Merge branch 'master' into next

author: James Morris <jmorris@namei.org> 2009-05-08 03:56:47 -0400
committer: James Morris <jmorris@namei.org> 2009-05-08 03:56:47 -0400
commit: d254117099d711f215e62427f55dfb8ebd5ad011 (patch)
tree: 0848ff8dd74314fec14a86497f8d288c86ba7c65 /fs/exec.c
parent: 07ff7a0b187f3951788f64ae1f30e8109bc8e9eb (diff)
parent: 8c9ed899b44c19e81859fbb0e9d659fe2f8630fc (diff)
1 files changed, 33 insertions, 14 deletions
diff --git a/fs/exec.c b/fs/exec.c
index c5128fbc9165..639177b0eeac 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -53,6 +53,7 @@
 #include <linux/tracehook.h>
 #include <linux/kmod.h>
 #include <linux/fsnotify.h>
+#include <linux/fs_struct.h>
 #include <asm/uaccess.h>
 #include <asm/mmu_context.h>
@@ -68,17 +69,18 @@ int suid_dumpable = 0;
 static LIST_HEAD(formats);
 static DEFINE_RWLOCK(binfmt_lock);
-int register_binfmt(struct linux_binfmt * fmt)
+int __register_binfmt(struct linux_binfmt * fmt, int insert)
 {
        if (!fmt)
                return -EINVAL;
        write_lock(&binfmt_lock);
-        list_add(&fmt->lh, &formats);
+        insert ? list_add(&fmt->lh, &formats) :
+                 list_add_tail(&fmt->lh, &formats);
        write_unlock(&binfmt_lock);
        return 0;       
 }
-EXPORT_SYMBOL(register_binfmt);
+EXPORT_SYMBOL(__register_binfmt);
 void unregister_binfmt(struct linux_binfmt * fmt)
 {
@@ -1056,28 +1058,35 @@ EXPORT_SYMBOL(install_exec_creds);
 * - the caller must hold current->cred_exec_mutex to protect against
 *   PTRACE_ATTACH
 */
-void check_unsafe_exec(struct linux_binprm *bprm)
+int check_unsafe_exec(struct linux_binprm *bprm)
 {
        struct task_struct *p = current, *t;
-        unsigned long flags;
+        unsigned n_fs;
-        unsigned n_fs, n_sighand;
+        int res = 0;
        bprm->unsafe = tracehook_unsafe_exec(p);
        n_fs = 1;
-        n_sighand = 1;
+        write_lock(&p->fs->lock);
-        lock_task_sighand(p, &flags);
+        rcu_read_lock();
        for (t = next_thread(p); t != p; t = next_thread(t)) {
                if (t->fs == p->fs)
                        n_fs++;
-                n_sighand++;
        }
+        rcu_read_unlock();
-        if (atomic_read(&p->fs->count) > n_fs ||
+        if (p->fs->users > n_fs) {
-            atomic_read(&p->sighand->count) > n_sighand)
                bprm->unsafe |= LSM_UNSAFE_SHARE;
+        } else {
+                res = -EAGAIN;
+                if (!p->fs->in_exec) {
+                        p->fs->in_exec = 1;
+                        res = 1;
+                }
+        }
+        write_unlock(&p->fs->lock);
-        unlock_task_sighand(p, &flags);
+        return res;
 }
 /* 
@@ -1276,6 +1285,7 @@ int do_execve(char * filename,
        struct linux_binprm *bprm;
        struct file *file;
        struct files_struct *displaced;
+        bool clear_in_exec;
        int retval;
        retval = unshare_files(&displaced);
@@ -1296,12 +1306,16 @@ int do_execve(char * filename,
        bprm->cred = prepare_exec_creds();
        if (!bprm->cred)
                goto out_unlock;
-        check_unsafe_exec(bprm);
+        retval = check_unsafe_exec(bprm);
+        if (retval < 0)
+                goto out_unlock;
+        clear_in_exec = retval;
        file = open_exec(filename);
        retval = PTR_ERR(file);
        if (IS_ERR(file))
-                goto out_unlock;
+                goto out_unmark;
        sched_exec();
@@ -1344,6 +1358,7 @@ int do_execve(char * filename,
                goto out;
        /* execve succeeded */
+        current->fs->in_exec = 0;
        current->in_execve = 0;
        mutex_unlock(&current->cred_exec_mutex);
        acct_update_integrals(current);
@@ -1362,6 +1377,10 @@ out_file:
                fput(bprm->file);
        }
+out_unmark:
+        if (clear_in_exec)
+                current->fs->in_exec = 0;
 out_unlock:
        current->in_execve = 0;
        mutex_unlock(&current->cred_exec_mutex);
author	James Morris <jmorris@namei.org>	2009-05-08 03:56:47 -0400
committer	James Morris <jmorris@namei.org>	2009-05-08 03:56:47 -0400
commit	d254117099d711f215e62427f55dfb8ebd5ad011 (patch)
tree	0848ff8dd74314fec14a86497f8d288c86ba7c65 /fs/exec.c
parent	07ff7a0b187f3951788f64ae1f30e8109bc8e9eb (diff)
parent	8c9ed899b44c19e81859fbb0e9d659fe2f8630fc (diff)

diff --git a/fs/exec.c b/fs/exec.c index c5128fbc9165..639177b0eeac 100644 --- a/fs/exec.c +++ b/fs/exec.c
@@ -53,6 +53,7 @@
53	#include <linux/tracehook.h>	53	#include <linux/tracehook.h>
54	#include <linux/kmod.h>	54	#include <linux/kmod.h>
55	#include <linux/fsnotify.h>	55	#include <linux/fsnotify.h>
		56	#include <linux/fs_struct.h>
56		57
57	#include <asm/uaccess.h>	58	#include <asm/uaccess.h>
58	#include <asm/mmu_context.h>	59	#include <asm/mmu_context.h>
@@ -68,17 +69,18 @@ int suid_dumpable = 0;
68	static LIST_HEAD(formats);	69	static LIST_HEAD(formats);
69	static DEFINE_RWLOCK(binfmt_lock);	70	static DEFINE_RWLOCK(binfmt_lock);
70		71
71	int register_binfmt(struct linux_binfmt * fmt)	72	int __register_binfmt(struct linux_binfmt * fmt, int insert)
72	{	73	{
73	if (!fmt)	74	if (!fmt)
74	return -EINVAL;	75	return -EINVAL;
75	write_lock(&binfmt_lock);	76	write_lock(&binfmt_lock);
76	list_add(&fmt->lh, &formats);	77	insert ? list_add(&fmt->lh, &formats) :
		78	list_add_tail(&fmt->lh, &formats);
77	write_unlock(&binfmt_lock);	79	write_unlock(&binfmt_lock);
78	return 0;	80	return 0;
79	}	81	}
80		82
81	EXPORT_SYMBOL(register_binfmt);	83	EXPORT_SYMBOL(__register_binfmt);
82		84
83	void unregister_binfmt(struct linux_binfmt * fmt)	85	void unregister_binfmt(struct linux_binfmt * fmt)
84	{	86	{
@@ -1056,28 +1058,35 @@ EXPORT_SYMBOL(install_exec_creds);
1056	* - the caller must hold current->cred_exec_mutex to protect against	1058	* - the caller must hold current->cred_exec_mutex to protect against
1057	* PTRACE_ATTACH	1059	* PTRACE_ATTACH
1058	*/	1060	*/
1059	void check_unsafe_exec(struct linux_binprm *bprm)	1061	int check_unsafe_exec(struct linux_binprm *bprm)
1060	{	1062	{
1061	struct task_struct p = current, t;	1063	struct task_struct p = current, t;
1062	unsigned long flags;	1064	unsigned n_fs;
1063	unsigned n_fs, n_sighand;	1065	int res = 0;
1064		1066
1065	bprm->unsafe = tracehook_unsafe_exec(p);	1067	bprm->unsafe = tracehook_unsafe_exec(p);
1066		1068
1067	n_fs = 1;	1069	n_fs = 1;
1068	n_sighand = 1;	1070	write_lock(&p->fs->lock);
1069	lock_task_sighand(p, &flags);	1071	rcu_read_lock();
1070	for (t = next_thread(p); t != p; t = next_thread(t)) {	1072	for (t = next_thread(p); t != p; t = next_thread(t)) {
1071	if (t->fs == p->fs)	1073	if (t->fs == p->fs)
1072	n_fs++;	1074	n_fs++;
1073	n_sighand++;
1074	}	1075	}
		1076	rcu_read_unlock();
1075		1077
1076	if (atomic_read(&p->fs->count) > n_fs \|\|	1078	if (p->fs->users > n_fs) {
1077	atomic_read(&p->sighand->count) > n_sighand)
1078	bprm->unsafe \|= LSM_UNSAFE_SHARE;	1079	bprm->unsafe \|= LSM_UNSAFE_SHARE;
		1080	} else {
		1081	res = -EAGAIN;
		1082	if (!p->fs->in_exec) {
		1083	p->fs->in_exec = 1;
		1084	res = 1;
		1085	}
		1086	}
		1087	write_unlock(&p->fs->lock);
1079		1088
1080	unlock_task_sighand(p, &flags);	1089	return res;
1081	}	1090	}
1082		1091
1083	/*	1092	/*
@@ -1276,6 +1285,7 @@ int do_execve(char * filename,
1276	struct linux_binprm *bprm;	1285	struct linux_binprm *bprm;
1277	struct file *file;	1286	struct file *file;
1278	struct files_struct *displaced;	1287	struct files_struct *displaced;
		1288	bool clear_in_exec;
1279	int retval;	1289	int retval;
1280		1290
1281	retval = unshare_files(&displaced);	1291	retval = unshare_files(&displaced);
@@ -1296,12 +1306,16 @@ int do_execve(char * filename,
1296	bprm->cred = prepare_exec_creds();	1306	bprm->cred = prepare_exec_creds();
1297	if (!bprm->cred)	1307	if (!bprm->cred)
1298	goto out_unlock;	1308	goto out_unlock;
1299	check_unsafe_exec(bprm);	1309
		1310	retval = check_unsafe_exec(bprm);
		1311	if (retval < 0)
		1312	goto out_unlock;
		1313	clear_in_exec = retval;
1300		1314
1301	file = open_exec(filename);	1315	file = open_exec(filename);
1302	retval = PTR_ERR(file);	1316	retval = PTR_ERR(file);
1303	if (IS_ERR(file))	1317	if (IS_ERR(file))
1304	goto out_unlock;	1318	goto out_unmark;
1305		1319
1306	sched_exec();	1320	sched_exec();
1307		1321
@@ -1344,6 +1358,7 @@ int do_execve(char * filename,
1344	goto out;	1358	goto out;
1345		1359
1346	/* execve succeeded */	1360	/* execve succeeded */
		1361	current->fs->in_exec = 0;
1347	current->in_execve = 0;	1362	current->in_execve = 0;
1348	mutex_unlock(&current->cred_exec_mutex);	1363	mutex_unlock(&current->cred_exec_mutex);
1349	acct_update_integrals(current);	1364	acct_update_integrals(current);
@@ -1362,6 +1377,10 @@ out_file:
1362	fput(bprm->file);	1377	fput(bprm->file);
1363	}	1378	}
1364		1379
		1380	out_unmark:
		1381	if (clear_in_exec)
		1382	current->fs->in_exec = 0;
		1383
1365	out_unlock:	1384	out_unlock:
1366	current->in_execve = 0;	1385	current->in_execve = 0;
1367	mutex_unlock(&current->cred_exec_mutex);	1386	mutex_unlock(&current->cred_exec_mutex);