main/linux-grsec: fix memory map for PIE applications (when randmmap is disabled)

author: Natanael Copa <ncopa@alpinelinux.org> 2013-10-02 08:35:51 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-10-02 08:35:51 +0000
commit: 0407e45a283ccf781eea4aed24703cec49a721f9 (patch)
tree: 65f7db1b9e25010530baf0928bfb8d4b9e921aaf
parent: 562765e842b43133319b1f084f0479ba4843abbe (diff)
download: aports-0407e45a283ccf781eea4aed24703cec49a721f9.tar.bz2
aports-0407e45a283ccf781eea4aed24703cec49a721f9.tar.xz
2 files changed, 73 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 318e2c087..926baa84c 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
 esac
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -25,6 +25,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
 	0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 	0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+	fix-memory-map-for-PIE-applications.patch
 
 	kernelconfig.x86
 	kernelconfig.x86_64
@@ -157,6 +158,7 @@ aa454ffb96428586447775c21449e284  0003-ipv4-properly-refresh-rtable-entries-on-p
 2a12a3717052e878c0cd42aa935bfcf4  0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
 6ce5fed63aad3f1a1ff1b9ba7b741822  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 1a5800a2122ba0cc0d06733cb3bb8b8f  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+6564cb3165cdf3d0dc0910251d62fd62  fix-memory-map-for-PIE-applications.patch
 866e6c4daed45d563829804f8ad50ed9  kernelconfig.x86
 272aaddd0a19a5052208bc25551995a3  kernelconfig.x86_64"
 sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544  linux-3.10.tar.xz
@@ -168,6 +170,7 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0  0002-arp-flush
 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736  0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
 ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+090e3e8ebcf0f8649042e1b8411722c9ee77e2da111ff84a2ed1d379f0266415  fix-memory-map-for-PIE-applications.patch
 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3  kernelconfig.x86
 f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554  kernelconfig.x86_64"
 sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35  linux-3.10.tar.xz
@@ -179,5 +182,6 @@ sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504d
 d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa  0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+101aec800e6390f2dee26b496a033b325fb00108e72fc01b3cf6719b1d256526fbc8e7448b3a06b03ce02233b86703f1f2f31267c8e1a7f28a8f47235eaa0b4a  fix-memory-map-for-PIE-applications.patch
 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df  kernelconfig.x86
 d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71  kernelconfig.x86_64"
diff --git a/main/linux-grsec/fix-memory-map-for-PIE-applications.patch b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
new file mode 100644
index 000000000..0ef81cf93
--- /dev/null
+++ b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
@@ -0,0 +1,68 @@
+From 21f973f87f480e3d24f1cb6c22b71253d25a3ea1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Tue, 1 Oct 2013 13:46:04 +0300
+Subject: [PATCH 3.10-grsec] fs/binfmt_elf: fix memory map for PIE applications
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+arch/*/include/asm/elf.h comments say:
+  ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded
+  if exec'ed.  Typical use of this is to invoke "./ld.so someprog"
+  to test out a new version of the loader.  We need to make sure
+  that it is out of the way of the program that it will "exec",
+  and that there is sufficient room for the brk.
+
+In case we have main application linked as PIE, this can cause
+problems as the main program itself is being loaded to this
+alternate address. And this allows limited heap size. While
+this is inevitable when exec'ing the interpreter directly,
+we should do better for PIE applications.
+
+This fixes the loader to detect PIE application by checking if
+elf_interpreter is requested. This images are loaded to beginning
+of the address space instead of the specially crafted place for elf
+interpreter. This allows full heap address space for PIE applications
+and fixes random "out of memory" errors.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ fs/binfmt_elf.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+index 6f036ed..06419af 100644
+--- a/fs/binfmt_elf.c
++++ b/fs/binfmt_elf.c
+@@ -1217,21 +1217,19 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 			 * default mmap base, as well as whatever program they
+ 			 * might try to exec.  This is because the brk will
+ 			 * follow the loader, and is not movable.  */
++			if (elf_interpreter)
++				load_bias = 0x00400000UL;
++			else
++				load_bias = ELF_ET_DYN_BASE;
+ #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
+ 			/* Memory randomization might have been switched off
+ 			 * in runtime via sysctl or explicit setting of
+ 			 * personality flags.
+-			 * If that is the case, retain the original non-zero
+-			 * load_bias value in order to establish proper
+-			 * non-randomized mappings.
+ 			 */
+ 			if (current->flags & PF_RANDOMIZE)
+-				load_bias = 0;
+-			else
+-				load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+-#else
+-			load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
++				load_bias = (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
+ #endif
++			load_bias = ELF_PAGESTART(vaddr + load_bias);
+ 
+ #ifdef CONFIG_PAX_RANDMMAP
+ 			/* PaX: randomize base address at the default exe base if requested */
+-- 
+1.8.4
+
+
author	Natanael Copa <ncopa@alpinelinux.org>	2013-10-02 08:35:51 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-10-02 08:35:51 +0000
commit	0407e45a283ccf781eea4aed24703cec49a721f9 (patch)
tree	65f7db1b9e25010530baf0928bfb8d4b9e921aaf
parent	562765e842b43133319b1f084f0479ba4843abbe (diff)
download	aports-0407e45a283ccf781eea4aed24703cec49a721f9.tar.bz2 aports-0407e45a283ccf781eea4aed24703cec49a721f9.tar.xz