Description of problem: We have been tripping over a segmentation fault in the ELF binary loader when loading /lib/ld-linux.so.2. The kernel is patched (by exec-shield I think) to change load_elf_interp() to return the offset between the v-addresses in the header and the actual v-addresses used. It then checks this offset using BAD_ADDR (fs/binfmt_elf.c line 1015) before adjusting it back into the final address. We have observed that the offset can fail the BAD_ADDR test even when the final address would be completely valid. In this case the address is not valid and the following test for BAD_ADDR (line 1021) segv's the process. For example vaddr in the ELF header == 0x7cb000 and map_addr == 0x7ca000 gives load_addr == 0xfffff000 which is returned from load_elf_interp() and fails the BAD_ADDR check. The attached patch returns the old semantics to load_elf_interp() (and matches load_aout_interp()) by moving the adjustment back to the final address back into load_elf_interp(). I'm not convinced this bug can be kernel-xen specific but that is where we observed it hence I've filed against that component. Version-Release number of selected component (if applicable): 2.6.18-8.1.6.EL How reproducible: Quite time consuming. We observed the bug due to sshd re-execing itself for each connection. A continuous loop of ssh logins from another host was sufficient to trigger the bug in between 1 and 24 hours or so.
Created attachment 158657 [details] Patch which resolves the issue
*** This bug has been marked as a duplicate of 247169 ***