[Devel] [PATCH RHEL9 COMMIT] oracle/exec, elf: ignore invalid note data

Konstantin Khorenko khorenko at virtuozzo.com
Thu Jan 23 23:35:47 MSK 2025 

The commit is pushed to "branch-rh9-5.14.0-427.44.1.vz9.80.x-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh9-5.14.0-427.44.1.vz9.80.5
------>
commit 71b53cb8f26d180c801aa5f4bbfd4dc67b26a379
Author: Anthony Yznaga <anthony.yznaga at oracle.com>
Date:   Fri Mar 25 17:19:16 2022 -0700

    oracle/exec, elf: ignore invalid note data
    
    When checking for a preserved-mem-ok note in a PT_NOTE segment, the
    implementation assumes that note data is accessible through the note
    segment and that the size of the PT_NOTE must be equal to the total size
    of ELF notes headers+data. Normally ELF notes are in contiguous SHT_NOTE
    sections and the PT_NOTE segment points to the first note. However, in a
    third-party binary affected by this bug the PT_NOTE segment size is the
    correct total size of the notes, but the segment offset is different and
    points to all zeros. The note checking implementation fails the exec
    because it incorrectly determines the total size to be invalid due to
    reading all zeros.
    
    The fix is to ignore data that does not appear to be a note and to not
    make assumptions about the total size of the note segment that are
    dependent on other notes.  Failing the exec is then limited to validity
    checks of the preserved-mem-ok note itself.
    
    Orabug: 34003079
    mFixes: d1a6a6483fff ("exec, elf: require opt-in for accepting preserved mem")
    Signed-off-by: Anthony Yznaga <anthony.yznaga at oracle.com>
    Reviewed-by: John Donnelly  <john.p.donnelly at oracle.com>
    
    https://virtuozzo.atlassian.net/browse/VSTOR-96305
    
    (cherry picked from Oracle commit bdc9618f44e81bf422782c01cfb2ac9da01a4b56)
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    Feature: oracle/mm: MADV_DOEXEC madvise() flag
---
 fs/binfmt_elf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 9fe7f4cd5f6e..948d1a547133 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -869,7 +869,7 @@ static int check_preserved_mem_ok(struct linux_binprm *bprm, const char *data, c
 		remain = datasz - off;
 
 		if (remain < sizeof(*nhdr))
-			return -ENOEXEC;
+			break;
 
 		nhdr = (struct elf_note *)(data + off);
 		off += sizeof(*nhdr);

More information about the Devel mailing list