← Back to team overview

kernel-packages team mailing list archive

[Bug 1518483] Re: problem with PIE binaries and kernels <= 3.19

 

Since it's not guaranteed that we'll ever get buildds booted into
kernels with the fix above, I'm proposing to disable -pie for bash. For
xenial, this will have no affect except for on s390x, as on all other
arches, pie is not the default anyway.

** Also affects: bash (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: bash (Ubuntu Vivid)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1518483

Title:
  problem with PIE binaries and kernels <= 3.19

Status in bash package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Fix Released
Status in bash source package in Vivid:
  Invalid
Status in linux source package in Vivid:
  Fix Released

Bug description:
  When bash is built as a Position Independent Executable (PIE), it very
  sporadically crashes due to some issue with memory layout in kernels
  before 4.2. I'm currently testing enabling PIE by default in gcc on
  amd64 for xenial, and some of my builds (e.g. cpio) are failing in the
  buildds with the following message emitted:

    bash: xmalloc: .././locale.c:81: cannot allocate 2 bytes (0 bytes
  allocated)

  when the bash that is used is built as PIE. I have seen these failures
  on buildds where the host is running 3.13 and 3.19. I am also able to
  reproduce this locally on a machine running trusty with the stock
  trusty kernel. However, when I boot that same machine with the linux-
  lts-wily (4.2) kernel and retry the build with everything else exactly
  the same, the failure disappears.

  I discussed this a bit with Kees Cook, and he noted that some cleanups
  to the kernel's ASLR code happened in 4.1. Specifically, he noted:

    commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86
    Author: Michael Davidson <md@xxxxxxxxxx>

      fs/binfmt_elf.c: fix bug in loading of PIE binaries
   
  However, that landed in stable and has been picked up in our kernels as 668965be56ea0b2c45ed6bec84dc2088490ae6b1, landing in Ubuntu-3.13.0-56.93 and b51621abbcb4694b8d2842ce3a66006a60bba6e5 / Ubuntu-3.19.0-19.19.

  Kees also pointed out that he landed a series of patches from
  204db6ed17743000691d930368a5abd6ea541c58 until Michael Davidson's
  patch (i.e.
  a87938b2e246b81b4fb713edb371a9fa3c5c3c86..204db6ed17743000691d930368a5abd6ea541c58
  ), and in particular, there's:

    commit d1fd836dcf00d2028c700c7e44d2c23404062c90
    Author: Kees Cook <keescook@xxxxxxxxxxxx>

      mm: split ET_DYN ASLR from mmap ASLR
   
  Other fixes that I see to fs/binfmt_elf.c and arch/x86/mm/mmap.c look like they either occurred only in 4.3 or have already been backported via the stable kernels.

  I should also point out that these cleanups may address some of the
  ASLR failed tests that occur on non-x86 architectures for pre 4.2
  kernels.

  I am happy to test out kernels to try to address this. Thanks.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.13.0-68-generic 3.13.0-68.111
  ProcVersionSignature: Ubuntu 3.13.0-68.111-generic 3.13.11-ckt27
  Uname: Linux 3.13.0-68-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.18
  Architecture: amd64
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/dsp', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/hwC0D1', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1c', '/dev/snd/pcmC0D1p', '/dev/snd/pcmC0D2c', '/dev/snd/pcmC0D3p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  Date: Fri Nov 20 13:58:40 2015
  HibernationDevice: RESUME=UUID=dc63f523-507a-4f9d-aa30-a2e880199150
  IwConfig:
   eth0      no wireless extensions.
   
   lo        no wireless extensions.
  MachineType: Shuttle Inc SG33
  ProcEnviron:
   SHELL=/bin/bash
   TERM=screen
   PATH=(custom, user)
   LANG=en_US.UTF-8
   XDG_RUNTIME_DIR=<set>
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-68-generic root=UUID=d30e91cf-3c43-41a9-a72d-c07d1be1d53e ro loop.max_loop=64 rootflags=data=ordered nomdmonddf nomdmonisw nomdmonddf nomdmonisw nomdmonddf nomdmonisw nomdmonddf nomdmonisw
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-68-generic N/A
   linux-backports-modules-3.13.0-68-generic  N/A
   linux-firmware                             1.127.18
  RfKill:
   
  SourcePackage: linux
  StagingDrivers: zram
  UpgradeStatus: Upgraded to trusty on 2014-04-16 (583 days ago)
  WpaSupplicantLog:
   
  dmi.bios.date: 11/28/2007
  dmi.bios.vendor: Phoenix Technologies, LTD
  dmi.bios.version: 6.00 PG
  dmi.board.name: FG33
  dmi.board.vendor: Shuttle Inc
  dmi.board.version: V10
  dmi.chassis.type: 3
  dmi.chassis.vendor: Shuttle Inc
  dmi.chassis.version: G5
  dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvr6.00PG:bd11/28/2007:svnShuttleInc:pnSG33:pvrV10:rvnShuttleInc:rnFG33:rvrV10:cvnShuttleInc:ct3:cvrG5:
  dmi.product.name: SG33
  dmi.product.version: V10
  dmi.sys.vendor: Shuttle Inc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1518483/+subscriptions


References