Re: Is PIE randomization breaking klibc binaries?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Sergey Vlasov <vsu@altlinux.ru>
Cc: Ulrich Kunitz <kune@deine-taler.de>,
	Chuck Ebbert <cebbert@redhat.com>,
	linux-kernel@vger.kernel.org, honza@jikos.cz, jkosina@suse.cz
Subject: Re: Is PIE randomization breaking klibc binaries?
Date: Thu, 02 Aug 2007 15:10:29 -0400	[thread overview]
Message-ID: <46B22C25.2070601@zytor.com> (raw)
In-Reply-To: <20070802230219.97b7f7b5.vsu@altlinux.ru>

Sergey Vlasov wrote:
>>
>> Program Header:
>>     LOAD off    0x0000000000000000 vaddr 0x0000000000200000 paddr 0x0000000000200000 align 2**21
>>          filesz 0x000000000001197e memsz 0x000000000001197e flags r-x
>>     LOAD off    0x0000000000011980 vaddr 0x0000000000411980 paddr 0x0000000000411980 align 2**21
> 
> Note that the vaddr here can overlap the binary which is linked starting
> at 0x400000.
> 
> This is the bug which I have found and fixed some time ago:
> 
> http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=10df6dfb13ffefe716f12136bbc667f18ff64744
> 
> The fix was included in klibc-1.4.35, but does not seem to be applied in
> your case (the alignment is still 2**21 - it should be 2**20) - so
> either you are using an old klibc, or the "-z max-page-size=0x100000"
> option does not take effect for some reason.
> 
> In my case the buggy klibc worked fine with a stock 2.6.18 kernel, but
> broke when the execshield patch was applied - and the commit 60bfba7e
> code comes from execshield, so it looks like the same problem.
> 
>>          filesz 0x0000000000000100 memsz 0x0000000000004288 flags rw-
>>    STACK off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**3
>>          filesz 0x0000000000000000 memsz 0x0000000000000000 flags rwx
>>
>> Sections:
>> Idx Name          Size      VMA               LMA               File off  Algn
>>   0 .text         0000da94  0000000000200200  0000000000200200  00000200  2**2
>>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>>   1 .rodata       00003cde  000000000020dca0  000000000020dca0  0000dca0  2**5
>>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>>   2 .data         00000100  0000000000411980  0000000000411980  00011980  2**5
>>                   CONTENTS, ALLOC, LOAD, DATA
>>   3 .bss          00004188  0000000000411a80  0000000000411a80  00011a80  2**5
>>                   ALLOC
>>   4 .gnu_debuglink 0000002c  0000000000000000  0000000000000000  00011a80  2**0
>>                   CONTENTS, READONLY

Yup... it should probably be pointed out the reason the old kernel 
worked was nothing but pure dumb luck.  This was a GNU ld change which 
needed to be undone for klibc.  It's unfortunate that stock x86-64 
binaries leave as little of a null pointer range as they do, but that's 
life, unfortunately.  The other alternative is to map klibc just below 
the 2 GB point, which would also work, but the old way broke when the ld 
change went in.  As previously stated, klibc-1.4.35 or higher fixes this.

	-hpa

next prev parent reply	other threads:[~2007-08-02 19:11 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-20 21:13 Is PIE randomization breaking klibc binaries? Ulrich Kunitz
2007-07-20 22:05 ` H. Peter Anvin
2007-07-24 20:34   ` Chuck Ebbert
2007-07-24 20:57     ` Chuck Ebbert
2007-07-24 22:00       ` Ulrich Kunitz
2007-07-24 22:41         ` Chuck Ebbert
2007-07-24 22:45           ` H. Peter Anvin
2007-07-24 23:13             ` Ulrich Kunitz
2007-07-25  6:32             ` Ulrich Kunitz
2007-07-31 11:30               ` Jiri Kosina
2007-07-31 12:01                 ` H. Peter Anvin
2007-07-31 12:19                   ` Jiri Kosina
2007-07-31 12:15                     ` H. Peter Anvin
2007-08-01 14:07                       ` Jiri Kosina
2007-08-02  4:29                         ` Ulrich Kunitz
2007-08-02 11:21                           ` Jiri Kosina
2007-08-02 17:03                             ` Bret Towe
2007-08-02 19:02               ` Sergey Vlasov
2007-08-02 19:10                 ` H. Peter Anvin [this message]
2007-08-02 20:42                   ` Ulrich Kunitz
2007-08-02 21:03                   ` Jiri Kosina
2007-08-02 19:10                 ` Ulrich Kunitz
2007-07-21  6:02 ` Bret Towe
2007-07-21 10:18   ` Andrew Morton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46B22C25.2070601@zytor.com \
    --to=hpa@zytor.com \
    --cc=cebbert@redhat.com \
    --cc=honza@jikos.cz \
    --cc=jkosina@suse.cz \
    --cc=kune@deine-taler.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=vsu@altlinux.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox