From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20845C433EF for ; Mon, 4 Oct 2021 13:12:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0D86A61CA7 for ; Mon, 4 Oct 2021 13:12:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234690AbhJDNOP (ORCPT ); Mon, 4 Oct 2021 09:14:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:47404 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235876AbhJDNLn (ORCPT ); Mon, 4 Oct 2021 09:11:43 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 90E6A619E0; Mon, 4 Oct 2021 13:04:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1633352671; bh=Mi15hLFHfysKcQSNjgBVo+oeOIULKUTWDpLNMG358DQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uIrHlaDrVk1/t80H9Ha8XGFKhxB7FicdybcbXGLWJs3R+lFksLO4z/GNjy3s8p9Mg kD/ew1q0thpo8RLaIr4UujaoKOLA3gZDi0iWCc+7uc57lNzGjFgLCIyOoMNraXJNXa mmVaZIFxl/51/z05BtsQZ9wu1ALxOwejqCIKVEhI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrew Morton , Michal Hocko , Chen Jingwen , Linus Torvalds Subject: [PATCH 4.19 75/95] elf: dont use MAP_FIXED_NOREPLACE for elf interpreter mappings Date: Mon, 4 Oct 2021 14:52:45 +0200 Message-Id: <20211004125036.028203832@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211004125033.572932188@linuxfoundation.org> References: <20211004125033.572932188@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chen Jingwen commit 9b2f72cc0aa4bb444541bb87581c35b7508b37d3 upstream. In commit b212921b13bd ("elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings") we still leave MAP_FIXED_NOREPLACE in place for load_elf_interp. Unfortunately, this will cause kernel to fail to start with: 1 (init): Uhuuh, elf segment at 00003ffff7ffd000 requested but the memory is mapped already Failed to execute /init (error -17) The reason is that the elf interpreter (ld.so) has overlapping segments. readelf -l ld-2.31.so Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x000000000002c94c 0x000000000002c94c R E 0x10000 LOAD 0x000000000002dae0 0x000000000003dae0 0x000000000003dae0 0x00000000000021e8 0x0000000000002320 RW 0x10000 LOAD 0x000000000002fe00 0x000000000003fe00 0x000000000003fe00 0x00000000000011ac 0x0000000000001328 RW 0x10000 The reason for this problem is the same as described in commit ad55eac74f20 ("elf: enforce MAP_FIXED on overlaying elf segments"). Not only executable binaries, elf interpreters (e.g. ld.so) can have overlapping elf segments, so we better drop MAP_FIXED_NOREPLACE and go back to MAP_FIXED in load_elf_interp. Fixes: 4ed28639519c ("fs, elf: drop MAP_FIXED usage from elf_map") Cc: # v4.19 Cc: Andrew Morton Cc: Michal Hocko Signed-off-by: Chen Jingwen Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -580,7 +580,7 @@ static unsigned long load_elf_interp(str elf_prot |= PROT_EXEC; vaddr = eppnt->p_vaddr; if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) - elf_type |= MAP_FIXED_NOREPLACE; + elf_type |= MAP_FIXED; else if (no_base && interp_elf_ex->e_type == ET_DYN) load_addr = -vaddr;