[rh7] prctl: Fix false positive in validate_prctl_map

Submitted by Kirill Gorkunov on April 9, 2019, 7:16 a.m.

Details

Message ID 20190409071557.GE6193@uranus.lan
State New
Series "prctl: Fix false positive in validate_prctl_map"
Headers show

Commit Message

Kirill Gorkunov April 9, 2019, 7:16 a.m.
While validating new map we require the @start_data to be strictly less
than @end_data, which is fine for regular applications (this is why this
nit didn't trigger for that long). These members are set from executable
loaders such as elf halders, still it is pretty valid to have a loadable
data section with zero size in file, in such case the start_data is equal
to end_data once kernel loader finishes.

In result when we'are trying to restore such program the procedure fails
and kernel returns -EINVAL. From the image dump of a program:

 | "mm_start_code": "0x400000",
 | "mm_end_code": "0x8f5fb4",
 | "mm_start_data": "0xf1bfb0",
 | "mm_end_data": "0xf1bfb0",

Thus we need to change validate_prctl_map from strictly less to less or
equal operator use.

https://jira.sw.ru/browse/PSBM-93526

Fixes: f606b77f1a9e362451aca8f81d8f36a3a112139e
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
 kernel/sys.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

Index: linux-pcs7.git/kernel/sys.c
===================================================================
--- linux-pcs7.git.orig/kernel/sys.c
+++ linux-pcs7.git/kernel/sys.c
@@ -2153,7 +2153,7 @@  static int validate_prctl_map(struct prc
 	((unsigned long)prctl_map->__m1 __op				\
 	 (unsigned long)prctl_map->__m2) ? 0 : -EINVAL
 	error  = __prctl_check_order(start_code, <, end_code);
-	error |= __prctl_check_order(start_data, <, end_data);
+	error |= __prctl_check_order(start_data,<=, end_data);
 	error |= __prctl_check_order(start_brk, <=, brk);
 	error |= __prctl_check_order(arg_start, <=, arg_end);
 	error |= __prctl_check_order(env_start, <=, env_end);