On Mon, Sep 14, 2015 at 10:13:03PM +1000, Greg Ungerer wrote: > Hi Rich, > > > On 26/08/15 11:26, Greg Ungerer wrote: > >On 21/08/15 05:11, Rich Felker wrote: > >>From: Rich Felker <dalias@xxxxxxxx> > >> > >>On NOMMU archs, the FDPIC ELF loader sets up the usable brk range to > >>overlap with all but the last PAGE_SIZE bytes of the stack. This leads > >>to catastrophic memory reuse/corruption if brk is used. Fix by setting > >>the brk area to zero size to disable its use. > >> > >>Signed-off-by: Rich Felker <dalias@xxxxxxxx> > > > >It would make sense to run this by David Howells <dhowells@xxxxxxxxxx>, > >I think he wrote this code (added to CC list). > > > >I have no problem with it, so: > > > >Acked-by: Greg Ungerer <gerg@xxxxxxxxxxx> > > Has anybody picked this up to push to Linus? > If not I can take it via the m68knommu tree. As far as I know, no. If you can do it that would be great. Rich > >>--- > >> > >>There is no reason for the kernel to be providing a brk area at all on > >>NOMMU; the bFLT loader does not provide one, uClibc never uses brk on > >>NOMMU targets, and musl libc goes out of its way to avoid using brk > >>that might run into the stack. > > > >I recall a long time back someone was playing with the idea of setting > >the brk to the unused parts of the last data area page. (Somewhat like > >this code seems to be trying). That scheme still allocated the full > >requested stack size (IIRC) though. And that would have been on bFLT > >executables. Anyway, just some historical reference, not really > >relevant now. > > > >Regards > >Greg > > > > > > > >>--- fs/binfmt_elf_fdpic.c.orig 2015-08-20 18:05:19.089888654 +0000 > >>+++ fs/binfmt_elf_fdpic.c 2015-08-20 18:10:01.519871432 +0000 > >>@@ -374,10 +388,7 @@ static int load_elf_fdpic_binary(struct > >> PAGE_ALIGN(current->mm->start_brk); > >> > >> #else > >>- /* create a stack and brk area big enough for everyone > >>- * - the brk heap starts at the bottom and works up > >>- * - the stack starts at the top and works down > >>- */ > >>+ /* create a stack area and zero-size brk area */ > >> stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK; > >> if (stack_size < PAGE_SIZE * 2) > >> stack_size = PAGE_SIZE * 2; > >>@@ -400,8 +411,6 @@ static int load_elf_fdpic_binary(struct > >> > >> current->mm->brk = current->mm->start_brk; > >> current->mm->context.end_brk = current->mm->start_brk; > >>- current->mm->context.end_brk += > >>- (stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0; > >> current->mm->start_stack = current->mm->start_brk + stack_size; > >> #endif > >> > >> > > -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html