aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@redhat.com>2010-11-30 14:56:02 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2010-11-30 20:56:38 -0500
commit114279be2120a916e8a04feeb2ac976a10016f2f (patch)
tree866a5dfab411d18941d58f8796edab6da760213e
parent3c77f845722158206a7209c45ccddc264d19319c (diff)
exec: copy-and-paste the fixes into compat_do_execve() paths
Note: this patch targets 2.6.37 and tries to be as simple as possible. That is why it adds more copy-and-paste horror into fs/compat.c and uglifies fs/exec.c, this will be cleanuped later. compat_copy_strings() plays with bprm->vma/mm directly and thus has two problems: it lacks the RLIMIT_STACK check and argv/envp memory is not visible to oom killer. Export acct_arg_size() and get_arg_page(), change compat_copy_strings() to use get_arg_page(), change compat_do_execve() to do acct_arg_size(0) as do_execve() does. Add the fatal_signal_pending/cond_resched checks into compat_count() and compat_copy_strings(), this matches the code in fs/exec.c and certainly makes sense. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/compat.c28
-rw-r--r--fs/exec.c8
-rw-r--r--include/linux/binfmts.h4
3 files changed, 23 insertions, 17 deletions
diff --git a/fs/compat.c b/fs/compat.c
index c580c322fa6b..eb1740ac8c0a 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1350,6 +1350,10 @@ static int compat_count(compat_uptr_t __user *argv, int max)
1350 argv++; 1350 argv++;
1351 if (i++ >= max) 1351 if (i++ >= max)
1352 return -E2BIG; 1352 return -E2BIG;
1353
1354 if (fatal_signal_pending(current))
1355 return -ERESTARTNOHAND;
1356 cond_resched();
1353 } 1357 }
1354 } 1358 }
1355 return i; 1359 return i;
@@ -1391,6 +1395,12 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv,
1391 while (len > 0) { 1395 while (len > 0) {
1392 int offset, bytes_to_copy; 1396 int offset, bytes_to_copy;
1393 1397
1398 if (fatal_signal_pending(current)) {
1399 ret = -ERESTARTNOHAND;
1400 goto out;
1401 }
1402 cond_resched();
1403
1394 offset = pos % PAGE_SIZE; 1404 offset = pos % PAGE_SIZE;
1395 if (offset == 0) 1405 if (offset == 0)
1396 offset = PAGE_SIZE; 1406 offset = PAGE_SIZE;
@@ -1407,18 +1417,8 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv,
1407 if (!kmapped_page || kpos != (pos & PAGE_MASK)) { 1417 if (!kmapped_page || kpos != (pos & PAGE_MASK)) {
1408 struct page *page; 1418 struct page *page;
1409 1419
1410#ifdef CONFIG_STACK_GROWSUP 1420 page = get_arg_page(bprm, pos, 1);
1411 ret = expand_stack_downwards(bprm->vma, pos); 1421 if (!page) {
1412 if (ret < 0) {
1413 /* We've exceed the stack rlimit. */
1414 ret = -E2BIG;
1415 goto out;
1416 }
1417#endif
1418 ret = get_user_pages(current, bprm->mm, pos,
1419 1, 1, 1, &page, NULL);
1420 if (ret <= 0) {
1421 /* We've exceed the stack rlimit. */
1422 ret = -E2BIG; 1422 ret = -E2BIG;
1423 goto out; 1423 goto out;
1424 } 1424 }
@@ -1539,8 +1539,10 @@ int compat_do_execve(char * filename,
1539 return retval; 1539 return retval;
1540 1540
1541out: 1541out:
1542 if (bprm->mm) 1542 if (bprm->mm) {
1543 acct_arg_size(bprm, 0);
1543 mmput(bprm->mm); 1544 mmput(bprm->mm);
1545 }
1544 1546
1545out_file: 1547out_file:
1546 if (bprm->file) { 1548 if (bprm->file) {
diff --git a/fs/exec.c b/fs/exec.c
index 4303b9035fe7..d68c378a3137 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -164,7 +164,7 @@ out:
164 164
165#ifdef CONFIG_MMU 165#ifdef CONFIG_MMU
166 166
167static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) 167void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
168{ 168{
169 struct mm_struct *mm = current->mm; 169 struct mm_struct *mm = current->mm;
170 long diff = (long)(pages - bprm->vma_pages); 170 long diff = (long)(pages - bprm->vma_pages);
@@ -183,7 +183,7 @@ static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
183#endif 183#endif
184} 184}
185 185
186static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, 186struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
187 int write) 187 int write)
188{ 188{
189 struct page *page; 189 struct page *page;
@@ -297,11 +297,11 @@ static bool valid_arg_len(struct linux_binprm *bprm, long len)
297 297
298#else 298#else
299 299
300static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) 300void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
301{ 301{
302} 302}
303 303
304static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, 304struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
305 int write) 305 int write)
306{ 306{
307 struct page *page; 307 struct page *page;
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 7c87796d20da..64a7114a9394 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -60,6 +60,10 @@ struct linux_binprm{
60 unsigned long loader, exec; 60 unsigned long loader, exec;
61}; 61};
62 62
63extern void acct_arg_size(struct linux_binprm *bprm, unsigned long pages);
64extern struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
65 int write);
66
63#define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 67#define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
64#define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT) 68#define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT)
65 69