[PATCH v2 2/8] exec: kill "int depth" in search_binary_handler()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>,
	Evgeniy Polyakov <zbr@ioremap.net>,
	Kees Cook <keescook@chromium.org>,
	Zach Levis <zml@linux.vnet.ibm.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v2 2/8] exec: kill "int depth" in search_binary_handler()
Date: Mon, 5 Aug 2013 15:41:33 +0200	[thread overview]
Message-ID: <20130805134133.GA15629@redhat.com> (raw)
In-Reply-To: <20130805134113.GA15603@redhat.com>

Nobody except search_binary_handler() should touch ->recursion_depth,
"int depth" buys nothing but complicates the code, kill it.

Probably we should also kill "fn" and the !NULL check, ->load_binary
should be always defined. And it can not go away after read_unlock()
or this code is buggy anyway.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
---
 fs/exec.c               |    9 ++++-----
 include/linux/binfmts.h |    2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index a9ae4f2..f32079c 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1370,12 +1370,11 @@ EXPORT_SYMBOL(remove_arg_zero);
  */
 int search_binary_handler(struct linux_binprm *bprm)
 {
-	unsigned int depth = bprm->recursion_depth;
-	int try,retval;
+	int try, retval;
 	struct linux_binfmt *fmt;
 
 	/* This allows 4 levels of binfmt rewrites before failing hard. */
-	if (depth > 5)
+	if (bprm->recursion_depth > 5)
 		return -ELOOP;
 
 	retval = security_bprm_check(bprm);
@@ -1396,9 +1395,9 @@ int search_binary_handler(struct linux_binprm *bprm)
 			if (!try_module_get(fmt->module))
 				continue;
 			read_unlock(&binfmt_lock);
-			bprm->recursion_depth = depth + 1;
+			bprm->recursion_depth++;
 			retval = fn(bprm);
-			bprm->recursion_depth = depth;
+			bprm->recursion_depth--;
 			if (retval >= 0) {
 				put_binfmt(fmt);
 				allow_write_access(bprm->file);
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 70cf138..e8112ae 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -31,7 +31,7 @@ struct linux_binprm {
 #ifdef __alpha__
 	unsigned int taso:1;
 #endif
-	unsigned int recursion_depth;
+	unsigned int recursion_depth; /* only for search_binary_handler() */
 	struct file * file;
 	struct cred *cred;	/* new credentials */
 	int unsafe;		/* how unsafe this exec is (mask of LSM_UNSAFE_*) */
-- 
1.5.5.1

next prev parent reply	other threads:[~2013-08-05 13:47 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-05 13:41 [PATCH v2 0/8] exec: cleanup search_binary_handler() Oleg Nesterov
2013-08-05 13:41 ` [PATCH v2 1/8] exec: introduce exec_binprm() for "depth == 0" code Oleg Nesterov
2013-08-05 13:41 ` Oleg Nesterov [this message]
2013-08-05 13:41 ` [PATCH v2 3/8] exec: proc_exec_connector() should be called only once Oleg Nesterov
2013-08-05 13:41 ` [PATCH v2 4/8] exec: move allow_write_access/fput to exec_binprm() Oleg Nesterov
2013-08-05 13:41 ` [PATCH v2 5/8] exec: kill ->load_binary != NULL check in search_binary_handler() Oleg Nesterov
2013-08-05 13:41 ` [PATCH v2 6/8] exec: cleanup the CONFIG_MODULES logic Oleg Nesterov
2013-08-05 13:41 ` [PATCH v2 7/8] exec: don't retry if request_module() fails Oleg Nesterov
2013-08-05 13:41 ` [PATCH v2 8/8] exec: cleanup the error handling in search_binary_handler() Oleg Nesterov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a9ae4f2 dfblob:f32079c dfblob:70cf138 dfblob:e8112ae )
 OR (
bs:"[PATCH v2 2/8] exec: kill "
bs:"int depth"
bs:" in search_binary_handler()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130805134133.GA15629@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@ZenIV.linux.org.uk \
    --cc=zbr@ioremap.net \
    --cc=zml@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.