From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 418E1C47DD9 for ; Fri, 22 Mar 2024 03:24:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B509A6B007B; Thu, 21 Mar 2024 23:24:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B01AB6B0082; Thu, 21 Mar 2024 23:24:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9F03D6B0092; Thu, 21 Mar 2024 23:24:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 8F3726B007B for ; Thu, 21 Mar 2024 23:24:31 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5EDDC1A06AC for ; Fri, 22 Mar 2024 03:24:31 +0000 (UTC) X-FDA: 81923232342.24.04703DF Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by imf08.hostedemail.com (Postfix) with ESMTP id A714A160002 for ; Fri, 22 Mar 2024 03:24:29 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=TjGV0UEL; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf08.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.180 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1711077869; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UcsMqmY7811GML8PC3DqwKOCOYs9+H/dHHUmPBVs1BQ=; b=SyH6ZRzr+Vwv8wLKbqN5IGctdSjpsdJHm6Q47/QqrsoKS8ASM7A7GZyQCZtge3evwc+G96 r893z/3jY1NFIa1TA2oiVzcFEqnE2Avp0RPbqiSgFftkzR/Zv7ujxDJXCTjxM523pkbRI8 lnVLgE0IYqQxDUw6xGGbvXgDDhJx5BE= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=TjGV0UEL; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf08.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.180 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1711077869; a=rsa-sha256; cv=none; b=I6LBsQom9ikEq1QUMkEjmlIhntUyyZQtHIQl4pWw3vun9gokuX674AFWKDnUYFVhD0ge6X UpAgqhp91aBu99M6tf96AikGfc9MKRRtq5rRHk3yD7PRvyTEexC9n+8jLSAiOMnaUuCuVm GprLAUq7mK07zzx5jwB499xvzNtSTu4= Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-6e8f765146fso1332056b3a.0 for ; Thu, 21 Mar 2024 20:24:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1711077868; x=1711682668; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UcsMqmY7811GML8PC3DqwKOCOYs9+H/dHHUmPBVs1BQ=; b=TjGV0UELYlfK9osf5TPCny/OoVgckbRdklNIM5370AA8F5w6lZ61ru8oJCFYrL8Dex Y22+H4qO41vOCENl75TTKS/ueUKOyIk7dBPLWXHJSFqx41SGFBUnsCz1t/u+mAN8Lc6c tRfJmwECFb+dl/Ddy6Hh6R5Vb1JjYDTAer+TA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711077868; x=1711682668; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UcsMqmY7811GML8PC3DqwKOCOYs9+H/dHHUmPBVs1BQ=; b=RfVMqssh3Llpy+E3cpwKXU27SP1ZTIx1L4W/BKjssyXzrvEwKWoV2En8d9MEgzwjfx 9KEuEC1eukxfFKkdZpugm0OkGJ1ZQKo4zHz1YmMMB+Wiwv6u2LeRLODUCJr4AV6tIPvt CXkntpT0q0qPlqGiC/0p2eRghJa/BK4JI0Node5Sw7OyPAYD0y/Mh8yndPOJgQedrc8V mg0bXQzhcs5M6EeDP7CroKObsl6DtPmBJHq6cOUC9It+Ae2+6nms1e2/kwS8Qx86p9Fj fvnLQra8J5RW4uo4VCu2jTy2zko/E9sY+ggHQyt8COafN0dfHbemNsd4qaD4dxMRbNx6 PBow== X-Forwarded-Encrypted: i=1; AJvYcCXa2cYf79Ytjgp12WTblAPRdvwmSmhYp4heXdDFdkbfmWBZgedURLZc2i81DOpsrKK3PQtQPnEFjaoWGjD8qH9zQI8= X-Gm-Message-State: AOJu0YxehZAF+MruDv19XupqQFSpX/J6zSBMGtd5zRP2XOmYossB290C 6Cq2boU5e/J39Y5ntxHfjrUgNocQzAnby4C9acIEVQalG1mFTktzC50yqa1DyvFxl6zd+o8q5Ts = X-Google-Smtp-Source: AGHT+IFMNGILCIbGOORMV5AHfyreOQC+oqrzNbTvmrzQsA8QnVKKZXTt1rS+A5kiGLdhP2gdpVAEXw== X-Received: by 2002:a05:6a21:31c8:b0:1a3:7327:2323 with SMTP id zb8-20020a056a2131c800b001a373272323mr1123844pzb.45.1711077544553; Thu, 21 Mar 2024 20:19:04 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id n10-20020a170902d0ca00b001dc944299acsm657327pln.217.2024.03.21.20.19.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Mar 2024 20:19:03 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org, Max Filippov Cc: Kees Cook , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Eric Biederman , Alexander Viro , Christian Brauner , Jan Kara , Rich Felker , stable@vger.kernel.org Subject: Re: [PATCH] exec: fix linux_binprm::exec in transfer_args_to_stack() Date: Thu, 21 Mar 2024 20:18:48 -0700 Message-Id: <171107752638.466752.7224681033755371253.b4-ty@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240320182607.1472887-1-jcmvbkbc@gmail.com> References: <20240320182607.1472887-1-jcmvbkbc@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A714A160002 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: w4xusnckcwhw9tmw1b73drt5o6unbt9m X-HE-Tag: 1711077869-992805 X-HE-Meta: U2FsdGVkX18+TJxh30jhEBxpJ+uqhj66VRR4nhwpKZmtjIER6C/G3DAdXtFd3j/JeIi+hdg+9pes8lvI6VC5E3HWJq9gb9Ihn4r11+f2SW9ms1TlTcHGSeebuSoCbOon9MaIJ7NwKbBJHpEIhzKGdCcOncktZ/H96a+kj1vsaJtrZ8rwikyDJ+PJ6tjq7A9E+KAMzEnEKsLVg35msYGLHYv8wK7RBoyfP5Nq0zhQ6Dih/p2vidy+jvBBFaswmUO5Uo+i2h0Ek5iVjO1kydkGmKhbHma8oBkTiDQy+Is+ZDefwHtjjst1Y2K6lTHQenp4l0DsL6XPAOjsxlgzxbNr98mgG1/cD74In1eY0i1h5FAK3lZKDjlUWqfzFbiMHibJCTiYNBtKtbaSJ+eHL5VyGX7/ZYxx5BjAfEIZQdqhMcSfx0uZEXW43Q17t0XIwH/h2KWEWy4FT5sjPRL1d51Hl10r0605oXhi8QVcckEN7nLEZkqyRodddCW4KCiXWsbniN4sT0bx7QI6mkPDCDxMuY/Dqhiz1X50ivvM1DKHGWIcEfnfDHrpLKIQZrS+ZMlQrqtGBkbFO21qotyh+Z/6RBGPUnXb9UyWEpJGuk7/QwZchMpgu+sCZUseq1wNw1HxEgLm/R3VOwGJp22nYHieyRI6YSQPXfpgXi4Idu8C8rlzStIRPa4TA8fGdnjMiWQTs03KCiesFdhuMnXzuBksgaweDuv5Z7kX5lYR4zkBziVEEe4bG71reFExfAdGymSgReZ1EKRjZKbkt2U/cnsxrL7GHvyNwjQmQF1PEdT7Z2S4ONcwYYrjGI53/nrKcf1IO4zJ672u85AOxAziCUuO4Xz8CqlyiV1D8mX8uVShQF32MVYZfNJhDw83WkPTEuuVoENZsUccLossLjViTb0krUx9eslvSySR8zhMkqkGYmhcGc1AUugPKBSQD+e3siPZfElyadId97n6x4wlTzq eXJHGJ7U pEHk631WG2VwKXdC51c2aF5sW1GhZkYvSkNDsSEY7XPdS4hJuKsH9eBGNWOXThubGg6SVeCNLwM4KkPkXDj1J+BzVUNzdwV2FIxECowLwiu7IPJuQnhFbVg7FcmhtdCbXEgmv X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 20 Mar 2024 11:26:07 -0700, Max Filippov wrote: > In NUMMU kernel the value of linux_binprm::p is the offset inside the > temporary program arguments array maintained in separate pages in the > linux_binprm::page. linux_binprm::exec being a copy of linux_binprm::p > thus must be adjusted when that array is copied to the user stack. > Without that adjustment the value passed by the NOMMU kernel to the ELF > program in the AT_EXECFN entry of the aux array doesn't make any sense > and it may break programs that try to access memory pointed to by that > entry. > > [...] Applied to for-next/execve, thanks! [1/1] exec: fix linux_binprm::exec in transfer_args_to_stack() https://git.kernel.org/kees/c/2aea94ac14d1 Take care, -- Kees Cook