From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F67EC369C2 for ; Fri, 25 Apr 2025 22:48:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D12726B000C; Fri, 25 Apr 2025 18:48:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CC14D6B000D; Fri, 25 Apr 2025 18:48:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BAFEF6B000E; Fri, 25 Apr 2025 18:48:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A3D2A6B000C for ; Fri, 25 Apr 2025 18:48:32 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 498DD1CD56A for ; Fri, 25 Apr 2025 22:48:33 +0000 (UTC) X-FDA: 83374056906.13.51AFF18 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf30.hostedemail.com (Postfix) with ESMTP id B5A9F8000B for ; Fri, 25 Apr 2025 22:48:31 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GuF+Vo47; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745621311; a=rsa-sha256; cv=none; b=TmOKQlPbRCa5rsorvDhYix5urjY1ebx11GOJyHZpQXElLnvwGAwtdM4FFApJcbyN5iY/Qb gCfrIE3ZePNIlnodnvBDTmVh1HuzRFVugn4QrJ0jWNtxzZxhwQL3YI92/KQfm5icK6QCqv sy8pjyJpM1uvBaidiaU9aYtM3SDuQ7o= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GuF+Vo47; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745621311; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6wnzxYcH1nOh1H2nt8pYoGaHckTyTgqydYQnbC7Xk7o=; b=c27LDmETHOqdm14aTiIk61KLVG+MJXIlAX3y7uKFWL+d4PYF5BrQxUwQ7oZD87yeoBpTAq XRMIGnF2hLlazlRgcIk+Gi64VEu+zvfqZc4CEkfc2JMiz8k5OHrohKlsltF47XjdWvQoY2 Sge0L4ULrYvxIqr4RP97KTKS2Ujo8jk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 938725C6D0C; Fri, 25 Apr 2025 22:46:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 619FBC4CEE4; Fri, 25 Apr 2025 22:48:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1745621310; bh=uZ7Nij1He0NEHxrCoUqJ8etb02FXoOVlBiScFBXmcTI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GuF+Vo47m67DiYMeumVcO4FoO3N+IdYgOhgA5lt1ClG52fex9iKKO/TDekvw7jCKP TdnRYe5CnKWMna9pi9K5WZAN7PJn7004Vmm412j2RlKgGWbVuA1q6nQ5JgzgQBVvmi pwyzMtsVsu1eNCGpz5hEKOO8IqPDcNBJ/r4eoesPUEKknn4NRPyRoYVuIZ5Sw8e14Z Rx77qY+RnVKyeooD3IIX7ShvLd3fhePPOnhHRELs6mCEld/6hanBmoWD64PA+cdVnF 1RMs2+n+sZpY/XhGDc3QbL4RsjC7KXzHYhZjQ88hsQK4oeD5Z5a4P7UELTI6VOaa0V Nl+rcLX+lGJpQ== Date: Fri, 25 Apr 2025 15:48:27 -0700 From: Kees Cook To: Catalin Marinas Cc: Ryan Roberts , Thomas =?iso-8859-1?Q?Wei=DFschuh?= , Linux Kernel Mailing List , Linux-MM , "linux-arm-kernel@lists.infradead.org" Subject: Re: BUG: vdso changes expose elf mapping issue Message-ID: <202504251546.FC8A40CB98@keescook> References: <202504251158.D3D342410@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202504251158.D3D342410@keescook> X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: B5A9F8000B X-Stat-Signature: nxtcdrk589quhobp43kqiroondp1m97c X-HE-Tag: 1745621311-931828 X-HE-Meta: U2FsdGVkX1/MHy+MmaV0s/mrMsi1Z7YscHXH0Bj5EoNqI2Ad3nJLjYFythbMw58g17hUj5RUe+0UzROoJRWfbZbCKUpNUHe6gEQGMiQMhjBstN999gjud5FX2cixafBnfREjA59fxAgj46qfUFEYKxJevgSPJp8l2EVdga13Xqm40SCjK4gm3WDF10pGp0vHvefd8KXQEr8E7OlKOZvyfUOh+sPkvhGzCQUmN1DjzNSR5MIc54+qQvp7yyOjOv/Rig9mbPbPmjMh9qVT5gtL7Zjbs1bVSiDknlgT57DjZCZuhq/S1oPHlMbemex+JWNAq5R3Nx5JvuGnEOSXYxbM4do+x4dZDCSXqjCA0SCIVd5LXtk+zmrraMoFlOokGF+egjIyCvB4zlv4Hn6F9V2MRViE6AwRcNQDQKTeNO4FpEcvL/guoW1F/Iyv60HLPvHJCU89pRvxliZ7jmr+ZksbCpkFYvDuu3cZ09dJ5dF2gPh8zu2jZO2RezglO8BkJp5ahYQG21+xUFjHybTJkPR7dbKLA7ZNx1gRQgvdLHLY7gJvpKt4+jN/tl6mrZvVranUuIMPGxu/WL1f8McHHVwzLrRW+W3vKDwKa6qlIPF7nM5CwYCLRFtCJ5fpbSbTWhWigqccr4YVCPnJauG7VFwO0LvDcED/fYcIQRu0p8iWTdl1+dRIHp10KbrB1ZGGAkEF40Gwv/41Qdzb5p3+n6sx2d376WTdLtJB3D9uEsaCj60J3gsXtIxvYL4eyIkgU+t6FmpaPnj9AdPHU9Vr1P5p8GGKAirS0h6ga7HgFyfCrbA7Zt+tNHxzobmk/e6/L1qzzBFhkJdJbaYU0KrZyi6sdQnGDV8Qt52kGg7NJFeDzkojIuom+70CHwwCwmIipop1ACaiEspbTFj8nzHLVlQOwPstq6lBPwOXHD9Ydh8qXP7wn9EdsNWrC9uKWq3RSWE8yD4NOIHrqDkqUZOgghu p0kpAcGY WTy1jOxOkha0QXcj6HmECqrn3i5amRbM0+SnfovSOPWXzY2n8hdlKJ/8xNN0HwZYHRIjrplIeUtoKT2sRS91nQAYrYAgP+4BI1pgJdEfGJkYQGgYzWyFS+dvzpZHd4Dydbu8nz+Kydwb2ZMNx0ycODh4mZZ76H+lbKwGu2L9wQ9TFg0TVBnOfuwGtrfEw/J1GyFaxA/JLTu+wBRDHpQX1iClmhUl2O7BLZFXVlN1+DXFxKcljeXrbe7pKdTriCAvaUgViQRNFF2es/E6/AGrl/4mVaJBEVhJWczvvszxo+RStKJ/WmSLdnk4QLQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Apr 25, 2025 at 12:56:21PM -0700, Kees Cook wrote: > For fixing the former, the below change might work (totally untested yet, > I just wanted to reply with my thoughts as I start testing this). Pardon > the goofy code style, I wanted a minimal diff here: > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index 7e2afe3220f7..9290a29ede28 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -1284,7 +1284,7 @@ static int load_elf_binary(struct linux_binprm *bprm) > mm->end_data = end_data; > mm->start_stack = bprm->p; > > - if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) { > + { > /* > * For architectures with ELF randomization, when executing > * a loader directly (i.e. no interpreter listed in ELF > @@ -1299,7 +1299,9 @@ static int load_elf_binary(struct linux_binprm *bprm) > /* Otherwise leave a gap between .bss and brk. */ > mm->brk = mm->start_brk = mm->brk + PAGE_SIZE; > } > + } > > + if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) { > mm->brk = mm->start_brk = arch_randomize_brk(mm); > #ifdef compat_brk_randomized > current->brk_randomized = 1; Unsurprisingly, this patch was broken, but the idea appears to be valid. This new patch works for me so far, though I haven't finished getting Ubuntu 22.04 installed in an arm64 VM. Please let me know if this fixes it: https://lore.kernel.org/lkml/20250425224502.work.520-kees@kernel.org/ -- Kees Cook