SBCL fails to start on Linux when the system is using ASLR

Bug #1523213 reported by Lukasz Janyst on 2015-12-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBCL
Undecided
Unassigned

Bug Description

Some Linux systems, primarily the hosting environments, use various Address Space Layout Randomization (ASLR) techniques to make buffer overflow exploits harder. As a result, mmap will not return memory at the exact requested address unless explicitly asked to do so. See https://pax.grsecurity.net/docs/aslr.txt for details. This, unfortunately, breaks SBCL's memory space creation routine which expects memory to be mapped at exact addresses but does not specify the MAP_FIXED flag.

The attached patch fixes the issue.

Lukasz Janyst (xyz-k) on 2015-12-06
tags: added: review
Stas Boukarev (stassats) wrote :

It already sets ADDR_NO_RANDOMIZE personality, and which does work, why isn't that enough?

Stas Boukarev (stassats) wrote :

I don't think that mismappings are caused by ASLR, the kernel sometimes just has other thoughts. So, MAP_FIXED is a good idea either way. I also have intermittent mmap failures on arm64, maybe this will solve it.

Stas Boukarev (stassats) on 2015-12-06
Changed in sbcl:
status: New → Fix Committed
Lukasz Janyst (xyz-k) wrote :

This problem shows up for me with grsecurity kernel patches. Everything works fine otherwise.

Stas Boukarev (stassats) on 2016-02-25
Changed in sbcl:
status: Fix Committed → Fix Released
Kambiz Darabi (darabi) wrote :

I came across this issue while investigation a docker-related addr_no_randomize problem and looking at the sources, it seems that this patch was reverted:

https://github.com/sbcl/sbcl/commit/a10fd4e2674f0bc1bf8be0848d54f53bfa12680e

The commit message says 'bad idea', but not more. Could you give a brief explanation?

Thanks

Douglas Katzman (dougk) wrote :

MAP_FIXED will unmap anything that was already at the requested address. That can't be the right thing to do, supposing that whatever was there was there for a reason.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers