From owner-freebsd-current@freebsd.org Sat Sep 21 16:49:10 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BB16F12999D for ; Sat, 21 Sep 2019 16:49:10 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46bGks6pCNz3GGF for ; Sat, 21 Sep 2019 16:49:09 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id x8LGn1LU089031 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Sat, 21 Sep 2019 19:49:04 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua x8LGn1LU089031 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id x8LGn1Gw089030; Sat, 21 Sep 2019 19:49:01 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 21 Sep 2019 19:49:01 +0300 From: Konstantin Belousov To: Ryan Stone Cc: FreeBSD Current Subject: Re: Direct exec of /usr/bin/ld fails with "mmap of entire address space failed: Cannot allocate memory" Message-ID: <20190921164901.GO2559@kib.kiev.ua> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tom.home X-Rspamd-Queue-Id: 46bGks6pCNz3GGF X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=gmail.com (policy=none); spf=softfail (mx1.freebsd.org: 2001:470:d5e7:1::1 is neither permitted nor denied by domain of kostikbel@gmail.com) smtp.mailfrom=kostikbel@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; DMARC_POLICY_SOFTFAIL(0.10)[gmail.com : No valid SPF, No valid DKIM,none]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; R_SPF_SOFTFAIL(0.00)[~all:c]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(0.00)[ip: (-2.62), ipnet: 2001:470::/32(-4.48), asn: 6939(-3.24), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2019 16:49:10 -0000 On Sat, Sep 21, 2019 at 12:19:19PM -0400, Ryan Stone wrote: > If I try direct exec ld via rtld, I get the following failure: > > # /libexec/ld-elf.so.1 /usr/bin/ld > ld-elf.so.1: /usr/bin/ld: mmap of entire address space failed: Cannot > allocate memory > > Is there some sysctl limit I need to bump up to get around this? I > presume that the binary is just too large given that I can direct exec > smaller binaries like /bin/cat. No, this is not due to a limit, rather it is some unfortunate consequence of layout and default choices. Non-PIE binaries must be loaded at the fixed address. PIE binaries, which rtld pretends to be, are not. The loading address for PIE in non-ASLR mode is fixed per-arch, and it is not too far away from the default linking address of non-PIE. As result, it is possible for sufficiently large non-PIE binary to extend into already allocated range from rtld. We use MAP_FIXED | MAP_EXCL to avoid destroying existing mappings in linker, which fails when pre-allocating the space for whole future mappings of the object. I believe this is what happens in your case. I think that we finally should make the fixed PIE loading address a tunable. (patch was not tested) diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index 305e49c2e22..4678d7465b8 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -135,6 +135,11 @@ SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0, "enable execution from readable segments"); #endif +static u_long __elfN(pie_base) = ET_DYN_LOAD_ADDR; +SYSCTL_ULONG(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, pie_base, + CTLFLAG_RWTUN, &__elfN(pie_base), 0, + "PIE load base without randomization"); + SYSCTL_NODE(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, aslr, CTLFLAG_RW, 0, ""); #define ASLR_NODE_OID __CONCAT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), _aslr) @@ -1146,13 +1151,13 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) if (baddr == 0) { if ((sv->sv_flags & SV_ASLR) == 0 || (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0) - et_dyn_addr = ET_DYN_LOAD_ADDR; + et_dyn_addr = __elfN(pie_base); else if ((__elfN(pie_aslr_enabled) && (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) || (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0) et_dyn_addr = ET_DYN_ADDR_RAND; else - et_dyn_addr = ET_DYN_LOAD_ADDR; + et_dyn_addr = __elfN(pie_base); } }