1 files changed, 27 insertions, 32 deletions

diff --git a/fs/exec.c b/fs/exec.c
index d8e1191cb112..a96a4885bbbf 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -123,7 +123,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
                 goto out;
 
         error = -EINVAL;
-        if (!S_ISREG(file->f_path.dentry->d_inode->i_mode))
+        if (!S_ISREG(file_inode(file)->i_mode))
                 goto exit;
 
         error = -EACCES;
@@ -355,7 +355,7 @@ static bool valid_arg_len(struct linux_binprm *bprm, long len)
  * flags, permissions, and offset, so we use temporary values.  We'll update
  * them later in setup_arg_pages().
  */
-int bprm_mm_init(struct linux_binprm *bprm)
+static int bprm_mm_init(struct linux_binprm *bprm)
 {
         int err;
         struct mm_struct *mm = NULL;
@@ -434,8 +434,9 @@ static int count(struct user_arg_ptr argv, int max)
                         if (IS_ERR(p))
                                 return -EFAULT;
 
-                        if (i++ >= max)
+                        if (i >= max)
                                 return -E2BIG;
+                        ++i;
 
                         if (fatal_signal_pending(current))
                                 return -ERESTARTNOHAND;
@@ -763,7 +764,7 @@ struct file *open_exec(const char *name)
                 goto out;
 
         err = -EACCES;
-        if (!S_ISREG(file->f_path.dentry->d_inode->i_mode))
+        if (!S_ISREG(file_inode(file)->i_mode))
                 goto exit;
 
         if (file->f_path.mnt->mnt_flags & MNT_NOEXEC)
@@ -1097,7 +1098,7 @@ EXPORT_SYMBOL(flush_old_exec);
 
 void would_dump(struct linux_binprm *bprm, struct file *file)
 {
-        if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0)
+        if (inode_permission(file_inode(file), MAY_READ) < 0)
                 bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
 }
 EXPORT_SYMBOL(would_dump);
@@ -1110,7 +1111,7 @@ void setup_new_exec(struct linux_binprm * bprm)
         current->sas_ss_sp = current->sas_ss_size = 0;
 
         if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid()))
-                set_dumpable(current->mm, SUID_DUMPABLE_ENABLED);
+                set_dumpable(current->mm, SUID_DUMP_USER);
         else
                 set_dumpable(current->mm, suid_dumpable);
 
@@ -1175,9 +1176,24 @@ void free_bprm(struct linux_binprm *bprm)
                 mutex_unlock(&current->signal->cred_guard_mutex);
                 abort_creds(bprm->cred);
         }
+        /* If a binfmt changed the interp, free it. */
+        if (bprm->interp != bprm->filename)
+                kfree(bprm->interp);
         kfree(bprm);
 }
 
+int bprm_change_interp(char *interp, struct linux_binprm *bprm)
+{
+        /* If a binfmt changed the interp, free it first. */
+        if (bprm->interp != bprm->filename)
+                kfree(bprm->interp);
+        bprm->interp = kstrdup(interp, GFP_KERNEL);
+        if (!bprm->interp)
+                return -ENOMEM;
+        return 0;
+}
+EXPORT_SYMBOL(bprm_change_interp);
+
 /*
  * install the new credentials for this executable
  */
@@ -1254,7 +1270,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
 int prepare_binprm(struct linux_binprm *bprm)
 {
         umode_t mode;
-        struct inode * inode = bprm->file->f_path.dentry->d_inode;
+        struct inode * inode = file_inode(bprm->file);
         int retval;
 
         mode = inode->i_mode;
@@ -1623,17 +1639,17 @@ EXPORT_SYMBOL(set_binfmt);
 void set_dumpable(struct mm_struct *mm, int value)
 {
         switch (value) {
-        case SUID_DUMPABLE_DISABLED:
+        case SUID_DUMP_DISABLE:
                 clear_bit(MMF_DUMPABLE, &mm->flags);
                 smp_wmb();
                 clear_bit(MMF_DUMP_SECURELY, &mm->flags);
                 break;
-        case SUID_DUMPABLE_ENABLED:
+        case SUID_DUMP_USER:
                 set_bit(MMF_DUMPABLE, &mm->flags);
                 smp_wmb();
                 clear_bit(MMF_DUMP_SECURELY, &mm->flags);
                 break;
-        case SUID_DUMPABLE_SAFE:
+        case SUID_DUMP_ROOT:
                 set_bit(MMF_DUMP_SECURELY, &mm->flags);
                 smp_wmb();
                 set_bit(MMF_DUMPABLE, &mm->flags);
@@ -1646,7 +1662,7 @@ int __get_dumpable(unsigned long mm_flags)
         int ret;
 
         ret = mm_flags & MMF_DUMPABLE_MASK;
-        return (ret > SUID_DUMPABLE_ENABLED) ? SUID_DUMPABLE_SAFE : ret;
+        return (ret > SUID_DUMP_USER) ? SUID_DUMP_ROOT : ret;
 }
 
 int get_dumpable(struct mm_struct *mm)
@@ -1654,7 +1670,6 @@ int get_dumpable(struct mm_struct *mm)
         return __get_dumpable(mm->flags);
 }
 
-#ifdef __ARCH_WANT_SYS_EXECVE
 SYSCALL_DEFINE3(execve,
                 const char __user *, filename,
                 const char __user *const __user *, argv,
@@ -1682,23 +1697,3 @@ asmlinkage long compat_sys_execve(const char __user * filename,
         return error;
 }
 #endif
-#endif
-
-#ifdef __ARCH_WANT_KERNEL_EXECVE
-int kernel_execve(const char *filename,
-                  const char *const argv[],
-                  const char *const envp[])
-{
-        int ret = do_execve(filename,
-                        (const char __user *const __user *)argv,
-                        (const char __user *const __user *)envp);
-        if (ret < 0)
-                return ret;
-
-        /*
-         * We were successful.  We won't be returning to our caller, but
-         * instead to user space by manipulating the kernel stack.
-         */
-        ret_from_kernel_execve(current_pt_regs());
-}
-#endif