lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1507261078-23615-4-git-send-email-bhe@redhat.com>
Date:   Fri,  6 Oct 2017 11:37:58 +0800
From:   Baoquan He <bhe@...hat.com>
To:     linux-kernel@...r.kernel.org
Cc:     viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
        oleg@...hat.com, mhocko@...ne.org, keescook@...omium.org,
        jkosina@...e.cz, mingo@...e.hu, torvalds@...ux-foundation.org,
        Baoquan He <bhe@...hat.com>
Subject: [PATCH 3/3] binfmt_elf: Search an unmapped area with total_size but not map the whole image

In elf_map(), we can search an unmapped area for the whole image of dynamic
loader with total_size, then map the first PT_LOAD segment with its own size.
But not map the while image, then unmap the remainder at the end.

And also update the code comment in elf_map() accordingly.

Signed-off-by: Baoquan He <bhe@...hat.com>
---
 fs/binfmt_elf.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index d7a8a53a6f18..bebb9f2c934e 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -357,20 +357,23 @@ static unsigned long elf_map(struct file *filep, unsigned long addr,
 		return addr;
 
 	/*
-	* total_size is the size of the ELF (interpreter) image.
-	* The _first_ mmap needs to know the full size, otherwise
-	* randomization might put this image into an overlapping
-	* position with the ELF binary image. (since size < total_size)
-	* So we first map the 'big' image - and unmap the remainder at
-	* the end. (which unmap is needed for ELF images with holes.)
+	* total_size is the size of the ELF (interpreter) image if non-zero.
+	* It gets value either in load_elf_interp(), or in load_elf_binary()
+	* for "./ld.so someprog" testing. The _first_ mmap needs to know the
+	* full size, otherwise the first PT_LOAD segment is mapped below
+	* mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped
+	* above mm->mmap_base into the area that is supposed to be the "gap"
+	* between the stack and the binary. So we search an unmapped area of
+	* total_size big, then use the found address as hint to do mmap.
 	*/
 	if (total_size) {
 		total_size = ELF_PAGEALIGN(total_size);
-		map_addr = vm_mmap(filep, addr, total_size, prot, flags, off);
-		if (!BAD_ADDR(map_addr))
-			vm_munmap(map_addr+size, total_size-size);
-	} else
-		map_addr = vm_mmap(filep, addr, size, prot, flags, off);
+		addr = get_unmapped_area(file, addr, total_size, off, flags);
+		if (offset_in_page(addr))
+			return addr;
+	}
+
+	map_addr = vm_mmap(filep, addr, size, prot, flags, off);
 
 	return(map_addr);
 }
-- 
2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ