From nobody Mon Oct 6 19:10:00 2025 Received: from out30-101.freemail.mail.aliyun.com (out30-101.freemail.mail.aliyun.com [115.124.30.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5D18299A80 for ; Thu, 17 Jul 2025 11:01:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.101 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752750082; cv=none; b=g8yj/FczwvslzlSkUaxgTzm4OU9rJHS7gxmnaRxCJ2grpKMqqP88Z0RrgjUkkTlx2938pEEcZIbCNFWDlkrbIAxblZhUFvmnEjkz7ntPbPfSKHhuZIue92ygB3iM4DGQnzCV1Roe2h7AqUVauRKIawcwCZ3Px7p/NzLDY/6YgKg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752750082; c=relaxed/simple; bh=O8Q2Ri+xPIZNZdP9v4uNvlUK/QDUi6xWs3wVLQLNQvQ=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=pMLRe1Rz92wn7+DGyoaDxla7O9mLLkcoUdP3luJztim9nQWbX68+K8bfiPHL/Atrf0Dudn80R4wHnDYr5hZdQYGfhmXfYG2hHJEUB3N0dw0K44IkNvz/SeKjW9I48OCp+w8EILNc7cU7xXgkfI1pMOQW9KjZaUDr/YOe1WbjkWo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=S0lFNahX; arc=none smtp.client-ip=115.124.30.101 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="S0lFNahX" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1752750069; h=From:To:Subject:Date:Message-ID:MIME-Version; bh=GtW0rdIfVmySTDjD9sh3sNcn546n42oEmIA+IY//UPk=; b=S0lFNahXj83rr4H5Y+zb0HFg0txFDuw8qHbd4oEPxVlYhoijnWOoD1OJIm0Y38uypihoqHYWcav0mikR0B8rYd238VsYnVJ2R+qD+FLayoKQEQ+vs0EkFINw0X3WoCAY/Os8g9Jy1XJDyr2/LHTP2oREUZDX8ILW6m1GQJ+NPNQ= Received: from localhost(mailfrom:fengwei_yin@linux.alibaba.com fp:SMTPD_---0Wj7tIj8_1752750068 cluster:ay36) by smtp.aliyun-inc.com; Thu, 17 Jul 2025 19:01:08 +0800 From: fengwei_yin@linux.alibaba.com To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: kees@kernel.org, fengwei_yin@linux.alibaba.com, zhourundong.zrd@linux.alibaba.com Subject: [PATCH] binfmt_elf: remove the 4k limitation of program header size Date: Thu, 17 Jul 2025 19:01:08 +0800 Message-ID: <20250717110108.55586-1-fengwei_yin@linux.alibaba.com> X-Mailer: git-send-email 2.49.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Yin Fengwei We have assembly code generated by a script. GCC successfully compiles it. However, the kernel cannot load it on an ARM64 platform with a 4K page size. In contrast, the same ELF file loads correctly on the same platform with a 64K page size. The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the program headers of ELF files. The ELF file contains 78 program headers (the script inserts many holes when generating the assembly code). On ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74 program headers, causing the ELF file to fail. However, with a 64K page size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing the file to run correctly. Cook kindly identified that this limitation was introduced in Linux-0.99.15f without an explanation for its purpose [1]. The ELF specification does not impose such a restriction on program headers. Removing the ELF_MIN_ALIGN limitation on program headers to align with the ELF spec. After removing ELF_MIN_ALIGN limitation, 64K size limitation still exist which should be sufficient. [1] https://lore.kernel.org/linux-mm/202506270854.A729825@keescook/ Originally-by: Kees Cook Signed-off-by: Yin Fengwei --- Explaination about "Originally-by": it's debug code from Cook. And he didn't show the intention to submit it as patch. The change did fix the issue I hit... fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index a43363d593e5..1cb35a2bc528 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -519,7 +519,7 @@ static struct elf_phdr *load_elf_phdrs(const struct elf= hdr *elf_ex, /* Sanity check the number of program headers... */ /* ...and their total size. */ size =3D sizeof(struct elf_phdr) * elf_ex->e_phnum; - if (size =3D=3D 0 || size > 65536 || size > ELF_MIN_ALIGN) + if (size =3D=3D 0 || size > 65536) goto out; =20 elf_phdata =3D kmalloc(size, GFP_KERNEL); --=20 2.49.0