Undefined Behavior with Multiple Text Segments

[aroelke]

When the .text segment is divided into multiple noncontiguous sections, tags are not applied correctly to the binary. For example, a linker script might divide .text like this:

.text.init : {
  *(.text.init);
}
.text : ALIGN(0x1000) {
  *(.text)
  *(.text.*)
}

In this case, the first instruction of the program running with the rwx policy, normally tagged allGrp, Rd, Ex, is read by the PEX kernel as being tagged with loadGrp, allGrp, Rd, Ex, causing a policy violation.