204157 – brk syscall returns random address

Bug 204157 - brk syscall returns random address

Summary: brk syscall returns random address

Status:	NEW

Alias:	None

Product:	Memory Management
Classification:	Unclassified
Component:	Page Allocator (show other bugs)
Hardware:	x86-64 Linux

Importance:	P1 normal
Assignee:	Andrew Morton

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-07-13 08:53 UTC by Sergei Trusov
Modified:	2019-07-13 08:54 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	5.2.0
Subsystem:
Regression:	Yes
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sergei Trusov 2019-07-13 08:53:56 UTC

Hi,

For long time we have flat assembler (fasm [1]) that is allocating memory with the help of the flowing snippet of code:

    malloc_brk:
    ; in:
    ;  r14d = requested size
    ; out:
    ;  eax - allocated block, equal to previous value of [malloc_lbrk]
    ;  ecx = allocated size
    ;  edi = what was in r12d
    ;  esi = what was in r13d
    ;  on error jumps to out_of_memory (does not return)
    ; preserves: rbx
    ; note: for internal use only
        cmp     dword [malloc_lbrk],0
        jne     malloc_lbrk_valid
        mov     eax,12                  ; sys_brk
        xor     edi,edi
        syscall
        mov     ecx,eax
        cmp     rcx,rax
        jne     out_of_memory

The ELF file itself is not relocatable.
With kernel versions <= v5.1.x this brk syscall returns address within 4Gb range, so eax equals to rax.

With v5.2 (tested on Fedora Rawhide, Linux 5.2.0-1.fc31.x86_64) this syscall returns something like 0x555556a2d000 or 0x5555557b7000.

Please let us know, is it intended kernel behaviour or some kind of regression?


[1] https://flatassembler.net/

Note You need to log in before you can comment on or make changes to this bug.