From 28ecd1cc49a467c64c94f4275bf46cac2e3c1ac1 Mon Sep 17 00:00:00 2001 From: arvinzzz Date: Sat, 6 May 2023 15:50:37 +0800 Subject: [PATCH] fixed aa264dd from https://gitee.com/arvinzzz/kernel_linux_5.10/pulls/816 binfmt_elf: Fix fill randomdata error by using copy_to_user We will fill random numbers when load PT_OHOS_RANDOMDATA sections, this section's vaddr is in user spaces and we should use copy_to_user to fill data. Signed-off-by: arvinzzz Change-Id: I7c8d4c5e54f496a1e5e5b2c2ed9c5781c1947bbd --- fs/binfmt_elf.c | 19 ++++++++++++++++++- include/uapi/linux/elf.h | 1 + 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 1651afc8656a..240448b31b75 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1035,7 +1035,24 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long alignment; if (elf_ppnt->p_type == PT_OHOS_RANDOMDATA) { - get_random_bytes((void *)(elf_ppnt->p_vaddr + load_bias), (int)elf_ppnt->p_memsz); + if (elf_ppnt->p_memsz > PT_OHOS_RANDOMDATA_SIZE_LIMIT) { + retval = -EINVAL; + goto out_free_dentry; + } + + void *temp_buf = kmalloc(elf_ppnt->p_memsz, GFP_KERNEL); + if (!temp_buf) { + retval = -ENOMEM; + goto out_free_dentry; + } + + get_random_bytes(temp_buf, (int)elf_ppnt->p_memsz); + if (copy_to_user((void *)(elf_ppnt->p_vaddr + load_bias), temp_buf, (unsigned long)elf_ppnt->p_memsz)) { + retval = -EFAULT; + kfree(temp_buf); + goto out_free_dentry; + } + kfree(temp_buf); continue; } diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 2f06a1195fee..2ae08e605c3c 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -39,6 +39,7 @@ typedef __s64 Elf64_Sxword; #define PT_GNU_PROPERTY 0x6474e553 #define PT_OHOS_RANDOMDATA 0x6788fc60 /* ohos-specific segment */ +#define PT_OHOS_RANDOMDATA_SIZE_LIMIT 1024 * 128 #define PT_GNU_STACK (PT_LOOS + 0x474e551) -- Gitee