Re: [PATCH 2/2] exec: Avoid pathological argc, envc, and bprm->p values

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/21/24 00:00, Kees Cook wrote:
On Thu, Jun 20, 2024 at 05:19:55PM -0700, Guenter Roeck wrote:
Hi,

On Sun, May 19, 2024 at 07:16:12PM -0700, Kees Cook wrote:
Make sure nothing goes wrong with the string counters or the bprm's
belief about the stack pointer. Add checks and matching self-tests.

For 32-bit validation, this was run under 32-bit UML:
$ tools/testing/kunit/kunit.py run --make_options SUBARCH=i386 exec

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>

With this patch in linux-next, the qemu m68k:mcf5208evb emulation
fails to boot. The error is:

Eeek. Thanks for the report! I've dropped this patch from my for-next
tree.

Run /init as init process
Failed to execute /init (error -7)

-7 is E2BIG, so it's certainly one of the 3 new added checks. I must
have made a mistake in my reasoning about how bprm->p is initialized;
the other two checks seems extremely unlikely to be tripped.

I will try to get qemu set up and take a close look at what's happening.
While I'm doing that, if it's easy for you, can you try it with just
this removed (i.e. the other 2 new -E2BIG cases still in place):

	/* Avoid a pathological bprm->p. */
	if (bprm->p < limit)
		return -E2BIG;

I added a printk:

argc: 1 envc: 2 p: 262140 limit: 2097152
                ^^^^^^^^^^^^^^^^^^^^^^^^
Removing the check above does indeed fix the problem.

Guenter





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux