| Message ID | AM8PR10MB47081071E64EAAB343196D5AE4399@AM8PR10MB4708.EURPRD10.PROD.OUTLOOK.COM (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix error handling in begin_new_exec | expand |
Bernd Edlinger <bernd.edlinger@hotmail.de> writes: > If get_unused_fd_flags() fails, the error handling is incomplete > because bprm->cred is already set to NULL, and therefore > free_bprm will not unlock the cred_guard_mutex. > Note there are two error conditions which end up here, > one before and one after bprm->cred is cleared. Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Yuck. I wonder if there is a less error prone idiom we could be using here than testing bprm->cred in free_bprm. Especially as this lock is expected to stay held through setup_new_exec. Something feels too clever here. > Fixes: b8a61c9e7b4 ("exec: Generic execfd support") > > Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de> > --- > fs/exec.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/exec.c b/fs/exec.c > index 18594f1..d8af85f 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1396,6 +1396,9 @@ int begin_new_exec(struct linux_binprm * bprm) > > out_unlock: > up_write(&me->signal->exec_update_lock); > + if (!bprm->cred) > + mutex_unlock(&me->signal->cred_guard_mutex); > + > out: > return retval; > }
Ping... On 6/6/21 21:34, Eric W. Biederman wrote: > Bernd Edlinger <bernd.edlinger@hotmail.de> writes: > >> If get_unused_fd_flags() fails, the error handling is incomplete >> because bprm->cred is already set to NULL, and therefore >> free_bprm will not unlock the cred_guard_mutex. >> Note there are two error conditions which end up here, >> one before and one after bprm->cred is cleared. > > Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> > > Yuck. I wonder if there is a less error prone idiom we could be using > here than testing bprm->cred in free_bprm. Especially as this lock is > expected to stay held through setup_new_exec. > > Something feels too clever here. > >> Fixes: b8a61c9e7b4 ("exec: Generic execfd support") Note, ./scripts/checkpatch.pl complains about the too short commit hash here, I overlooked that previously: WARNING: Please use correct Fixes: style 'Fixes: <12 chars of sha1> ("<title line>")' - ie: 'Fixes: b8a61c9e7b4a ("exec: Generic execfd support")' Could you please fix that before merging, the correct Fixes reference would be: Fixes: b8a61c9e7b4a ("exec: Generic execfd support") Thanks Bernd. >> >> Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de> >> --- >> fs/exec.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/fs/exec.c b/fs/exec.c >> index 18594f1..d8af85f 100644 >> --- a/fs/exec.c >> +++ b/fs/exec.c >> @@ -1396,6 +1396,9 @@ int begin_new_exec(struct linux_binprm * bprm) >> >> out_unlock: >> up_write(&me->signal->exec_update_lock); >> + if (!bprm->cred) >> + mutex_unlock(&me->signal->cred_guard_mutex); >> + >> out: >> return retval; >> }
diff --git a/fs/exec.c b/fs/exec.c index 18594f1..d8af85f 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1396,6 +1396,9 @@ int begin_new_exec(struct linux_binprm * bprm) out_unlock: up_write(&me->signal->exec_update_lock); + if (!bprm->cred) + mutex_unlock(&me->signal->cred_guard_mutex); + out: return retval; }
If get_unused_fd_flags() fails, the error handling is incomplete because bprm->cred is already set to NULL, and therefore free_bprm will not unlock the cred_guard_mutex. Note there are two error conditions which end up here, one before and one after bprm->cred is cleared. Fixes: b8a61c9e7b4 ("exec: Generic execfd support") Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de> --- fs/exec.c | 3 +++ 1 file changed, 3 insertions(+)