diff options
author | Oleg Nesterov <oleg@redhat.com> | 2010-11-30 14:56:02 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-11-30 20:56:38 -0500 |
commit | 114279be2120a916e8a04feeb2ac976a10016f2f (patch) | |
tree | 866a5dfab411d18941d58f8796edab6da760213e | |
parent | 3c77f845722158206a7209c45ccddc264d19319c (diff) |
exec: copy-and-paste the fixes into compat_do_execve() paths
Note: this patch targets 2.6.37 and tries to be as simple as possible.
That is why it adds more copy-and-paste horror into fs/compat.c and
uglifies fs/exec.c, this will be cleanuped later.
compat_copy_strings() plays with bprm->vma/mm directly and thus has
two problems: it lacks the RLIMIT_STACK check and argv/envp memory
is not visible to oom killer.
Export acct_arg_size() and get_arg_page(), change compat_copy_strings()
to use get_arg_page(), change compat_do_execve() to do acct_arg_size(0)
as do_execve() does.
Add the fatal_signal_pending/cond_resched checks into compat_count() and
compat_copy_strings(), this matches the code in fs/exec.c and certainly
makes sense.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/compat.c | 28 | ||||
-rw-r--r-- | fs/exec.c | 8 | ||||
-rw-r--r-- | include/linux/binfmts.h | 4 |
3 files changed, 23 insertions, 17 deletions
diff --git a/fs/compat.c b/fs/compat.c index c580c322fa6b..eb1740ac8c0a 100644 --- a/fs/compat.c +++ b/fs/compat.c | |||
@@ -1350,6 +1350,10 @@ static int compat_count(compat_uptr_t __user *argv, int max) | |||
1350 | argv++; | 1350 | argv++; |
1351 | if (i++ >= max) | 1351 | if (i++ >= max) |
1352 | return -E2BIG; | 1352 | return -E2BIG; |
1353 | |||
1354 | if (fatal_signal_pending(current)) | ||
1355 | return -ERESTARTNOHAND; | ||
1356 | cond_resched(); | ||
1353 | } | 1357 | } |
1354 | } | 1358 | } |
1355 | return i; | 1359 | return i; |
@@ -1391,6 +1395,12 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv, | |||
1391 | while (len > 0) { | 1395 | while (len > 0) { |
1392 | int offset, bytes_to_copy; | 1396 | int offset, bytes_to_copy; |
1393 | 1397 | ||
1398 | if (fatal_signal_pending(current)) { | ||
1399 | ret = -ERESTARTNOHAND; | ||
1400 | goto out; | ||
1401 | } | ||
1402 | cond_resched(); | ||
1403 | |||
1394 | offset = pos % PAGE_SIZE; | 1404 | offset = pos % PAGE_SIZE; |
1395 | if (offset == 0) | 1405 | if (offset == 0) |
1396 | offset = PAGE_SIZE; | 1406 | offset = PAGE_SIZE; |
@@ -1407,18 +1417,8 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv, | |||
1407 | if (!kmapped_page || kpos != (pos & PAGE_MASK)) { | 1417 | if (!kmapped_page || kpos != (pos & PAGE_MASK)) { |
1408 | struct page *page; | 1418 | struct page *page; |
1409 | 1419 | ||
1410 | #ifdef CONFIG_STACK_GROWSUP | 1420 | page = get_arg_page(bprm, pos, 1); |
1411 | ret = expand_stack_downwards(bprm->vma, pos); | 1421 | if (!page) { |
1412 | if (ret < 0) { | ||
1413 | /* We've exceed the stack rlimit. */ | ||
1414 | ret = -E2BIG; | ||
1415 | goto out; | ||
1416 | } | ||
1417 | #endif | ||
1418 | ret = get_user_pages(current, bprm->mm, pos, | ||
1419 | 1, 1, 1, &page, NULL); | ||
1420 | if (ret <= 0) { | ||
1421 | /* We've exceed the stack rlimit. */ | ||
1422 | ret = -E2BIG; | 1422 | ret = -E2BIG; |
1423 | goto out; | 1423 | goto out; |
1424 | } | 1424 | } |
@@ -1539,8 +1539,10 @@ int compat_do_execve(char * filename, | |||
1539 | return retval; | 1539 | return retval; |
1540 | 1540 | ||
1541 | out: | 1541 | out: |
1542 | if (bprm->mm) | 1542 | if (bprm->mm) { |
1543 | acct_arg_size(bprm, 0); | ||
1543 | mmput(bprm->mm); | 1544 | mmput(bprm->mm); |
1545 | } | ||
1544 | 1546 | ||
1545 | out_file: | 1547 | out_file: |
1546 | if (bprm->file) { | 1548 | if (bprm->file) { |
@@ -164,7 +164,7 @@ out: | |||
164 | 164 | ||
165 | #ifdef CONFIG_MMU | 165 | #ifdef CONFIG_MMU |
166 | 166 | ||
167 | static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) | 167 | void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) |
168 | { | 168 | { |
169 | struct mm_struct *mm = current->mm; | 169 | struct mm_struct *mm = current->mm; |
170 | long diff = (long)(pages - bprm->vma_pages); | 170 | long diff = (long)(pages - bprm->vma_pages); |
@@ -183,7 +183,7 @@ static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) | |||
183 | #endif | 183 | #endif |
184 | } | 184 | } |
185 | 185 | ||
186 | static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, | 186 | struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, |
187 | int write) | 187 | int write) |
188 | { | 188 | { |
189 | struct page *page; | 189 | struct page *page; |
@@ -297,11 +297,11 @@ static bool valid_arg_len(struct linux_binprm *bprm, long len) | |||
297 | 297 | ||
298 | #else | 298 | #else |
299 | 299 | ||
300 | static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) | 300 | void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) |
301 | { | 301 | { |
302 | } | 302 | } |
303 | 303 | ||
304 | static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, | 304 | struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, |
305 | int write) | 305 | int write) |
306 | { | 306 | { |
307 | struct page *page; | 307 | struct page *page; |
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 7c87796d20da..64a7114a9394 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h | |||
@@ -60,6 +60,10 @@ struct linux_binprm{ | |||
60 | unsigned long loader, exec; | 60 | unsigned long loader, exec; |
61 | }; | 61 | }; |
62 | 62 | ||
63 | extern void acct_arg_size(struct linux_binprm *bprm, unsigned long pages); | ||
64 | extern struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, | ||
65 | int write); | ||
66 | |||
63 | #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 | 67 | #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 |
64 | #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT) | 68 | #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT) |
65 | 69 | ||