]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commitdiff
exec: kill "int depth" in search_binary_handler()
authorOleg Nesterov <oleg@redhat.com>
Wed, 11 Sep 2013 21:24:39 +0000 (14:24 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 11 Sep 2013 22:59:04 +0000 (15:59 -0700)
Nobody except search_binary_handler() should touch ->recursion_depth, "int
depth" buys nothing but complicates the code, kill it.

Probably we should also kill "fn" and the !NULL check, ->load_binary
should be always defined.  And it can not go away after read_unlock() or
this code is buggy anyway.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Evgeniy Polyakov <zbr@ioremap.net>
Cc: Zach Levis <zml@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/exec.c
include/linux/binfmts.h

index 4d95b4709ea0b435fa1a170e90d0d9451a7193e6..b6e35ec818a2a55354d67ec74a6e21eefd35af00 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1370,12 +1370,11 @@ EXPORT_SYMBOL(remove_arg_zero);
  */
 int search_binary_handler(struct linux_binprm *bprm)
 {
-       unsigned int depth = bprm->recursion_depth;
-       int try,retval;
+       int try, retval;
        struct linux_binfmt *fmt;
 
        /* This allows 4 levels of binfmt rewrites before failing hard. */
-       if (depth > 5)
+       if (bprm->recursion_depth > 5)
                return -ELOOP;
 
        retval = security_bprm_check(bprm);
@@ -1396,9 +1395,9 @@ int search_binary_handler(struct linux_binprm *bprm)
                        if (!try_module_get(fmt->module))
                                continue;
                        read_unlock(&binfmt_lock);
-                       bprm->recursion_depth = depth + 1;
+                       bprm->recursion_depth++;
                        retval = fn(bprm);
-                       bprm->recursion_depth = depth;
+                       bprm->recursion_depth--;
                        if (retval >= 0) {
                                put_binfmt(fmt);
                                allow_write_access(bprm->file);
index 70cf138690e9184678b1dea1aa9a23dd1a10a487..e8112ae5053131c47a1e472985fc1628ddd5e8eb 100644 (file)
@@ -31,7 +31,7 @@ struct linux_binprm {
 #ifdef __alpha__
        unsigned int taso:1;
 #endif
-       unsigned int recursion_depth;
+       unsigned int recursion_depth; /* only for search_binary_handler() */
        struct file * file;
        struct cred *cred;      /* new credentials */
        int unsafe;             /* how unsafe this exec is (mask of LSM_UNSAFE_*) */