From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Zach Levis <zml@linux.vnet.ibm.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>,
Evgeniy Polyakov <zbr@ioremap.net>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org
Subject: [PATCH 2/3] exec: kill "int depth" in search_binary_handler()
Date: Thu, 1 Aug 2013 21:05:14 +0200 [thread overview]
Message-ID: <20130801190514.GA3216@redhat.com> (raw)
In-Reply-To: <20130801190455.GA3194@redhat.com>
Nobody except search_binary_handler() should touch ->recursion_depth,
"int depth" buys nothing but complicates the code, kill it.
Probably we should also kill "fn" and the !NULL check, ->load_binary
should be always defined. And it can not go away after read_unlock()
or this code is buggy anyway.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
fs/exec.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index a9ae4f2..f32079c 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1370,12 +1370,11 @@ EXPORT_SYMBOL(remove_arg_zero);
*/
int search_binary_handler(struct linux_binprm *bprm)
{
- unsigned int depth = bprm->recursion_depth;
- int try,retval;
+ int try, retval;
struct linux_binfmt *fmt;
/* This allows 4 levels of binfmt rewrites before failing hard. */
- if (depth > 5)
+ if (bprm->recursion_depth > 5)
return -ELOOP;
retval = security_bprm_check(bprm);
@@ -1396,9 +1395,9 @@ int search_binary_handler(struct linux_binprm *bprm)
if (!try_module_get(fmt->module))
continue;
read_unlock(&binfmt_lock);
- bprm->recursion_depth = depth + 1;
+ bprm->recursion_depth++;
retval = fn(bprm);
- bprm->recursion_depth = depth;
+ bprm->recursion_depth--;
if (retval >= 0) {
put_binfmt(fmt);
allow_write_access(bprm->file);
--
1.5.5.1
next prev parent reply other threads:[~2013-08-01 19:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-01 19:04 [PATCH 0/3] exec: minor cleanups + minor fix Oleg Nesterov
2013-08-01 19:05 ` [PATCH 1/3] exec: introduce exec_binprm() for "depth == 0" code Oleg Nesterov
2013-08-03 19:05 ` Kees Cook
2013-08-04 14:35 ` Oleg Nesterov
2013-08-04 17:13 ` Kees Cook
2013-08-01 19:05 ` Oleg Nesterov [this message]
2013-08-03 18:28 ` [PATCH 2/3] exec: kill "int depth" in search_binary_handler() Kees Cook
2013-08-03 18:55 ` [PATCH v2 " Oleg Nesterov
2013-08-03 19:31 ` Kees Cook
2013-08-01 19:05 ` [PATCH 3/3] exec: proc_exec_connector() should be called only once Oleg Nesterov
2013-08-03 19:10 ` Kees Cook
2013-08-02 14:09 ` [PATCH 0/3] exec: minor cleanups + minor fix Oleg Nesterov
2013-08-02 14:38 ` Zach Levis
2013-08-04 16:30 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130801190514.GA3216@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
--cc=zbr@ioremap.net \
--cc=zml@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.