From 60592fb6b67c653beaa2e7acad9a9d7aa0b71dff Mon Sep 17 00:00:00 2001 From: Fangrui Song Date: Fri, 12 May 2023 02:25:28 +0000 Subject: [PATCH 1/5] coredump, vmcore: Set p_align to 4 for PT_NOTE Tools like readelf/llvm-readelf use p_align to parse a PT_NOTE program header as an array of 4-byte entries or 8-byte entries. Currently, there are workarounds[1] in place for Linux to treat p_align==0 as 4. However, it would be more appropriate to set the correct alignment so that tools do not have to rely on guesswork. FreeBSD coredumps set p_align to 4 as well. [1]: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=82ed9683ec099d8205dc499ac84febc975235af6 [2]: https://reviews.llvm.org/D150022 Signed-off-by: Fangrui Song Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20230512022528.3430327-1-maskray@google.com --- fs/binfmt_elf.c | 2 +- fs/binfmt_elf_fdpic.c | 2 +- fs/proc/vmcore.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 1033fbdfdbec..44b4c42ab8e8 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1517,7 +1517,7 @@ static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset) phdr->p_filesz = sz; phdr->p_memsz = 0; phdr->p_flags = 0; - phdr->p_align = 0; + phdr->p_align = 4; } static void fill_note(struct memelfnote *note, const char *name, int type, diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 05a1471d5283..d76ad3d4f676 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -1269,7 +1269,7 @@ static inline void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offs phdr->p_filesz = sz; phdr->p_memsz = 0; phdr->p_flags = 0; - phdr->p_align = 0; + phdr->p_align = 4; return; } diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c index 03f5963914a1..cb80a7703d58 100644 --- a/fs/proc/vmcore.c +++ b/fs/proc/vmcore.c @@ -877,7 +877,7 @@ static int __init merge_note_headers_elf64(char *elfptr, size_t *elfsz, phdr.p_offset = roundup(note_off, PAGE_SIZE); phdr.p_vaddr = phdr.p_paddr = 0; phdr.p_filesz = phdr.p_memsz = phdr_sz; - phdr.p_align = 0; + phdr.p_align = 4; /* Add merged PT_NOTE program header*/ tmp = elfptr + sizeof(Elf64_Ehdr); @@ -1068,7 +1068,7 @@ static int __init merge_note_headers_elf32(char *elfptr, size_t *elfsz, phdr.p_offset = roundup(note_off, PAGE_SIZE); phdr.p_vaddr = phdr.p_paddr = 0; phdr.p_filesz = phdr.p_memsz = phdr_sz; - phdr.p_align = 0; + phdr.p_align = 4; /* Add merged PT_NOTE program header*/ tmp = elfptr + sizeof(Elf32_Ehdr); From e6302d5a285b41209ada308ced6f9562cf1c616f Mon Sep 17 00:00:00 2001 From: Christophe JAILLET Date: Sun, 28 May 2023 18:20:24 +0200 Subject: [PATCH 2/5] binfmt: Use struct_size() Use struct_size() instead of hand-writing it. It is less verbose, more robust and more informative. Signed-off-by: Christophe JAILLET Acked-by: "Eric W. Biederman" Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/53150beae5dc04dac513dba391a2e4ae8696a7f3.1685290790.git.christophe.jaillet@wanadoo.fr --- fs/binfmt_elf_fdpic.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index d76ad3d4f676..237ce388d06d 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -748,7 +748,6 @@ static int elf_fdpic_map_file(struct elf_fdpic_params *params, struct elf32_phdr *phdr; unsigned long load_addr, stop; unsigned nloads, tmp; - size_t size; int loop, ret; /* allocate a load map table */ @@ -760,8 +759,7 @@ static int elf_fdpic_map_file(struct elf_fdpic_params *params, if (nloads == 0) return -ELIBBAD; - size = sizeof(*loadmap) + nloads * sizeof(*seg); - loadmap = kzalloc(size, GFP_KERNEL); + loadmap = kzalloc(struct_size(loadmap, segs, nloads), GFP_KERNEL); if (!loadmap) return -ENOMEM; From 36650a357eac3e525edbd31db4fe45841b05dc3b Mon Sep 17 00:00:00 2001 From: Christophe JAILLET Date: Sun, 28 May 2023 18:20:25 +0200 Subject: [PATCH 3/5] binfmt: Slightly simplify elf_fdpic_map_file() There is no point in initializing 'load_addr' and 'seg' here, they are both re-written just before being used below. Doing so, 'load_addr' can be moved in the #ifdef CONFIG_MMU section. Signed-off-by: Christophe JAILLET Acked-by: "Eric W. Biederman" Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/4f5e4096ad7f17716e924b5bd080e5709fc0b84b.1685290790.git.christophe.jaillet@wanadoo.fr --- fs/binfmt_elf_fdpic.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 237ce388d06d..1c6c5832af86 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -743,11 +743,12 @@ static int elf_fdpic_map_file(struct elf_fdpic_params *params, struct elf32_fdpic_loadmap *loadmap; #ifdef CONFIG_MMU struct elf32_fdpic_loadseg *mseg; + unsigned long load_addr; #endif struct elf32_fdpic_loadseg *seg; struct elf32_phdr *phdr; - unsigned long load_addr, stop; unsigned nloads, tmp; + unsigned long stop; int loop, ret; /* allocate a load map table */ @@ -768,9 +769,6 @@ static int elf_fdpic_map_file(struct elf_fdpic_params *params, loadmap->version = ELF32_FDPIC_LOADMAP_VERSION; loadmap->nsegs = nloads; - load_addr = params->load_addr; - seg = loadmap->segs; - /* map the requested LOADs into the memory space */ switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) { case ELF_FDPIC_FLAG_CONSTDISP: From 0b3d412798a4763aaf39213a279e453e1fddc81d Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Fri, 23 Jun 2023 08:50:11 +0300 Subject: [PATCH 4/5] elf: correct note name comment NT_PRFPREG note is named "CORE". Correct the comment accordingly. Fixes: 00e19ceec80b ("ELF: Add ELF program property parsing support") Signed-off-by: Baruch Siach Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/455b22b986de4d3bc6d9bfd522378e442943de5f.1687499411.git.baruch@tkos.co.il --- include/uapi/linux/elf.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index ac3da855fb19..4d1c8d46e7f0 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -372,7 +372,8 @@ typedef struct elf64_shdr { * Notes used in ET_CORE. Architectures export some of the arch register sets * using the corresponding note types via the PTRACE_GETREGSET and * PTRACE_SETREGSET requests. - * The note name for all these is "LINUX". + * The note name for these types is "LINUX", except NT_PRFPREG that is named + * "CORE". */ #define NT_PRSTATUS 1 #define NT_PRFPREG 2 From aa88054b70905069d1cf706aa5e9a3418d1d341d Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Fri, 23 Jun 2023 08:56:44 +0300 Subject: [PATCH 5/5] binfmt_elf: fix comment typo s/reset/regset/ Signed-off-by: Baruch Siach Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/0b2967c4a4141875c493e835d5a6f8f2d19ae2d6.1687499804.git.baruch@tkos.co.il --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 44b4c42ab8e8..983ce34115d5 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1773,7 +1773,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, /* * NT_PRSTATUS is the one special case, because the regset data * goes into the pr_reg field inside the note contents, rather - * than being the whole note contents. We fill the reset in here. + * than being the whole note contents. We fill the regset in here. * We assume that regset 0 is NT_PRSTATUS. */ fill_prstatus(&t->prstatus.common, t->task, signr);