[PATCH 4.19 60/91] fs: binfmt_elf_efpic: fix personality for ELF-FDPIC

Archive-only list for patches
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	patches@lists.linux.dev, Greg Ungerer <gerg@kernel.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Christian Brauner <brauner@kernel.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Kees Cook <keescook@chromium.org>,
	Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 4.19 60/91] fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
Date: Mon,  9 Oct 2023 15:06:32 +0200	[thread overview]
Message-ID: <20231009130113.589732054@linuxfoundation.org> (raw)
In-Reply-To: <20231009130111.518916887@linuxfoundation.org>

4.19-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Greg Ungerer <gerg@kernel.org>

commit 7c3151585730b7095287be8162b846d31e6eee61 upstream.

The elf-fdpic loader hard sets the process personality to either
PER_LINUX_FDPIC for true elf-fdpic binaries or to PER_LINUX for normal ELF
binaries (in this case they would be constant displacement compiled with
-pie for example).  The problem with that is that it will lose any other
bits that may be in the ELF header personality (such as the "bug
emulation" bits).

On the ARM architecture the ADDR_LIMIT_32BIT flag is used to signify a
normal 32bit binary - as opposed to a legacy 26bit address binary.  This
matters since start_thread() will set the ARM CPSR register as required
based on this flag.  If the elf-fdpic loader loses this bit the process
will be mis-configured and crash out pretty quickly.

Modify elf-fdpic loader personality setting so that it preserves the upper
three bytes by using the SET_PERSONALITY macro to set it.  This macro in
the generic case sets PER_LINUX and preserves the upper bytes.
Architectures can override this for their specific use case, and ARM does
exactly this.

The problem shows up quite easily running under qemu using the ARM
architecture, but not necessarily on all types of real ARM hardware.  If
the underlying ARM processor does not support the legacy 26-bit addressing
mode then everything will work as expected.

Link: https://lkml.kernel.org/r/20230907011808.2985083-1-gerg@kernel.org
Fixes: 1bde925d23547 ("fs/binfmt_elf_fdpic.c: provide NOMMU loader for regular ELF binaries")
Signed-off-by: Greg Ungerer <gerg@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Greg Ungerer <gerg@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/binfmt_elf_fdpic.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -349,10 +349,9 @@ static int load_elf_fdpic_binary(struct
 	/* there's now no turning back... the old userspace image is dead,
 	 * defunct, deceased, etc.
 	 */
+	SET_PERSONALITY(exec_params.hdr);
 	if (elf_check_fdpic(&exec_params.hdr))
-		set_personality(PER_LINUX_FDPIC);
-	else
-		set_personality(PER_LINUX);
+		current->personality |= PER_LINUX_FDPIC;
 	if (elf_read_implies_exec(&exec_params.hdr, executable_stack))
 		current->personality |= READ_IMPLIES_EXEC;

next prev parent reply	other threads:[~2023-10-09 13:52 UTC|newest]

Thread overview: 101+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-09 13:05 [PATCH 4.19 00/91] 4.19.296-rc1 review Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 01/91] NFS/pNFS: Report EINVAL errors from connect() to the server Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 02/91] ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 03/91] ata: libahci: clear pending interrupt status Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 04/91] netfilter: nf_tables: disallow element removal on anonymous sets Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 05/91] selftests/tls: Add {} to avoid static checker warning Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 06/91] selftests: tls: swap the TX and RX sockets in some tests Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 07/91] ipv4: fix null-deref in ipv4_link_failure Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 08/91] powerpc/perf/hv-24x7: Update domain value check Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 09/91] net: hns3: add 5ms delay before clear firmware reset irq source Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 10/91] net: add atomic_long_t to net_device_stats fields Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 11/91] net: bridge: use DEV_STATS_INC() Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 12/91] team: fix null-ptr-deref when team device type is changed Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 13/91] gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 14/91] i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 15/91] Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 16/91] scsi: qla2xxx: Add protection mask module parameters Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 17/91] scsi: qla2xxx: Remove unsupported ql2xenabledif option Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 18/91] scsi: megaraid_sas: Load balance completions across all MSI-X Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 19/91] scsi: megaraid_sas: Fix deadlock on firmware crashdump Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 20/91] ext4: remove the group parameter of ext4_trim_extent Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 21/91] ext4: add new helper interface ext4_try_to_trim_range() Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 22/91] ext4: scope ret locally in ext4_try_to_trim_range() Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 23/91] ext4: change s_last_trim_minblks type to unsigned long Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 24/91] ext4: mark group as trimmed only if it was fully scanned Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 25/91] ext4: replace the traditional ternary conditional operator with with max()/min() Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 26/91] ext4: move setting of trimmed bit into ext4_try_to_trim_range() Greg Kroah-Hartman
2023-10-09 13:05 ` [PATCH 4.19 27/91] ext4: do not let fstrim block system suspend Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 28/91] MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 29/91] clk: tegra: fix error return case for recalc_rate Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 30/91] ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 31/91] gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 32/91] parisc: sba: Fix compile warning wrt list of SBA devices Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 33/91] parisc: iosapic.c: Fix sparse warnings Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 34/91] parisc: drivers: Fix sparse warning Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 35/91] parisc: irq: Make irq_stack_union static to avoid " Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 36/91] selftests/ftrace: Correctly enable event in instance-event.tc Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 37/91] ring-buffer: Avoid softlockup in ring_buffer_resize() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 38/91] ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 39/91] bpf: Clarify error expectations from bpf_clone_redirect Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 40/91] fbdev/sh7760fb: Depend on FB=y Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 41/91] nvme-pci: do not set the NUMA node of device if it has none Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 42/91] watchdog: iTCO_wdt: No need to stop the timer in probe Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 43/91] watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 44/91] net: Fix unwanted sign extension in netdev_stats_to_stats64() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 45/91] scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 46/91] Smack:- Use overlay inode label in smack_inode_copy_up() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 47/91] smack: Retrieve transmuting information in smack_inode_getsecurity() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 48/91] smack: Record transmuting in smk_transmuted Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 49/91] serial: 8250_port: Check IRQ data before use Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 50/91] nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 51/91] ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 52/91] ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 53/91] i2c: i801: unregister tco_pdev in i801_probe() error path Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 54/91] btrfs: properly report 0 avail for very full file systems Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 55/91] net: thunderbolt: Fix TCPv6 GSO checksum calculation Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 56/91] ata: libata-core: Fix ata_port_request_pm() locking Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 57/91] ata: libata-core: Fix port and device removal Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 58/91] ata: libata-core: Do not register PM operations for SAS ports Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 59/91] ata: libata-sata: increase PMP SRST timeout to 10s Greg Kroah-Hartman
2023-10-09 13:06 ` Greg Kroah-Hartman [this message]
2023-10-09 13:06 ` [PATCH 4.19 61/91] ext4: fix rec_len verify error Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 62/91] ata: libata: disallow dev-initiated LPM transitions to unsupported states Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 63/91] Revert "drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions" Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 64/91] media: dvb: symbol fixup for dvb_attach() - again Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 65/91] Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3" Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 66/91] scsi: zfcp: Fix a double put in zfcp_port_enqueue() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 67/91] qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 68/91] wifi: mwifiex: Fix tlv_buf_left calculation Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 69/91] net: replace calls to sock->ops->connect() with kernel_connect() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 70/91] btrfs: reject unknown mount options early Greg Kroah-Hartman
2023-10-10  8:53   ` Qu Wenruo
2023-10-10 11:27     ` Greg Kroah-Hartman
2023-10-10 12:59       ` David Sterba
2023-10-10 15:25         ` Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 71/91] ubi: Refuse attaching if mtds erasesize is 0 Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 72/91] wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 73/91] drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 74/91] regmap: rbtree: Fix wrong register marked as in-cache when creating new node Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 75/91] scsi: target: core: Fix deadlock due to recursive locking Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 76/91] modpost: add missing else to the "of" check Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 77/91] ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 78/91] net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 79/91] net: stmmac: dwmac-stm32: fix resume on STM32 MCU Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 80/91] tcp: fix quick-ack counting to count actual ACKs of new data Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 81/91] tcp: fix delayed ACKs for MSS boundary condition Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 82/91] sctp: update transport state when processing a dupcook packet Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 83/91] sctp: update hb timer immediately after users change hb_interval Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 84/91] cpupower: add Makefile dependencies for install targets Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 85/91] IB/mlx4: Fix the size of a buffer in add_port_entries() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 86/91] gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() Greg Kroah-Hartman
2023-10-09 13:06 ` [PATCH 4.19 87/91] gpio: pxa: disable pinctrl calls for MMP_GPIO Greg Kroah-Hartman
2023-10-09 13:07 ` [PATCH 4.19 88/91] RDMA/cma: Fix truncation compilation warning in make_cma_ports Greg Kroah-Hartman
2023-10-09 13:07 ` [PATCH 4.19 89/91] RDMA/mlx5: Fix NULL string error Greg Kroah-Hartman
2023-10-09 13:07 ` [PATCH 4.19 90/91] parisc: Restore __ldcw_align for PA-RISC 2.0 processors Greg Kroah-Hartman
2023-10-09 13:07 ` [PATCH 4.19 91/91] dccp: fix dccp_v4_err()/dccp_v6_err() again Greg Kroah-Hartman
2023-10-09 23:03 ` [PATCH 4.19 00/91] 4.19.296-rc1 review Shuah Khan
2023-10-10  9:57 ` Jon Hunter
2023-10-10  9:57 ` Jon Hunter
2023-10-10 18:17 ` Guenter Roeck
2023-10-11  1:30 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231009130113.589732054@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=brauner@kernel.org \
    --cc=ebiederm@xmission.com \
    --cc=gerg@kernel.org \
    --cc=keescook@chromium.org \
    --cc=patches@lists.linux.dev \
    --cc=stable@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox