Unverified Commit b4c65e94 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!12220 Fix CVE-2024-46826 

Merge Pull Request from: @ci-robot 
 
PR sync from: Gu Bowen <gubowen5@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/UX33B46PHPLEHVIBJZ3GVXT4XAQS3AK4/ 
Fix CVE-2024-46826

Alexey Dobriyan (1):
  ELF: fix kernel.randomize_va_space double read

Gu Bowen (1):
  ELF: Fix mixed declarations and code of "snapshot_randomize_va_space"


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/IAU9NT 
 
Link:https://gitee.com/openeuler/kernel/pulls/12220

 

Reviewed-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents 0e800038 191ecf3b

fs/binfmt_elf.c

+3 −2
Original line number Diff line number Diff line
@@ -730,6 +730,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
		struct elfhdr interp_elf_ex;

	} *loc;

	struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;

	const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space);

	loff_t pos;



	loc = kmalloc(sizeof(*loc), GFP_KERNEL);
@@ -897,7 +898,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
	if (elf_read_implies_exec(loc->elf_ex, executable_stack))

		current->personality |= READ_IMPLIES_EXEC;



	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)

	if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_va_space)

		current->flags |= PF_RANDOMIZE;



	setup_new_exec(bprm);
@@ -1161,7 +1162,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
	current->mm->end_data = end_data;

	current->mm->start_stack = bprm->p;



	if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {

	if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) {

		/*

		 * For architectures with ELF randomization, when executing

		 * a loader directly (i.e. no interpreter listed in ELF