Bug 179407 - TEXTRELs in libSDL
TEXTRELs in libSDL
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: SDL (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
:
Depends On:
Blocks: FC6Target
  Show dependency treegraph
 
Reported: 2006-01-30 19:54 EST by Dawid Gajownik
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-27 12:43:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
PATCH removing all textrel's (18.31 KB, patch)
2007-02-12 10:16 EST, Hans de Goede
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
SDL Simple Directmedia Layer 418 None None None Never

  None (edit)
Description Dawid Gajownik 2006-01-30 19:54:57 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051228 SeaMonkey/1.5a

Description of problem:
SDL library contains text relocations. This is a Bad Thing™ ;-)

You can use patches from Gentoo → http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/ (files with PIC in their names)

Version-Release number of selected component (if applicable):
SDL-1.2.9-5

How reproducible:
Always

Steps to Reproduce:
1. readelf -d /usr/lib/libSDL-1.2.so.0.7.2 | grep TEXTREL

Actual Results:  [y4kk0@X ~]$ readelf -d /usr/lib/libSDL-1.2.so.0.7.2 | grep TEXTREL
 0x00000016 (TEXTREL)                    0x0
[y4kk0@X ~]$

Expected Results:  No output.

Additional info:

For more information about text relocations and their drawbacks please read this:
http://thread.gmane.org/gmane.linux.gentoo.devel/33992
http://article.gmane.org/gmane.linux.gentoo.devel/34037
http://people.redhat.com/drepper/nonselsec.pdf
Comment 1 Hans de Goede 2007-02-12 08:43:02 EST
As promised in the SDL review some help in getting SDL bugs fixed. I've been
digging into this at home this weekend (where I'm unfortunately without internet
access). And this is somewhat strange.

As to be expected the TEXTREL problems are caused by some asm code left and
right in SDL, and thusn only show up on i386. Strange enough ls -Z
/usr/lib/libSDL-1.2.so.0 gives:
lrwxrwxrwx  root root system_u:object_r:lib_t:s0

And my selinux is in enforcing mode with "allow_execmod --> off", thus this
shouldn't work unless ls -Z /usr/lib/libSDL-1.2.so.0 would give:
lrwxr-xr-x  root root system_u:object_r:textrel_shlib_t:s0

But still SDL seems to work fine, I've even written a special test program to
make sure one of the asm routines got called (as they only get called under very
specific circumstances), verified that my program worked by adding debug
printf's to SDL, and still it works fine ???

Now there may be an explanation for this, I've done much reading on PIC code in
elf objects this weekand and my test programs make SDL use asm code from
src/hermes/*.asm, but that asm code is actually fine as it:
1) the function addresses are not used by to the outside
2) it doesn't contain any data references

and there are 2 possible problems with asm code in PIC
1) your function symbols getting used outside the lib
2) accessing any data both inside or outside the lib

So it seems that I've been trying to trigger the wrong code path to find any
real textrel problems.

Strange enough eu-findtextrel, still complains about the symbols defined in
src/hermes/*.asm

Now this weekend I unfortunately didn't have access to the gentoo patches, now
that I do lets evaluate those:

http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-SDL_stretch.patch
Fixes a asm direct .data access to become a by ref access -> should be applied

http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-hermes-call-dont-jump.patch
Replace a few jmp and jmp backs with call and ret, could have a very slight
performance impact, but otherwise looks fine -> should be applied

http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-hermes-cpuid.patch
Fixes the CPU detect code under src/hermes/x86_main.asm -> this CPU-detect code
isn't used by SDL, probably best to just remove it.

http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-load-mmx-masks-from-stack.patch
Already applied by upstream in 1.2.10

http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-yuv-mmx.patch
Fixes a couple of asm direct .data accesses to become a by ref accesses ->
should be applied

I'll try to apply the patches which I like, strip the non used cpudetect code
and then attach one merged (and tested) patch for this.
Comment 2 Hans de Goede 2007-02-12 10:16:08 EST
Created attachment 147899 [details]
PATCH removing all textrel's

This is a combination of:
http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-hermes-call-dont-jump.patch

and:
http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-yuv-mmx.patch


In combination with removing the unused CPU-detect code.

Notice that:
http://mir2.ovh.net/gentoo-portage/media-libs/libsdl/files/libsdl-1.2.9-PIC-SDL_stretch.patch

Is  not applied as it already was applied upstream

I've confirmed that with this patch all textrel's are gone (according to
eu-findtextrel). I've done some testing with this and all SDL apps still seem
to work fine.
Comment 3 Dawid Gajownik 2007-02-13 07:01:58 EST
(In reply to comment #1)
> Strange enough ls -Z /usr/lib/libSDL-1.2.so.0 gives:
> lrwxrwxrwx  root root system_u:object_r:lib_t:s0
> 
> And my selinux is in enforcing mode with "allow_execmod --> off", thus this
> shouldn't work unless ls -Z /usr/lib/libSDL-1.2.so.0 would give:
> lrwxr-xr-x  root root system_u:object_r:textrel_shlib_t:s0
> 
> But still SDL seems to work fine

You should not look at the security context of symlinks. At least on my FC6 I
have this output:

[gajownik@cyklop ~]$ ls -Z /usr/lib/libSDL-1.2.so.0*
lrwxrwxrwx  root root system_u:object_r:lib_t          /usr/lib/libSDL-1.2.so.0
-> libSDL-1.2.so.0.7.3
-rwxr-xr-x  root root system_u:object_r:textrel_shlib_t /usr/lib/libSDL-1.2.so.0.7.3
[gajownik@cyklop ~]$ 

Context of the main library is important.

Anyway, big thanks for your work! After applying your patches selinux-policy
should be updated.
Comment 4 Hans de Goede 2007-02-14 03:47:57 EST
(In reply to comment #3)
> (In reply to comment #1)
> > Strange enough ls -Z /usr/lib/libSDL-1.2.so.0 gives:
> > lrwxrwxrwx  root root system_u:object_r:lib_t:s0
> > 
> > And my selinux is in enforcing mode with "allow_execmod --> off", thus this
> > shouldn't work unless ls -Z /usr/lib/libSDL-1.2.so.0 would give:
> > lrwxr-xr-x  root root system_u:object_r:textrel_shlib_t:s0
> > 
> > But still SDL seems to work fine
> 
> You should not look at the security context of symlinks. At least on my FC6 I
> have this output:
> 
> Context of the main library is important.
> 

Ah, that explains why things still work, thanks! 

> Anyway, big thanks for your work! After applying your patches selinux-policy
> should be updated.

Yes indeed.
Comment 5 Thomas Woerner 2007-03-19 13:48:48 EDT
I see a big problem with these invasive assembler patches, because they are not
upstream and a new version of SDL could require to change big parts of them.

BTW: SDL upstream decided not to add these patches.

I see that TEXTRELs are not good, but I'd like to get this patches upstream, at
least in SDL. Even the actual Hermes library has still these code segments.

For now, I am sorry, but these patches are a no-go in my opinion.
Comment 6 Hans de Goede 2007-03-19 16:59:56 EDT
Actually, the patches to the hermes code are trivial, and the only other patch
is to src/video/SDL_yuv_mmx.c, which isn't 100% trivial, but isn't exactly very
complex either. Also this code is not very likely to change (not likely at all).

There used to be a lot more non PIC code pieces, but those are already merged
upstream, I don't know why they didn't merge these 2 particular bits.

I've filed this upstream too now, see:
http://bugzilla.libsdl.org/show_bug.cgi?id=418
Comment 7 Thomas Woerner 2007-08-27 12:43:49 EDT
Fixed upstream ...

Fixed in package SDL-1.2.12-1 or newer.

Note You need to log in before you can comment on or make changes to this bug.