[GIT PULL] execve updates for v6.7-rc1

[GIT PULL] execve updates for v6.7-rc1

[Kees Cook]

Hi Linus,

Please pull these execve updates for v6.7-rc1. This includes 3
changes I want to explicitly call attention to:

1) Eric Biederman and I refactored ELF segment loading to handle the case
where a segment has a smaller filesz than memsz. Traditionally linkers
only did this for .bss and it was always the last segment. As a result,
the kernel only handled this case when it was the last segment. We've
had two recent cases where linkers were trying to use these kinds of
segments for other reasons, and the were in the middle of the segment
list. There was no good reason for the kernel not to support this,
and the refactor actually ends up making things more readable too.

2) Christian Brauner has made it possible to use binfmt_misc with mount
namespaces. This means some traditionally root-only interfaces (for
adding/removing formats) are now more exposed (but believed to be safe).

3) Alejandro Colomar noticed that the ELF UAPI has been polluting the
struct namespace with an unused and overly generic tag named "dynamic"
for no discernible reason for many many years. After double-checking
various distro source repositories, it has been removed.

All three changes have been living in linux-next without any reported
problems.

Thanks!

-Kees

The following changes since commit ce9ecca0238b140b88f43859b211c9fdfd8e5b70:

  Linux 6.6-rc2 (2023-09-17 14:40:24 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/execve-v6.7-rc1

for you to fetch changes up to 21ca59b365c091d583f36ac753eaa8baf947be6f:

  binfmt_misc: enable sandboxed mounts (2023-10-11 08:46:01 -0700)

----------------------------------------------------------------
execve updates for v6.7-rc1

- Support non-BSS ELF segments with 0 filesz (Eric W. Biederman, Kees Cook)

- Enable namespaced binfmt_misc (Christian Brauner)

- Remove struct tag 'dynamic' from ELF UAPI (Alejandro Colomar)

- Clean up binfmt_elf_fdpic debug output (Greg Ungerer)

----------------------------------------------------------------
Alejandro Colomar (1):
      elf, uapi: Remove struct tag 'dynamic'

Christian Brauner (2):
      binfmt_misc: cleanup on filesystem umount
      binfmt_misc: enable sandboxed mounts

Eric W. Biederman (1):
      binfmt_elf: Support segments with 0 filesz and misaligned starts

Greg Ungerer (1):
      binfmt_elf_fdpic: clean up debug warnings

Kees Cook (5):
      binfmt_elf: elf_bss no longer used by load_elf_binary()
      binfmt_elf: Use elf_load() for interpreter
      binfmt_elf: Use elf_load() for library
      binfmt_elf: Only report padzero() errors when PROT_WRITE
      mm: Remove unused vm_brk()

 fs/binfmt_elf.c                | 215 ++++++++---------------
 fs/binfmt_elf_fdpic.c          |  20 ++-
 fs/binfmt_misc.c               | 386 ++++++++++++++++++++++++++++++++++-------
 include/linux/binfmts.h        |  10 ++
 include/linux/mm.h             |   3 +-
 include/linux/user_namespace.h |   8 +
 include/uapi/linux/elf.h       |   2 +-
 kernel/user.c                  |  13 ++
 kernel/user_namespace.c        |   3 +
 mm/mmap.c                      |   6 -
 mm/nommu.c                     |   5 -
 11 files changed, 443 insertions(+), 228 deletions(-)

-- 
Kees Cook

Re: [GIT PULL] execve updates for v6.7-rc1

[pr-tracker-bot]

The pull request you sent on Mon, 30 Oct 2023 10:22:39 -0700:

> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/execve-v6.7-rc1

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/d82c0a37d431ada0d1dae9a2665fcfe17b0f9e14

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html