From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A15A7CD37AA for ; Fri, 15 Sep 2023 22:15:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0F39F6B036F; Fri, 15 Sep 2023 18:15:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0A4166B0375; Fri, 15 Sep 2023 18:15:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EAD756B0377; Fri, 15 Sep 2023 18:15:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id D759C6B036F for ; Fri, 15 Sep 2023 18:15:19 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 9A569A07C6 for ; Fri, 15 Sep 2023 22:15:19 +0000 (UTC) X-FDA: 81240238758.25.3182022 Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49]) by imf10.hostedemail.com (Postfix) with ESMTP id C5A4EC001E for ; Fri, 15 Sep 2023 22:15:17 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=PptFSAfn; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf10.hostedemail.com: domain of pedro.falcato@gmail.com designates 209.85.217.49 as permitted sender) smtp.mailfrom=pedro.falcato@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1694816117; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FW9H8bI2FfYEr6xLbYMxYe/FGxKReRHQFVdj7VLT7eU=; b=xPUigIaUgQeg+fbbFESt1AE46jjmkp9zpuw/4DHsj767oAmE+mchooUaQUVnMcXtRSnkPs IyY/06R89BQjh1j/DtFxHTnmiCh7q491PaTXK7awoo87v/ntw13GPCTqXUSAo687c1WK3r VnqhogIDPW2zaeRBb4m4UONUDyxQB+4= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=PptFSAfn; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf10.hostedemail.com: domain of pedro.falcato@gmail.com designates 209.85.217.49 as permitted sender) smtp.mailfrom=pedro.falcato@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1694816117; a=rsa-sha256; cv=none; b=MRys6jWOxbHdEgZVs7ihLxYGPuoUHiFPStauACg+06G1ItWNXcBkmwRre1QoaYOA4ahCAH L+QpaTQEdgY5Y9zvVSCogX3SDDrBus5Pz0abAdhwmzfOmKz/uunKxmtgMEd30qLDAd4htu Dmeqmxb15f4wYnJjyUHJ//0i11Fb0Po= Received: by mail-vs1-f49.google.com with SMTP id ada2fe7eead31-4524dc540c7so10263137.0 for ; Fri, 15 Sep 2023 15:15:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1694816117; x=1695420917; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=FW9H8bI2FfYEr6xLbYMxYe/FGxKReRHQFVdj7VLT7eU=; b=PptFSAfnUVgdqNYy/jOVMz0CyPDSG/YxeVqhlT31nVP+7xG7v2wcdWVniXMJDApbgF N8lvAmuC1Uoo5OpSmnq3EIC1K+lHsIB0/zT5yUq5IVqA5PGWpziFE55wYR9mCoqULYkJ AttGrtEF0ADoaIQtBX2Fc/YsoAt4i/IDDly77ZYrNYuOIxztL3/okrj1Uyvma+f8XMXK 2JSiRT68kdaSczH3dhLhY7QveuGVZ4CRHyI5s0gnkGI1xog0620OiMEF8oDEPdndrZhm K7EXH6ILxXtPxh5Fe8z0/jC/T8XXbj6SsAkpGuccFc67PwVH2mvmQZBirsPJQ4kMNpeu JB5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694816117; x=1695420917; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FW9H8bI2FfYEr6xLbYMxYe/FGxKReRHQFVdj7VLT7eU=; b=JH4MW4NlVXf/baXkURNWdE8EoygdUm0PDmRrtlvM2/ZF8f9PRWso2chJO1S+9GRU6S 6HIuo9gShXsDvlzoGg1NCOHU0kgF05WECzU/v1x5Iighxzo7Cbxq8VQL1igxWj69d7Qo tIw/e/DbQlBNtTKbmiiNB5i+VlikDta4nBDbbqbAr27mu6DS0Mn5flaxM/O7QMJEyFDq r/T1O+fNdr3gqacFCjTTJQd0wbc91670kswgb3TCltjYM4MxG2pUbfA9uVLLReRA1c1f eFRQStrr2EIk6zHY17M8CcMpnVZL1Tx3LO2o5ZC1rX9fwNEYcIeqMaDVR0P7wfcR5GR+ W+7g== X-Gm-Message-State: AOJu0YwKWBPYIW8akQv2aPwE6zjaZRFy/1K9ak+zyQcwahzEGvRYRx+J wIGmylTsFzrxJVXCmquR0VPFPdFUmisqTZ2Xg9o= X-Google-Smtp-Source: AGHT+IH2PdPTUw08lT2fcsZTF/CCSNgQEAW9QLws2GcpxFI3uqViNbUSgxXsb3UzuNSmLvKvJ3VpKl/eT8RUX/yGHR4= X-Received: by 2002:a67:e30e:0:b0:44d:5298:5bfa with SMTP id j14-20020a67e30e000000b0044d52985bfamr3495256vsf.2.1694816116783; Fri, 15 Sep 2023 15:15:16 -0700 (PDT) MIME-Version: 1.0 References: <20230914-bss-alloc-v1-1-78de67d2c6dd@weissschuh.net> In-Reply-To: <20230914-bss-alloc-v1-1-78de67d2c6dd@weissschuh.net> From: Pedro Falcato Date: Fri, 15 Sep 2023 23:15:05 +0100 Message-ID: Subject: Re: [PATCH RFC] binfmt_elf: fully allocate bss pages To: =?UTF-8?Q?Thomas_Wei=C3=9Fschuh?= Cc: Alexander Viro , Christian Brauner , Eric Biederman , Kees Cook , Mark Brown , Willy Tarreau , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Sebastian Ott , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Stat-Signature: ghude4euwaeuqzkceaksy9ks9on8re48 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: C5A4EC001E X-HE-Tag: 1694816117-641246 X-HE-Meta: U2FsdGVkX1+NXBlXL602CHyg9rxAXBTTqttsQH9DQkp2IFHPe4upR8BNCq31XmXRa9dEoHCRDRRPKfwOzj30+C51ZJwDiahLHx0dhYIJX6Qn4t50rM39Q/Zkd4IMRIHhaATiqn+KgFG24K42UMzvm3TYOYiV4M70h3SLtsVJYqB9kQyKeoz/IyoSSqNzpFy4x3APNWlyPoLNHggXPAHxh4hJEM34unuEMN5reKgzMq4r13P9WbEPJNrZfJpwivoYTSaDFyVeH9ycwVe9W85Cz0+u+N6tsNBBmcWkGFs48UMMAwS3gRmNBs/Zj62S+NK9Ynk0f+EeB4wBTqUrGkONAaHDoUOoJLssH4TPy6iMhSVQEsuNUjz7idetC9t4+yikUXMytNli4NHOpXTeRlPE7yugV+zponOIwoahao96cw0j35bmVu3BfcNzjec+XdOyXzweVn1bFGVdupjB+hTCteP4uYJnJKld+57uqtYnfz75rjpgKrsqBh2HyhZqLar2Bbw0Vv9aFtgE3K/BWKGjo5jZDwW7fjmyoF0LVj4tD0g1MniSHO5KXm6yAAtTme2K4oVloC0LrzUPyU0JxGmawGMFdgbcLu+DDPOZACUIQXcN18ymfBwytjrKE75EbQgv8SQYRDsQ9X9HCmJEs4AA2aIDQi21jA8cJIQuqeiWdXuzEBbBQGlrfSEa9w0GlGEGTKcQAG/ldFO76cd51VYWxvfczytzlidI2tr0IrCjjADMnH/cxrhIqGW+ABzcgodMWcWLI9RZMRGnhS5oLR3HNb9gC3U289sGOce0N4yatvsFpXLm9NrVkQZLBvLEY6hmuFt2VbadG7Owb5UEVmW3AHAUkqpHTb0XzAkORB1MIy565Zii/0xVJN84l14Ks49pywZjM9ssSRl/bh1nQ1rKgNGpazXTzjrBDpetXGzrEypMp7fiHDrLFvX1h6jlpedYs8nFLTrkAaUdCRYLymJ xDdDFIMm Q6zD7M8Xl+oMtMbQnnMFHPBoslGoP0DsLVizEnCn5NwcQy73Hndjr53MXKDJ1FQc0sF7+lhkzogHGYXTt55gAtHdblg8ibL4ovZ9CNzWwkyFTfR+LrL2NpLGI49qxTapfG7Cqb+fwoagbcLhGjq1y1qr8CBhRySYPx7lrggdm9sQNY1Kzmyqfp3Ddbmjfk4IcJq5xyKA0bNiWhS7Q615vAqpgcydtyghioiS2Je7GAfLWH4Wws8gfgpzbC0XanIm2Jk1AWlnpuR2J3iSCu2Ff60GJmUnBvjfQUlgMJXNcX7QxMmX0/jBkndCCyJA3Q7iXkxuIxgN63wW/aRXOkKnpURpI7UH4Xgmfsais3SjrV1yBISg/KnTgOXM1sbXC/DFzZyWxBUkhQ6kCiNQCDe7DgBOCdywBbbx/2WHcR8/ZaGB8PedFRVkBIwZur5Q+0EotIiYbr2MnSghPM0w5CyyhEnRmXUyupsKiqOVkAd+JqDXu71sFB/7GyHylW+EUztgu74IIwson3XCowT5aPBgmEBVEe24vfxbTric08ck1vex7HAORcODvZBq/exxh/Hp6E7dxAYpaOHN6eR+jcOLxNfXRhA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Sep 15, 2023 at 4:54=E2=80=AFAM Thomas Wei=C3=9Fschuh wrote: > > When allocating the pages for bss the start address needs to be rounded > down instead of up. > Otherwise the start of the bss segment may be unmapped. > > The was reported to happen on Aarch64: > > Memory allocated by set_brk(): > Before: start=3D0x420000 end=3D0x420000 > After: start=3D0x41f000 end=3D0x420000 > > The triggering binary looks like this: > > Elf file type is EXEC (Executable file) > Entry point 0x400144 > There are 4 program headers, starting at offset 64 > > Program Headers: > Type Offset VirtAddr PhysAddr > FileSiz MemSiz Flags Align > LOAD 0x0000000000000000 0x0000000000400000 0x000000000040= 0000 > 0x0000000000000178 0x0000000000000178 R E 0x1000= 0 > LOAD 0x000000000000ffe8 0x000000000041ffe8 0x000000000041= ffe8 > 0x0000000000000000 0x0000000000000008 RW 0x1000= 0 > NOTE 0x0000000000000120 0x0000000000400120 0x000000000040= 0120 > 0x0000000000000024 0x0000000000000024 R 0x4 > GNU_STACK 0x0000000000000000 0x0000000000000000 0x000000000000= 0000 > 0x0000000000000000 0x0000000000000000 RW 0x10 > > Section to Segment mapping: > Segment Sections... > 00 .note.gnu.build-id .text .eh_frame > 01 .bss > 02 .note.gnu.build-id > 03 > > Reported-by: Sebastian Ott > Closes: https://lore.kernel.org/lkml/5d49767a-fbdc-fbe7-5fb2-d99ece3168cb= @redhat.com/ > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Cc: stable@vger.kernel.org > Signed-off-by: Thomas Wei=C3=9Fschuh > --- > > I'm not really familiar with the ELF loading process, so putting this > out as RFC. > > A example binary compiled with aarch64-linux-gnu-gcc 13.2.0 is available > at https://test.t-8ch.de/binfmt-bss-repro.bin > --- > fs/binfmt_elf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index 7b3d2d491407..4008a57d388b 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -112,7 +112,7 @@ static struct linux_binfmt elf_format =3D { > > static int set_brk(unsigned long start, unsigned long end, int prot) > { > - start =3D ELF_PAGEALIGN(start); > + start =3D ELF_PAGESTART(start); > end =3D ELF_PAGEALIGN(end); > if (end > start) { > /* I don't see how this change can be correct. set_brk takes the start of .bss as the start, so doing ELF_PAGESTART(start) will give you what may very well be another ELF segment. In the common case, you'd map an anonymous page on top of someone's .data, which will misload the ELF. The current logic looks OK to me (gosh this code would ideally take a good refactoring...). I still can't quite tell how padzero() (in the original report) is -EFAULTing though. --=20 Pedro