From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE491C3DA4A for ; Mon, 5 Aug 2024 21:01:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 67D7E6B0082; Mon, 5 Aug 2024 17:01:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 62CF26B0083; Mon, 5 Aug 2024 17:01:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4F4D26B0085; Mon, 5 Aug 2024 17:01:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 322D46B0082 for ; Mon, 5 Aug 2024 17:01:49 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id D8C6114078A for ; Mon, 5 Aug 2024 21:01:48 +0000 (UTC) X-FDA: 82419413496.09.87E5F51 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id 1F99D180009 for ; Mon, 5 Aug 2024 21:01:45 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ldT2fBId; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722891660; a=rsa-sha256; cv=none; b=fGTqdoXGlB4EORQZ9UdsOspSmvGBdm2/5GPsfA9+ZpzIuXsHH9PJ31UZPnYrmmgeR8rW1G zXIdupXsxqk9rpgioCgdgIToUnVTx88UmL1T8VEsDslvX32uSn1uivE1M0IDyqQOjnaFzN Qnk2DdWeHxTyhLxSc1Lw/NgEiQ/dTS8= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ldT2fBId; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722891660; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SAMvBMBBN04bdTcEDlqEejPjsU1p1X4AA4JU5StvwXY=; b=OLBfETHu/FS96S57lJoZ1cc7eXUBGABrOu3tNK7P+4WUNMs3WqMPYRvVi2vAZG4Wnoz2df jjuSncY8GuEza8UVnOt2CNLTYY/S9EbEYievTzhqhpm2/qNCYY071EC1/03JVmK2tyydXm SzBUPo9UuWWImGUNAwnRutM+vclccTw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 33C8260C2F; Mon, 5 Aug 2024 21:01:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CE4B2C4AF0E; Mon, 5 Aug 2024 21:01:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1722891704; bh=eBrA28q49foh0wgACAxBdLtft9vJsjYqIE2PmIgv7xw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ldT2fBIdEbA7+rP4EImb8EALvzcTKvyS2kmpqufAYYtd6QErBw5HqziIWa75GvDYM tzXq9g2eHSukoyDlOthprUu8gphlsZLWQjhTmsAwNYQdu6FIkLSZAzt1/S12+mRQck NJgXNuY1P18ZKNXNnH0rkXDO0ayTMhZgRT/D9KirNJZTfLkwNmyO4UF0p7gI7h7irI d4Vdl5OsL7OzA2JZBfWUHVlkuGWrDXTKfGrN6Xj7eXtq1IcKsWdunEPQbb2sMJUgBQ TrqfChhBYCuNRP3CcxS0WDMdvg21pY3AAvxsMQu4rNV2pjvnMOAHiMLV1nZSqbl08G Ax9u2flpMZybQ== Date: Mon, 5 Aug 2024 14:01:44 -0700 From: Kees Cook To: jeffxu@chromium.org Cc: akpm@linux-foundation.org, jannh@google.com, sroettger@google.com, adhemerval.zanella@linaro.org, ojeda@kernel.org, adobriyan@gmail.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org Subject: Re: [RFC PATCH v1 0/1] binfmt_elf: seal address zero Message-ID: <202408051400.C402BE97E@keescook> References: <20240801170838.356177-1-jeffxu@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240801170838.356177-1-jeffxu@google.com> X-Rspamd-Queue-Id: 1F99D180009 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: yeh7fydsiu9k6rhx7i8dmhyrrisk7nic X-HE-Tag: 1722891705-199052 X-HE-Meta: U2FsdGVkX18YrTgk891MNtCK8Q06XBO7MalFkSYb0gtO15U1DtwFMC+W4GQfQZKdM1mQxgr1I6G4TATkqjWHXiV1LMQi8p5yetG5xEd1IO0BMgHs9MGvUg9+WBx8RFZGOA1Z7WZXQUVW2x0uYptLGWO1GiEp+NmuDTUB3lvFhM+LW/BOYcNVG+efwlJ97ZWlb9KIrGBpfRN7OQ5xlxMJlBkIwK2PcCp6I2igAtBC7gbOxH0KdPw09lsDUIqDy8cNlE8llMOrzYn8EU2Z+KPhWrMqivkXOH08519sDqpPgX6xeIr/MJ2hwk0aWa0DnvcKb3KlA6SfCEuAxpXr3g2Izfsx6c9taaqOsTKm1HgJBEzWqV8shuDRj4qb3l921dkUrfRhwQ6zB+LLp6L1NO7qruoejcxW5Qu3ZDW1xfFX2/oSVStCz0Ew2OTG41w6W0Mhha/mKwhaDhuC3ex3EkoZ5bbEQSQH9xtsY+V2o17GkcMxCMIQbOMdJN6AxHmwIo2HPTJqSIk3FcSYH3QnkwED7df+Go2cZ5RShaHZV1mjPhk9y9k0MH4WjW3bLqgosfwd8/uQ6DB667TccUjGtg1b005s/v9aNg4SWbRcMWVeCS7MlhrsiTMlZUJpHIx1f+YLrqVkzOK/EAaV4JuBsJbTMxHqOB1GGnOK1lW9frEubEKVO3lvFEv3RMgcKC8zcrxNfaXLztvzQwvA76jLIBffXSdf/jee19zcZDp58+pGSqsJs7VLdFNK1legATTZ6u7jnRg3pQsdxjIgFIF5Sau1DadTPX1ad09d+oG+a+RYgzra5P87Bf+Keskl35Ylg2AoGE5zZsTLTfFuYoF3fXIyzFxswl3aB6lgJ/JBdf1LvxcnwmNWK01BgYdwMprtA9Tpax17/FF2I7CZtUrsYspu1DdWi630y2iz9S/oTSsipCI71Bz692icvPJ+J3vhv7VP0c6koqeWngn6/jBz4qE HgeT4iO6 BsILElvGqsrSQWIlQeHXacskN/RXk3qUDI0Ovl73EF9882qKh97uozae3lCJtZULkhytKzF+RvK7IK0NVMHnLHVBGFL3sNXkAo336DImViAiFMtdhdHOHgg9iXNdQQBvM+If/YCSBEvZQiwT3b7JAPS8a2Tua101tM3W99Jp345ViXyW1zdK/d//6RkSu3Ea1TNkRZKIC+iKOv4oTdblOMag2pu0UvsayjZrf5OSJ0Y4IF81FE8zwFkrnruIlKpZ6PB7RmLxPO/oCpgxQF0znGEpmrIUTuVYtFfy4rcP400afkc1msKvUR3DGassygevccnQicedq8kzpqUvZ2x7C5nXI7Qryid0HuRR7BmXvCdwB45L5HW+jW6NgVTar/2Ks4VsFZoRE9xf7JZ9wL4CJPmCVk8TUWJW7hzARdCPyzHYWMU/cV0tX0aZ5uz4VEUv6k1lorjBr2MoNFWRnogIRs4kxhHc4YT3l5tmVNDOBbyt/ctI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Aug 01, 2024 at 05:08:32PM +0000, jeffxu@chromium.org wrote: > From: Jeff Xu > > In load_elf_binary as part of the execve(), when the current > task’s personality has MMAP_PAGE_ZERO set, the kernel allocates > one page at address 0. According to the comment: > > /* Why this, you ask??? Well SVr4 maps page 0 as read-only, > and some applications "depend" upon this behavior. > Since we do not have the power to recompile these, we > emulate the SVr4 behavior. Sigh. */ > > At one point, Linus suggested removing this [1]. For users, I didn't find much in a Debian Code Search: https://codesearch.debian.net/search?q=MMAP_PAGE_ZERO&literal=1&perpkg=1 I see rr uses it in testing, and some utils have it as an option, so I think maybe just leave it supported. > > Sealing this is probably safe, the comment doesn’t say > the app ever wanting to change the mapping to rwx. Sealing > also ensures that never happens. Yeah, this seems fine to me. > > [1] https://lore.kernel.org/lkml/CAHk-=whVa=nm_GW=NVfPHqcxDbWt4JjjK1YWb0cLjO4ZSGyiDA@mail.gmail.com/ > > Jeff Xu (1): > binfmt_elf: mseal address zero > > fs/binfmt_elf.c | 4 ++++ > include/linux/mm.h | 4 ++++ > mm/mseal.c | 2 +- > 3 files changed, 9 insertions(+), 1 deletion(-) > > -- > 2.46.0.rc1.232.g9752f9e123-goog > -- Kees Cook