libsel4utils: Fix TLS page fault if PT_PHDR exists

PT_PHDR is emitted by ld.lld but not ld.bfd. This segment should only
exist if the program header *is* part of the program memory image itself
(which is not the case in seL4, as it copies the program header in the
stack). This is important as muslc’s TLS init is relying on the existence
of PT_PHDR to get the base address of the image in memory and from that,
it calculates the TLS base for the source ELF. The calculation will be
wrong in seL4 as the program header is copied in the stack; thus it may
trigger a page fault if the new TLS base is not mapped, or affects the
integrity of programs relying on TLS variables (e.g., those with
__thread).

By setting PT_PHDR's segment to PT_NULL, muslc will skip this search and
won't do any relocations for the TLS segment which is part of the
loaded ELF image itself, thus getting the correct mapped address.

Sponsored by: DARPA.

Signed-off-by: Hesham Almatary <[email protected]>

libsel4utils/src/process.c

@@ -586,6 +586,21 @@ int sel4utils_configure_process_custom(sel4utils_process_t *process, vka_t *vka,
             goto error;
         }
         sel4utils_elf_read_phdrs(&elf, process->num_elf_phdrs, process->elf_phdrs);
+
+        /* If PT_PHDR exists in the program headers, assign PT_NULL to it.
+         * This is because muslc libc searches for PT_PHDR and if found,
+         * it assumes it's part of the ELF image and relocates the entire
+         * subsequent program header segments according to PT_PHDR's base. This is
+         * wrong and will trigger mapping errors.
+         */
+        Elf_Phdr *phdr = process->elf_phdrs;
+
+        for (int i = 0; i < process->num_elf_phdrs; i++, phdr++) {
+            if (phdr->p_type == PT_PHDR) {
+                phdr->p_type = PT_NULL;
+            }
+        }
+
     } else {
         process->entry_point = config.entry_point;
         process->sysinfo = config.sysinfo;