Source: linux Version: 5.19-1~exp1 Severity: normal Tags: upstream I'm doing some test builds of klibc <https://git.kernel.org/pub/scm/libs/klibc/klibc.git> and found a regression for arm64. What changed is binutils, and I've reported bug #1016717 there, but it seems to be triggering an existing bug in the kernel.
Loading some of klibc's test programs (getoptlong.shared, malloctest2.shared, setjmptest.shared, sigint.shared) fails, with execve() returning EFAULT. This happens past the point of no return, so the kernel kills the process with SIGSEGV. The reason for this seems to be that: 1. All of these programs have a BSS section but not a data section. 2. The BSS section is not page-aligned (it now starts at 0xffe8). 3. binfmt_elf assumes that a non-page-aligned BSS section is placed immediately after a writable data section in memory, and tries to clear memory from the start of the BSS section up to the page boundary. 4. In this case, there is no data section and no file mapping before the BSS, so this results in an EFAULT. This happens past the point of no return, so the kernel kills the process. With older versions of binutils, the BSS section was still misaligned on arm64 but started within the same 4K page as another section. binfmt_elf should check whether it created a mapping before a non- aligned BSS section; if not then it should round down the start of the zero mapping instead of trying to clear part of a mapping that's not there. Ben. -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.18.0-3-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
