exec: introduce finalize_exec() before start_thread()

Provide a final callback into fs/exec.c before start_thread() takes over, to handle any last-minute changes, like the coming restoration of the stack limit. Link: http://lkml.kernel.org/r/1518638796-20819-3-git-send-email-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Ben Hutchings <ben@decadent.org.uk> Cc: Ben Hutchings <ben.hutchings@codethink.co.uk> Cc: Brad Spengler <spender@grsecurity.net> Cc: Greg KH <greg@kroah.com> Cc: Hugh Dickins <hughd@google.com> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Laura Abbott <labbott@redhat.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Rik van Riel <riel@redhat.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Kees Cook <keescook@chromium.org> 2018-04-10 19:34:57 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-04-11 13:28:37 -0400
commit: b83838313386f617d6bd8201be7f5b532059bba1 (patch)
tree: d38c1ea9433292b4a33efe3d3fad48bf8fb1f314 /fs
parent: 8f2af155b513583e8b149a384551f13e1ac5dc72 (diff)
5 files changed, 10 insertions, 0 deletions
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index ce1824f47ba6..c3deb2e35f20 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -330,6 +330,7 @@ beyond_if:
 #ifdef __alpha__
        regs->gp = ex.a_gpvalue;
 #endif
+        finalize_exec(bprm);
        start_thread(regs, ex.a_entry, current->mm->start_stack);
        return 0;
 }
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index bdb201230bae..3edca6cb9a33 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1155,6 +1155,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
        ELF_PLAT_INIT(regs, reloc_func_desc);
 #endif
+        finalize_exec(bprm);
        start_thread(regs, elf_entry, bprm->p);
        retval = 0;
 out:
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 429326b6e2e7..d90993adeffa 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -463,6 +463,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
                            dynaddr);
 #endif
+        finalize_exec(bprm);
        /* everything is now ready... get the userspace context ready to roll */
        entryaddr = interp_params.entry_addr ?: exec_params.entry_addr;
        start_thread(regs, entryaddr, current->mm->start_stack);
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 5d6b94475f27..82a48e830018 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -994,6 +994,7 @@ static int load_flat_binary(struct linux_binprm *bprm)
        FLAT_PLAT_INIT(regs);
 #endif
+        finalize_exec(bprm);
        pr_debug("start_thread(regs=0x%p, entry=0x%lx, start_stack=0x%lx)\n",
                 regs, start_addr, current->mm->start_stack);
        start_thread(regs, start_addr, current->mm->start_stack);
diff --git a/fs/exec.c b/fs/exec.c
index f4469ab88c7a..422ad79a7a03 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1384,6 +1384,12 @@ void setup_new_exec(struct linux_binprm * bprm)
 }
 EXPORT_SYMBOL(setup_new_exec);
+/* Runs immediately before start_thread() takes over. */
+void finalize_exec(struct linux_binprm *bprm)
+{
+}
+EXPORT_SYMBOL(finalize_exec);
 /*
 * Prepare credentials and lock ->cred_guard_mutex.
 * install_exec_creds() commits the new creds and drops the lock.
author	Kees Cook <keescook@chromium.org>	2018-04-10 19:34:57 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-04-11 13:28:37 -0400
commit	b83838313386f617d6bd8201be7f5b532059bba1 (patch)
tree	d38c1ea9433292b4a33efe3d3fad48bf8fb1f314 /fs
parent	8f2af155b513583e8b149a384551f13e1ac5dc72 (diff)