summaryrefslogtreecommitdiffstats
path: root/lib/parser.c
diff options
context:
space:
mode:
authorRoland McGrath <roland@redhat.com>2009-09-08 19:49:40 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2009-09-09 20:03:47 -0700
commit752015d1b0683a8c623ebfe4c62893413e9b30d3 (patch)
tree1ad20299d64fd85678ae9714f88d8683ed335da1 /lib/parser.c
parent74fca6a42863ffacaf7ba6f1936a9f228950f657 (diff)
downloadblackbird-op-linux-752015d1b0683a8c623ebfe4c62893413e9b30d3.tar.gz
blackbird-op-linux-752015d1b0683a8c623ebfe4c62893413e9b30d3.zip
binfmt_elf: fix PT_INTERP bss handling
In fs/binfmt_elf.c, load_elf_interp() calls padzero() for .bss even if the PT_LOAD has no PROT_WRITE and no .bss. This generates EFAULT. Here is a small test case. (Yes, there are other, useful PT_INTERP which have only .text and no .data/.bss.) ----- ptinterp.S _start: .globl _start nop int3 ----- $ gcc -m32 -nostartfiles -nostdlib -o ptinterp ptinterp.S $ gcc -m32 -Wl,--dynamic-linker=ptinterp -o hello hello.c $ ./hello Segmentation fault # during execve() itself After applying the patch: $ ./hello Trace trap # user-mode execution after execve() finishes If the ELF headers are actually self-inconsistent, then dying is fine. But having no PROT_WRITE segment is perfectly normal and correct if there is no segment with p_memsz > p_filesz (i.e. bss). John Reiser suggested checking for PROT_WRITE in the bss logic. I think it makes most sense to simply apply the bss logic only when there is bss. This patch looks less trivial than it is due to some reindentation. It just moves the "if (last_bss > elf_bss) {" test up to include the partial-page bss logic as well as the more-pages bss logic. Reported-by: John Reiser <jreiser@bitwagon.com> Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'lib/parser.c')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud