Bug 176788 - Does not like small binaries, SIGKILL with page-aligned, empty ELF segments
Does not like small binaries, SIGKILL with page-aligned, empty ELF segments
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
:
Depends On:
Blocks: 172389
  Show dependency treegraph
 
Reported: 2006-01-02 13:56 EST by Enrico Scholz
Modified: 2015-01-04 17:24 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-24 18:15:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Enrico Scholz 2006-01-02 13:56:57 EST
Description of problem:

A simple (and correct) program like

-------
                .text
                .global _start
_start:
#ifdef __i386__
		mov	$0x1,%eax
		int	$0x80
#endif
	
                .section .rodata
                .=+0x0f00	/* <<<<< */

                .section .bss
                .=+0x0100
-------

gets a SIGKILL:

| $ as foo.S -o foo.o && ld foo.o
| $ ./a.out
| Killed


Things are working fine after changing the number in the line marked
with '<<<<<' to something like '0x0e00'.


The problem is caused by the following ELF-header

| $ readelf -a ./a.out
| ...
| Program Headers:
| ...
|  LOAD           0x001000 0x08049000 0x08049000 0x00000 0x00100 RW  0x1000
                           ~~~~~~~~~~            ~~~~~~~
                           p_vaddr               p_filesz


which is read by code in fs/binfmt_elf.c. There,

| static int load_elf_binary(struct linux_...) {
| ...
|    error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
| }
|
| static unsigned long elf_map(
| ...
|        map_addr = do_mmap(filep, ELF_PAGESTART(addr),
|                           eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr), prot, type,
|                           eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr));

gets executed. With the program header above, the

|  eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr)

statement will evaluate to '0' and do_mmap() fails because zero-lengths
are not allowed.



This bug is triggered by real-world C programs too. E.g.

| char const      data[0x1f00] = { };
| int main() {}

gets a SIGKILL on ARM and PPC platforms when built with dietlibc.



Version-Release number of selected component (if applicable):

kernel-2.6.14-1.1653_FC4



How reproducible:

100%
Comment 1 Dave Jones 2006-02-03 02:32:41 EST
This is a mass-update to all currently open kernel bugs.

A new kernel update has been released (Version: 2.6.15-1.1830_FC4)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO_REPORTER state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

Thank you.
Comment 2 Enrico Scholz 2006-02-03 06:34:26 EST
Still with kernel-2.6.15-1.1830_FC4
Comment 3 Dave Jones 2006-09-16 23:25:49 EDT
[This comment added as part of a mass-update to all open FC4 kernel bugs]

FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel.  As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
to FC5.

Please retest with Fedora Core 5.

Thank you.
Comment 4 Dave Jones 2006-10-16 20:49:44 EDT
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 5 Dave Jones 2006-11-24 18:15:34 EST
This bug has been mass-closed along with all other bugs that
have been in NEEDINFO state for several months.

Due to the large volume of inactive bugs in bugzilla, this
is the only method we have of cleaning out stale bug reports
where the reporter has disappeared.

If you can reproduce this bug after installing all the
current updates, please reopen this bug.

If you are not the reporter, you can add a comment requesting
it be reopened, and someone will get to it asap.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.