Skip to content

Commit cf10015

Browse files
torvaldstorvalds
committed
Merge tag 'execve-v6.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull execve fixes from Kees Cook: - Fix error handling in begin_new_exec() (Bernd Edlinger) - MAINTAINERS: specifically mention ELF (Alexey Dobriyan) - Various cleanups related to earlier open() (Askar Safin, Kees Cook) * tag 'execve-v6.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: exec: Distinguish in_execve from in_exec exec: Fix error handling in begin_new_exec() exec: Add do_close_execat() helper exec: remove useless comment ELF, MAINTAINERS: specifically mention ELF
2 parents 3eab830 + 90383cc commit cf10015

File tree

4 files changed

+34
-11
lines changed

4 files changed

+34
-11
lines changed

MAINTAINERS

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7955,12 +7955,13 @@ L: [email protected]
79557955
S: Maintained
79567956
F: rust/kernel/net/phy.rs
79577957

7958-
EXEC & BINFMT API
7958+
EXEC & BINFMT API, ELF
79597959
R: Eric Biederman <[email protected]>
79607960
R: Kees Cook <[email protected]>
79617961
L: [email protected]
79627962
S: Supported
79637963
T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/execve
7964+
F: Documentation/userspace-api/ELF.rst
79647965
F: fs/*binfmt_*.c
79657966
F: fs/exec.c
79667967
F: include/linux/binfmts.h

fs/exec.c

Lines changed: 30 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -904,6 +904,10 @@ EXPORT_SYMBOL(transfer_args_to_stack);
904904

905905
#endif /* CONFIG_MMU */
906906

907+
/*
908+
* On success, caller must call do_close_execat() on the returned
909+
* struct file to close it.
910+
*/
907911
static struct file *do_open_execat(int fd, struct filename *name, int flags)
908912
{
909913
struct file *file;
@@ -948,6 +952,17 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
948952
return ERR_PTR(err);
949953
}
950954

955+
/**
956+
* open_exec - Open a path name for execution
957+
*
958+
* @name: path name to open with the intent of executing it.
959+
*
960+
* Returns ERR_PTR on failure or allocated struct file on success.
961+
*
962+
* As this is a wrapper for the internal do_open_execat(), callers
963+
* must call allow_write_access() before fput() on release. Also see
964+
* do_close_execat().
965+
*/
951966
struct file *open_exec(const char *name)
952967
{
953968
struct filename *filename = getname_kernel(name);
@@ -1409,6 +1424,9 @@ int begin_new_exec(struct linux_binprm * bprm)
14091424

14101425
out_unlock:
14111426
up_write(&me->signal->exec_update_lock);
1427+
if (!bprm->cred)
1428+
mutex_unlock(&me->signal->cred_guard_mutex);
1429+
14121430
out:
14131431
return retval;
14141432
}
@@ -1484,6 +1502,15 @@ static int prepare_bprm_creds(struct linux_binprm *bprm)
14841502
return -ENOMEM;
14851503
}
14861504

1505+
/* Matches do_open_execat() */
1506+
static void do_close_execat(struct file *file)
1507+
{
1508+
if (!file)
1509+
return;
1510+
allow_write_access(file);
1511+
fput(file);
1512+
}
1513+
14871514
static void free_bprm(struct linux_binprm *bprm)
14881515
{
14891516
if (bprm->mm) {
@@ -1495,10 +1522,7 @@ static void free_bprm(struct linux_binprm *bprm)
14951522
mutex_unlock(&current->signal->cred_guard_mutex);
14961523
abort_creds(bprm->cred);
14971524
}
1498-
if (bprm->file) {
1499-
allow_write_access(bprm->file);
1500-
fput(bprm->file);
1501-
}
1525+
do_close_execat(bprm->file);
15021526
if (bprm->executable)
15031527
fput(bprm->executable);
15041528
/* If a binfmt changed the interp, free it. */
@@ -1520,8 +1544,7 @@ static struct linux_binprm *alloc_bprm(int fd, struct filename *filename, int fl
15201544

15211545
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
15221546
if (!bprm) {
1523-
allow_write_access(file);
1524-
fput(file);
1547+
do_close_execat(file);
15251548
return ERR_PTR(-ENOMEM);
15261549
}
15271550

@@ -1610,6 +1633,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
16101633
}
16111634
rcu_read_unlock();
16121635

1636+
/* "users" and "in_exec" locked for copy_fs() */
16131637
if (p->fs->users > n_fs)
16141638
bprm->unsafe |= LSM_UNSAFE_SHARE;
16151639
else
@@ -1826,9 +1850,6 @@ static int exec_binprm(struct linux_binprm *bprm)
18261850
return 0;
18271851
}
18281852

1829-
/*
1830-
* sys_execve() executes a new program.
1831-
*/
18321853
static int bprm_execve(struct linux_binprm *bprm)
18331854
{
18341855
int retval;

include/linux/sched.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -920,7 +920,7 @@ struct task_struct {
920920
unsigned sched_rt_mutex:1;
921921
#endif
922922

923-
/* Bit to tell LSMs we're in execve(): */
923+
/* Bit to tell TOMOYO we're in execve(): */
924924
unsigned in_execve:1;
925925
unsigned in_iowait:1;
926926
#ifndef TIF_RESTORE_SIGMASK

kernel/fork.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1748,6 +1748,7 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
17481748
if (clone_flags & CLONE_FS) {
17491749
/* tsk->fs is already what we want */
17501750
spin_lock(&fs->lock);
1751+
/* "users" and "in_exec" locked for check_unsafe_exec() */
17511752
if (fs->in_exec) {
17521753
spin_unlock(&fs->lock);
17531754
return -EAGAIN;

0 commit comments

Comments
 (0)