Bug 215275 - Kernel doesn't honor p_align of PT_LOAD segments in static PIE
Summary: Kernel doesn't honor p_align of PT_LOAD segments in static PIE
Status: NEW
Alias: None
Product: Other
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: other_other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-09 01:10 UTC by H.J. Lu
Modified: 2022-03-22 02:26 UTC (History)
3 users (show)

See Also:
Kernel Version:
Subsystem:
Regression: No
Bisected commit-id:


Attachments
A testcase (660 bytes, application/x-xz)
2021-12-09 01:10 UTC, H.J. Lu
Details
A patch to properly load static PIE (1.47 KB, patch)
2021-12-09 18:08 UTC, H.J. Lu
Details | Diff
0001-fs-binfmt_elf-use-ELF_ET_DYN_BASE-for-PIE-ET_DYN-wit.patch (2.58 KB, patch)
2022-01-31 18:42 UTC, Azat Khuzhin
Details | Diff

Description H.J. Lu 2021-12-09 01:10:31 UTC
Created attachment 299951 [details]
A testcase

[hjl@gnu-cfl-2 aligned-1]$ make
gcc -pie -fPIE -Wl,-z,max-page-size=0x200000 -O2 -o pie main.c load.c
gcc -static-pie -fPIE -Wl,-z,max-page-size=0x200000 -O2 -o static-pie main.c load.c
gcc -no-pie -Wl,-z,max-page-size=0x200000 -O2 -o pde main.c load.c
./pde
foo: 0xe00000
./pie
foo: 0x5562eb800000
./static-pie
foo: 0x7f5c48e89000
make: *** [Makefile:8: all] Aborted (core dumped)
[hjl@gnu-cfl-2 aligned-1]$ 

For PIE, kernel handles it correctly:

                         */
                        if (interpreter) {
                                load_bias = ELF_ET_DYN_BASE;
                                if (current->flags & PF_RANDOMIZE)
                                        load_bias += arch_mmap_rnd();
                                alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
                                if (alignment)
                                        load_bias &= ~(alignment - 1);
                                elf_flags |= MAP_FIXED;
                        } else 

but static PIE isn't handled correctly.
Comment 1 H.J. Lu 2021-12-09 18:08:25 UTC
Created attachment 299973 [details]
A patch to properly load static PIE
Comment 2 Azat Khuzhin 2022-01-31 18:42:58 UTC
Created attachment 300364 [details]
0001-fs-binfmt_elf-use-ELF_ET_DYN_BASE-for-PIE-ET_DYN-wit.patch

H.J. Lu, Hi!

This patch [1] breaks PIE binaries.

Here is a reproducer - https://gist.github.com/azat/45cdfb46a70474449972258fce0010cf

In pre 5.17-rc1: it successfully executes inner() function to the maximum stack size

After this patch: it fails earlier due to address overlap.

  [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9630f0d60fec5fbcaa4435a66f75df1dc9704b66

How about patch from the attachment?

--
Regards,
Azat.
Comment 3 H.J. Lu 2022-01-31 20:05:03 UTC
(In reply to Azat Khuzhin from comment #2)
> Created attachment 300364 [details]
> 0001-fs-binfmt_elf-use-ELF_ET_DYN_BASE-for-PIE-ET_DYN-wit.patch
> 
> H.J. Lu, Hi!
> 
> This patch [1] breaks PIE binaries.
> 
> Here is a reproducer -
> https://gist.github.com/azat/45cdfb46a70474449972258fce0010cf
> 
> In pre 5.17-rc1: it successfully executes inner() function to the maximum
> stack size
> 
> After this patch: it fails earlier due to address overlap.
> 
>   [1]:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=9630f0d60fec5fbcaa4435a66f75df1dc9704b66
> 
> How about patch from the attachment?
> 

Yes, the patch looks correct.  Thanks.
Comment 4 Victor Stinner 2022-03-22 02:26:17 UTC
The commit 9630f0d60fec5fbcaa4435a66f75df1dc9704b66 introduced a brk() regression in Linux 5.17 on AArch64:
https://bugzilla.kernel.org/show_bug.cgi?id=215720

Note You need to log in before you can comment on or make changes to this bug.