Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 30 Nov 2022 10:12:35 -0500
From: Rich Felker <dalias@...c.org>
To: Markus Wichmann <nullplan@....net>
Cc: musl@...ts.openwall.com
Subject: Re: Invalid page size reference in __dls2

On Mon, Nov 28, 2022 at 08:47:40PM +0100, Markus Wichmann wrote:
> Hi all,
> 
> __dls2 calls kernel_mapped_dso(), and that one uses the PAGE_SIZE macro.
> Whenever <bits/limits.h> does not define PAGESIZE, PAGE_SIZE is defined
> as libc.page_size. That variable is only initialized at the start of
> __dls3, so the DSO descriptor for libc ends up being wrong.
> 
> Since the libc object has static storage duration, page_size is
> initialized with zero. So at least nothing undefined happens. The impact
> is, it will calculate the relro pointers as being zero, so no relro will
> happen, and it will calculate maximum and minimum addresses as being
> zero, therefore setting map to base and map_len to zero. This will cause
> dladdr() not to find the libc. Yeah, not the biggest of impacts.
> 
> This, again, affects all architectures that don't define PAGESIZE, so at
> this time those are
> 
> aarch64
> arm
> m68k
> microblaze
> mips
> mips64
> mipsn32
> powerpc
> powerpc64
> riscv64
> 
> I don't know whether references to libc are even valid in __dls2, but it
> is defined as "hidden", so that ought to be good enough. In that case it
> may be enough to just move the initialization. Otherwise it may be
> necessary to add page size as parameter to kernel_mapped_dso(). Then
> __dls2 can look it up in the aux vector at its leisure.

Nice catch. The references to libc are not valid in __dls2. If they
were, I would just re-run kernel_mapped_dso() from __dls2b or
something to get the right relro map, but I think instead we should do
something like the attached.

Rich

View attachment "ldso_page_size.diff" of type "text/plain" (753 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.