Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp4024627rdh; Fri, 29 Sep 2023 09:02:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFIuvnSpAFSyfnBueAPlP/uukvWYu40tcLzs6In20JEmU1+D1LqPD8SqNppo5TQdSg3Cpe+ X-Received: by 2002:a05:6a20:3945:b0:14e:3daf:fdb9 with SMTP id r5-20020a056a20394500b0014e3daffdb9mr5126043pzg.22.1696003328315; Fri, 29 Sep 2023 09:02:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696003328; cv=none; d=google.com; s=arc-20160816; b=fDRzDSyDvg52GaT1ocpNsFIOTK2VUydIcPqEXHro8WBrJ0dCMMwz6dp3oIAwy+9Xjd egEexDcbjcopSFdqNWfAKaeMpphc/J1eMe/oKhrxzswf3hSvzbMKL/7q2yWIvdEI6KCS DBjabindFL3H2EH3ANMaRMU5m3G7j1uNiJJQrjfOb4pA8hlm9mdeXA++aVESQ9QHtCsE Reyg4QYlKAXHAA2+jj546wTrXx78ISoEHNdN2W9tVmau1pt/68XepVsz4YDi0q+O/A0t GR/W2LSZCa17XGhlf/iD/aSUYYEDlDQSKV0JvI3fQRewX6zBRWB24510yOuY4kwZY9AE Fx6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:mime-version:user-agent:message-id :in-reply-to:date:references:cc:to:from; bh=KCkk9/Tkre9reAWRUwuyygjxGzBxccOA9t1lM2eUd3c=; fh=6WlWBzfcRQExmJ4uWgVRyuClkA8/XDLWmAdefLqlfn0=; b=WZ4/GodFavaW2pZaz2Kzz44Br3ySxsrrMrm9Mz74hDAubWsY3pGd1tW8TLpxfAEx3U NxQxDwTreBFdyPRZJTmIwPRLVio/BG7OrLC+9LUM5InRcf31nN73bL2FHr0hnr6JjIc0 SQgB3bVhoqctEgKZ2KV39cGJB7lqK2NGXsrfQaQQiR9Pl/oRWshox6HNnEyGjLRNXTOQ 0fjXM9Olu50ZWOV4JgwTh0UOnapAnKHqMH2gENITjIsl0jHuIOhTGreFbArgQr7BYDBa Wpif1gu4fo3hNh7QtaKBWBivzeZn1KMIdKmPjgcvhNsVnw4Jqdah8PUWtyYonr0htDk7 WXZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id e62-20020a636941000000b0056533c00e83si20760715pgc.413.2023.09.29.09.02.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 09:02:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id DFE4B807DE34; Fri, 29 Sep 2023 08:46:02 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233548AbjI2Ppt (ORCPT + 99 others); Fri, 29 Sep 2023 11:45:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233257AbjI2Ppr (ORCPT ); Fri, 29 Sep 2023 11:45:47 -0400 Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70BFDB4; Fri, 29 Sep 2023 08:45:45 -0700 (PDT) Received: from in02.mta.xmission.com ([166.70.13.52]:44246) by out03.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1qmFgW-00G0cZ-8R; Fri, 29 Sep 2023 09:45:44 -0600 Received: from ip68-227-168-167.om.om.cox.net ([68.227.168.167]:41658 helo=email.froward.int.ebiederm.org.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1qmFgU-00H7NY-Vb; Fri, 29 Sep 2023 09:45:43 -0600 From: "Eric W. Biederman" To: Sebastian Ott Cc: Kees Cook , Thomas =?utf-8?Q?Wei=C3=9Fschuh?= , Pedro Falcato , Al Viro , Christian Brauner , Andrew Morton , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org References: <20230929031716.it.155-kees@kernel.org> <7ddc633e-c724-ad8d-e7ca-62d6b012b9e9@redhat.com> Date: Fri, 29 Sep 2023 10:45:35 -0500 In-Reply-To: <7ddc633e-c724-ad8d-e7ca-62d6b012b9e9@redhat.com> (Sebastian Ott's message of "Fri, 29 Sep 2023 13:33:50 +0200 (CEST)") Message-ID: <874jjd6l0g.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1qmFgU-00H7NY-Vb;;;mid=<874jjd6l0g.fsf@email.froward.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.168.167;;;frm=ebiederm@xmission.com;;;spf=pass X-XM-AID: U2FsdGVkX19qOgVaSfVR9pj3QS9bIi6xEj+LTb3sHKw= X-SA-Exim-Connect-IP: 68.227.168.167 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: *;Sebastian Ott X-Spam-Relay-Country: X-Spam-Timing: total 654 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 10 (1.6%), b_tie_ro: 9 (1.4%), parse: 0.98 (0.1%), extract_message_metadata: 15 (2.3%), get_uri_detail_list: 1.62 (0.2%), tests_pri_-2000: 8 (1.2%), tests_pri_-1000: 2.6 (0.4%), tests_pri_-950: 1.18 (0.2%), tests_pri_-900: 0.98 (0.1%), tests_pri_-200: 0.79 (0.1%), tests_pri_-100: 6 (0.9%), tests_pri_-90: 306 (46.8%), check_bayes: 286 (43.8%), b_tokenize: 7 (1.1%), b_tok_get_all: 18 (2.8%), b_comp_prob: 2.5 (0.4%), b_tok_touch_all: 254 (38.9%), b_finish: 1.18 (0.2%), tests_pri_0: 284 (43.4%), check_dkim_signature: 0.61 (0.1%), check_dkim_adsp: 7 (1.0%), poll_dns_idle: 0.48 (0.1%), tests_pri_10: 4.2 (0.6%), tests_pri_500: 11 (1.7%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH v4 0/6] binfmt_elf: Support segments with 0 filesz and misaligned starts X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Fri, 29 Sep 2023 08:46:03 -0700 (PDT) Sebastian Ott writes: > Hello Kees, > > On Thu, 28 Sep 2023, Kees Cook wrote: >> This is the continuation of the work Eric started for handling >> "p_memsz > p_filesz" in arbitrary segments (rather than just the last, >> BSS, segment). I've added the suggested changes: >> >> - drop unused "elf_bss" variable >> - refactor load_elf_interp() to use elf_load() >> - refactor load_elf_library() to use elf_load() >> - report padzero() errors when PROT_WRITE is present >> - drop vm_brk() > > While I was debugging the initial issue I stumbled over the following > - care to take it as part of this series? > > ----->8 > [PATCH] mm: vm_brk_flags don't bail out while holding lock > > Calling vm_brk_flags() with flags set other than VM_EXEC > will exit the function without releasing the mmap_write_lock. > > Just do the sanity check before the lock is acquired. This > doesn't fix an actual issue since no caller sets a flag other > than VM_EXEC. That seems like a sensible patch. Have you by any chance read this code enough to understand what is gained by calling vm_brk_flags rather than vm_mmap without a file? Unless there is a real advantage it probably makes sense to replace the call of vm_brk_flags with vm_mmap(NULL, ...) as binfmt_elf_fdpic has already done. That would allow removing vm_brk_flags and sys_brk would be the last caller of do_brk_flags. Eric > Cc: Andrew Morton > Cc: linux-mm@kvack.org > Signed-off-by: Sebastian Ott > --- > mm/mmap.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/mm/mmap.c b/mm/mmap.c > index b56a7f0c9f85..7ed286662839 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -3143,13 +3143,13 @@ int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags) > if (!len) > return 0; > > - if (mmap_write_lock_killable(mm)) > - return -EINTR; > - > /* Until we need other flags, refuse anything except VM_EXEC. */ > if ((flags & (~VM_EXEC)) != 0) > return -EINVAL; > > + if (mmap_write_lock_killable(mm)) > + return -EINTR; > + > ret = check_brk_limits(addr, len); > if (ret) > goto limits_failed;