aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-vserver/aslr-pie.patch
blob: 8b907e447e09a5d02db3dcf60a479928890603c2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
From a72b1fccf6c7c54c7a3ceef525b615b26b38f4a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Tue, 1 Oct 2013 13:46:04 +0300
Subject: [PATCH 3.4.63-vanilla] fs/binfmt_elf: fix memory map for PIE applications
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

arch/x86/include/asm/elf.h comment says:
"
ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded
if exec'ed.  Typical use of this is to invoke "./ld.so someprog"
to test out a new version of the loader.  We need to make sure
that it is out of the way of the program that it will "exec",
and that there is sufficient room for the brk.
"

In case we have main application linked as PIE, this will cause
problems as the main program itself will go the memory location
that allows very little heap.

This fixes the loader to detect PIE application by checking if
elf_interpreter is requested, and loads them to beginning of the
address space instead of the specially crafted place for elf
interpreter.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
 fs/binfmt_elf.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index a009b9e..b3723a2 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -790,20 +790,19 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
 			 * default mmap base, as well as whatever program they
 			 * might try to exec.  This is because the brk will
 			 * follow the loader, and is not movable.  */
+			if (elf_interpreter)
+				load_bias = 0x00400000UL;
+			else
+				load_bias = ELF_ET_DYN_BASE;
 #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
 			/* Memory randomization might have been switched off
-			 * in runtime via sysctl.
-			 * If that is the case, retain the original non-zero
-			 * load_bias value in order to establish proper
-			 * non-randomized mappings.
+			 * in runtime via sysctl or explicit setting of
+			 * ersonality flags.
 			 */
 			if (current->flags & PF_RANDOMIZE)
-				load_bias = 0;
-			else
-				load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
-#else
-			load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+				load_bias += (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
 #endif
+			load_bias = ELF_PAGESTART(vaddr + load_bias);
 		}
 
 		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-- 
1.8.4