From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CEA2293C44 for ; Tue, 30 Dec 2025 09:14:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.51 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767086059; cv=none; b=GXV+nh5eTWVCEOgICox6eEyHCgeAGw6EVdF2pvwk/H1UuPMufDaGigOyt9zi1Brvg516IDyI7K+7VbHQRryWtNV+FGDhAygSu70g97XIACjWJkdXcRNibFxKXLNmmxl3YuA4ADSe/j+ddt3sZFBQ0LKBR/pU0pzP/GCWmzFcq0A= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767086059; c=relaxed/simple; bh=kMYS4nDZW+xqFk8WFjUw9cG0U0R3IAGkPMZX0g8pS98=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=QNgoXVBgn2qSPJSWpEfUtDNc/XV6h3/i2BZ5n30BVD9wuEy7fqP0iB5XzjFpxjIp3zs0a3DPw7adti85qFNBXUwtG5tJ7EevlB4xfr33YjeaK0S1fZbvzgKDeUg3f/tNG1wbhhrvRC/QJw3zX7bthMkhQ5GIw/Zay6Ppze5u31k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=fail smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=WEhTu2fs; arc=none smtp.client-ip=209.85.128.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="WEhTu2fs" Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-477563e28a3so59687735e9.1 for ; Tue, 30 Dec 2025 01:14:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1767086056; x=1767690856; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=V6HQy+93eKiQBXRGPg3IyKK5TzImasqN2aR2WZLtqxk=; b=WEhTu2fsAIgu6DnvFwF/GqOKZev7dLH4f3Asap4bWY5kgFud9tUD6X2wRgjlo11UHR ZqCCaBuN32tspEn2MbyOB7rlRo2Ne6CBLNtJO3tQj7MXE5L7yg59M27VgVTUlPbfMz6j H9002fd3pMQ8PXnYGTxbQRhtdU7HxEkNbVw8qLAg4G6wUOEewU9H25xib/+H9nJmu7hm RgDSzyirjQcC/88ATOMrgtVY0ndCfceX/5lms+T7j4CVfAUGUY0fMqq/KcvKFkumGBrk ZzTqg8ISWUgLMG7amkFvnp89ccsCe27DvsF3MyBpdHFxWukC2inYngj8DuXOWRTiRjbr nlPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767086056; x=1767690856; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=V6HQy+93eKiQBXRGPg3IyKK5TzImasqN2aR2WZLtqxk=; b=UA4eKFqzHjLTubc5h9a+c7AlJdVvT5b5VPx5zHfZnjiNn0/FyVvFrqRho5zUlKB0RQ hN2uQjlG6YY0VjWw2VkUvn0PIQXPJIXYweUI1gAE3juxmSPZmHPAWXbZuinIv6QQ/1Hj 0I2MDL5f++Rxqylra6bf4mJXKlVurr2DHkWNXmfHkbYsRjx7+MHRaB10pOPZxCwK6xxy xkW0VSc/F7AGaMkA4YRaVMj8D6IfvkeOYUJkssErG1XbH/ViM53+LA8M6S60axES/GPr Tiv5P8pNZ0ZzJX6qcswfa8kUBiRXB22KQkg524qA6YpPCqMnoseiANPavgydUnMwb89s cQGg== X-Forwarded-Encrypted: i=1; AJvYcCV1JgIjvo7OPX+joG2z7aptApU7htNYuX8xnxZJ7b05qpkSdH4rchOFlotOLJM6sExYK0PHHU5I+RSUEQo=@vger.kernel.org X-Gm-Message-State: AOJu0YwEj0YxA1qsM11vojDWNxFLZP2J/Trn6jI266M90TcPcDPsABqg wBaxY3ArNX/QKSpRKwAY2S+HMU10sIRCcPxJoHDwn2wHr7HgPJ8RJFD29UQW1mBUxDA= X-Gm-Gg: AY/fxX50IR5edpQH93jkjpYkixYk34vVjCaTyWE1FHa2f0PjHdmwLvocwL7PRgLXuSL vFcZ//QNObLiO/29Q2Kg4VydtOUsFHNhM5Zg2Cwz8b8WD2nIFoWKJ3kzzi0Jy31PkdEKjN/yDDb 05MNyKUe6haFFCfslXM163obdE8o/wI5BjqRj9nPwRdazKR5YEOSstB765m+c7efB+1pHKb2He0 agalrJMexD3OED1MwPTClI7LIsyAJcDpQDGNHM4NlgB7fIlxj+0Ip8kM4ZW80j2KtZs2HWSAdUG ad8mu+m2AtzGUDXfiqXXF3orbDwc2KudvYMfDcVSvBKHeLyNHCJsbv5wRSDmKB+urWwX7BZbfXN YZVekQ5vrNJmegukz8ZCsQoqC2n6AgYUhffeG+7P1VgcO4y4Rl9Cx+Z3WPoyjBMHWRwLSqIIc5c nxfAhRTO9MJcT/YOYcxqzQrK+qxKlRSg== X-Google-Smtp-Source: AGHT+IFKv3lNIvVVFE/AcEy5+lpmg1H1P5fZOOF4vDE/CodIsqYQs0HP6/eTBXDVP5Nqswfi6ttRjA== X-Received: by 2002:a05:600c:8b82:b0:47b:deb9:163d with SMTP id 5b1f17b1804b1-47d18b99b99mr353825415e9.7.1767086056038; Tue, 30 Dec 2025 01:14:16 -0800 (PST) Received: from [10.0.1.22] (109-81-1-107.rct.o2.cz. [109.81.1.107]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be3a5486dsm254520345e9.9.2025.12.30.01.14.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Dec 2025 01:14:15 -0800 (PST) Message-ID: <0d82084c-e633-40ff-b9fe-ce1532f28fdc@suse.com> Date: Tue, 30 Dec 2025 10:14:13 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH v1] module: Fix kernel panic when a symbol st_shndx is out of bounds To: Ihor Solodrai Cc: Luis Chamberlain , Daniel Gomez , Sami Tolvanen , Nathan Chancellor , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, bpf@vger.kernel.org, linux-kbuild@vger.kernel.org, llvm@lists.linux.dev References: <20251224005752.201911-1-ihor.solodrai@linux.dev> Content-Language: en-US From: Petr Pavlu In-Reply-To: <20251224005752.201911-1-ihor.solodrai@linux.dev> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 12/24/25 1:57 AM, Ihor Solodrai wrote: > [...] > --- > kernel/module/main.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/kernel/module/main.c b/kernel/module/main.c > index 710ee30b3bea..5bf456fad63e 100644 > --- a/kernel/module/main.c > +++ b/kernel/module/main.c > @@ -1568,6 +1568,13 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) > break; > > default: > + if (sym[i].st_shndx >= info->hdr->e_shnum) { > + pr_err("%s: Symbol %s has an invalid section index %u (max %u)\n", > + mod->name, name, sym[i].st_shndx, info->hdr->e_shnum - 1); > + ret = -ENOEXEC; > + break; > + } > + > /* Divert to percpu allocation if a percpu var. */ > if (sym[i].st_shndx == info->index.pcpu) > secbase = (unsigned long)mod_percpu(mod); The module loader should always at least get through the signature and blacklist checks without crashing due to a corrupted ELF file. After that point, the module content is to be trusted, but we try to error out for most issues that would cause problems later on. In this specific case, I think it is useful to add this check because the code potentially crashes on a valid module that uses SHN_XINDEX. The loader already rejects sh_link and sh_info values that are above e_shnum in several places, so the patch is consistent with that behavior. I suggest adding a proper commit description and sending a non-RFC version. -- Thanks, Petr