diff options
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 25 |
1 files changed, 12 insertions, 13 deletions
| @@ -1060,7 +1060,6 @@ EXPORT_SYMBOL(install_exec_creds); | |||
| 1060 | int check_unsafe_exec(struct linux_binprm *bprm) | 1060 | int check_unsafe_exec(struct linux_binprm *bprm) |
| 1061 | { | 1061 | { |
| 1062 | struct task_struct *p = current, *t; | 1062 | struct task_struct *p = current, *t; |
| 1063 | unsigned long flags; | ||
| 1064 | unsigned n_fs; | 1063 | unsigned n_fs; |
| 1065 | int res = 0; | 1064 | int res = 0; |
| 1066 | 1065 | ||
| @@ -1068,21 +1067,22 @@ int check_unsafe_exec(struct linux_binprm *bprm) | |||
| 1068 | 1067 | ||
| 1069 | n_fs = 1; | 1068 | n_fs = 1; |
| 1070 | write_lock(&p->fs->lock); | 1069 | write_lock(&p->fs->lock); |
| 1071 | lock_task_sighand(p, &flags); | 1070 | rcu_read_lock(); |
| 1072 | for (t = next_thread(p); t != p; t = next_thread(t)) { | 1071 | for (t = next_thread(p); t != p; t = next_thread(t)) { |
| 1073 | if (t->fs == p->fs) | 1072 | if (t->fs == p->fs) |
| 1074 | n_fs++; | 1073 | n_fs++; |
| 1075 | } | 1074 | } |
| 1075 | rcu_read_unlock(); | ||
| 1076 | 1076 | ||
| 1077 | if (p->fs->users > n_fs) { | 1077 | if (p->fs->users > n_fs) { |
| 1078 | bprm->unsafe |= LSM_UNSAFE_SHARE; | 1078 | bprm->unsafe |= LSM_UNSAFE_SHARE; |
| 1079 | } else { | 1079 | } else { |
| 1080 | if (p->fs->in_exec) | 1080 | res = -EAGAIN; |
| 1081 | res = -EAGAIN; | 1081 | if (!p->fs->in_exec) { |
| 1082 | p->fs->in_exec = 1; | 1082 | p->fs->in_exec = 1; |
| 1083 | res = 1; | ||
| 1084 | } | ||
| 1083 | } | 1085 | } |
| 1084 | |||
| 1085 | unlock_task_sighand(p, &flags); | ||
| 1086 | write_unlock(&p->fs->lock); | 1086 | write_unlock(&p->fs->lock); |
| 1087 | 1087 | ||
| 1088 | return res; | 1088 | return res; |
| @@ -1284,6 +1284,7 @@ int do_execve(char * filename, | |||
| 1284 | struct linux_binprm *bprm; | 1284 | struct linux_binprm *bprm; |
| 1285 | struct file *file; | 1285 | struct file *file; |
| 1286 | struct files_struct *displaced; | 1286 | struct files_struct *displaced; |
| 1287 | bool clear_in_exec; | ||
| 1287 | int retval; | 1288 | int retval; |
| 1288 | 1289 | ||
| 1289 | retval = unshare_files(&displaced); | 1290 | retval = unshare_files(&displaced); |
| @@ -1306,8 +1307,9 @@ int do_execve(char * filename, | |||
| 1306 | goto out_unlock; | 1307 | goto out_unlock; |
| 1307 | 1308 | ||
| 1308 | retval = check_unsafe_exec(bprm); | 1309 | retval = check_unsafe_exec(bprm); |
| 1309 | if (retval) | 1310 | if (retval < 0) |
| 1310 | goto out_unlock; | 1311 | goto out_unlock; |
| 1312 | clear_in_exec = retval; | ||
| 1311 | 1313 | ||
| 1312 | file = open_exec(filename); | 1314 | file = open_exec(filename); |
| 1313 | retval = PTR_ERR(file); | 1315 | retval = PTR_ERR(file); |
| @@ -1355,9 +1357,7 @@ int do_execve(char * filename, | |||
| 1355 | goto out; | 1357 | goto out; |
| 1356 | 1358 | ||
| 1357 | /* execve succeeded */ | 1359 | /* execve succeeded */ |
| 1358 | write_lock(¤t->fs->lock); | ||
| 1359 | current->fs->in_exec = 0; | 1360 | current->fs->in_exec = 0; |
| 1360 | write_unlock(¤t->fs->lock); | ||
| 1361 | current->in_execve = 0; | 1361 | current->in_execve = 0; |
| 1362 | mutex_unlock(¤t->cred_exec_mutex); | 1362 | mutex_unlock(¤t->cred_exec_mutex); |
| 1363 | acct_update_integrals(current); | 1363 | acct_update_integrals(current); |
| @@ -1377,9 +1377,8 @@ out_file: | |||
| 1377 | } | 1377 | } |
| 1378 | 1378 | ||
| 1379 | out_unmark: | 1379 | out_unmark: |
| 1380 | write_lock(¤t->fs->lock); | 1380 | if (clear_in_exec) |
| 1381 | current->fs->in_exec = 0; | 1381 | current->fs->in_exec = 0; |
| 1382 | write_unlock(¤t->fs->lock); | ||
| 1383 | 1382 | ||
| 1384 | out_unlock: | 1383 | out_unlock: |
| 1385 | current->in_execve = 0; | 1384 | current->in_execve = 0; |