03 Sep, 2020
1 commit
-
commit 2217b982624680d19a80ebb4600d05c8586c4f96 upstream.
binfmt_flat loader uses the gap between text and data to store data
segment pointers for the libraries. Even in the absence of shared
libraries it stores at least one pointer to the executable's own data
segment. Text and data can go back to back in the flat binary image and
without offsetting data segment last few instructions in the text
segment may get corrupted by the data segment pointer.Fix it by reverting commit a2357223c50a ("binfmt_flat: don't offset the
data start").Cc: stable@vger.kernel.org
Fixes: a2357223c50a ("binfmt_flat: don't offset the data start")
Signed-off-by: Max Filippov
Signed-off-by: Greg Ungerer
Signed-off-by: Greg Kroah-Hartman
17 Jul, 2019
1 commit
-
Fixes gcc '-Wunused-but-set-variable' warning:
fs/binfmt_flat.c: In function load_flat_file:
fs/binfmt_flat.c:419:16: warning: variable inode set but not used [-Wunused-but-set-variable]It's never used and can be removed.
Link: http://lkml.kernel.org/r/20190525125341.9844-1-yuehaibing@huawei.com
Signed-off-by: YueHaibing
Cc: Al Viro
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Jul, 2019
1 commit
-
Pull m68nommu updates from Greg Ungerer:
"A series of cleanups for the FLAT format binary loader, binfmt_flat,
from Christoph.The end goal is to support no-MMU on RISC-V, and the last patch
enables that"* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
riscv: add binfmt_flat support
binfmt_flat: don't offset the data start
binfmt_flat: move the MAX_SHARED_LIBS definition to binfmt_flat.c
binfmt_flat: remove the persistent argument from flat_get_addr_from_rp
binfmt_flat: provide an asm-generic/flat.h
binfmt_flat: make support for old format binaries optional
binfmt_flat: add a ARCH_HAS_BINFMT_FLAT option
binfmt_flat: add endianess annotations
binfmt_flat: use fixed size type for the on-disk format
binfmt_flat: consolidate two version of flat_v2_reloc_t
binfmt_flat: remove the unused OLD_FLAT_FLAG_RAM definition
binfmt_flat: remove the uapi header
binfmt_flat: replace flat_argvp_envp_on_stack with a Kconfig variable
binfmt_flat: remove flat_old_ram_flag
binfmt_flat: provide a default version of flat_get_relocate_addr
binfmt_flat: remove flat_set_persistent
binfmt_flat: remove flat_reloc_valid
29 Jun, 2019
1 commit
-
load_flat_shared_library() is broken: It only calls load_flat_file() if
prepare_binprm() returns zero, but prepare_binprm() returns the number of
bytes read - so this only happens if the file is empty.Instead, call into load_flat_file() if the number of bytes read is
non-negative. (Even if the number of bytes is zero - in that case,
load_flat_file() will see nullbytes and return a nice -ENOEXEC.)In addition, remove the code related to bprm creds and stop using
prepare_binprm() - this code is loading a library, not a main executable,
and it only actually uses the members "buf", "file" and "filename" of the
linux_binprm struct. Instead, call kernel_read() directly.Link: http://lkml.kernel.org/r/20190524201817.16509-1-jannh@google.com
Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses")
Signed-off-by: Jann Horn
Cc: Alexander Viro
Cc: Kees Cook
Cc: Nicolas Pitre
Cc: Arnd Bergmann
Cc: Geert Uytterhoeven
Cc: Russell King
Cc: Greg Ungerer
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
24 Jun, 2019
11 commits
-
Ever since the initial commit of the binfmt_flat shared library
support back in the bitkeeper days we've offset the actual in-memory
.data start by one field per possible shared library, or 1 in case
shared library support isn't enabled. I can't find anything in the
loader that actually makes use of it, nor was it present before
shared library support it.Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
MAX_SHARED_LIBS is an implementation detail of the kernel loader,
and should be kept away from the file format definition.Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
The argument is never used.
Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
No need to carry the extra code around, given that systems using flat
binaries are generally very resource constrained.Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
Most binfmt_flat on-disk fields are big endian. Use the proper __be32
type where applicable.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
The split between the two flat.h files is completely arbitrary, and the
uapi version even contains CONFIG_ ifdefs that can't work in userspace.
The only userspace program known to use the header is elf2flt, and it
ships with its own version of the combined header.Use the chance to move the inclusion out of this file, as it
is in no way needed for the format defintion, but just for the binfmt
implementation.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
This will eventually allow us to kill the need for an for
many cases.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
Instead add a Kconfig variable that only h8300 selects.
Signed-off-by: Christoph Hellwig
Signed-off-by: Greg Ungerer -
This way only the two architectures that do masking need to provide
the helper.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
This helper is a no-op on all architectures, remove it.
Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer -
This helper is the same for all architectures, open code it in the only
caller.Signed-off-by: Christoph Hellwig
Tested-by: Vladimir Murzin
Reviewed-by: Vladimir Murzin
Signed-off-by: Greg Ungerer
12 Apr, 2018
1 commit
-
Provide a final callback into fs/exec.c before start_thread() takes
over, to handle any last-minute changes, like the coming restoration of
the stack limit.Link: http://lkml.kernel.org/r/1518638796-20819-3-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook
Cc: Andy Lutomirski
Cc: Ben Hutchings
Cc: Ben Hutchings
Cc: Brad Spengler
Cc: Greg KH
Cc: Hugh Dickins
Cc: "Jason A. Donenfeld"
Cc: Laura Abbott
Cc: Michal Hocko
Cc: Oleg Nesterov
Cc: Rik van Riel
Cc: Willy Tarreau
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
02 Nov, 2017
1 commit
-
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.By default all files without license information are under the default
license of the kernel, which is GPL version 2.Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if
Reviewed-by: Philippe Ombredanne
Reviewed-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
15 Sep, 2017
1 commit
-
Pull more set_fs removal from Al Viro:
"Christoph's 'use kernel_read and friends rather than open-coding
set_fs()' series"* 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fs: unexport vfs_readv and vfs_writev
fs: unexport vfs_read and vfs_write
fs: unexport __vfs_read/__vfs_write
lustre: switch to kernel_write
gadget/f_mass_storage: stop messing with the address limit
mconsole: switch to kernel_read
btrfs: switch write_buf to kernel_write
net/9p: switch p9_fd_read to kernel_write
mm/nommu: switch do_mmap_private to kernel_read
serial2002: switch serial2002_tty_write to kernel_{read/write}
fs: make the buf argument to __kernel_write a void pointer
fs: fix kernel_write prototype
fs: fix kernel_read prototype
fs: move kernel_read to fs/read_write.c
fs: move kernel_write to fs/read_write.c
autofs4: switch autofs4_write to __kernel_write
ashmem: switch to ->read_iter
09 Sep, 2017
1 commit
-
Omit extra messages for a memory allocation failure in this function.
This issue was detected by using the Coccinelle software.
Link: http://lkml.kernel.org/r/f92aac79-b05e-321a-1a19-d38c7159ee9c@users.sourceforge.net
Signed-off-by: Markus Elfring
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
05 Sep, 2017
1 commit
-
Use proper ssize_t and size_t types for the return value and count
argument, move the offset last and make it an in/out argument like
all other read/write helpers, and make the buf argument a void pointer
to get rid of lots of casts in the callers.Signed-off-by: Christoph Hellwig
Signed-off-by: Al Viro
02 Aug, 2017
1 commit
-
The cred_prepared bprm flag has a misleading name. It has nothing to do
with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has
been called. Rename this flag and improve its comment.Cc: David Howells
Cc: Stephen Smalley
Cc: Casey Schaufler
Signed-off-by: Kees Cook
Acked-by: John Johansen
Acked-by: James Morris
Acked-by: Paul Moore
Acked-by: Serge Hallyn
17 Jul, 2017
1 commit
-
Several variables had their types changed from unsigned long to u32, but
the printk()-style format to print them wasn't updated, leading to:fs/binfmt_flat.c: In function ‘load_flat_file’:
fs/binfmt_flat.c:577: warning: format ‘%ld’ expects type ‘long int’, but argument 3 has type ‘u32’Fixes: 468138d78510688f ("binfmt_flat: flat_{get,put}_addr_from_rp() should be able to fail")
Signed-off-by: Geert Uytterhoeven
Signed-off-by: Linus Torvalds
04 Jul, 2017
1 commit
-
on MMU targets EFAULT is possible here. Make both return 0 or error,
passing what used to be the return value of flat_get_addr_from_rp()
by reference.Signed-off-by: Al Viro
02 Mar, 2017
1 commit
-
We are going to split out of , which
will have to be picked up from other headers and a couple of .c files.Create a trivial placeholder file that just
maps to to make this patch obviously correct and
bisectable.Include the new header in the files that are going to need it.
Acked-by: Linus Torvalds
Cc: Mike Galbraith
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar
28 Jul, 2016
5 commits
-
Let's take the simple and obvious approach by decompressing the binary
into a kernel buffer and then copying it to user space. Those who are
looking for top performance on an MMU system are unlikely to choose this
executable format anyway.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
Not much else to do at this point except for the different stack setups.
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
This is needed on systems with a MMU. This also gets rid of the
strangest C code I've seen lateli i.e. an integer indexed with a
pointer value within square brackets. That really looked backwards.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
This is needed on systems with a MMU.
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer
25 Jul, 2016
6 commits
-
Relocs are fixed up in place in user space memory. The appropriate
accessors are required for this code to work with an active MMU.The architecture specific handlers flat_get_addr_from_rp() and
flat_put_addr_at_rp() for ARM and M68K are adjusted with separate
patches. SuperH and Xtensa are left out as they doesn't implement
__get_user_unaligned() and __put_user_unaligned() yet. The other
architectures that use BFLT don't have any MMU.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
In addition to better code clarity, this brings proper usage of
user memory accessors everywhere the stack is touched. This is essential
for making this work on MMU systems.Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
This gets rid of the rather ugly, open coded and suboptimal copy code.
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer -
Signed-off-by: Nicolas Pitre
Signed-off-by: Greg Ungerer -
Signed-off-by: Nicolas Pitre
Signed-off-by: Greg Ungerer -
Remove excessive casts, do some code grouping, fix most important
checkpatch.pl complaints, etc.No functional changes.
Signed-off-by: Nicolas Pitre
Reviewed-by: Greg Ungerer
Signed-off-by: Greg Ungerer
28 May, 2016
1 commit
-
Most users of IS_ERR_VALUE() in the kernel are wrong, as they
pass an 'int' into a function that takes an 'unsigned long'
argument. This happens to work because the type is sign-extended
on 64-bit architectures before it gets converted into an
unsigned type.However, anything that passes an 'unsigned short' or 'unsigned int'
argument into IS_ERR_VALUE() is guaranteed to be broken, as are
8-bit integers and types that are wider than 'unsigned long'.Andrzej Hajda has already fixed a lot of the worst abusers that
were causing actual bugs, but it would be nice to prevent any
users that are not passing 'unsigned long' arguments.This patch changes all users of IS_ERR_VALUE() that I could find
on 32-bit ARM randconfig builds and x86 allmodconfig. For the
moment, this doesn't change the definition of IS_ERR_VALUE()
because there are probably still architecture specific users
elsewhere.Almost all the warnings I got are for files that are better off
using 'if (err)' or 'if (err < 0)'.
The only legitimate user I could find that we get a warning for
is the (32-bit only) freescale fman driver, so I did not remove
the IS_ERR_VALUE() there but changed the type to 'unsigned long'.
For 9pfs, I just worked around one user whose calling conventions
are so obscure that I did not dare change the behavior.I was using this definition for testing:
#define IS_ERR_VALUE(x) ((unsigned long*)NULL == (typeof (x)*)NULL && \
unlikely((unsigned long long)(x) >= (unsigned long long)(typeof(x))-MAX_ERRNO))which ends up making all 16-bit or wider types work correctly with
the most plausible interpretation of what IS_ERR_VALUE() was supposed
to return according to its users, but also causes a compile-time
warning for any users that do not pass an 'unsigned long' argument.I suggested this approach earlier this year, but back then we ended
up deciding to just fix the users that are obviously broken. After
the initial warning that caused me to get involved in the discussion
(fs/gfs2/dir.c) showed up again in the mainline kernel, Linus
asked me to send the whole thing again.[ Updated the 9p parts as per Al Viro - Linus ]
Signed-off-by: Arnd Bergmann
Cc: Andrzej Hajda
Cc: Andrew Morton
Link: https://lkml.org/lkml/2016/1/7/363
Link: https://lkml.org/lkml/2016/5/27/486
Acked-by: Srinivas Kandagatla # For nvmem part
Signed-off-by: Linus Torvalds
05 Jun, 2014
1 commit
-
old_reloc() is only used in this file, make it static.
Signed-off-by: Axel Lin
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
30 Apr, 2013
1 commit
-
switch binfmts that use ->read() to that (and to kernel_read()
in several cases in binfmt_flat - sure, it's nommu, but still,
doing ->read() into kmalloc'ed buffer...)Signed-off-by: Al Viro
23 Feb, 2013
1 commit
-
Signed-off-by: Al Viro
29 Nov, 2012
1 commit
-
Signed-off-by: Al Viro