From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9681C54734 for ; Tue, 27 Aug 2024 12:18:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65C8F6B007B; Tue, 27 Aug 2024 08:18:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 60C6E6B0082; Tue, 27 Aug 2024 08:18:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4FB0A6B0083; Tue, 27 Aug 2024 08:18:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 30A066B007B for ; Tue, 27 Aug 2024 08:18:49 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id BD4FE1616C7 for ; Tue, 27 Aug 2024 12:18:48 +0000 (UTC) X-FDA: 82497929136.09.694E361 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by imf07.hostedemail.com (Postfix) with ESMTP id 134C940022 for ; Tue, 27 Aug 2024 12:18:45 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=none; spf=neutral (imf07.hostedemail.com: 46.255.230.98 is neither permitted nor denied by domain of pavel@denx.de) smtp.mailfrom=pavel@denx.de; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=denx.de (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724761011; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v+G/FBVESpsEHuZzzE3pmlO7sphSc+agDeWoIE83STs=; b=JvwOwcEwOT1GXPYCPACUdg2Hje6yetL5B2WZtBt8HeAEi9ApYfRWnu2EocIlArs8Yb4uAr NC41vsNezXBTVwDJIS70/ZDheFQyHx92kXP0l4UGZXYy+htgdjnbIa6oSyc0ESiJaEFXDh a8CSqifarNctNQhMX1VZQOAcVTUlJsE= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=none; spf=neutral (imf07.hostedemail.com: 46.255.230.98 is neither permitted nor denied by domain of pavel@denx.de) smtp.mailfrom=pavel@denx.de; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=denx.de (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724761011; a=rsa-sha256; cv=none; b=c3WRiZvUo/2kgZcgV55m8LSn7inp6DDDNLPXu8xztJU/u/3n5cw/huJcktW1oeytUaxprH NglHQnef75V1GO57EckiaLaFXqINMiMiEqrDiCjMe4qqJDl3ujBs0Az2IjHzoBlo5/9mlo umQOoHgcTWxf9ZODvzhGkGSNgqCN8CQ= Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 520F91C0082; Tue, 27 Aug 2024 14:18:43 +0200 (CEST) Date: Tue, 27 Aug 2024 14:18:42 +0200 From: Pavel Machek To: Sasha Levin Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Alexey Dobriyan , Kees Cook , viro@zeniv.linux.org.uk, brauner@kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH AUTOSEL 4.19 06/14] ELF: fix kernel.randomize_va_space double read Message-ID: References: <20240801004037.3939932-1-sashal@kernel.org> <20240801004037.3939932-6-sashal@kernel.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0H/kKR1q4BOCT0lu" Content-Disposition: inline In-Reply-To: <20240801004037.3939932-6-sashal@kernel.org> X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 134C940022 X-Stat-Signature: 4c3rsco6u3xx7z71tc66p76hkwgh96rt X-Rspam-User: X-HE-Tag: 1724761125-335138 X-HE-Meta: U2FsdGVkX1/cbl7GLDZehuurhNebCFMP3BN1z6off1SmeWnCTxiIg6ja2L/YhjfLfup5A8Znzh5WQCKPp0XH2I8ON6VZ3eSbGn3thz4fJzuRKAze1vlbvuAQSrsFNJTlgEXWoM/ePQScuU3PWMxrS4e+W2srNmEKElx7SuagU4BIRuqnSI8NQOZApQ9h0hXEVSiL1wK2D4+1goQwQXucvYV6KDNGSFjjvnYWjDHaJHqsfLLEjn1zw3iMP1FgLm5DiwkMvXkPpWEJuHYDxzhtafDCVGvQJwFAeoiOsPCtg52Zb9i+qjRJOwYfuaR7SFcBZfj0ZohUUVeW3Ob7q0SOZymCYtmUTUs4vpyReKI90ikkdqigcERQnjl5GaL5Ak7lWLpmRYBs/th4bsn7n+RHanJNKYzb62oj1Nif+KW1coNSBgiH0Zl0zgiWWQLwRqqMQE1qYLeCqMmT29lYZYGMEq4QnhKrqz5xXtC3mNg/kTpAd6Iw2hv9eLz7CJt0LDpznY8+QDm+ixLrf6SLDcQ2OBQ+/VDZFMekW6/6mXM0RJLlEh0fvMUopWWqXDdBb2QaiQhYBmXyn1NVBaRjuZ1JV73w0JUFV2mhVdXetKN6iWYn1cespF5cFT4rBmg7vWdEyNLFESIdnp2ptuFVJAF9xD8d+b9TzkFh1m/L/YG3wHJKl8sxinudRzHnncZ1xRDBEe/6giJB2yRtmMMmYSzrrOY9LNo3iC1+DVE+ow/D4sv2U934zRDbO5HvPN2qs6M4E/Q5lucWkMYBRgjFloYezeMQgyIOZKLIFEJs1aAvF04LJ0GwEdwhGSKL5Ocg80DCpn0FOdtbZsKtLXB47PvU6DNxEVtE4rPbwzcKqu0evasEsOPi5W0kHDuTtS5hWAwvShMlzBOX8nWsXtZUxu/RlLTfO09hML5a5Kr0RjryV9c/F8W5XfuEFMO+nkI72nhRQZ+BAOsynRCAE4Qa75X JXhXngds L57Mqfp5Y990rrhGUpp9eM/WNsHATNCyzJszJgSyLE41YeEGSKwthWS4P9jF9vf424ltKx+JOTiwE2TlhqdZmaHZfLX9h7rDX9TLeqoCpFErOv+uQ91R5v/Wpl0WhL4XZko2ZqDY8zl7SZ/JWPCtXPAKh4sW3V3SNY4eC4jz3yvPL64Sr2+B8+6l/VAQbNLu8Sro3GaaY2er0L6Wi37NT0QecO3f0JT3bkGs91WYKF8hFbw+8nJJWoY1MRRLMnA3q+1ZDYS/fjY+mrKjrS8HiO1G86tLITW5Lkd5HxRgSJ356xzYRjyy8deHriOdbzRB8wO4hA/tVgbBNeH4XsWcPoqlBCg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --0H/kKR1q4BOCT0lu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > [ Upstream commit 2a97388a807b6ab5538aa8f8537b2463c6988bd2 ] >=20 > ELF loader uses "randomize_va_space" twice. It is sysctl and can change > at any moment, so 2 loads could see 2 different values in theory with > unpredictable consequences. >=20 > Issue exactly one load for consistent value across one exec. >=20 > Signed-off-by: Alexey Dobriyan > Link: https://lore.kernel.org/r/3329905c-7eb8-400a-8f0a-d87cff979b5b@p183 > Signed-off-by: Kees Cook > Signed-off-by: Sasha Levin > --- > fs/binfmt_elf.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) >=20 > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index c41c568ad1b8a..af8830878fa0b 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -876,7 +876,8 @@ static int load_elf_binary(struct linux_binprm *bprm) > if (elf_read_implies_exec(loc->elf_ex, executable_stack)) > current->personality |=3D READ_IMPLIES_EXEC; > =20 > - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) > + const int snapshot_randomize_va_space =3D READ_ONCE(randomize_va_space); > + if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_v= a_space) > current->flags |=3D PF_RANDOMIZE; > =20 > setup_new_exec(bprm); We normally put variable declaration at start of the function. I'd not be surprised if this broke with older compilers. Best regards, Pavel --=20 DENX Software Engineering GmbH, Managing Director: Erika Unter HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany --0H/kKR1q4BOCT0lu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCZs3EIgAKCRAw5/Bqldv6 8rWzAKCw9WxXBUQFNz70zssjVcP983gl5gCfWUO5DlUA2oNoLPx9KUEZXqVmqRo= =PKkY -----END PGP SIGNATURE----- --0H/kKR1q4BOCT0lu--