The patch titled
Subject: fs/binfmt_elf.c: don't be afraid of overflow
has been added to the -mm tree. Its filename is
elf-dont-be-afraid-of-overflow.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/elf-dont-be-afraid-of-overflow.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/elf-dont-be-afraid-of-overflow.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Subject: fs/binfmt_elf.c: don't be afraid of overflow
Number of ELF program headers is 16-bit by spec, so total size comfortably
fits into "unsigned int".
Space savings: 7 bytes!
add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-7 (-7)
Function old new delta
load_elf_phdrs 137 130 -7
Link: http://lkml.kernel.org/r/20190204202715.GA27482@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
--- a/fs/binfmt_elf.c~elf-dont-be-afraid-of-overflow
+++ a/fs/binfmt_elf.c
@@ -418,8 +418,9 @@ static struct elf_phdr *load_elf_phdrs(s
struct file *elf_file)
{
struct elf_phdr *elf_phdata = NULL;
- int retval, size, err = -1;
+ int retval, err = -1;
loff_t pos = elf_ex->e_phoff;
+ unsigned int size;
/*
* If the size of this structure has changed, then punt, since
@@ -429,13 +430,9 @@ static struct elf_phdr *load_elf_phdrs(s
goto out;
/* Sanity check the number of program headers... */
- if (elf_ex->e_phnum < 1 ||
- elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
- goto out;
-
/* ...and their total size. */
size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
- if (size > ELF_MIN_ALIGN)
+ if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
goto out;
elf_phdata = kmalloc(size, GFP_KERNEL);
_
Patches currently in -mm which might be from adobriyan@xxxxxxxxx are
mm-shuffle-gfp_-flags.patch
proc-return-exit-code-4-for-skipped-tests.patch
proc-read-kernel-cpu-stat-pointer-once.patch
proc-use-seq_puts-everywhere.patch
elf-dont-be-afraid-of-overflow.patch
elf-use-list_for_each_entry.patch
elf-spread-const-a-little.patch
proc-calculate-end-pointer-for-proc-lookup-at-compile-time.patch
