Commit 114279be authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds
Browse files

exec: copy-and-paste the fixes into compat_do_execve() paths 



Note: this patch targets 2.6.37 and tries to be as simple as possible.
That is why it adds more copy-and-paste horror into fs/compat.c and
uglifies fs/exec.c, this will be cleanuped later.

compat_copy_strings() plays with bprm->vma/mm directly and thus has
two problems: it lacks the RLIMIT_STACK check and argv/envp memory
is not visible to oom killer.

Export acct_arg_size() and get_arg_page(), change compat_copy_strings()
to use get_arg_page(), change compat_do_execve() to do acct_arg_size(0)
as do_execve() does.

Add the fatal_signal_pending/cond_resched checks into compat_count() and
compat_copy_strings(), this matches the code in fs/exec.c and certainly
makes sense.

Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: stable@kernel.org
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 3c77f845

fs/compat.c

+15 −13
Original line number Diff line number Diff line
@@ -1350,6 +1350,10 @@ static int compat_count(compat_uptr_t __user *argv, int max) 
			argv++;

			if (i++ >= max)

				return -E2BIG;



			if (fatal_signal_pending(current))

				return -ERESTARTNOHAND;

			cond_resched();

		}

	}

	return i;
@@ -1391,6 +1395,12 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv, 
		while (len > 0) {

			int offset, bytes_to_copy;



			if (fatal_signal_pending(current)) {

				ret = -ERESTARTNOHAND;

				goto out;

			}

			cond_resched();



			offset = pos % PAGE_SIZE;

			if (offset == 0)

				offset = PAGE_SIZE;
@@ -1407,18 +1417,8 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv, 
			if (!kmapped_page || kpos != (pos & PAGE_MASK)) {

				struct page *page;



#ifdef CONFIG_STACK_GROWSUP

				ret = expand_stack_downwards(bprm->vma, pos);

				if (ret < 0) {

					/* We've exceed the stack rlimit. */

					ret = -E2BIG;

					goto out;

				}

#endif

				ret = get_user_pages(current, bprm->mm, pos,

						     1, 1, 1, &page, NULL);

				if (ret <= 0) {

					/* We've exceed the stack rlimit. */

				page = get_arg_page(bprm, pos, 1);

				if (!page) {

					ret = -E2BIG;

					goto out;

				}
@@ -1539,8 +1539,10 @@ int compat_do_execve(char * filename, 
	return retval;



out:

	if (bprm->mm)

	if (bprm->mm) {

		acct_arg_size(bprm, 0);

		mmput(bprm->mm);

	}



out_file:

	if (bprm->file) {

fs/exec.c

+4 −4
Original line number Diff line number Diff line
@@ -164,7 +164,7 @@ out: 


#ifdef CONFIG_MMU



static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)

void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)

{

	struct mm_struct *mm = current->mm;

	long diff = (long)(pages - bprm->vma_pages);
@@ -183,7 +183,7 @@ static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) 
#endif

}



static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,

struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,

		int write)

{

	struct page *page;
@@ -297,11 +297,11 @@ static bool valid_arg_len(struct linux_binprm *bprm, long len) 


#else



static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)

void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)

{

}



static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,

struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,

		int write)

{

	struct page *page;

include/linux/binfmts.h

+4 −0
Original line number Diff line number Diff line
@@ -60,6 +60,10 @@ struct linux_binprm{ 
	unsigned long loader, exec;

};



extern void acct_arg_size(struct linux_binprm *bprm, unsigned long pages);

extern struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,

					int write);



#define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0

#define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT)

CRA Git | Maintained and supported by SUSTech CRA and CCSE