compat_do_execve should unshare_files

2.6.26's commit fd8328be874f4190a811c58cd4778ec2c74d2c05
"sanitize handling of shared descriptor tables in failing execve()"
moved the unshare_files() from flush_old_exec() and several binfmts
to the head of do_execve(); but forgot to make the same change to
compat_do_execve(), leaving a CLONE_FILES files_struct shared across
exec from a 32-bit process on a 64-bit kernel.

It's arguable whether the files_struct really ought to be unshared
across exec; but 2.6.1 made that so to stop the loading binary's fd
leaking into other threads, and a 32-bit process on a 64-bit kernel
ought to behave in the same way as 32 on 32 and 64 on 64.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 11 insertions, 1 deletions

diff --git a/fs/compat.c b/fs/compat.c
index 5e374aad33f7..b543363dd625 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1420,12 +1420,17 @@ int compat_do_execve(char * filename,
 {
         struct linux_binprm *bprm;
         struct file *file;
+        struct files_struct *displaced;
         int retval;
 
+        retval = unshare_files(&displaced);
+        if (retval)
+                goto out_ret;
+
         retval = -ENOMEM;
         bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
         if (!bprm)
-                goto out_ret;
+                goto out_files;
 
         retval = mutex_lock_interruptible(&current->cred_exec_mutex);
         if (retval < 0)
@@ -1487,6 +1492,8 @@ int compat_do_execve(char * filename,
         mutex_unlock(&current->cred_exec_mutex);
         acct_update_integrals(current);
         free_bprm(bprm);
+        if (displaced)
+                put_files_struct(displaced);
         return retval;
 
 out:
@@ -1506,6 +1513,9 @@ out_unlock:
 out_free:
         free_bprm(bprm);
 
+out_files:
+        if (displaced)
+                reset_files_struct(displaced);
 out_ret:
         return retval;
 }