Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp2169398lqb; Mon, 27 May 2024 09:59:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUk3Z5RnePgaoXLklXkDv6KZumQa1PogCHs7XgCjJW5DkSBBUwSTkCZTvnkUoNpq/tphCr43dGYSQktrkCrKU8x8qBDGA5cBqGEdiPtZA== X-Google-Smtp-Source: AGHT+IHreP/+RTwPpi0R0wPibAXk1n+d2bzwqSpzMYGOlTOqIOLxvGlatSGUpbELAAGukgd/DGZE X-Received: by 2002:a17:902:d507:b0:1f4:7db9:7366 with SMTP id d9443c01a7336-1f47db975d8mr72624855ad.29.1716829140378; Mon, 27 May 2024 09:59:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716829140; cv=pass; d=google.com; s=arc-20160816; b=gqslqypECW0QhBiz7vZO0Topt/8IIGGsYyFGObgZGXf4gZ0FhsDhMbySGhEKMT2oDw kn/F3PIkFbSEgq9UjJkD14zgesd1HyS901pWM1PGLbQvWreU+cn5OrCjf85GF8fidyl2 gMXUGLPF+xo05VsDBjxWN5dztN/QuOchj+h402oAMWQQM0gg7ju6YZc4VGj/6NH4et4I E2719NdlfiXXXddXoj7syjC4jzn8vdwRJchseNZSLMREA65RSf/CA7vtcEqLJOTcuBAD DjYI5EAJlCaJZ7zGmBjqjAmoInFKQhj36RtwDOi5CiGUa7iYeTdXJBK1TgQADgmkE7FZ 4egw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:references:in-reply-to :user-agent:subject:cc:to:from:date:dkim-signature; bh=aTu3yYluwH7J7n2cAvFkr1NxMCfQmB7Ka7LCHvdVLQs=; fh=+tKjIWIuTeKtmisNMrUNZW/32tZ/Wmz0ZBShLZYw7lk=; b=JKRQk1gPa3e3HnRNlJOA6Nz36qOrlj1AkPwJZdQKvEPm/8wfKPAslwudioHOol512h GjW3EI+TM1V60Z8N04wiiI9xUCdh8CNADg47GT0U7AeSyuW82uG/uqgAAbc/lX8JuQfz 85I7VY3dQpXwcSnZUdK4cI5fsmIHnQELJyDFXxLmtMU7kx/6m/5BkyUJL5vjXG1EsJYJ rCg/syHFXEDYBK6vRoW0+8CF8fhGnFJ3xn8lOy6QJga8FlwfvKr0UaUaSpQZGQ30USrm CSpVeHSUb+kPY/adH/nAyjstDEqTh/TnGEGOEqnOzpW1lPoNizwpOFCezV3BrqNS9awW qtvQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fAZ5gP7L; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-191248-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-191248-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f44c78c099si63292485ad.111.2024.05.27.09.58.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 May 2024 09:59:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-191248-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fAZ5gP7L; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-191248-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-191248-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 7EAA9B28C82 for ; Mon, 27 May 2024 16:32:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 242E373445; Mon, 27 May 2024 16:32:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fAZ5gP7L" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 394C061FE5; Mon, 27 May 2024 16:32:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716827533; cv=none; b=YvVfwsffydLU2zhVzdTd8cUPOrSA9vZ8gXQIEvjGttKUw7GanHcHjuHw6ZcU19vL3SG7bg+MiNl5/Rb+jiE+WUlpohI7ISGkXkHKBwjNG4jaF4170L7l6NoNdbPCLYDe0yiLEuWc6xbmFAYe3ZA/NbwtGVR0ijKIWu/tDqajoJA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716827533; c=relaxed/simple; bh=DNt0Dh22pTekgmdMN3R8pCvCQ6794P7yP++KToqrJ6c=; h=Date:From:To:CC:Subject:In-Reply-To:References:Message-ID: MIME-Version:Content-Type; b=i+v5MsiRKI9dYR7aK5l2dMwEDvDzhpDYd5plShxWslHQpa8DEe3kOkDPjlRQwZ5/hxPJ2rJEzr3I5gge1Y67qasGRL3mLmEI/76XxNyEEFJu7GjLsqvQ64rxbPrLfHahVQD5Uki2FN7bQT4fd34xa7Qf0+CX78N4uEZOhAxX/s0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fAZ5gP7L; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D35A0C2BBFC; Mon, 27 May 2024 16:32:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716827532; bh=DNt0Dh22pTekgmdMN3R8pCvCQ6794P7yP++KToqrJ6c=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=fAZ5gP7L/bpEQiNYnCKxA1zrJPwpwbz+r2vt/Uuid0n//IqCLA+IkAacwVu/pH+EL 54TvL7f1Hm+t93mVqp7u59XUA6NFVbeekNtOjh2ZhuepAVtTZFhChJ3GwD1ogeZzHF B90lfC/mSPDnw4hJdy206TP4rl0+i2oLIMq85/G1KxhxzLyRpi5KCIUNhwFvpKOYuG fhVxnO5HXwncThmL/AdIfiPqRc/gJYlQ7M8Vn7edHKuJsTTeiia2JmBFa/67PpyTWD mhVzTBGkNimvk39hKaNZjO2XKROrgOzhIwT+3f10abKo2laedmIlDAwHcMCtD2ml5E KtIdN/f0XfX8g== Date: Mon, 27 May 2024 09:32:13 -0700 From: Kees Cook To: Sasha Levin , linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: Kees Cook , y0un9n132@gmail.com, viro@zeniv.linux.org.uk, brauner@kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: =?US-ASCII?Q?Re=3A_=5BPATCH_AUTOSEL_6=2E9_12/15=5D_binfmt=5F?= =?US-ASCII?Q?elf=3A_Leave_a_gap_between_=2Ebss_and_brk?= User-Agent: K-9 Mail for Android In-Reply-To: <20240526094152.3412316-12-sashal@kernel.org> References: <20240526094152.3412316-1-sashal@kernel.org> <20240526094152.3412316-12-sashal@kernel.org> Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Please don't backport this change=2E While it has been tested, it's a proc= ess memory layout change, and I'd like to be as conservative as possible ab= out it=2E If there is fall-out, I'd prefer to keep it limited to 6=2E10+=2E= :) -Kees On May 26, 2024 2:41:44 AM PDT, Sasha Levin wrote: >From: Kees Cook > >[ Upstream commit 2a5eb9995528441447d33838727f6ec1caf08139 ] > >Currently the brk starts its randomization immediately after =2Ebss, >which means there is a chance that when the random offset is 0, linear >overflows from =2Ebss can reach into the brk area=2E Leave at least a sin= gle >page gap between =2Ebss and brk (when it has not already been explicitly >relocated into the mmap range)=2E > >Reported-by: >Closes: https://lore=2Ekernel=2Eorg/linux-hardening/CA+2EKTVLvc8hDZc+2Yhw= mus=3DdzOUG5E4gV7ayCbu0MPJTZzWkw@mail=2Egmail=2Ecom/ >Link: https://lore=2Ekernel=2Eorg/r/20240217062545=2E1631668-2-keescook@c= hromium=2Eorg >Signed-off-by: Kees Cook >Signed-off-by: Sasha Levin >--- > fs/binfmt_elf=2Ec | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/fs/binfmt_elf=2Ec b/fs/binfmt_elf=2Ec >index 5397b552fbeb5=2E=2E7862962f7a859 100644 >--- a/fs/binfmt_elf=2Ec >+++ b/fs/binfmt_elf=2Ec >@@ -1262,6 +1262,9 @@ static int load_elf_binary(struct linux_binprm *bpr= m) > if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && > elf_ex->e_type =3D=3D ET_DYN && !interpreter) { > mm->brk =3D mm->start_brk =3D ELF_ET_DYN_BASE; >+ } else { >+ /* Otherwise leave a gap between =2Ebss and brk=2E */ >+ mm->brk =3D mm->start_brk =3D mm->brk + PAGE_SIZE; > } >=20 > mm->brk =3D mm->start_brk =3D arch_randomize_brk(mm); --=20 Kees Cook