From: Ismael Luceno <ismael@iodev.co.uk>
To: Kees Cook <kees@kernel.org>
Cc: YinFengwei <fengwei_yin@linux.alibaba.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
zhourundong.zrd@linux.alibaba.com
Subject: Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
Date: Sun, 3 Aug 2025 07:28:37 +0200 [thread overview]
Message-ID: <aI7zDXb2VpuaHHYi@pirotess> (raw)
In-Reply-To: <202508021029.7CC8B334@keescook>
On 02/Aug/2025 10:29, Kees Cook wrote:
> On Sat, Aug 02, 2025 at 05:47:13AM +0200, Ismael Luceno wrote:
> > On Sat, Jul 19, 2025 at 17:17:09 +0800, YinFengwei wrote:
> > > On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
> > > > On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
> > > > > We have assembly code generated by a script. GCC successfully compiles
> > > > > it. However, the kernel cannot load it on an ARM64 platform with a 4K
> > > > > page size. In contrast, the same ELF file loads correctly on the same
> > > > > platform with a 64K page size.
> > > > >
> > > > > The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
> > > > > program headers of ELF files. The ELF file contains 78 program headers
> > > > > (the script inserts many holes when generating the assembly code). On
> > > > > ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
> > > > > program headers, causing the ELF file to fail. However, with a 64K page
> > > > > size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
> > > > > the file to run correctly.
> > > > >
> > > > > [...]
> > > >
> > > > Applied to for-next/execve, thanks!
> > > Cook, thanks a lot.
> > >
> > > Regards
> > > Yin, Fengwei
> > >
> > > >
> > > > [1/1] binfmt_elf: remove the 4k limitation of program header size
> > > > https://git.kernel.org/kees/c/8030790477e8
> > > >
> > > > Take care,
> >
> > Hi,
> >
> > I noticed this removal and wonder whether it could be a problem on
> > smaller platforms.
> >
> > IIRC that code has been there since ELF support was added in one
> > form or another; and the idea behind it was to simplify the code
> > by ensuring no cross-page reads could happen, as these could cause
> > undefined behaviours or read abort exceptions.
>
> I didn't see a place where that would happen -- the reads aren't done on
> a single page. If you see something that I missed, please let me know!
The offset to the phdrs can point anywhere and the entries are
arbitrarily sized, thus it can be unaligned, so we can be potentially
reading at an entry right between two pages.
next prev parent reply other threads:[~2025-08-03 5:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-17 11:01 [PATCH] binfmt_elf: remove the 4k limitation of program header size fengwei_yin
2025-07-17 23:31 ` Kees Cook
2025-07-19 9:17 ` YinFengwei
2025-08-02 3:53 ` Ismael Luceno
[not found] ` <202508021029.7CC8B334@keescook>
2025-08-03 5:28 ` Ismael Luceno [this message]
2025-08-04 2:12 ` Yin Fengwei
2025-08-04 7:19 ` Ismael Luceno
2025-08-04 7:38 ` Yin Fengwei
2025-08-04 14:00 ` Yin Fengwei
2025-08-04 15:16 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aI7zDXb2VpuaHHYi@pirotess \
--to=ismael@iodev.co.uk \
--cc=fengwei_yin@linux.alibaba.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=zhourundong.zrd@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).