Skip to content

Commit 96ecee2

Browse files
committed
exec: Merge install_exec_creds into setup_new_exec
The two functions are now always called one right after the other so merge them together to make future maintenance easier. Reviewed-by: Kees Cook <[email protected]> Reviewed-by: Greg Ungerer <[email protected]> Signed-off-by: "Eric W. Biederman" <[email protected]>
1 parent 1507b7a commit 96ecee2

File tree

8 files changed

+27
-37
lines changed

8 files changed

+27
-37
lines changed

arch/x86/ia32/ia32_aout.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,6 @@ static int load_aout_binary(struct linux_binprm *bprm)
140140
set_personality_ia32(false);
141141

142142
setup_new_exec(bprm);
143-
install_exec_creds(bprm);
144143

145144
regs->cs = __USER32_CS;
146145
regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 =

fs/binfmt_aout.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,6 @@ static int load_aout_binary(struct linux_binprm * bprm)
162162
set_personality(PER_LINUX);
163163
#endif
164164
setup_new_exec(bprm);
165-
install_exec_creds(bprm);
166165

167166
current->mm->end_code = ex.a_text +
168167
(current->mm->start_code = N_TXTADDR(ex));

fs/binfmt_elf.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -858,7 +858,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
858858
current->flags |= PF_RANDOMIZE;
859859

860860
setup_new_exec(bprm);
861-
install_exec_creds(bprm);
862861

863862
/* Do this so that we can load the interpreter, if need be. We will
864863
change some of these later */

fs/binfmt_elf_fdpic.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -353,7 +353,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
353353
current->personality |= READ_IMPLIES_EXEC;
354354

355355
setup_new_exec(bprm);
356-
install_exec_creds(bprm);
357356

358357
set_binfmt(&elf_fdpic_format);
359358

fs/binfmt_flat.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -541,7 +541,6 @@ static int load_flat_file(struct linux_binprm *bprm,
541541
/* OK, This is the point of no return */
542542
set_personality(PER_LINUX_32BIT);
543543
setup_new_exec(bprm);
544-
install_exec_creds(bprm);
545544
}
546545

547546
/*

fs/exec.c

Lines changed: 26 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1443,6 +1443,31 @@ void setup_new_exec(struct linux_binprm * bprm)
14431443
group */
14441444
WRITE_ONCE(current->self_exec_id, current->self_exec_id + 1);
14451445
flush_signal_handlers(current, 0);
1446+
1447+
/*
1448+
* install the new credentials for this executable
1449+
*/
1450+
security_bprm_committing_creds(bprm);
1451+
1452+
commit_creds(bprm->cred);
1453+
bprm->cred = NULL;
1454+
1455+
/*
1456+
* Disable monitoring for regular users
1457+
* when executing setuid binaries. Must
1458+
* wait until new credentials are committed
1459+
* by commit_creds() above
1460+
*/
1461+
if (get_dumpable(current->mm) != SUID_DUMP_USER)
1462+
perf_event_exit_task(current);
1463+
/*
1464+
* cred_guard_mutex must be held at least to this point to prevent
1465+
* ptrace_attach() from altering our determination of the task's
1466+
* credentials; any time after this it may be unlocked.
1467+
*/
1468+
security_bprm_committed_creds(bprm);
1469+
mutex_unlock(&current->signal->exec_update_mutex);
1470+
mutex_unlock(&current->signal->cred_guard_mutex);
14461471
}
14471472
EXPORT_SYMBOL(setup_new_exec);
14481473

@@ -1458,7 +1483,7 @@ EXPORT_SYMBOL(finalize_exec);
14581483

14591484
/*
14601485
* Prepare credentials and lock ->cred_guard_mutex.
1461-
* install_exec_creds() commits the new creds and drops the lock.
1486+
* setup_new_exec() commits the new creds and drops the lock.
14621487
* Or, if exec fails before, free_bprm() should release ->cred and
14631488
* and unlock.
14641489
*/
@@ -1504,35 +1529,6 @@ int bprm_change_interp(const char *interp, struct linux_binprm *bprm)
15041529
}
15051530
EXPORT_SYMBOL(bprm_change_interp);
15061531

1507-
/*
1508-
* install the new credentials for this executable
1509-
*/
1510-
void install_exec_creds(struct linux_binprm *bprm)
1511-
{
1512-
security_bprm_committing_creds(bprm);
1513-
1514-
commit_creds(bprm->cred);
1515-
bprm->cred = NULL;
1516-
1517-
/*
1518-
* Disable monitoring for regular users
1519-
* when executing setuid binaries. Must
1520-
* wait until new credentials are committed
1521-
* by commit_creds() above
1522-
*/
1523-
if (get_dumpable(current->mm) != SUID_DUMP_USER)
1524-
perf_event_exit_task(current);
1525-
/*
1526-
* cred_guard_mutex must be held at least to this point to prevent
1527-
* ptrace_attach() from altering our determination of the task's
1528-
* credentials; any time after this it may be unlocked.
1529-
*/
1530-
security_bprm_committed_creds(bprm);
1531-
mutex_unlock(&current->signal->exec_update_mutex);
1532-
mutex_unlock(&current->signal->cred_guard_mutex);
1533-
}
1534-
EXPORT_SYMBOL(install_exec_creds);
1535-
15361532
/*
15371533
* determine how safe it is to execute the proposed program
15381534
* - the caller must hold ->cred_guard_mutex to protect against

include/linux/binfmts.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,6 @@ extern int transfer_args_to_stack(struct linux_binprm *bprm,
145145
extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);
146146
extern int copy_strings_kernel(int argc, const char *const *argv,
147147
struct linux_binprm *bprm);
148-
extern void install_exec_creds(struct linux_binprm *bprm);
149148
extern void set_binfmt(struct linux_binfmt *new);
150149
extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t);
151150

kernel/events/core.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12217,7 +12217,7 @@ static void perf_event_exit_task_context(struct task_struct *child, int ctxn)
1221712217
* When a child task exits, feed back event values to parent events.
1221812218
*
1221912219
* Can be called with exec_update_mutex held when called from
12220-
* install_exec_creds().
12220+
* setup_new_exec().
1222112221
*/
1222212222
void perf_event_exit_task(struct task_struct *child)
1222312223
{

0 commit comments

Comments
 (0)