From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A34D5C3ABA9 for ; Thu, 1 May 2025 23:49:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6A1436B00B4; Thu, 1 May 2025 19:49:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 651196B00B6; Thu, 1 May 2025 19:49:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 519166B00B7; Thu, 1 May 2025 19:49:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 341F16B00B4 for ; Thu, 1 May 2025 19:49:17 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id B4765CD2F2 for ; Thu, 1 May 2025 23:49:17 +0000 (UTC) X-FDA: 83395982754.08.FF1E03F Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf21.hostedemail.com (Postfix) with ESMTP id 046A81C0003 for ; Thu, 1 May 2025 23:49:15 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Dsr2AkHa; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746143356; a=rsa-sha256; cv=none; b=2yIS7lhxtUORY59AAf+aP4Cr+UKMFdNyEB9Yuhik2/f8fIRFazpANUVWVZPxpbZuKlg9TJ p5PLG5h67yErpNPhudxv79QAaS7XhA6jh2sBmYr4seFvmnN4S6jeFOLhnRI6dA9Nt5TYBO 6gV+czo6sMB1ZzYG7BCnmS1sJ9YhNp0= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Dsr2AkHa; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746143356; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WjWF6YCtIKsys7XQFisYtpPytA5LMMNOL4anwM/3k2o=; b=wCLZPrGHrLKcc23N3j5LlvmhI70qF/hLpjd+qYRhztdYpXss1A1JpR4QGJf3QfJqR2FVnG VW4ttacjr31HMnxP+24oy5q9ZxPsbygoiXI2PPO6EjxTIJYD5oVToMP9QC3Pb1O88lluMB +/VK9gpN9DPmhKtofAcs7xU3jsLyH9k= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id 4FC2C4A80B; Thu, 1 May 2025 23:49:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83409C4CEED; Thu, 1 May 2025 23:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1746143354; bh=oBb30km4rgKn4We1YO6LEEYryPCsN9axqOjf65m6cV4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Dsr2AkHaUNLtlqO3Grbv5Rh/u8s8h80+GON71LhmZjrpojXzovUSv4b4g+w6lBWkV 55V3QLUfZD2fcFYSza2TxHUFzJ5A0SiDS3j68+vyr7hh/Al3+z8sEDZunMNkdUghLQ qdOgeTd8+w+aYvUthj9TTfBI/jE/cxMtZie9HgTeubAuC5FLsKZGVROANb6xuslCQ3 hF3qNtD65MwY5yAjZZOLaNo8PmRIsibLgWNLSeehpU43q10qbvTZHYT9qgnsfHTdsl vajS7mk/6OjI4Ln5khTAIc9AXi9JwbuH04ztxwA97YFuaXbHv8Y5Egk0gyxxkpYCsN c2iWSCDrsS60A== Date: Thu, 1 May 2025 16:49:11 -0700 From: Kees Cook To: Ryan Roberts Cc: Catalin Marinas , Al Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , Ali Saidi , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] binfmt_elf: Move brk for static PIE even if ASLR disabled Message-ID: <202505011633.82A962A7@keescook> References: <20250425224502.work.520-kees@kernel.org> <202504301207.BCE7A96@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Queue-Id: 046A81C0003 X-Rspamd-Server: rspam04 X-Stat-Signature: qdaw96ugbep8eafezr1s9r4dmnemwctk X-HE-Tag: 1746143355-343762 X-HE-Meta: U2FsdGVkX19Aliub51ibFjtVrW265CTxJCk5lIIBEV2+ifkz0wxCt5uy+Y18lOpsTDk4cqztO3xyhp3DgWgEBiekIU+0zDG4+1+hTuEVvNacfp2nErYZqXvVjgFCd25Wox57r3YqyWC9oBhFJKXf6z6z4rQ3nJi4N3lgXHRBH6Vu+iZkMLzxTcD5+Q0kfp7851INlhWCSzjAlVdC+Av4mhgvL5Vtxi+LSH1Sge8NDtlU5/B7pk0ILb545TJ5ysC17+aIqP17bs1F4TvvWFfPP1dfLXpZIs7aVC1ysqUhKVo4JTj1xi1AsD0x4qSZgraAlAsOA/Fm6tV6Rq97/v+G3T/xYE+88Hz7cFspzd+JMLrbZqRTgB1si8HQpFjBnBVh3d2e9tBj2yDdIF+qDlq+WhJjVl8C1DozyCGasv3tvKy6a7DIMI05SA6RH0MOtqhOv9ppKjmkW2xiPFkDCVZdzbDWakcr57rjTyRsymo+cMU5TOk/tES/LLIavnMhhBynWKeZOhIDQETz4L1MuKfIg50KP0Lm6NsrC2d5qB5yZkl/y7FSlPSLuNZY8nUUyHybFDN4Ct2vG3ruHNCbi9ZVHJgBfXruwNiiow210N9PIhvJimZL1xR8CsM0ORRDLpbYA9TAzraT9646WpZT/01KdfG9UZ5SAKNeG8TkMEX6wCyIHCliSjYaMylU4aK8e9U4DV4aikPSktVswQz8anxftS770oWBFQuMRTzLs+ux/NP8YF/kH5qqWpbEUGgxc7HPYLQ0WXc8eVBT1iGxiwgEDF1B4tP4DUpa6OovyO4ZpuJnaT8Lt63Z+dmrsNdCBu7SAFbx4oA4kxo89t8qXGVsHyBNer+SkHHmeTdSBuOthaXDCyh7rsDc0oesu6UwARUPx1cNgBAtLS+gnQp1nzKeRuy6NO6qnc7t+sR4iJ9DSlU3XV+XGhVX9cbUaCq60Y2ds9SFgizPcqrQM6G8XbN JKj57gjF UbQEaYuUIpk4yFMWig3ATDVDoul/JbHzsIv20sPI5mJZJNg5gZHGfihAU+CH1eoBzcnwT6HLyTpHh8p6joxuCKGxe7t/iFkmialEm5ybWuraF8JfmF5qMxD6WOTLS8jFspORsIpButECHOi8+VssjHMBY9rNWHRk3kLK35fopNMnefcJEjNVdLAiR44hmIlqeeCvPNjOIqBHbu+eHWRrdrdfIn6IkakjO2NbdsGVVwr6gyYGYYFIiZTyzVYbTGdX47gPq X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, May 01, 2025 at 12:03:32PM +0100, Ryan Roberts wrote: > I agree, as long as COMPAT_BRK is not set (which is the common case IFAICT). > When COMPAT_BRK is enabled, I think you are breaking the purpose of that > Kconfig? Perhaps it's not a real-world problem though... When you turned off ASLR, what mechanism did you use? Personality or randomize_va_space=0? > > It's possible it could break running the loader directly against some > > libc5-based binaries. If this turns out to be a real-world issue, we can > > find a better solution (perhaps pre-allocating a large brk). > > But how large is large enough... Right -- Chrome has a 500MB brk on my laptop. :P Or with randomization off, it could allocate to the top of the mmap space just to keep "future" mmap allocations from landing in any holes... > Perhaps it is safer to only move the brk if !IS_ENABLED(CONFIG_COMPAT_BRK) ? > Then wait to see if there are any real-world COMPAT_BRK users that hit the issue? Yeah, that might be the best middle-ground. -- Kees Cook