Received: by 2002:a05:7412:ba23:b0:fa:4c10:6cad with SMTP id jp35csp406907rdb;
        Thu, 18 Jan 2024 07:08:32 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEQBwkUApsInfvH3eh96Qx0BpNN5up1/BxlAI02pcPLnFXHr7axSF8d6SIM6Mq1qkPOS11q
X-Received: by 2002:a17:90a:b886:b0:28b:95f0:b6fa with SMTP id o6-20020a17090ab88600b0028b95f0b6famr884781pjr.28.1705590512205;
        Thu, 18 Jan 2024 07:08:32 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705590512; cv=pass;
        d=google.com; s=arc-20160816;
        b=oXBsvtFgsc9QqN819lEFzf32zak8uiegwGoN44vZpQk4UVHD+/x+w1/sxWqVx5G7CO
         CQ8SbEVEjvjg27+W97qbsNrwO5Tm0l1ge4hV9ov4gdrECFl+DFzZtiUpJzLp8JK5W1A1
         +wwDesgFv+Fq+7INuMN52RGQHs6wrBq/pejhRt01f/SQCE44mOjigvFIGnOLkew0uLv/
         9Hv8XfhNTeph/Hb5sOjT4Ltc8FpUmsCd21BUS1BcObJJNfKSCZMV9nCsunx7qOIXvosW
         sG8wLLm9Z7Re2a8KuBd8QOi/urJmKVls59ojn6YLRWUH+tjop5ASHRit2i/SOpcWbPxi
         dgFA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=VgRCRgtT2LBOn4OGPEhJQpmUEWiVNpEx0m8L9kHq3Kg=;
        fh=YuDv7xonefYenm81kJVdB5DDvJV3Su9EZnnI9uB4JOI=;
        b=b0kO9R2eTUjFgq82KU51iy3QmEKXJtKRvtSdnX5X3qZvjCU6SUsKsqgp/DqlElxxb4
         K/XgX1kVULXWCjQ3MJZjAPi8ZdxmZhDkT/2vbKOZQlegsVTPt7lffuLUVmy0fbm8DbDv
         0q0fKAIWe4K+2NCApPgxb3RGduBZz0KCB7wSKb0L3KqOz/yPNjURG/5OfOr1Z6QPoM5b
         rS97RWMlOHz4chL7yKkjjIV6Nypb73ivbrn2RdK+MbtCtozLczRs1Rbxo2g7a7xlRj6Q
         zRHpkUWQKbDtpUo7t1GrvLdBf4v49a9Q0po+pmYH/G5Jy198491Menr/JkcXgBpfbgiY
         oTHg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=huube5Du;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-30237-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30237-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel+bounces-30237-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id ng13-20020a17090b1a8d00b00290121a9f3csi1657370pjb.187.2024.01.18.07.08.31
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 18 Jan 2024 07:08:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-30237-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=huube5Du;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-30237-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30237-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3580328570C
	for <linux.lists.archive@gmail.com>; Thu, 18 Jan 2024 15:07:17 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 2DF0D219ED;
	Thu, 18 Jan 2024 15:07:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="huube5Du"
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 316FB1E87A;
	Thu, 18 Jan 2024 15:07:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.178
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1705590422; cv=none; b=C28SFRs3rNnAp3b8eetU+W+ZxX5W+kpYe/IFa4tEYLNZoyLCRhyQV9fxOWy3HnN5NQqXhohmrC0JEHe67cjnXUPoNNXeiDwxI0ZZZepuHV9884LT0jksFiiYl1g82gHDCKDw5plSFHMuKo4Gfrqh5S4SQKhzuMYZjn4Frh+UNNE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1705590422; c=relaxed/simple;
	bh=/1CpZCOJH//FOtYoUXssXpmkISq3bC/FQ6oSEpU5tJA=;
	h=Received:DKIM-Signature:X-Google-DKIM-Signature:
	 X-Gm-Message-State:X-Google-Smtp-Source:X-Received:Received:From:
	 To:Cc:Subject:Date:Message-Id:X-Mailer:MIME-Version:
	 Content-Transfer-Encoding; b=tWtYbQ3TG9CUPwC5lL/gAsCl2SAZJq9W2WXRw0zb3duwvSUN5tPlVTa86TTjcIejdYnP8vcXY4SxZ2RD/SDf323djLUfGao1cqkORz9xWpEI9gTOFifLZbRcDRbZ6sQGn9ThNXDyV/pI/PEw2lsQyKEyHt3R3qB53+YuyVjvees=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=huube5Du; arc=none smtp.client-ip=209.85.210.178
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-6dbb26ec1deso277206b3a.0;
        Thu, 18 Jan 2024 07:07:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1705590420; x=1706195220; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=VgRCRgtT2LBOn4OGPEhJQpmUEWiVNpEx0m8L9kHq3Kg=;
        b=huube5DubkCrejJyhPcYKG7L5fa2dMtbaImGe9LtZhuHiejP8JwgxnoSmxR4fyRnG2
         wW/9FYj3JI4j/gD4v0jE3WMoZyL6XX34i9CEJFvem3jo0WVyPTCUDMuJnE992Cbh66KF
         ULMlua1PUrY+2ILu0F6eACnA3cMZS3Y6jOJF86F8Tzm30EtYVyDLjotjWCmzEbv3ZAzR
         rnjIdCdg5eiYyjJPIVPODKFpa8eCCUtSiAvrDGgFUhRlU0EaIzpxLd9AGUPNx35iJIop
         W4as8MGuAbrh7vS1Vv5PifhcMxO2rluOWyYbP02+DTFxln+bAj8sGB6MLLElpT851pRy
         KZPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1705590420; x=1706195220;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VgRCRgtT2LBOn4OGPEhJQpmUEWiVNpEx0m8L9kHq3Kg=;
        b=dtv6OtdzHH00UbDp/alrjpw2bd2qCDyuy2aNromAya+63SlM3sBsnM8dPLBZpe3SBb
         m2vZzJUgQ1EVFgsdR9kxyqrXEmuLMISvsxum0FRoEOfhpiet0SsnjXNvI9Viu6lUhGhN
         ocM9OPAwZMjpKiG8K3wtYPw1ogXlKjUO/+LkQgzGfQBf56AxYam09LM38or3AUtwHyRS
         rL1tNSvRQk27dbKSImdhLkqPbtEgO4PmO70SU39ooSg8T1rZsFgOGXelMF2QndCmJJky
         FYyX9WVVeaEuBen7ryyGmpI9Q+I1DibS8IHiY86fhp7psfW8EP7e+nj8qFQdfD9inRay
         T73A==
X-Gm-Message-State: AOJu0YxDe6KTjusf9sCkGL+uh8mGja/7QustfmOBeCGu+9+J9ggO8jOb
	7OMGpPILisK7QQ24Msr6Wm5kg6VKDgx2mvLRYROYMVAsoKqB5GtIE3SvOkT5
X-Received: by 2002:a05:6a00:240a:b0:6db:829c:12bf with SMTP id z10-20020a056a00240a00b006db829c12bfmr1328321pfh.28.1705590420346;
        Thu, 18 Jan 2024 07:07:00 -0800 (PST)
Received: from octofox.hsd1.ca.comcast.net (c-73-63-239-93.hsd1.ca.comcast.net. [73.63.239.93])
        by smtp.gmail.com with ESMTPSA id p10-20020a63f44a000000b005c19c586cb7sm1668892pgk.33.2024.01.18.07.06.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 18 Jan 2024 07:07:00 -0800 (PST)
From: Max Filippov <jcmvbkbc@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: Chris Zankel <chris@zankel.net>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Christian Brauner <brauner@kernel.org>,
	Eric Biederman <ebiederm@xmission.com>,
	Kees Cook <keescook@chromium.org>,
	linux-fsdevel@vger.kernel.org,
	linux-mm@kvack.org,
	Greg Ungerer <gerg@linux-m68k.org>,
	Geert Uytterhoeven <geert@linux-m68k.org>,
	Max Filippov <jcmvbkbc@gmail.com>
Subject: [PATCH] fs: binfmt_elf_efpic: don't use missing interpreter's properties
Date: Thu, 18 Jan 2024 07:06:37 -0800
Message-Id: <20240118150637.660461-1-jcmvbkbc@gmail.com>
X-Mailer: git-send-email 2.39.2
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Static FDPIC executable may get an executable stack even when it has
non-executable GNU_STACK segment. This happens when STACK segment has rw
permissions, but does not specify stack size. In that case FDPIC loader
uses permissions of the interpreter's stack, and for static executables
with no interpreter it results in choosing the arch-default permissions
for the stack.

Fix that by using the interpreter's properties only when the interpreter
is actually used.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
 fs/binfmt_elf_fdpic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index be4e7ac3efbc..f6d72fe3998c 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -322,7 +322,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
 	else
 		executable_stack = EXSTACK_DEFAULT;
 
-	if (stack_size == 0) {
+	if (stack_size == 0 && interp_params.flags & ELF_FDPIC_FLAG_PRESENT) {
 		stack_size = interp_params.stack_size;
 		if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
 			executable_stack = EXSTACK_ENABLE_X;
-- 
2.39.2