On Wed, May 13, 2020 at 05:59:32PM +0900, Nobuhiro Iwamatsu wrote:
> From: Kees Cook <keescook@xxxxxxxxxxxx>
>
> commit 7be3cb019db1cbd5fd5ffe6d64a23fefa4b6f229 upstream.
>
> When brk was moved for binaries without an interpreter, it should have
> been limited to ET_DYN only. In other words, the special case was an
> ET_DYN that lacks an INTERP, not just an executable that lacks INTERP.
> The bug manifested for giant static executables, where the brk would end
> up in the middle of the text area on 32-bit architectures.
>
> Reported-and-tested-by: Richard Kojedzinszky <richard@xxxxxxxxx>
> Fixes: bbdc6076d2e5 ("binfmt_elf: move brk out of mmap when doing direct loader exec")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@xxxxxxxxxxxxx>
Already queued up a few hours ago, thanks.
greg k-h
