Skip to content

Commit e1fbbd0

Browse files
cyrillostorvalds
authored andcommitted
prctl: allow to setup brk for et_dyn executables
Keno Fischer reported that when a binray loaded via ld-linux-x the prctl(PR_SET_MM_MAP) doesn't allow to setup brk value because it lays before mm:end_data. For example a test program shows | # ~/t | | start_code 401000 | end_code 401a15 | start_stack 7ffce4577dd0 | start_data 403e10 | end_data 40408c | start_brk b5b000 | sbrk(0) b5b000 and when executed via ld-linux | # /lib64/ld-linux-x86-64.so.2 ~/t | | start_code 7fc25b0a4000 | end_code 7fc25b0c4524 | start_stack 7fffcc6b2400 | start_data 7fc25b0ce4c0 | end_data 7fc25b0cff98 | start_brk 55555710c000 | sbrk(0) 55555710c000 This of course prevent criu from restoring such programs. Looking into how kernel operates with brk/start_brk inside brk() syscall I don't see any problem if we allow to setup brk/start_brk without checking for end_data. Even if someone pass some weird address here on a purpose then the worst possible result will be an unexpected unmapping of existing vma (own vma, since prctl works with the callers memory) but test for RLIMIT_DATA is still valid and a user won't be able to gain more memory in case of expanding VMAs via new values shipped with prctl call. Link: https://lkml.kernel.org/r/20210121221207.GB2174@grain Fixes: bbdc607 ("binfmt_elf: move brk out of mmap when doing direct loader exec") Signed-off-by: Cyrill Gorcunov <[email protected]> Reported-by: Keno Fischer <[email protected]> Acked-by: Andrey Vagin <[email protected]> Tested-by: Andrey Vagin <[email protected]> Cc: Dmitry Safonov <[email protected]> Cc: Kirill Tkhai <[email protected]> Cc: Eric W. Biederman <[email protected]> Cc: Pavel Tikhomirov <[email protected]> Cc: Alexander Mikhalitsyn <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
1 parent 5b91a75 commit e1fbbd0

File tree

1 file changed

+0
-7
lines changed

1 file changed

+0
-7
lines changed

kernel/sys.c

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1959,13 +1959,6 @@ static int validate_prctl_map_addr(struct prctl_mm_map *prctl_map)
19591959

19601960
error = -EINVAL;
19611961

1962-
/*
1963-
* @brk should be after @end_data in traditional maps.
1964-
*/
1965-
if (prctl_map->start_brk <= prctl_map->end_data ||
1966-
prctl_map->brk <= prctl_map->end_data)
1967-
goto out;
1968-
19691962
/*
19701963
* Neither we should allow to override limits if they set.
19711964
*/

0 commit comments

Comments
 (0)