1 files changed, 41 insertions, 70 deletions
diff --git a/fs/exec.c b/fs/exec.c
index 052a961e41aa..895823d0149d 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -69,17 +69,18 @@ int suid_dumpable = 0;
 static LIST_HEAD(formats);
 static DEFINE_RWLOCK(binfmt_lock);
-int register_binfmt(struct linux_binfmt * fmt)
+int __register_binfmt(struct linux_binfmt * fmt, int insert)
 {
        if (!fmt)
                return -EINVAL;
        write_lock(&binfmt_lock);
-        list_add(&fmt->lh, &formats);
+        insert ? list_add(&fmt->lh, &formats) :
+                 list_add_tail(&fmt->lh, &formats);
        write_unlock(&binfmt_lock);
        return 0;       
 }
-EXPORT_SYMBOL(register_binfmt);
+EXPORT_SYMBOL(__register_binfmt);
 void unregister_binfmt(struct linux_binfmt * fmt)
 {
@@ -104,40 +105,28 @@ static inline void put_binfmt(struct linux_binfmt * fmt)
 SYSCALL_DEFINE1(uselib, const char __user *, library)
 {
        struct file *file;
-        struct nameidata nd;
        char *tmp = getname(library);
        int error = PTR_ERR(tmp);
-        if (!IS_ERR(tmp)) {
+        if (IS_ERR(tmp))
-                error = path_lookup_open(AT_FDCWD, tmp,
+                goto out;
-                                         LOOKUP_FOLLOW, &nd,
-                                         FMODE_READ|FMODE_EXEC);
+        file = do_filp_open(AT_FDCWD, tmp,
-                putname(tmp);
+                                O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
-        }
+                                MAY_READ | MAY_EXEC | MAY_OPEN);
-        if (error)
+        putname(tmp);
+        error = PTR_ERR(file);
+        if (IS_ERR(file))
                goto out;
        error = -EINVAL;
-        if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
+        if (!S_ISREG(file->f_path.dentry->d_inode->i_mode))
                goto exit;
        error = -EACCES;
-        if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+        if (file->f_path.mnt->mnt_flags & MNT_NOEXEC)
                goto exit;
-        error = inode_permission(nd.path.dentry->d_inode,
-                                 MAY_READ | MAY_EXEC | MAY_OPEN);
-        if (error)
-                goto exit;
-        error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN);
-        if (error)
-                goto exit;
-        file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
-        error = PTR_ERR(file);
-        if (IS_ERR(file))
-                goto out;
        fsnotify_open(file->f_path.dentry);
        error = -ENOEXEC;
@@ -159,13 +148,10 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
                }
                read_unlock(&binfmt_lock);
        }
+exit:
        fput(file);
 out:
        return error;
-exit:
-        release_open_intent(&nd);
-        path_put(&nd.path);
-        goto out;
 }
 #ifdef CONFIG_MMU
@@ -660,47 +646,33 @@ EXPORT_SYMBOL(setup_arg_pages);
 struct file *open_exec(const char *name)
 {
-        struct nameidata nd;
        struct file *file;
        int err;
-        err = path_lookup_open(AT_FDCWD, name, LOOKUP_FOLLOW, &nd,
+        file = do_filp_open(AT_FDCWD, name,
-                                FMODE_READ|FMODE_EXEC);
+                                O_LARGEFILE | O_RDONLY | FMODE_EXEC, 0,
-        if (err)
+                                MAY_EXEC | MAY_OPEN);
+        if (IS_ERR(file))
                goto out;
        err = -EACCES;
-        if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
+        if (!S_ISREG(file->f_path.dentry->d_inode->i_mode))
-                goto out_path_put;
+                goto exit;
-        if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
-                goto out_path_put;
-        err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN);
-        if (err)
-                goto out_path_put;
-        err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN);
-        if (err)
-                goto out_path_put;
-        file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
+        if (file->f_path.mnt->mnt_flags & MNT_NOEXEC)
-        if (IS_ERR(file))
+                goto exit;
-                return file;
        fsnotify_open(file->f_path.dentry);
        err = deny_write_access(file);
-        if (err) {
+        if (err)
-                fput(file);
+                goto exit;
-                goto out;
-        }
+out:
        return file;
- out_path_put:
+exit:
-        release_open_intent(&nd);
+        fput(file);
-        path_put(&nd.path);
- out:
        return ERR_PTR(err);
 }
 EXPORT_SYMBOL(open_exec);
@@ -1060,7 +1032,6 @@ EXPORT_SYMBOL(install_exec_creds);
 int check_unsafe_exec(struct linux_binprm *bprm)
 {
        struct task_struct *p = current, *t;
-        unsigned long flags;
        unsigned n_fs;
        int res = 0;
@@ -1068,21 +1039,22 @@ int check_unsafe_exec(struct linux_binprm *bprm)
        n_fs = 1;
        write_lock(&p->fs->lock);
-        lock_task_sighand(p, &flags);
+        rcu_read_lock();
        for (t = next_thread(p); t != p; t = next_thread(t)) {
                if (t->fs == p->fs)
                        n_fs++;
        }
+        rcu_read_unlock();
        if (p->fs->users > n_fs) {
                bprm->unsafe |= LSM_UNSAFE_SHARE;
        } else {
-                if (p->fs->in_exec)
+                res = -EAGAIN;
-                        res = -EAGAIN;
+                if (!p->fs->in_exec) {
-                p->fs->in_exec = 1;
+                        p->fs->in_exec = 1;
+                        res = 1;
+                }
        }
-        unlock_task_sighand(p, &flags);
        write_unlock(&p->fs->lock);
        return res;
@@ -1284,6 +1256,7 @@ int do_execve(char * filename,
        struct linux_binprm *bprm;
        struct file *file;
        struct files_struct *displaced;
+        bool clear_in_exec;
        int retval;
        retval = unshare_files(&displaced);
@@ -1306,8 +1279,9 @@ int do_execve(char * filename,
                goto out_unlock;
        retval = check_unsafe_exec(bprm);
-        if (retval)
+        if (retval < 0)
                goto out_unlock;
+        clear_in_exec = retval;
        file = open_exec(filename);
        retval = PTR_ERR(file);
@@ -1355,9 +1329,7 @@ int do_execve(char * filename,
                goto out;
        /* execve succeeded */
-        write_lock(&current->fs->lock);
        current->fs->in_exec = 0;
-        write_unlock(&current->fs->lock);
        current->in_execve = 0;
        mutex_unlock(&current->cred_exec_mutex);
        acct_update_integrals(current);
@@ -1377,9 +1349,8 @@ out_file:
        }
 out_unmark:
-        write_lock(&current->fs->lock);
+        if (clear_in_exec)
-        current->fs->in_exec = 0;
+                current->fs->in_exec = 0;
-        write_unlock(&current->fs->lock);
 out_unlock:
        current->in_execve = 0;

diff --git a/fs/exec.c b/fs/exec.c index 052a961e41aa..895823d0149d 100644 --- a/fs/exec.c +++ b/fs/exec.c
@@ -69,17 +69,18 @@ int suid_dumpable = 0;
69	static LIST_HEAD(formats);	69	static LIST_HEAD(formats);
70	static DEFINE_RWLOCK(binfmt_lock);	70	static DEFINE_RWLOCK(binfmt_lock);
71		71
72	int register_binfmt(struct linux_binfmt * fmt)	72	int __register_binfmt(struct linux_binfmt * fmt, int insert)
73	{	73	{
74	if (!fmt)	74	if (!fmt)
75	return -EINVAL;	75	return -EINVAL;
76	write_lock(&binfmt_lock);	76	write_lock(&binfmt_lock);
77	list_add(&fmt->lh, &formats);	77	insert ? list_add(&fmt->lh, &formats) :
		78	list_add_tail(&fmt->lh, &formats);
78	write_unlock(&binfmt_lock);	79	write_unlock(&binfmt_lock);
79	return 0;	80	return 0;
80	}	81	}
81		82
82	EXPORT_SYMBOL(register_binfmt);	83	EXPORT_SYMBOL(__register_binfmt);
83		84
84	void unregister_binfmt(struct linux_binfmt * fmt)	85	void unregister_binfmt(struct linux_binfmt * fmt)
85	{	86	{
@@ -104,40 +105,28 @@ static inline void put_binfmt(struct linux_binfmt * fmt)
104	SYSCALL_DEFINE1(uselib, const char __user *, library)	105	SYSCALL_DEFINE1(uselib, const char __user *, library)
105	{	106	{
106	struct file *file;	107	struct file *file;
107	struct nameidata nd;
108	char *tmp = getname(library);	108	char *tmp = getname(library);
109	int error = PTR_ERR(tmp);	109	int error = PTR_ERR(tmp);
110		110
111	if (!IS_ERR(tmp)) {	111	if (IS_ERR(tmp))
112	error = path_lookup_open(AT_FDCWD, tmp,	112	goto out;
113	LOOKUP_FOLLOW, &nd,	113
114	FMODE_READ\|FMODE_EXEC);	114	file = do_filp_open(AT_FDCWD, tmp,
115	putname(tmp);	115	O_LARGEFILE \| O_RDONLY \| FMODE_EXEC, 0,
116	}	116	MAY_READ \| MAY_EXEC \| MAY_OPEN);
117	if (error)	117	putname(tmp);
		118	error = PTR_ERR(file);
		119	if (IS_ERR(file))
118	goto out;	120	goto out;
119		121
120	error = -EINVAL;	122	error = -EINVAL;
121	if (!S_ISREG(nd.path.dentry->d_inode->i_mode))	123	if (!S_ISREG(file->f_path.dentry->d_inode->i_mode))
122	goto exit;	124	goto exit;
123		125
124	error = -EACCES;	126	error = -EACCES;
125	if (nd.path.mnt->mnt_flags & MNT_NOEXEC)	127	if (file->f_path.mnt->mnt_flags & MNT_NOEXEC)
126	goto exit;	128	goto exit;
127		129
128	error = inode_permission(nd.path.dentry->d_inode,
129	MAY_READ \| MAY_EXEC \| MAY_OPEN);
130	if (error)
131	goto exit;
132	error = ima_path_check(&nd.path, MAY_READ \| MAY_EXEC \| MAY_OPEN);
133	if (error)
134	goto exit;
135
136	file = nameidata_to_filp(&nd, O_RDONLY\|O_LARGEFILE);
137	error = PTR_ERR(file);
138	if (IS_ERR(file))
139	goto out;
140
141	fsnotify_open(file->f_path.dentry);	130	fsnotify_open(file->f_path.dentry);
142		131
143	error = -ENOEXEC;	132	error = -ENOEXEC;
@@ -159,13 +148,10 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
159	}	148	}
160	read_unlock(&binfmt_lock);	149	read_unlock(&binfmt_lock);
161	}	150	}
		151	exit:
162	fput(file);	152	fput(file);
163	out:	153	out:
164	return error;	154	return error;
165	exit:
166	release_open_intent(&nd);
167	path_put(&nd.path);
168	goto out;
169	}	155	}
170		156
171	#ifdef CONFIG_MMU	157	#ifdef CONFIG_MMU
@@ -660,47 +646,33 @@ EXPORT_SYMBOL(setup_arg_pages);
660		646
661	struct file open_exec(const char name)	647	struct file open_exec(const char name)
662	{	648	{
663	struct nameidata nd;
664	struct file *file;	649	struct file *file;
665	int err;	650	int err;
666		651
667	err = path_lookup_open(AT_FDCWD, name, LOOKUP_FOLLOW, &nd,	652	file = do_filp_open(AT_FDCWD, name,
668	FMODE_READ\|FMODE_EXEC);	653	O_LARGEFILE \| O_RDONLY \| FMODE_EXEC, 0,
669	if (err)	654	MAY_EXEC \| MAY_OPEN);
		655	if (IS_ERR(file))
670	goto out;	656	goto out;
671		657
672	err = -EACCES;	658	err = -EACCES;
673	if (!S_ISREG(nd.path.dentry->d_inode->i_mode))	659	if (!S_ISREG(file->f_path.dentry->d_inode->i_mode))
674	goto out_path_put;	660	goto exit;
675
676	if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
677	goto out_path_put;
678
679	err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC \| MAY_OPEN);
680	if (err)
681	goto out_path_put;
682	err = ima_path_check(&nd.path, MAY_EXEC \| MAY_OPEN);
683	if (err)
684	goto out_path_put;
685		661
686	file = nameidata_to_filp(&nd, O_RDONLY\|O_LARGEFILE);	662	if (file->f_path.mnt->mnt_flags & MNT_NOEXEC)
687	if (IS_ERR(file))	663	goto exit;
688	return file;
689		664
690	fsnotify_open(file->f_path.dentry);	665	fsnotify_open(file->f_path.dentry);
691		666
692	err = deny_write_access(file);	667	err = deny_write_access(file);
693	if (err) {	668	if (err)
694	fput(file);	669	goto exit;
695	goto out;
696	}
697		670
		671	out:
698	return file;	672	return file;
699		673
700	out_path_put:	674	exit:
701	release_open_intent(&nd);	675	fput(file);
702	path_put(&nd.path);
703	out:
704	return ERR_PTR(err);	676	return ERR_PTR(err);
705	}	677	}
706	EXPORT_SYMBOL(open_exec);	678	EXPORT_SYMBOL(open_exec);
@@ -1060,7 +1032,6 @@ EXPORT_SYMBOL(install_exec_creds);
1060	int check_unsafe_exec(struct linux_binprm *bprm)	1032	int check_unsafe_exec(struct linux_binprm *bprm)
1061	{	1033	{
1062	struct task_struct p = current, t;	1034	struct task_struct p = current, t;
1063	unsigned long flags;
1064	unsigned n_fs;	1035	unsigned n_fs;
1065	int res = 0;	1036	int res = 0;
1066		1037
@@ -1068,21 +1039,22 @@ int check_unsafe_exec(struct linux_binprm *bprm)
1068		1039
1069	n_fs = 1;	1040	n_fs = 1;
1070	write_lock(&p->fs->lock);	1041	write_lock(&p->fs->lock);
1071	lock_task_sighand(p, &flags);	1042	rcu_read_lock();
1072	for (t = next_thread(p); t != p; t = next_thread(t)) {	1043	for (t = next_thread(p); t != p; t = next_thread(t)) {
1073	if (t->fs == p->fs)	1044	if (t->fs == p->fs)
1074	n_fs++;	1045	n_fs++;
1075	}	1046	}
		1047	rcu_read_unlock();
1076		1048
1077	if (p->fs->users > n_fs) {	1049	if (p->fs->users > n_fs) {
1078	bprm->unsafe \|= LSM_UNSAFE_SHARE;	1050	bprm->unsafe \|= LSM_UNSAFE_SHARE;
1079	} else {	1051	} else {
1080	if (p->fs->in_exec)	1052	res = -EAGAIN;
1081	res = -EAGAIN;	1053	if (!p->fs->in_exec) {
1082	p->fs->in_exec = 1;	1054	p->fs->in_exec = 1;
		1055	res = 1;
		1056	}
1083	}	1057	}
1084
1085	unlock_task_sighand(p, &flags);
1086	write_unlock(&p->fs->lock);	1058	write_unlock(&p->fs->lock);
1087		1059
1088	return res;	1060	return res;
@@ -1284,6 +1256,7 @@ int do_execve(char * filename,
1284	struct linux_binprm *bprm;	1256	struct linux_binprm *bprm;
1285	struct file *file;	1257	struct file *file;
1286	struct files_struct *displaced;	1258	struct files_struct *displaced;
		1259	bool clear_in_exec;
1287	int retval;	1260	int retval;
1288		1261
1289	retval = unshare_files(&displaced);	1262	retval = unshare_files(&displaced);
@@ -1306,8 +1279,9 @@ int do_execve(char * filename,
1306	goto out_unlock;	1279	goto out_unlock;
1307		1280
1308	retval = check_unsafe_exec(bprm);	1281	retval = check_unsafe_exec(bprm);
1309	if (retval)	1282	if (retval < 0)
1310	goto out_unlock;	1283	goto out_unlock;
		1284	clear_in_exec = retval;
1311		1285
1312	file = open_exec(filename);	1286	file = open_exec(filename);
1313	retval = PTR_ERR(file);	1287	retval = PTR_ERR(file);
@@ -1355,9 +1329,7 @@ int do_execve(char * filename,
1355	goto out;	1329	goto out;
1356		1330
1357	/* execve succeeded */	1331	/* execve succeeded */
1358	write_lock(&current->fs->lock);
1359	current->fs->in_exec = 0;	1332	current->fs->in_exec = 0;
1360	write_unlock(&current->fs->lock);
1361	current->in_execve = 0;	1333	current->in_execve = 0;
1362	mutex_unlock(&current->cred_exec_mutex);	1334	mutex_unlock(&current->cred_exec_mutex);
1363	acct_update_integrals(current);	1335	acct_update_integrals(current);
@@ -1377,9 +1349,8 @@ out_file:
1377	}	1349	}
1378		1350
1379	out_unmark:	1351	out_unmark:
1380	write_lock(&current->fs->lock);	1352	if (clear_in_exec)
1381	current->fs->in_exec = 0;	1353	current->fs->in_exec = 0;
1382	write_unlock(&current->fs->lock);
1383		1354
1384	out_unlock:	1355	out_unlock:
1385	current->in_execve = 0;	1356	current->in_execve = 0;