lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 18 Oct 2021 14:51:12 +0800
From:   ChenJingwen <chenjingwen6@...wei.com>
To:     <keescook@...omium.org>
CC:     <akpm@...ux-foundation.org>, <avagin@...nvz.org>,
        <chenjingwen6@...wei.com>, <khalid.aziz@...cle.com>,
        <linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <mhocko@...e.com>, <mpe@...erman.id.au>,
        <torvalds@...ux-foundation.org>, <viro@...iv.linux.org.uk>
Subject: [PATCH] elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings

> >  The reason is that the elf interpreter (ld.so) has overlapping segments.
> >
> Ewww. What toolchain generated this (and what caused it to just start
> happening)? (This was added in v4.17; it's been 3 years.)

gcc 7.3.0 for powerpc Book3E (e5500).

I wonder if there are some linker options related to the overlapping segments.
I tried to find it out why but I failed. And I also didn't see the answer in the
previous discussion yet (Maybe I missed it).

What confuses me is why the other reports only have overlapping sections for
executable binaries or dynamic libraries, but not for their ld.so.
I can keep looking for the reason but it may take a longe time for me.

> > readelf -l ld-2.31.so
> > Program Headers:
> >   Type           Offset             VirtAddr           PhysAddr
> >                  FileSiz            MemSiz              Flags  Align
> >   LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
> >                  0x000000000002c94c 0x000000000002c94c  R E    0x10000
> >   LOAD           0x000000000002dae0 0x000000000003dae0 0x000000000003dae0
> >                  0x00000000000021e8 0x0000000000002320  RW     0x10000
> >   LOAD           0x000000000002fe00 0x000000000003fe00 0x000000000003fe00
> >                  0x00000000000011ac 0x0000000000001328  RW     0x10000
> > 
> > The reason for this problem is the same as described in
> > commit ad55eac74f20 ("elf: enforce MAP_FIXED on overlaying elf segments").
> > Not only executable binaries, elf interpreters (e.g. ld.so) can have
> > overlapping elf segments, so we better drop MAP_FIXED_NOREPLACE and go
> > back to MAP_FIXED in load_elf_interp.
>
> We could also just expand the logic that fixed[1] this for ELF, yes?
>
> Andrew, are you able to pick up [1], BTW? It seems to have fallen
> through the cracks.
>
> [1] https://lore.kernel.org/all/20210916215947.3993776-1-keescook@chromium.org/T/#u

Yes, I expand the logic[1] to load_elf_interp and "init" succeeds to start.
Should I submit another patch?

Powered by blists - more mailing lists