[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a
From: |
Peter Ogden |
Subject: |
[Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary? |
Date: |
Thu, 01 Mar 2018 19:15:15 -0000 |
This appears to be a problem in all PIE-compiled executables that use
sbrk in qemu-user due to the way that position-independent code gets
mmapped into adjacent ranges meaning there is no room for expansion.
I've hacked my version of QEMU to force the program binary to mmap in a
different range allowing for the region to be resized which fixes this
issue. I don't know the most appropriate way to determine what range to
use in generate though.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he
suggested that the issue might be in qemu-user so I'm opening a ticket here.
Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE
binary) even when run directly but then something got fixed in the kernel and
now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
- [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?,
Peter Ogden <=
- [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?, Peter Maydell, 2018/03/15
- [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?, Matthias Klose, 2018/03/15
- [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?, Peter Maydell, 2018/03/15
- [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?, Peter Ogden, 2018/03/15
- [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?, Launchpad Bug Tracker, 2018/03/22