[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash's malloc does not work within qemu-user when compiled with PIE
From: |
Raphael Hertzog |
Subject: |
Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled |
Date: |
Wed, 14 Feb 2018 09:38:57 +0100 |
User-agent: |
Mutt/1.9.3 (2018-01-21) |
On Tue, 13 Feb 2018, Chet Ramey wrote:
> > Note that a bash binary compiled with PIE works fine for normal usage
> > with a current Linux kernel. Apparently it was causing troubles with
> > older Linux kernels, see
> > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
> >
> > But with current kernels it works fine. The problem only happens
> > under qemu-user.
>
> Wouldn't that imply that the problem has something to do with
> qemu-user and how it interacts with sbrk?
Possibly, I opened a ticket there as well to see what they think of this:
https://bugs.launchpad.net/qemu/+bug/1749393
> > From what I understood the memory layout of a PIE-compiled binary is
> > different but sbrk() still works the same. Maybe some assumption that you
> > are doing about the memory layout are not holding true however.
>
> The only assumption bash makes is that sbrk() extends the break and that
> the pointer it returns marks the beginning of contiguously addressable
> storage of the requested size.
>
> > While trying to learn more about this I found this URL
> > https://gist.github.com/CMCDragonkai/10ab53654b2aa6ce55c11cfc5b2432a4
>
> The applicable part of this is that sbrk() extends the heap.
One thing that I saw in that document is "An interesting fact is that if
you produce a position independent executable, the starting address
instead changes to 0x0".
Isn't it possible that sbrk() returns that pointer to you and you treat
it as being an error instead of a valid address?
> The thing about the error message in the ubuntu bug report is that it's
> literally the first call to xmalloc bash makes at startup: the call to
> savestring when saving the default locale. You can tell because it reports
> 0 bytes as having been allocated. sbrk() fails immediately.
In my tests under qemu-user, I see this:
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
It's "savestring (shell_name)".
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/