[Bug 1518483] [NEW] problem with PIE binaries and kernels <= 3.19

Launchpad Bug Tracker 1518483 at bugs.launchpad.net
Sat Mar 12 12:28:56 UTC 2016 

You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

When bash is built as a Position Independent Executable (PIE), it very
sporadically crashes due to some issue with memory layout in kernels
before 4.2. I'm currently testing enabling PIE by default in gcc on
amd64 for xenial, and some of my builds (e.g. cpio) are failing in the
buildds with the following message emitted:

  bash: xmalloc: .././locale.c:81: cannot allocate 2 bytes (0 bytes
allocated)

when the bash that is used is built as PIE. I have seen these failures
on buildds where the host is running 3.13 and 3.19. I am also able to
reproduce this locally on a machine running trusty with the stock trusty
kernel. However, when I boot that same machine with the linux-lts-wily
(4.2) kernel and retry the build with everything else exactly the same,
the failure disappears.

I discussed this a bit with Kees Cook, and he noted that some cleanups
to the kernel's ASLR code happened in 4.1. Specifically, he noted:

  commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86
  Author: Michael Davidson <md at google.com>

    fs/binfmt_elf.c: fix bug in loading of PIE binaries
 
However, that landed in stable and has been picked up in our kernels as 668965be56ea0b2c45ed6bec84dc2088490ae6b1, landing in Ubuntu-3.13.0-56.93 and b51621abbcb4694b8d2842ce3a66006a60bba6e5 / Ubuntu-3.19.0-19.19.

Kees also pointed out that he landed a series of patches from
204db6ed17743000691d930368a5abd6ea541c58 until Michael Davidson's patch
(i.e.
a87938b2e246b81b4fb713edb371a9fa3c5c3c86..204db6ed17743000691d930368a5abd6ea541c58
), and in particular, there's:

  commit d1fd836dcf00d2028c700c7e44d2c23404062c90
  Author: Kees Cook <keescook at chromium.org>

    mm: split ET_DYN ASLR from mmap ASLR
 
Other fixes that I see to fs/binfmt_elf.c and arch/x86/mm/mmap.c look like they either occurred only in 4.3 or have already been backported via the stable kernels.

I should also point out that these cleanups may address some of the ASLR
failed tests that occur on non-x86 architectures for pre 4.2 kernels.

I am happy to test out kernels to try to address this. Thanks.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-68-generic 3.13.0-68.111
ProcVersionSignature: Ubuntu 3.13.0-68.111-generic 3.13.11-ckt27
Uname: Linux 3.13.0-68-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.18
Architecture: amd64
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/dsp', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/hwC0D1', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1c', '/dev/snd/pcmC0D1p', '/dev/snd/pcmC0D2c', '/dev/snd/pcmC0D3p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Fri Nov 20 13:58:40 2015
HibernationDevice: RESUME=UUID=dc63f523-507a-4f9d-aa30-a2e880199150
IwConfig:
 eth0      no wireless extensions.
 
 lo        no wireless extensions.
MachineType: Shuttle Inc SG33
ProcEnviron:
 SHELL=/bin/bash
 TERM=screen
 PATH=(custom, user)
 LANG=en_US.UTF-8
 XDG_RUNTIME_DIR=<set>
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-68-generic root=UUID=d30e91cf-3c43-41a9-a72d-c07d1be1d53e ro loop.max_loop=64 rootflags=data=ordered nomdmonddf nomdmonisw nomdmonddf nomdmonisw nomdmonddf nomdmonisw nomdmonddf nomdmonisw
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-68-generic N/A
 linux-backports-modules-3.13.0-68-generic  N/A
 linux-firmware                             1.127.18
RfKill:
 
SourcePackage: linux
StagingDrivers: zram
UpgradeStatus: Upgraded to trusty on 2014-04-16 (583 days ago)
WpaSupplicantLog:
 
dmi.bios.date: 11/28/2007
dmi.bios.vendor: Phoenix Technologies, LTD
dmi.bios.version: 6.00 PG
dmi.board.name: FG33
dmi.board.vendor: Shuttle Inc
dmi.board.version: V10
dmi.chassis.type: 3
dmi.chassis.vendor: Shuttle Inc
dmi.chassis.version: G5
dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvr6.00PG:bd11/28/2007:svnShuttleInc:pnSG33:pvrV10:rvnShuttleInc:rnFG33:rvrV10:cvnShuttleInc:ct3:cvrG5:
dmi.product.name: SG33
dmi.product.version: V10
dmi.sys.vendor: Shuttle Inc

** Affects: bash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: bash (Ubuntu Vivid)
     Importance: Undecided
         Status: Invalid

** Affects: linux (Ubuntu Vivid)
     Importance: Undecided
     Assignee: Tim Gardner (timg-tpi)
         Status: Fix Released


** Tags: amd64 apport-bug patch staging trusty verification-done-vivid
-- 
problem with PIE binaries and kernels <= 3.19
https://bugs.launchpad.net/bugs/1518483
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list