On 2025/5/20 19:25, Greg KH wrote:
On Fri, May 09, 2025 at 02:14:15PM +0800, Feng Liu wrote:
From: Alexey Dobriyan adobriyan@gmail.com
[ Upstream commit 2a97388a807b6ab5538aa8f8537b2463c6988bd2 ]
ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences.
Issue exactly one load for consistent value across one exec.
Signed-off-by: Alexey Dobriyan adobriyan@gmail.com Link: https://lore.kernel.org/r/3329905c-7eb8-400a-8f0a-d87cff979b5b@p183 Signed-off-by: Kees Cook kees@kernel.org Signed-off-by: Feng Liu Feng.Liu3@windriver.com Signed-off-by: He Zhe Zhe.He@windriver.com
Verified the build test.
No you did not! This breaks the build.
This is really really annoying as it breaks the workflow on our side when you submit code that does not work at all.
Please go and retest all of the outstanding commits that you all have submitted and fix them up and resend them. I'm dropping all of the rest of them from my pending queue as this shows a total lack of testing happening which implies that I can't trust any of these at all.
And I want you all to prove that you have actually tested the code, not just this bland "Verified the build test" which is a _very_ low bar, that is not even happening here at all :(
Sorry for any inconvenience.
We did do some build test on Ubuntu22.04 with the default GCC 11.4.0 and defconfig on an x86_64 machine against the latest linux-stable before sending the patch out. And we just redid the build test and caught below warning that we missed before:
../fs/binfmt_elf.c: In function ‘load_elf_binary’: ../fs/binfmt_elf.c:1011:9: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] 1011 | const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space); |
Just to be clear, is this the issue that breaks the build from your side?
We just used the default config and didn't manually enable -WERROR which is disabled by default for 5.10 and 5.15. After searching around we feel that we should have enabled it as suggested by https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... even for 5.10 and 5.15, so that such case wouldn't go unnoticed.
And as you mentioned in another thread, we will definitely enlarge the test coverage and provide more details, for example:
Machine: x86_64 OS: Ubuntu24.04, Ubuntu22.04, ... GCC: 11.04, ... Tree: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/, Branch: linux-6.12.y, ... Commands: make allyesconfig, make bzImage, ...
for the first step and then introduce some automation and provide public link containing more details.
Thanks, Zhe
greg k-h