Re: git: 9cabef3d146e - main - ldd: use direct exec mode unconditionally

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Fri, 21 Oct 2022 12:18:04 UTC
On 6 Oct 2022, at 17:50, Konstantin Belousov wrote:
> The branch main has been updated by kib:
>
> URL: 
> https://cgit.FreeBSD.org/src/commit/?id=9cabef3d146e9a844813b6bc8952d6cf2e9d45e5
>
> commit 9cabef3d146e9a844813b6bc8952d6cf2e9d45e5
> Author:     Konstantin Belousov <kib@FreeBSD.org>
> AuthorDate: 2022-09-21 13:55:44 +0000
> Commit:     Konstantin Belousov <kib@FreeBSD.org>
> CommitDate: 2022-10-06 15:50:26 +0000
>
>     ldd: use direct exec mode unconditionally
>
>     Trying to exec malformed or unusual binary, for instance, a 
> non-FreeBSD
>     ABI, or using a non-standard interpreter, might give unexpected 
> outcome.
>
>     Reported by:    The UK's National Cyber Security Centre (NCSC)
>     Reviewed by:    emaste, markj, philip
>     Discussed with: jhb
>     Sponsored by:   The FreeBSD Foundation
>     admbug: 991
>     PR:     127276, 175339, 231926
>     MFC after:      1 week
>     Differential revision:  https://reviews.freebsd.org/D36650
>
This appears to break things for armv7 (running on aarch64).

This manifests while building pfsense (for 3100 / armv7), which we do on 
an aarch64 vm (to avoid having to deal with qemu, and because it’s 
faster).

During that build a couple ports fail to build, including 
databases/sqlite3.
It fails running `/usr/bin/ldd -a 
"/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3" 
"/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/lib/libsqlite3.so”`, 
which produces:

	ld-elf.so.1: 
/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3: 
mmap of entire address space failed: Cannot allocate memory
	/wrkdirs/usr/ports/databases/sqlite3/work-default/stage/usr/local/bin/sqlite3: 
exit status 1

That fails doing the `mapbase = mmap(base_addr, mapsize, PROT_NONE, 
base_flags, -1, 0);` call in rtld-elf’s map_object():217. That call 
does `mmap(0x10000, 0x1dc000, PROT_NONE, 0x6010, -1, 0) => 0xffffffff`.

With this patch reverted we can build successfully.

Best regards,
Kristof