exec: Factor bprm_stack_limits out of prepare_arg_pages (d8b9cd54) · Commits · 戴 / test

In preparation for implementiong kernel_execve (which will take kernel pointers not userspace pointers) factor out bprm_stack_limits out of prepare_arg_pages. This separates the counting which depends upon the getting data from userspace from the calculations of the stack limits which is usable in kernel_execve. The remove prepare_args_pages and compute bprm->argc and bprm->envc directly in do_execveat_common, before bprm_stack_limits is called. Reviewed-by:

Kees Cook <keescook@chromium.org> Reviewed-by:

Christoph Hellwig <hch@lst.de> Link: https://lkml.kernel.org/r/87365u6x60.fsf@x220.int.ebiederm.org Signed-off-by:

"Eric W. Biederman" <ebiederm@xmission.com>

fs/exec.c

+12 −11

Original line number	Diff line number	Diff line
		@@ -448,19 +448,10 @@ static int count(struct user_arg_ptr argv, int max)
		return i;
		}

		static int prepare_arg_pages(struct linux_binprm *bprm,
		struct user_arg_ptr argv, struct user_arg_ptr envp)
		static int bprm_stack_limits(struct linux_binprm *bprm)
		{
		unsigned long limit, ptr_size;

		bprm->argc = count(argv, MAX_ARG_STRINGS);
		if (bprm->argc < 0)
		return bprm->argc;

		bprm->envc = count(envp, MAX_ARG_STRINGS);
		if (bprm->envc < 0)
		return bprm->envc;

		/*
		* Limit to 1/4 of the max stack size or 3/4 of _STK_LIM
		* (whichever is smaller) for the argv+env strings.
		@@ -1964,7 +1955,17 @@ static int do_execveat_common(int fd, struct filename *filename,
		goto out_ret;
		}

		retval = prepare_arg_pages(bprm, argv, envp);
		retval = count(argv, MAX_ARG_STRINGS);
		if (retval < 0)
		goto out_free;
		bprm->argc = retval;

		retval = count(envp, MAX_ARG_STRINGS);
		if (retval < 0)
		goto out_free;
		bprm->envc = retval;

		retval = bprm_stack_limits(bprm);
		if (retval < 0)
		goto out_free;

Admin message