aha/fs
Chuck Ebbert ce51059be5 [PATCH] binfmt_elf: fix checks for bad address
Fix check for bad address; use macro instead of open-coding two checks.

Taken from RHEL4 kernel update.

From: Ernie Petrides <petrides@redhat.com>

  For background, the BAD_ADDR() macro should return TRUE if the address is
  TASK_SIZE, because that's the lowest address that is *not* valid for
  user-space mappings.  The macro was correct in binfmt_aout.c but was wrong
  for the "equal to" case in binfmt_elf.c.  There were two in-line validations
  of user-space addresses in binfmt_elf.c, which have been appropriately
  converted to use the corrected BAD_ADDR() macro in the patch you posted
  yesterday.  Note that the size checks against TASK_SIZE are okay as coded.

  The additional changes that I propose are below.  These are in the error
  paths for bad ELF entry addresses once load_elf_binary() has already
  committed to exec'ing the new image (following the tearing down of the
  task's original address space).

  The 1st hunk deals with the interp-side of the outer "if".  There were two
  problems here.  The printk() should be removed because this path can be
  triggered at will by a bogus interpreter image created and used by a
  malicious user.  Further, the error code should not be ENOEXEC, because that
  causes the loop in search_binary_handler() to continue trying other exec
  handlers (twice, in fact).  But it's too late for this to work correctly,
  because the user address space has already been torn down, and an exec()
  failure cannot be returned to the user code because the code no longer
  exists.  The only recovery is to force a SIGSEGV, but it's best to terminate
  the search loop immediately.  I somewhat arbitrarily chose EINVAL as a
  fallback error code, but any error returned by load_elf_interp() will
  override that (but this value will never be seen by user-space).

  The 2nd hunk deals with the non-interp-side of the outer "if".  There were
  two problems here as well.  The SIGSEGV needs to be forced, because a prior
  sigaction() syscall might have set the associated disposition to SIG_IGN.
  And the ENOEXEC should be changed to EINVAL as described above.

Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: Ernie Petrides <petrides@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-03 15:26:59 -07:00
..
9p Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
adfs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
affs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
afs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
autofs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
autofs4 [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
befs typo fixes: aquire -> acquire 2006-06-30 18:23:04 +02:00
bfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
cifs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
coda Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
configfs configfs: Clear up a few extra spaces where there should be TABs. 2006-06-29 14:43:01 -07:00
cramfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
debugfs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
devpts [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
efs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
exportfs [PATCH] NFS server subtree_check returns dubious value 2006-05-21 12:59:16 -07:00
ext2 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ext3 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
fat [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
freevxfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
fuse [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
hfs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
hfsplus Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
hostfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
hpfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
hppfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hugetlbfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
isofs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
jbd [PATCH] add poison.h and patch primary users 2006-06-27 17:32:38 -07:00
jffs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
jffs2 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
jfs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
lockd Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
minix [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
msdos [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
ncpfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
nfs [PATCH] nfs: non-procfs build fix 2006-07-02 15:10:20 -07:00
nfs_common
nfsd Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
nls Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ntfs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ocfs2 ocfs2: remove redundant NULL checks in ocfs2_direct_IO_get_blocks() 2006-06-29 16:13:35 -07:00
openpromfs [OPENPROMFS]: Rewrite using in-kernel device tree and seq_file. 2006-06-25 23:19:14 -07:00
partitions Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
proc Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
qnx4 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ramfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
reiserfs [PATCH] reiserfs: update ctime and mtime on expanding truncate 2006-07-01 09:56:04 -07:00
romfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
smbfs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
sysfs [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
sysv [PATCH] mark address_space_operations const 2006-06-28 14:59:04 -07:00
udf Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ufs [PATCH] ufs: truncate should allocate block for last byte 2006-07-01 09:56:03 -07:00
vfat [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
xfs Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
aio.c spelling fixes 2006-06-26 18:35:02 +02:00
attr.c
bad_inode.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
binfmt_aout.c
binfmt_elf.c [PATCH] binfmt_elf: fix checks for bad address 2006-07-03 15:26:59 -07:00
binfmt_elf_fdpic.c [PATCH] frv: binfmt_elf_fdpic __user annotations 2006-06-23 07:42:54 -07:00
binfmt_em86.c
binfmt_flat.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
binfmt_misc.c Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
binfmt_script.c
binfmt_som.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
bio.c [PATCH] Fix missing ret assignment in __bio_map_user() error path 2006-06-17 10:52:12 -07:00
block_dev.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
buffer.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
char_dev.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
compat.c [PATCH] x86_64: Add compat_printk and sysctl to turn off compat layer warnings 2006-06-26 10:48:16 -07:00
compat_ioctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
dcache.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
dcookies.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
direct-io.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
dnotify.c
dquot.c [PATCH] use list_add_tail() instead of list_add() 2006-06-26 09:58:17 -07:00
drop_caches.c
eventpoll.c [PATCH] epoll: use unlocked wqueue operations 2006-06-25 10:01:13 -07:00
exec.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
fcntl.c BUG_ON() Conversion in fs/fcntl.c 2006-04-02 13:37:19 +02:00
fifo.c [PATCH] pipe.c/fifo.c code cleanups 2006-04-11 13:53:33 +02:00
file.c [PATCH] for_each_possible_cpu: fixes for generic part 2006-03-28 09:16:05 -08:00
file_table.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
filesystems.c
fs-writeback.c [PATCH] zoned vm counters: conversion of nr_unstable to per zone counter 2006-06-30 11:25:36 -07:00
inode.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
inotify.c [PATCH] inotify (4/5): allow watch removal from event handler 2006-06-20 05:25:19 -04:00
inotify_user.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
ioctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ioprio.c [PATCH] SELinux: Add security hook definition for getioprio and insert hooks 2006-06-30 11:25:37 -07:00
Kconfig ocfs2: OCFS2_FS must depend on SYSFS 2006-06-29 14:56:12 -07:00
Kconfig.binfmt
libfs.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
locks.c [PATCH] fs/locks.c: make posix_locks_deadlock() static 2006-06-23 07:43:03 -07:00
Makefile [PATCH] devfs: Remove devfs from the kernel tree 2006-06-26 12:25:05 -07:00
mbcache.c [PATCH] Typo fixes 2006-03-28 09:16:08 -08:00
mpage.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
namei.c [PATCH] Implement AT_SYMLINK_FOLLOW flag for linkat 2006-06-25 10:01:22 -07:00
namespace.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
nfsctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
open.c [PATCH] ftruncate does not always update m/ctime 2006-06-25 10:01:15 -07:00
pipe.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
pnode.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
pnode.h
posix_acl.c
quota.c
quota_v1.c
quota_v2.c
read_write.c [PATCH] splice: unlikely() optimizations 2006-04-11 13:56:09 +02:00
readdir.c
select.c [PATCH] fs: sys_poll with timeout -1 bug fix 2006-06-25 10:01:22 -07:00
seq_file.c
splice.c [PATCH] splice: retrieve mapping after locking the page 2006-06-23 17:10:39 +02:00
stat.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
super.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
sync.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
xattr.c [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00
xattr_acl.c