Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1601493rwb;
        Thu, 10 Nov 2022 19:50:07 -0800 (PST)
X-Google-Smtp-Source: AMsMyM5/r/G97Xr3eBFDVuQFIAXXLorVEflb25YHx/oBq87G9krAiSbZj1fON/9sAKQDDM+SQyIU
X-Received: by 2002:a17:90a:c7cb:b0:213:dce7:e1fe with SMTP id gf11-20020a17090ac7cb00b00213dce7e1femr3461572pjb.110.1668138607029;
        Thu, 10 Nov 2022 19:50:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668138607; cv=none;
        d=google.com; s=arc-20160816;
        b=quX2fHxw265YILp4IwC1WtmJQ+3gy91FQvDWI6Vr3nAGvkisAP/uM/M+I6PjUIco3O
         ut60ue/jWL26Mc/Vx3YYpdbP+9Wr5xd1Qg51QdIyCCIkgojBHCtuCo21zA2frNbBbPrm
         NieOfA0FNQTjXyQUKo0oGNM0h21izdtvwPyyZ4y+q9rISO9XifBBGa9QJkYxDDDP58e/
         70qogB+6LQUfIMa+O2noUd7vEQlQahRjCMCTBlt6a9dmjVT5wwxTao6YUmMygblzg6UX
         GcgYr2efm8Ek8V+Hm2lo6D+LQxwgBI2SmNo8WHxQM2PfufoF59lyXy4EyBxIyGnlc1QY
         xRkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=yBNei5h4u7yfXoS80paK9OSVEakmAYHRYKZMGMpdlsE=;
        b=EcjqFvmNIea+GzmsXigOY3QtoMDmPoP0APxHGIvs9wDLFUTJ0TW+8kqc/nxU/NUes/
         oHCnUEKQYshKyvzD04iJRhwkBiO8u9G0nrGLSWFLzUttQkgG6WRnHTC06ds37Bf31XHq
         ceeliUbNK18TjlgLnvkg5GBwQkI9A2bXRap8PVknUXeGi6Sfvlk9qORhoOp+Qb/r/x1R
         LF2GNQ98SfiMX8tJM1vY4yJQ4EjxFSKIxpr0iviq2jdsZgnejgO7XQU89YE2C0KSw8xY
         rF0WUgYPt84L/Liab5uCOGvSHaGFuW/rg98lO3L7FnC/cwif/XlnVlyb+J6W/PwbSn0B
         amow==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YTJOtdlb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id 8-20020a630108000000b0046f71a7292dsi1096437pgb.384.2022.11.10.19.49.55;
        Thu, 10 Nov 2022 19:50:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YTJOtdlb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231804AbiKKDiv (ORCPT <rfc822;smith.dustin2017@gmail.com>
        + 93 others); Thu, 10 Nov 2022 22:38:51 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39522 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229566AbiKKDit (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Nov 2022 22:38:49 -0500
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23B0B124
        for <linux-kernel@vger.kernel.org>; Thu, 10 Nov 2022 19:38:47 -0800 (PST)
Received: by mail-pf1-x429.google.com with SMTP id g62so3821809pfb.10
        for <linux-kernel@vger.kernel.org>; Thu, 10 Nov 2022 19:38:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=yBNei5h4u7yfXoS80paK9OSVEakmAYHRYKZMGMpdlsE=;
        b=YTJOtdlboLe7NHWdyua3Xha6po+V4K7iL7s/tUMK0qzBMsZSWqzdbfM6UkSy31v3oi
         iqWjvWDNzPimsRrpbymbpWN7qOiLBqnxbFgmvIOQHobtBLMu1pXIPq75m2WgmaBSIxmz
         QneCiBIS//+FpQ5H7QbFR3ZrdCsM2sfI+kuEI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=yBNei5h4u7yfXoS80paK9OSVEakmAYHRYKZMGMpdlsE=;
        b=xsnzPvoInD7MLb57owGSSureO8FS94NrEENuAC8G4BPHmsG0jeSa4nrr2ut82Gxtiu
         sbyz+hh2VPUfAefOBD/Xcg2U71WgKRYyTy5t4oiVnNmXi79kFG5wQC7NbhPkfQi09Zq5
         XD3rY3E8wDmBSSaQXu68197n+s1E23bsdjgxG5C0LlNfhVTYD5jJ4ReIRg9qZmJnc1P6
         xZ70dmkBniioGOH2Sgl2KOM9KjxvF9SuFVphcMy/X5rvJQew95lU/LSMnbVTsWXmOGTC
         yIjwM0j4GQ/AMvwQ+Vfoee5KtNPD+lBVAXaXxxrvPqHvRWNskL2nRGFzbbDYA8B2jdfN
         PEKg==
X-Gm-Message-State: ANoB5pmECMFQBE+YwZ9dMf8HJH7stV0MXV1CsTazdrVYXYG82clbMXD4
        6oarYyoOa9gZgyWOw3AGtdqq7rfwmFgcLA==
X-Received: by 2002:aa7:9839:0:b0:56b:d363:a31b with SMTP id q25-20020aa79839000000b0056bd363a31bmr598232pfl.78.1668137926642;
        Thu, 10 Nov 2022 19:38:46 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id t7-20020a635347000000b0046fe244ed6esm379447pgl.23.2022.11.10.19.38.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 10 Nov 2022 19:38:45 -0800 (PST)
Date:   Thu, 10 Nov 2022 19:38:44 -0800
From:   Kees Cook <keescook@chromium.org>
To:     Pedro Falcato <pedro.falcato@gmail.com>
Cc:     linux-kernel@vger.kernel.org, linux-mm@kvack.org, dalias@libc.org,
        ebiederm@xmission.com, sam@gentoo.org, viro@zeniv.linux.org.uk
Subject: Re: [PATCH v3] fs/binfmt_elf: Fix memsz > filesz handling
Message-ID: <202211101934.22CACD615@keescook>
References: <20221108110715.227062-1-pedro.falcato@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20221108110715.227062-1-pedro.falcato@gmail.com>
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Nov 08, 2022 at 11:07:15AM +0000, Pedro Falcato wrote:
> [...]
> +		 * This tail logic is skippable if we're the last phdr, as
> +		 * nothing can map an address >= our p_vaddr, since ELF phdr
> +		 * PT_LOAD segments are required to be sorted in an increasing
> +		 * order.

I'm still looking through the patch, but I do want to call this bit out
as a problem. The kernel cannot, unfortunately, make this assumption. See:
https://lore.kernel.org/linux-fsdevel/YfOooXQ2ScpZLhmD@fractal.localdomain/

"It turns out that almost all native Linux games published by the Virtual
Programming company have this kind of weird PT_LOAD ordering including
the famous Bioshock Infinite ... Someone should probably ask Virtual
Programming, what kind of tooling they use to create such convoluted
ELF binaries."

So, even though it's in violation of the spec, these binaries exist in
the real world, and we cannot break them. :(

-- 
Kees Cook