Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3893323ybi;
        Mon, 27 May 2019 07:40:35 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwnbVPqBDhZCB/arRQ9Tzw6UVjusNKOpOwg6sAI4CVnq046aXcG7dlsTzNiHAKDoS6a5eYF
X-Received: by 2002:a17:902:a716:: with SMTP id w22mr16945606plq.270.1558968035430;
        Mon, 27 May 2019 07:40:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558968035; cv=none;
        d=google.com; s=arc-20160816;
        b=IrufOrtqk7uWtyxqZNbIZdDnvco3Awy7PlU2D6u/yHsRtStoZb3DD78eIrc2O3AYcm
         7JpPPMaqMUi88s9rRNKRDwgMawvU8LxnX+xUMmoa5K8oPy32+xE9ra3tK/0QPRyGc9Ex
         L2jbo66pAwzo5nlJED5F4UBrnHuGIcyVupwq8nqDZaQ2grmgSXveHPmCkeDDVnIyYFeE
         7pOew0yfN30Gjw0tfNfle0ix/P/JR1o9urPYqBfD/XJ0Kup4q4DXVSSbE8fY4bVQjpkr
         XwVwHPuk7JjYJLR2+IrQkRFX0P6j++q8zmqnhtChrUxuio7exP+gjqa3XGqeKSwnE8kr
         xThQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature
         :dkim-signature;
        bh=1wQ+c0PTQsAUSEltUKFhUBJR743e3REsS/BI3/Fy+vw=;
        b=Qbz+dyEgkd+I93o/EeQVM/We0445mKEqNoM+FbyhBXOF1Yr3WXfJuHXd62E7VEskAF
         2wUJpsM2C1PjU2y0cm0jqJD2IVi3ITxM4XM7uVNFqjh0FDmDfLaNRP/UeUneIpyqA4XG
         YxXJC7WgeruAccAWbgNLHCU10EhLhNb7KwXcp5z8+Y0+B32wOYLLEcIJl/vV9jcdrvsZ
         jrsVyXNiHD7b9txKNpDQPEiJCMtX/Q0CWUaARd0IgLH7uJ68q6fPNk1oyRmpp+1n30nQ
         Ge3nnGwEQ7xi7fepq1eMIdTeASzCDKIoEWZKWXwtEsgCVfh1m7IEu5SBOxh/oDvQccEP
         qC5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@pobox.com header.s=sasl header.b=sWfOaRVk;
       dkim=temperror (no key for signature) header.i=@fluxnic.net header.s=2016-12.pbsmtp header.b=T3H3Hf1y;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m13si18246977pjb.34.2019.05.27.07.40.18;
        Mon, 27 May 2019 07:40:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@pobox.com header.s=sasl header.b=sWfOaRVk;
       dkim=temperror (no key for signature) header.i=@fluxnic.net header.s=2016-12.pbsmtp header.b=T3H3Hf1y;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726752AbfE0Ohx (ORCPT <rfc822;yingkeliu@gmail.com> + 99 others);
        Mon, 27 May 2019 10:37:53 -0400
Received: from pb-smtp2.pobox.com ([64.147.108.71]:51584 "EHLO
        pb-smtp2.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726457AbfE0Ohx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 May 2019 10:37:53 -0400
Received: from pb-smtp2.pobox.com (unknown [127.0.0.1])
        by pb-smtp2.pobox.com (Postfix) with ESMTP id A081915EDF3;
        Mon, 27 May 2019 10:37:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to
        :cc:subject:in-reply-to:message-id:references:mime-version
        :content-type; s=sasl; bh=zot+SgMMZ6NLkAbEfpi2LUH3mQg=; b=sWfOaR
        Vk+aJbCEAlII2KwizI8uEAjvrRCGxGjVlq9esNoojV6ynhwQKBcAvWyvfipnrCwE
        OhZa7VZwY/DfU1CC3BDgEpBieBcuLXnVSMEG85s977vrD8xv6Lv/E2UY48runV0f
        uH/YesulcIvXULY5X6xTYKZRXW5ZHalfCjWhI=
Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1])
        by pb-smtp2.pobox.com (Postfix) with ESMTP id 9757315EDF2;
        Mon, 27 May 2019 10:37:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=fluxnic.net;
 h=date:from:to:cc:subject:in-reply-to:message-id:references:mime-version:content-type; s=2016-12.pbsmtp; bh=iGYrYXMmcUG/e3dkcmXnxQB5h/4Pjc8UzTVPVZ4a6Eg=; b=T3H3Hf1yUjjiAwjwbeXLI2c1avRjSUaDRUKgwlobx330QqXp72MtELf0geJg99iyhaGzLXIlUYpcIbOfP5xWb9uoFIKnMPHdcNV+sz9wuy0HqpgoB7RvzxrmzlDZDCQWAuRxkJgosFDOLBGgEIAORfZIpwqMq4G2plGrOz46iuM=
Received: from yoda.home (unknown [70.82.130.96])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by pb-smtp2.pobox.com (Postfix) with ESMTPSA id 08FEF15EDF1;
        Mon, 27 May 2019 10:37:48 -0400 (EDT)
Received: from xanadu.home (xanadu.home [192.168.2.2])
        by yoda.home (Postfix) with ESMTPSA id E1ADA2DA045D;
        Mon, 27 May 2019 10:37:46 -0400 (EDT)
Date:   Mon, 27 May 2019 10:37:46 -0400 (EDT)
From:   Nicolas Pitre <nico@fluxnic.net>
To:     Jann Horn <jannh@google.com>
cc:     Andrew Morton <akpm@linux-foundation.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        linux-m68k@vger.kernel.org, Russell King <linux@armlinux.org.uk>,
        linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] binfmt_flat: make load_flat_shared_library() work
In-Reply-To: <CAG48ez36xJ9UA8gWef3+1rHQwob5nb8WP3RqnbT8GEOV9Z38jA@mail.gmail.com>
Message-ID: <nycvar.YSQ.7.76.1905271031340.1558@knanqh.ubzr>
References: <20190524201817.16509-1-jannh@google.com> <20190525144304.e2b9475a18a1f78a964c5640@linux-foundation.org> <CAG48ez36xJ9UA8gWef3+1rHQwob5nb8WP3RqnbT8GEOV9Z38jA@mail.gmail.com>
User-Agent: Alpine 2.21 (LFD 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Pobox-Relay-ID: FF6CA618-808C-11E9-ACB2-72EEE64BB12D-78420484!pb-smtp2.pobox.com
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 27 May 2019, Jann Horn wrote:

> On Sat, May 25, 2019 at 11:43 PM Andrew Morton
> <akpm@linux-foundation.org> wrote:
> > On Fri, 24 May 2019 22:18:17 +0200 Jann Horn <jannh@google.com> wrote:
> > > load_flat_shared_library() is broken: It only calls load_flat_file() if
> > > prepare_binprm() returns zero, but prepare_binprm() returns the number of
> > > bytes read - so this only happens if the file is empty.
> >
> > ouch.
> >
> > > Instead, call into load_flat_file() if the number of bytes read is
> > > non-negative. (Even if the number of bytes is zero - in that case,
> > > load_flat_file() will see nullbytes and return a nice -ENOEXEC.)
> > >
> > > In addition, remove the code related to bprm creds and stop using
> > > prepare_binprm() - this code is loading a library, not a main executable,
> > > and it only actually uses the members "buf", "file" and "filename" of the
> > > linux_binprm struct. Instead, call kernel_read() directly.
> > >
> > > Cc: stable@vger.kernel.org
> > > Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses")
> > > Signed-off-by: Jann Horn <jannh@google.com>
> > > ---
> > > I only found the bug by looking at the code, I have not verified its
> > > existence at runtime.
> > > Also, this patch is compile-tested only.
> > > It would be nice if someone who works with nommu Linux could have a
> > > look at this patch.
> >
> > 287980e49ffc was three years ago!  Has it really been broken for all
> > that time?  If so, it seems a good source of freed disk space...
> 
> Maybe... but I didn't want to rip it out without having one of the
> maintainers confirm that this really isn't likely to be used anymore.

Last time I played with this, I couldn't figure out the toolchain to 
produce shared libs. Only static executables worked fine. If I recall, 
existing binfmt_flat distros don't use shared libs either.

For shared lib support on no-MMU target, binfmt_elf_fdpic is a much 
saner choice.


Nicolas