Support PIE (Position Independent Executables)

Closes #4503
Revives #3960
Merges branch 'pie' into master

lib/libc/musl/ldso/dlstart.c

@@ -0,0 +1,148 @@
+#include <stddef.h>
+#include "dynlink.h"
+#include "libc.h"
+
+#ifndef START
+#define START "_dlstart"
+#endif
+
+#define SHARED
+
+#include "crt_arch.h"
+
+#ifndef GETFUNCSYM
+#define GETFUNCSYM(fp, sym, got) do { \
+	hidden void sym(); \
+	static void (*static_func_ptr)() = sym; \
+	__asm__ __volatile__ ( "" : "+m"(static_func_ptr) : : "memory"); \
+	*(fp) = static_func_ptr; } while(0)
+#endif
+
+hidden void _dlstart_c(size_t *sp, size_t *dynv)
+{
+	size_t i, aux[AUX_CNT], dyn[DYN_CNT];
+	size_t *rel, rel_size, base;
+
+	int argc = *sp;
+	char **argv = (void *)(sp+1);
+
+	for (i=argc+1; argv[i]; i++);
+	size_t *auxv = (void *)(argv+i+1);
+
+	for (i=0; i<AUX_CNT; i++) aux[i] = 0;
+	for (i=0; auxv[i]; i+=2) if (auxv[i]<AUX_CNT)
+		aux[auxv[i]] = auxv[i+1];
+
+#if DL_FDPIC
+	struct fdpic_loadseg *segs, fakeseg;
+	size_t j;
+	if (dynv) {
+		/* crt_arch.h entry point asm is responsible for reserving
+		 * space and moving the extra fdpic arguments to the stack
+		 * vector where they are easily accessible from C. */
+		segs = ((struct fdpic_loadmap *)(sp[-1] ? sp[-1] : sp[-2]))->segs;
+	} else {
+		/* If dynv is null, the entry point was started from loader
+		 * that is not fdpic-aware. We can assume normal fixed-
+		 * displacement ELF loading was performed, but when ldso was
+		 * run as a command, finding the Ehdr is a heursitic: we
+		 * have to assume Phdrs start in the first 4k of the file. */
+		base = aux[AT_BASE];
+		if (!base) base = aux[AT_PHDR] & -4096;
+		segs = &fakeseg;
+		segs[0].addr = base;
+		segs[0].p_vaddr = 0;
+		segs[0].p_memsz = -1;
+		Ehdr *eh = (void *)base;
+		Phdr *ph = (void *)(base + eh->e_phoff);
+		size_t phnum = eh->e_phnum;
+		size_t phent = eh->e_phentsize;
+		while (phnum-- && ph->p_type != PT_DYNAMIC)
+			ph = (void *)((size_t)ph + phent);
+		dynv = (void *)(base + ph->p_vaddr);
+	}
+#endif
+
+	for (i=0; i<DYN_CNT; i++) dyn[i] = 0;
+	for (i=0; dynv[i]; i+=2) if (dynv[i]<DYN_CNT)
+		dyn[dynv[i]] = dynv[i+1];
+
+#if DL_FDPIC
+	for (i=0; i<DYN_CNT; i++) {
+		if (i==DT_RELASZ || i==DT_RELSZ) continue;
+		if (!dyn[i]) continue;
+		for (j=0; dyn[i]-segs[j].p_vaddr >= segs[j].p_memsz; j++);
+		dyn[i] += segs[j].addr - segs[j].p_vaddr;
+	}
+	base = 0;
+
+	const Sym *syms = (void *)dyn[DT_SYMTAB];
+
+	rel = (void *)dyn[DT_RELA];
+	rel_size = dyn[DT_RELASZ];
+	for (; rel_size; rel+=3, rel_size-=3*sizeof(size_t)) {
+		if (!IS_RELATIVE(rel[1], syms)) continue;
+		for (j=0; rel[0]-segs[j].p_vaddr >= segs[j].p_memsz; j++);
+		size_t *rel_addr = (void *)
+			(rel[0] + segs[j].addr - segs[j].p_vaddr);
+		if (R_TYPE(rel[1]) == REL_FUNCDESC_VAL) {
+			*rel_addr += segs[rel_addr[1]].addr
+				- segs[rel_addr[1]].p_vaddr
+				+ syms[R_SYM(rel[1])].st_value;
+			rel_addr[1] = dyn[DT_PLTGOT];
+		} else {
+			size_t val = syms[R_SYM(rel[1])].st_value;
+			for (j=0; val-segs[j].p_vaddr >= segs[j].p_memsz; j++);
+			*rel_addr = rel[2] + segs[j].addr - segs[j].p_vaddr + val;
+		}
+	}
+#else
+	/* If the dynamic linker is invoked as a command, its load
+	 * address is not available in the aux vector. Instead, compute
+	 * the load address as the difference between &_DYNAMIC and the
+	 * virtual address in the PT_DYNAMIC program header. */
+	base = aux[AT_BASE];
+	if (!base) {
+		size_t phnum = aux[AT_PHNUM];
+		size_t phentsize = aux[AT_PHENT];
+		Phdr *ph = (void *)aux[AT_PHDR];
+		for (i=phnum; i--; ph = (void *)((char *)ph + phentsize)) {
+			if (ph->p_type == PT_DYNAMIC) {
+				base = (size_t)dynv - ph->p_vaddr;
+				break;
+			}
+		}
+	}
+
+	/* MIPS uses an ugly packed form for GOT relocations. Since we
+	 * can't make function calls yet and the code is tiny anyway,
+	 * it's simply inlined here. */
+	if (NEED_MIPS_GOT_RELOCS) {
+		size_t local_cnt = 0;
+		size_t *got = (void *)(base + dyn[DT_PLTGOT]);
+		for (i=0; dynv[i]; i+=2) if (dynv[i]==DT_MIPS_LOCAL_GOTNO)
+			local_cnt = dynv[i+1];
+		for (i=0; i<local_cnt; i++) got[i] += base;
+	}
+
+	rel = (void *)(base+dyn[DT_REL]);
+	rel_size = dyn[DT_RELSZ];
+	for (; rel_size; rel+=2, rel_size-=2*sizeof(size_t)) {
+		if (!IS_RELATIVE(rel[1], 0)) continue;
+		size_t *rel_addr = (void *)(base + rel[0]);
+		*rel_addr += base;
+	}
+
+	rel = (void *)(base+dyn[DT_RELA]);
+	rel_size = dyn[DT_RELASZ];
+	for (; rel_size; rel+=3, rel_size-=3*sizeof(size_t)) {
+		if (!IS_RELATIVE(rel[1], 0)) continue;
+		size_t *rel_addr = (void *)(base + rel[0]);
+		*rel_addr = base + rel[2];
+	}
+#endif
+
+	stage2_func dls2;
+	GETFUNCSYM(&dls2, __dls2, base+dyn[DT_PLTGOT]);
+	dls2((void *)base, sp);
+}

lib/std/build.zig

@@ -1286,6 +1286,9 @@ pub const LibExeObjStep = struct {
     /// Position Independent Code
     force_pic: ?bool = null,
 
+    /// Position Independent Executable
+    pie: ?bool = null,
+
     subsystem: ?builtin.SubSystem = null,
 
     const LinkObject = union(enum) {
@@ -2307,6 +2310,14 @@ pub const LibExeObjStep = struct {
             }
         }
 
+        if (self.pie) |pie| {
+            if (pie) {
+                try zig_args.append("-fPIE");
+            } else {
+                try zig_args.append("-fno-PIE");
+            }
+        }
+
         if (self.subsystem) |subsystem| {
             try zig_args.append("--subsystem");
             try zig_args.append(switch (subsystem) {

lib/std/dynamic_library.zig

@@ -59,48 +59,48 @@ const RDebug = extern struct {
     r_ldbase: usize,
 };
 
-fn elf_get_va_offset(phdrs: []elf.Phdr) !usize {
-    for (phdrs) |*phdr| {
-        if (phdr.p_type == elf.PT_LOAD) {
-            return @ptrToInt(phdr) - phdr.p_vaddr;
-        }
+// TODO: This should be weak (#1917)
+extern var _DYNAMIC: [128]elf.Dyn;
+
+comptime {
+    if (std.Target.current.os.tag == .linux) {
+        asm (
+            \\ .weak _DYNAMIC
+            \\ .hidden _DYNAMIC
+        );
     }
-    return error.InvalidExe;
 }
 
 pub fn linkmap_iterator(phdrs: []elf.Phdr) !LinkMap.Iterator {
-    const va_offset = try elf_get_va_offset(phdrs);
-
-    const dyn_table = init: {
-        for (phdrs) |*phdr| {
-            if (phdr.p_type == elf.PT_DYNAMIC) {
-                const ptr = @intToPtr([*]elf.Dyn, va_offset + phdr.p_vaddr);
-                break :init ptr[0 .. phdr.p_memsz / @sizeOf(elf.Dyn)];
-            }
-        }
+    if (@ptrToInt(&_DYNAMIC[0]) == 0) {
         // No PT_DYNAMIC means this is either a statically-linked program or a
         // badly corrupted one
         return LinkMap.Iterator{ .current = null };
-    };
+    }
 
     const link_map_ptr = init: {
-        for (dyn_table) |*dyn| {
-            switch (dyn.d_tag) {
+        var i: usize = 0;
+        while (_DYNAMIC[i].d_tag != elf.DT_NULL) : (i += 1) {
+            switch (_DYNAMIC[i].d_tag) {
                 elf.DT_DEBUG => {
-                    const r_debug = @intToPtr(*RDebug, dyn.d_val);
-                    if (r_debug.r_version != 1) return error.InvalidExe;
-                    break :init r_debug.r_map;
+                    const ptr = @intToPtr(?*RDebug, _DYNAMIC[i].d_val);
+                    if (ptr) |r_debug| {
+                        if (r_debug.r_version != 1) return error.InvalidExe;
+                        break :init r_debug.r_map;
+                    }
                 },
                 elf.DT_PLTGOT => {
-                    const got_table = @intToPtr([*]usize, dyn.d_val);
-                    // The address to the link_map structure is stored in the
-                    // second slot
-                    break :init @intToPtr(?*LinkMap, got_table[1]);
+                    const ptr = @intToPtr(?[*]usize, _DYNAMIC[i].d_val);
+                    if (ptr) |got_table| {
+                        // The address to the link_map structure is stored in
+                        // the second slot
+                        break :init @intToPtr(?*LinkMap, got_table[1]);
+                    }
                 },
                 else => {},
             }
         }
-        return error.InvalidExe;
+        return LinkMap.Iterator{ .current = null };
     };
 
     return LinkMap.Iterator{ .current = link_map_ptr };

lib/std/elf.zig

@@ -719,20 +719,48 @@ pub const Elf64_Syminfo = extern struct {
 pub const Elf32_Rel = extern struct {
     r_offset: Elf32_Addr,
     r_info: Elf32_Word,
+
+    pub inline fn r_sym(self: @This()) u24 {
+        return @truncate(u24, self.r_info >> 8);
+    }
+    pub inline fn r_type(self: @This()) u8 {
+        return @truncate(u8, self.r_info & 0xff);
+    }
 };
 pub const Elf64_Rel = extern struct {
     r_offset: Elf64_Addr,
     r_info: Elf64_Xword,
+
+    pub inline fn r_sym(self: @This()) u32 {
+        return @truncate(u32, self.r_info >> 32);
+    }
+    pub inline fn r_type(self: @This()) u32 {
+        return @truncate(u32, self.r_info & 0xffffffff);
+    }
 };
 pub const Elf32_Rela = extern struct {
     r_offset: Elf32_Addr,
     r_info: Elf32_Word,
     r_addend: Elf32_Sword,
+
+    pub inline fn r_sym(self: @This()) u24 {
+        return @truncate(u24, self.r_info >> 8);
+    }
+    pub inline fn r_type(self: @This()) u8 {
+        return @truncate(u8, self.r_info & 0xff);
+    }
 };
 pub const Elf64_Rela = extern struct {
     r_offset: Elf64_Addr,
     r_info: Elf64_Xword,
     r_addend: Elf64_Sxword,
+
+    pub inline fn r_sym(self: @This()) u32 {
+        return @truncate(u32, self.r_info >> 32);
+    }
+    pub inline fn r_type(self: @This()) u32 {
+        return @truncate(u32, self.r_info & 0xffffffff);
+    }
 };
 pub const Elf32_Dyn = extern struct {
     d_tag: Elf32_Sword,
@@ -917,6 +945,16 @@ pub const Dyn = switch (@sizeOf(usize)) {
     8 => Elf64_Dyn,
     else => @compileError("expected pointer size of 32 or 64"),
 };
+pub const Rel = switch (@sizeOf(usize)) {
+    4 => Elf32_Rel,
+    8 => Elf64_Rel,
+    else => @compileError("expected pointer size of 32 or 64"),
+};
+pub const Rela = switch (@sizeOf(usize)) {
+    4 => Elf32_Rela,
+    8 => Elf64_Rela,
+    else => @compileError("expected pointer size of 32 or 64"),
+};
 pub const Shdr = switch (@sizeOf(usize)) {
     4 => Elf32_Shdr,
     8 => Elf64_Shdr,