Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp4869113ybi; Tue, 28 May 2019 04:00:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqyYD5bo0vR7C+NC+0YWTTv8VY9oTsSzO9TT3eHb657J6H5FjhU+11BG9+QH4lnToZmENGCw X-Received: by 2002:a17:90a:b885:: with SMTP id o5mr4986268pjr.52.1559041200330; Tue, 28 May 2019 04:00:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559041200; cv=none; d=google.com; s=arc-20160816; b=NACCHhotT8nnIPUE7YfQmJgT7r9MhFq+Vq7aE2jReAqnJn46HiWxdI5HnP7/rAismu sqWk5chHSvUPcS0LlaOrRGIWIba6TgMykocNymFj8R81uIBGtjxsh1TMvMNexC0cwYb4 CEm8OdiL2T1bYTrrkyG0L5ux6sC0cnFlU5wvFrVYAMC8hAfdwrEudzVzxkgBEO59serE 1ewpt0GktkEFPEyhKsoao/pZrbjcIrKI5PPnu5f3gIWMLkPpJXo/QqulVG59PBoFGGru WZFRwlphqDED79uSJe5lKL63bgkgoNXnuI13t0zt/cRscsN71rt8NGsfRZJr05CvaSgf 0Lhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=Hdn3EeVjlBJcXBMPvx6HhmQ4ETJ7zmjdc/3SWYnj3Hw=; b=AWRYaawu5rLvm+ZXhghQcbLcdpZQuDVBhZEDDrk70ddLrzN97sAR9pU9+taBjuUhYV rEd9QTcgEvAH8fKgu17wtDyKzsb+H+12EXcQ/0Xzn8oXlXJ7AcHKV3ZxTfrYQ0GXwb36 GxegmB05eNrWeczbLIl+5u9vg01i9lFPkHVvBXZQBjsPyvaap35r5a40ol4QQNXS6JTp qEr7rrAZe0XfPDS7ToLsXAeBl9GZtR0RiMsWXhqtCsqDLl2W3XLQ45C8VxQX3JvaHhfl EZh50MEWoDJy779Ia+oqBnvldY25WABpOeEyBnaCaoWqhUA6IzRRLMkVeSlVzNimM6xJ VslQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a15si25102660pfa.85.2019.05.28.03.59.44; Tue, 28 May 2019 04:00:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726867AbfE1K4p (ORCPT + 99 others); Tue, 28 May 2019 06:56:45 -0400 Received: from icp-osb-irony-out6.external.iinet.net.au ([203.59.1.106]:59449 "EHLO icp-osb-irony-out6.external.iinet.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726282AbfE1K4o (ORCPT ); Tue, 28 May 2019 06:56:44 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2AsAACTEu1c//aqqnwNWBkBAQEBAQE?= =?us-ascii?q?BAQEBAQEHAQEBAQEBgWWEJoQTk1kBAQEBAQEGgTWJT4lwhj4DVAkBAQEBAQE?= =?us-ascii?q?BAQE3AQEBhD8CgwE4EwEDAQEBBAEBAQEDAYZgAQEBAyMVQRALGAICJgICVwY?= =?us-ascii?q?BDAYCAQGDHoF3pz1xgS+FR4McgUaBDCiLaniBB4E4gjY1PodOglgEjVuGApQ?= =?us-ascii?q?dWQgBgg+OZYQqIYIfimaJRC2MQZgGV4EhMxoIKAiDJ4IYGo4yYI8WAQE?= X-IPAS-Result: =?us-ascii?q?A2AsAACTEu1c//aqqnwNWBkBAQEBAQEBAQEBAQEHAQEBA?= =?us-ascii?q?QEBgWWEJoQTk1kBAQEBAQEGgTWJT4lwhj4DVAkBAQEBAQEBAQE3AQEBhD8Cg?= =?us-ascii?q?wE4EwEDAQEBBAEBAQEDAYZgAQEBAyMVQRALGAICJgICVwYBDAYCAQGDHoF3p?= =?us-ascii?q?z1xgS+FR4McgUaBDCiLaniBB4E4gjY1PodOglgEjVuGApQdWQgBgg+OZYQqI?= =?us-ascii?q?YIfimaJRC2MQZgGV4EhMxoIKAiDJ4IYGo4yYI8WAQE?= X-IronPort-AV: E=Sophos;i="5.60,521,1549900800"; d="scan'208";a="163258800" Received: from 124-170-170-246.dyn.iinet.net.au (HELO [192.168.0.106]) ([124.170.170.246]) by icp-osb-irony-out6.iinet.net.au with ESMTP; 28 May 2019 18:56:39 +0800 Subject: Re: [PATCH] binfmt_flat: make load_flat_shared_library() work To: Jann Horn , Andrew Morton Cc: Alexander Viro , linux-fsdevel , kernel list , Kees Cook , Nicolas Pitre , Arnd Bergmann , Geert Uytterhoeven , linux-m68k@vger.kernel.org, Russell King , linux-arm-kernel@lists.infradead.org References: <20190524201817.16509-1-jannh@google.com> <20190525144304.e2b9475a18a1f78a964c5640@linux-foundation.org> From: Greg Ungerer Message-ID: <6956cfe5-90d4-aad4-48e3-66b0ece91fed@linux-m68k.org> Date: Tue, 28 May 2019 20:56:37 +1000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27/5/19 11:38 pm, Jann Horn wrote: > On Sat, May 25, 2019 at 11:43 PM Andrew Morton > wrote: >> On Fri, 24 May 2019 22:18:17 +0200 Jann Horn wrote: >>> load_flat_shared_library() is broken: It only calls load_flat_file() if >>> prepare_binprm() returns zero, but prepare_binprm() returns the number of >>> bytes read - so this only happens if the file is empty. >> >> ouch. >> >>> Instead, call into load_flat_file() if the number of bytes read is >>> non-negative. (Even if the number of bytes is zero - in that case, >>> load_flat_file() will see nullbytes and return a nice -ENOEXEC.) >>> >>> In addition, remove the code related to bprm creds and stop using >>> prepare_binprm() - this code is loading a library, not a main executable, >>> and it only actually uses the members "buf", "file" and "filename" of the >>> linux_binprm struct. Instead, call kernel_read() directly. >>> >>> Cc: stable@vger.kernel.org >>> Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses") >>> Signed-off-by: Jann Horn >>> --- >>> I only found the bug by looking at the code, I have not verified its >>> existence at runtime. >>> Also, this patch is compile-tested only. >>> It would be nice if someone who works with nommu Linux could have a >>> look at this patch. >> >> 287980e49ffc was three years ago! Has it really been broken for all >> that time? If so, it seems a good source of freed disk space... > > Maybe... but I didn't want to rip it out without having one of the > maintainers confirm that this really isn't likely to be used anymore. I have not used shared libraries on m68k non-mmu setups for a very long time. At least 10 years I would think. Regards Greg