main/linux-vserver: fix memory map on PIE executables

(cherry picked from commit 543ea1b7436f575c6125a8b33b2547e9bbcc2a39)
author: Natanael Copa <ncopa@alpinelinux.org> 2013-10-02 07:40:13 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-10-02 11:53:34 +0000
commit: 51c2dd402a67512c6c21567ee76c81eb73ef1b64 (patch)
tree: d014a73530bd84489eb50120e600f4c86f3fa072
parent: 918a9cd5b3fa24ad3890ec8992db5bf26fe4818c (diff)
download: alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.tar.bz2
alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.tar.xz
alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.zip
2 files changed, 73 insertions, 1 deletions
diff --git a/main/linux-vserver/APKBUILD b/main/linux-vserver/APKBUILD
index f65f98e2c5..08e3dfa3f5 100644
--- a/main/linux-vserver/APKBUILD
+++ b/main/linux-vserver/APKBUILD
@@ -3,7 +3,7 @@
 _flavor=vserver
 pkgname=linux-${_flavor}
 pkgver=3.4.63
-pkgrel=0
+pkgrel=1
 _vsver=vs2.3.3.9
 if [ "${pkgver##*.*.*}" = "$pkgver" ]; then
@@ -22,6 +22,7 @@ install=
 source="http://www.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
        http://www.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
        patch-$pkgver-$_vsver.diff
+        aslr-pie.patch
        kernelconfig.x86
        kernelconfig.x86_64
        "
@@ -138,15 +139,18 @@ dev() {
 md5sums="967f72983655e2479f951195953e8480  linux-3.4.tar.xz
 44a633f8494b3e3008ace9e74c6b9e75  patch-3.4.63.xz
 296bcb44cdc4e776a938e203cbbd5151  patch-3.4.63-vs2.3.3.9.diff
+5901bfca41ac6a557e12b48115d3d1b2  aslr-pie.patch
 1fce2ef2e47d19c150ab0b2df3373a57  kernelconfig.x86
 b6a18f4cb2523bbd2500809e61172f8f  kernelconfig.x86_64"
 sha256sums="ff3dee6a855873d12487a6f4070ec2f7996d073019171361c955639664baa0c6  linux-3.4.tar.xz
 436422cc2c0ac6243632561955c3ecefd3150d0ba061943f45600c0674e4da89  patch-3.4.63.xz
 2d722df186395a3592928a7166962d503ae5bd726b47ee5eb9a60d39c39f159a  patch-3.4.63-vs2.3.3.9.diff
+37ad5b5f44fcc119f71c81e8cda376c13ecc04f785bd2e1892782def6f5cfae3  aslr-pie.patch
 e97b45a117671c5a87a9ba4a1f946125053eac078d297f61f9c8d4594acbf830  kernelconfig.x86
 d44d1a1be3402847f540cc0cfb201deec7084b4c516e592b92e115ab3f71d4b5  kernelconfig.x86_64"
 sha512sums="1c49b336750c9c2b49d21e54126f22a800367296be0d57e6df28b1532cbeba7fc3bdf4cfe27d9810576e76c2db2e9c2493f0804451c915137cb78d7aa61f236c  linux-3.4.tar.xz
 c8d4e56062e3f1bdbb3c3b46cd6db42f63e6b86c6a1a45d181eb0160a1c7ecca13928f61484f949d6c968e437f275d43bca035a44c742f78d2cf77db1bcca1aa  patch-3.4.63.xz
 26623fca09815baee653a8da5af46797bc0b54f250a09401ede64c71ad2c844a1b59e7a0c7fc024e5c9025ddf3109ef2d2aa49c3866daa9288861d0d326d7f83  patch-3.4.63-vs2.3.3.9.diff
+0314ff29551dfde45fe05d43cb571348d955b5338b33acb26e29fa80f73ef28f34bbdf01006e4aecee372f3863517357a99cdec08b183a8dd9121ee9d0314b2e  aslr-pie.patch
 f12f999c84f724a4ac20a736c7f56671e23b2a9ddce4b0576dc17d0b3e8f319f5c4bc40b58992eba75ace44148018d85de24b2516d0a83240cd0ca3803606eae  kernelconfig.x86
 4cf43a7fc609e9822919e5706f38c03ef72deae2eae6b7d4c4ca7f9f29bccd1f01c0d65660a0c5234df6c2123a1d0c797dbdcb57ca5559e39644704426657f3e  kernelconfig.x86_64"
diff --git a/main/linux-vserver/aslr-pie.patch b/main/linux-vserver/aslr-pie.patch
new file mode 100644
index 0000000000..8b907e447e
--- /dev/null
+++ b/main/linux-vserver/aslr-pie.patch
@@ -0,0 +1,68 @@
+From a72b1fccf6c7c54c7a3ceef525b615b26b38f4a4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Tue, 1 Oct 2013 13:46:04 +0300
+Subject: [PATCH 3.4.63-vanilla] fs/binfmt_elf: fix memory map for PIE applications
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+arch/x86/include/asm/elf.h comment says:
+"
+ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded
+if exec'ed.  Typical use of this is to invoke "./ld.so someprog"
+to test out a new version of the loader.  We need to make sure
+that it is out of the way of the program that it will "exec",
+and that there is sufficient room for the brk.
+"
+In case we have main application linked as PIE, this will cause
+problems as the main program itself will go the memory location
+that allows very little heap.
+This fixes the loader to detect PIE application by checking if
+elf_interpreter is requested, and loads them to beginning of the
+address space instead of the specially crafted place for elf
+interpreter.
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ fs/binfmt_elf.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+index a009b9e..b3723a2 100644
+--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
+@@ -790,20 +790,19 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+                         * default mmap base, as well as whatever program they
+                         * might try to exec.  This is because the brk will
+                         * follow the loader, and is not movable.  */
+                       if (elf_interpreter)
+                               load_bias = 0x00400000UL;
+                       else
+                               load_bias = ELF_ET_DYN_BASE;
+ #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
+                        /* Memory randomization might have been switched off
+-                        * in runtime via sysctl.
+-                        * If that is the case, retain the original non-zero
+-                        * load_bias value in order to establish proper
+-                        * non-randomized mappings.
+                        * in runtime via sysctl or explicit setting of
+                        * ersonality flags.
+                         */
+                        if (current->flags & PF_RANDOMIZE)
+-                               load_bias = 0;
+-                       else
+-                               load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+-#else
+-                       load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+                               load_bias += (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
+ #endif
+                       load_bias = ELF_PAGESTART(vaddr + load_bias);
+                }
+ 
+                error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
+-- 
+1.8.4
author	Natanael Copa <ncopa@alpinelinux.org>	2013-10-02 07:40:13 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-10-02 11:53:34 +0000
commit	51c2dd402a67512c6c21567ee76c81eb73ef1b64 (patch)
tree	d014a73530bd84489eb50120e600f4c86f3fa072
parent	918a9cd5b3fa24ad3890ec8992db5bf26fe4818c (diff)
download	alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.tar.bz2 alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.tar.xz alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.zip

diff --git a/main/linux-vserver/APKBUILD b/main/linux-vserver/APKBUILD index f65f98e2c5..08e3dfa3f5 100644 --- a/main/linux-vserver/APKBUILD +++ b/main/linux-vserver/APKBUILD
@@ -3,7 +3,7 @@
3	_flavor=vserver	3	_flavor=vserver
4	pkgname=linux-${_flavor}	4	pkgname=linux-${_flavor}
5	pkgver=3.4.63	5	pkgver=3.4.63
6	pkgrel=0	6	pkgrel=1
7	_vsver=vs2.3.3.9	7	_vsver=vs2.3.3.9
8		8
9	if [ "${pkgver##..*}" = "$pkgver" ]; then	9	if [ "${pkgver##..*}" = "$pkgver" ]; then
@@ -22,6 +22,7 @@ install=
22	source="http://www.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz	22	source="http://www.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
23	http://www.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz	23	http://www.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
24	patch-$pkgver-$_vsver.diff	24	patch-$pkgver-$_vsver.diff
		25	aslr-pie.patch
25	kernelconfig.x86	26	kernelconfig.x86
26	kernelconfig.x86_64	27	kernelconfig.x86_64
27	"	28	"
@@ -138,15 +139,18 @@ dev() {
138	md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz	139	md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz
139	44a633f8494b3e3008ace9e74c6b9e75 patch-3.4.63.xz	140	44a633f8494b3e3008ace9e74c6b9e75 patch-3.4.63.xz
140	296bcb44cdc4e776a938e203cbbd5151 patch-3.4.63-vs2.3.3.9.diff	141	296bcb44cdc4e776a938e203cbbd5151 patch-3.4.63-vs2.3.3.9.diff
		142	5901bfca41ac6a557e12b48115d3d1b2 aslr-pie.patch
141	1fce2ef2e47d19c150ab0b2df3373a57 kernelconfig.x86	143	1fce2ef2e47d19c150ab0b2df3373a57 kernelconfig.x86
142	b6a18f4cb2523bbd2500809e61172f8f kernelconfig.x86_64"	144	b6a18f4cb2523bbd2500809e61172f8f kernelconfig.x86_64"
143	sha256sums="ff3dee6a855873d12487a6f4070ec2f7996d073019171361c955639664baa0c6 linux-3.4.tar.xz	145	sha256sums="ff3dee6a855873d12487a6f4070ec2f7996d073019171361c955639664baa0c6 linux-3.4.tar.xz
144	436422cc2c0ac6243632561955c3ecefd3150d0ba061943f45600c0674e4da89 patch-3.4.63.xz	146	436422cc2c0ac6243632561955c3ecefd3150d0ba061943f45600c0674e4da89 patch-3.4.63.xz
145	2d722df186395a3592928a7166962d503ae5bd726b47ee5eb9a60d39c39f159a patch-3.4.63-vs2.3.3.9.diff	147	2d722df186395a3592928a7166962d503ae5bd726b47ee5eb9a60d39c39f159a patch-3.4.63-vs2.3.3.9.diff
		148	37ad5b5f44fcc119f71c81e8cda376c13ecc04f785bd2e1892782def6f5cfae3 aslr-pie.patch
146	e97b45a117671c5a87a9ba4a1f946125053eac078d297f61f9c8d4594acbf830 kernelconfig.x86	149	e97b45a117671c5a87a9ba4a1f946125053eac078d297f61f9c8d4594acbf830 kernelconfig.x86
147	d44d1a1be3402847f540cc0cfb201deec7084b4c516e592b92e115ab3f71d4b5 kernelconfig.x86_64"	150	d44d1a1be3402847f540cc0cfb201deec7084b4c516e592b92e115ab3f71d4b5 kernelconfig.x86_64"
148	sha512sums="1c49b336750c9c2b49d21e54126f22a800367296be0d57e6df28b1532cbeba7fc3bdf4cfe27d9810576e76c2db2e9c2493f0804451c915137cb78d7aa61f236c linux-3.4.tar.xz	151	sha512sums="1c49b336750c9c2b49d21e54126f22a800367296be0d57e6df28b1532cbeba7fc3bdf4cfe27d9810576e76c2db2e9c2493f0804451c915137cb78d7aa61f236c linux-3.4.tar.xz
149	c8d4e56062e3f1bdbb3c3b46cd6db42f63e6b86c6a1a45d181eb0160a1c7ecca13928f61484f949d6c968e437f275d43bca035a44c742f78d2cf77db1bcca1aa patch-3.4.63.xz	152	c8d4e56062e3f1bdbb3c3b46cd6db42f63e6b86c6a1a45d181eb0160a1c7ecca13928f61484f949d6c968e437f275d43bca035a44c742f78d2cf77db1bcca1aa patch-3.4.63.xz
150	26623fca09815baee653a8da5af46797bc0b54f250a09401ede64c71ad2c844a1b59e7a0c7fc024e5c9025ddf3109ef2d2aa49c3866daa9288861d0d326d7f83 patch-3.4.63-vs2.3.3.9.diff	153	26623fca09815baee653a8da5af46797bc0b54f250a09401ede64c71ad2c844a1b59e7a0c7fc024e5c9025ddf3109ef2d2aa49c3866daa9288861d0d326d7f83 patch-3.4.63-vs2.3.3.9.diff
		154	0314ff29551dfde45fe05d43cb571348d955b5338b33acb26e29fa80f73ef28f34bbdf01006e4aecee372f3863517357a99cdec08b183a8dd9121ee9d0314b2e aslr-pie.patch
151	f12f999c84f724a4ac20a736c7f56671e23b2a9ddce4b0576dc17d0b3e8f319f5c4bc40b58992eba75ace44148018d85de24b2516d0a83240cd0ca3803606eae kernelconfig.x86	155	f12f999c84f724a4ac20a736c7f56671e23b2a9ddce4b0576dc17d0b3e8f319f5c4bc40b58992eba75ace44148018d85de24b2516d0a83240cd0ca3803606eae kernelconfig.x86
152	4cf43a7fc609e9822919e5706f38c03ef72deae2eae6b7d4c4ca7f9f29bccd1f01c0d65660a0c5234df6c2123a1d0c797dbdcb57ca5559e39644704426657f3e kernelconfig.x86_64"	156	4cf43a7fc609e9822919e5706f38c03ef72deae2eae6b7d4c4ca7f9f29bccd1f01c0d65660a0c5234df6c2123a1d0c797dbdcb57ca5559e39644704426657f3e kernelconfig.x86_64"


diff --git a/main/linux-vserver/aslr-pie.patch b/main/linux-vserver/aslr-pie.patch new file mode 100644 index 0000000000..8b907e447e --- /dev/null +++ b/main/linux-vserver/aslr-pie.patch
@@ -0,0 +1,68 @@
		1	From a72b1fccf6c7c54c7a3ceef525b615b26b38f4a4 Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
		3	Date: Tue, 1 Oct 2013 13:46:04 +0300
		4	Subject: [PATCH 3.4.63-vanilla] fs/binfmt_elf: fix memory map for PIE applications
		5	MIME-Version: 1.0
		6	Content-Type: text/plain; charset=UTF-8
		7	Content-Transfer-Encoding: 8bit
		8
		9	arch/x86/include/asm/elf.h comment says:
		10	"
		11	ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded
		12	if exec'ed. Typical use of this is to invoke "./ld.so someprog"
		13	to test out a new version of the loader. We need to make sure
		14	that it is out of the way of the program that it will "exec",
		15	and that there is sufficient room for the brk.
		16	"
		17
		18	In case we have main application linked as PIE, this will cause
		19	problems as the main program itself will go the memory location
		20	that allows very little heap.
		21
		22	This fixes the loader to detect PIE application by checking if
		23	elf_interpreter is requested, and loads them to beginning of the
		24	address space instead of the specially crafted place for elf
		25	interpreter.
		26
		27	Signed-off-by: Timo Teräs <timo.teras@iki.fi>
		28	---
		29	fs/binfmt_elf.c \| 17 ++++++++---------
		30	1 file changed, 8 insertions(+), 9 deletions(-)
		31
		32	diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
		33	index a009b9e..b3723a2 100644
		34	--- a/fs/binfmt_elf.c
		35	+++ b/fs/binfmt_elf.c
		36	@@ -790,20 +790,19 @@ static int load_elf_binary(struct linux_binprm bprm, struct pt_regs regs)
		37	* default mmap base, as well as whatever program they
		38	* might try to exec. This is because the brk will
		39	* follow the loader, and is not movable. */
		40	+ if (elf_interpreter)
		41	+ load_bias = 0x00400000UL;
		42	+ else
		43	+ load_bias = ELF_ET_DYN_BASE;
		44	#ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
		45	/* Memory randomization might have been switched off
		46	- * in runtime via sysctl.
		47	- * If that is the case, retain the original non-zero
		48	- * load_bias value in order to establish proper
		49	- * non-randomized mappings.
		50	+ * in runtime via sysctl or explicit setting of
		51	+ * ersonality flags.
		52	*/
		53	if (current->flags & PF_RANDOMIZE)
		54	- load_bias = 0;
		55	- else
		56	- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
		57	-#else
		58	- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
		59	+ load_bias += (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
		60	#endif
		61	+ load_bias = ELF_PAGESTART(vaddr + load_bias);
		62	}
		63
		64	error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
		65	--
		66	1.8.4
		67
		68