[PATCH] binfmt_elf: remove the 4k limitation of program header size

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] binfmt_elf: remove the 4k limitation of program header size
@ 2025-07-17 11:01 fengwei_yin
  2025-07-17 23:31 ` Kees Cook
  0 siblings, 1 reply; 10+ messages in thread
From: fengwei_yin @ 2025-07-17 11:01 UTC (permalink / raw)
  To: linux-kernel, linux-mm; +Cc: kees, fengwei_yin, zhourundong.zrd

From: Yin Fengwei <fengwei_yin@linux.alibaba.com>

We have assembly code generated by a script. GCC successfully compiles
it. However, the kernel cannot load it on an ARM64 platform with a 4K
page size. In contrast, the same ELF file loads correctly on the same
platform with a 64K page size.

The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
program headers of ELF files. The ELF file contains 78 program headers
(the script inserts many holes when generating the assembly code). On
ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
program headers, causing the ELF file to fail. However, with a 64K page
size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
the file to run correctly.

Cook kindly identified that this limitation was introduced in
Linux-0.99.15f without an explanation for its purpose [1].

The ELF specification does not impose such a restriction on program
headers. Removing the ELF_MIN_ALIGN limitation on program headers to
align with the ELF spec. After removing ELF_MIN_ALIGN limitation,
64K size limitation still exist which should be sufficient.

[1] https://lore.kernel.org/linux-mm/202506270854.A729825@keescook/

Originally-by: Kees Cook <kees@kernel.org>
Signed-off-by: Yin Fengwei <fengwei_yin@linux.alibaba.com>
---
Explaination about "Originally-by": it's debug code from Cook. And
he didn't show the intention to submit it as patch. The change did
fix the issue I hit...

 fs/binfmt_elf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index a43363d593e5..1cb35a2bc528 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -519,7 +519,7 @@ static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
 	/* Sanity check the number of program headers... */
 	/* ...and their total size. */
 	size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
-	if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
+	if (size == 0 || size > 65536)
 		goto out;

 	elf_phdata = kmalloc(size, GFP_KERNEL);
-- 
2.49.0

^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-07-17 11:01 [PATCH] binfmt_elf: remove the 4k limitation of program header size fengwei_yin
@ 2025-07-17 23:31 ` Kees Cook
  2025-07-19  9:17   ` YinFengwei
  0 siblings, 1 reply; 10+ messages in thread
From: Kees Cook @ 2025-07-17 23:31 UTC (permalink / raw)
  To: linux-kernel, linux-mm, fengwei_yin; +Cc: Kees Cook, zhourundong.zrd

On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
> We have assembly code generated by a script. GCC successfully compiles
> it. However, the kernel cannot load it on an ARM64 platform with a 4K
> page size. In contrast, the same ELF file loads correctly on the same
> platform with a 64K page size.
> 
> The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
> program headers of ELF files. The ELF file contains 78 program headers
> (the script inserts many holes when generating the assembly code). On
> ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
> program headers, causing the ELF file to fail. However, with a 64K page
> size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
> the file to run correctly.
> 
> [...]

Applied to for-next/execve, thanks!

[1/1] binfmt_elf: remove the 4k limitation of program header size
      https://git.kernel.org/kees/c/8030790477e8

Take care,

-- 
Kees Cook



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-07-17 23:31 ` Kees Cook
@ 2025-07-19  9:17   ` YinFengwei
  2025-08-02  3:53     ` Ismael Luceno
  0 siblings, 1 reply; 10+ messages in thread
From: YinFengwei @ 2025-07-19  9:17 UTC (permalink / raw)
  To: Kees Cook; +Cc: linux-kernel, linux-mm, zhourundong.zrd

On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
> On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
> > We have assembly code generated by a script. GCC successfully compiles
> > it. However, the kernel cannot load it on an ARM64 platform with a 4K
> > page size. In contrast, the same ELF file loads correctly on the same
> > platform with a 64K page size.
> > 
> > The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
> > program headers of ELF files. The ELF file contains 78 program headers
> > (the script inserts many holes when generating the assembly code). On
> > ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
> > program headers, causing the ELF file to fail. However, with a 64K page
> > size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
> > the file to run correctly.
> > 
> > [...]
> 
> Applied to for-next/execve, thanks!
Cook, thanks a lot.

Regards
Yin, Fengwei

> 
> [1/1] binfmt_elf: remove the 4k limitation of program header size
>       https://git.kernel.org/kees/c/8030790477e8
> 
> Take care,
> 
> -- 
> Kees Cook


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-07-19  9:17   ` YinFengwei
@ 2025-08-02  3:53     ` Ismael Luceno
       [not found]       ` <202508021029.7CC8B334@keescook>
  0 siblings, 1 reply; 10+ messages in thread
From: Ismael Luceno @ 2025-08-02  3:53 UTC (permalink / raw)
  To: YinFengwei, Kees Cook; +Cc: linux-kernel, linux-mm, zhourundong.zrd

On Sat, Jul 19, 2025 at 17:17:09 +0800, YinFengwei wrote:
> On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
> > On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
> > > We have assembly code generated by a script. GCC successfully compiles
> > > it. However, the kernel cannot load it on an ARM64 platform with a 4K
> > > page size. In contrast, the same ELF file loads correctly on the same
> > > platform with a 64K page size.
> > > 
> > > The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
> > > program headers of ELF files. The ELF file contains 78 program headers
> > > (the script inserts many holes when generating the assembly code). On
> > > ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
> > > program headers, causing the ELF file to fail. However, with a 64K page
> > > size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
> > > the file to run correctly.
> > > 
> > > [...]
> > 
> > Applied to for-next/execve, thanks!
> Cook, thanks a lot.
> 
> Regards
> Yin, Fengwei
> 
> > 
> > [1/1] binfmt_elf: remove the 4k limitation of program header size
> >       https://git.kernel.org/kees/c/8030790477e8
> > 
> > Take care,

Hi,

I noticed this removal and wonder whether it could be a problem on
smaller platforms.

IIRC that code has been there since ELF support was added in one
form or another; and the idea behind it was to simplify the code
by ensuring no cross-page reads could happen, as these could cause
undefined behaviours or read abort exceptions.

Best regards.


^ permalink raw reply	[flat|nested] 10+ messages in thread

[parent not found: <202508021029.7CC8B334@keescook>]

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
       [not found]       ` <202508021029.7CC8B334@keescook>
@ 2025-08-03  5:28         ` Ismael Luceno
  2025-08-04  2:12           ` Yin Fengwei
  0 siblings, 1 reply; 10+ messages in thread
From: Ismael Luceno @ 2025-08-03  5:28 UTC (permalink / raw)
  To: Kees Cook; +Cc: YinFengwei, linux-kernel, linux-mm, zhourundong.zrd

On 02/Aug/2025 10:29, Kees Cook wrote:
> On Sat, Aug 02, 2025 at 05:47:13AM +0200, Ismael Luceno wrote:
> > On Sat, Jul 19, 2025 at 17:17:09 +0800, YinFengwei wrote:
> > > On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
> > > > On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
> > > > > We have assembly code generated by a script. GCC successfully compiles
> > > > > it. However, the kernel cannot load it on an ARM64 platform with a 4K
> > > > > page size. In contrast, the same ELF file loads correctly on the same
> > > > > platform with a 64K page size.
> > > > > 
> > > > > The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
> > > > > program headers of ELF files. The ELF file contains 78 program headers
> > > > > (the script inserts many holes when generating the assembly code). On
> > > > > ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
> > > > > program headers, causing the ELF file to fail. However, with a 64K page
> > > > > size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
> > > > > the file to run correctly.
> > > > > 
> > > > > [...]
> > > > 
> > > > Applied to for-next/execve, thanks!
> > > Cook, thanks a lot.
> > > 
> > > Regards
> > > Yin, Fengwei
> > > 
> > > > 
> > > > [1/1] binfmt_elf: remove the 4k limitation of program header size
> > > >       https://git.kernel.org/kees/c/8030790477e8
> > > > 
> > > > Take care,
> > 
> > Hi,
> > 
> > I noticed this removal and wonder whether it could be a problem on
> > smaller platforms.
> > 
> > IIRC that code has been there since ELF support was added in one
> > form or another; and the idea behind it was to simplify the code
> > by ensuring no cross-page reads could happen, as these could cause
> > undefined behaviours or read abort exceptions.
> 
> I didn't see a place where that would happen -- the reads aren't done on
> a single page. If you see something that I missed, please let me know!

The offset to the phdrs can point anywhere and the entries are
arbitrarily sized, thus it can be unaligned, so we can be potentially
reading at an entry right between two pages.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-08-03  5:28         ` Ismael Luceno
@ 2025-08-04  2:12           ` Yin Fengwei
  2025-08-04  7:19             ` Ismael Luceno
  0 siblings, 1 reply; 10+ messages in thread
From: Yin Fengwei @ 2025-08-04  2:12 UTC (permalink / raw)
  To: Ismael Luceno, Kees Cook
  Cc: linux-kernel, linux-mm, zhourundong.zrd, fengwei_yin



在 2025/8/3 13:28, Ismael Luceno 写道:
> On 02/Aug/2025 10:29, Kees Cook wrote:
>> On Sat, Aug 02, 2025 at 05:47:13AM +0200, Ismael Luceno wrote:
>>> On Sat, Jul 19, 2025 at 17:17:09 +0800, YinFengwei wrote:
>>>> On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
>>>>> On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
>>>>>> We have assembly code generated by a script. GCC successfully compiles
>>>>>> it. However, the kernel cannot load it on an ARM64 platform with a 4K
>>>>>> page size. In contrast, the same ELF file loads correctly on the same
>>>>>> platform with a 64K page size.
>>>>>>
>>>>>> The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
>>>>>> program headers of ELF files. The ELF file contains 78 program headers
>>>>>> (the script inserts many holes when generating the assembly code). On
>>>>>> ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
>>>>>> program headers, causing the ELF file to fail. However, with a 64K page
>>>>>> size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
>>>>>> the file to run correctly.
>>>>>>
>>>>>> [...]
>>>>>
>>>>> Applied to for-next/execve, thanks!
>>>> Cook, thanks a lot.
>>>>
>>>> Regards
>>>> Yin, Fengwei
>>>>
>>>>>
>>>>> [1/1] binfmt_elf: remove the 4k limitation of program header size
>>>>>        https://git.kernel.org/kees/c/8030790477e8
>>>>>
>>>>> Take care,
>>>
>>> Hi,
>>>
>>> I noticed this removal and wonder whether it could be a problem on
>>> smaller platforms.
>>>
>>> IIRC that code has been there since ELF support was added in one
>>> form or another; and the idea behind it was to simplify the code
>>> by ensuring no cross-page reads could happen, as these could cause
>>> undefined behaviours or read abort exceptions.
>>
>> I didn't see a place where that would happen -- the reads aren't done on
>> a single page. If you see something that I missed, please let me know!
> 
> The offset to the phdrs can point anywhere and the entries are
> arbitrarily sized, thus it can be unaligned, so we can be potentially
> reading at an entry right between two pages.

The read buffer are managed in kernel. Why cross-page read can cause
undefined behaviors or read abort?

Does smaller platforms have special behavior in this situation? Like
can't do cross-page read against the buffer allocated by kmalloc?


Regards
Yin, Fengwei



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-08-04  2:12           ` Yin Fengwei
@ 2025-08-04  7:19             ` Ismael Luceno
  2025-08-04  7:38               ` Yin Fengwei
  2025-08-04 14:00               ` Yin Fengwei
  0 siblings, 2 replies; 10+ messages in thread
From: Ismael Luceno @ 2025-08-04  7:19 UTC (permalink / raw)
  To: Yin Fengwei; +Cc: Kees Cook, linux-kernel, linux-mm, zhourundong.zrd

On 04/Aug/2025 10:12, Yin Fengwei wrote:
> 
> 
> 在 2025/8/3 13:28, Ismael Luceno 写道:
> > On 02/Aug/2025 10:29, Kees Cook wrote:
> > > On Sat, Aug 02, 2025 at 05:47:13AM +0200, Ismael Luceno wrote:
> > > > On Sat, Jul 19, 2025 at 17:17:09 +0800, YinFengwei wrote:
> > > > > On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
> > > > > > On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
> > > > > > > We have assembly code generated by a script. GCC successfully compiles
> > > > > > > it. However, the kernel cannot load it on an ARM64 platform with a 4K
> > > > > > > page size. In contrast, the same ELF file loads correctly on the same
> > > > > > > platform with a 64K page size.
> > > > > > > 
> > > > > > > The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
> > > > > > > program headers of ELF files. The ELF file contains 78 program headers
> > > > > > > (the script inserts many holes when generating the assembly code). On
> > > > > > > ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
> > > > > > > program headers, causing the ELF file to fail. However, with a 64K page
> > > > > > > size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
> > > > > > > the file to run correctly.
> > > > > > > 
> > > > > > > [...]
> > > > > > 
> > > > > > Applied to for-next/execve, thanks!
> > > > > Cook, thanks a lot.
> > > > > 
> > > > > Regards
> > > > > Yin, Fengwei
> > > > > 
> > > > > > 
> > > > > > [1/1] binfmt_elf: remove the 4k limitation of program header size
> > > > > >        https://git.kernel.org/kees/c/8030790477e8
> > > > > > 
> > > > > > Take care,
> > > > 
> > > > Hi,
> > > > 
> > > > I noticed this removal and wonder whether it could be a problem on
> > > > smaller platforms.
> > > > 
> > > > IIRC that code has been there since ELF support was added in one
> > > > form or another; and the idea behind it was to simplify the code
> > > > by ensuring no cross-page reads could happen, as these could cause
> > > > undefined behaviours or read abort exceptions.
> > > 
> > > I didn't see a place where that would happen -- the reads aren't done on
> > > a single page. If you see something that I missed, please let me know!
> > 
> > The offset to the phdrs can point anywhere and the entries are
> > arbitrarily sized, thus it can be unaligned, so we can be potentially
> > reading at an entry right between two pages.
> 
> The read buffer are managed in kernel. Why cross-page read can cause
> undefined behaviors or read abort?
> 
> Does smaller platforms have special behavior in this situation? Like
> can't do cross-page read against the buffer allocated by kmalloc?

Pretty much anything MMU-less will fault at cross-page multi-byte reads.

I'm not aware of any system with an MMU doing that but, I think on
RISC-V it's implementation-defined.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-08-04  7:19             ` Ismael Luceno
@ 2025-08-04  7:38               ` Yin Fengwei
  2025-08-04 14:00               ` Yin Fengwei
  1 sibling, 0 replies; 10+ messages in thread
From: Yin Fengwei @ 2025-08-04  7:38 UTC (permalink / raw)
  To: Ismael Luceno; +Cc: Kees Cook, linux-kernel, linux-mm, zhourundong.zrd



在 2025/8/4 15:19, Ismael Luceno 写道:
> On 04/Aug/2025 10:12, Yin Fengwei wrote:
>>
>>
>> 在 2025/8/3 13:28, Ismael Luceno 写道:
>>> On 02/Aug/2025 10:29, Kees Cook wrote:
>>>> On Sat, Aug 02, 2025 at 05:47:13AM +0200, Ismael Luceno wrote:
>>>>> On Sat, Jul 19, 2025 at 17:17:09 +0800, YinFengwei wrote:
>>>>>> On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
>>>>>>> On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
>>>>>>>> We have assembly code generated by a script. GCC successfully compiles
>>>>>>>> it. However, the kernel cannot load it on an ARM64 platform with a 4K
>>>>>>>> page size. In contrast, the same ELF file loads correctly on the same
>>>>>>>> platform with a 64K page size.
>>>>>>>>
>>>>>>>> The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
>>>>>>>> program headers of ELF files. The ELF file contains 78 program headers
>>>>>>>> (the script inserts many holes when generating the assembly code). On
>>>>>>>> ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
>>>>>>>> program headers, causing the ELF file to fail. However, with a 64K page
>>>>>>>> size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
>>>>>>>> the file to run correctly.
>>>>>>>>
>>>>>>>> [...]
>>>>>>>
>>>>>>> Applied to for-next/execve, thanks!
>>>>>> Cook, thanks a lot.
>>>>>>
>>>>>> Regards
>>>>>> Yin, Fengwei
>>>>>>
>>>>>>>
>>>>>>> [1/1] binfmt_elf: remove the 4k limitation of program header size
>>>>>>>         https://git.kernel.org/kees/c/8030790477e8
>>>>>>>
>>>>>>> Take care,
>>>>>
>>>>> Hi,
>>>>>
>>>>> I noticed this removal and wonder whether it could be a problem on
>>>>> smaller platforms.
>>>>>
>>>>> IIRC that code has been there since ELF support was added in one
>>>>> form or another; and the idea behind it was to simplify the code
>>>>> by ensuring no cross-page reads could happen, as these could cause
>>>>> undefined behaviours or read abort exceptions.
>>>>
>>>> I didn't see a place where that would happen -- the reads aren't done on
>>>> a single page. If you see something that I missed, please let me know!
>>>
>>> The offset to the phdrs can point anywhere and the entries are
>>> arbitrarily sized, thus it can be unaligned, so we can be potentially
>>> reading at an entry right between two pages.
>>
>> The read buffer are managed in kernel. Why cross-page read can cause
>> undefined behaviors or read abort?
>>
>> Does smaller platforms have special behavior in this situation? Like
>> can't do cross-page read against the buffer allocated by kmalloc?
> 
> Pretty much anything MMU-less will fault at cross-page multi-byte reads.
OK.

> 
> I'm not aware of any system with an MMU doing that but, I think on
> RISC-V it's implementation-defined.
But resitriction of 4K can NOT prevent cross-page multi-byte reads as
well. Say if the phdrs is on 2K offset, the size of entries is
larger than 2K. Right?

Regards
Yin, Fengwei



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-08-04  7:19             ` Ismael Luceno
  2025-08-04  7:38               ` Yin Fengwei
@ 2025-08-04 14:00               ` Yin Fengwei
  2025-08-04 15:16                 ` Kees Cook
  1 sibling, 1 reply; 10+ messages in thread
From: Yin Fengwei @ 2025-08-04 14:00 UTC (permalink / raw)
  To: Ismael Luceno, Yin Fengwei
  Cc: Kees Cook, linux-kernel, linux-mm, zhourundong.zrd



On 2025/8/4 15:19, Ismael Luceno wrote:
> On 04/Aug/2025 10:12, Yin Fengwei wrote:
>>
>>
>> 在 2025/8/3 13:28, Ismael Luceno 写道:
>>> On 02/Aug/2025 10:29, Kees Cook wrote:
>>>> On Sat, Aug 02, 2025 at 05:47:13AM +0200, Ismael Luceno wrote:
>>>>> On Sat, Jul 19, 2025 at 17:17:09 +0800, YinFengwei wrote:
>>>>>> On Thu, Jul 17, 2025 at 04:31:50PM +0800, Kees Cook wrote:
>>>>>>> On Thu, 17 Jul 2025 19:01:08 +0800, fengwei_yin@linux.alibaba.com wrote:
>>>>>>>> We have assembly code generated by a script. GCC successfully compiles
>>>>>>>> it. However, the kernel cannot load it on an ARM64 platform with a 4K
>>>>>>>> page size. In contrast, the same ELF file loads correctly on the same
>>>>>>>> platform with a 64K page size.
>>>>>>>>
>>>>>>>> The root cause is the Linux kernel's ELF_MIN_ALIGN limitation on the
>>>>>>>> program headers of ELF files. The ELF file contains 78 program headers
>>>>>>>> (the script inserts many holes when generating the assembly code). On
>>>>>>>> ARM64 with a 4K page size, the ELF_MIN_ALLIGN enforces a maximum of 74
>>>>>>>> program headers, causing the ELF file to fail. However, with a 64K page
>>>>>>>> size, the ELF_MIN_ALIGN is relaxed to over 1,184 program headers, allowing
>>>>>>>> the file to run correctly.
>>>>>>>>
>>>>>>>> [...]
>>>>>>>
>>>>>>> Applied to for-next/execve, thanks!
>>>>>> Cook, thanks a lot.
>>>>>>
>>>>>> Regards
>>>>>> Yin, Fengwei
>>>>>>
>>>>>>>
>>>>>>> [1/1] binfmt_elf: remove the 4k limitation of program header size
>>>>>>>         https://git.kernel.org/kees/c/8030790477e8
>>>>>>>
>>>>>>> Take care,
>>>>>
>>>>> Hi,
>>>>>
>>>>> I noticed this removal and wonder whether it could be a problem on
>>>>> smaller platforms.
>>>>>
>>>>> IIRC that code has been there since ELF support was added in one
>>>>> form or another; and the idea behind it was to simplify the code
>>>>> by ensuring no cross-page reads could happen, as these could cause
>>>>> undefined behaviours or read abort exceptions.
>>>>
>>>> I didn't see a place where that would happen -- the reads aren't done on
>>>> a single page. If you see something that I missed, please let me know!
>>>
>>> The offset to the phdrs can point anywhere and the entries are
>>> arbitrarily sized, thus it can be unaligned, so we can be potentially
>>> reading at an entry right between two pages.
>>
>> The read buffer are managed in kernel. Why cross-page read can cause
>> undefined behaviors or read abort?
>>
>> Does smaller platforms have special behavior in this situation? Like
>> can't do cross-page read against the buffer allocated by kmalloc?
> 
> Pretty much anything MMU-less will fault at cross-page multi-byte reads.
> 
> I'm not aware of any system with an MMU doing that but, I think on
> RISC-V it's implementation-defined.

Checked the doc "The RISC-V Instruction Set Manual Volume I" - 17.1.1
Momory Model Primitives. The misaligned memory operations (I suppose
the cross-page multi-byte access you concerned will trigger misaligned
memory first) will be emulated by byte access. So not a problem for
Risc-V IMHO.


For MMU-less system, is it possible a 64bit system? If not, the phdr
size is 4 * 8 = 32bit. There is no cross page multi-byte access. If
it's 64 bit, it's very unlikely that it has ELF with more than 73
program headers. I am kind of sure that we are fine here.

If this is really a concern, we can add 4K restriction only for
noMMU. Thanks.


Regards
Yin, Fengwei



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] binfmt_elf: remove the 4k limitation of program header size
  2025-08-04 14:00               ` Yin Fengwei
@ 2025-08-04 15:16                 ` Kees Cook
  0 siblings, 0 replies; 10+ messages in thread
From: Kees Cook @ 2025-08-04 15:16 UTC (permalink / raw)
  To: Yin Fengwei
  Cc: Ismael Luceno, Yin Fengwei, linux-kernel, linux-mm,
	zhourundong.zrd

On Mon, Aug 04, 2025 at 10:00:41PM +0800, Yin Fengwei wrote:
> If this is really a concern, we can add 4K restriction only for
> noMMU. Thanks.

My point is that the headers are loaded via elf_read()/kernel_read().
There is no direct mapping, etc, that would result in some single page;
it's already bounds checked, loaded into a distinct memory area, etc.

-- 
Kees Cook


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2025-08-04 15:16 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-17 11:01 [PATCH] binfmt_elf: remove the 4k limitation of program header size fengwei_yin
2025-07-17 23:31 ` Kees Cook
2025-07-19  9:17   ` YinFengwei
2025-08-02  3:53     ` Ismael Luceno
     [not found]       ` <202508021029.7CC8B334@keescook>
2025-08-03  5:28         ` Ismael Luceno
2025-08-04  2:12           ` Yin Fengwei
2025-08-04  7:19             ` Ismael Luceno
2025-08-04  7:38               ` Yin Fengwei
2025-08-04 14:00               ` Yin Fengwei
2025-08-04 15:16                 ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).