Bug 215734 - shared object loaded very low in memory ARM 32bit with kernel 5.17.0

Bug 215734 - shared object loaded very low in memory ARM 32bit with kernel 5.17.0

[Thorsten Leemhuis]

Hi, this is your Linux kernel regression tracker.

I noticed a regression report in bugzilla.kernel.org that afaics nobody
acted upon since it was reported about a week ago, that's why I decided
to forward it to the lists and all people that seemed to be relevant
here. Note, this is the second regression report referencin a commit
from H.J. Lu as culprit (9630f0d60fec ("fs/binfmt_elf: use PT_LOAD
p_align values for static PIE")). I forwarded the first one on Monday
already, but seems nothing happened:
https://lore.kernel.org/all/cb5b81bd-9882-e5dc-cd22-54bdbaaefbbc@leemhuis.info/

Anyway, to get back to the latest report. To quote from
https://bugzilla.kernel.org/show_bug.cgi?id=215734 :

>  Jan Palus 2022-03-24 10:17:02 UTC
> 
> This is a followup to https://sourceware.org/bugzilla/show_bug.cgi?id=28990 where ld.so --verify segfault was reported on binaries > 4MB.
> 
> It appears that starting with kernel 5.17.0 shared object is loaded in the begging of address space at least on 32-bit ARM:
> 
> /proc/<pid>/maps just before mmap (5.17):
> 00400000-00429000 r-xp 00000000 b3:02 393320     /lib/ld-linux-armhf.so.3
> 00439000-0043c000 rw-p 00029000 b3:02 393320     /lib/ld-linux-armhf.so.3
> 76ffd000-76ffe000 r-xp 00000000 00:00 0          [sigpage]
> 76ffe000-76fff000 r--p 00000000 00:00 0          [vvar]
> 76fff000-77000000 r-xp 00000000 00:00 0          [vdso]
> 7efdf000-7f000000 rw-p 00000000 00:00 0          [stack]
> ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
> 
> causing segfaults when mmaping large binaries at fixed address 0x10000 (ie done by ld.so --verify used by ldd).
> 
> By comparison it is not the case for kernel 5.16.8:
> 
> /proc/<pid>/maps just before mmap (5.16):
> 76fc4000-76fed000 r-xp 00000000 b3:02 393320     /lib/ld-linux-armhf.so.3
> 76ffa000-76ffb000 r-xp 00000000 00:00 0          [sigpage]
> 76ffb000-76ffc000 r--p 00000000 00:00 0          [vvar]
> 76ffc000-76ffd000 r-xp 00000000 00:00 0          [vdso]
> 76ffd000-77000000 rw-p 00029000 b3:02 393320     /lib/ld-linux-armhf.so.3
> 7efdf000-7f000000 rw-p 00000000 00:00 0          [stack]
> ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
> 
> [reply] [−] Comment 1 Jan Palus 2022-03-29 22:14:12 UTC
> 
> First bad commit appears to be:
> 
> From: "H.J. Lu" <hjl.tools@gmail.com>
> Date: Wed, 19 Jan 2022 18:09:40 -0800
> Subject: fs/binfmt_elf: use PT_LOAD p_align values for static PIE
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9630f0d60fec5fbcaa4435a66f75df1dc9704b66
> 

Could somebody take a look into this? Or was this discussed somewhere
else already? Or even fixed?


Anyway, to get this tracked:

#regzbot introduced: 9630f0d60fec5fbcaa4435a66f75df1dc9704b6
#regzbot from: Jan Palus <jpalus@fastmail.com>
#regzbot title: shared object loaded very low in memory ARM 32bit
causing segfaults on binaries > 4MB
#regzbot link: https://bugzilla.kernel.org/show_bug.cgi?id=215734

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)

P.S.: As the Linux kernel's regression tracker I'm getting a lot of
reports on my table. I can only look briefly into most of them and lack
knowledge about most of the areas they concern. I thus unfortunately
will sometimes get things wrong or miss something important. I hope
that's not the case here; if you think it is, don't hesitate to tell me
in a public reply, it's in everyone's interest to set the public record
straight.

-- 
Additional information about regzbot:

If you want to know more about regzbot, check out its web-interface, the
getting start guide, and the references documentation:

https://linux-regtracking.leemhuis.info/regzbot/
https://gitlab.com/knurd42/regzbot/-/blob/main/docs/getting_started.md
https://gitlab.com/knurd42/regzbot/-/blob/main/docs/reference.md

The last two documents will explain how you can interact with regzbot
yourself if your want to.

Hint for reporters: when reporting a regression it's in your interest to
CC the regression list and tell regzbot about the issue, as that ensures
the regression makes it onto the radar of the Linux kernel's regression
tracker -- that's in your interest, as it ensures your report won't fall
through the cracks unnoticed.

Hint for developers: you normally don't need to care about regzbot once
it's involved. Fix the issue as you normally would, just remember to
include 'Link:' tag in the patch descriptions pointing to all reports
about the issue. This has been expected from developers even before
regzbot showed up for reasons explained in
'Documentation/process/submitting-patches.rst' and
'Documentation/process/5.Posting.rst'.

Re: Bug 215734 - shared object loaded very low in memory ARM 32bit with kernel 5.17.0

[Thorsten Leemhuis]

Hi, this is your Linux kernel regression tracker. Top-posting for once,
to make this easily accessible to everyone.

Hey, what's up here? Was this regressions fixed already?

H.J. Lu: reminder, this is caused by a patch of yours. One that causes
two regressions I track, and it seem neither is getting addressed with
the appropriate urgency. FWIW, the other regression can can be found here:
https://lore.kernel.org/lkml/cb5b81bd-9882-e5dc-cd22-54bdbaaefbbc@leemhuis.info/
https://bugzilla.kernel.org/show_bug.cgi?id=215720

Mike, if you have a minute: '925346c129da' ("fs/binfmt_elf: fix PT_LOAD
p_align values for loaders") in 'next' contains a 'Fixes:' tag for the
culprit of this regression, but I assume it fixes a different issue?

Ciao, Thorsten

#regzbot poke

On 31.03.22 08:17, Thorsten Leemhuis wrote:
> Hi, this is your Linux kernel regression tracker.
> 
> I noticed a regression report in bugzilla.kernel.org that afaics nobody
> acted upon since it was reported about a week ago, that's why I decided
> to forward it to the lists and all people that seemed to be relevant
> here. Note, this is the second regression report referencin a commit
> from H.J. Lu as culprit (9630f0d60fec ("fs/binfmt_elf: use PT_LOAD
> p_align values for static PIE")). I forwarded the first one on Monday
> already, but seems nothing happened:
> https://lore.kernel.org/all/cb5b81bd-9882-e5dc-cd22-54bdbaaefbbc@leemhuis.info/
> 
> Anyway, to get back to the latest report. To quote from
> https://bugzilla.kernel.org/show_bug.cgi?id=215734 :
> 
>>  Jan Palus 2022-03-24 10:17:02 UTC
>>
>> This is a followup to https://sourceware.org/bugzilla/show_bug.cgi?id=28990 where ld.so --verify segfault was reported on binaries > 4MB.
>>
>> It appears that starting with kernel 5.17.0 shared object is loaded in the begging of address space at least on 32-bit ARM:
>>
>> /proc/<pid>/maps just before mmap (5.17):
>> 00400000-00429000 r-xp 00000000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 00439000-0043c000 rw-p 00029000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 76ffd000-76ffe000 r-xp 00000000 00:00 0          [sigpage]
>> 76ffe000-76fff000 r--p 00000000 00:00 0          [vvar]
>> 76fff000-77000000 r-xp 00000000 00:00 0          [vdso]
>> 7efdf000-7f000000 rw-p 00000000 00:00 0          [stack]
>> ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
>>
>> causing segfaults when mmaping large binaries at fixed address 0x10000 (ie done by ld.so --verify used by ldd).
>>
>> By comparison it is not the case for kernel 5.16.8:
>>
>> /proc/<pid>/maps just before mmap (5.16):
>> 76fc4000-76fed000 r-xp 00000000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 76ffa000-76ffb000 r-xp 00000000 00:00 0          [sigpage]
>> 76ffb000-76ffc000 r--p 00000000 00:00 0          [vvar]
>> 76ffc000-76ffd000 r-xp 00000000 00:00 0          [vdso]
>> 76ffd000-77000000 rw-p 00029000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 7efdf000-7f000000 rw-p 00000000 00:00 0          [stack]
>> ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
>>
>> [reply] [−] Comment 1 Jan Palus 2022-03-29 22:14:12 UTC
>>
>> First bad commit appears to be:
>>
>> From: "H.J. Lu" <hjl.tools@gmail.com>
>> Date: Wed, 19 Jan 2022 18:09:40 -0800
>> Subject: fs/binfmt_elf: use PT_LOAD p_align values for static PIE
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9630f0d60fec5fbcaa4435a66f75df1dc9704b66
>>
> 
> Could somebody take a look into this? Or was this discussed somewhere
> else already? Or even fixed?
> 
> 
> Anyway, to get this tracked:
> 
> #regzbot introduced: 9630f0d60fec5fbcaa4435a66f75df1dc9704b6
> #regzbot from: Jan Palus <jpalus@fastmail.com>
> #regzbot title: shared object loaded very low in memory ARM 32bit
> causing segfaults on binaries > 4MB
> #regzbot link: https://bugzilla.kernel.org/show_bug.cgi?id=215734
> 
> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> 
> P.S.: As the Linux kernel's regression tracker I'm getting a lot of
> reports on my table. I can only look briefly into most of them and lack
> knowledge about most of the areas they concern. I thus unfortunately
> will sometimes get things wrong or miss something important. I hope
> that's not the case here; if you think it is, don't hesitate to tell me
> in a public reply, it's in everyone's interest to set the public record
> straight.
> 

Re: Bug 215734 - shared object loaded very low in memory ARM 32bit with kernel 5.17.0

[Andrew Morton]

On Sat, 9 Apr 2022 13:52:17 +0200 Thorsten Leemhuis <regressions@leemhuis.info> wrote:

> Hi, this is your Linux kernel regression tracker. Top-posting for once,
> to make this easily accessible to everyone.
> 
> Hey, what's up here? Was this regressions fixed already?

I didn't know about these post-Mike regressions.

> H.J. Lu: reminder, this is caused by a patch of yours. One that causes
> two regressions I track, and it seem neither is getting addressed with
> the appropriate urgency. FWIW, the other regression can can be found here:
> https://lore.kernel.org/lkml/cb5b81bd-9882-e5dc-cd22-54bdbaaefbbc@leemhuis.info/
> https://bugzilla.kernel.org/show_bug.cgi?id=215720
> 
> Mike, if you have a minute: '925346c129da' ("fs/binfmt_elf: fix PT_LOAD
> p_align values for loaders") in 'next' contains a 'Fixes:' tag for the
> culprit of this regression, but I assume it fixes a different issue?

I'm assuming Mike's fix was indeed targeted at these regressions and
presumably only partly fixed them.

Thanks.  I have queued reverts for both Mike's fix (925346c129da117)
and for the original patch (9630f0d60fec5fb).  Both reversions have
cc:stable.

I'll hold onto these reversions for a week or so before sending them
upstream, if they are still needed.

Re: Bug 215734 - shared object loaded very low in memory ARM 32bit with kernel 5.17.0 #forregzbot

[Thorsten Leemhuis]

TWIMC: this mail is primarily send for documentation purposes and for
regzbot, my Linux kernel regression tracking bot. These mails usually
contain '#forregzbot' in the subject, to make them easy to spot and filter.

#regzbot fixed-by: aeb7923733d100


On 31.03.22 08:17, Thorsten Leemhuis wrote:
> Hi, this is your Linux kernel regression tracker.
> 
> I noticed a regression report in bugzilla.kernel.org that afaics nobody
> acted upon since it was reported about a week ago, that's why I decided
> to forward it to the lists and all people that seemed to be relevant
> here. Note, this is the second regression report referencin a commit
> from H.J. Lu as culprit (9630f0d60fec ("fs/binfmt_elf: use PT_LOAD
> p_align values for static PIE")). I forwarded the first one on Monday
> already, but seems nothing happened:
> https://lore.kernel.org/all/cb5b81bd-9882-e5dc-cd22-54bdbaaefbbc@leemhuis.info/
> 
> Anyway, to get back to the latest report. To quote from
> https://bugzilla.kernel.org/show_bug.cgi?id=215734 :
> 
>>  Jan Palus 2022-03-24 10:17:02 UTC
>>
>> This is a followup to https://sourceware.org/bugzilla/show_bug.cgi?id=28990 where ld.so --verify segfault was reported on binaries > 4MB.
>>
>> It appears that starting with kernel 5.17.0 shared object is loaded in the begging of address space at least on 32-bit ARM:
>>
>> /proc/<pid>/maps just before mmap (5.17):
>> 00400000-00429000 r-xp 00000000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 00439000-0043c000 rw-p 00029000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 76ffd000-76ffe000 r-xp 00000000 00:00 0          [sigpage]
>> 76ffe000-76fff000 r--p 00000000 00:00 0          [vvar]
>> 76fff000-77000000 r-xp 00000000 00:00 0          [vdso]
>> 7efdf000-7f000000 rw-p 00000000 00:00 0          [stack]
>> ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
>>
>> causing segfaults when mmaping large binaries at fixed address 0x10000 (ie done by ld.so --verify used by ldd).
>>
>> By comparison it is not the case for kernel 5.16.8:
>>
>> /proc/<pid>/maps just before mmap (5.16):
>> 76fc4000-76fed000 r-xp 00000000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 76ffa000-76ffb000 r-xp 00000000 00:00 0          [sigpage]
>> 76ffb000-76ffc000 r--p 00000000 00:00 0          [vvar]
>> 76ffc000-76ffd000 r-xp 00000000 00:00 0          [vdso]
>> 76ffd000-77000000 rw-p 00029000 b3:02 393320     /lib/ld-linux-armhf.so.3
>> 7efdf000-7f000000 rw-p 00000000 00:00 0          [stack]
>> ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
>>
>> [reply] [−] Comment 1 Jan Palus 2022-03-29 22:14:12 UTC
>>
>> First bad commit appears to be:
>>
>> From: "H.J. Lu" <hjl.tools@gmail.com>
>> Date: Wed, 19 Jan 2022 18:09:40 -0800
>> Subject: fs/binfmt_elf: use PT_LOAD p_align values for static PIE
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9630f0d60fec5fbcaa4435a66f75df1dc9704b66
>>
> 
> Could somebody take a look into this? Or was this discussed somewhere
> else already? Or even fixed?
> 
> 
> Anyway, to get this tracked:
> 
> #regzbot introduced: 9630f0d60fec5fbcaa4435a66f75df1dc9704b6
> #regzbot from: Jan Palus <jpalus@fastmail.com>
> #regzbot title: shared object loaded very low in memory ARM 32bit
> causing segfaults on binaries > 4MB
> #regzbot link: https://bugzilla.kernel.org/show_bug.cgi?id=215734
> 
> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> 
> P.S.: As the Linux kernel's regression tracker I'm getting a lot of
> reports on my table. I can only look briefly into most of them and lack
> knowledge about most of the areas they concern. I thus unfortunately
> will sometimes get things wrong or miss something important. I hope
> that's not the case here; if you think it is, don't hesitate to tell me
> in a public reply, it's in everyone's interest to set the public record
> straight.
>