Most binfmt_flat on-disk fields are big endian. Use the proper __be32 type where applicable.
Signed-off-by: Christoph Hellwig <h...@lst.de> Tested-by: Vladimir Murzin <vladimir.mur...@arm.com> Reviewed-by: Vladimir Murzin <vladimir.mur...@arm.com> --- fs/binfmt_flat.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index b63c5e63ae3f..404a0bedc85b 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -421,7 +421,8 @@ static int load_flat_file(struct linux_binprm *bprm, unsigned long textpos, datapos, realdatastart; u32 text_len, data_len, bss_len, stack_len, full_data, flags; unsigned long len, memp, memp_size, extra, rlim; - u32 __user *reloc, *rp; + __be32 __user *reloc; + u32 __user *rp; struct inode *inode; int i, rev, relocs; loff_t fpos; @@ -594,7 +595,7 @@ static int load_flat_file(struct linux_binprm *bprm, goto err; } - reloc = (u32 __user *) + reloc = (__be32 __user *) (datapos + (ntohl(hdr->reloc_start) - text_len)); memp = realdatastart; memp_size = len; @@ -619,7 +620,7 @@ static int load_flat_file(struct linux_binprm *bprm, MAX_SHARED_LIBS * sizeof(u32), FLAT_DATA_ALIGN); - reloc = (u32 __user *) + reloc = (__be32 __user *) (datapos + (ntohl(hdr->reloc_start) - text_len)); memp = textpos; memp_size = len; @@ -785,15 +786,16 @@ static int load_flat_file(struct linux_binprm *bprm, u32 __maybe_unused persistent = 0; for (i = 0; i < relocs; i++) { u32 addr, relval; + __be32 tmp; /* * Get the address of the pointer to be * relocated (of course, the address has to be * relocated first). */ - if (get_user(relval, reloc + i)) + if (get_user(tmp, reloc + i)) return -EFAULT; - relval = ntohl(relval); + relval = ntohl(tmp); addr = flat_get_relocate_addr(relval); rp = (u32 __user *)calc_reloc(addr, libinfo, id, 1); if (rp == (u32 __user *)RELOC_FAILED) { @@ -812,8 +814,13 @@ static int load_flat_file(struct linux_binprm *bprm, * Do the relocation. PIC relocs in the data section are * already in target order */ - if ((flags & FLAT_FLAG_GOTPIC) == 0) - addr = ntohl(addr); + if ((flags & FLAT_FLAG_GOTPIC) == 0) { + /* + * Meh, the same value can have a different + * byte order based on a flag.. + */ + addr = ntohl((__force __be32)addr); + } addr = calc_reloc(addr, libinfo, id, 0); if (addr == RELOC_FAILED) { ret = -ENOEXEC; @@ -828,11 +835,10 @@ static int load_flat_file(struct linux_binprm *bprm, } } else { for (i = 0; i < relocs; i++) { - u32 relval; + __be32 relval; if (get_user(relval, reloc + i)) return -EFAULT; - relval = ntohl(relval); - old_reloc(relval); + old_reloc(ntohl(relval)); } } -- 2.20.1