Unverified Commit 22b314fe authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!12102 Fix CVE-2024-46826 

Merge Pull Request from: @ci-robot 
 
PR sync from: Gu Bowen <gubowen5@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/4WQNGYPGA6CAQRQC3ZYKFGIH3IXHV7VN/ 
Fix CVE-2024-46826

Alexey Dobriyan (1):
  ELF: fix kernel.randomize_va_space double read

Gu Bowen (1):
  ELF: Fix mixed declarations and code of "snapshot_randomize_va_space"


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/IAU9NT 
 
Link:https://gitee.com/openeuler/kernel/pulls/12102

 

Reviewed-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents 6f31e5b4 a6e353d5

fs/binfmt_elf.c

+3 −2
Original line number Diff line number Diff line
@@ -839,6 +839,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
	struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;

	struct mm_struct *mm;

	struct pt_regs *regs;

	const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space);



	retval = -ENOEXEC;

	/* First of all, some simple consistency checks */
@@ -1005,7 +1006,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
	if (elf_read_implies_exec(*elf_ex, executable_stack))

		current->personality |= READ_IMPLIES_EXEC;



	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)

	if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_va_space)

		current->flags |= PF_RANDOMIZE;



	setup_new_exec(bprm);
@@ -1275,7 +1276,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
	mm->end_data = end_data;

	mm->start_stack = bprm->p;



	if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {

	if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) {

		/*

		 * For architectures with ELF randomization, when executing

		 * a loader directly (i.e. no interpreter listed in ELF