From: Christoph Hellwig <hch@infradead.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Al Viro <viro@zeniv.linux.org.uk>,
Luis Chamberlain <mcgrof@kernel.org>,
linux-fsdevel@vger.kernel.org,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
linux-security-module@vger.kernel.org,
"Serge E. Hallyn" <serge@hallyn.com>,
James Morris <jmorris@namei.org>,
Kentaro Takeda <takedakn@nttdata.co.jp>,
Casey Schaufler <casey@schaufler-ca.com>,
John Johansen <john.johansen@canonical.com>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [PATCH 4/7] exec: Move bprm_mm_init into alloc_bprm
Date: Wed, 15 Jul 2020 07:35:15 +0100 [thread overview]
Message-ID: <20200715063515.GD32470@infradead.org> (raw)
In-Reply-To: <87eepe6x7p.fsf@x220.int.ebiederm.org>
On Tue, Jul 14, 2020 at 08:30:02AM -0500, Eric W. Biederman wrote:
>
> Currently it is necessary for the usermode helper code and the code that
> launches init to use set_fs so that pages coming from the kernel look like
> they are coming from userspace.
>
> To allow that usage of set_fs to be removed cleanly the argument copying
> from userspace needs to happen earlier. Move the allocation and
> initialization of bprm->mm into alloc_bprm so that the bprm->mm is
> available early to store the new user stack into. This is a prerequisite
> for copying argv and envp into the new user stack early before ther rest of
> exec.
>
> To keep the things consistent the cleanup of bprm->mm is moved into
> free_bprm. So that bprm->mm will be cleaned up whenever bprm->mm is
> allocated and free_bprm are called.
>
> Moving bprm_mm_init earlier is safe as it does not depend on any files,
> current->in_execve, current->fs->in_exec, bprm->unsafe, or the if the file
> table is shared. (AKA bprm_mm_init does not depend on any of the code that
> happens between alloc_bprm and where it was previously called.)
>
> This moves bprm->mm cleanup after current->fs->in_exec is set to 0. This
> is safe because current->fs->in_exec is only used to preventy taking an
> additional reference on the fs_struct.
>
> This moves bprm->mm cleanup after current->in_execve is set to 0. This is
> safe because current->in_execve is only used by the lsms (apparmor and
> tomoyou) and always for LSM specific functions, never for anything to do
> with the mm.
>
> This adds bprm->mm cleanup into the successful return path. This is safe
> because being on the successful return path implies that begin_new_exec
> succeeded and set brpm->mm to NULL. As bprm->mm is NULL bprm cleanup I am
> moving into free_bprm will do nothing.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Looks good,
Reviewed-by: Christoph Hellwig <hch@lst.de>
next prev parent reply other threads:[~2020-07-15 6:35 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 13:27 [PATCH 0/7] Implementing kernel_execve Eric W. Biederman
2020-07-14 13:28 ` [PATCH 1/7] exec: Remove unnecessary spaces from binfmts.h Eric W. Biederman
2020-07-14 21:38 ` Kees Cook
2020-07-15 6:28 ` Christoph Hellwig
2020-07-14 13:29 ` [PATCH 2/7] exec: Factor out alloc_bprm Eric W. Biederman
2020-07-14 21:38 ` Kees Cook
2020-07-15 6:30 ` Christoph Hellwig
2020-07-14 13:29 ` [PATCH 3/7] exec: Move initialization of bprm->filename into alloc_bprm Eric W. Biederman
2020-07-14 21:38 ` Kees Cook
2020-07-15 6:34 ` Christoph Hellwig
2020-07-14 13:30 ` [PATCH 4/7] exec: Move bprm_mm_init " Eric W. Biederman
2020-07-14 21:37 ` Kees Cook
2020-07-15 6:35 ` Christoph Hellwig [this message]
2020-07-14 13:30 ` [PATCH 5/7] exec: Factor bprm_execve out of do_execve_common Eric W. Biederman
2020-07-14 21:38 ` Kees Cook
2020-07-15 6:36 ` Christoph Hellwig
2020-07-14 13:31 ` [PATCH 6/7] exec: Factor bprm_stack_limits out of prepare_arg_pages Eric W. Biederman
2020-07-14 21:41 ` Kees Cook
2020-07-15 6:38 ` Christoph Hellwig
2020-07-14 13:31 ` [PATCH 7/7] exec: Implement kernel_execve Eric W. Biederman
2020-07-14 21:49 ` Kees Cook
2020-07-15 6:42 ` Christoph Hellwig
2020-07-15 14:55 ` David Laight
2020-07-15 15:09 ` Kees Cook
2020-07-15 16:46 ` David Laight
2020-07-15 15:00 ` Kees Cook
2020-07-15 18:20 ` Christoph Hellwig
2020-07-15 6:42 ` Christoph Hellwig
2020-07-15 18:23 ` Eric W. Biederman
2020-07-14 15:32 ` [PATCH 0/7] Implementing kernel_execve Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200715063515.GD32470@infradead.org \
--to=hch@infradead.org \
--cc=bp@alien8.de \
--cc=casey@schaufler-ca.com \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@redhat.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=serge@hallyn.com \
--cc=takedakn@nttdata.co.jp \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.