Skip to content

Add PIE kernel-assigned base address loading, fix exit status#344

Open
Ebola-Chan-bot wants to merge 1 commit intotermux:masterfrom
Ebola-Chan-bot:pie-kernel-base-and-exit-fix
Open

Add PIE kernel-assigned base address loading, fix exit status#344
Ebola-Chan-bot wants to merge 1 commit intotermux:masterfrom
Ebola-Chan-bot:pie-kernel-base-and-exit-fix

Conversation

@Ebola-Chan-bot
Copy link
Copy Markdown

@Ebola-Chan-bot Ebola-Chan-bot commented Apr 11, 2026
edited
Loading

This PR deprecated the high-risk mmap method using hardcoded addresses and instead requested a physically available address from the kernel. Addresses hardcoded before this may be preempted by the kernel, resulting in mmap failures like 182.

exit.c:

  • Add is_pic parameter to transcript_mappings() to emit PIE action variants (LOAD_ACTION_MMAP_PIC_FILE / LOAD_ACTION_MMAP_PIC_ANON) for position-independent executables and interpreters.
  • Detect PIE via IS_POSITION_INDENPENDANT and pass the flag through to transcript_mappings() for both executable and interpreter.

loader.c:

  • LOAD_ACTION_MMAP_PIC_FILE: first segment uses mmap(addr=0) to let the kernel choose a conflict-free base address, computes pic_delta from the difference; subsequent segments use MAP_FIXED at delta-adjusted addresses.
  • LOAD_ACTION_MMAP_PIC_ANON: same kernel-assigned base logic for anonymous mappings.
  • START action: apply pic_delta to entry_point, at_phdr, at_entry so auxv and branch target reflect actual load addresses.
  • Track exec_pic_delta separately via OPEN_NEXT so interpreter and executable deltas don't interfere.

script.h:

  • Define LOAD_ACTION_MMAP_PIC_FILE (7) and LOAD_ACTION_MMAP_PIC_ANON (8).

event.c:

  • Fix WIFSIGNALED: only set last_exit_status for the root tracee (vpid 1). Child tracees killed during cleanup (e.g. SIGKILL after root exits) previously overwrote it, causing proot to incorrectly return exit code 137.

Probably an elegent and final fix of #12, instead of a workaround

Copilot AI review requested due to automatic review settings April 11, 2026 12:39
Copilot AI reviewed Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates PRoot’s in-tracee loader script format and loader implementation to better support PIE binaries by letting the kernel choose a safe base address, and fixes exit-status reporting so cleanup-killed child tracees don’t override the main process’ exit code.

Changes:

  • Emit PIE-specific load actions for exec/interpreter mappings and detect PIE via IS_POSITION_INDENPENDANT(...).
  • Implement PIE base selection and relocation deltas in the loader, adjusting entry/auxv addresses accordingly and separating exec vs interpreter deltas.
  • Ensure signaled termination exit codes are only derived from the root tracee (vpid 1).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
src/tracee/event.c Prevent child tracees terminated by signals during cleanup from overwriting PRoot’s final exit status.
src/loader/script.h Add new load script action IDs for PIE kernel-chosen-base mapping variants.
src/loader/loader.c Add handling for PIE mmap variants, compute/apply pic_delta, and adjust auxv/entry targets at START.
src/execve/exit.c Thread PIE detection into load-script emission so loader can apply PIE-aware mapping strategy.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Add PIE kernel-assigned base address loading, fix exit status
76d5d8d 
exit.c:
- Add is_pic parameter to transcript_mappings() to emit PIE action
  variants (LOAD_ACTION_MMAP_PIC_FILE / LOAD_ACTION_MMAP_PIC_ANON)
  for position-independent executables and interpreters.
- Detect PIE via IS_POSITION_INDENPENDANT and pass the flag through
  to transcript_mappings() for both executable and interpreter.

loader.c:
- LOAD_ACTION_MMAP_PIC_FILE: first segment uses mmap(addr=0) to let
  the kernel choose a conflict-free base address, computes pic_delta
  from the difference; subsequent segments use MAP_FIXED at
  delta-adjusted addresses.
- LOAD_ACTION_MMAP_PIC_ANON: same kernel-assigned base logic for
  anonymous mappings.
- START action: apply pic_delta to entry_point, at_phdr, at_entry
  so auxv and branch target reflect actual load addresses.
- Track exec_pic_delta separately via OPEN_NEXT so interpreter and
  executable deltas don't interfere.

script.h:
- Define LOAD_ACTION_MMAP_PIC_FILE (7) and LOAD_ACTION_MMAP_PIC_ANON (8).

event.c:
- Fix WIFSIGNALED: only set last_exit_status for the root tracee
  (vpid 1).  Child tracees killed during cleanup (e.g. SIGKILL after
  root exits) previously overwrote it, causing proot to incorrectly
  return exit code 137.
@Ebola-Chan-bot Ebola-Chan-bot force-pushed the pie-kernel-base-and-exit-fix branch from 1741a0f to 76d5d8d Compare April 11, 2026 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ebola-Chan-bot