From patchwork Wed Sep 27 03:42:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13399843 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FEDBE7F15A for ; Wed, 27 Sep 2023 03:42:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7CAA78D0030; Tue, 26 Sep 2023 23:42:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 77B508D0002; Tue, 26 Sep 2023 23:42:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 642B38D0030; Tue, 26 Sep 2023 23:42:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 4FCE08D0002 for ; Tue, 26 Sep 2023 23:42:29 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1EA6D1A0ED4 for ; Wed, 27 Sep 2023 03:42:29 +0000 (UTC) X-FDA: 81280980018.22.F704107 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by imf06.hostedemail.com (Postfix) with ESMTP id 16BF5180010 for ; Wed, 27 Sep 2023 03:42:25 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=OlsyWbJz; spf=pass (imf06.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.174 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1695786146; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=psNe55NiIGmm2xWNk7Y7WSenoVYReQWIa41A35qkMTo=; b=tzZ5OHxw1FjNPttpbvvcp+bZNXhkD5k++VYV/A2Ad4k5kOqK5I/GZrll9V4zrIPBw1JBjF GSG2WUYKhOGF1zHpis8fRJQXO3zp80eEET7FfyEPfkSyt246RfkqiU0IEiBG1yJjLcM2Tw DJjhN7rF6Zs2i6QlPRR+BB48lcfW8i8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695786146; a=rsa-sha256; cv=none; b=R5qMQVY4NTN/uvRIgjfcQ3V2r7IxdqgGlECvQwyLSCtQPDNQbGdSY2gy7t2KEr151bBRNj P5yMYvrDQaQuAo8FnD/JymVH0gqSRbPkZX6Oq/aDhTQadslxO0hNP/ddJB/SgdtMWLmuAi hFGwJr8OQarJXP8qY3k1VKWZoP3ywF8= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=OlsyWbJz; spf=pass (imf06.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.174 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-690fa0eea3cso9147086b3a.0 for ; Tue, 26 Sep 2023 20:42:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1695786145; x=1696390945; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=psNe55NiIGmm2xWNk7Y7WSenoVYReQWIa41A35qkMTo=; b=OlsyWbJzCoJ2HA4aTghgznQApPRgqv+vkFr1Ww7ZRVfoLhIHI1FwEco+Rcma5WLOuh GFR8dALhJGt4la3rd1L13TiaDxtfzofDh/oUzqAFnJ/OKjqCyePvbpwB+nyP2VQ9dApg O8ImhvcJrBsurPms0pBEX/8hdnTj/dE+nOuyU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695786145; x=1696390945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=psNe55NiIGmm2xWNk7Y7WSenoVYReQWIa41A35qkMTo=; b=enofo53d9i93tw2mQF7UdPwcDn7YKEykahKGeGfQlyLWCeVmtWJOWZ/jls0ZCejON1 dBVDPWoybfPpTqkF9IYyKKQj6M5DyXpCkTxh6joPMhepYuohaXT49gZfMsWqJIPuxPnt iUvlqndLGTqgQUOSCmXKDM2BgXW0ZE82vibgvIX0FnXz6pyEObUUkXhJPHa3i3M5dV46 0P0fF77MjJUKBYZWS8Y+5F0eJGnP4d3RYiFS3b1+XCjhaT4fI+voFS36d2KWAi3tdNyr RLuRZQPslZsxmyQuiJeJhobiVqxaMVJZv80fX/Xi+sT8QJTISMCCMo0vwstSP+yjXcEW IbQg== X-Gm-Message-State: AOJu0Ywd8ksyBjW/qszWtgJU/o6zdLJ2WcuiI/pyoXF87ZQl5aQLtIl+ BnMkPKdde9yooDlkQ5mM9m/HWrGk4uoWjTJ2Wg0= X-Google-Smtp-Source: AGHT+IH5EAvrsjyvsdjMBX+hRb48/9Odz2jhGyduyLfeui8bYT0jgwoq8H4vxWQ8plZNKiKb1c39bg== X-Received: by 2002:a05:6a00:1745:b0:690:3b59:cc7a with SMTP id j5-20020a056a00174500b006903b59cc7amr1223964pfc.23.1695786144630; Tue, 26 Sep 2023 20:42:24 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id l21-20020a62be15000000b0068fe5a5a566sm11050779pff.142.2023.09.26.20.42.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 20:42:24 -0700 (PDT) From: Kees Cook To: Eric Biederman Cc: Kees Cook , Alexander Viro , Christian Brauner , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, Pedro Falcato , Sebastian Ott , =?utf-8?q?Thomas_Wei=C3=9Fschuh?= , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v3 4/4] binfmt_elf: Use elf_load() for interpreter Date: Tue, 26 Sep 2023 20:42:21 -0700 Message-Id: <20230927034223.986157-4-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230927033634.make.602-kees@kernel.org> References: <20230927033634.make.602-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2946; i=keescook@chromium.org; h=from:subject; bh=ESjAlwugvTKH54m807EA0V7P1zfqWIUst+9ebRisI1g=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlE6SdTC81Lo/IK1HXDqbNXd8+1ZQdNAkLqgYld ib+qt6Vsy+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZROknQAKCRCJcvTf3G3A JtadEACKjgl6qtJqAh0AMdgrhwl3xNt5d2qNuR5potUxETk/BXU7u2GTXYtP2F9RDpOrkDiKZgs kHaZ+K0S58tXoM1EESrVf9DgwoH2Yiu3a5Wnx/9cSLQ39gLchJc9iacJBevN5PWRNSQGhPINVHD ppnkc1dc2MgRLHRWccbGhLJoWY9ypb0+DB2+c326VYEE9A6ZcH0XF2mBBGZWXFdJf5FqvPjjP7d 3aH1zRNKNI0RS4QKXR0yRxvLTkQu1CHaVV2EUyc2z8A2QyuQlLPUE/1Sndgz+rJf4zaBAGoUu15 xtdsaw1/9QllvwqXSugoOkXpIIDx4n8QOYsgxRkRVM1a+KkJy54IQyjYj7yhw+IlJhX1NVUKiwd 5TyNEMzi/OHgIlQ0Zx61x8PDB9FHITdRrPmmhjgmSMl5lVf/iutiyYsdRdW/udNxhJwecomGd+V FPKrzpAU5XCcgfQavEm4SC012nzVWQXMKBChSTYtRcchUfBI8yKMx0vBF3AUzEGnUxkenFTBZCX 501e3882lR4jnNHar/3lok+SU91dFINJ79VHpEjsURQH5gylPvdbtX+i1nqijpI8fY16XKQPVsO A9WZlk3iYIvwmclIZazzIknfX61fR/qhvIhhre1iOr1xSWFFYOOhAzzXr+/bT6hmLGWrqrb36DM i6jNABcOoxu5qhA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Queue-Id: 16BF5180010 X-Rspam-User: X-Stat-Signature: m7ot8yozpzqfpami13xdbk5iobeng1ow X-Rspamd-Server: rspam03 X-HE-Tag: 1695786145-981463 X-HE-Meta: U2FsdGVkX1/L6F7dmHr2Hg1Ga6R3QsezHvkMM4U1BHCEEodJHrMgYsrwVz5tCenCJh3UW5dzEFh52Baeprj7OCcCMgTIC5m4307iOD3fROF4QbZGJ+Z0jXP3PHVJCtVK4Hj/y0Lx17cpJ2lUMyDG5ErI7f5o2F0hwErZHBuoJhgiaIxPSx+9i5cmFvazs9vXcVFiPzfzXgPixA3qKDmJVJhudJXb9tmjfzDrUvMFTXqnT5fY5v2XY6Bs22pOo8tFKKV4ycZJGMU0pNPdliQ5pQ3umXBNAziOGz3jQQvKcz5UDCwXD4gx+ztT7ydgJgoPXy49MtrtZojsqEeo5sf9h+lmt4uQnlnnO6cGwH8++edPOpqcFcPowqWjC+Zlhs6QHVTh+8ZzWM5VsjWyb6ZDUtcgfG6DnUPaezbKOGHsBqQAHYJEQRNGSqHkENLeZiRNpvihqLPGCTJ3/Ejj8XFfbq5Qa0PuqIPbug21Q81OZdtI8hlZJz/KY2HoQG3EdkJKhJXExDY6+BC4DJ5TQH6PPxa1zYGUcHGPqYMiEYo8wILOupz1ky7tmaAx3+LPWqpSnP0pMKrVHbuaWjY7Mp1WggyVmWyq012T8k+HvAZc1+DhaVAzoDFrcdp8o5CzGFa2Vj6hdXFSWS3M5hTQpQGERvHzdkM1cgJJVQIRyzkGoiaIdkc1gvwd9lZ25Rv8nicp9uymug5xmrlXL7CCCAnNa94B95oW7L9UYJGWSH48PgXlcAxYLgMZSWZSbOt7pbtWgwRFqcPICOAyYNG61OvD1/AvNdHDyx84tlGchNvEEvt2IJI+iRMe+QVUKAMaQ0d51myYZDdlMCT/GFxUvbB9Unjk2jku5/X+vf+/+gSrHgpNUeTlTNq3MxRWuW72ybYLEj4EeQToufHSXqICTgK/00d5UieqL7b4b7dwC5OeTNtkwuMDwTloNrYVAws1Iko9KTdagIhoTQVEgYIcypP x26j+s9q OTz8JJZ3DcAeELRN1I1k0SJckYtTWppaAAbBGzPzvYRe3mec+jYwTE+dd9WI5TuHLtUF1smetbNqe4/hQiMkjs3kZd506Ixi929TGkEnjd6/OQu9J9k6QqEKIj18Vmc3Zghm3qDa6wel2nYPCqP67DBKXNDePFUgkskUL6rMJ8jSGEELEsQ6Qfyh0kiuVP5NVcuatiZCA4t86++uv5ft4+y1WXa+RhmNj5d3D2mpB8htEz2jKTyOOIhQxrlMma+PjPzCN892Qttir7R397IOfixUOzl2Ywp7+JslL0NVcDh1RPxaR/4XKLyTYk3P3sOBIT7+TiE3wkiGKAHE6gpIgVPNaOw+JXGO7nv2Xsr9vd3IkoG/LdZShOLl0o1GbBl2MilUfknGYLKXvrIiiRyt/ZkUkaB3sKw/Op8tHrUxYz4G2hP+n4R4g/lN6ozxUEM1gwe5RaexShv+vdVFDTrQyrQ6xxLCaxNf6c6I0SfvrqxwPBBoslhsS+sCwS4RNz4JT7KPey2p76wRDB6XEpOqLWgpYW75+jb3Dx44J/Pu8sf6/SOY4FC7EKg1zhjVIVAJ0Ja1NnrU797rvVtKf7zK3gDYJg6NJOVsh2iRnaATnnGF8rrVHPPnbUQuFcLKQ/1xjSrIu74HuyKm6Ybkrif4cjuRH4lQzCOBlresBKT7kq/6iql5BR2xMgeTzfACflr016siGwNXrsumJGakPJfvP9vRizoqEZeT8a6uX8JoAWua8e4OSYsBGwBltOU8Lba6pzuIEmLUpvCF3F1nZt9FZ3NnwBg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Handle arbitrary memsz>filesz in interpreter ELF segments, instead of only supporting it in the last segment (which is expected to be the BSS). Cc: Eric Biederman Cc: Alexander Viro Cc: Christian Brauner Cc: linux-fsdevel@vger.kernel.org Cc: linux-mm@kvack.org Reported-by: Pedro Falcato Closes: https://lore.kernel.org/lkml/20221106021657.1145519-1-pedro.falcato@gmail.com/ Signed-off-by: Kees Cook --- fs/binfmt_elf.c | 46 +--------------------------------------------- 1 file changed, 1 insertion(+), 45 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index b939cfe3215c..74af5c8319a0 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -635,8 +635,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, struct elf_phdr *eppnt; unsigned long load_addr = 0; int load_addr_set = 0; - unsigned long last_bss = 0, elf_bss = 0; - int bss_prot = 0; unsigned long error = ~0UL; unsigned long total_size; int i; @@ -673,7 +671,7 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, else if (no_base && interp_elf_ex->e_type == ET_DYN) load_addr = -vaddr; - map_addr = elf_map(interpreter, load_addr + vaddr, + map_addr = elf_load(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type, total_size); total_size = 0; error = map_addr; @@ -699,51 +697,9 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, error = -ENOMEM; goto out; } - - /* - * Find the end of the file mapping for this phdr, and - * keep track of the largest address we see for this. - */ - k = load_addr + eppnt->p_vaddr + eppnt->p_filesz; - if (k > elf_bss) - elf_bss = k; - - /* - * Do the same thing for the memory mapping - between - * elf_bss and last_bss is the bss section. - */ - k = load_addr + eppnt->p_vaddr + eppnt->p_memsz; - if (k > last_bss) { - last_bss = k; - bss_prot = elf_prot; - } } } - /* - * Now fill out the bss section: first pad the last page from - * the file up to the page boundary, and zero it from elf_bss - * up to the end of the page. - */ - if (padzero(elf_bss, bss_prot)) { - error = -EFAULT; - goto out; - } - /* - * Next, align both the file and mem bss up to the page size, - * since this is where elf_bss was just zeroed up to, and where - * last_bss will end after the vm_brk_flags() below. - */ - elf_bss = ELF_PAGEALIGN(elf_bss); - last_bss = ELF_PAGEALIGN(last_bss); - /* Finally, if there is still more bss to allocate, do it. */ - if (last_bss > elf_bss) { - error = vm_brk_flags(elf_bss, last_bss - elf_bss, - bss_prot & PROT_EXEC ? VM_EXEC : 0); - if (error) - goto out; - } - error = load_addr; out: return error;