Re: [PATCH v5 12/15] binfmt_flat: allow compressed flat binary format to work on MMU systems

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Arnd Bergmann <arnd@arndb.de>
To: linux-arm-kernel@lists.infradead.org
Cc: Nicolas Pitre <nicolas.pitre@linaro.org>,
	Greg Ungerer <gerg@linux-m68k.org>,
	linux-fsdevel@vger.kernel.org,
	Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
	linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
	linux-m68k@lists.linux-m68k.org,
	Alexander Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH v5 12/15] binfmt_flat: allow compressed flat binary format to work on MMU systems
Date: Sun, 24 Jul 2016 21:48:55 +0200	[thread overview]
Message-ID: <4262519.L4vdOGcrh0@wuerfel> (raw)
In-Reply-To: <1469374229-21585-13-git-send-email-nicolas.pitre@linaro.org>

On Sunday, July 24, 2016 11:30:26 AM CEST Nicolas Pitre wrote:
> +#else
> +                       /*
> +                        * This is used on MMU systems mainly for testing.
> +                        * Let's use a kernel buffer to simplify things.
> +                        */
> +                       long unz_text_len = text_len - sizeof(struct flat_hdr);
> +                       long unz_len = unz_text_len + full_data;
> +                       char *unz_data = vmalloc(unz_len);
> +                       if (!unz_data) {
> +                               result = -ENOMEM;
> 

Is there a risk of a malicious user exhausting vmalloc space with a
binary that has forged headers? If there is, maybe put an upper bound on
the size of allocation.

More broadly speaking, are there any other attacks that may get enabled
through forged binaries? We've had a couple of vulnerabilities in
binfmt_elf over the years, and I wonder how dangerous it might be
if distros turn on binfmt_flat support by default.

	Arnd

next prev parent reply	other threads:[~2016-07-24 19:49 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-24 15:30 [PATCH v5 00/15] allow BFLT executables on systems with a MMU Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 01/15] binfmt_flat: assorted cleanups Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 02/15] binfmt_flat: convert printk invocations to their modern form Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 03/15] binfmt_flat: prevent kernel dammage from corrupted executable headers Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 04/15] elf_fdpic_transfer_args_to_stack(): make it generic Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 05/15] binfmt_flat: use generic transfer_args_to_stack() Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 06/15] binfmt_flat: clean up create_flat_tables() and stack accesses Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 07/15] binfmt_flat: use proper user space accessors with relocs processing code Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 08/15] binfmt_flat: use proper user space accessors with old relocs code Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 09/15] binfmt_flat: use clear_user() rather than memset() to clear .bss Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 10/15] binfmt_flat: update libraries' data segment pointer with userspace accessors Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 11/15] binfmt_flat: add MMU-specific support Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 12/15] binfmt_flat: allow compressed flat binary format to work on MMU systems Nicolas Pitre
2016-07-24 19:48   ` Arnd Bergmann [this message]
2016-07-24 20:25     ` Nicolas Pitre
2016-07-25  8:18       ` Arnd Bergmann
2016-07-24 15:30 ` [PATCH v5 13/15] m68k: fix bFLT executable running on MMU enabled systems Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 14/15] m68k: enable binfmt_flat on systems with an MMU Nicolas Pitre
2016-07-24 15:30 ` [PATCH v5 15/15] ARM: " Nicolas Pitre
2016-07-26  0:53 ` [PATCH v5 00/15] allow BFLT executables on systems with a MMU Greg Ungerer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4262519.L4vdOGcrh0@wuerfel \
    --to=arnd@arndb.de \
    --cc=dhowells@redhat.com \
    --cc=gerg@linux-m68k.org \
    --cc=gnomes@lxorguk.ukuu.org.uk \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-m68k@lists.linux-m68k.org \
    --cc=nicolas.pitre@linaro.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).