From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A68A8C678DC for ; Wed, 11 Jun 2025 14:18:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 431916B00A2; Wed, 11 Jun 2025 10:18:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4095E6B00A7; Wed, 11 Jun 2025 10:18:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 346626B00AA; Wed, 11 Jun 2025 10:18:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 155CA6B00A2 for ; Wed, 11 Jun 2025 10:18:15 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 863321D72C3 for ; Wed, 11 Jun 2025 14:18:14 +0000 (UTC) X-FDA: 83543324508.29.49BC3A1 Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com [209.85.208.171]) by imf07.hostedemail.com (Postfix) with ESMTP id 8744240002 for ; Wed, 11 Jun 2025 14:18:12 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Fbi2heaz; spf=pass (imf07.hostedemail.com: domain of pranav.tyagi03@gmail.com designates 209.85.208.171 as permitted sender) smtp.mailfrom=pranav.tyagi03@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1749651492; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1JHyDDVL96PT69+HIUFTlQwzyTVvaxPDQBDHlKvb0lw=; b=Yv0qP4nbLub00AIzfqTTULsErxSotvGUGIoucxOXSa884U+zHbD9+ST019rm4Swv1xmHti inEaS4kn9RwMSUjfavnK3i9IrtqBHNANLOWui19OMnMLcPDb1wqvvRtMiKqEwS5wjvg30r Cdz8giRzqZIqYUsCFkG1JQ4Pia2olHg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749651492; a=rsa-sha256; cv=none; b=eYS+jucdA7Aarvwb/MNsuQZHBvrhwy8cPavnCxCb2yV1J0wcGSnOd9lgfmY439+/2FgqEr /LWdKK2KfgJET7LpAcEtUlKbUF6fLSKIq/wMsiZNsWpe+gZ4tpVIIS2by5Xz5vXTj7n7CL /kOluYWoGvMKf+ZgjDj8ERqgY2LOnc0= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Fbi2heaz; spf=pass (imf07.hostedemail.com: domain of pranav.tyagi03@gmail.com designates 209.85.208.171 as permitted sender) smtp.mailfrom=pranav.tyagi03@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-lj1-f171.google.com with SMTP id 38308e7fff4ca-32addf54a00so48052611fa.1 for ; Wed, 11 Jun 2025 07:18:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1749651491; x=1750256291; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=1JHyDDVL96PT69+HIUFTlQwzyTVvaxPDQBDHlKvb0lw=; b=Fbi2heaz2uSTAptmpTAc0wiAiJLqNa16BRHZg7GyXURuWuU9jaTbGVHxPiQSHJmblp wBT8UySZ9v+n/ccIUhCWHHPhGia8waqZ3WbHFi1DudVqgZ1pEv4dD7N71jOeUNWXVLcR zrXMFHHpiEwHASy3rlcqLJCgmaaUKwT5gefNQiAaPE8ZOZXiFwAgnGyJoU7hCayMx5z6 8hsZ6w168WZLuXNGgNJWDbXo3uNAsq51dT+L+z+FGAcAne/1+jdv3UfTdHKiOiHSuZym v00+9xXYi9qQ+tG1C36u1Y86gQ7imfBu1nHZKkl0QPsZ2DWSiVSp2qNjmwNrxVi0lnLy 7FIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749651491; x=1750256291; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1JHyDDVL96PT69+HIUFTlQwzyTVvaxPDQBDHlKvb0lw=; b=tqq6lvZbVf5kTGjjfOxmHJ5T8K3bIAiMWTBGkDtdYV7LUdd8g4fpgHDRbjezak2t8G vr5bekpMN2vuQC8qYAsCEFDtpAVfoBp6y/+rOdgRTkASvpWY2xsc6xzVWb6LEUxFA1qJ YYK1QTozx0Cn4VJStst5sOiiLcnt2idSAPDyHIy+UMGy/Fg8slS7qjgzJjL7B/rkKWVK HlZ3v+69Exe30fV1TNHQMeklcxnarvzzL1etwGHBvYNnrJjOIQTuVZ8w/0TtEHm87mZh u1SNHr70LabxT7c+AU4pthqBm8bpVTp2i0ryo0BqilCxoM7IreqCEhyoP4w609CAVx8j uWNg== X-Forwarded-Encrypted: i=1; AJvYcCXOeG4Uh9wd/VGX/6sLzILkhYQudPrvzxVf879gs9a+rpifpFH5lTt+6g5SzcDhMCqUls5qLagi8w==@kvack.org X-Gm-Message-State: AOJu0Yz/67GvgiEuXCTnL+OGTiA8VmAAsuMN/p/6Ya89sVSnDGv6/bh5 z2txXT6NfqKrMWTivgHXiJ6PziRYZN/AocC9k9JQW52H/Sq61n5oHJ3Vu1tDpRTENIWlPmjEjWw SzGk2jDybAiBhUlyR5e07rdaHWncnrfU= X-Gm-Gg: ASbGncsLpoLK6i0ZferR8A/INuy6SqljstaSjomvkJtWEHcVhShRG7koSW7rlgG7Ysn hjeHVeG6T1sR90jEEWFiebdvhsf9tYY7SaNTo8IIvEAen8HBZCL1JnsjtaD/9+8stADf8JzQ0vL HczKw0OQTEswdhSMTwqs+vf++ns9+0LND9vS8R+iDix6mx13SjxiICz5IxjwvVDBmEQSRiMjvtq aKZ0g== X-Google-Smtp-Source: AGHT+IEw99JZ3Ni2MxwdgIFYpOqtbrPsWWAib83ZR7Rw9sZS3Aa6YYdAkawHMQmcsqGznXxBoTb+QwWK6QtF+QGgKHM= X-Received: by 2002:a05:651c:221f:b0:32a:74db:fe73 with SMTP id 38308e7fff4ca-32b21de3f22mr11802421fa.28.1749651490434; Wed, 11 Jun 2025 07:18:10 -0700 (PDT) MIME-Version: 1.0 References: <20250607082844.8779-1-pranav.tyagi03@gmail.com> <202506092053.827AD89DC5@keescook> In-Reply-To: From: Pranav Tyagi Date: Wed, 11 Jun 2025 19:47:58 +0530 X-Gm-Features: AX0GCFu4sDFJ8r-fSsh6QpnCWFxzSyxmgew_3nZ6MvQ-4CtPA9tGvltGmTDudag Message-ID: Subject: Re: [PATCH] binfmt_elf: use check_mul_overflow() for size calc To: Jan Kara Cc: Kees Cook , viro@zeniv.linux.org.uk, brauner@kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, linux-kernel-mentees@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 8744240002 X-Stat-Signature: wa56ujomufgxyqdckrgco799hrqzq9a1 X-HE-Tag: 1749651492-505731 X-HE-Meta: U2FsdGVkX18GY7d13jeIAKIjUSptP12Iyx71yYEL8sy44su1E5E03x5h3p+8l6FngTB+hFQTbohmiL2J9Z6sWjtOGMADw561i+ujMfSnySS4KmOCgx3MXCayF2yKobT8t7P1LLDwUy6+Iepnzhdz7ZO/DuaVg5rSb1JXWl0Mj7MA1BgMBMtO3LPHbHeJpCDdVz2XbXSZVf7P29QMh4oll2H1tzExHaKPH+aMHMa1b3HoivbNb6B0AhaQl14Y93jEfghBfDSVg+3Cr101jXvP3qdWMSNQkLs21NBxuDCR6tWdcvlN13BXodI9ZAbmIbIsoCH0epLuFdgtk5JmV8onXc00MyHy5NpYUJfrTu1Hunmjm1NAmCam0rCVLPhQRwYXIGAop9uvIPSP8noJa8L0XNXuIwZQ59lodxoWA0atLSAOYAvCj2qpirD1Lowx1CtNGh+jvkIiv+d4tCfzV6SWiiuvlMUT5/HBY7fUXatmIN+ZFLn7LVXkK8bekZxZdRqeGAVPLET8Y6YwRw19acm3iRsuV9Nm87qx4dqxbRJHFun7FPY80hnFFwcbffAKu+RVxrzH+1Bt9GnFP6WOih4peeRgRCvVrY7UPlssYFlaYXhW9jJSLAwbQIn10NbR454rJVZ7QDK395oEm+aOZpJSGqItN4206w9UYU9yzMINte9QZ6mEN4oZnzRDW+tCVFf1wkDvxoes3dqDSyi+yXZubd0bw1ZVFNOsYEmbXFi4H0ovlxE+p2r3bX7J8jT97BSjgwe6Mr7OX9oVQtkevRlVzd4ZYuh2WmLiOj6TbbvSmDJsUil4Cwvf1VOTIwUgP5v4C9qXyHnXN65EnlGvQo+xREqGr/rxb0oX7GGrx4soI5t1l7XRhcCIl4S5sz9yVfdGaeIV/q+oaYESvZOTCUUsAN0intNTfopAEmdIsuKVVSGXOnXb8Ks290s7sCz1yQ6rr6GfUMpBiBzhEt9u2Uy fgV+2O/6 WPotLXZppGbF4RJsQY7jdQeRFJErXHOmIpw5Xqll4QQHNr5uswy1v/QcgQnpbm60NNmtLXC9GD3MODAzx8yWMeEgYZLE984X/LI/NBypBrrnSB6lS3EVW8ElBkG9Rt2jBSxg7Um8/xVESvDAyvb5aFs89JQyVvv8QlRR3BCqRRPCIneFH76Kf4kVACKtErA4JKc9K/KY7LRVO5nG+7OKbfBGwOWXZVzMTfl6mNI5HEj4UJNnKKZrV+Vge9D24byDNaCo+luA/jfFE1/NLl9BrtaUlXOuoCcQMmxnX/Fu2pjv4wRE+LaKjseJrOFZhAnSFslYnNavukjOwkJU4xYdlX9CBq+rei1/qlW2TBwGOdpvoH5bgDlyF/vewMWMaCvOGPsMV0ZPLnbsebgpXbbiTSDx/M67kDrY51CXYqtNJQtCaVR3ZoceSO+2sblPrZ8Km/HrpUahdJipVvcNziFjd61J+9Rl0JBtLj3Gi+75g4q0bQEG+zO4PRJQKxA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jun 10, 2025 at 1:29=E2=80=AFPM Jan Kara wrote: > > On Mon 09-06-25 21:04:36, Kees Cook wrote: > > On Sat, Jun 07, 2025 at 01:58:44PM +0530, Pranav Tyagi wrote: > > > Use check_mul_overflow() to safely compute the total size of ELF prog= ram > > > headers instead of relying on direct multiplication. > > > > > > Directly multiplying sizeof(struct elf_phdr) with e_phnum risks integ= er > > > overflow, especially on 32-bit systems or with malformed ELF binaries > > > crafted to trigger wrap-around. If an overflow occurs, kmalloc() coul= d > > > allocate insufficient memory, potentially leading to out-of-bound > > > accesses, memory corruption or security vulnerabilities. > > > > > > Using check_mul_overflow() ensures the multiplication is performed > > > safely and detects overflows before memory allocation. This change ma= kes > > > the function more robust when handling untrusted or corrupted binarie= s. > > > > > > Signed-off-by: Pranav Tyagi > > > Link: https://github.com/KSPP/linux/issues/92 > > > --- > > > fs/binfmt_elf.c | 5 ++++- > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > > > index a43363d593e5..774e705798b8 100644 > > > --- a/fs/binfmt_elf.c > > > +++ b/fs/binfmt_elf.c > > > @@ -518,7 +518,10 @@ static struct elf_phdr *load_elf_phdrs(const str= uct elfhdr *elf_ex, > > > > > > /* Sanity check the number of program headers... */ > > > /* ...and their total size. */ > > > - size =3D sizeof(struct elf_phdr) * elf_ex->e_phnum; > > > > size is unsigned int, which has a maximum value of 4,294,967,295. > > > > elf_ex->e_phnum is a u16 (2 bytes) and will not be changing: > > > > $ pahole -C elf64_hdr */fs/binfmt_elf.o > > struct elf64_hdr { > > ... > > Elf64_Half e_phnum; /* 56 2= */ > > ... > > Ah, what confused me was that I somehow thought Elf64_Half is u32 without > checking it's definition which clearly shows its actually u16. Thanks for > checking it! You're right that the patch is pointless then. > > Honza > -- > Jan Kara > SUSE Labs, CR Hi, I understand that the patch is actually pointless. I am still new to kernel dev and learnt a lot from your comments. I will keep this in mind while sending patches in the future. Regards Pranav Tyagi