lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Feb 2022 16:28:07 +0300 From: Azat Khuzhin <a3at.mail@...il.com> To: "H.J. Lu" <hjl.tools@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, Chris Kennelly <ckennelly@...gle.com>, Al Viro <viro@...iv.linux.org.uk>, Alexey Dobriyan <adobriyan@...il.com>, Song Liu <songliubraving@...com>, David Rientjes <rientjes@...gle.com>, Ian Rogers <irogers@...gle.com>, Hugh Dickins <hughd@...gle.com>, Suren Baghdasaryan <surenb@...gle.com>, Sandeep Patil <sspatil@...gle.com>, Fangrui Song <maskray@...gle.com>, Nick Desaulniers <ndesaulniers@...gle.com>, "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, Mike Kravetz <mike.kravetz@...cle.com>, Shuah Khan <shuah@...nel.org> Subject: Re: [PATCH] fs/binfmt_elf: use ELF_ET_DYN_BASE for PIE (ET_DYN with INTERP) binaries On Tue, Feb 01, 2022 at 05:15:38AM -0800, H.J. Lu wrote: > On Mon, Jan 31, 2022 at 10:18 PM Azat Khuzhin <a3at.mail@...il.com> wrote: > > > > On Mon, Jan 31, 2022 at 01:30:38PM -0800, H.J. Lu wrote: > > > On Mon, Jan 31, 2022 at 12:17 PM Azat Khuzhin <a3at.mail@...il.com> wrote: > > > > > > > > Since 9630f0d60fec ELF_ET_DYN_BASE is not used as a load_bias anymore > > > > and this breaks PIE binaries, since after this change data segment > > > > became too nearby the stack: > > > > > > > > Before 9630f0d60fec: > > > > > > > > $ strace -febrk /tmp/test-stack |& head > > > > brk(NULL) = 0x555555559000 > > > > $ /tmp/test-stack > > > > bottom_of_stack = 0x7fffffffc5c0 > > > > recursion depth: 1 (stack diff: 32) > > > > ... > > > > recursion depth: 7690 (stack diff: 8365664) > > > > Segmentation fault (core dumped) > > > > > > > > After 9630f0d60fec: > > > > > > > > $ strace -ebrk /tmp/test-stack |& head > > > > brk(NULL) = 0x7ffff7fff000 > > > > > > > > $ /tmp/test-stack > > > > bottom_of_stack = 0x7fffffffc640 > > > > recursion depth: 1 (stack diff: 32) > > > > ... > > > > recursion depth: 146 (stack diff: 157792) > > > > Segmentation fault (core dumped) > > > > > > > > Found this during compiling with clang, that started to randomly > > > > SIGSEGV when it eats some heap. > > > > > > How do I reproduce it on x86-64? > > > > It fails for me for pretty big C++ unit, so I don't have a simple > > reproducer with clang, but the attached reproducer below should show the > > problem. > > The reproducer doesn't fail for me under 5.17-rc2 on Fedora 35/x86-64 > with 32GB RAM. Did you turn off PF_RANDOMIZE? Oh, yep, forgot to mention that I have kernel.randomize_va_space=0.
Powered by blists - more mailing lists