From: Arnd Bergmann <firstname.lastname@example.org> To: Greg Ungerer <email@example.com> Cc: Jann Horn <firstname.lastname@example.org>, Andrew Morton <email@example.com>, Alexander Viro <firstname.lastname@example.org>, linux-fsdevel <email@example.com>, kernel list <firstname.lastname@example.org>, Kees Cook <email@example.com>, Nicolas Pitre <firstname.lastname@example.org>, Geert Uytterhoeven <email@example.com>, Linux/m68k <firstname.lastname@example.org>, Russell King <email@example.com>, Linux ARM <firstname.lastname@example.org>, Sergei Poselenov <email@example.com> Subject: Re: [PATCH] binfmt_flat: make load_flat_shared_library() work Date: Wed, 29 May 2019 14:05:21 +0200 [thread overview] Message-ID: <CAK8P3a0b7MBn+84jh0Y2zhFLLAqZ2tMvFDFF9Kw=breRLH4Utg@mail.gmail.com> (raw) In-Reply-To: <firstname.lastname@example.org> On Tue, May 28, 2019 at 12:56 PM Greg Ungerer <email@example.com> wrote: > On 27/5/19 11:38 pm, Jann Horn wrote: > > On Sat, May 25, 2019 at 11:43 PM Andrew Morton > > <firstname.lastname@example.org> wrote: > >> On Fri, 24 May 2019 22:18:17 +0200 Jann Horn <email@example.com> wrote: > >>> load_flat_shared_library() is broken: It only calls load_flat_file() if > >>> prepare_binprm() returns zero, but prepare_binprm() returns the number of > >>> bytes read - so this only happens if the file is empty. > >> > >> ouch. > >> > >>> Instead, call into load_flat_file() if the number of bytes read is > >>> non-negative. (Even if the number of bytes is zero - in that case, > >>> load_flat_file() will see nullbytes and return a nice -ENOEXEC.) > >>> > >>> In addition, remove the code related to bprm creds and stop using > >>> prepare_binprm() - this code is loading a library, not a main executable, > >>> and it only actually uses the members "buf", "file" and "filename" of the > >>> linux_binprm struct. Instead, call kernel_read() directly. > >>> > >>> Cc: firstname.lastname@example.org > >>> Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses") > >>> Signed-off-by: Jann Horn <email@example.com> > >>> --- > >>> I only found the bug by looking at the code, I have not verified its > >>> existence at runtime. > >>> Also, this patch is compile-tested only. > >>> It would be nice if someone who works with nommu Linux could have a > >>> look at this patch. > >> > >> 287980e49ffc was three years ago! Has it really been broken for all > >> that time? If so, it seems a good source of freed disk space... > > > > Maybe... but I didn't want to rip it out without having one of the > > maintainers confirm that this really isn't likely to be used anymore. > > I have not used shared libraries on m68k non-mmu setups for > a very long time. At least 10 years I would think. I think Emcraft have a significant customer base running ARM NOMMU Linux, I wonder whether they would have run into this (adding Sergei to Cc). My suspicion is that they use only binfmt-elf-fdpic, not binfmt-flat. The only architectures I see that enable binfmt-flat are sh, xtensa and h8300, but only arch/sh uses CONFIG_BINFMT_SHARED_FLAT for a few machine specific configurations, and I'm in turn fairly sure those machines have not run a recent kernel in many years. The one SH nommu platform likely to have users is j2, and that is probably always used with musl-libc with elf-fdpic (given that Rich Felker maintains both the kernel port and the library). Arnd
next prev parent reply other threads:[~2019-05-29 12:05 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <firstname.lastname@example.org> 2019-05-25 21:43 ` Andrew Morton 2019-05-27 13:38 ` Jann Horn 2019-05-27 14:37 ` Nicolas Pitre 2019-05-28 10:56 ` Greg Ungerer 2019-05-29 11:52 ` Arnd Bergmann 2019-05-28 10:56 ` Greg Ungerer 2019-05-29 12:05 ` Arnd Bergmann [this message] 2019-05-29 12:29 ` Greg Ungerer 2019-05-29 13:41 ` Arnd Bergmann 2019-06-02 7:21 ` Sergei Poselenov 2019-05-29 12:32 ` John Paul Adrian Glaubitz 2019-05-29 12:38 ` Jann Horn 2019-05-29 12:47 ` John Paul Adrian Glaubitz 2019-05-29 12:40 ` Greg Ungerer 2019-05-29 13:16 ` Andreas Schwab 2019-05-29 13:18 ` John Paul Adrian Glaubitz
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAK8P3a0b7MBn+84jh0Y2zhFLLAqZ2tMvFDFF9Kw=breRLH4Utg@mail.gmail.com' \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [PATCH] binfmt_flat: make load_flat_shared_library() work' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).