Potential bug in fs/binfmt_elf.c?

[Mike Hearn]

Hi,

I believe there is a problem in fs/binfmt_elf.c, around line 700 (kernel
2.6.1)

When mapping a nobits PT_LOAD segment with a memsize > filesize, the
kernel calls set_brk (which in turns calls do_brk) to map and clear the
area, but this discards access permissons on the mapping leading to rwx
protection. This causes a load failure on systems where the VM cannot
reserve swap space for the segment, unless overcommit is active (on many
systems it's not on by default).

I don't know this code well, but it seems that this discarding of access
permissions on the unlikely codepath is incorrect. I filed bug #2255 [1]
on it.

Could somebody who understands the ELF loading code please check to see
if this is a bug, and if so produce a patch? 

The ability to define a new (large) ELF section which isn't backed by
swap space nor disk space and that will be mapped to a specific VMA
range is needed by Wine to reserve the PE load area. 

Currently the fact that the section is always mapped rwx despite being
marked read-only in the binary prevents us from using this as a solution
to the problems caused by exec-shield/prelink, meaning the only solution
is to bootstrap the ELF interpreter ourselves from a statically linked
binary. Clearly we'd rather not do that.

Thanks to pageexec@xxxxxxxxxxx for bringing the matter to my attention.

Your assistance is appreciated,
thanks -mike

[1] http://bugzilla.kernel.org/show_bug.cgi?id=2255

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/