Bash's malloc does not work within qemu-user when compiled with PIE enabled
Hello, in Debian we wanted to build bash with PIE enabled [1], but we discovered that bash was broken under qemu-user when it was compiled that way [2]. It turns out that it's broken only when it uses bash's malloc implementation. If we build bash with PIE and --without-bash-malloc then we don't have the problem. It would be nice if bash's malloc implementation could be fixed to also work under qemu-user. This was all tested with 4.4 patchlevel 18. [1] https://bugs.debian.org/865599 https://manpages.debian.org/unstable/dpkg-dev/dpkg-buildflags.1.en.html (see section about "pie", basically we add -fPIE to CFLAGS and -fPIE -pie to LDFLAGS) [2] https://bugs.debian.org/889869 -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled
On 2/13/18 6:41 AM, Raphael Hertzog wrote: > Hello, > > in Debian we wanted to build bash with PIE enabled [1], but we discovered that > bash was broken under qemu-user when it was compiled that way [2]. > > It turns out that it's broken only when it uses bash's malloc > implementation. If we build bash with PIE and --without-bash-malloc then > we don't have the problem. > > It would be nice if bash's malloc implementation could be fixed to also > work under qemu-user. Does sbrk(2) work in a PIE-enabled environment? -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled
Hello, On Tue, 13 Feb 2018, Chet Ramey wrote: > > It would be nice if bash's malloc implementation could be fixed to also > > work under qemu-user. > > Does sbrk(2) work in a PIE-enabled environment? Note that a bash binary compiled with PIE works fine for normal usage with a current Linux kernel. Apparently it was causing troubles with older Linux kernels, see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483 But with current kernels it works fine. The problem only happens under qemu-user. >From what I understood the memory layout of a PIE-compiled binary is different but sbrk() still works the same. Maybe some assumption that you are doing about the memory layout are not holding true however. While trying to learn more about this I found this URL https://gist.github.com/CMCDragonkai/10ab53654b2aa6ce55c11cfc5b2432a4 I'm sorry but I don't know much more than that on this topic. Maybe some qemu developers should be involved in the discussion. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled
On 2/13/18 11:23 AM, Raphael Hertzog wrote: > Hello, > > On Tue, 13 Feb 2018, Chet Ramey wrote: >>> It would be nice if bash's malloc implementation could be fixed to also >>> work under qemu-user. >> >> Does sbrk(2) work in a PIE-enabled environment? > > Note that a bash binary compiled with PIE works fine for normal usage > with a current Linux kernel. Apparently it was causing troubles with > older Linux kernels, see > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483 > > But with current kernels it works fine. The problem only happens > under qemu-user. Wouldn't that imply that the problem has something to do with qemu-user and how it interacts with sbrk? > > From what I understood the memory layout of a PIE-compiled binary is > different but sbrk() still works the same. Maybe some assumption that you > are doing about the memory layout are not holding true however. The only assumption bash makes is that sbrk() extends the break and that the pointer it returns marks the beginning of contiguously addressable storage of the requested size. > > While trying to learn more about this I found this URL > https://gist.github.com/CMCDragonkai/10ab53654b2aa6ce55c11cfc5b2432a4 The applicable part of this is that sbrk() extends the heap. The thing about the error message in the ubuntu bug report is that it's literally the first call to xmalloc bash makes at startup: the call to savestring when saving the default locale. You can tell because it reports 0 bytes as having been allocated. sbrk() fails immediately. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
