Re: [PATCH] binfmt_elf: Move brk out of mmap when doing direct loader exec

From: Kees Cook
Date: Mon Apr 22 2019 - 18:49:17 EST

Next message: Fabio Estevam: "Re: linux-next: build failure after merge of the imx-mxs tree"
Previous message: Stephen Rothwell: "linux-next: build failure after merge of the imx-mxs tree"
In reply to: Guenter Roeck: "Re: [PATCH] binfmt_elf: Move brk out of mmap when doing direct loader exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 18, 2019 at 7:57 AM Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
>
> On Mon, Apr 15, 2019 at 09:23:20PM -0700, Kees Cook wrote:
> > Commit eab09532d400 ("binfmt_elf: use ELF_ET_DYN_BASE only for PIE"),
> > made changes in the rare case when the ELF loader was directly invoked
> > (e.g to set a non-inheritable LD_LIBRARY_PATH, testing new versions of
> > the loader), by moving into the mmap region to avoid both ET_EXEC and PIE
> > binaries. This had the effect of also moving the brk region into mmap,
> > which could lead to the stack and brk being arbitrarily close to each
> > other. An unlucky process wouldn't get its requested stack size and stack
> > allocations could end up scribbling on the heap.
> >
>
> This patch results in crashes of my xtensa boot tests.
>
> Run /sbin/init as init process
> Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

Thanks for finding this! I *think* the issue is that I needed to be
testing for CONFIG_ARCH_HAS_ELF_RANDOMIZATION, which xtensa lacks.
I'll get this fixed up and resent through -mm.

--
Kees Cook

Next message: Fabio Estevam: "Re: linux-next: build failure after merge of the imx-mxs tree"
Previous message: Stephen Rothwell: "linux-next: build failure after merge of the imx-mxs tree"
In reply to: Guenter Roeck: "Re: [PATCH] binfmt_elf: Move brk out of mmap when doing direct loader exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]