From 45951edd26c466fb8fb780128e7e0ec603059d42 Mon Sep 17 00:00:00 2001 From: Lv Ying Date: Fri, 28 Apr 2023 13:56:53 +0800 Subject: [PATCH] elf/ld.so: Consider maybe-existing hole between PT_LOAD segments when mmap reserved area Signed-off-by: Lv Ying (cherry picked from commit 17c0041f1ca0eb8ca6b68dd3177434de7a60e353) --- ...er-maybe-existing-hole-between-PT_LO.patch | 47 +++++++++++++++++++ glibc.spec | 6 ++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 elf-ld.so-Consider-maybe-existing-hole-between-PT_LO.patch diff --git a/elf-ld.so-Consider-maybe-existing-hole-between-PT_LO.patch b/elf-ld.so-Consider-maybe-existing-hole-between-PT_LO.patch new file mode 100644 index 0000000..9ce5870 --- /dev/null +++ b/elf-ld.so-Consider-maybe-existing-hole-between-PT_LO.patch @@ -0,0 +1,47 @@ +From 1b296563c92c896f072343b5f19286e8b5942b9e Mon Sep 17 00:00:00 2001 +From: hubin +Date: Fri, 28 Apr 2023 11:30:47 +0800 +Subject: [PATCH] elf/ld.so: Consider maybe-existing hole between PT_LOAD + segments when mmap reserved area + +When mmap reserved area do NOT consider existing hole between PT_LOAD +segments, this will cause reserved virtual address space too small to +contain all the sections in the PT_LOAD segment. Since the address space +mapping of subsequent segments is based on the reserved address space, +each mmap has a MAP_FIXED flag, which will overwrite the reserved +address space, if the reserved space is too small, these mmap with +MAP_FIEXED flag will conflict with other address space. e.g. in some +case, the address sapce in the .bss section(last data segment) conflicts +with the address space in the heap(maybe other address space) cause the +program coredump. +--- + elf/dl-map-segments-hugepage.h | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/elf/dl-map-segments-hugepage.h b/elf/dl-map-segments-hugepage.h +index b99f726f..218e93a0 100644 +--- a/elf/dl-map-segments-hugepage.h ++++ b/elf/dl-map-segments-hugepage.h +@@ -47,10 +47,18 @@ __mmap_reserved_area(const struct loadcmd loadcmds[], size_t nloadcmds, + const struct loadcmd * c = loadcmds; + *maparealen = 0; + ++ /* ++ * Consider maybe-existing hole between PT_LOAD segments ++ */ + while (c < &loadcmds[nloadcmds]) + { +- *maparealen += ALIGN_UP((c->mapend > c->allocend ? c->mapend : c->allocend), SIZE_2MB) - ++ // c is not the last loadcmd ++ if (c + 1 < &loadcmds[nloadcmds]) { ++ *maparealen += ALIGN_UP((c + 1)->mapstart - c->mapstart, SIZE_2MB); ++ } else { ++ *maparealen += ALIGN_UP((c->mapend > c->allocend ? c->mapend : c->allocend), SIZE_2MB) - + ALIGN_DOWN(c->mapstart, SIZE_2MB); ++ } + c++; + } + +-- +2.38.1 + diff --git a/glibc.spec b/glibc.spec index e0af688..424ceb1 100644 --- a/glibc.spec +++ b/glibc.spec @@ -66,7 +66,7 @@ ############################################################################## Name: glibc Version: 2.34 -Release: 117 +Release: 118 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -297,6 +297,7 @@ Patch9034: 0002-elf-ld.so-keep-compatible-with-the-original-policy-o.patch Patch9035: 0003-elf-ld.so-remove-_mmap_hole-when-ld.so-mmap-PT_LOAD-.patch Patch9036: elf-ld.so-add-MAP_NORESERVE-flag-for-the-first-mmap-2MB-contig.patch Patch9037: elf-ld.so-prohibit-multiple-i-options-and-do-not-allow-i-speci.patch +Patch9038: elf-ld.so-Consider-maybe-existing-hole-between-PT_LO.patch Provides: ldconfig rtld(GNU_HASH) bundled(gnulib) @@ -1462,6 +1463,9 @@ fi %endif %changelog +* Fri Apr 28 2023 Lv Ying - 2.34-118 +- malloc: elf/ld.so: Consider maybe-existing hole between PT_LOAD segments when mmap reserved area + * Thu Apr 13 2023 Qingqing Li - 2.34-117 - malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779] -- Gitee