .int 0700, O_RDWR|O_DIRECTORY|O_TMPFILE; .asciz "/dev/shm"; 0: pop %rsi
lodsl; xchg %eax,%arg3l
lodsl; push %rsi; xchg %eax,%arg2l
pop %arg1
push $__NR_open; jmp sysgo
// section SO_MAIN inserted here // section SO_MAIN inserted here

36
src/stub/tmp/amd64-linux.elf-so_fold.bin.dump generated vendored
View File

@ -8,18 +8,18 @@ Idx Name Size VMA LMA File off Algn
3 SO_MAIN 0813 0 0 0150 2**4 CONTENTS 3 SO_MAIN 0813 0 0 0150 2**4 CONTENTS
4 SO_HEAD 044 0 0 0963 2**0 CONTENTS 4 SO_HEAD 044 0 0 0963 2**0 CONTENTS
5 ptr_NEXT 0 0 0 09a7 2**0 CONTENTS 5 ptr_NEXT 0 0 0 09a7 2**0 CONTENTS
6 SO_TAIL 0c9 0 0 09a7 2**0 CONTENTS 6 SO_TAIL 0fa 0 0 09a7 2**0 CONTENTS
7 EXP_HEAD 0e9 0 0 0a70 2**0 CONTENTS 7 EXP_HEAD 0e9 0 0 0aa1 2**0 CONTENTS
8 NRV2E 0e8 0 0 0b59 2**0 CONTENTS 8 NRV2E 0e8 0 0 0b8a 2**0 CONTENTS
9 NRV2D 0db 0 0 0c41 2**0 CONTENTS 9 NRV2D 0db 0 0 0c72 2**0 CONTENTS
10 NRV2B 0c4 0 0 0d1c 2**0 CONTENTS 10 NRV2B 0c4 0 0 0d4d 2**0 CONTENTS
11 LZMA_DAISY 0a 0 0 0de0 2**0 CONTENTS 11 LZMA_DAISY 0a 0 0 0e11 2**0 CONTENTS
12 LZMA_ELF00 065 0 0 0dea 2**0 CONTENTS 12 LZMA_ELF00 065 0 0 0e1b 2**0 CONTENTS
13 LZMA_DEC10 09f7 0 0 0e4f 2**0 CONTENTS 13 LZMA_DEC10 09f7 0 0 0e80 2**0 CONTENTS
14 LZMA_DEC20 09f7 0 0 01846 2**0 CONTENTS 14 LZMA_DEC20 09f7 0 0 01877 2**0 CONTENTS
15 LZMA_DEC30 019 0 0 0223d 2**0 CONTENTS 15 LZMA_DEC30 019 0 0 0226e 2**0 CONTENTS
16 EXP_TAIL 014 0 0 02258 2**2 CONTENTS 16 EXP_TAIL 014 0 0 02288 2**2 CONTENTS
17 STRCON 04b 0 0 0226c 2**0 CONTENTS 17 STRCON 04b 0 0 0229c 2**0 CONTENTS
SYMBOL TABLE: SYMBOL TABLE:
0000000000000000 l d SO_HEAD 0 SO_HEAD 0000000000000000 l d SO_HEAD 0 SO_HEAD
0000000000000000 l d EXP_HEAD 0 EXP_HEAD 0000000000000000 l d EXP_HEAD 0 EXP_HEAD
@ -54,22 +54,22 @@ SYMBOL TABLE:
0000000000000000 g F UMF_LINUX 0f9 upx_mmap_and_fd_linux 0000000000000000 g F UMF_LINUX 0f9 upx_mmap_and_fd_linux
0000000000000000 g F SO_TAIL 0 eof 0000000000000000 g F SO_TAIL 0 eof
00000000000004c3 g F SO_MAIN 0b9 prep_SELinux 00000000000004c3 g F SO_MAIN 0b9 prep_SELinux
00000000000000c1 g SO_TAIL 0 write 00000000000000ba g SO_TAIL 0 write
00000000000003fa g F SO_MAIN 01d PF_to_PROT 00000000000003fa g F SO_MAIN 01d PF_to_PROT
00000000000000af g SO_TAIL 0 memfd_create 00000000000000c2 g SO_TAIL 0 memfd_create
00000000000000c5 g SO_TAIL 0 read 00000000000000be g SO_TAIL 0 read
0000000000000184 g F SO_MAIN 0ef make_hatch 0000000000000184 g F SO_MAIN 0ef make_hatch
0000000000000013 g SO_TAIL 0 memset 0000000000000013 g SO_TAIL 0 memset
0000000000000042 g SO_TAIL 0 msync 0000000000000042 g SO_TAIL 0 msync
0000000000000011 g SO_TAIL 0 my_bkpt 0000000000000011 g SO_TAIL 0 my_bkpt
0000000000000046 g SO_TAIL 0 Pprotect 0000000000000046 g SO_TAIL 0 Pprotect
00000000000000c1 g SO_TAIL 0 Pwrite 00000000000000ba g SO_TAIL 0 Pwrite
0000000000000095 g SO_TAIL 0 Punmap 0000000000000095 g SO_TAIL 0 Punmap
00000000000000a7 g SO_TAIL 0 exit 00000000000000a7 g SO_TAIL 0 exit
00000000000000ba g SO_TAIL 0 openat 00000000000000b3 g SO_TAIL 0 openat
0000000000000080 g SO_TAIL 0 open 0000000000000080 g SO_TAIL 0 open
0000000000000057 g SO_TAIL 0 mprotect 0000000000000057 g SO_TAIL 0 mprotect
00000000000000b6 g SO_TAIL 0 close 00000000000000af g SO_TAIL 0 close
000000000000057c g F SO_MAIN 0297 upx_so_main 000000000000057c g F SO_MAIN 0297 upx_so_main
RELOCATION RECORDS FOR [HUMF_A]: RELOCATION RECORDS FOR [HUMF_A]: