Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp3717210pxb; Fri, 4 Feb 2022 14:59:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJxgH80vX3/SAe3RRDRvzcdiE/yowg5VVQ3kBFOvjsW7NcgEEBCl5cu3fCIoATjhxijhkCTE X-Received: by 2002:a17:902:c702:: with SMTP id p2mr5234238plp.140.1644015555094; Fri, 04 Feb 2022 14:59:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644015555; cv=none; d=google.com; s=arc-20160816; b=P8fRNgbAs2XPPJmlJYChuWA4oMvyMhHZTDue11TDxWG1+klwHzbif/trnHylLxkN+5 +pr4HoiD9YcvMkB6N+s9KRcaGOdUWjNzEX9KlgFv8BwNYdUt747YaMKGBncHDbm/wCd+ cPuJ7AkM9rCzwD1EK/IVXiowC1w1lfcu28qOfHu9FGY7IDXKKLZR60+/6n5MkUkyY9TA ip5/ycbdJtzfLOF2V1GN2a/iuk4oSn6Z8ZWoV/TRnfk4GqJyGR/4PWsvAh6RVBBv7Tr2 McihIak+5CykdMcO0Qv/OtPJz/nuf2wZH3KaauJ94OE8iYwH1HxTp4EEEewm+sHc3idF p4Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=TEnKaGyVyQkOFv86BGFdUaYcL2GFvNnW7hN2KEruDew=; b=e17cz6EVpdzK8Q4pSoyjXd6xf2151s5L4ygAQMmsXysYXIPHzDH9SGeLhsQ4NZKqJl dsZUqdmTYUsz1F9Xks8/8xmjaAby2sBJciETGBJggYiU/9Cce+qtDiKwAcQVJ6QkEmyx cXbLf9R0Z20BvV2URkUFb56ZauyfbgJm65zhPiRZWAJj1H4y2LyXAxhhUWbV3t3XFhCt MvQkAqT9w27++6jG4MHacHTOftj8KJs952XwbxJf09CWImdd/5IYA2aOjHo6scwl7lbD pZZvL6auSrwOLT6Ve6zWxsswhRpEXUGVDE9TyVfQ9zjKEfDeqMXqxBn337FZ0aOBLSHc lVFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=grC3bvFe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mw14si14990304pjb.82.2022.02.04.14.59.03; Fri, 04 Feb 2022 14:59:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=grC3bvFe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352321AbiBCQmY (ORCPT + 99 others); Thu, 3 Feb 2022 11:42:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242144AbiBCQmV (ORCPT ); Thu, 3 Feb 2022 11:42:21 -0500 Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A450FC061714 for ; Thu, 3 Feb 2022 08:42:21 -0800 (PST) Received: by mail-lf1-x129.google.com with SMTP id bu18so7203839lfb.5 for ; Thu, 03 Feb 2022 08:42:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=TEnKaGyVyQkOFv86BGFdUaYcL2GFvNnW7hN2KEruDew=; b=grC3bvFeikR1GGnP0dho4BggbbkOZfYnaJt9+zAyZ/RQfW5VdsQiT2016hIQ5G3AGM xrCitEfI+ZJzunjQEy4F3zQMFO1N9lzFCrqSa09iYw1MMpHnKkbtdv9ETOB6F7g09gQ7 GnrwFpbLlsfL2+UcEc77VlodWZb9w25lUZVXRp24gsP29H6hDkqa5B+ggx2ulaxcBHpv Lkty28j1qW1cMmI3mjSzAhGAFJBmzYk2XNHg+rplQO6m0Sup/5MKKTMlO7kxNHu8fqme 0WcGB9KyElPu3py9GEe4xvgBuno20U+p6wLldVU5rntCIeOtXJQ0ktz0YyacSQuaVnr/ /mKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TEnKaGyVyQkOFv86BGFdUaYcL2GFvNnW7hN2KEruDew=; b=n99UWFHkCo76O8xfQb2MHkpaY9XttDeEyHXEMQ/QA8LSaMStFJIeO72jEW5XQfdpVv xAM10bo0W8WmMNTpj01vEThfi7qJ4TB85HegG1yCNiWi7Mo9wSxJS9ZqcQzWXpw+VnGs HLj+Ch5RsT3aeZOtyYG2Ybq9PkyKitCGamFqRolvbN34O1TLLjgKpqG+I5y9wdUDQ4p9 B/+sIauJeKLpXJioFLhNE28/zAcw3IyynhPOwPQl5NMJeojiybL7a8i+02AqbE4DAmmb YQ/o5nH3pDhuqhj0SHBTS/ALgUkqNa12ivupO8Ya40M3Kbhvn1z8/4jHNKXnjw+Zmd8y 1ovw== X-Gm-Message-State: AOAM532bTEb3BYiA7AdcbSAc/sKvr8/2aUg/DkdzXZH0N4yR+eHenNpN KTh/qdRzDaj08WPLid1E5aPGmHXGodvR0w== X-Received: by 2002:a05:6512:21b:: with SMTP id a27mr25929750lfo.302.1643906539761; Thu, 03 Feb 2022 08:42:19 -0800 (PST) Received: from localhost ([146.66.199.134]) by smtp.gmail.com with ESMTPSA id y22sm3334155lji.129.2022.02.03.08.42.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 08:42:19 -0800 (PST) Date: Thu, 3 Feb 2022 19:42:18 +0300 From: Azat Khuzhin To: "H.J. Lu" Cc: LKML , Chris Kennelly , Al Viro , Alexey Dobriyan , Song Liu , David Rientjes , Ian Rogers , Hugh Dickins , Suren Baghdasaryan , Sandeep Patil , Fangrui Song , Nick Desaulniers , "Kirill A . Shutemov" , Mike Kravetz , Shuah Khan Subject: Re: [PATCH] fs/binfmt_elf: use ELF_ET_DYN_BASE for PIE (ET_DYN with INTERP) binaries Message-ID: <20220203164218.six6nfyzsi2wnoay@carbon.azat> References: <20220131201716.5198-1-a3at.mail@gmail.com> <20220201061832.yatgwglxvi7ho4yr@carbon.azat> <20220201132807.m7xtogotjlg54pzl@carbon.azat> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 01, 2022 at 05:39:57AM -0800, H.J. Lu wrote: > On Tue, Feb 1, 2022 at 5:28 AM Azat Khuzhin wrote: > > > > On Tue, Feb 01, 2022 at 05:15:38AM -0800, H.J. Lu wrote: > > > On Mon, Jan 31, 2022 at 10:18 PM Azat Khuzhin wrote: > > > > > > > > On Mon, Jan 31, 2022 at 01:30:38PM -0800, H.J. Lu wrote: > > > > > On Mon, Jan 31, 2022 at 12:17 PM Azat Khuzhin wrote: > > > > > > > > > > > > Since 9630f0d60fec ELF_ET_DYN_BASE is not used as a load_bias anymore > > > > > > and this breaks PIE binaries, since after this change data segment > > > > > > became too nearby the stack: > > > > > > > > > > > > Before 9630f0d60fec: > > > > > > > > > > > > $ strace -febrk /tmp/test-stack |& head > > > > > > brk(NULL) = 0x555555559000 > > > > > > $ /tmp/test-stack > > > > > > bottom_of_stack = 0x7fffffffc5c0 > > > > > > recursion depth: 1 (stack diff: 32) > > > > > > ... > > > > > > recursion depth: 7690 (stack diff: 8365664) > > > > > > Segmentation fault (core dumped) > > > > > > > > > > > > After 9630f0d60fec: > > > > > > > > > > > > $ strace -ebrk /tmp/test-stack |& head > > > > > > brk(NULL) = 0x7ffff7fff000 > > > > > > > > > > > > $ /tmp/test-stack > > > > > > bottom_of_stack = 0x7fffffffc640 > > > > > > recursion depth: 1 (stack diff: 32) > > > > > > ... > > > > > > recursion depth: 146 (stack diff: 157792) > > > > > > Segmentation fault (core dumped) > > > > > > > > > > > > Found this during compiling with clang, that started to randomly > > > > > > SIGSEGV when it eats some heap. > > > > > > > > > > How do I reproduce it on x86-64? > > > > > > > > It fails for me for pretty big C++ unit, so I don't have a simple > > > > reproducer with clang, but the attached reproducer below should show the > > > > problem. > > > > > > The reproducer doesn't fail for me under 5.17-rc2 on Fedora 35/x86-64 > > > with 32GB RAM. Did you turn off PF_RANDOMIZE? > > > > Oh, yep, forgot to mention that I have kernel.randomize_va_space=0. > > PIE with interpreter and PIE with alignment > ELF_MIN_ALIGN > should always be loaded from ELF_ET_DYN_BASE. Otherwise, > either PIE is loaded at an address which is too low or isn't properly > aligned. So, this is what this patch does, right? Any news on this patch?