Re: [PATCH 3/4] exec: On 64-bit, map lower 4 GB inaccessible for PIEs

[Samuel Thibault]

Applied, thanks!

Sergey Bugaev, le lun. 26 juin 2023 02:11:36 +0300, a ecrit:
> We want to map the whole lower 4 GB of address space inaccessible to
> catch accidental pointer truncation. We can only do this when the
> executable (as well as the interpreter, if any) is compiled as PIC/PIE,
> since otherwise we would violate the ABI requirement. Fortunately most
> distributions have already switched to using PIE by default, so this
> should not be an issue.
> ---
>  exec/exec.c | 15 ++++++++++++++-
>  1 file changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/exec/exec.c b/exec/exec.c
> index 2e5fbfcd..4415fa50 100644
> --- a/exec/exec.c
> +++ b/exec/exec.c
> @@ -1263,8 +1263,21 @@ do_exec (file_t file,
>    /* Map page zero redzoned.  */
>    {
>      vm_address_t addr = 0;
> +    vm_size_t size = vm_page_size;
> +
> +#ifdef __LP64__
> +    /* On 64-bit, map the entire lower 4 GB redzoned to catch pointer
> +       truncation, but only if the program is fine with being loaded at an
> +       arbitrary address -- otherwise we'd violate the assumption of the 
> small
> +       code model (-mcmodel=small, which is the default) that all symbols are
> +       located in the lower 2 GB of the address space.  */
> +    if (e.info.elf.anywhere && (interp.file == MACH_PORT_NULL
> +                             || interp.info.elf.anywhere))
> +      size = (vm_size_t) 1 << 32;
> +#endif
> +
>      e.error = vm_map (newtask,
> -                   &addr, vm_page_size, 0, 0, MACH_PORT_NULL, 0, 1,
> +                   &addr, size, 0, 0, MACH_PORT_NULL, 0, 1,
>                     VM_PROT_NONE, VM_PROT_NONE, VM_INHERIT_COPY);
>      if (e.error)
>        goto out;
> -- 
> 2.41.0
> 
> 

-- 
Samuel
---
Pour une évaluation indépendante, transparente et rigoureuse !
Je soutiens la Commission d'Évaluation de l'Inria.