Received: by 2002:ac0:a591:0:0:0:0:0 with SMTP id m17-v6csp2128734imm; Fri, 6 Jul 2018 12:25:54 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdYuEnYoAdPJuapo0faLyufSKMHkSDhZ/K+AThjI6CRiJO/IePbjXDh4F2htYLZX6wCF+bi X-Received: by 2002:a63:7c5c:: with SMTP id l28-v6mr10663767pgn.352.1530905154578; Fri, 06 Jul 2018 12:25:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530905154; cv=none; d=google.com; s=arc-20160816; b=np7yMEskFXdBdYi/PBSxt8piWApXpvjVniy4YB/NTGecO0gN8hXvZLsWDedcdbLeM5 7+n7W9jGO/Y7UGeiL7XI58j5bEJnhmnUCqHv4XpyZeTOnLkmC59+/XVMQYfZmvH7jfsQ 6UVQ73/cV5yUd46jTpLxXOJpjX6+riC/ZTzFOs87V/gpLuTn8vEQvon/dGxf3djUO77v 1OYX+TRP4WpRbPX3yzFQGJWucKMpOidNSvZP7U51zsaWB7rGWcg3961Chs19nywKsqJb 3q9iIjum9zAohlW+WHVovC58wosQ/2iuROdA8T14RTT0hQHKTQtPk8jjzPnRh6vlf0yT j+zA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=+XAmXzMAcqZoH2fLwSNIPZWvfUPc2O9SgGIeUGnWoOk=; b=sVqNDkcoqVPr3M5YMfTupBb2PCxAXsImBQXC6/UC3YVg7f8BdTWU72FOWrJV2A2Vbr LBRQmbm5jqV1ul2aMI+i8I+1o4prw/pXtJ/n6dwANf4OSuhpLqZDBZvG1LgCfpwGvVn3 yFokwZ8K6SDfc2Fj4ESx5tVkHCqJibZwd8EBYnApOkJ7xn1zujMxkYS+BNOFqwb9I66C PB/0axB2MtKCN5viZgd1kZl0inzBwZeLSEqZ7oIW0LRca+Ca8ZDbitZ/wOXsTB1JvkEP efWQFV5dZ1WrkC11etKJKlycsRDZBS5LnE2ldXR/rVZBZ7X+pj7+zprwHDHy9pRcLtEN m3OA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b="kVgZ/vBo"; dkim=fail header.i=@chromium.org header.s=google header.b=X2RB2g7c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z2-v6si9459011pfb.365.2018.07.06.12.25.40; Fri, 06 Jul 2018 12:25:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b="kVgZ/vBo"; dkim=fail header.i=@chromium.org header.s=google header.b=X2RB2g7c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934654AbeGFTXm (ORCPT + 99 others); Fri, 6 Jul 2018 15:23:42 -0400 Received: from mail-yb0-f194.google.com ([209.85.213.194]:43712 "EHLO mail-yb0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934463AbeGFTXj (ORCPT ); Fri, 6 Jul 2018 15:23:39 -0400 Received: by mail-yb0-f194.google.com with SMTP id x10-v6so4966377ybl.10 for ; Fri, 06 Jul 2018 12:23:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=+XAmXzMAcqZoH2fLwSNIPZWvfUPc2O9SgGIeUGnWoOk=; b=kVgZ/vBosBDC6rLU22ap77TBU5zohwZPPamw24JgVeke0Ji8dpYnnlIqgkNQSy4r0B u272uHPl7nOEhaXp6IcE8XVAOrKK3o1jW1l5HsqhedxM72w6wFkeDYpA4f8oU1M4y7u4 SW/g93qil1ljEB1yCBG45Sa88OlbD0fSqUSOfrbRxO1qeQDgsFAJPybdYU5qgQ4qVCF6 byDICfRr4oQmZqefhmfndEzUsaLLgXkGu8bSoWSg51Z2d9/48Hipbz/j7dZ7wz8MMHo/ yzrV55C0ZRCg+LCctY1c1rJA8pasGQCXThaMzedb4WEjUAhsB6kPX34Mnoi4EbrptHvz MbOg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=+XAmXzMAcqZoH2fLwSNIPZWvfUPc2O9SgGIeUGnWoOk=; b=X2RB2g7cMosMbfBDX4d1/889L3KUai+IXp+qJxtPgptYwPlSGLQGF+/j4M5ZFNdTOw 6EtnbRFHTRj5TOJ8BHe5Ul4CmHs7Zlu/SgT6+DeOq1crBGaJXYLXU1asRiwt9ljA/yGT 8le9vuO/NWkfj4DZ/Cx3zRztEbLN03lP2KDQk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=+XAmXzMAcqZoH2fLwSNIPZWvfUPc2O9SgGIeUGnWoOk=; b=Xk8qU4XRy2YEMjaOPEnRq0KEc/5TwQ0kklg0x/gZQOs4TjuDlvaNWBiC8wlfSOr2M4 9EJG0BBMkl047cypA9ah5eKgiSHCh5Q4Zx0zxeJ8mRY11F+1tDfpktfff54qiQKxVOcc w/3ElM3iv6PNKcmRD5LGNLX6o1GnB90eMcz//BnB0poiEWLTGuNmvYUS76/4uQZsesOi Fgqfzjiwec6J9cgoFixVtGsTH8hUHpbhSnJ7YXiFuK9hDmLC6U5RBozXD+GlK8Rbsj2Y Ah6J4K3ggV3lCo6TBFwu9wzyRDUGyJjEnSNOTG6nvuUYQcE77SYUwQrnjR2lo/9xEpyT z3Qw== X-Gm-Message-State: APt69E1oNK+R8dYOP6SFvXWxgaw9c0Kgd6SpaIDkZW5gIth5ZInk8pkh iZFsU9VYqZ6aSllZ1Zm8Mvrg2re6Rf+3j1s3fhnluKQg X-Received: by 2002:a25:ce8e:: with SMTP id x136-v6mr6003078ybe.118.1530905019148; Fri, 06 Jul 2018 12:23:39 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Fri, 6 Jul 2018 12:23:38 -0700 (PDT) In-Reply-To: <20180706071323.GA7959@techadventures.net> References: <20180705145539.9627-1-osalvador@techadventures.net> <20180706071323.GA7959@techadventures.net> From: Kees Cook Date: Fri, 6 Jul 2018 12:23:38 -0700 X-Google-Sender-Auth: qmrbFh7xsFJ5uPW_nB4k_fKS7rU Message-ID: Subject: Re: [PATCH] fs, elf: Make sure to page align bss in load_elf_library To: Oscar Salvador Cc: "linux-fsdevel@vger.kernel.org" , Linux-MM , LKML , Michal Hocko , Tetsuo Handa , Nicolas Pitre , Oscar Salvador , Andrew Morton Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 6, 2018 at 12:13 AM, Oscar Salvador wrote: > On Thu, Jul 05, 2018 at 08:44:18AM -0700, Kees Cook wrote: >> On Thu, Jul 5, 2018 at 7:55 AM, wrote: >> > From: Oscar Salvador >> > >> > The current code does not make sure to page align bss before calling >> > vm_brk(), and this can lead to a VM_BUG_ON() in __mm_populate() >> > due to the requested lenght not being correctly aligned. >> > >> > Let us make sure to align it properly. >> > >> > Signed-off-by: Oscar Salvador >> > Tested-by: Tetsuo Handa >> > Reported-by: syzbot+5dcb560fe12aa5091c06@syzkaller.appspotmail.com >> >> Wow. CONFIG_USELIB? I'm surprised distros are still using this. 32-bit >> only, and libc5 and earlier only. >> >> Regardless, this appears to match the current bss alignment logic in >> the main elf loader, so: >> >> Acked-by: Kees Cook >> >> -Kees >> >> > --- >> > fs/binfmt_elf.c | 5 ++--- >> > 1 file changed, 2 insertions(+), 3 deletions(-) >> > >> > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c >> > index 0ac456b52bdd..816cc921cf36 100644 >> > --- a/fs/binfmt_elf.c >> > +++ b/fs/binfmt_elf.c >> > @@ -1259,9 +1259,8 @@ static int load_elf_library(struct file *file) >> > goto out_free_ph; >> > } >> > >> > - len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + >> > - ELF_MIN_ALIGN - 1); >> > - bss = eppnt->p_memsz + eppnt->p_vaddr; >> > + len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr); >> > + bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr); >> > if (bss > len) { >> > error = vm_brk(len, bss - len); >> > if (error) >> > -- >> > 2.13.6 >> > > CC Andrew > > Hi Andrew, > > in case this patch gets accepted, does it have to go through your tree? > Or is it for someone else to take it? (FWIW, binfmt_elf changes have traditionally gone through -mm, yes.) -Kees -- Kees Cook Pixel Security