[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0035d7a6-6a03-435c-a893-3a57a4319fd4@kernel.org>
Date: Wed, 7 Aug 2024 12:53:14 -0700
From: Damien Le Moal <dlemoal@...nel.org>
To: Kees Cook <kees@...nel.org>, Palmer Dabbelt <palmer@...belt.com>
Cc: Stefan O'Rear <sorear@...tmail.com>, Alexandre Ghiti <alex@...ti.fr>,
Greg Ungerer <gerg@...ux-m68k.org>, Alexander Viro
<viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>,
Jan Kara <jack@...e.cz>, Eric Biederman <ebiederm@...ssion.com>,
linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
Damien Le Moal <damien.lemoal@....com>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] binfmt_flat: Fix corruption when not offsetting data
start
On 2024/08/07 12:51, Kees Cook wrote:
> Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")
> introduced a RISC-V specific variant of the FLAT format which does
> not allocate any space for the (obsolete) array of shared library
> pointers. However, it did not disable the code which initializes the
> array, resulting in the corruption of sizeof(long) bytes before the DATA
> segment, generally the end of the TEXT segment.
>
> Introduce MAX_SHARED_LIBS_UPDATE which depends on the state of
> CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of
> the shared library pointer region so that it will only be initialized
> if space is reserved for it.
>
> Fixes: 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")
> Co-developed-by: Stefan O'Rear <sorear@...tmail.com>
> Signed-off-by: Stefan O'Rear <sorear@...tmail.com>
> Signed-off-by: Kees Cook <kees@...nel.org>
Looks good to me.
Reviewed-by: Damien Le Moal <dlemoal@...nel.org>
--
Damien Le Moal
Western Digital Research
Powered by blists - more mailing lists