From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9A7AC3DA79 for ; Mon, 15 Jan 2024 18:21:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3F0286B0071; Mon, 15 Jan 2024 13:21:31 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3A0B16B0074; Mon, 15 Jan 2024 13:21:31 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2685E6B0078; Mon, 15 Jan 2024 13:21:31 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1555D6B0071 for ; Mon, 15 Jan 2024 13:21:31 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id E0124120547 for ; Mon, 15 Jan 2024 18:21:30 +0000 (UTC) X-FDA: 81682363140.12.B6A5922 Received: from relay.yourmailgateway.de (relay.yourmailgateway.de [188.68.63.174]) by imf06.hostedemail.com (Postfix) with ESMTP id 558D9180016 for ; Mon, 15 Jan 2024 18:21:28 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf06.hostedemail.com: domain of mail@horotw.com designates 188.68.63.174 as permitted sender) smtp.mailfrom=mail@horotw.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705342888; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2yAvbY5ybOgdQgbgUDHPgg0K9Sdttujxy0N/IU9jAoY=; b=pp4YH9EIhSDzERyUbzYCrUjGXT33NKOxafaVHrnGOSKgssvKR78HGLFOZX9s7jAI/xMM01 Li8+p+zrXt1jqQ9G+w/P2FxeM5FVdoNFjK6+1qxUL8lAm59l+tBcyDuWcoejgy8nIgw2xA PdjAYbR4VMSJkkUoFqeJ+O1i2Knmlrc= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf06.hostedemail.com: domain of mail@horotw.com designates 188.68.63.174 as permitted sender) smtp.mailfrom=mail@horotw.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705342888; a=rsa-sha256; cv=none; b=kEeyN7+w6xWBGqprs/G+IvQwl3WlFaAx3TJu8e5iM+VxHcI6KHnL4+6ROsa53nwy/9ccD9 uDnrwerdy0ABuL8DQajYRkrDd+vFk7Ql7uAguyGTG895p1KG6b4gU4rBEgUOSON+5AaQUc fLOnRkL91kt1rcp6tck+UCwelmdviIU= Received: from mors-relay8204.netcup.net (localhost [127.0.0.1]) by mors-relay8204.netcup.net (Postfix) with ESMTPS id 4TDL7V3YB0z8ZCf; Mon, 15 Jan 2024 18:21:26 +0000 (UTC) Received: from policy02-mors.netcup.net (unknown [46.38.225.35]) by mors-relay8204.netcup.net (Postfix) with ESMTPS id 4TDL7V2rD0z8ZC4; Mon, 15 Jan 2024 18:21:26 +0000 (UTC) Received: from mx2fc9.netcup.net (unknown [10.243.12.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by policy02-mors.netcup.net (Postfix) with ESMTPS id 4TDL7S3GTpz8sgK; Mon, 15 Jan 2024 19:21:24 +0100 (CET) Received: from webmail01.netcup.net (unknown [46.38.249.153]) by mx2fc9.netcup.net (Postfix) with ESMTPA id D2A9480587; Mon, 15 Jan 2024 19:21:19 +0100 (CET) Received-SPF: pass (mx2fc9: connection is authenticated) MIME-Version: 1.0 Date: Mon, 15 Jan 2024 19:21:19 +0100 From: mail@horotw.com To: Matthew Wilcox Cc: linux-hardening@vger.kernel.org, Jakub Wilk , Salvatore Bonaccorso , Linux Memory Management List , William Kucharski Subject: Re: Limited/Broken functionality of ASLR for Libs >= 2MB In-Reply-To: References: <69fa6015256613ed10aee996e181ebd4@horotw.com> <87il3ur1ik.fsf@gentoo.org> User-Agent: Roundcube Webmail/1.4.15 Message-ID: <07c348caaf6b4c457ab4b452f53ed048@horotw.com> X-Sender: mail@horotw.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-PPP-Message-ID: <170534288009.5614.902050737944274230@mx2fc9.netcup.net> X-NC-CID: OADe2qnkK3tKCl+3U9X7DaYeKFklU6iktFcEDZP9aA== X-Rspam-User: X-Stat-Signature: 7pbym6y9dg8z6mouger8c8skzhmoa431 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 558D9180016 X-HE-Tag: 1705342888-711919 X-HE-Meta: U2FsdGVkX18Mi+anrsJRF2uVGMwe8S0uFaeAvHfnxEsAu0DliPo7ovm7dghnmKiWEAR7JzEQEAA7Z50JNfrViZRK7E1kXOyLDvRaavdkKzpdcVh6rTaojqWTWfl03HS7YgrYnL4HipC3u2+v2VohsbmNQfWTITcR6UlhWAmWd8JQdKAJEZJdfTBhVKDwk3eztfeLg5LbeZPlQhj2pj5dv1yJJv231bwQFggeAEsr52juy4e6YIFE2sxCkRI32QoNk3yIsyOo19T/UmN1w+Bz3NIOnsPcQJB6D/BcJ7vvQ5mrl3CNri75sZ4rIVgxEuujtpblvQABqxs/3guR4+L1Fkvt1r1KAIlviwIynasSY74kFXTJRWAsp/Uktzmm39Mh/YFeqfEzlqFGPZP19ZXstoPrVPgIekSWQcFfX4nyUlO6GXyfeBAyJQMZTySYyynnG15yxGMJWHxZ2IZmBXyE4gf4Dqymt3M1/jD5o+BTfbR5a/Dy97ZXISe9/p0qnXaUIeYRfG/U4ZJ1NklqgFw1xNNHYnfOJmqvuxMPFACP5MQ9kqp+c+4h29Ifi335kX7pzfMgrLORgzVHkXGA+IJHwhG76lNOpN/h7L8CGw9mh11Gt062oaSmKUf4IK09A9ywvaQAFd5xcqOnpnYca6GhzmEmrau5py3MXQ+3rXwAIFrpSsBnyrwQ8FPJlZYZ45w7MLQDHhcWHkO9PKhU0boU7pJpNltpKFKZ3CDgpNq9ujhmOHdtlVr/hVcQrnu62nkLRvCf9jUpIID3JwHWUQdhx72B/r5PuZusykLQc5JUgoo9sNsfWQ9twEM9c0SPDkOY/TJEBZq/HMFllguqKY8YzwLpX5aSr1d0bzu/XnAnMxxN/x5xBtJmSbbmaEG661DP+Fq4gGc/HEMZXYjUQa7B143wTNGMWnW+OlVMHilrQ1O4KdurTlTLHsmFEdSBMTtCownvmjnXzwt/+hfPYoD x5vFjNeI bdFt1c0Ys5fxz1eObvOvDUh2Xkzd71w8k7xLZLfUOVHDruhfRIjswAT8vsR6YfmLKwvcb2v2+0NaZzp++rPLgakXni/M6gFMFte6mOOr7XGLB4rHSLVXjS0nNFZIKiEbL7Y2goClw+7bbIKQmS5hmxuSCbqrR6KqU+70+Ch8Cl5N+VtLYwW98SpxYFxueiPKCCYnvdJGko7btpJ5a9Tm8ydej4gt+EuoNrKagOPm6fAxEIbYXIk4liyFyJ6WJ+KLewbs70J/SRxVSn632zvUyX8UjBY25P3IO8eXBcOdz6pkkzRxOszgrKMP8+wXG64ljYA1u X-Bogosity: Ham, tests=bogofilter, spamicity=0.061768, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Am 15.01.2024 17:52, schrieb Matthew Wilcox: > On Mon, Jan 15, 2024 at 04:40:36PM +0000, Sam James wrote: >> mail@horotw.com writes: >> > Hey, I read that ASLR is currently (since kernel >=5.18) broken for >> > 32bit libs and reduced in effectiveness for 64bit libs... (the issue >> > only arises if a lib is over 2MB). >> > I confirmed this for myself but only for the 64bit case. >> > >> > I saw that this issue is being tracked by ubuntu >> > (https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1983357). >> > If this is the wrong place and I should instead report it elsewhere I >> > am very sorry. >> >> See also https://bugs.debian.org/1024149. Unfortunately, I don't >> think the issue found its way upstream until now (thanks). >> >> CCing relevant maintainers (per the Debian bug). > > You know, my email address is all over that commit and the doofus who > "discovered the vulnerability" didn't even have the courtesy to let > me know. I've had several private emails about this over the last few > days and I just don't care. Who's running 32-bit code and cares about > security? 32-bit kernels are known-vulnerable to all kinds of security > problems, and I think this is the least of your worries. > > This was intended to happen, it's not a surprise. Hi, first of all I am very sorry, I didn't realize I should have contacted you first (I'm not the one who found the bug initially), I will do it differently in the future. Unfortunately, my knowledge is not sufficient to judge how bad it is that 32bit effectively has no ASLR support anymore. 64bit is also affected, even though there are probably more than enough bits left there? I have since seen that both Arch and Ubuntu seem to have "patches" in place (https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/commit/3904bcb32cc58c10232fb618bf96c1b43b0bc9d7) in which they set the `CONFIG_ARCH_MMAP_RND_BITS=32` and `CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16`, I'm not sure if this is a good result or if it will cause other problems. Again, I apologize if I caused any inconvenience.