From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27C3DC4167D for ; Fri, 11 Nov 2022 18:43:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 524788E0009; Fri, 11 Nov 2022 13:43:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4ACD58E0008; Fri, 11 Nov 2022 13:43:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 34EAD8E0009; Fri, 11 Nov 2022 13:43:20 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 27A5F8E0008 for ; Fri, 11 Nov 2022 13:43:20 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id EC4F6A0192 for ; Fri, 11 Nov 2022 18:43:19 +0000 (UTC) X-FDA: 80122034118.18.396C24B Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by imf26.hostedemail.com (Postfix) with ESMTP id 9D546140009 for ; Fri, 11 Nov 2022 18:43:19 +0000 (UTC) Received: by mail-pj1-f50.google.com with SMTP id l6so5154716pjj.0 for ; Fri, 11 Nov 2022 10:43:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=zvPjJomqGpklbO216LKhFVnjX7hUEN+k9QGJRtClI/s=; b=CdGJ4NF0tyFFuY5k1pnDeRswa5SfipxLwMMzYimdv0Nmnq5TVUJSUJf58J3xl9U2Xb uWoi3Oasgu6BPBhKC94V72JvwALqeG3S0a2c2K6EKOYUzMg202ryeh71fzP0/Lleid7p yYSBQn7a+5jNV/RL/odrbZkAqnHQekbyAkr5w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=zvPjJomqGpklbO216LKhFVnjX7hUEN+k9QGJRtClI/s=; b=AvwWKwW9S8DFuDPZkQhxRf70MF0T7xUoXglSpI0ukk50X5pA4BS4ceIVs76DPReVUd 8JnRLWh9BRlOM1tkDSjPgGVsPLUQsRDLsWmkDOB4dRgWFMpZpbCArL95/kDxQ32QcZUG hqt2BtllnpyMkVfZ6wfRE6AEQoUDn/kN0YFTmrFB9+drSM7Nd1tZJzktPrsp+Fj+UkvQ lRzdW+wEWHvKH3wS1y8xCWOx4cyu6zmsYhnjgjUXPStAgvZoqePMzt+S9GlZ4ghU1Ad0 MTUUDhAs6Y+dp8zlMErIEtlXIR3kYlM2PaYvkymGR16MNkw8KVIgxCQH/gQ1KvIwKCms SVhQ== X-Gm-Message-State: ANoB5pmxuuPWchVAjWsQsW9LoZ2lxK9jSp+CGEWcTMNaWxkO+N/jhmL5 Rg0DvEzm1CtkmNyAw7dJbKUGhw== X-Google-Smtp-Source: AA0mqf4diI87jkKn+R+q104hSjv+rlYENJlYIF5J45JIZbxzHU/ZPZfdCofVKTx5A9ucr0EzCc7ssw== X-Received: by 2002:a17:902:704a:b0:188:712f:dfa5 with SMTP id h10-20020a170902704a00b00188712fdfa5mr3546538plt.140.1668192198497; Fri, 11 Nov 2022 10:43:18 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 23-20020a621617000000b0056b6a22d6c9sm1885372pfw.212.2022.11.11.10.43.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Nov 2022 10:43:18 -0800 (PST) Date: Fri, 11 Nov 2022 10:43:17 -0800 From: Kees Cook To: Pedro Falcato Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, dalias@libc.org, ebiederm@xmission.com, sam@gentoo.org, viro@zeniv.linux.org.uk Subject: Re: [PATCH v3] fs/binfmt_elf: Fix memsz > filesz handling Message-ID: <202211111040.A580C73B2F@keescook> References: <20221108110715.227062-1-pedro.falcato@gmail.com> <202211101934.22CACD615@keescook> <202211102214.D764FAE21@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1668192199; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zvPjJomqGpklbO216LKhFVnjX7hUEN+k9QGJRtClI/s=; b=ouNxJDOd+Yks0LoYKv3rwOh6VtYtsqkg+NoK055l1DHXWXs6cNbNnH0+5tbZUkos9dZQA+ cHpSaxqkeBBNYqPBGuglicSwJRi+/uhijcECOr7DOTsADpH22sPwoNuuvP8ktMfZYWd/IW x8Otk916lDZWCPrU5QYk8MINQ4TXeJM= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=CdGJ4NF0; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.50 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1668192199; a=rsa-sha256; cv=none; b=hWwbuMvUBZCvFPHI4kR9HLstMhBpcJkD8tLMYVpMYi4TRQS89+DJ6mwyw9z7BgLJDTq4MV /KK0dm0LBBjyCLtwX66WT9WwCvM2ZZwPWk/yjs8apmhqBnnlnWdgRBfrGMY7XVxO3NFkqn KWAWxoibqdFfgqlKbIbi9t2otx7j4lk= X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 9D546140009 X-Rspam-User: Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=CdGJ4NF0; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.50 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Stat-Signature: jnxm7bnzcamed8eshwdo1xn4fnepkda9 X-HE-Tag: 1668192199-923304 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000336, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Nov 11, 2022 at 05:14:47PM +0000, Pedro Falcato wrote: > On Fri, Nov 11, 2022 at 6:15 AM Kees Cook wrote: > > > > On Fri, Nov 11, 2022 at 03:59:08AM +0000, Pedro Falcato wrote: > > > We could of course also just sort the program headers at load time, > > > but I assume that's unwanted overhead for most well behaved ELF > > > program headers :) > > > > Large refactoring of the ELF loader needs proper unit testing, and we're > > still a bit away from that existing. In the meantime, we'll need to make > > very very small changes to fix bugs. I've sent a minimal change which I > > think should fix the problem (now at v2 since right after sending it I > > realized I was trading one accidentally correct state for another in the > > v1): > > https://lore.kernel.org/linux-hardening/20221111061315.gonna.703-kees@kernel.org/ > Got it. I understand you may be a bit nervous deploying this patch ATM. > > What are we missing for ELF loader kunit testing? How can one help? > > Note that my -v1 is still relatively safe and was already tested, you > could just apply that. Even the v1 is a LOT of refactoring. I'd like to avoid any factoring like this as much as possible given how fragile the code has proven to be. As for unit testing, we need two prerequisites: - mocking: https://lore.kernel.org/lkml/20220910212804.670622-1-davidgow@google.com/ - userspace VMA support: https://lore.kernel.org/lkml/202211061948.46D3F78@keescook/ -- Kees Cook