On Thu, May 22, 2025 at 03:40:16PM +0800, He Zhe wrote:
On 2025/5/20 19:25, Greg KH wrote:
On Fri, May 09, 2025 at 02:14:15PM +0800, Feng Liu wrote:
From: Alexey Dobriyan adobriyan@gmail.com
[ Upstream commit 2a97388a807b6ab5538aa8f8537b2463c6988bd2 ]
ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences.
Issue exactly one load for consistent value across one exec.
Signed-off-by: Alexey Dobriyan adobriyan@gmail.com Link: https://lore.kernel.org/r/3329905c-7eb8-400a-8f0a-d87cff979b5b@p183 Signed-off-by: Kees Cook kees@kernel.org Signed-off-by: Feng Liu Feng.Liu3@windriver.com Signed-off-by: He Zhe Zhe.He@windriver.com
Verified the build test.
No you did not! This breaks the build.
This is really really annoying as it breaks the workflow on our side when you submit code that does not work at all.
Please go and retest all of the outstanding commits that you all have submitted and fix them up and resend them. I'm dropping all of the rest of them from my pending queue as this shows a total lack of testing happening which implies that I can't trust any of these at all.
And I want you all to prove that you have actually tested the code, not just this bland "Verified the build test" which is a _very_ low bar, that is not even happening here at all :(
Sorry for any inconvenience.
We did do some build test on Ubuntu22.04 with the default GCC 11.4.0 and defconfig on an x86_64 machine against the latest linux-stable before sending the patch out. And we just redid the build test and caught below warning that we missed before:
That is a very old version of gcc, and why are you using ubuntu when this all should be tested on your version of Linux as that's what you are backporting these patches for, right? Shouldn't you be doing this work for the portions of the kernel that you are actually using so that you can properly test this stuff?
../fs/binfmt_elf.c: In function ‘load_elf_binary’: ../fs/binfmt_elf.c:1011:9: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] 1011 | const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space); |
Do you think adding a new warning is ok?
Just to be clear, is this the issue that breaks the build from your side?
I don't remember, given that it was many hundreds of patches ago. But probably. Try it yourself and see!
We just used the default config and didn't manually enable -WERROR which is disabled by default for 5.10 and 5.15. After searching around we feel that we should have enabled it as suggested by https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... even for 5.10 and 5.15, so that such case wouldn't go unnoticed.
Default configs for x86 are very limited, please do better testing.
greg k-h