24 Aug, 2020
1 commit
-
binfmt_flat loader uses the gap between text and data to store data
segment pointers for the libraries. Even in the absence of shared
libraries it stores at least one pointer to the executable's own data
segment. Text and data can go back to back in the flat binary image and
without offsetting data segment last few instructions in the text
segment may get corrupted by the data segment pointer.Fix it by reverting commit a2357223c50a ("binfmt_flat: don't offset the
data start").Cc: stable@vger.kernel.org
Fixes: a2357223c50a ("binfmt_flat: don't offset the data start")
Signed-off-by: Max Filippov
Signed-off-by: Greg Ungerer
11 Jun, 2020
1 commit
-
Pull misc uaccess updates from Al Viro:
"Assorted uaccess patches for this cycle - the stuff that didn't fit
into thematic series"* 'uaccess.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
bpf: make bpf_check_uarg_tail_zero() use check_zeroed_user()
x86: kvm_hv_set_msr(): use __put_user() instead of 32bit __clear_user()
user_regset_copyout_zero(): use clear_user()
TEST_ACCESS_OK _never_ had been checked anywhere
x86: switch cp_stat64() to unsafe_put_user()
binfmt_flat: don't use __put_user()
binfmt_elf_fdpic: don't use __... uaccess primitives
binfmt_elf: don't bother with __{put,copy_to}_user()
pselect6() and friends: take handling the combined 6th/7th args into helper
09 Jun, 2020
1 commit
-
load_flat_file works on user addresses.
Signed-off-by: Christoph Hellwig
Signed-off-by: Andrew Morton
Acked-by: Greg Ungerer
Cc: Alexander Viro
Link: http://lkml.kernel.org/r/20200515143646.3857579-28-hch@lst.de
Signed-off-by: Linus Torvalds
04 Jun, 2020
1 commit
-
... and check the return value
Signed-off-by: Al Viro
08 May, 2020
3 commits
-
There is and has been for a very long time been a lot more going on in
flush_old_exec than just flushing the old state. After the movement
of code from setup_new_exec there is a whole lot more going on than
just flushing the old executables state.Rename flush_old_exec to begin_new_exec to more accurately reflect
what this function does.Reviewed-by: Kees Cook
Reviewed-by: Greg Ungerer
Signed-off-by: "Eric W. Biederman" -
The two functions are now always called one right after the
other so merge them together to make future maintenance easier.Reviewed-by: Kees Cook
Reviewed-by: Greg Ungerer
Signed-off-by: "Eric W. Biederman" -
In 2016 Linus moved install_exec_creds immediately after
setup_new_exec, in binfmt_elf as a cleanup and as part of closing a
potential information leak.Perform the same cleanup for the other binary formats.
Different binary formats doing the same things the same way makes exec
easier to reason about and easier to maintain.Greg Ungerer reports:
> I tested the the whole series on non-MMU m68k and non-MMU arm
> (exercising binfmt_flat) and it all tested out with no problems,
> so for the binfmt_flat changes:
Tested-by: Greg UngererRef: 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm")
Reviewed-by: Kees Cook
Reviewed-by: Greg Ungerer
Signed-off-by: "Eric W. Biederman"
17 Jul, 2019
1 commit
-
Fixes gcc '-Wunused-but-set-variable' warning:
fs/binfmt_flat.c: In function load_flat_file:
fs/binfmt_flat.c:419:16: warning: variable inode set but not used [-Wunused-but-set-variable]It's never used and can be removed.
Link: http://lkml.kernel.org/r/20190525125341.9844-1-yuehaibing@huawei.com
Signed-off-by: YueHaibing
Cc: Al Viro
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Jul, 2019
1 commit
-
Pull m68nommu updates from Greg Ungerer:
"A series of cleanups for the FLAT format binary loader, binfmt_flat,
from Christoph.The end goal is to support no-MMU on RISC-V, and the last patch
enables that"* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
riscv: add binfmt_flat support
binfmt_flat: don't offset the data start
binfmt_flat: move the MAX_SHARED_LIBS definition to binfmt_flat.c
binfmt_flat: remove the persistent argument from flat_get_addr_from_rp
binfmt_flat: provide an asm-generic/flat.h
binfmt_flat: make support for old format binaries optional
binfmt_flat: add a ARCH_HAS_BINFMT_FLAT option
binfmt_flat: add endianess annotations
binfmt_flat: use fixed size type for the on-disk format
binfmt_flat: consolidate two version of flat_v2_reloc_t
binfmt_flat: remove the unused OLD_FLAT_FLAG_RAM definition
binfmt_flat: remove the uapi header
binfmt_flat: replace flat_argvp_envp_on_stack with a Kconfig variable
binfmt_flat: remove flat_old_ram_flag
binfmt_flat: provide a default version of flat_get_relocate_addr
binfmt_flat: remove flat_set_persistent
binfmt_flat: remove flat_reloc_valid
29 Jun, 2019
1 commit
-
load_flat_shared_library() is broken: It only calls load_flat_file() if
prepare_binprm() returns zero, but prepare_binprm() returns the number of
bytes read - so this only happens if the file is empty.Instead, call into load_flat_file() if the number of bytes read is
non-negative. (Even if the number of bytes is zero - in that case,
load_flat_file() will see nullbytes and return a nice -ENOEXEC.)In addition, remove the code related to bprm creds and stop using
prepare_binprm() - this code is loading a library, not a main executable,
and it only actually uses the members "buf", "file" and "filename" of the
linux_binprm struct. Instead, call kernel_read() directly.Link: http://lkml.kernel.org/r/20190524201817.16509-1-jannh@google.com
Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses")
Signed-off-by: Jann Horn
Cc: Alexander Viro
Cc: Kees Cook
Cc: Nicolas Pitre
Cc: Arnd Bergmann
Cc: Geert Uytterhoeven
Cc: Russell King
Cc: Greg Ungerer
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
24 Jun, 2019
11 commits
-
Ever since the initial commit of the binfmt_flat shared library
support back in the bitkeeper days we've offset the actual in-memory
.data start by one field per possible shared library, or 1 in case
shared library support isn't enabled. I can't find anything in the
loader that actually makes use of it, nor was it present before
shared library support it.Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
MAX_SHARED_LIBS is an implementation detail of the kernel loader,
and should be kept away from the file format definition.Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
The argument is never used.
Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
No need to carry the extra code around, given that systems using flat
binaries are generally very resource constrained.Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
Most binfmt_flat on-disk fields are big endian. Use the proper __be32
type where applicable.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
The split between the two flat.h files is completely arbitrary, and the
uapi version even contains CONFIG_ ifdefs that can't work in userspace.
The only userspace program known to use the header is elf2flt, and it
ships with its own version of the combined header.Use the chance to move the inclusion out of this file, as it
is in no way needed for the format defintion, but just for the binfmt
implementation.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
This will eventually allow us to kill the need for an for
many cases.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
Instead add a Kconfig variable that only h8300 selects.
Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
This way only the two architectures that do masking need to provide
the helper.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
This helper is a no-op on all architectures, remove it.
Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
This helper is the same for all architectures, open code it in the only
caller.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer
12 Apr, 2018
1 commit
-
Provide a final callback into fs/exec.c before start_thread() takes
over, to handle any last-minute changes, like the coming restoration of
the stack limit.Link: http://lkml.kernel.org/r/1518638796-20819-3-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook
Cc: Andy Lutomirski
Cc: Ben Hutchings
Cc: Ben Hutchings
Cc: Brad Spengler
Cc: Greg KH
Cc: Hugh Dickins
Cc: "Jason A. Donenfeld"
Cc: Laura Abbott
Cc: Michal Hocko
Cc: Oleg Nesterov
Cc: Rik van Riel
Cc: Willy Tarreau
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
02 Nov, 2017
1 commit
-
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.By default all files without license information are under the default
license of the kernel, which is GPL version 2.Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if
Reviewed-by: Philippe Ombredanne
Reviewed-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
15 Sep, 2017
1 commit
-
Pull more set_fs removal from Al Viro:
"Christoph's 'use kernel_read and friends rather than open-coding
set_fs()' series"* 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fs: unexport vfs_readv and vfs_writev
fs: unexport vfs_read and vfs_write
fs: unexport __vfs_read/__vfs_write
lustre: switch to kernel_write
gadget/f_mass_storage: stop messing with the address limit
mconsole: switch to kernel_read
btrfs: switch write_buf to kernel_write
net/9p: switch p9_fd_read to kernel_write
mm/nommu: switch do_mmap_private to kernel_read
serial2002: switch serial2002_tty_write to kernel_{read/write}
fs: make the buf argument to __kernel_write a void pointer
fs: fix kernel_write prototype
fs: fix kernel_read prototype
fs: move kernel_read to fs/read_write.c
fs: move kernel_write to fs/read_write.c
autofs4: switch autofs4_write to __kernel_write
ashmem: switch to ->read_iter
09 Sep, 2017
1 commit
-
Omit extra messages for a memory allocation failure in this function.
This issue was detected by using the Coccinelle software.
Link: http://lkml.kernel.org/r/f92aac79-b05e-321a-1a19-d38c7159ee9c@users.sourceforge.net
Signed-off-by: Markus Elfring
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
05 Sep, 2017
1 commit
-
Use proper ssize_t and size_t types for the return value and count
argument, move the offset last and make it an in/out argument like
all other read/write helpers, and make the buf argument a void pointer
to get rid of lots of casts in the callers.Signed-off-by: Christoph Hellwig
Signed-off-by: Al Viro
02 Aug, 2017
1 commit
-
The cred_prepared bprm flag has a misleading name. It has nothing to do
with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has
been called. Rename this flag and improve its comment.Cc: David Howells
Cc: Stephen Smalley
Cc: Casey Schaufler
Signed-off-by: Kees Cook
Acked-by: John Johansen
Acked-by: James Morris
Acked-by: Paul Moore
Acked-by: Serge Hallyn
17 Jul, 2017
1 commit
-
Several variables had their types changed from unsigned long to u32, but
the printk()-style format to print them wasn't updated, leading to:fs/binfmt_flat.c: In function ‘load_flat_file’:
fs/binfmt_flat.c:577: warning: format ‘%ld’ expects type ‘long int’, but argument 3 has type ‘u32’Fixes: 468138d78510688f ("binfmt_flat: flat_{get,put}_addr_from_rp() should be able to fail")
Signed-off-by: Geert Uytterhoeven
Signed-off-by: Linus Torvalds
04 Jul, 2017
1 commit
-
on MMU targets EFAULT is possible here. Make both return 0 or error,
passing what used to be the return value of flat_get_addr_from_rp()
by reference.Signed-off-by: Al Viro
02 Mar, 2017
1 commit
-
We are going to split out of , which
will have to be picked up from other headers and a couple of .c files.Create a trivial placeholder file that just
maps to to make this patch obviously correct and
bisectable.Include the new header in the files that are going to need it.
Acked-by: Linus Torvalds
Cc: Mike Galbraith
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar
28 Jul, 2016
5 commits
-
Let's take the simple and obvious approach by decompressing the binary
into a kernel buffer and then copying it to user space. Those who are
looking for top performance on an MMU system are unlikely to choose this
executable format anyway.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
Not much else to do at this point except for the different stack setups.
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
This is needed on systems with a MMU. This also gets rid of the
strangest C code I've seen lateli i.e. an integer indexed with a
pointer value within square brackets. That really looked backwards.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
This is needed on systems with a MMU.
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer
25 Jul, 2016
5 commits
-
Relocs are fixed up in place in user space memory. The appropriate
accessors are required for this code to work with an active MMU.The architecture specific handlers flat_get_addr_from_rp() and
flat_put_addr_at_rp() for ARM and M68K are adjusted with separate
patches. SuperH and Xtensa are left out as they doesn't implement
__get_user_unaligned() and __put_user_unaligned() yet. The other
architectures that use BFLT don't have any MMU.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
In addition to better code clarity, this brings proper usage of
user memory accessors everywhere the stack is touched. This is essential
for making this work on MMU systems.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
This gets rid of the rather ugly, open coded and suboptimal copy code.
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
Signed-off-by: Nicolas Pitre
Signed-off-by: Greg Ungerer -
Signed-off-by: Nicolas Pitre
Signed-off-by: Greg Ungerer