Hi,
This is the continuation of the work Eric started for handling
"p_memsz > p_filesz" in arbitrary segments (rather than just the last,
BSS, segment). I've added the suggested changes:
- drop unused "elf_bss" variable
- refactor load_elf_interp() to use elf_load()
- refactor load_elf_library
Errors with padzero() should be caught unless we're expecting a
pathological (non-writable) segment. Report -EFAULT only when PROT_WRITE
is present.
Additionally add some more documentation to padzero(), elf_map(), and
elf_load().
Cc: Eric Biederman
Cc: Alexander Viro
Cc: Christian Brauner
Cc:
While load_elf_library() is a libc5-ism, we can still replace most of
its contents with elf_load() as well, further simplifying the code.
Cc: Alexander Viro
Cc: Christian Brauner
Cc: linux-fsde...@vger.kernel.org
Cc: linux...@kvack.org
Suggested-by: Eric Biederman
Signed-off-by: Kees Cook
---
With fs/binfmt_elf.c fully refactored to use the new elf_load() helper,
there are no more users of vm_brk(), so remove it.
Cc: Andrew Morton
Cc: linux...@kvack.org
Suggested-by: Eric Biederman
Signed-off-by: Kees Cook
---
include/linux/mm.h | 3 +--
mm/mmap.c | 6 --
mm/nommu.c
With the BSS handled generically via the new filesz/memsz mismatch
handling logic in elf_load(), elf_bss no longer needs to be tracked.
Drop the variable.
Cc: Eric Biederman
Cc: Alexander Viro
Cc: Christian Brauner
Cc: linux-fsde...@vger.kernel.org
Cc: linux...@kvack.org
Suggested-by: Eric Bied
Handle arbitrary memsz>filesz in interpreter ELF segments, instead of
only supporting it in the last segment (which is expected to be the
BSS).
Cc: Eric Biederman
Cc: Alexander Viro
Cc: Christian Brauner
Cc: linux-fsde...@vger.kernel.org
Cc: linux...@kvack.org
Reported-by: Pedro Falcato
Closes
From: "Eric W. Biederman"
Implement a helper elf_load() that wraps elf_map() and performs all
of the necessary work to ensure that when "memsz > filesz" the bytes
described by "memsz > filesz" are zeroed.
An outstanding issue is if the first segment has filesz 0, and has a
randomized location. B
On Wed, Sep 27, 2023 at 03:18:34PM -0500, Eric W. Biederman wrote:
> Kees Cook writes:
>
> > Errors with padzero() should be caught unless we're expecting a
> > pathological (non-writable) segment. Report -EFAULT only when PROT_WRITE
> > is present.
> >
> > Additionally add some more documentatio
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
A
On Thu, Sep 28, 2023 at 05:26:08PM +0530, Vinod Koul wrote:
>
> On Thu, 17 Aug 2023 16:58:37 -0700, Kees Cook wrote:
> > This annotates several structures with the coming __counted_by attribute
> > for bounds checking of flexible arrays at run-time. For more details, see
> > commit dd06e72e68bc ("
Hi Justin,
thanks for your patch!
On Wed, Sep 27, 2023 at 7:10 AM Justin Stitt wrote:
> `strncpy` is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect project_name to be NUL-terminated ba
On Fri, Sep 22, 2023 at 10:51:51AM -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array
On Sat, 23 Sep 2023, Kees Cook wrote:
> On Fri, Sep 22, 2023 at 03:27:17PM +, Justin Stitt wrote:
> > `strncpy` is deprecated for use on NUL-terminated destination strings
> > [1] and as such we should prefer more robust and less ambiguous string
> > interfaces.
> >
> > We expect `dest` to be
On Fri, 22 Sep 2023 15:27:17 +, Justin Stitt wrote:
> `strncpy` is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect `dest` to be NUL-terminated due to its use with dev_err.
>
> lp3952_
On Sat, Sep 23, 2023 at 07:15:59PM -0600, Gustavo A. R. Silva wrote:
> The flexible structure (a structure that contains a flexible-array member
> at the end) `qed_ll2_tx_packet` is nested within the second layer of
> `struct qed_ll2_info`:
>
> struct qed_ll2_tx_packet {
> ...
> /* F
On Fri, 22 Sep 2023 10:53:38 -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexi
On Tue, 26 Sep 2023, Kees Cook wrote:
This is the continuation of the work Eric started for handling
"p_memsz > p_filesz" in arbitrary segments (rather than just the last,
BSS, segment). I've added the suggested changes:
- drop unused "elf_bss" variable
- report padzero() errors when PROT_WRITE
On Thu, 17 Aug 2023 16:58:37 -0700, Kees Cook wrote:
> This annotates several structures with the coming __counted_by attribute
> for bounds checking of flexible arrays at run-time. For more details, see
> commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").
>
> Thanks!
>
> -Kee
On 22-09-23, 10:16, Kees Cook wrote:
> On Fri, Sep 15, 2023 at 01:08:30PM -0700, Kees Cook wrote:
> > Just a ping on the series... how do these look to you, Vinod?
> >
> > If you want I can carry them in my tree. Please let me know.
>
> I'm now carrying this in my for-next/hardening tree. Let me
Signed-off-by: Jeff Layton
---
fs/pstore/inode.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
index 585360706b33..d41c20d1b5e8 100644
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -223,7 +223,7 @@ static struct inode *pstore_g
20 matches
Mail list logo
