lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191005233227.GB25745@shell.armlinux.org.uk>
Date:   Sun, 6 Oct 2019 00:32:27 +0100
From:   Russell King - ARM Linux admin <linux@...linux.org.uk>
To:     Michal Hocko <mhocko@...e.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org
Subject: MAP_FIXED_NOREPLACE appears to break older i386 binaries

Under a 4.19 kernel (debian stable), I am surprised to find that some
previously working i386 binaries no longer work, whereas others are
fine.  ls, for example, dies with a SEGV, but bash is fine.

Looking at the kernel log reveals:

[13117.361000] 20899 (ls): Uhuuh, elf segment at 0000000008065000 requested but
the memory is mapped already
[13120.367221] 20935 (vdir): Uhuuh, elf segment at 0000000008065000 requested but the memory is mapped already
[13122.891253] 20936 (ls): Uhuuh, elf segment at 0000000008065000 requested but
the memory is mapped already
[13137.719143] 20940 (ls): Uhuuh, elf segment at 0000000008065000 requested but
the memory is mapped already
[13139.202469] 20978 (ls): Uhuuh, elf segment at 0000000008065000 requested but
the memory is mapped already
[13158.093533] 21007 (ls): Uhuuh, elf segment at 0000000008065000 requested but
the memory is mapped already
[13221.920939] 21021 (objdump): Uhuuh, elf segment at 00000000080a1000 requested but the memory is mapped already

Looking at /bin/ls:

Program Header:
    PHDR off    0x00000034 vaddr 0x08048034 paddr 0x08048034 align 2**2
         filesz 0x00000120 memsz 0x00000120 flags r-x
  INTERP off    0x00000154 vaddr 0x08048154 paddr 0x08048154 align 2**0
         filesz 0x00000013 memsz 0x00000013 flags r--
    LOAD off    0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
         filesz 0x0001d620 memsz 0x0001d620 flags r-x
    LOAD off    0x0001d950 vaddr 0x08065950 paddr 0x08065950 align 2**12
         filesz 0x00000a50 memsz 0x000016e4 flags rw-
 DYNAMIC off    0x0001dec4 vaddr 0x08065ec4 paddr 0x08065ec4 align 2**2
         filesz 0x00000100 memsz 0x00000100 flags rw-
    NOTE off    0x00000168 vaddr 0x08048168 paddr 0x08048168 align 2**2
         filesz 0x00000044 memsz 0x00000044 flags r--
EH_FRAME off    0x00018e68 vaddr 0x08060e68 paddr 0x08060e68 align 2**2
         filesz 0x00000774 memsz 0x00000774 flags r--
   STACK off    0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4
         filesz 0x00000000 memsz 0x00000000 flags rw-
   RELRO off    0x0001d950 vaddr 0x08065950 paddr 0x08065950 align 2**0
         filesz 0x000006b0 memsz 0x000006b0 flags r--

Note that the executable part of ls extends from 0x08048000 for
0x0001d620 bytes in memory and file, which takes that up to
0x08065620.  The rw data section starts at 0x08065950.

Seems we've broken older i386 binaries with commit ad55eac74f20
("elf: enforce MAP_FIXED on overlaying elf segments").  Maybe the
MAP_FIXED_NOREPLACE stuff needs to have an on/off switch?

Here's the objdump -h output for the same binary:

Sections:
Idx Name          Size      VMA       LMA       File off  Algn
  0 .interp       00000013  08048154  08048154  00000154  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  08048168  08048168  00000168  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  08048188  08048188  00000188  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     0000003c  080481ac  080481ac  000001ac  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynsym       00000840  080481e8  080481e8  000001e8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .gnu.liblist  000000c8  08048a28  08048a28  00000a28  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version  00000108  08049020  08049020  00001020  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .gnu.version_r 000000c0  08049128  08049128  00001128  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rel.dyn      00000048  080491e8  080491e8  000011e8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .rel.plt      00000390  08049230  08049230  00001230  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .init         00000023  080495c0  080495c0  000015c0  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .plt          00000730  080495f0  080495f0  000015f0  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .text         00013274  08049d20  08049d20  00001d20  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .fini         00000014  0805cf94  0805cf94  00014f94  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .rodata       00003ea8  0805cfc0  0805cfc0  00014fc0  2**5
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 15 .eh_frame_hdr 00000774  08060e68  08060e68  00018e68  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .eh_frame     0000341c  080615dc  080615dc  000195dc  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 17 .dynstr       0000064c  080649f8  080649f8  0001c9f8  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 18 .gnu.conflict 000005dc  08065044  08065044  0001d044  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 19 .init_array   00000004  08065950  08065950  0001d950  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 20 .fini_array   00000004  08065954  08065954  0001d954  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 21 .jcr          00000004  08065958  08065958  0001d958  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 22 .data.rel.ro  00000544  08065980  08065980  0001d980  2**6
                  CONTENTS, ALLOC, LOAD, DATA
 23 .dynamic      00000100  08065ec4  08065ec4  0001dec4  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 24 .got          00000024  08065fc4  08065fc4  0001dfc4  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 25 .got.plt      000001d4  08066000  08066000  0001e000  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 26 .data         000001a0  08066200  08066200  0001e200  2**6
                  CONTENTS, ALLOC, LOAD, DATA
 27 .bss          00000c74  080663c0  080663c0  0001e3a0  2**6
                  ALLOC
 28 .gnu_debuglink 00000010  00000000  00000000  0001e3a0  2**2
                  CONTENTS, READONLY
 29 .gnu_debugdata 00001170  00000000  00000000  0001e3b0  2**0
                  CONTENTS, READONLY
 30 .gnu.prelink_undo 000005dc  00000000  00000000  0001f520  2**2
                  CONTENTS, READONLY

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 12.1Mbps down 622kbps up
According to speedtest.net: 11.9Mbps down 500kbps up

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ