Commit 25cf336d authored by Eric W. Biederman's avatar Eric W. Biederman

exec: Remove do_execve_file

Now that the last callser has been removed remove this code from exec.

For anyone thinking of resurrecing do_execve_file please note that
the code was buggy in several fundamental ways.

- It did not ensure the file it was passed was read-only and that
  deny_write_access had been called on it.  Which subtlely breaks
  invaniants in exec.

- The caller of do_execve_file was expected to hold and put a
  reference to the file, but an extra reference for use by exec was
  not taken so that when exec put it's reference to the file an
  underflow occured on the file reference count.

- The point of the interface was so that a pathname did not need to
  exist.  Which breaks pathname based LSMs.

Tetsuo Handa originally reported these issues[1].  While it was clear
that deny_write_access was missing the fundamental incompatibility
with the passed in O_RDWR filehandle was not immediately recognized.

All of these issues were fixed by modifying the usermode driver code
to have a path, so it did not need this hack.
Reported-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[1] https://lore.kernel.org/linux-fsdevel/2a8775b4-1dd5-9d5c-aa42-9872445e0942@i-love.sakura.ne.jp/
v1: https://lkml.kernel.org/r/871rm2f0hi.fsf_-_@x220.int.ebiederm.org
v2: https://lkml.kernel.org/r/87lfk54p0m.fsf_-_@x220.int.ebiederm.org
Link: https://lkml.kernel.org/r/20200702164140.4468-10-ebiederm@xmission.comReviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
Tested-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 55e6074e
...@@ -1818,13 +1818,14 @@ static int exec_binprm(struct linux_binprm *bprm) ...@@ -1818,13 +1818,14 @@ static int exec_binprm(struct linux_binprm *bprm)
/* /*
* sys_execve() executes a new program. * sys_execve() executes a new program.
*/ */
static int __do_execve_file(int fd, struct filename *filename, static int do_execveat_common(int fd, struct filename *filename,
struct user_arg_ptr argv, struct user_arg_ptr argv,
struct user_arg_ptr envp, struct user_arg_ptr envp,
int flags, struct file *file) int flags)
{ {
char *pathbuf = NULL; char *pathbuf = NULL;
struct linux_binprm *bprm; struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced; struct files_struct *displaced;
int retval; int retval;
...@@ -1863,7 +1864,6 @@ static int __do_execve_file(int fd, struct filename *filename, ...@@ -1863,7 +1864,6 @@ static int __do_execve_file(int fd, struct filename *filename,
check_unsafe_exec(bprm); check_unsafe_exec(bprm);
current->in_execve = 1; current->in_execve = 1;
if (!file)
file = do_open_execat(fd, filename, flags); file = do_open_execat(fd, filename, flags);
retval = PTR_ERR(file); retval = PTR_ERR(file);
if (IS_ERR(file)) if (IS_ERR(file))
...@@ -1872,9 +1872,7 @@ static int __do_execve_file(int fd, struct filename *filename, ...@@ -1872,9 +1872,7 @@ static int __do_execve_file(int fd, struct filename *filename,
sched_exec(); sched_exec();
bprm->file = file; bprm->file = file;
if (!filename) { if (fd == AT_FDCWD || filename->name[0] == '/') {
bprm->filename = "none";
} else if (fd == AT_FDCWD || filename->name[0] == '/') {
bprm->filename = filename->name; bprm->filename = filename->name;
} else { } else {
if (filename->name[0] == '\0') if (filename->name[0] == '\0')
...@@ -1935,7 +1933,6 @@ static int __do_execve_file(int fd, struct filename *filename, ...@@ -1935,7 +1933,6 @@ static int __do_execve_file(int fd, struct filename *filename,
task_numa_free(current, false); task_numa_free(current, false);
free_bprm(bprm); free_bprm(bprm);
kfree(pathbuf); kfree(pathbuf);
if (filename)
putname(filename); putname(filename);
if (displaced) if (displaced)
put_files_struct(displaced); put_files_struct(displaced);
...@@ -1967,27 +1964,10 @@ static int __do_execve_file(int fd, struct filename *filename, ...@@ -1967,27 +1964,10 @@ static int __do_execve_file(int fd, struct filename *filename,
if (displaced) if (displaced)
reset_files_struct(displaced); reset_files_struct(displaced);
out_ret: out_ret:
if (filename)
putname(filename); putname(filename);
return retval; return retval;
} }
static int do_execveat_common(int fd, struct filename *filename,
struct user_arg_ptr argv,
struct user_arg_ptr envp,
int flags)
{
return __do_execve_file(fd, filename, argv, envp, flags, NULL);
}
int do_execve_file(struct file *file, void *__argv, void *__envp)
{
struct user_arg_ptr argv = { .ptr.native = __argv };
struct user_arg_ptr envp = { .ptr.native = __envp };
return __do_execve_file(AT_FDCWD, NULL, argv, envp, 0, file);
}
int do_execve(struct filename *filename, int do_execve(struct filename *filename,
const char __user *const __user *__argv, const char __user *const __user *__argv,
const char __user *const __user *__envp) const char __user *const __user *__envp)
......
...@@ -141,6 +141,5 @@ extern int do_execveat(int, struct filename *, ...@@ -141,6 +141,5 @@ extern int do_execveat(int, struct filename *,
const char __user * const __user *, const char __user * const __user *,
const char __user * const __user *, const char __user * const __user *,
int); int);
int do_execve_file(struct file *file, void *__argv, void *__envp);
#endif /* _LINUX_BINFMTS_H */ #endif /* _LINUX_BINFMTS_H */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment