aslr32 libs regressed because of upstream commit 1854bc6e2420
("mm/readahead: Align file mappings for non-DAX").Some filesystems mmap will try to align the address by the size and when glibc loaded maps the ELF file, a randomized address will be chosen but then aligned to the PMD size (21 bits on x86). Given we default to randomizing 8 bits of the address on 32-bit programs on x86 and the page size of 4096, we end up clearing the random bits when that alignment is done. There are a couple of paths here: 1) revert that upstream commit, losing optimization on transparent huge pages due to the PMD aligment for every file mapped by either 32-bit of 64-bit programs; 2) do not align for 32-bit programs. I don't expect code to be maintainable here. 3) increase the default random bits for 32-bit programs to 16 (the x86 maximum) and other sensible values on other platforms (arm64 and ppc64el), which has the potential of breaking a few programs, specially ones that require "too much memory", but those should be using 64-bit if that is really needed; 4) ignore the issue and leave 32-bit programs vulnerable to attacks. Given the alternative of leaving programs vulnerable, I would rather experimenting with changing the default (option 3). The option is tunable anyway and users should be able to change the setting if necessary. We could also consider making the behavior tunable and we actually have THP as a setting, so could as well use it. Cascardo. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-6.1 in Ubuntu. https://bugs.launchpad.net/bugs/1983357 Title: test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.1 / J-6.2 AMD64 Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Incomplete Status in linux-oem-6.1 package in Ubuntu: Invalid Status in linux source package in Jammy: Invalid Status in linux-oem-6.1 source package in Jammy: New Status in linux source package in Kinetic: Incomplete Status in linux-oem-6.1 source package in Kinetic: Invalid Bug description: Issue found on 5.19.0-9.9 Kinetic AMD64 systems Test log: Running test: './test-kernel-security.py' distro: 'Ubuntu 22.10' kernel: '5.19.0-9.9 (Ubuntu 5.19.0-9.9-generic 5.19.0-rc5)' arch: 'amd64' uid: 0/0 SUDO_USER: 'ubuntu') test_021_aslr_dapper_libs (__main__.KernelSecurityTest) ASLR of libs ... (default libs native) (default libs native rekey) (default libs COMPAT) FAIL ====================================================================== FAIL: test_021_aslr_dapper_libs (__main__.KernelSecurityTest) ASLR of libs ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1770, in test_021_aslr_dapper_libs self._test_aslr('libs', expected) File "./test-kernel-security.py", line 1727, in _test_aslr self._test_aslr_all(area, expected, "default %s" % area) File "./test-kernel-security.py", line 1720, in _test_aslr_all self._test_aslr_exec(area, expected, target, name) File "./test-kernel-security.py", line 1703, in _test_aslr_exec self.assertShellExitEquals(aslr_expected, ["./%s" % (target), area, "--verbose"], msg="%s:\n" % name) File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py", line 1203, in assertShellExitEquals self.assertEqual(expected, rc, msg + result + report) AssertionError: default libs COMPAT: Got exit code 1, expected 0 Command: './aslr32', 'libs', '--verbose' Output: Checking ASLR of libs: 0xf7c81790 0xf7c81790 0xf7c81790 FAIL: ASLR not functional (libs always at 0xf7c81790) ---------------------------------------------------------------------- Ran 1 test in 0.144s FAILED (failures=1) To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1983357/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
