| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jan 2008 14:06:17 +0300 From: Oleg Nesterov <oleg@...sign.ru> To: Matt Helsley <matthltc@...ibm.com> Cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, dhowells@...hat.com, ebiederm@...ssion.com, hch@....de, viro@...iv.linux.org.uk Subject: Re: + fix-procfs-task-exe-symlink.patch added to -mm tree On 01/29, Matt Helsley wrote: > > On Tue, 2008-01-29 at 14:36 +0300, Oleg Nesterov wrote: > > > > This patch has a lot of complications because it tries to preserve the > > current behaviour: we release the bprm->file when all VM_EXECTUABLE vmas > > are unmapped. Q: is this so important/useful? I don't think this is very > > common case, and I don't quite understand why it is critical to release > > the file. To unmount fs after starting the app? One can always copy > > Yes. While most programs don't need this it is still very important for > some critical programs to be able to unmap the executable and thereby > allow unmounting the filesystem. Unfortunately, I don't have a confirmed > specific example for you. A wild guess: some distro install or live CDs > might use this. OK, thanks. I just wanted to be sure I didn't miss some other reason. > > Sorry, I was wrong. > > > > mmput() has to release ->exe_file if it is called when exec fails before the > > first do_mmmap(MAP_EXECUTABLE). This also means that it is not completely > > trivial to set ->exe_file before exec_mmap(), it can fail. This is solvable, > > but I'm not sure we should do this. > > > > Still, the accounting looks a little bit fragile to me. flush_old_exec() > > increments ->f_count but sets ->num_exe_file_vmas = 0 because we know that > > the next elf_map() will bump ->num_exe_file_vmas and thus "sync" 2 counters. > > But I don't see how to do better if we really want to release the file when > > VM_EXECUTABLE disappears. > > OK, I'll leave it unless something better comes to mind. Err, I was double wrong. It _is_ trivial to set ->exe_file before exec_mmap(), flush_old_exec: + get_file(bprm->file); + set_mm_exe_file(bprm->mm, bprm->file); retval = exec_mmap(bprm->mm); if (retval) goto mmap_failed; bprm->mm = NULL; /* We're using it now */ If exec_mmap() fails, the caller (do_execve) has to mmput(bprm->mm) anyway, and this imply set_mm_exe_file(NULL). This way set_mm_exe_file() doesn't need any locking. Not that this is relly important, but still. However. I didn't notice this patch plays with #ifdef CONFIG_PROC_FS. Without CONFIG_PROC_FS we seem to leak bprm->file, I'd suggest to move get_file(bprm->file) into set_mm_exe_file(). > Thanks for taking a look at this patch and asking questions. Thanks for your answers ;) Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists