Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp5051712rdb; Sat, 16 Sep 2023 00:25:36 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGYd+sy1x1hOfJP6fK1pF8DFt6BTyIAaHQDe5vgERyo0Jp0NmZOg9j6QU93WG/lrggqQVWI X-Received: by 2002:a05:6a21:2725:b0:159:f39a:54df with SMTP id rm37-20020a056a21272500b00159f39a54dfmr3101226pzb.47.1694849135751; Sat, 16 Sep 2023 00:25:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694849135; cv=none; d=google.com; s=arc-20160816; b=jUJxxQQe/1WgMOWOnHkWqgbZ54x/W3XznbG6LT+vsjYgmfcQ0b9hlVEbcmQCsR7ddR i5lSWO8nKiT4BL1aXSM9xkyZYrEBJTA0KKvHLW1ODRayAl27SNBJ70KbOU3rA4E0SbF/ MAAg83mSnEm7BsGltBhu6WhWE40wE4djB9p6Kx2sNB2KD4gpLtdetLMmpdVApaICr2JT 9Q/P8ZYpAgBN4xwPDMG2i/dcliTS4SARasrGq3foobMXQnz7ckjT2B10YeKCe8sJhXDg Lq2Y5egoTmCo+rX9Lx3GKzxvprqDYIkUIbBWUnL0n5HMWKaKcdIKEnvFA6FxBqB/yMTm h5Gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=FW9H8bI2FfYEr6xLbYMxYe/FGxKReRHQFVdj7VLT7eU=; fh=rZDnm6uY8DcfqN3yC784X7hf94aiE3VZ4RjNuXgq+zo=; b=OrEEUtkVH9n7vrlcgrjL4Of7qQvHqehvLq9z8AsTFOU2Eb1pgFhykEFa+Rd6WaD1a0 v6rWrTHEQbexmqMcGotBmzyZ1FI7xIOyRpbO7yLTYR+JpLK+ya5/ikbXHQB9jO7pHe/h +eja5b2I0cd0qUWfo48P5q3/wAuJ4FWU+Pr7GFL9PNGLQBn76IqGgcmzuQqkYhI9/N5J Ca0vi/fFK1gY7SJA1sGtDwK8vXPR/Ae5MdVc0PtMFgwLWkRl8ZkY2zw02j4bGr5onoW6 g76LksFN4trMli5DHmFampbBNHyfaoEv2CGZBETZqHa1oQUvjjv1zujjZrUHo6kUKdxe 2IcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GNsNSlAt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id c22-20020a056a00249600b0068fc49cc456si4655895pfv.248.2023.09.16.00.25.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 Sep 2023 00:25:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GNsNSlAt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 318568095676; Fri, 15 Sep 2023 15:16:28 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235323AbjIOWPo (ORCPT + 99 others); Fri, 15 Sep 2023 18:15:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237315AbjIOWPW (ORCPT ); Fri, 15 Sep 2023 18:15:22 -0400 Received: from mail-ua1-x92b.google.com (mail-ua1-x92b.google.com [IPv6:2607:f8b0:4864:20::92b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C85A383; Fri, 15 Sep 2023 15:15:17 -0700 (PDT) Received: by mail-ua1-x92b.google.com with SMTP id a1e0cc1a2514c-7a754db0fbcso930929241.2; Fri, 15 Sep 2023 15:15:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1694816117; x=1695420917; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=FW9H8bI2FfYEr6xLbYMxYe/FGxKReRHQFVdj7VLT7eU=; b=GNsNSlAtpYNaxDFZ4gBHAHbLvQUMYJBx1h1RcbD6ekTVc1EMYsxYe3rdJnasYb2dDu 7txaNIIfUqWB2Vi1fGNNrbVn+32unsWUpBkuPWcu0DtkYyyb9yQPqNgcxT0cEVirYXeD ra5r/M8fa+4Q2dJmztwO19r/1AhMyOCPl8XBRMskWUQKLCKegZB86FjSzHdkN8DKQXmX S5a/0B0qUu9s+1KWmbLgvLt4D3uI+0+I5M6eoOcF53TklVjH49yO9DP+nNmDO0jzqLgs Pv5XAWbC0saqoIil21XpY8yvAZaCWZ5MoxJOGy/Dhnze9klsGVztGicFiBNl7leOWOqg opDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694816117; x=1695420917; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FW9H8bI2FfYEr6xLbYMxYe/FGxKReRHQFVdj7VLT7eU=; b=ucc2Enin4oXB9AnwMUMy64N0VzMwSPux/s1u3eRhzgauYVnFcpxreZ53PfnhDP6CQF afqpMp0NI0fZTlSyIIPDBbtwvD7vlhjUResE7SaT4phWL0kueHpVxvcPQZjxXmi2uynx owswJBVQz7Xzy5cioYylQ0ri/moQ7LjJCo5yzAleLq1wKuAqnuJBY/ZtDHdh3XA1jyku 3lAFvzy3sTpxHooWuwt8YRIYzAaDFuc4K5SIoo2mhknUjuRbPkx9LAyFvIAOxrS4fbJX 91Sf0KOQE5txWP6QcUEK1c72XCDacWDKzgNYhIm1LT4/6S59AopsIIt62ikjYw2o4ecY 1X8Q== X-Gm-Message-State: AOJu0YwnaAZaQNEXoFD7/oKxZD87L2+qA8RQ57bZyMR6o96lG6S1ob0S odWe+QWvUrwkBO/CuXqjZVNqpZF1wj2QvmBDuzcmjOiEvmw= X-Received: by 2002:a67:e30e:0:b0:44d:5298:5bfa with SMTP id j14-20020a67e30e000000b0044d52985bfamr3495256vsf.2.1694816116783; Fri, 15 Sep 2023 15:15:16 -0700 (PDT) MIME-Version: 1.0 References: <20230914-bss-alloc-v1-1-78de67d2c6dd@weissschuh.net> In-Reply-To: <20230914-bss-alloc-v1-1-78de67d2c6dd@weissschuh.net> From: Pedro Falcato Date: Fri, 15 Sep 2023 23:15:05 +0100 Message-ID: Subject: Re: [PATCH RFC] binfmt_elf: fully allocate bss pages To: =?UTF-8?Q?Thomas_Wei=C3=9Fschuh?= Cc: Alexander Viro , Christian Brauner , Eric Biederman , Kees Cook , Mark Brown , Willy Tarreau , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Sebastian Ott , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 15 Sep 2023 15:16:28 -0700 (PDT) On Fri, Sep 15, 2023 at 4:54=E2=80=AFAM Thomas Wei=C3=9Fschuh wrote: > > When allocating the pages for bss the start address needs to be rounded > down instead of up. > Otherwise the start of the bss segment may be unmapped. > > The was reported to happen on Aarch64: > > Memory allocated by set_brk(): > Before: start=3D0x420000 end=3D0x420000 > After: start=3D0x41f000 end=3D0x420000 > > The triggering binary looks like this: > > Elf file type is EXEC (Executable file) > Entry point 0x400144 > There are 4 program headers, starting at offset 64 > > Program Headers: > Type Offset VirtAddr PhysAddr > FileSiz MemSiz Flags Align > LOAD 0x0000000000000000 0x0000000000400000 0x000000000040= 0000 > 0x0000000000000178 0x0000000000000178 R E 0x1000= 0 > LOAD 0x000000000000ffe8 0x000000000041ffe8 0x000000000041= ffe8 > 0x0000000000000000 0x0000000000000008 RW 0x1000= 0 > NOTE 0x0000000000000120 0x0000000000400120 0x000000000040= 0120 > 0x0000000000000024 0x0000000000000024 R 0x4 > GNU_STACK 0x0000000000000000 0x0000000000000000 0x000000000000= 0000 > 0x0000000000000000 0x0000000000000000 RW 0x10 > > Section to Segment mapping: > Segment Sections... > 00 .note.gnu.build-id .text .eh_frame > 01 .bss > 02 .note.gnu.build-id > 03 > > Reported-by: Sebastian Ott > Closes: https://lore.kernel.org/lkml/5d49767a-fbdc-fbe7-5fb2-d99ece3168cb= @redhat.com/ > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Cc: stable@vger.kernel.org > Signed-off-by: Thomas Wei=C3=9Fschuh > --- > > I'm not really familiar with the ELF loading process, so putting this > out as RFC. > > A example binary compiled with aarch64-linux-gnu-gcc 13.2.0 is available > at https://test.t-8ch.de/binfmt-bss-repro.bin > --- > fs/binfmt_elf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index 7b3d2d491407..4008a57d388b 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -112,7 +112,7 @@ static struct linux_binfmt elf_format =3D { > > static int set_brk(unsigned long start, unsigned long end, int prot) > { > - start =3D ELF_PAGEALIGN(start); > + start =3D ELF_PAGESTART(start); > end =3D ELF_PAGEALIGN(end); > if (end > start) { > /* I don't see how this change can be correct. set_brk takes the start of .bss as the start, so doing ELF_PAGESTART(start) will give you what may very well be another ELF segment. In the common case, you'd map an anonymous page on top of someone's .data, which will misload the ELF. The current logic looks OK to me (gosh this code would ideally take a good refactoring...). I still can't quite tell how padzero() (in the original report) is -EFAULTing though. --=20 Pedro