From nobody Sun Dec 14 02:01:19 2025 Received: from brightrain.aerifal.cx (brightrain.aerifal.cx [104.156.224.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E56B269E19 for ; Tue, 30 Jan 2024 20:32:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=104.156.224.86 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706646724; cv=none; b=nz9jzds3amQLGaJmebD6/H4i4cq0bSuvpJs8Qrjk6dqq+a9at5T5Svu42C8Ioq2cT/jekoa5XeiChg+6WSSSb73F375oD+sPcCeE+5cudPcN19yxl5NA/TtOJM0EA0rWj7w0cAuQhVtvsZwKW8bQJwuM6Tmu21iJ4tUEufG1jWk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706646724; c=relaxed/simple; bh=UB7BQcsJs2vQ3jKIDJCT4WdO5D5ZedyE0DSP+eaeJ4Q=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=LcrPoca+O/duZYt1wWR9A+kD57ALcTPQyzqGUx8C+kx3IBoYq7z2x4qzxrK9T4j03wXcPuS8c3+Ta3M3E0A3IEbqggSfWRcevVSfQewcnhPmrB+QTESDm2d5zuABUImGP8wk/BnQ9bLeIheyg09d6qJXIvzYFckJcXYC91t1kH0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=libc.org; spf=pass smtp.mailfrom=libc.org; arc=none smtp.client-ip=104.156.224.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=libc.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=libc.org Date: Tue, 30 Jan 2024 15:17:03 -0500 From: Rich Felker To: musl@lists.openwall.com Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Fixing ELF loader for systems with oversized pages [was: Re: [musl] Segmentation fault musl 1.2.4] Message-ID: <20240130201701.GT4163@brightrain.aerifal.cx> References: <20240111170323.GP1427497@port70.net> <20240112185713.GQ1427497@port70.net> <20240115223008.GR1427497@port70.net> <20240116182918.GS1427497@port70.net> <20240116204552.GV4163@brightrain.aerifal.cx> <20240130104338.GD1254592@port70.net> <20240130153730.GS4163@brightrain.aerifal.cx> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="5G+Imvfxoe+o1e80" Content-Disposition: inline In-Reply-To: <20240130153730.GS4163@brightrain.aerifal.cx> User-Agent: Mutt/1.5.21 (2010-09-15) Content-Transfer-Encoding: quoted-printable --5G+Imvfxoe+o1e80 Content-Disposition: inline MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T24gVHVlLCBKYW4gMzAsIDIwMjQgYXQgMTA6Mzc6MzBBTSAtMDUwMCwgUmljaCBGZWxrZXIgd3Jv dGU6Cj4gT24gVHVlLCBKYW4gMzAsIDIwMjQgYXQgMTE6NDM6MzhBTSArMDEwMCwgU3phYm9sY3Mg TmFneSB3cm90ZToKPiA+ICogUmljaCBGZWxrZXIgPGRhbGlhc0BsaWJjLm9yZz4gWzIwMjQtMDEt MTYgMTU6NDU6NTIgLTA1MDBdOgo+ID49MjAKPiA+ID4gT24gVHVlLCBKYW4gMTYsIDIwMjQgYXQg MDc6Mjk6MThQTSArMDEwMCwgU3phYm9sY3MgTmFneSB3cm90ZToKPiA+ID4gPiAqIENvZHkgV2V0 emVsIDxjb2R5YXdldHplbEBnbWFpbC5jb20+IFsyMDI0LTAxLTE2IDA5OjIxOjA1IC0wNjAwXToK PiA+ID4gPiA+IEhlcmUgaXMgdGhlIG91dHB1dCBmb3IgdGhlIG9sZAo+ID4gPiA+ID4gLi4uLgo+ ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiAvICMgL3RtcC9sZC1tdXNsLWFybWhmLnNvLjEgL3Vzci9i aW4vcmVhZGVsZiAtbFcgL3RtcC9sZC1tdXNsLWE9CnJtaGYuc28uMQo+ID4gPiA+ID4gPgo+ID4g PiA+ID4gPiBFbGYgZmlsZSB0eXBlIGlzIERZTiAoU2hhcmVkIG9iamVjdCBmaWxlKQo+ID4gPiA+ ID4gPiBFbnRyeSBwb2ludCAweDM1OWNkCj4gPiA+ID4gPiA+IFRoZXJlIGFyZSA2IHByb2dyYW0g aGVhZGVycywgc3RhcnRpbmcgYXQgb2Zmc2V0IDUyCj4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+IFBy b2dyYW0gSGVhZGVyczoKPiA+ID4gPiA+ID4gICBUeXBlICAgICAgICAgICBPZmZzZXQgICBWaXJ0 QWRkciAgIFBoeXNBZGRyICAgRmlsZVNpeiBNZW1TaXogPQogRmxnIEFsaWduCj4gPiA+ID4gPiA+ ICAgRVhJRFggICAgICAgICAgMHgwN2FjZWMgMHgwMDA3YWNlYyAweDAwMDdhY2VjIDB4MDAwMDgg MHgwMDAwOD0KIFIgICAweDQKPiA+ID4gPiA+ID4gICBMT0FEICAgICAgICAgICAweDAwMDAwMCAw eDAwMDAwMDAwIDB4MDAwMDAwMDAgMHg3YWNmNCAweDdhY2Y0PQogUiBFIDB4MTAwMDAKPiA+ID4g PiA+ID4gICBMT0FEICAgICAgICAgICAweDA3ZmQ2YyAweDAwMDhmZDZjIDB4MDAwOGZkNmMgMHgw MDU0YSAweDAyMjU4PQogUlcgIDB4MTAwMDAKPiA+ID4gPj0yMAo+ID4gPiA+IHRoaXMgbG9hZCBz ZWdtZW50IGlzIDY0ayBhbGlnbmVkLgo+ID4gPiA+PTIwCj4gPiA+ID4gPiA+ICAgRFlOQU1JQyAg ICAgICAgMHgwN2ZlYmMgMHgwMDA4ZmViYyAweDAwMDhmZWJjIDB4MDAwYzAgMHgwMDBjMD0KIFJX ICAweDQKPiA+ID4gPiA+ID4gICBHTlVfU1RBQ0sgICAgICAweDAwMDAwMCAweDAwMDAwMDAwIDB4 MDAwMDAwMDAgMHgwMDAwMCAweDAwMDAwPQogUlcgIDB4MTAKPiA+ID4gPiA+ID4gICBHTlVfUkVM Uk8gICAgICAweDA3ZmQ2YyAweDAwMDhmZDZjIDB4MDAwOGZkNmMgMHgwMDI5NCAweDAwMjk0PQog UiAgIDB4MQo+ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiAgU2VjdGlvbiB0byBTZWdtZW50IG1hcHBp bmc6Cj4gPiA+ID4gPiA+ICAgU2VnbWVudCBTZWN0aW9ucy4uLgo+ID4gPiA+ID4gPiAgICAwMCAg ICAgLkFSTS5leGlkeAo+ID4gPiA+ID4gPiAgICAwMSAgICAgLmhhc2ggLmdudS5oYXNoIC5keW5z eW0gLmR5bnN0ciAucmVsLmR5biAucmVsLnBsdCAucGw9CnQgLnRleHQKPiA+ID4gPiA+ID4gLnJv ZGF0YSAuQVJNLmV4aWR4Cj4gPiA+ID4gPiA+ICAgIDAyICAgICAuZGF0YS5yZWwucm8gLmR5bmFt aWMgLmdvdCAuZGF0YSAuYnNzCj4gPiA+ID4gPiA+ICAgIDAzICAgICAuZHluYW1pYwo+ID4gPiA+ ID4gPiAgICAwNAo+ID4gPiA+ID4gPiAgICAwNSAgICAgLmRhdGEucmVsLnJvIC5keW5hbWljIC5n b3QKPiA+ID4gPiA+ID4KPiA+ID4gPiA+PTIwCj4gPiA+ID4gPiBBbmQgdGhlIG5ldy4uLgo+ID4g PiA+ID49MjAKPiA+ID4gPiA+IC8gIyAvdG1wL2xkLW11c2wtYXJtaGYuc28uMSAvdXNyL2Jpbi9y ZWFkZWxmIC1sVyAvbGliL2xkLW11c2wtYXJtPQpoZi5zby4xCj4gPiA+ID4gPiA+Cj4gPiA+ID4g PiA+IEVsZiBmaWxlIHR5cGUgaXMgRFlOIChTaGFyZWQgb2JqZWN0IGZpbGUpCj4gPiA+ID4gPiA+ IEVudHJ5IHBvaW50IDB4MzYyZjEKPiA+ID4gPiA+ID4gVGhlcmUgYXJlIDYgcHJvZ3JhbSBoZWFk ZXJzLCBzdGFydGluZyBhdCBvZmZzZXQgNTIKPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gUHJvZ3Jh bSBIZWFkZXJzOgo+ID4gPiA+ID4gPiAgIFR5cGUgICAgICAgICAgIE9mZnNldCAgIFZpcnRBZGRy ICAgUGh5c0FkZHIgICBGaWxlU2l6IE1lbVNpeiA9CiBGbGcgQWxpZ24KPiA+ID4gPiA+ID4gICBF WElEWCAgICAgICAgICAweDA3YjgxYyAweDAwMDdiODFjIDB4MDAwN2I4MWMgMHgwMDAwOCAweDAw MDA4PQogUiAgIDB4NAo+ID4gPiA+ID4gPiAgIExPQUQgICAgICAgICAgIDB4MDAwMDAwIDB4MDAw MDAwMDAgMHgwMDAwMDAwMCAweDdiODI0IDB4N2I4MjQ9CiBSIEUgMHgxMDAwCj4gPiA+ID4gPiA+ ICAgTE9BRCAgICAgICAgICAgMHgwN2JkNzQgMHgwMDA3Y2Q3NCAweDAwMDdjZDc0IDB4MDA1NGEg MHgwMjI1Yz0KIFJXICAweDEwMDAKPiA+ID4gPj0yMAo+ID4gPiA+IHRoaXMgbG9hZCBzZWdtZW50 IGlzIDRrIGFsaWduZWQgYW5kIG9mZnNldCB2cyBhZGRyIGlzIG5vdCBjb25ncnVlbnQKPiA+ID4g PiBtb2R1bG8gNjRrLCBvciAzMmssIHNvIHdvbid0IHdvcmsgb24gc3lzdGVtcyB3aXRoIHN1Y2gg cGFnZSBzaXplLgo+ID4gPiA+PTIwCj4gPiA+ID4gPiA+ICAgRFlOQU1JQyAgICAgICAgMHgwN2Jl YmMgMHgwMDA3Y2ViYyAweDAwMDdjZWJjIDB4MDAwYzAgMHgwMDBjMD0KIFJXICAweDQKPiA+ID4g PiA+ID4gICBHTlVfU1RBQ0sgICAgICAweDAwMDAwMCAweDAwMDAwMDAwIDB4MDAwMDAwMDAgMHgw MDAwMCAweDAwMDAwPQogUlcgIDB4MTAKPiA+ID4gPiA+ID4gICBHTlVfUkVMUk8gICAgICAweDA3 YmQ3NCAweDAwMDdjZDc0IDB4MDAwN2NkNzQgMHgwMDI4YyAweDAwMjhjPQogUiAgIDB4MQo+ID4g PiA+ID4gPgo+ID4gPiA+ID4gPiAgU2VjdGlvbiB0byBTZWdtZW50IG1hcHBpbmc6Cj4gPiA+ID4g PiA+ICAgU2VnbWVudCBTZWN0aW9ucy4uLgo+ID4gPiA+ID4gPiAgICAwMCAgICAgLkFSTS5leGlk eAo+ID4gPiA+ID4gPiAgICAwMSAgICAgLmhhc2ggLmdudS5oYXNoIC5keW5zeW0gLmR5bnN0ciAu cmVsLmR5biAucmVsLnBsdCAucGw9CnQgLnRleHQKPiA+ID4gPiA+ID4gLnJvZGF0YSAuQVJNLmV4 aWR4Cj4gPiA+ID4gPiA+ICAgIDAyICAgICAuZGF0YS5yZWwucm8gLmR5bmFtaWMgLmdvdCAuZGF0 YSAuYnNzCj4gPiA+ID4gPiA+ICAgIDAzICAgICAuZHluYW1pYwo+ID4gPiA+ID4gPiAgICAwNAo+ ID4gPiA+ID4gPiAgICAwNSAgICAgLmRhdGEucmVsLnJvIC5keW5hbWljIC5nb3QKPiA+ID4gPiA+ PTIwCj4gPiA+ID4gPj0yMAo+ID4gPiA+ID4gSSBob3BlIHRoYXQgaGVscHMuCj4gPiA+ID49MjAK PiA+ID4gPiB5ZXMsIHRoaXMgaXMgYSBsaW5raW5nIGlzc3VlLCBub3QgbXVzbCBsaWJjLgo+ID4g PiA+PTIwCj4gPiA+ID4gYWxwaW5lIGxpbnV4IGxpbmtzIGJpbmFyaWVzIGZvciA0ayBwYWdlc2l6 ZSBvbmx5Lgo+ID4gPiA+PTIwCj4gPiA+ID4gYXJtIGxpbmtlcnMgd2VyZSB1cGRhdGVkIGF0IHNv bWUgcG9pbnQgdG8gY3JlYXRlIGJpbmFyaWVzIHN1cHBvcnRpbmcKPiA+ID4gPiB1cCB0byA2NGsg cGFnZXNpemUuICBpIHN1c3BlY3Qgc29tZSBwcGwgcmFuIGludG8gaXNzdWVzIGluIHByYWN0aWNl Cj4gPiA+ID4gYW5kIGRlY2lkZWQgdGhlIGxhcmdlciBiaW5hcmllcyBhcmUgbm90IHdvcnRoIGl0 LCBpZiB0aGV5IGRvbnQgd29yawo+ID4gPiA+IHJlbGlhYmx5IGFuZCBmb3JjZWQgNGsgcGFnZSBz aXplIGF0IGxpbmsgdGltZS4KPiA+ID4gPj0yMAo+ID4gPiA+IHlvdSBoYXZlIHRvIHJhaXNlIGFu IGlzc3VlIHdpdGggYWxwaW5lIGxpbnV4LCBpZiB5b3UgdGhpbmsgMzJrCj4gPiA+ID4gb2FnZSBz aXplIGlzIHVzZWZ1bCBhbmQgcmVsaWFibHkgc3VwcG9ydGFibGUuCj4gPiA+PTIwCj4gPiA+IEFy ZSB0aGV5IHVzaW5nIC1XbCwteixzZXBhcmF0ZS1jb2RlPyBUaGF0IGluY3VycyBhIGxhcmdlCj4g PiA+IGJpbmFyeS1zaXplLW9uLWRpc2sgcGVuYWx0eSB3aGVuIHN1cHBvcnRpbmcgb3ZlcnNpemVk IHBhZ2VzLCBhbmQgSUlSQwo+ID4gPiBzb21ldGhpbmcgd2FzIGRvbmUgdG8gbWFrZSB0aGUgbGlu a2VyIGRlZmF1bHQgdG8gbm90IHN1cHBvcnRpbmcKPiA+ID4gb3ZlcnNpemVkIHBhZ2VzIHdoZW4g dGhhdCdzIHVzZWQuIEl0IG1pZ2h0IGJlIHRoZSByZWFzb24sIGlmIGFybQo+ID4gPiBsaW5raW5n IGlzIG5vcm1hbGx5IGV4cGVjdGVkIHRvIHVzZSBhIGxhcmdlciBtYXggcGFnZXNpemUuCj4gPj0y MAo+ID4gaSBsb29rZWQgYXQgdGhpcyBub3csIHR1cm5zIG91dCB0aGV5IGp1c3QgY2hhbmdlZCB0 aGUKPiA+IHBhZ2VzaXplIGJhY2sgdG8gNGsgKGkgbWlzc2VkIHRoaXMgY2hhbmdlKToKPiA+PTIw Cj4gPiBodHRwczovL3NvdXJjZXdhcmUub3JnL2dpdC8/cD0zRGJpbnV0aWxzLWdkYi5naXQ7YT0z RGNvbW1pdDtoPTNEMWEyNmE1Mz0KYTBkZWUzOTEwNmJhNThmY2IxNTQ5NmM1ZjEzMDc0NjUyCj49 MjAKPiBUaGlzIGRvZXNuJ3QgaGVscCBpbW1lZGlhdGVseSwgYnV0IGEgbWFqb3IgaW5ncmVkaWVu dCB0byBmaXggdGhpcwo+IHNpdHVhdGlvbiB3b3VsZCBiZSBnZXR0aW5nIHRoZSBrZXJuZWwgdG8g c3RvcCBkb2luZyB0aGUgd3JvbmcgdGhpbmcuCj4gUmlnaHQgbm93LCBpdCdzIGlnbm9yaW5nIHRo ZSBmYWN0IHRoYXQgdGhlIEVMRiBwcm9ncmFtIGhlYWRlcgo+IGNvbnN0cmFpbnRzIGFyZSBpbmNv bXBhdGlibGUgd2l0aCBtbWFwIGdpdmVuIHRoZSBvdmVyc2l6ZWQgc3lzdGVtCj4gcGFnZXNpemUs IGFuZCBqdXN0IGluY29ycmVjdGx5IG1hcHBpbmcgdGhlIGV4ZWN1dGFibGUgYW5kIHRyeWluZyB0 bwo+IHJ1biBpdCBhbnl3YXksIHdoZXJlYnkgaXQgYmxvd3MgdXAuCj49MjAKPiBUaGUgcmlnaHQg dGhpbmcgdG8gZG8gd291bGQgYmUgZWl0aGVyIHRvIGZhaWwgd2l0aCBFTk9FWEVDIGluIHRoaXMK PiBjYXNlLCBvciB3aGVuIG1tYXAgd2l0aCB0aGUgcmVxdWlyZWQgb2Zmc2V0IGNvbnN0cmFpbnQg ZmFpbHMsIGZhbGxpbmcKPiBiYWNrIHRvIG1ha2luZyBhbiBhbm9ueW1vdXMgbWFwIGFuZCBjb3B5 aW5nIHRoZSB3aG9sZSBjb250ZW50IG9mIHRoZQo+IGxvYWRhYmxlIHNlZ21lbnQgaW50byB0aGF0 IChubyBDT1cgc2hhcmluZykuIFRoZSBsYXR0ZXIgaXMgcmVhbGx5IG5vdAo+IGFsbCB0aGF0IGJh ZCBmb3IgZ290L2RhdGEvZXRjLiBtYXBwaW5ncyB3aGljaCB5b3UgZXhwZWN0IHdpbGwgYmUgZGly dHkKPiAobW9kaWZpZWQpIGFueXdheS4KPj0yMAo+IEJUVyB0aGUgZm9ybWVyIGNob2ljZSAoRU5P RVhFQykgd291bGQgYWxsb3cgZG9pbmcgdGhlIGxhdHRlciBpbgo+IHVzZXJzcGFjZSB3aXRoIGEg YmluZm10X21pc2MgbG9hZGVyLgoKQ29tcGxldGVseSB1bnRlc3RlZCBkcmFmdCBwYXRjaCBzaG93 aW5nIHRoZSBjb25jZXB0IGlzIGF0dGFjaGVkLgoKUmljaA== --5G+Imvfxoe+o1e80 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="fix_elf_loader_with_oversized_pages.diff" diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index f8c7f26f1fbb..45c50f379377 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -861,6 +861,12 @@ static int load_elf_binary(struct linux_binprm *bprm) if (!elf_phdata) goto out; + elf_ppnt = elf_phdata; + for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) { + if (elf_ppnt->p_type != PT_LOAD) continue; + if (ELF_PAGEOFFSET(elf_ppnt->p_vaddr - elf_ppnt->p_offset)) + goto out; + } elf_ppnt = elf_phdata; for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) { char *elf_interpreter; @@ -962,6 +968,13 @@ static int load_elf_binary(struct linux_binprm *bprm) if (!interp_elf_phdata) goto out_free_dentry; + elf_ppnt = interp_elf_phdata; + for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) { + if (elf_ppnt->p_type != PT_LOAD) continue; + if (ELF_PAGEOFFSET(elf_ppnt->p_vaddr - elf_ppnt->p_offset)) + goto out_free_dentry; + } + /* Pass PT_LOPROC..PT_HIPROC headers to arch code */ elf_property_phdata = NULL; elf_ppnt = interp_elf_phdata; --5G+Imvfxoe+o1e80--