• Chuck Ebbert's avatar
    [PATCH] binfmt_elf: fix checks for bad address · ce51059b
    Chuck Ebbert authored
    Fix check for bad address; use macro instead of open-coding two checks.
    
    Taken from RHEL4 kernel update.
    
    From: Ernie Petrides <petrides@redhat.com>
    
      For background, the BAD_ADDR() macro should return TRUE if the address is
      TASK_SIZE, because that's the lowest address that is *not* valid for
      user-space mappings.  The macro was correct in binfmt_aout.c but was wrong
      for the "equal to" case in binfmt_elf.c.  There were two in-line validations
      of user-space addresses in binfmt_elf.c, which have been appropriately
      converted to use the corrected BAD_ADDR() macro in the patch you posted
      yesterday.  Note that the size checks against TASK_SIZE are okay as coded.
    
      The additional changes that I propose are below.  These are in the error
      paths for bad ELF entry addresses once load_elf_binary() has already
      committed to exec'ing the new image (following the tearing down of the
      task's original address space).
    
      The 1st hunk deals with the interp-side of the outer "if".  There were two
      problems here.  The printk() should be removed because this path can be
      triggered at will by a bogus interpreter image created and used by a
      malicious user.  Further, the error code should not be ENOEXEC, because that
      causes the loop in search_binary_handler() to continue trying other exec
      handlers (twice, in fact).  But it's too late for this to work correctly,
      because the user address space has already been torn down, and an exec()
      failure cannot be returned to the user code because the code no longer
      exists.  The only recovery is to force a SIGSEGV, but it's best to terminate
      the search loop immediately.  I somewhat arbitrarily chose EINVAL as a
      fallback error code, but any error returned by load_elf_interp() will
      override that (but this value will never be seen by user-space).
    
      The 2nd hunk deals with the non-interp-side of the outer "if".  There were
      two problems here as well.  The SIGSEGV needs to be forced, because a prior
      sigaction() syscall might have set the associated disposition to SIG_IGN.
      And the ENOEXEC should be changed to EINVAL as described above.
    Signed-off-by: default avatarChuck Ebbert <76306.1226@compuserve.com>
    Signed-off-by: default avatarErnie Petrides <petrides@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    ce51059b
Name
Last commit
Last update
..
9p Loading commit data...
adfs Loading commit data...
affs Loading commit data...
afs Loading commit data...
autofs Loading commit data...
autofs4 Loading commit data...
befs Loading commit data...
bfs Loading commit data...
cifs Loading commit data...
coda Loading commit data...
configfs Loading commit data...
cramfs Loading commit data...
debugfs Loading commit data...
devpts Loading commit data...
efs Loading commit data...
exportfs Loading commit data...
ext2 Loading commit data...
ext3 Loading commit data...
fat Loading commit data...
freevxfs Loading commit data...
fuse Loading commit data...
hfs Loading commit data...
hfsplus Loading commit data...
hostfs Loading commit data...
hpfs Loading commit data...
hppfs Loading commit data...
hugetlbfs Loading commit data...
isofs Loading commit data...
jbd Loading commit data...
jffs Loading commit data...
jffs2 Loading commit data...
jfs Loading commit data...
lockd Loading commit data...
minix Loading commit data...
msdos Loading commit data...
ncpfs Loading commit data...
nfs Loading commit data...
nfs_common Loading commit data...
nfsd Loading commit data...
nls Loading commit data...
ntfs Loading commit data...
ocfs2 Loading commit data...
openpromfs Loading commit data...
partitions Loading commit data...
proc Loading commit data...
qnx4 Loading commit data...
ramfs Loading commit data...
reiserfs Loading commit data...
romfs Loading commit data...
smbfs Loading commit data...
sysfs Loading commit data...
sysv Loading commit data...
udf Loading commit data...
ufs Loading commit data...
vfat Loading commit data...
xfs Loading commit data...
Kconfig Loading commit data...
Kconfig.binfmt Loading commit data...
Makefile Loading commit data...
aio.c Loading commit data...
attr.c Loading commit data...
bad_inode.c Loading commit data...
binfmt_aout.c Loading commit data...
binfmt_elf.c Loading commit data...
binfmt_elf_fdpic.c Loading commit data...
binfmt_em86.c Loading commit data...
binfmt_flat.c Loading commit data...
binfmt_misc.c Loading commit data...
binfmt_script.c Loading commit data...
binfmt_som.c Loading commit data...
bio.c Loading commit data...
block_dev.c Loading commit data...
buffer.c Loading commit data...
char_dev.c Loading commit data...
compat.c Loading commit data...
compat_ioctl.c Loading commit data...
dcache.c Loading commit data...
dcookies.c Loading commit data...
direct-io.c Loading commit data...
dnotify.c Loading commit data...
dquot.c Loading commit data...
drop_caches.c Loading commit data...
eventpoll.c Loading commit data...
exec.c Loading commit data...
fcntl.c Loading commit data...
fifo.c Loading commit data...
file.c Loading commit data...
file_table.c Loading commit data...
filesystems.c Loading commit data...
fs-writeback.c Loading commit data...
inode.c Loading commit data...
inotify.c Loading commit data...
inotify_user.c Loading commit data...
ioctl.c Loading commit data...
ioprio.c Loading commit data...
libfs.c Loading commit data...
locks.c Loading commit data...
mbcache.c Loading commit data...
mpage.c Loading commit data...
namei.c Loading commit data...
namespace.c Loading commit data...
nfsctl.c Loading commit data...
open.c Loading commit data...
pipe.c Loading commit data...
pnode.c Loading commit data...
pnode.h Loading commit data...
posix_acl.c Loading commit data...
quota.c Loading commit data...
quota_v1.c Loading commit data...
quota_v2.c Loading commit data...
read_write.c Loading commit data...
readdir.c Loading commit data...
select.c Loading commit data...
seq_file.c Loading commit data...
splice.c Loading commit data...
stat.c Loading commit data...
super.c Loading commit data...
sync.c Loading commit data...
xattr.c Loading commit data...
xattr_acl.c Loading commit data...