lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202209162157.cNXcTqZY-lkp@intel.com>
Date:   Fri, 16 Sep 2022 21:29:54 +0800
From:   kernel test robot <lkp@...el.com>
To:     Akira Kawata <akirakawata1@...il.com>
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kees Cook <keescook@...omium.org>,
        Sasha Levin <sashal@...nel.org>
Subject: [linux-stable-rc:linux-5.10.y 4906/8454]
 arch/mips/kernel/../../../fs/binfmt_elf.c:823:16: warning: variable
 'load_addr' set but not used

Hi Akira,

FYI, the error/warning still remains.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
head:   02c4837d98bf509b70afb8368175c489a5ba7b4a
commit: dd85ed4af8f5cb42990fb5f42c22d268028693a3 [4906/8454] fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
config: mips-randconfig-r023-20220915
compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 791a7ae1ba3efd6bca96338e10ffde557ba83920)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install mips cross compiling tool for clang build
        # apt-get install binutils-mips64el-linux-gnuabi64
        # https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?id=dd85ed4af8f5cb42990fb5f42c22d268028693a3
        git remote add linux-stable-rc https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
        git fetch --no-tags linux-stable-rc linux-5.10.y
        git checkout dd85ed4af8f5cb42990fb5f42c22d268028693a3
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=mips SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   In file included from arch/mips/kernel/binfmt_elfn32.c:113:
>> arch/mips/kernel/../../../fs/binfmt_elf.c:823:16: warning: variable 'load_addr' set but not used [-Wunused-but-set-variable]
           unsigned long load_addr, load_bias = 0, phdr_addr = 0;
                         ^
   arch/mips/kernel/binfmt_elfn32.c:86:1: warning: unused function 'jiffies_to_old_timeval32' [-Wunused-function]
   jiffies_to_old_timeval32(unsigned long jiffies, struct old_timeval32 *value)
   ^
   2 warnings generated.


vim +/load_addr +823 arch/mips/kernel/../../../fs/binfmt_elf.c

   819	
   820	static int load_elf_binary(struct linux_binprm *bprm)
   821	{
   822		struct file *interpreter = NULL; /* to shut gcc up */
 > 823		unsigned long load_addr, load_bias = 0, phdr_addr = 0;
   824		int load_addr_set = 0;
   825		unsigned long error;
   826		struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
   827		struct elf_phdr *elf_property_phdata = NULL;
   828		unsigned long elf_bss, elf_brk;
   829		int bss_prot = 0;
   830		int retval, i;
   831		unsigned long elf_entry;
   832		unsigned long e_entry;
   833		unsigned long interp_load_addr = 0;
   834		unsigned long start_code, end_code, start_data, end_data;
   835		unsigned long reloc_func_desc __maybe_unused = 0;
   836		int executable_stack = EXSTACK_DEFAULT;
   837		struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
   838		struct elfhdr *interp_elf_ex = NULL;
   839		struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
   840		struct mm_struct *mm;
   841		struct pt_regs *regs;
   842	
   843		retval = -ENOEXEC;
   844		/* First of all, some simple consistency checks */
   845		if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
   846			goto out;
   847	
   848		if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
   849			goto out;
   850		if (!elf_check_arch(elf_ex))
   851			goto out;
   852		if (elf_check_fdpic(elf_ex))
   853			goto out;
   854		if (!bprm->file->f_op->mmap)
   855			goto out;
   856	
   857		elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
   858		if (!elf_phdata)
   859			goto out;
   860	
   861		elf_ppnt = elf_phdata;
   862		for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
   863			char *elf_interpreter;
   864	
   865			if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
   866				elf_property_phdata = elf_ppnt;
   867				continue;
   868			}
   869	
   870			if (elf_ppnt->p_type != PT_INTERP)
   871				continue;
   872	
   873			/*
   874			 * This is the program interpreter used for shared libraries -
   875			 * for now assume that this is an a.out format binary.
   876			 */
   877			retval = -ENOEXEC;
   878			if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
   879				goto out_free_ph;
   880	
   881			retval = -ENOMEM;
   882			elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
   883			if (!elf_interpreter)
   884				goto out_free_ph;
   885	
   886			retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
   887					  elf_ppnt->p_offset);
   888			if (retval < 0)
   889				goto out_free_interp;
   890			/* make sure path is NULL terminated */
   891			retval = -ENOEXEC;
   892			if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
   893				goto out_free_interp;
   894	
   895			interpreter = open_exec(elf_interpreter);
   896			kfree(elf_interpreter);
   897			retval = PTR_ERR(interpreter);
   898			if (IS_ERR(interpreter))
   899				goto out_free_ph;
   900	
   901			/*
   902			 * If the binary is not readable then enforce mm->dumpable = 0
   903			 * regardless of the interpreter's permissions.
   904			 */
   905			would_dump(bprm, interpreter);
   906	
   907			interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
   908			if (!interp_elf_ex) {
   909				retval = -ENOMEM;
   910				goto out_free_ph;
   911			}
   912	
   913			/* Get the exec headers */
   914			retval = elf_read(interpreter, interp_elf_ex,
   915					  sizeof(*interp_elf_ex), 0);
   916			if (retval < 0)
   917				goto out_free_dentry;
   918	
   919			break;
   920	
   921	out_free_interp:
   922			kfree(elf_interpreter);
   923			goto out_free_ph;
   924		}
   925	
   926		elf_ppnt = elf_phdata;
   927		for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
   928			switch (elf_ppnt->p_type) {
   929			case PT_GNU_STACK:
   930				if (elf_ppnt->p_flags & PF_X)
   931					executable_stack = EXSTACK_ENABLE_X;
   932				else
   933					executable_stack = EXSTACK_DISABLE_X;
   934				break;
   935	
   936			case PT_LOPROC ... PT_HIPROC:
   937				retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
   938							  bprm->file, false,
   939							  &arch_state);
   940				if (retval)
   941					goto out_free_dentry;
   942				break;
   943			}
   944	
   945		/* Some simple consistency checks for the interpreter */
   946		if (interpreter) {
   947			retval = -ELIBBAD;
   948			/* Not an ELF interpreter */
   949			if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
   950				goto out_free_dentry;
   951			/* Verify the interpreter has a valid arch */
   952			if (!elf_check_arch(interp_elf_ex) ||
   953			    elf_check_fdpic(interp_elf_ex))
   954				goto out_free_dentry;
   955	
   956			/* Load the interpreter program headers */
   957			interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
   958							   interpreter);
   959			if (!interp_elf_phdata)
   960				goto out_free_dentry;
   961	
   962			/* Pass PT_LOPROC..PT_HIPROC headers to arch code */
   963			elf_property_phdata = NULL;
   964			elf_ppnt = interp_elf_phdata;
   965			for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
   966				switch (elf_ppnt->p_type) {
   967				case PT_GNU_PROPERTY:
   968					elf_property_phdata = elf_ppnt;
   969					break;
   970	
   971				case PT_LOPROC ... PT_HIPROC:
   972					retval = arch_elf_pt_proc(interp_elf_ex,
   973								  elf_ppnt, interpreter,
   974								  true, &arch_state);
   975					if (retval)
   976						goto out_free_dentry;
   977					break;
   978				}
   979		}
   980	
   981		retval = parse_elf_properties(interpreter ?: bprm->file,
   982					      elf_property_phdata, &arch_state);
   983		if (retval)
   984			goto out_free_dentry;
   985	
   986		/*
   987		 * Allow arch code to reject the ELF at this point, whilst it's
   988		 * still possible to return an error to the code that invoked
   989		 * the exec syscall.
   990		 */
   991		retval = arch_check_elf(elf_ex,
   992					!!interpreter, interp_elf_ex,
   993					&arch_state);
   994		if (retval)
   995			goto out_free_dentry;
   996	
   997		/* Flush all traces of the currently running executable */
   998		retval = begin_new_exec(bprm);
   999		if (retval)
  1000			goto out_free_dentry;
  1001	
  1002		/* Do this immediately, since STACK_TOP as used in setup_arg_pages
  1003		   may depend on the personality.  */
  1004		SET_PERSONALITY2(*elf_ex, &arch_state);
  1005		if (elf_read_implies_exec(*elf_ex, executable_stack))
  1006			current->personality |= READ_IMPLIES_EXEC;
  1007	
  1008		if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
  1009			current->flags |= PF_RANDOMIZE;
  1010	
  1011		setup_new_exec(bprm);
  1012	
  1013		/* Do this so that we can load the interpreter, if need be.  We will
  1014		   change some of these later */
  1015		retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
  1016					 executable_stack);
  1017		if (retval < 0)
  1018			goto out_free_dentry;
  1019		
  1020		elf_bss = 0;
  1021		elf_brk = 0;
  1022	
  1023		start_code = ~0UL;
  1024		end_code = 0;
  1025		start_data = 0;
  1026		end_data = 0;
  1027	
  1028		/* Now we do a little grungy work by mmapping the ELF image into
  1029		   the correct location in memory. */
  1030		for(i = 0, elf_ppnt = elf_phdata;
  1031		    i < elf_ex->e_phnum; i++, elf_ppnt++) {
  1032			int elf_prot, elf_flags;
  1033			unsigned long k, vaddr;
  1034			unsigned long total_size = 0;
  1035			unsigned long alignment;
  1036	
  1037			if (elf_ppnt->p_type != PT_LOAD)
  1038				continue;
  1039	
  1040			if (unlikely (elf_brk > elf_bss)) {
  1041				unsigned long nbyte;
  1042		            
  1043				/* There was a PT_LOAD segment with p_memsz > p_filesz
  1044				   before this one. Map anonymous pages, if needed,
  1045				   and clear the area.  */
  1046				retval = set_brk(elf_bss + load_bias,
  1047						 elf_brk + load_bias,
  1048						 bss_prot);
  1049				if (retval)
  1050					goto out_free_dentry;
  1051				nbyte = ELF_PAGEOFFSET(elf_bss);
  1052				if (nbyte) {
  1053					nbyte = ELF_MIN_ALIGN - nbyte;
  1054					if (nbyte > elf_brk - elf_bss)
  1055						nbyte = elf_brk - elf_bss;
  1056					if (clear_user((void __user *)elf_bss +
  1057								load_bias, nbyte)) {
  1058						/*
  1059						 * This bss-zeroing can fail if the ELF
  1060						 * file specifies odd protections. So
  1061						 * we don't check the return value
  1062						 */
  1063					}
  1064				}
  1065			}
  1066	
  1067			elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
  1068					     !!interpreter, false);
  1069	
  1070			elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
  1071	
  1072			vaddr = elf_ppnt->p_vaddr;
  1073			/*
  1074			 * If we are loading ET_EXEC or we have already performed
  1075			 * the ET_DYN load_addr calculations, proceed normally.
  1076			 */
  1077			if (elf_ex->e_type == ET_EXEC || load_addr_set) {
  1078				elf_flags |= MAP_FIXED;
  1079			} else if (elf_ex->e_type == ET_DYN) {
  1080				/*
  1081				 * This logic is run once for the first LOAD Program
  1082				 * Header for ET_DYN binaries to calculate the
  1083				 * randomization (load_bias) for all the LOAD
  1084				 * Program Headers, and to calculate the entire
  1085				 * size of the ELF mapping (total_size). (Note that
  1086				 * load_addr_set is set to true later once the
  1087				 * initial mapping is performed.)
  1088				 *
  1089				 * There are effectively two types of ET_DYN
  1090				 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
  1091				 * and loaders (ET_DYN without INTERP, since they
  1092				 * _are_ the ELF interpreter). The loaders must
  1093				 * be loaded away from programs since the program
  1094				 * may otherwise collide with the loader (especially
  1095				 * for ET_EXEC which does not have a randomized
  1096				 * position). For example to handle invocations of
  1097				 * "./ld.so someprog" to test out a new version of
  1098				 * the loader, the subsequent program that the
  1099				 * loader loads must avoid the loader itself, so
  1100				 * they cannot share the same load range. Sufficient
  1101				 * room for the brk must be allocated with the
  1102				 * loader as well, since brk must be available with
  1103				 * the loader.
  1104				 *
  1105				 * Therefore, programs are loaded offset from
  1106				 * ELF_ET_DYN_BASE and loaders are loaded into the
  1107				 * independently randomized mmap region (0 load_bias
  1108				 * without MAP_FIXED).
  1109				 */
  1110				if (interpreter) {
  1111					load_bias = ELF_ET_DYN_BASE;
  1112					if (current->flags & PF_RANDOMIZE)
  1113						load_bias += arch_mmap_rnd();
  1114					alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
  1115					if (alignment)
  1116						load_bias &= ~(alignment - 1);
  1117					elf_flags |= MAP_FIXED;
  1118				} else
  1119					load_bias = 0;
  1120	
  1121				/*
  1122				 * Since load_bias is used for all subsequent loading
  1123				 * calculations, we must lower it by the first vaddr
  1124				 * so that the remaining calculations based on the
  1125				 * ELF vaddrs will be correctly offset. The result
  1126				 * is then page aligned.
  1127				 */
  1128				load_bias = ELF_PAGESTART(load_bias - vaddr);
  1129	
  1130				total_size = total_mapping_size(elf_phdata,
  1131								elf_ex->e_phnum);
  1132				if (!total_size) {
  1133					retval = -EINVAL;
  1134					goto out_free_dentry;
  1135				}
  1136			}
  1137	
  1138			error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
  1139					elf_prot, elf_flags, total_size);
  1140			if (BAD_ADDR(error)) {
  1141				retval = IS_ERR((void *)error) ?
  1142					PTR_ERR((void*)error) : -EINVAL;
  1143				goto out_free_dentry;
  1144			}
  1145	
  1146			if (!load_addr_set) {
  1147				load_addr_set = 1;
  1148				load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
  1149				if (elf_ex->e_type == ET_DYN) {
  1150					load_bias += error -
  1151					             ELF_PAGESTART(load_bias + vaddr);
  1152					load_addr += load_bias;
  1153					reloc_func_desc = load_bias;
  1154				}
  1155			}
  1156	
  1157			/*
  1158			 * Figure out which segment in the file contains the Program
  1159			 * Header table, and map to the associated memory address.
  1160			 */
  1161			if (elf_ppnt->p_offset <= elf_ex->e_phoff &&
  1162			    elf_ex->e_phoff < elf_ppnt->p_offset + elf_ppnt->p_filesz) {
  1163				phdr_addr = elf_ex->e_phoff - elf_ppnt->p_offset +
  1164					    elf_ppnt->p_vaddr;
  1165			}
  1166	
  1167			k = elf_ppnt->p_vaddr;
  1168			if ((elf_ppnt->p_flags & PF_X) && k < start_code)
  1169				start_code = k;
  1170			if (start_data < k)
  1171				start_data = k;
  1172	
  1173			/*
  1174			 * Check to see if the section's size will overflow the
  1175			 * allowed task size. Note that p_filesz must always be
  1176			 * <= p_memsz so it is only necessary to check p_memsz.
  1177			 */
  1178			if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
  1179			    elf_ppnt->p_memsz > TASK_SIZE ||
  1180			    TASK_SIZE - elf_ppnt->p_memsz < k) {
  1181				/* set_brk can never work. Avoid overflows. */
  1182				retval = -EINVAL;
  1183				goto out_free_dentry;
  1184			}
  1185	
  1186			k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
  1187	
  1188			if (k > elf_bss)
  1189				elf_bss = k;
  1190			if ((elf_ppnt->p_flags & PF_X) && end_code < k)
  1191				end_code = k;
  1192			if (end_data < k)
  1193				end_data = k;
  1194			k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
  1195			if (k > elf_brk) {
  1196				bss_prot = elf_prot;
  1197				elf_brk = k;
  1198			}
  1199		}
  1200	
  1201		e_entry = elf_ex->e_entry + load_bias;
  1202		phdr_addr += load_bias;
  1203		elf_bss += load_bias;
  1204		elf_brk += load_bias;
  1205		start_code += load_bias;
  1206		end_code += load_bias;
  1207		start_data += load_bias;
  1208		end_data += load_bias;
  1209	
  1210		/* Calling set_brk effectively mmaps the pages that we need
  1211		 * for the bss and break sections.  We must do this before
  1212		 * mapping in the interpreter, to make sure it doesn't wind
  1213		 * up getting placed where the bss needs to go.
  1214		 */
  1215		retval = set_brk(elf_bss, elf_brk, bss_prot);
  1216		if (retval)
  1217			goto out_free_dentry;
  1218		if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
  1219			retval = -EFAULT; /* Nobody gets to see this, but.. */
  1220			goto out_free_dentry;
  1221		}
  1222	
  1223		if (interpreter) {
  1224			elf_entry = load_elf_interp(interp_elf_ex,
  1225						    interpreter,
  1226						    load_bias, interp_elf_phdata,
  1227						    &arch_state);
  1228			if (!IS_ERR((void *)elf_entry)) {
  1229				/*
  1230				 * load_elf_interp() returns relocation
  1231				 * adjustment
  1232				 */
  1233				interp_load_addr = elf_entry;
  1234				elf_entry += interp_elf_ex->e_entry;
  1235			}
  1236			if (BAD_ADDR(elf_entry)) {
  1237				retval = IS_ERR((void *)elf_entry) ?
  1238						(int)elf_entry : -EINVAL;
  1239				goto out_free_dentry;
  1240			}
  1241			reloc_func_desc = interp_load_addr;
  1242	
  1243			allow_write_access(interpreter);
  1244			fput(interpreter);
  1245	
  1246			kfree(interp_elf_ex);
  1247			kfree(interp_elf_phdata);
  1248		} else {
  1249			elf_entry = e_entry;
  1250			if (BAD_ADDR(elf_entry)) {
  1251				retval = -EINVAL;
  1252				goto out_free_dentry;
  1253			}
  1254		}
  1255	
  1256		kfree(elf_phdata);
  1257	
  1258		set_binfmt(&elf_format);
  1259	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config" of type "text/plain" (157802 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ