Commit 89826cce authored by Eric W. Biederman's avatar Eric W. Biederman
Browse files

exec: Make unlocking exec_update_mutex explict 



With install_exec_creds updated to follow immediately after
setup_new_exec, the failure of unshare_sighand is the only
code path where exec_update_mutex is held but not explicitly
unlocked.

Update that code path to explicitly unlock exec_update_mutex.

Remove the unlocking of exec_update_mutex from free_bprm.

Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarGreg Ungerer <gerg@linux-m68k.org>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent e7f77854

fs/exec.c

+3 −3
Original line number Diff line number Diff line
@@ -1344,7 +1344,7 @@ int flush_old_exec(struct linux_binprm * bprm) 
	 */

	retval = unshare_sighand(me);

	if (retval)

		goto out;

		goto out_unlock;



	set_fs(USER_DS);

	me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | PF_KTHREAD |
@@ -1361,6 +1361,8 @@ int flush_old_exec(struct linux_binprm * bprm) 
	do_close_on_exec(me->files);

	return 0;



out_unlock:

	mutex_unlock(&me->signal->exec_update_mutex);

out:

	return retval;

}
@@ -1477,8 +1479,6 @@ static void free_bprm(struct linux_binprm *bprm) 
{

	free_arg_pages(bprm);

	if (bprm->cred) {

		if (bprm->called_exec_mmap)

			mutex_unlock(&current->signal->exec_update_mutex);

		mutex_unlock(&current->signal->cred_guard_mutex);

		abort_creds(bprm->cred);

	}

include/linux/binfmts.h

+1 −2
Original line number Diff line number Diff line
@@ -47,8 +47,7 @@ struct linux_binprm { 
		secureexec:1,

		/*

		 * Set by flush_old_exec, when exec_mmap has been called.

		 * This is past the point of no return, when the

		 * exec_update_mutex has been taken.

		 * This is past the point of no return.

		 */

		called_exec_mmap:1;

#ifdef __alpha__

CRA Git | Maintained and supported by SUSTech CRA and CCSE