lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <57707201-b8a6-1389-d451-033e9e13fe1c@redhat.com>
Date:   Wed, 13 Sep 2023 23:30:57 +0200 (CEST)
From:   Sebastian Ott <sebott@...hat.com>
To:     Willy Tarreau <w@....eu>
cc:     Thomas Weißschuh <linux@...ssschuh.net>,
        Mark Brown <broonie@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: aarch64 binaries using nolibc segfault before reaching the entry
 point

On Wed, 13 Sep 2023, Willy Tarreau wrote:
> On Wed, Sep 13, 2023 at 10:19:00PM +0200, Thomas Weißschuh wrote:
>>> All on aarch64 running fedora37 + upstream kernel. Any hints on what could
>>> be borken here or how to actually fix it?
>>
>> I reduced it to the following reproducer:
>>
>>     $ cat test.c
>>     int foo;  /* It works when deleting this variable */
>>
>>     void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) _start(void)
>>     {
>>     	__asm__ volatile (
>>     		"mov x8, 93\n"       /* NR_exit == 93 */
>>     		"svc #0\n"
>>     	);
>>     	__builtin_unreachable();
>>     }
>>
>>     $ aarch64-linux-gnu-gcc -Os -static -fno-stack-protector -Wall -nostdlib test.c
>>     $ ./a.out
>>     Segmentation fault
>>
>> Also when running under gdb the error message is:
>>
>>     During startup program terminated with signal SIGSEGV, Segmentation fault.
>>
>> So it seems the error already happens during loading.
>>
>> Could be a compiler or kernel bug?
>
> I tried here with gcc-11.4.0 native on an ubuntu-22.04 and using a
> cross gcc-9.5 executed on another box and couldn't reproduce the issue
> at all. It could be that the compiler inserts whatever, did someone
> try to disassemble de resulting program to see what it looks like ?
> Maybe we're even dealing with issues related to random stack alignment
> that causes issues past a function call due to some garbage being placed
> at the wrong place in the stack. Also, dmesg should generally report
> what (and where) the segv happened. Similarly, gdb with "info reg"
> and "disassemble $pc" should report some info.

Sadly there is no kernel output for this I guess this happens just too
early. gdb just reports "The program has no registers now."

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ