Revision c715b72c1ba406f133217b509044c38d8e714a37 authored by Kees Cook on 18 August 2017, 22:16:31 UTC, committed by Linus Torvalds on 18 August 2017, 22:32:02 UTC
Moving the x86_64 and arm64 PIE base from 0x555555554000 to 0x000100000000
broke AddressSanitizer. This is a partial revert of:
eab09532d400 ("binfmt_elf: use ELF_ET_DYN_BASE only for PIE")
02445990a96e ("arm64: move ELF_ET_DYN_BASE to 4GB / 4MB")
The AddressSanitizer tool has hard-coded expectations about where
executable mappings are loaded.
The motivation for changing the PIE base in the above commits was to
avoid the Stack-Clash CVEs that allowed executable mappings to get too
close to heap and stack. This was mainly a problem on 32-bit, but the
64-bit bases were moved too, in an effort to proactively protect those
systems (proofs of concept do exist that show 64-bit collisions, but
other recent changes to fix stack accounting and setuid behaviors will
minimize the impact).
The new 32-bit PIE base is fine for ASan (since it matches the ET_EXEC
base), so only the 64-bit PIE base needs to be reverted to let x86 and
arm64 ASan binaries run again. Future changes to the 64-bit PIE base on
these architectures can be made optional once a more dynamic method for
dealing with AddressSanitizer is found. (e.g. always loading PIE into
the mmap region for marked binaries.)
Link: http://lkml.kernel.org/r/20170807201542.GA21271@beast
Fixes: eab09532d400 ("binfmt_elf: use ELF_ET_DYN_BASE only for PIE")
Fixes: 02445990a96e ("arm64: move ELF_ET_DYN_BASE to 4GB / 4MB")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Kostya Serebryany <kcc@google.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 704b862
checkincludes.pl
#!/usr/bin/env perl
#
# checkincludes: find/remove files included more than once
#
# Copyright abandoned, 2000, Niels Kristian Bech Jensen <nkbj@image.dk>.
# Copyright 2009 Luis R. Rodriguez <mcgrof@gmail.com>
#
# This script checks for duplicate includes. It also has support
# to remove them in place. Note that this will not take into
# consideration macros so you should run this only if you know
# you do have real dups and do not have them under #ifdef's. You
# could also just review the results.
use strict;
sub usage {
print "Usage: checkincludes.pl [-r]\n";
print "By default we just warn of duplicates\n";
print "To remove duplicated includes in place use -r\n";
exit 1;
}
my $remove = 0;
if ($#ARGV < 0) {
usage();
}
if ($#ARGV >= 1) {
if ($ARGV[0] =~ /^-/) {
if ($ARGV[0] eq "-r") {
$remove = 1;
shift;
} else {
usage();
}
}
}
my $dup_counter = 0;
foreach my $file (@ARGV) {
open(my $f, '<', $file)
or die "Cannot open $file: $!.\n";
my %includedfiles = ();
my @file_lines = ();
while (<$f>) {
if (m/^\s*#\s*include\s*[<"](\S*)[>"]/o) {
++$includedfiles{$1};
}
push(@file_lines, $_);
}
close($f);
if (!$remove) {
foreach my $filename (keys %includedfiles) {
if ($includedfiles{$filename} > 1) {
print "$file: $filename is included more than once.\n";
++$dup_counter;
}
}
next;
}
open($f, '>', $file)
or die("Cannot write to $file: $!");
my $dups = 0;
foreach (@file_lines) {
if (m/^\s*#\s*include\s*[<"](\S*)[>"]/o) {
foreach my $filename (keys %includedfiles) {
if ($1 eq $filename) {
if ($includedfiles{$filename} > 1) {
$includedfiles{$filename}--;
$dups++;
++$dup_counter;
} else {
print {$f} $_;
}
}
}
} else {
print {$f} $_;
}
}
if ($dups > 0) {
print "$file: removed $dups duplicate includes\n";
}
close($f);
}
if ($dup_counter == 0) {
print "No duplicate includes found.\n";
}
Computing file changes ...
