[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20240124192336.work.346-kees@kernel.org>
Date: Wed, 24 Jan 2024 11:23:36 -0800
From: Kees Cook <keescook@...omium.org>
To: Kentaro Takeda <takedakn@...data.co.jp>
Cc: Kees Cook <keescook@...omium.org>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>,
Jan Kara <jack@...e.cz>,
Eric Biederman <ebiederm@...ssion.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Juri Lelli <juri.lelli@...hat.com>,
Vincent Guittot <vincent.guittot@...aro.org>,
Dietmar Eggemann <dietmar.eggemann@....com>,
Steven Rostedt <rostedt@...dmis.org>,
Ben Segall <bsegall@...gle.com>,
Mel Gorman <mgorman@...e.de>,
Daniel Bristot de Oliveira <bristot@...hat.com>,
Valentin Schneider <vschneid@...hat.com>,
Suren Baghdasaryan <surenb@...gle.com>,
Mike Christie <michael.christie@...cle.com>,
"Michael S. Tsirkin" <mst@...hat.com>,
Mateusz Guzik <mjguzik@...il.com>,
Nicholas Piggin <npiggin@...il.com>,
Peng Zhang <zhangpeng.00@...edance.com>,
Heiko Carstens <hca@...ux.ibm.com>,
linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: [PATCH] exec: Distinguish in_execve from in_exec
Just to help distinguish the fs->in_exec flag from the current->in_execve
flag, add comments in check_unsafe_exec() and copy_fs() for more
context. Also note that in_execve is only used by TOMOYO now.
Cc: Kentaro Takeda <takedakn@...data.co.jp>
Cc: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc: Alexander Viro <viro@...iv.linux.org.uk>
Cc: Christian Brauner <brauner@...nel.org>
Cc: Jan Kara <jack@...e.cz>
Cc: Eric Biederman <ebiederm@...ssion.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: linux-fsdevel@...r.kernel.org
Cc: linux-mm@...ck.org
Signed-off-by: Kees Cook <keescook@...omium.org>
---
fs/exec.c | 1 +
include/linux/sched.h | 2 +-
kernel/fork.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/exec.c b/fs/exec.c
index 39d773021fff..d179abb78a1c 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1633,6 +1633,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
+ /* "users" and "in_exec" locked for copy_fs() */
if (p->fs->users > n_fs)
bprm->unsafe |= LSM_UNSAFE_SHARE;
else
diff --git a/include/linux/sched.h b/include/linux/sched.h
index cdb8ea53c365..ffe8f618ab86 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -920,7 +920,7 @@ struct task_struct {
unsigned sched_rt_mutex:1;
#endif
- /* Bit to tell LSMs we're in execve(): */
+ /* Bit to tell TOMOYO we're in execve(): */
unsigned in_execve:1;
unsigned in_iowait:1;
#ifndef TIF_RESTORE_SIGMASK
diff --git a/kernel/fork.c b/kernel/fork.c
index 47ff3b35352e..0d944e92a43f 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1748,6 +1748,7 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
if (clone_flags & CLONE_FS) {
/* tsk->fs is already what we want */
spin_lock(&fs->lock);
+ /* "users" and "in_exec" locked for check_unsafe_exec() */
if (fs->in_exec) {
spin_unlock(&fs->lock);
return -EAGAIN;
--
2.34.1
Powered by blists - more mailing lists