1 files changed, 52 insertions, 0 deletions
diff --git a/fs/exec.c b/fs/exec.c
index 2d9455282744..03278c984ba0 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -376,6 +376,9 @@ static int count(const char __user * const __user * argv, int max)
                        argv++;
                        if (i++ >= max)
                                return -E2BIG;
+                        if (fatal_signal_pending(current))
+                                return -ERESTARTNOHAND;
                        cond_resched();
                }
        }
@@ -419,6 +422,12 @@ static int copy_strings(int argc, const char __user *const __user *argv,
                while (len > 0) {
                        int offset, bytes_to_copy;
+                        if (fatal_signal_pending(current)) {
+                                ret = -ERESTARTNOHAND;
+                                goto out;
+                        }
+                        cond_resched();
                        offset = pos % PAGE_SIZE;
                        if (offset == 0)
                                offset = PAGE_SIZE;
@@ -594,6 +603,11 @@ int setup_arg_pages(struct linux_binprm *bprm,
 #else
        stack_top = arch_align_stack(stack_top);
        stack_top = PAGE_ALIGN(stack_top);
+        if (unlikely(stack_top < mmap_min_addr) ||
+            unlikely(vma->vm_end - vma->vm_start >= stack_top - mmap_min_addr))
+                return -ENOMEM;
        stack_shift = vma->vm_end - stack_top;
        bprm->p -= stack_shift;
@@ -2000,3 +2014,41 @@ fail_creds:
 fail:
        return;
 }
+/*
+ * Core dumping helper functions.  These are the only things you should
+ * do on a core-file: use only these functions to write out all the
+ * necessary info.
+ */
+int dump_write(struct file *file, const void *addr, int nr)
+{
+        return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr;
+}
+int dump_seek(struct file *file, loff_t off)
+{
+        int ret = 1;
+        if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
+                if (file->f_op->llseek(file, off, SEEK_CUR) < 0)
+                        return 0;
+        } else {
+                char *buf = (char *)get_zeroed_page(GFP_KERNEL);
+                if (!buf)
+                        return 0;
+                while (off > 0) {
+                        unsigned long n = off;
+                        if (n > PAGE_SIZE)
+                                n = PAGE_SIZE;
+                        if (!dump_write(file, buf, n)) {
+                                ret = 0;
+                                break;
+                        }
+                        off -= n;
+                }
+                free_page((unsigned long)buf);
+        }
+        return ret;
+}

diff --git a/fs/exec.c b/fs/exec.c index 2d9455282744..03278c984ba0 100644 --- a/fs/exec.c +++ b/fs/exec.c
@@ -376,6 +376,9 @@ static int count(const char __user * const __user * argv, int max)
376	argv++;	376	argv++;
377	if (i++ >= max)	377	if (i++ >= max)
378	return -E2BIG;	378	return -E2BIG;
		379
		380	if (fatal_signal_pending(current))
		381	return -ERESTARTNOHAND;
379	cond_resched();	382	cond_resched();
380	}	383	}
381	}	384	}
@@ -419,6 +422,12 @@ static int copy_strings(int argc, const char __user const __user argv,
419	while (len > 0) {	422	while (len > 0) {
420	int offset, bytes_to_copy;	423	int offset, bytes_to_copy;
421		424
		425	if (fatal_signal_pending(current)) {
		426	ret = -ERESTARTNOHAND;
		427	goto out;
		428	}
		429	cond_resched();
		430
422	offset = pos % PAGE_SIZE;	431	offset = pos % PAGE_SIZE;
423	if (offset == 0)	432	if (offset == 0)
424	offset = PAGE_SIZE;	433	offset = PAGE_SIZE;
@@ -594,6 +603,11 @@ int setup_arg_pages(struct linux_binprm *bprm,
594	#else	603	#else
595	stack_top = arch_align_stack(stack_top);	604	stack_top = arch_align_stack(stack_top);
596	stack_top = PAGE_ALIGN(stack_top);	605	stack_top = PAGE_ALIGN(stack_top);
		606
		607	if (unlikely(stack_top < mmap_min_addr) \|\|
		608	unlikely(vma->vm_end - vma->vm_start >= stack_top - mmap_min_addr))
		609	return -ENOMEM;
		610
597	stack_shift = vma->vm_end - stack_top;	611	stack_shift = vma->vm_end - stack_top;
598		612
599	bprm->p -= stack_shift;	613	bprm->p -= stack_shift;
@@ -2000,3 +2014,41 @@ fail_creds:
2000	fail:	2014	fail:
2001	return;	2015	return;
2002	}	2016	}
		2017
		2018	/*
		2019	* Core dumping helper functions. These are the only things you should
		2020	* do on a core-file: use only these functions to write out all the
		2021	* necessary info.
		2022	*/
		2023	int dump_write(struct file file, const void addr, int nr)
		2024	{
		2025	return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr;
		2026	}
		2027
		2028	int dump_seek(struct file *file, loff_t off)
		2029	{
		2030	int ret = 1;
		2031
		2032	if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
		2033	if (file->f_op->llseek(file, off, SEEK_CUR) < 0)
		2034	return 0;
		2035	} else {
		2036	char buf = (char )get_zeroed_page(GFP_KERNEL);
		2037
		2038	if (!buf)
		2039	return 0;
		2040	while (off > 0) {
		2041	unsigned long n = off;
		2042
		2043	if (n > PAGE_SIZE)
		2044	n = PAGE_SIZE;
		2045	if (!dump_write(file, buf, n)) {
		2046	ret = 0;
		2047	break;
		2048	}
		2049	off -= n;
		2050	}
		2051	free_page((unsigned long)buf);
		2052	}
		2053	return ret;
		2054	}