korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-13 14:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
fa93fa65db
linux/fs
History
Kees Cook 3a68449926 binfmt_flat: Fix corruption when not offsetting data start 
[ Upstream commit 3eb3cd5992 ]

Commit 04d82a6d08 ("binfmt_flat: allow not offsetting data start")
introduced a RISC-V specific variant of the FLAT format which does
not allocate any space for the (obsolete) array of shared library
pointers. However, it did not disable the code which initializes the
array, resulting in the corruption of sizeof(long) bytes before the DATA
segment, generally the end of the TEXT segment.

Introduce MAX_SHARED_LIBS_UPDATE which depends on the state of
CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of
the shared library pointer region so that it will only be initialized
if space is reserved for it.

Fixes: 04d82a6d08 ("binfmt_flat: allow not offsetting data start")
Co-developed-by: Stefan O'Rear <sorear@fastmail.com>
Signed-off-by: Stefan O'Rear <sorear@fastmail.com>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Acked-by: Greg Ungerer <gerg@linux-m68k.org>
Link: https://lore.kernel.org/r/20240807195119.it.782-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-08-19 05:45:52 +02:00
..
9p fs/9p: drop inodes immediately on non-.L too 2024-05-17 11:50:55 +02:00
adfs
affs affs: initialize fsdata in affs_truncate() 2023-02-01 08:27:06 +01:00
afs afs: Don't cross .backup mountpoint from backup volume 2024-06-16 13:39:53 +02:00
autofs autofs: fix memory leak of waitqueues in autofs_catatonic_mode 2023-09-23 11:09:54 +02:00
befs
bfs
btrfs btrfs: fix double inode unlock for direct IO sync writes 2024-08-19 05:45:49 +02:00
cachefiles cachefiles: fix memory leak in cachefiles_add_cache() 2024-03-06 14:38:50 +00:00
ceph ceph: fix incorrect kmalloc size of pagevec mempool 2024-08-19 05:45:26 +02:00
cifs cifs: fix typo in module parameter enable_gcm_256 2024-07-05 09:14:40 +02:00
coda coda: Avoid partial allocation of sig_inputArgs 2023-03-10 09:39:50 +01:00
configfs configfs: fix possible memory leak in configfs_create_dir() 2022-12-31 13:14:15 +01:00
cramfs
crypto fscrypt: fix keyring memory leak on mount failure 2022-11-10 18:15:37 +01:00
debugfs debugfs: fix automount d_fsdata usage 2024-01-25 14:52:27 -08:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-02-01 17:27:01 +01:00
dlm dlm: fix plock lookup when using multiple lockspaces 2023-09-19 12:22:52 +02:00
ecryptfs ecryptfs: Fix buffer size for tag 66 packet 2024-06-16 13:39:16 +02:00
efivarfs efivarfs: force RO when remounting if SetVariable is not supported 2024-01-25 14:52:33 -08:00
efs
erofs erofs: apply proper VMA alignment for memory mapped files on THP 2024-03-15 10:48:15 -04:00
exfat exfat: support dynamic allocate bh for exfat_entry_set_cache 2024-03-01 13:21:56 +01:00
exportfs exportfs: use pr_debug for unreachable debug statements 2024-04-10 16:19:21 +02:00
ext2 ext2: Verify bitmap and itable block numbers before using them 2024-08-19 05:45:12 +02:00
ext4 ext4: fix wrong unit use in ext4_mb_find_by_goal 2024-08-19 05:45:39 +02:00
f2fs f2fs: fix to don't dirty inode for readonly filesystem 2024-08-19 05:44:49 +02:00
fat fat: fix uninitialized field in nostale filehandles 2024-04-10 16:18:35 +02:00
freevxfs
fscache fscache: Remove an unused static variable 2021-10-04 22:13:12 +01:00
fuse fuse: verify {g,u}id mount options correctly 2024-08-19 05:45:11 +02:00
gfs2 gfs2: Fix "ignore unlock failures after withdraw" 2024-06-16 13:39:20 +02:00
hfs hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() 2024-08-19 05:45:12 +02:00
hfsplus hfsplus: fix to avoid false alarm of circular locking 2024-08-19 05:44:50 +02:00
hostfs
hpfs
hugetlbfs fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super 2024-03-06 14:38:50 +00:00
iomap iomap: update ki_pos a little later in iomap_dio_complete 2023-12-08 08:48:05 +01:00
isofs isofs: handle CDs with bad root inode but good Joliet root directory 2024-04-13 13:01:44 +02:00
jbd2 jbd2: avoid memleak in jbd2_journal_write_metadata_buffer 2024-08-19 05:45:39 +02:00
jffs2 jffs2: Fix potential illegal address access in jffs2_free_inode 2024-07-18 13:07:29 +02:00
jfs jfs: Fix array-index-out-of-bounds in diFree 2024-08-19 05:45:23 +02:00
kernfs fs/kernfs/dir: obey S_ISGID 2024-02-23 08:54:51 +01:00
ksmbd ksmbd: ignore trailing slashes in share paths 2024-07-05 09:14:37 +02:00
lockd Revert "lockd: introduce safe async lock op" 2024-04-27 17:05:23 +02:00
minix minix: fix bug when opening a file with O_DIRECT 2022-04-13 20:59:10 +02:00
netfs netfs: fix parameter of cleanup() 2021-12-29 12:28:59 +01:00
nfs NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server 2024-08-19 05:45:03 +02:00
nfs_common nfs: Fix kerneldoc warning shown up by W=1 2021-10-04 22:02:17 +01:00
nfsd knfsd: LOOKUP can return an illegal error value 2024-07-05 09:14:21 +02:00
nilfs2 nilfs2: handle inconsistent state in nilfs_btnode_create_block() 2024-08-19 05:45:22 +02:00
nls fs/nls: make load_nls() take a const parameter 2023-09-19 12:22:27 +02:00
notify fanotify: Remove obsoleted fanotify_event_has_path() 2024-04-10 16:19:19 +02:00
ntfs ntfs: check overflow when iterating ATTR_RECORDs 2022-11-26 09:24:52 +01:00
ntfs3 fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed 2024-08-19 05:45:16 +02:00
ocfs2 ocfs2: add bounds checking to ocfs2_check_dir_entry() 2024-07-27 10:46:16 +02:00
omfs
openpromfs openpromfs: finish conversion to the new mount API 2024-06-16 13:39:16 +02:00
orangefs orangefs: fix out-of-bounds fsid access 2024-07-18 13:07:29 +02:00
overlayfs ima: detect changes to the backing overlay file 2023-11-28 16:56:29 +00:00
proc sysctl: always initialize i_uid/i_gid 2024-08-19 05:45:28 +02:00
pstore pstore/zone: Add a null pointer check to the psz_kmsg_read 2024-04-13 13:01:43 +02:00
qnx4 qnx4: work around gcc false positive warning bug 2021-09-21 08:36:48 -07:00
qnx6
quota quota: Fix rcu annotations of inode dquot pointers 2024-03-26 18:21:27 -04:00
ramfs shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs 2023-07-23 13:47:33 +02:00
reiserfs reiserfs: Check the return value from __getblk() 2023-09-19 12:22:30 +02:00
romfs
smbfs_common cifs: Fix crash on unload of cifs_arc4.ko 2021-12-14 10:57:12 +01:00
squashfs revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" 2023-02-22 12:57:07 +01:00
sysfs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-04-27 17:05:28 +02:00
sysv sysv: don't call sb_bread() with pointers_lock held 2024-04-13 13:01:44 +02:00
tracefs tracefs: Add missing lockdown check to tracefs_create_dir() 2023-09-23 11:10:02 +02:00
ubifs ubifs: Set page uptodate in the correct place 2024-04-10 16:18:35 +02:00
udf udf: prevent integer overflow in udf_bitmap_free_blocks() 2024-08-19 05:45:37 +02:00
ufs
unicode
vboxsf vboxsf: Avoid an spurious warning if load_nls_xxx() fails 2024-04-10 16:19:38 +02:00
verity fsverity: skip PKCS#7 parser when keyring is empty 2023-09-19 12:22:52 +02:00
xfs xfs: fix log recovery buffer allocation for the legacy h_size fixup 2024-08-19 05:45:49 +02:00
zonefs zonefs: Improve error handling 2024-03-01 13:21:43 +01:00
aio.c fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion 2024-04-10 16:18:46 +02:00
anon_inodes.c
attr.c attr: block mode changes of symlinks 2023-09-23 11:10:01 +02:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c fs: binfmt_elf_efpic: fix personality for ELF-FDPIC 2023-10-06 13:18:24 +02:00
binfmt_elf.c fs/binfmt_elf: Fix memory leak in load_elf_binary() 2022-11-03 23:59:12 +09:00
binfmt_flat.c binfmt_flat: Fix corruption when not offsetting data start 2024-08-19 05:45:52 +02:00
binfmt_misc.c binfmt_misc: fix shift-out-of-bounds in check_special_flags 2022-12-31 13:14:39 +01:00
binfmt_script.c
buffer.c mm: fs: initialize fsdata passed to write_begin/write_end interface 2022-11-26 09:24:51 +01:00
char_dev.c chardev: fix error handling in cdev_device_add() 2022-12-31 13:14:30 +01:00
compat_binfmt_elf.c
coredump.c coredump: Use the vma snapshot in fill_files_note 2022-04-08 14:24:18 +02:00
d_path.c
dax.c fsdax: Fix infinite loop in dax_iomap_rw() 2022-09-28 11:11:56 +02:00
dcache.c fs: better handle deep ancestor chains in is_subdir() 2024-07-27 10:46:13 +02:00
direct-io.c
drop_caches.c
eventfd.c eventfd: prevent underflow for eventfd semaphores 2023-09-19 12:22:30 +02:00
eventpoll.c epoll: be better about file lifetimes 2024-06-16 13:39:15 +02:00
exec.c exec: Fix ToCToU between perm check and set-uid/gid usage 2024-08-19 05:45:51 +02:00
fcntl.c
fhandle.c do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak 2024-03-26 18:21:14 -04:00
file_table.c locks: fix TOCTOU race when granting write lease 2022-10-26 12:34:58 +02:00
file.c protect the fetch of ->fd[fd] in do_dup2() from mispredictions 2024-08-19 05:45:33 +02:00
filesystems.c
fs_context.c fs: avoid empty option when generating legacy mount string 2023-07-23 13:47:34 +02:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs 2023-11-20 11:08:13 +01:00
fsopen.c
init.c
inode.c fs: add ctime accessors infrastructure 2023-12-08 08:48:04 +01:00
internal.h nfs: use vfs setgid helper 2023-08-30 16:18:19 +02:00
ioctl.c lsm: new security_file_ioctl_compat() hook 2024-02-23 08:54:25 +01:00
Kconfig NFSD: Remove CONFIG_NFSD_V3 2024-04-10 16:19:01 +02:00
Kconfig.binfmt
kernel_read_file.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-18 20:22:03 -10:00
libfs.c libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value 2022-12-31 13:14:03 +01:00
locks.c filelock: Fix fcntl/close race recovery compat path 2024-07-27 10:46:17 +02:00
Makefile io_uring: move to separate directory 2022-12-14 11:37:31 +01:00
mbcache.c mbcache: Avoid nesting of cache->c_list_lock under bit locks 2023-01-12 11:59:20 +01:00
mount.h
mpage.c
namei.c rename(): fix the locking of subdirectories 2024-02-23 08:54:26 +01:00
namespace.c fs: indicate request originates from old mount API 2024-01-25 14:52:35 -08:00
no-block.c
nsfs.c
open.c ftruncate: pass a signed offset 2024-07-05 09:14:50 +02:00
pipe.c fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() 2024-04-10 16:19:42 +02:00
pnode.c pnode: terminate at peers of source 2023-01-12 11:58:47 +01:00
pnode.h
posix_acl.c fs: fix acl translation 2022-07-02 16:41:17 +02:00
proc_namespace.c fs: add is_idmapped_mnt() helper 2022-07-02 16:41:14 +02:00
read_write.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-12-19 12:36:39 +01:00
readdir.c
remap_range.c fs/remap: constrain dedupe of EOF blocks 2022-07-21 21:24:14 +02:00
select.c fs/select: rework stack allocation hack for clang 2024-03-26 18:21:15 -04:00
seq_file.c rxrpc: Fix locking issue 2022-07-12 16:35:08 +02:00
signalfd.c signalfd: use wake_up_pollfree() 2021-12-14 10:57:15 +01:00
splice.c Revert "fs: check FMODE_LSEEK to control internal pipe splicing" 2022-10-26 12:34:17 +02:00
stack.c
stat.c stat: fix inconsistency between struct stat and struct compat_stat 2022-04-27 14:38:57 +02:00
statfs.c statfs: enforce statfs[64] structure initialization 2023-05-24 17:36:54 +01:00
super.c fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT 2024-08-19 05:45:27 +02:00
sync.c vfs: make sync_filesystem return errors from ->sync_fs 2022-04-27 14:38:50 +02:00
timerfd.c
userfaultfd.c Fix userfaultfd_api to return EINVAL as expected 2024-07-18 13:07:42 +02:00
utimes.c
xattr.c fs: don't audit the capability check in simple_xattr_list() 2022-12-31 13:14:01 +01:00