main/linux-grsec: fix memory map for PIE applications (when randmmap is disabled)

(cherry picked from commit 0407e45a283ccf781eea4aed24703cec49a721f9)
author: Natanael Copa <ncopa@alpinelinux.org> 2013-10-02 08:35:51 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-10-02 11:54:11 +0000
commit: 4561ca9c4f5d622dd826f2ce8b4830d6c8756456 (patch)
tree: 17690dd96677db7c0aff001e813da166af380046
parent: 51c2dd402a67512c6c21567ee76c81eb73ef1b64 (diff)
download: alpine_aports-4561ca9c4f5d622dd826f2ce8b4830d6c8756456.tar.bz2
alpine_aports-4561ca9c4f5d622dd826f2ce8b4830d6c8756456.tar.xz
alpine_aports-4561ca9c4f5d622dd826f2ce8b4830d6c8756456.zip
2 files changed, 73 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 23fe4c09f8..7a5a132334 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
 *.*.*)  _kernver=${pkgver%.*};;
 *.*)    _kernver=${pkgver};;
 esac
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -25,6 +25,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
        0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
        0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
        0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+        fix-memory-map-for-PIE-applications.patch
        kernelconfig.x86
        kernelconfig.x86_64
@@ -157,6 +158,7 @@ aa454ffb96428586447775c21449e284  0003-ipv4-properly-refresh-rtable-entries-on-p
 2a12a3717052e878c0cd42aa935bfcf4  0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
 6ce5fed63aad3f1a1ff1b9ba7b741822  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 1a5800a2122ba0cc0d06733cb3bb8b8f  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+6564cb3165cdf3d0dc0910251d62fd62  fix-memory-map-for-PIE-applications.patch
 866e6c4daed45d563829804f8ad50ed9  kernelconfig.x86
 272aaddd0a19a5052208bc25551995a3  kernelconfig.x86_64"
 sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544  linux-3.10.tar.xz
@@ -168,6 +170,7 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0  0002-arp-flush
 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736  0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
 ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+090e3e8ebcf0f8649042e1b8411722c9ee77e2da111ff84a2ed1d379f0266415  fix-memory-map-for-PIE-applications.patch
 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3  kernelconfig.x86
 f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554  kernelconfig.x86_64"
 sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35  linux-3.10.tar.xz
@@ -179,5 +182,6 @@ sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504d
 d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa  0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+101aec800e6390f2dee26b496a033b325fb00108e72fc01b3cf6719b1d256526fbc8e7448b3a06b03ce02233b86703f1f2f31267c8e1a7f28a8f47235eaa0b4a  fix-memory-map-for-PIE-applications.patch
 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df  kernelconfig.x86
 d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71  kernelconfig.x86_64"
diff --git a/main/linux-grsec/fix-memory-map-for-PIE-applications.patch b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
new file mode 100644
index 0000000000..0ef81cf93f
--- /dev/null
+++ b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
@@ -0,0 +1,68 @@
+From 21f973f87f480e3d24f1cb6c22b71253d25a3ea1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Tue, 1 Oct 2013 13:46:04 +0300
+Subject: [PATCH 3.10-grsec] fs/binfmt_elf: fix memory map for PIE applications
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+arch/*/include/asm/elf.h comments say:
+  ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded
+  if exec'ed.  Typical use of this is to invoke "./ld.so someprog"
+  to test out a new version of the loader.  We need to make sure
+  that it is out of the way of the program that it will "exec",
+  and that there is sufficient room for the brk.
+In case we have main application linked as PIE, this can cause
+problems as the main program itself is being loaded to this
+alternate address. And this allows limited heap size. While
+this is inevitable when exec'ing the interpreter directly,
+we should do better for PIE applications.
+This fixes the loader to detect PIE application by checking if
+elf_interpreter is requested. This images are loaded to beginning
+of the address space instead of the specially crafted place for elf
+interpreter. This allows full heap address space for PIE applications
+and fixes random "out of memory" errors.
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ fs/binfmt_elf.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+index 6f036ed..06419af 100644
+--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
+@@ -1217,21 +1217,19 @@ static int load_elf_binary(struct linux_binprm *bprm)
+                         * default mmap base, as well as whatever program they
+                         * might try to exec.  This is because the brk will
+                         * follow the loader, and is not movable.  */
+                       if (elf_interpreter)
+                               load_bias = 0x00400000UL;
+                       else
+                               load_bias = ELF_ET_DYN_BASE;
+ #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
+                        /* Memory randomization might have been switched off
+                         * in runtime via sysctl or explicit setting of
+                         * personality flags.
+-                        * If that is the case, retain the original non-zero
+-                        * load_bias value in order to establish proper
+-                        * non-randomized mappings.
+                         */
+                        if (current->flags & PF_RANDOMIZE)
+-                               load_bias = 0;
+-                       else
+-                               load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+-#else
+-                       load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+                               load_bias = (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
+ #endif
+                       load_bias = ELF_PAGESTART(vaddr + load_bias);
+ 
+ #ifdef CONFIG_PAX_RANDMMAP
+                        /* PaX: randomize base address at the default exe base if requested */
+-- 
+1.8.4
author	Natanael Copa <ncopa@alpinelinux.org>	2013-10-02 08:35:51 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-10-02 11:54:11 +0000
commit	4561ca9c4f5d622dd826f2ce8b4830d6c8756456 (patch)
tree	17690dd96677db7c0aff001e813da166af380046
parent	51c2dd402a67512c6c21567ee76c81eb73ef1b64 (diff)
download	alpine_aports-4561ca9c4f5d622dd826f2ce8b4830d6c8756456.tar.bz2 alpine_aports-4561ca9c4f5d622dd826f2ce8b4830d6c8756456.tar.xz alpine_aports-4561ca9c4f5d622dd826f2ce8b4830d6c8756456.zip

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 23fe4c09f8..7a5a132334 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
7	..) _kernver=${pkgver%.};;	7	..) _kernver=${pkgver%.};;
8	.) _kernver=${pkgver};;	8	.) _kernver=${pkgver};;
9	esac	9	esac
10	pkgrel=0	10	pkgrel=1
11	pkgdesc="Linux kernel with grsecurity"	11	pkgdesc="Linux kernel with grsecurity"
12	url=http://grsecurity.net	12	url=http://grsecurity.net
13	depends="mkinitfs linux-firmware"	13	depends="mkinitfs linux-firmware"
@@ -25,6 +25,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
25	0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch	25	0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
26	0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch	26	0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
27	0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch	27	0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
		28	fix-memory-map-for-PIE-applications.patch
28		29
29	kernelconfig.x86	30	kernelconfig.x86
30	kernelconfig.x86_64	31	kernelconfig.x86_64
@@ -157,6 +158,7 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p
157	2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch	158	2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
158	6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch	159	6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
159	1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch	160	1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
		161	6564cb3165cdf3d0dc0910251d62fd62 fix-memory-map-for-PIE-applications.patch
160	866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86	162	866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86
161	272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64"	163	272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64"
162	sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz	164	sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
@@ -168,6 +170,7 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush
168	260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch	170	260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
169	ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch	171	ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
170	fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch	172	fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
		173	090e3e8ebcf0f8649042e1b8411722c9ee77e2da111ff84a2ed1d379f0266415 fix-memory-map-for-PIE-applications.patch
171	7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86	174	7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86
172	f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64"	175	f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64"
173	sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz	176	sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
@@ -179,5 +182,6 @@ sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504d
179	d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch	182	d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
180	28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch	183	28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
181	249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch	184	249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
		185	101aec800e6390f2dee26b496a033b325fb00108e72fc01b3cf6719b1d256526fbc8e7448b3a06b03ce02233b86703f1f2f31267c8e1a7f28a8f47235eaa0b4a fix-memory-map-for-PIE-applications.patch
182	1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86	186	1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86
183	d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64"	187	d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64"


diff --git a/main/linux-grsec/fix-memory-map-for-PIE-applications.patch b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch new file mode 100644 index 0000000000..0ef81cf93f --- /dev/null +++ b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
@@ -0,0 +1,68 @@
		1	From 21f973f87f480e3d24f1cb6c22b71253d25a3ea1 Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
		3	Date: Tue, 1 Oct 2013 13:46:04 +0300
		4	Subject: [PATCH 3.10-grsec] fs/binfmt_elf: fix memory map for PIE applications
		5	MIME-Version: 1.0
		6	Content-Type: text/plain; charset=UTF-8
		7	Content-Transfer-Encoding: 8bit
		8
		9	arch/*/include/asm/elf.h comments say:
		10	ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded
		11	if exec'ed. Typical use of this is to invoke "./ld.so someprog"
		12	to test out a new version of the loader. We need to make sure
		13	that it is out of the way of the program that it will "exec",
		14	and that there is sufficient room for the brk.
		15
		16	In case we have main application linked as PIE, this can cause
		17	problems as the main program itself is being loaded to this
		18	alternate address. And this allows limited heap size. While
		19	this is inevitable when exec'ing the interpreter directly,
		20	we should do better for PIE applications.
		21
		22	This fixes the loader to detect PIE application by checking if
		23	elf_interpreter is requested. This images are loaded to beginning
		24	of the address space instead of the specially crafted place for elf
		25	interpreter. This allows full heap address space for PIE applications
		26	and fixes random "out of memory" errors.
		27
		28	Signed-off-by: Timo Teräs <timo.teras@iki.fi>
		29	---
		30	fs/binfmt_elf.c \| 14 ++++++--------
		31	1 file changed, 6 insertions(+), 8 deletions(-)
		32
		33	diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
		34	index 6f036ed..06419af 100644
		35	--- a/fs/binfmt_elf.c
		36	+++ b/fs/binfmt_elf.c
		37	@@ -1217,21 +1217,19 @@ static int load_elf_binary(struct linux_binprm *bprm)
		38	* default mmap base, as well as whatever program they
		39	* might try to exec. This is because the brk will
		40	* follow the loader, and is not movable. */
		41	+ if (elf_interpreter)
		42	+ load_bias = 0x00400000UL;
		43	+ else
		44	+ load_bias = ELF_ET_DYN_BASE;
		45	#ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
		46	/* Memory randomization might have been switched off
		47	* in runtime via sysctl or explicit setting of
		48	* personality flags.
		49	- * If that is the case, retain the original non-zero
		50	- * load_bias value in order to establish proper
		51	- * non-randomized mappings.
		52	*/
		53	if (current->flags & PF_RANDOMIZE)
		54	- load_bias = 0;
		55	- else
		56	- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
		57	-#else
		58	- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
		59	+ load_bias = (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
		60	#endif
		61	+ load_bias = ELF_PAGESTART(vaddr + load_bias);
		62
		63	#ifdef CONFIG_PAX_RANDMMAP
		64	/* PaX: randomize base address at the default exe base if requested */
		65	--
		66	1.8.4
		67
		68