Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3116120imu; Mon, 19 Nov 2018 10:51:55 -0800 (PST) X-Google-Smtp-Source: AJdET5eJAObVVAy5As9mM3Qew+T0s7/lheBKEtJcgfcfMZb9utrDF4Dhs5jNUTi+fuMnqgkB5KC2 X-Received: by 2002:a63:3e05:: with SMTP id l5mr19761517pga.96.1542653515313; Mon, 19 Nov 2018 10:51:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542653515; cv=none; d=google.com; s=arc-20160816; b=sJ13cNMGdg5RE9pF9qX7juAp3o1EqpkHWb70aspFlNQeHyfOPvYctjqyPRR89vMu5M Zr+NbGmMrfD1KQTGTubo6OohFjsZj067CpE0/OxAN/sdA/NROkX9FQv1J67QX0Vh5wj0 RncOcOivZiKezJRiN1pXQflk5j9T7+s8zxMxG0ZF3onkRbDu1/g3AtK6jY6A6ower5kY b86Exh/Zk7QnzNSBC2rfGoimLnrDMm57w2dXGAoFS9Ij/GXH+yeYftBYl3k/eQtnupmU RNVP/K5GbAwXzaPHdxNAOSsSVcolXqgwTMXoiVYETiDxvbYWGP1K6cRFBvIp6JfG6eSq DNpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kpuWJPllyCcznJYP5rxxibkHOS3adn6dV3eKxQgYRSU=; b=we/XxVHhhGs8J/8zI8F3QUkh7HHOgk4rufwWDIfMo/1g9ythMdbrkeQnlI4EAcMffq FMY9Pz5cWrFG1zCgkWYx5SyHVzyAYDBnf8XwxDA7j7Mc/q3ey+bN3Nl1+oX24jn76ywI wWAv2awBoze6Hs0GcBAc//S3tpF5lhvTJ/bftcpaVg223h/GJtylXlpYYakBQsCC+Bx0 jUeZMqVOcOQTt9Kx/UCSj8kGjf7dtrSLQx57GSwxHQDHqbXEyXFWLl/X3xrJjSG4AODL bT99XCH2oOs4MO/scPY3QUr6cF2yViwkxkeXfZow750xXRzDOQw8mxe5fv6OaZkJqDmp qcrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xV6CMBQV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r2si12821359pgk.389.2018.11.19.10.51.39; Mon, 19 Nov 2018 10:51:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xV6CMBQV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405487AbeKTDZI (ORCPT + 99 others); Mon, 19 Nov 2018 22:25:08 -0500 Received: from mail.kernel.org ([198.145.29.99]:38136 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404694AbeKTDZG (ORCPT ); Mon, 19 Nov 2018 22:25:06 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3715F21731; Mon, 19 Nov 2018 17:00:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542646850; bh=R6mK60ulBnm9ohVNTyY4GQK2r6tyXi6Qr/0v9PPd8bo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xV6CMBQVzMdd6S2zCNPNJuEP/QX2ccFb1oOt7+xyCYA2v1rC1yOzCjlqVNhL5PxzN 32/JmA2uBdicYskz2UoTfGfHa8H/W7uY7adkm9+DtBvsIQhqlINL1kKAs1vDS8Yo6M XLR60/Kev+oq5mSSloXmzMfPhrtmWwclmqRpYLYo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Oscar Salvador , syzbot+5dcb560fe12aa5091c06@syzkaller.appspotmail.com, Tetsuo Handa , Kees Cook , Michal Hocko , Nicolas Pitre , Andrew Morton , Linus Torvalds , Ben Hutchings , Sasha Levin Subject: [PATCH 4.4 115/160] fs, elf: make sure to page align bss in load_elf_library Date: Mon, 19 Nov 2018 17:29:14 +0100 Message-Id: <20181119162641.879208238@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181119162630.031306128@linuxfoundation.org> References: <20181119162630.031306128@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ commit 24962af7e1041b7e50c1bc71d8d10dc678c556b5 upstream. The current code does not make sure to page align bss before calling vm_brk(), and this can lead to a VM_BUG_ON() in __mm_populate() due to the requested lenght not being correctly aligned. Let us make sure to align it properly. Kees: only applicable to CONFIG_USELIB kernels: 32-bit and configured for libc5. Link: http://lkml.kernel.org/r/20180705145539.9627-1-osalvador@techadventures.net Signed-off-by: Oscar Salvador Reported-by: syzbot+5dcb560fe12aa5091c06@syzkaller.appspotmail.com Tested-by: Tetsuo Handa Acked-by: Kees Cook Cc: Michal Hocko Cc: Nicolas Pitre Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Ben Hutchings Signed-off-by: Sasha Levin --- fs/binfmt_elf.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 2963a23f7a80..f010d6c8dd14 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1214,9 +1214,8 @@ static int load_elf_library(struct file *file) goto out_free_ph; } - len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + - ELF_MIN_ALIGN - 1); - bss = eppnt->p_memsz + eppnt->p_vaddr; + len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr); + bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr); if (bss > len) { error = vm_brk(len, bss - len); if (BAD_ADDR(error)) -- 2.17.1