From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B9EB4E82CD1
	for <linux-mm@archiver.kernel.org>; Wed, 27 Sep 2023 20:25:33 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 41C906B01F2; Wed, 27 Sep 2023 16:25:33 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3CCAC6B01FE; Wed, 27 Sep 2023 16:25:33 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 295876B01FF; Wed, 27 Sep 2023 16:25:33 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 16D906B01F2
	for <linux-mm@kvack.org>; Wed, 27 Sep 2023 16:25:33 -0400 (EDT)
Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id B6805120E4D
	for <linux-mm@kvack.org>; Wed, 27 Sep 2023 20:25:32 +0000 (UTC)
X-FDA: 81283507704.16.97B50E9
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
	by imf18.hostedemail.com (Postfix) with ESMTP id 623711C0022
	for <linux-mm@kvack.org>; Wed, 27 Sep 2023 20:25:30 +0000 (UTC)
Authentication-Results: imf18.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=xmission.com;
	spf=pass (imf18.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.232 as permitted sender) smtp.mailfrom=ebiederm@xmission.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695846330; a=rsa-sha256;
	cv=none;
	b=2kGRmy2L0THl8h7pZwYtoly8xcKc8fOrvrp9qxliUsTxRBFDTh4U7KtpsVoVB2zEubhpeE
	bNrrsIS2w0Vl5mkOSSiXJMmVTglVOWuHGVM30TM1Cd8c6EeIFwT+EK7685W+ROXoWOXtit
	6DAV7bMPHF3mRnep08hKKTPw0F798ns=
ARC-Authentication-Results: i=1;
	imf18.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=xmission.com;
	spf=pass (imf18.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.232 as permitted sender) smtp.mailfrom=ebiederm@xmission.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1695846330;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=9FumygMNZmKvLRRrBZtlzRtzdmubQ5q5/W9BWXBpAcA=;
	b=PriDhyNFKUzAkRdJHaAZCzWHDqwQqgxYrbtnQL2aeB1GZyvF9JGNlLnKKdrtz9vLAFrXgL
	JDfRKom6AnWuQJ7x0OYqwWxNQ24YlJ7druddW1AIfDFgJGROqt0OejGTk5kCcqizUI5Wqn
	bxWqd9jwufDE79ZuD/4j9qmsnwe0HGI=
Received: from in02.mta.xmission.com ([166.70.13.52]:34862)
	by out02.mta.xmission.com with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.93)
	(envelope-from <ebiederm@xmission.com>)
	id 1qlb68-004E9A-TM; Wed, 27 Sep 2023 14:25:28 -0600
Received: from ip68-227-168-167.om.om.cox.net ([68.227.168.167]:55018 helo=email.froward.int.ebiederm.org.xmission.com)
	by in02.mta.xmission.com with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.93)
	(envelope-from <ebiederm@xmission.com>)
	id 1qlb67-00DYm2-Qk; Wed, 27 Sep 2023 14:25:28 -0600
From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Kees Cook <keescook@chromium.org>
Cc: Sebastian Ott <sebott@redhat.com>,  Thomas =?utf-8?Q?Wei=C3=9Fschuh?=
 <linux@weissschuh.net>,  Al Viro <viro@zeniv.linux.org.uk>,  Christian
 Brauner <brauner@kernel.org>,  Pedro Falcato <pedro.falcato@gmail.com>,
  linux-kernel@vger.kernel.org,  linux-fsdevel@vger.kernel.org,
  linux-mm@kvack.org,  linux-hardening@vger.kernel.org
References: <20230927033634.make.602-kees@kernel.org>
Date: Wed, 27 Sep 2023 15:25:21 -0500
In-Reply-To: <20230927033634.make.602-kees@kernel.org> (Kees Cook's message of
	"Tue, 26 Sep 2023 20:42:17 -0700")
Message-ID: <87il7v8itq.fsf@email.froward.int.ebiederm.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1qlb67-00DYm2-Qk;;;mid=<87il7v8itq.fsf@email.froward.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.168.167;;;frm=ebiederm@xmission.com;;;spf=pass
X-XM-AID: U2FsdGVkX18Gql5jFySccJ7lzoWBXWBHedBRO+fGkGw=
X-SA-Exim-Connect-IP: 68.227.168.167
X-SA-Exim-Mail-From: ebiederm@xmission.com
Subject: Re: [PATCH v3 0/4] binfmt_elf: Support segments with 0 filesz and
 misaligned starts
X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: 623711C0022
X-Stat-Signature: 59k6s3nnuepg6cxd64n7p13nf47x78ge
X-Rspam-User: 
X-HE-Tag: 1695846330-22713
X-HE-Meta: U2FsdGVkX1+hyMRXQ05uIMJMCgGLUxeJD5HHRoEgfsqI5n0xW/XXjbth693c79p/KEfnaaHSrKMx3OzDgO999kpiYmz3CWz//t25ry6p+Cbx/b61ZkY6FD9Fp5A30XhvRL1Qi+2lJUyMOer7fwZVQ8c7w14TGoYL1vyR+g7BR/YBuJWYMAbT6HYoqehCZpLxOW3LLkMuJzjuMNZDNKjnjdQd5j4Ef/Uw5WVkSZg0C44I5mSuBpAjfQ+4PH16E0V7ImujiGU2bcdIgyuE80n+GKqcIDsozl7ulnhiFs4SgtpVsoB/7JdHCoLvg3Bjzz7cWuUrTl5TrpLnGfQnAUMpzbxtdzY4LMw5YxdZ/bR9ccQ4MLaHItqzH/Ds8pRP4LBIfkaTZhzbBmzRCFkrPpC809t1P7oMtm5deWrxv9oUpKnyqg4WXRzUxJqhIfu2nt+UHZKaAVnk5ceE12jC7dcHLptUxDwW+jrb3Elo4uzAMARPDnV5nVzAvHmZPj9xymRY+5jGKparpY4hddyyCEBN/TsicrKoSGo3SHBinQrNsiHDnvJmWM73mZMgu+7nS/rZmBCxZnLzYo7AADRTPvsvAa6rOvxvaTCJEtdaPXrPRJaqJiqzUZRVlHBbQ4mNRdfnxTLnbYMrJDoani17hPLu+E1/3gheyMQPnNwFjtBE/1pIK476DL8olplhVRe60NR85eDQ3y5EtHOFcBz5ACf7B1Qccr5B/p9qAT6dvuE9rGGt9/rul4H/UXrfgMHG1ObL9IZ+vWcMb8dhNqv+df1Z9kA7/etgU1qZHWgxFuwA+KQGBJMHSNqGGVCR69N7dblNtphJwCbtU6GP0Fjfi9V8iw4BTTqwI2t9Nmb+TQhYNZy964L8PTcT6U15F6/7zdK71kXCTT4CzUoBcjZGKcbphjBr43hk7jM81vn64ZxfqOfLcJwjzFlRDTfEvnmFbdOJXzibs8socYLDZImcjNz
 eK5bdS+a
 75i8QARf4BgQ1PTzgTw49uZEU/XWxMzx/N6OnR2cv3F8LUGxgqSBBpyvFgeCiCgn7MnLF4Zc1Hrrtlue09KPH4skXzjZG2QVJ7frr34xwNy6R3QhnHH0rWatMolgYf7i5Fktiq4nIviW+xBn909dpQSaVMNDATdcfzhsjQE2fwOHgv74X/YbTkasqN/YpFstFRFRBWPLFYtLCo8PUPBQLV76eHzjbBAqkh8hOTh1duNyk0XnLkv3o2C5NxTGUzm6W/6XzvsY2sxTep3I=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Kees Cook <keescook@chromium.org> writes:

> Hi,
>
> This is the continuation of the work Eric started for handling
> "p_memsz > p_filesz" in arbitrary segments (rather than just the last,
> BSS, segment). I've added the suggested changes:
>
>  - drop unused "elf_bss" variable
>  - report padzero() errors when PROT_WRITE is present
>  - refactor load_elf_interp() to use elf_load()
>
> This passes my quick smoke tests, but I'm still trying to construct some
> more complete tests...

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>

You might also consider using elf_load in load_elf_library.

The code in load_elf_library only supports files with a single program
header, and I think is only needed for libc5.

The advantage is that load_elf_library would be using well tested code,
vm_brk would have no callers, and padzero would only be called by
elf_load, and load_elf_library would do little more than just call
load_elf_library.

Eric

>
> -Kees
>
> Eric W. Biederman (1):
>   binfmt_elf: Support segments with 0 filesz and misaligned starts
>
> Kees Cook (3):
>   binfmt_elf: elf_bss no longer used by load_elf_binary()
>   binfmt_elf: Provide prot bits as context for padzero() errors
>   binfmt_elf: Use elf_load() for interpreter
>
>  fs/binfmt_elf.c | 192 ++++++++++++++++++------------------------------
>  1 file changed, 71 insertions(+), 121 deletions(-)