diff options
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 32 |
1 files changed, 16 insertions, 16 deletions
| @@ -69,17 +69,18 @@ int suid_dumpable = 0; | |||
| 69 | static LIST_HEAD(formats); | 69 | static LIST_HEAD(formats); |
| 70 | static DEFINE_RWLOCK(binfmt_lock); | 70 | static DEFINE_RWLOCK(binfmt_lock); |
| 71 | 71 | ||
| 72 | int register_binfmt(struct linux_binfmt * fmt) | 72 | int __register_binfmt(struct linux_binfmt * fmt, int insert) |
| 73 | { | 73 | { |
| 74 | if (!fmt) | 74 | if (!fmt) |
| 75 | return -EINVAL; | 75 | return -EINVAL; |
| 76 | write_lock(&binfmt_lock); | 76 | write_lock(&binfmt_lock); |
| 77 | list_add(&fmt->lh, &formats); | 77 | insert ? list_add(&fmt->lh, &formats) : |
| 78 | list_add_tail(&fmt->lh, &formats); | ||
| 78 | write_unlock(&binfmt_lock); | 79 | write_unlock(&binfmt_lock); |
| 79 | return 0; | 80 | return 0; |
| 80 | } | 81 | } |
| 81 | 82 | ||
| 82 | EXPORT_SYMBOL(register_binfmt); | 83 | EXPORT_SYMBOL(__register_binfmt); |
| 83 | 84 | ||
| 84 | void unregister_binfmt(struct linux_binfmt * fmt) | 85 | void unregister_binfmt(struct linux_binfmt * fmt) |
| 85 | { | 86 | { |
| @@ -1060,7 +1061,6 @@ EXPORT_SYMBOL(install_exec_creds); | |||
| 1060 | int check_unsafe_exec(struct linux_binprm *bprm) | 1061 | int check_unsafe_exec(struct linux_binprm *bprm) |
| 1061 | { | 1062 | { |
| 1062 | struct task_struct *p = current, *t; | 1063 | struct task_struct *p = current, *t; |
| 1063 | unsigned long flags; | ||
| 1064 | unsigned n_fs; | 1064 | unsigned n_fs; |
| 1065 | int res = 0; | 1065 | int res = 0; |
| 1066 | 1066 | ||
| @@ -1068,21 +1068,22 @@ int check_unsafe_exec(struct linux_binprm *bprm) | |||
| 1068 | 1068 | ||
| 1069 | n_fs = 1; | 1069 | n_fs = 1; |
| 1070 | write_lock(&p->fs->lock); | 1070 | write_lock(&p->fs->lock); |
| 1071 | lock_task_sighand(p, &flags); | 1071 | rcu_read_lock(); |
| 1072 | for (t = next_thread(p); t != p; t = next_thread(t)) { | 1072 | for (t = next_thread(p); t != p; t = next_thread(t)) { |
| 1073 | if (t->fs == p->fs) | 1073 | if (t->fs == p->fs) |
| 1074 | n_fs++; | 1074 | n_fs++; |
| 1075 | } | 1075 | } |
| 1076 | rcu_read_unlock(); | ||
| 1076 | 1077 | ||
| 1077 | if (p->fs->users > n_fs) { | 1078 | if (p->fs->users > n_fs) { |
| 1078 | bprm->unsafe |= LSM_UNSAFE_SHARE; | 1079 | bprm->unsafe |= LSM_UNSAFE_SHARE; |
| 1079 | } else { | 1080 | } else { |
| 1080 | if (p->fs->in_exec) | 1081 | res = -EAGAIN; |
| 1081 | res = -EAGAIN; | 1082 | if (!p->fs->in_exec) { |
| 1082 | p->fs->in_exec = 1; | 1083 | p->fs->in_exec = 1; |
| 1084 | res = 1; | ||
| 1085 | } | ||
| 1083 | } | 1086 | } |
| 1084 | |||
| 1085 | unlock_task_sighand(p, &flags); | ||
| 1086 | write_unlock(&p->fs->lock); | 1087 | write_unlock(&p->fs->lock); |
| 1087 | 1088 | ||
| 1088 | return res; | 1089 | return res; |
| @@ -1284,6 +1285,7 @@ int do_execve(char * filename, | |||
| 1284 | struct linux_binprm *bprm; | 1285 | struct linux_binprm *bprm; |
| 1285 | struct file *file; | 1286 | struct file *file; |
| 1286 | struct files_struct *displaced; | 1287 | struct files_struct *displaced; |
| 1288 | bool clear_in_exec; | ||
| 1287 | int retval; | 1289 | int retval; |
| 1288 | 1290 | ||
| 1289 | retval = unshare_files(&displaced); | 1291 | retval = unshare_files(&displaced); |
| @@ -1306,8 +1308,9 @@ int do_execve(char * filename, | |||
| 1306 | goto out_unlock; | 1308 | goto out_unlock; |
| 1307 | 1309 | ||
| 1308 | retval = check_unsafe_exec(bprm); | 1310 | retval = check_unsafe_exec(bprm); |
| 1309 | if (retval) | 1311 | if (retval < 0) |
| 1310 | goto out_unlock; | 1312 | goto out_unlock; |
| 1313 | clear_in_exec = retval; | ||
| 1311 | 1314 | ||
| 1312 | file = open_exec(filename); | 1315 | file = open_exec(filename); |
| 1313 | retval = PTR_ERR(file); | 1316 | retval = PTR_ERR(file); |
| @@ -1355,9 +1358,7 @@ int do_execve(char * filename, | |||
| 1355 | goto out; | 1358 | goto out; |
| 1356 | 1359 | ||
| 1357 | /* execve succeeded */ | 1360 | /* execve succeeded */ |
| 1358 | write_lock(¤t->fs->lock); | ||
| 1359 | current->fs->in_exec = 0; | 1361 | current->fs->in_exec = 0; |
| 1360 | write_unlock(¤t->fs->lock); | ||
| 1361 | current->in_execve = 0; | 1362 | current->in_execve = 0; |
| 1362 | mutex_unlock(¤t->cred_exec_mutex); | 1363 | mutex_unlock(¤t->cred_exec_mutex); |
| 1363 | acct_update_integrals(current); | 1364 | acct_update_integrals(current); |
| @@ -1377,9 +1378,8 @@ out_file: | |||
| 1377 | } | 1378 | } |
| 1378 | 1379 | ||
| 1379 | out_unmark: | 1380 | out_unmark: |
| 1380 | write_lock(¤t->fs->lock); | 1381 | if (clear_in_exec) |
| 1381 | current->fs->in_exec = 0; | 1382 | current->fs->in_exec = 0; |
| 1382 | write_unlock(¤t->fs->lock); | ||
| 1383 | 1383 | ||
| 1384 | out_unlock: | 1384 | out_unlock: |
| 1385 | current->in_execve = 0; | 1385 | current->in_execve = 0; |