Bug 204157

Summary: brk syscall returns random address
Product: Memory Management Reporter: Sergei Trusov (sergei.a.trusov)
Component: Page AllocatorAssignee: Andrew Morton (akpm)
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: x86-64   
OS: Linux   
Kernel Version: 5.2.0 Tree: Mainline
Regression: Yes

Description Sergei Trusov 2019-07-13 08:53:56 UTC

For long time we have flat assembler (fasm [1]) that is allocating memory with the help of the flowing snippet of code:

    ; in:
    ;  r14d = requested size
    ; out:
    ;  eax - allocated block, equal to previous value of [malloc_lbrk]
    ;  ecx = allocated size
    ;  edi = what was in r12d
    ;  esi = what was in r13d
    ;  on error jumps to out_of_memory (does not return)
    ; preserves: rbx
    ; note: for internal use only
        cmp     dword [malloc_lbrk],0
        jne     malloc_lbrk_valid
        mov     eax,12                  ; sys_brk
        xor     edi,edi
        mov     ecx,eax
        cmp     rcx,rax
        jne     out_of_memory

The ELF file itself is not relocatable.
With kernel versions <= v5.1.x this brk syscall returns address within 4Gb range, so eax equals to rax.

With v5.2 (tested on Fedora Rawhide, Linux 5.2.0-1.fc31.x86_64) this syscall returns something like 0x555556a2d000 or 0x5555557b7000.

Please let us know, is it intended kernel behaviour or some kind of regression?

[1] https://flatassembler.net/