Bug 66721 - Load address in PIE is ignored when address randomization is disabled
Summary: Load address in PIE is ignored when address randomization is disabled
Status: NEW
Alias: None
Product: Platform Specific/Hardware
Classification: Unclassified
Component: x86-64 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: platform_x86_64@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-06 18:15 UTC by H.J. Lu
Modified: 2015-07-07 15:45 UTC (History)
3 users (show)

See Also:
Kernel Version: 3.12
Subsystem:
Regression: No
Bisected commit-id:

Attachments
A patch to honor non-zero load addres in PIE (1.80 KB, patch)
2013-12-06 20:56 UTC, H.J. Lu 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Description H.J. Lu 2013-12-06 18:15:57 UTC 
After fixing:

https://bugzilla.kernel.org/show_bug.cgi?id=36372

with commit a3defbe5c337dbc6da911f8cc49ae3cc3b49b453:


http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a3defbe5c337dbc6da911f8cc49ae3cc3b49b453

Load address in PIE is ignored when address randomization is disabled:

[hjl@gnu-6 pie]$ cat foo2.c
#include <stdio.h>

char foo[132121799];

int
main ()
{
  foo[sizeof (foo) - 2] = -34;
  printf ("%p, %d\n", &main, foo[sizeof (foo) - 2]);
  return 0;
}
[hjl@gnu-6 pie]$ cc -fPIE -pie foo2.c  -Wl,-Ttext-segment=0x6ABC55000000
[hjl@gnu-6 pie]$ readelf -lW a.out 

Elf file type is DYN (Shared object file)
Entry point 0x6abc55000630
There are 8 program headers, starting at offset 64

Program Headers:
  Type           Offset   VirtAddr           PhysAddr           FileSiz  MemSiz   Flg Align
  PHDR           0x000040 0x00006abc55000040 0x00006abc55000040 0x0001c0 0x0001c0 R E 0x8
  INTERP         0x000200 0x00006abc55000200 0x00006abc55000200 0x00001c 0x00001c R   0x1
      [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
  LOAD           0x000000 0x00006abc55000000 0x00006abc55000000 0x000944 0x000944 R E 0x200000
  LOAD           0x001000 0x00006abc55201000 0x00006abc55201000 0x000254 0x7e00748 RW  0x200000
  DYNAMIC        0x001020 0x00006abc55201020 0x00006abc55201020 0x0001d0 0x0001d0 RW  0x8
  NOTE           0x00021c 0x00006abc5500021c 0x00006abc5500021c 0x000044 0x000044 R   0x4
  GNU_EH_FRAME   0x00081c 0x00006abc5500081c 0x00006abc5500081c 0x000034 0x000034 R   0x4
  GNU_STACK      0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0x10

 Section to Segment mapping:
  Segment Sections...
   00     
   01     .interp 
   02     .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 
   03     .init_array .fini_array .jcr .data.rel.ro .dynamic .got .got.plt .data .bss 
   04     .dynamic 
   05     .note.ABI-tag .note.gnu.build-id 
   06     .eh_frame_hdr 
   07     
[hjl@gnu-6 pie]$ cat /proc/sys/kernel/randomize_va_space
1
[hjl@gnu-6 pie]$ ./a.out 
0x6abc55000745, -34
[hjl@gnu-6 pie]$ cat /proc/sys/kernel/randomize_va_space
0
[hjl@gnu-6 pie]$ ./a.out 
0x555555554745, -34
[hjl@gnu-6 pie]$
Comment 1 H.J. Lu 2013-12-06 20:56:39 UTC 
Created attachment 117741 [details]
A patch to honor non-zero load addres in PIE
Comment 2 Kostya Serebryany 2014-01-31 12:32:08 UTC 
Any hope with this?
Comment 3 H.J. Lu 2015-07-07 15:45:51 UTC 
I checked a workaround in ld:

commit 58e7ebacdd97c858834c07c7dce098aeacd500fb
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Thu Dec 12 07:41:27 2013 -0800

    Set ET_EXEC for -pie -Ttext-segment=
    
    bfd/
    
      * elf.c (assign_file_positions_except_relocs): Set e_type in ELF
      header to ET_EXEC for -pie -Ttext-segment=.
    
    2013-12-10  H.J. Lu  <hongjiu.lu@intel.com>
    
      * ld-pie/vaddr-0.d: New file.
      * ld-pie/vaddr-1.d: Likewise.
      * ld-pie/vaddr.s: Likewise.
Note You need to log in before you can comment on or make changes to this bug.