Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3823373ybi; Mon, 27 May 2019 06:40:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqzPOGre2gH+Tm19iq9sC7rAU1UPb5iOLn+F8dtLmxS7vSqH3B2ZiBnM98yrI/+VQ2k/3WOI X-Received: by 2002:a62:6d47:: with SMTP id i68mr137129774pfc.189.1558964412779; Mon, 27 May 2019 06:40:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558964412; cv=none; d=google.com; s=arc-20160816; b=RiM33MIGm61o4+OontUlX1bs6o08nTjZz8MD9j7DapVA1QfXbWJO7iPRhdDgWeAyX0 U+PFT0TH+ecMsG9Y+n/NIEv92Iot1ayNJbwPzI77cZUcQjjnhBqwb67sEvKmIP950fJ3 fFDMtwECf7ry6kBuwDslY4kb+WUUw/EtnYu1aC+0nXp4lm0Eyo7NKXuSoBMZFOa4NkiU 6ZPejPO139k7QT39D4VFi1gKHkhpkZ/h41iItSE1eFBMQh9vsEqa1LeQi/epJQnzqgYB T7j7mkUT41g5QPkS44d489D6w5GMhX+OBja2l7LlxZOSMFfYkA4lhmKew/mj3ErGE8S5 8yOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=KMFxRGlKUpvBvlbQG58xrVAgA23tAIXMetii0uOnwLo=; b=tyB8wH0Lp3eeLpxbDd92iNsZBxZE18GJfk//BhANd5WL2QBczbxp1EhXPBCnvOIMng wg5orXKvjbyo2ydH9zavA7hpnI1QInUfuLANEIqUhOdsNk5LnjpV9MDCYDKuX4YBigfT 4PYRaLAEVcPsB5moed+z11wUTYDbiJYyAzGMNab39HflVTSDgJGMqZelkD3/bNk/NHPj QZWUmUQPI2OKr6jSNj2S1dZNlsYdgCYLu3b4cMxSSEAnIQZ2iwrYkf1rGcvt6vZZOrtV i1YsC6Ce+wv00NjKL+n/+1L0akcVRl+LVavxsPZCGDeVVXT7+8Ub8PE1Pd73Uw8Gbc+S 4mOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=bKSDOlnN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v4si17752242plp.404.2019.05.27.06.39.57; Mon, 27 May 2019 06:40:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=bKSDOlnN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726408AbfE0Niy (ORCPT + 99 others); Mon, 27 May 2019 09:38:54 -0400 Received: from mail-ot1-f65.google.com ([209.85.210.65]:40850 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726274AbfE0Niy (ORCPT ); Mon, 27 May 2019 09:38:54 -0400 Received: by mail-ot1-f65.google.com with SMTP id u11so14812724otq.7 for ; Mon, 27 May 2019 06:38:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KMFxRGlKUpvBvlbQG58xrVAgA23tAIXMetii0uOnwLo=; b=bKSDOlnNh1cedFkO7cgRQsvU+SSGTdbdaXYpVewl+/Qr5s/W5HZ2p5wW6xe3KU6Dzp za2OilPy0X4hy44OStoNDLirumw6BRgEWfvN7eTX6EcFekxvNjeyHo3toAls/KbqezUG fqX/moYkcTQhCJ3LZ3TgpxBoJY/MqcGKfOD9LpcvMbJZQ2pKcNbw8qSgEgBRVJ2l8RpI dPp+7S9+RrItjw3Ncld7Bru6Z5gs6prjOlX4rudOG3cEZx8XIfFfgzvPgpryIf77yuks PYg/QVt/TmD5+sTivN1hcl+ik2t7vropjLpWNF4qUwlRkSo+C4EhMqSxgGOm07en+dpQ qCmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KMFxRGlKUpvBvlbQG58xrVAgA23tAIXMetii0uOnwLo=; b=TrVvonYBSzbTkcPcEpyRF+pGWxsIVUPPhvJunkcIyPciG1BLlGWxxpC+FEuB2JHTwK uglC5v8wfxJ7Yi9HC69W0SLpVgbkgYUu+rvfTWVIiEKezUoZFKHGuYA0WkVP9rnsfDGB aelVLZlUV7gj5OIzfR1OIdXQ+aF270XUGXXMdf/vhvYtw/NqQCHPZYBA5oSwpcTeEb5E OSBTycBKjIV2v/2bwOzzIgJEt0f9y+hsOXTOh+/GfFdlecJg0Npz0th7VdfQV4+gx/yd DM+SjW7lL7oVejbxCfN/Kem/5MnfehzcYMZwgpUOqUaUH6ACRRvShz3Lz2Mtk5zOiQep 7y1A== X-Gm-Message-State: APjAAAVkcy4te9XSQB1l76mHwhg9a98TeE+AJObLI6pgfFesNdxP2TJR o71GUk4p1IP+3kuu9lpnFP76TVGLWiC3W9E0Rq6FvQ== X-Received: by 2002:a9d:148:: with SMTP id 66mr21992873otu.32.1558964332814; Mon, 27 May 2019 06:38:52 -0700 (PDT) MIME-Version: 1.0 References: <20190524201817.16509-1-jannh@google.com> <20190525144304.e2b9475a18a1f78a964c5640@linux-foundation.org> In-Reply-To: <20190525144304.e2b9475a18a1f78a964c5640@linux-foundation.org> From: Jann Horn Date: Mon, 27 May 2019 15:38:26 +0200 Message-ID: Subject: Re: [PATCH] binfmt_flat: make load_flat_shared_library() work To: Andrew Morton Cc: Alexander Viro , linux-fsdevel , kernel list , Kees Cook , Nicolas Pitre , Arnd Bergmann , Geert Uytterhoeven , linux-m68k@vger.kernel.org, Russell King , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 25, 2019 at 11:43 PM Andrew Morton wrote: > On Fri, 24 May 2019 22:18:17 +0200 Jann Horn wrote: > > load_flat_shared_library() is broken: It only calls load_flat_file() if > > prepare_binprm() returns zero, but prepare_binprm() returns the number of > > bytes read - so this only happens if the file is empty. > > ouch. > > > Instead, call into load_flat_file() if the number of bytes read is > > non-negative. (Even if the number of bytes is zero - in that case, > > load_flat_file() will see nullbytes and return a nice -ENOEXEC.) > > > > In addition, remove the code related to bprm creds and stop using > > prepare_binprm() - this code is loading a library, not a main executable, > > and it only actually uses the members "buf", "file" and "filename" of the > > linux_binprm struct. Instead, call kernel_read() directly. > > > > Cc: stable@vger.kernel.org > > Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses") > > Signed-off-by: Jann Horn > > --- > > I only found the bug by looking at the code, I have not verified its > > existence at runtime. > > Also, this patch is compile-tested only. > > It would be nice if someone who works with nommu Linux could have a > > look at this patch. > > 287980e49ffc was three years ago! Has it really been broken for all > that time? If so, it seems a good source of freed disk space... Maybe... but I didn't want to rip it out without having one of the maintainers confirm that this really isn't likely to be used anymore.