From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B04E6C2BBCA for ; Fri, 21 Jun 2024 13:21:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E1D268D016D; Fri, 21 Jun 2024 09:21:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DA5738D0138; Fri, 21 Jun 2024 09:21:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C1F998D016D; Fri, 21 Jun 2024 09:21:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 9FC9A8D0138 for ; Fri, 21 Jun 2024 09:21:21 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 20833C0E7E for ; Fri, 21 Jun 2024 13:21:21 +0000 (UTC) X-FDA: 82254957162.09.F6243B3 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by imf03.hostedemail.com (Postfix) with ESMTP id 11B2D20019 for ; Fri, 21 Jun 2024 13:21:18 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=N+Yq6iHt; spf=pass (imf03.hostedemail.com: domain of groeck7@gmail.com designates 209.85.214.175 as permitted sender) smtp.mailfrom=groeck7@gmail.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1718976071; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iiO8T80cl5LvopnS7kRWxRTjrTm7bzEsxVPTDiM1ErI=; b=gLNxSyVO7TjsLnbGTTQqZevR3ZVVA0vxt9fKMotzHSBv6LuigCb5osyZSGi8TS6LErZ7Vc zKlNwQ4bI+cYaAC+cJz1VY9EXXXgHZBBfnpT0mVRJh8kRXHMzfSLC6gjzxFeEEgyVqohg+ OAMuLPyn2bzIpIGRKZxYYsBfcVj9Kew= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=N+Yq6iHt; spf=pass (imf03.hostedemail.com: domain of groeck7@gmail.com designates 209.85.214.175 as permitted sender) smtp.mailfrom=groeck7@gmail.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718976071; a=rsa-sha256; cv=none; b=ZJSv/GvzcPXNOgfOofUuDf987IyLAs4Qgz6jdVBN3si38ehZtKwbm3PGPk6sgEfs6mp4UD xqfhhhMtMh6G9wtqqUFl0E6zegN/ieGwLuFWzLEE0xeaXtLgeK/yfdeeNym/oZ5+kvtPIo LbSvj7uAMATjEG3XrGIUYFjlokyxunU= Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1f700e4cb92so17924225ad.2 for ; Fri, 21 Jun 2024 06:21:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718976078; x=1719580878; darn=kvack.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:sender:from:to:cc:subject:date:message-id:reply-to; bh=iiO8T80cl5LvopnS7kRWxRTjrTm7bzEsxVPTDiM1ErI=; b=N+Yq6iHtbxNTs63ZgVaNrm941VGvMBSZUz+3Mpo2ik8rqMPaWAjja/lLT1VM0RBCJ5 PguQ0DxpuAZCtsqsTpq4x/mzwBCKrwR+sWnSL389i6sKpC4Paxd+vbTDpcSTyUuwTQ79 m446Wn1Vvk20wVPmFsL1tVb21gQBpq8lrzyuO0wLQQ5s0FiLGieDi6DqxMxaJu61nmuG IwqyfwKmhaIM7djNw+5eoFmreO4jzKuPNvvLMV3Tf83mKXP8xZtRB+iT2OchgoN0M1aN 9DMp9PHyqawRQGIVbW3qXM2p0SuMlS19c7lBTyArHZTlsIehz84YdWYQPo2MPhe86fSo rMWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718976078; x=1719580878; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=iiO8T80cl5LvopnS7kRWxRTjrTm7bzEsxVPTDiM1ErI=; b=MThCpd59PQbqqT4f2S5w8cCNItyXv6K2bnSrcEU4K4uFWZQklY4QN2tqWMjPN9jtw+ NXUvfy4XJi5a2FPIyx132xAR0PE6CHXIzpVAlWWF23zJ8geApk0d5Cn7/+9EsRCubNna /lGZUL/ft1bTN91m+75b6nzi3DBz6U+7WTffim66MCHRJrakCutGQtKbsF49NeRQMD7E fTzxCwoI4/UCwljz/uAeRNYWhbL8sRTvsbLG+MDDpqFPpPDPE67D4XVHBykN8ipx2iYy Bf1nwiYCZ6oP05ggoi6yPG5PqXZGKGFiUzrabzHTNGFUvaLHZw895bqurYLVcaPj+Win c6Vg== X-Forwarded-Encrypted: i=1; AJvYcCVXs6aeQpWm2G0Ji9Bcg7w/FzLRZYsbe+FBNf7H0IXPqss3ZdstRyF+Sbyg8VuNqCnR2j0uu/N1Gx+x9/rvyUoRz60= X-Gm-Message-State: AOJu0YxZSsU0d/cDIOPlyNW2sH+aal6MkNr8P09wcXWWMYQOjV2yb1yE k37WZUd1Jd/AsuwX4UZqGvWd40C0enNquVoMCqcHVBMP6z/Hm4Dx X-Google-Smtp-Source: AGHT+IFuJGwZ7SQL/qqCj2L9JCIRJLNGThpzLmX0VEB415cj9k6digjozulId90mA1mZY8q+GGpJQQ== X-Received: by 2002:a17:903:187:b0:1f9:f840:1109 with SMTP id d9443c01a7336-1f9f840135fmr10073415ad.42.1718976077710; Fri, 21 Jun 2024 06:21:17 -0700 (PDT) Received: from ?IPV6:2600:1700:e321:62f0:329c:23ff:fee3:9d7c? ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f9eb3c5ccasm13770475ad.171.2024.06.21.06.21.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 21 Jun 2024 06:21:17 -0700 (PDT) Message-ID: <1f410012-bf41-4825-9a37-7b7cc7c1df76@roeck-us.net> Date: Fri, 21 Jun 2024 06:21:15 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 2/2] exec: Avoid pathological argc, envc, and bprm->p values To: Kees Cook Cc: Eric Biederman , Justin Stitt , Alexander Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org References: <20240520021337.work.198-kees@kernel.org> <20240520021615.741800-2-keescook@chromium.org> <202406202354.3020C4FCA4@keescook> Content-Language: en-US From: Guenter Roeck Autocrypt: addr=linux@roeck-us.net; keydata= xsFNBE6H1WcBEACu6jIcw5kZ5dGeJ7E7B2uweQR/4FGxH10/H1O1+ApmcQ9i87XdZQiB9cpN RYHA7RCEK2dh6dDccykQk3bC90xXMPg+O3R+C/SkwcnUak1UZaeK/SwQbq/t0tkMzYDRxfJ7 nyFiKxUehbNF3r9qlJgPqONwX5vJy4/GvDHdddSCxV41P/ejsZ8PykxyJs98UWhF54tGRWFl 7i1xvaDB9lN5WTLRKSO7wICuLiSz5WZHXMkyF4d+/O5ll7yz/o/JxK5vO/sduYDIlFTvBZDh gzaEtNf5tQjsjG4io8E0Yq0ViobLkS2RTNZT8ICq/Jmvl0SpbHRvYwa2DhNsK0YjHFQBB0FX IdhdUEzNefcNcYvqigJpdICoP2e4yJSyflHFO4dr0OrdnGLe1Zi/8Xo/2+M1dSSEt196rXaC kwu2KgIgmkRBb3cp2vIBBIIowU8W3qC1+w+RdMUrZxKGWJ3juwcgveJlzMpMZNyM1jobSXZ0 VHGMNJ3MwXlrEFPXaYJgibcg6brM6wGfX/LBvc/haWw4yO24lT5eitm4UBdIy9pKkKmHHh7s jfZJkB5fWKVdoCv/omy6UyH6ykLOPFugl+hVL2Prf8xrXuZe1CMS7ID9Lc8FaL1ROIN/W8Vk BIsJMaWOhks//7d92Uf3EArDlDShwR2+D+AMon8NULuLBHiEUQARAQABzTJHdWVudGVyIFJv ZWNrIChMaW51eCBhY2NvdW50KSA8bGludXhAcm9lY2stdXMubmV0PsLBgQQTAQIAKwIbAwYL CQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEFAlVcphcFCRmg06EACgkQyx8mb86fmYFg0RAA nzXJzuPkLJaOmSIzPAqqnutACchT/meCOgMEpS5oLf6xn5ySZkl23OxuhpMZTVX+49c9pvBx hpvl5bCWFu5qC1jC2eWRYU+aZZE4sxMaAGeWenQJsiG9lP8wkfCJP3ockNu0ZXXAXwIbY1O1 c+l11zQkZw89zNgWgKobKzrDMBFOYtAh0pAInZ9TSn7oA4Ctejouo5wUugmk8MrDtUVXmEA9 7f9fgKYSwl/H7dfKKsS1bDOpyJlqhEAH94BHJdK/b1tzwJCFAXFhMlmlbYEk8kWjcxQgDWMu GAthQzSuAyhqyZwFcOlMCNbAcTSQawSo3B9yM9mHJne5RrAbVz4TWLnEaX8gA5xK3uCNCeyI sqYuzA4OzcMwnnTASvzsGZoYHTFP3DQwf2nzxD6yBGCfwNGIYfS0i8YN8XcBgEcDFMWpOQhT Pu3HeztMnF3HXrc0t7e5rDW9zCh3k2PA6D2NV4fews9KDFhLlTfCVzf0PS1dRVVWM+4jVl6l HRIAgWp+2/f8dx5vPc4Ycp4IsZN0l1h9uT7qm1KTwz+sSl1zOqKD/BpfGNZfLRRxrXthvvY8 BltcuZ4+PGFTcRkMytUbMDFMF9Cjd2W9dXD35PEtvj8wnEyzIos8bbgtLrGTv/SYhmPpahJA l8hPhYvmAvpOmusUUyB30StsHIU2LLccUPPOwU0ETofVZwEQALlLbQeBDTDbwQYrj0gbx3bq 7kpKABxN2MqeuqGr02DpS9883d/t7ontxasXoEz2GTioevvRmllJlPQERVxM8gQoNg22twF7 pB/zsrIjxkE9heE4wYfN1AyzT+AxgYN6f8hVQ7Nrc9XgZZe+8IkuW/Nf64KzNJXnSH4u6nJM J2+Dt274YoFcXR1nG76Q259mKwzbCukKbd6piL+VsT/qBrLhZe9Ivbjq5WMdkQKnP7gYKCAi pNVJC4enWfivZsYupMd9qn7Uv/oCZDYoBTdMSBUblaLMwlcjnPpOYK5rfHvC4opxl+P/Vzyz 6WC2TLkPtKvYvXmdsI6rnEI4Uucg0Au/Ulg7aqqKhzGPIbVaL+U0Wk82nz6hz+WP2ggTrY1w ZlPlRt8WM9w6WfLf2j+PuGklj37m+KvaOEfLsF1v464dSpy1tQVHhhp8LFTxh/6RWkRIR2uF I4v3Xu/k5D0LhaZHpQ4C+xKsQxpTGuYh2tnRaRL14YMW1dlI3HfeB2gj7Yc8XdHh9vkpPyuT nY/ZsFbnvBtiw7GchKKri2gDhRb2QNNDyBnQn5mRFw7CyuFclAksOdV/sdpQnYlYcRQWOUGY HhQ5eqTRZjm9z+qQe/T0HQpmiPTqQcIaG/edgKVTUjITfA7AJMKLQHgp04Vylb+G6jocnQQX JqvvP09whbqrABEBAAHCwWUEGAECAA8CGwwFAlVcpi8FCRmg08MACgkQyx8mb86fmYHNRQ/+ J0OZsBYP4leJvQF8lx9zif+v4ZY/6C9tTcUv/KNAE5leyrD4IKbnV4PnbrVhjq861it/zRQW cFpWQszZyWRwNPWUUz7ejmm9lAwPbr8xWT4qMSA43VKQ7ZCeTQJ4TC8kjqtcbw41SjkjrcTG wF52zFO4bOWyovVAPncvV9eGA/vtnd3xEZXQiSt91kBSqK28yjxAqK/c3G6i7IX2rg6pzgqh hiH3/1qM2M/LSuqAv0Rwrt/k+pZXE+B4Ud42hwmMr0TfhNxG+X7YKvjKC+SjPjqp0CaztQ0H nsDLSLElVROxCd9m8CAUuHplgmR3seYCOrT4jriMFBtKNPtj2EE4DNV4s7k0Zy+6iRQ8G8ng QjsSqYJx8iAR8JRB7Gm2rQOMv8lSRdjva++GT0VLXtHULdlzg8VjDnFZ3lfz5PWEOeIMk7Rj trjv82EZtrhLuLjHRCaG50OOm0hwPSk1J64R8O3HjSLdertmw7eyAYOo4RuWJguYMg5DRnBk WkRwrSuCn7UG+qVWZeKEsFKFOkynOs3pVbcbq1pxbhk3TRWCGRU5JolI4ohy/7JV1TVbjiDI HP/aVnm6NC8of26P40Pg8EdAhajZnHHjA7FrJXsy3cyIGqvg9os4rNkUWmrCfLLsZDHD8FnU mDW4+i+XlNFUPUYMrIKi9joBhu18ssf5i5Q= In-Reply-To: <202406202354.3020C4FCA4@keescook> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Stat-Signature: kiz681g1x5wgfqfqoccw9fbk7dnkai98 X-Rspam-User: X-Rspamd-Queue-Id: 11B2D20019 X-Rspamd-Server: rspam02 X-HE-Tag: 1718976078-624395 X-HE-Meta: U2FsdGVkX186iCMFbOSztvcO0zBH3bwF2aDh4gc079cp3/6wrsSFCa6xdy2T+O48f9RakVOlbInqPJk1fTlXsqu5nRB2lldmc6hyktRBeWjyRC0HMIxNaW1qgITJ+bs8LTrGcwUtpL/Vs8AK6FxhCkni1/PJQxpph80i4yaZ1Gd54bX9ROii9k9T1EwfAuuUvIVLkRv13QkK2NzebaYYL7oL0zmgRPOQrA8KW4GpOVHCBUphqIjsvFpMy/4e/V6MlYDEDkSi0trN2GlvbYdns6yNVZF4xYIqa7LN5wT3D8kNtHexzBeW92joldkBJM5ijrzKA5+mwCwHYUj3Vpnt5AExFLXL+P9+d7DJqpwL9130rRFOxbXgX2m51fiOWcAJlYeuPPg+Szlhc8bg4uBA7CCP+U3vXgXU20hCTF59Frfxi6gZ2SbDEzKRgdR+2WbHLGh4FrGsurRU7w1LpL41sjDFaP/YA2Kg3C0POYSSJAywymC9TfCJXYN1x7p3of9u7uJ5M7uAoGxE6YMUrNvpgQWgqrHIwJz9j35TMXgZoSli5WVPvuUhQPoK9XyNICG1I6eylF4aDrzYU99IibELmF/xd3n8WFe4wwZ8shreOupfovqr1g86vTvBJwxUoqFSpY0VtJzRGuRO+yKtvGBgPld17G6bdl8JvxwIBN3ljZxq309NDggUMGRSRDL6WC0v1/MvPWYzCL8N8YGasLrBr6IIZ3+i3nK5LOv3uysFVbe+6hWe5vH1KtIWyey3ECeHAjXrj+4XUeXV4A+H3I8d9/S+0fh1jlDKKddyY7gsqa3h6n7GgmJjW0zvxinQDH6ps2jkqQnI8/hTsFJXeZeKGq6lzF2bBkPAlZVOByXxvAzugdX1iKgQMvzOT5lcZTpfqFM0bAaDry+RAPpwIIdudtBn+V1av7PZxPSuYAN8PTi6ooYQhBnntrX4r6VKbYgIukCgPsKJKep8z5mLkit YicWpVo/ HhwyxjrYsZnZnAELRkg483EHhTv1YVV2ttXME/dSEOVSBgOXcRGBYjlgbdjy2gC84OlGTpQuD7bn3WzXYe7t6GwEULoQ2V/dKOkJJgu+i3g6gk+uBSGzgKfVuZ5brJhsmhwfycexl8ep+pZvjPfjVySpWzGGgVlWUxmXPd89FX9AgxXPV/W1Tu4QUA2DKcZIS6AKhp0HCMfoqtfK+hBUWiw82g2H6PE44dwk/P3Lpw69B7/cgS4Q7uAIbICPGsjwIBkg2Zdzi4RxnEBTKPyh2/RAElj9BC6b0qYeIxMXr7U3ytxzv9cPgnCYaFG/gy4WwNSP0RfyiZuf9wMG/su/v6jCOdqMrJeUvjZDEBcsR+AUjNZ+KYWPHEcpZFiCdA90ALEHHFwGR1wCzH6IcASTq595H0KWt9i+oxQokpItx4f/8o967fBImUdE1bfokBDqRFrZV+WYh6NLuxCoD3aE3GoSvk6W7Rx4CKZ6byzfE59AtgxkSkWxJN8a7PECU8JzD/zAt4r0QgNdS5SDPE3Mze/m+B03szmJ+s61+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 6/21/24 00:00, Kees Cook wrote: > On Thu, Jun 20, 2024 at 05:19:55PM -0700, Guenter Roeck wrote: >> Hi, >> >> On Sun, May 19, 2024 at 07:16:12PM -0700, Kees Cook wrote: >>> Make sure nothing goes wrong with the string counters or the bprm's >>> belief about the stack pointer. Add checks and matching self-tests. >>> >>> For 32-bit validation, this was run under 32-bit UML: >>> $ tools/testing/kunit/kunit.py run --make_options SUBARCH=i386 exec >>> >>> Signed-off-by: Kees Cook >> >> With this patch in linux-next, the qemu m68k:mcf5208evb emulation >> fails to boot. The error is: > > Eeek. Thanks for the report! I've dropped this patch from my for-next > tree. > >> Run /init as init process >> Failed to execute /init (error -7) > > -7 is E2BIG, so it's certainly one of the 3 new added checks. I must > have made a mistake in my reasoning about how bprm->p is initialized; > the other two checks seems extremely unlikely to be tripped. > > I will try to get qemu set up and take a close look at what's happening. > While I'm doing that, if it's easy for you, can you try it with just > this removed (i.e. the other 2 new -E2BIG cases still in place): > > /* Avoid a pathological bprm->p. */ > if (bprm->p < limit) > return -E2BIG; I added a printk: argc: 1 envc: 2 p: 262140 limit: 2097152 ^^^^^^^^^^^^^^^^^^^^^^^^ Removing the check above does indeed fix the problem. Guenter