From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Kentaro Takeda <takedakn@nttdata.co.jp>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Eric Biederman <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
Sasha Levin <sashal@kernel.org>,
mingo@redhat.com, peterz@infradead.org, juri.lelli@redhat.com,
vincent.guittot@linaro.org, surenb@google.com,
michael.christie@oracle.com, mst@redhat.com, mjguzik@gmail.com,
npiggin@gmail.com, zhangpeng.00@bytedance.com, hca@linux.ibm.com
Subject: [PATCH AUTOSEL 5.10 7/8] exec: Distinguish in_execve from in_exec
Date: Fri, 2 Feb 2024 13:41:51 -0500 [thread overview]
Message-ID: <20240202184156.541981-7-sashal@kernel.org> (raw)
In-Reply-To: <20240202184156.541981-1-sashal@kernel.org>
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 90383cc07895183c75a0db2460301c2ffd912359 ]
Just to help distinguish the fs->in_exec flag from the current->in_execve
flag, add comments in check_unsafe_exec() and copy_fs() for more
context. Also note that in_execve is only used by TOMOYO now.
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-mm@kvack.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/exec.c | 1 +
include/linux/sched.h | 2 +-
kernel/fork.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/exec.c b/fs/exec.c
index 983295c0b8ac..b809f4a39296 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1565,6 +1565,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
+ /* "users" and "in_exec" locked for copy_fs() */
if (p->fs->users > n_fs)
bprm->unsafe |= LSM_UNSAFE_SHARE;
else
diff --git a/include/linux/sched.h b/include/linux/sched.h
index aa015416c569..65cfe85de8d5 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -806,7 +806,7 @@ struct task_struct {
*/
unsigned sched_remote_wakeup:1;
- /* Bit to tell LSMs we're in execve(): */
+ /* Bit to tell TOMOYO we're in execve(): */
unsigned in_execve:1;
unsigned in_iowait:1;
#ifndef TIF_RESTORE_SIGMASK
diff --git a/kernel/fork.c b/kernel/fork.c
index 633b0af1d1a7..906dbaf25058 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1452,6 +1452,7 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
if (clone_flags & CLONE_FS) {
/* tsk->fs is already what we want */
spin_lock(&fs->lock);
+ /* "users" and "in_exec" locked for check_unsafe_exec() */
if (fs->in_exec) {
spin_unlock(&fs->lock);
return -EAGAIN;
--
2.43.0
next prev parent reply other threads:[~2024-02-02 18:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-02 18:41 [PATCH AUTOSEL 5.10 1/8] wifi: cfg80211: fix missing interfaces when dumping Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 2/8] wifi: mac80211: fix race condition on enabling fast-xmit Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 3/8] fbdev: savage: Error out if pixclock equals zero Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 4/8] fbdev: sis: " Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 5/8] spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 6/8] ahci: asm1166: correct count of reported ports Sasha Levin
2024-02-02 18:41 ` Sasha Levin [this message]
2024-02-18 19:12 ` [PATCH AUTOSEL 5.10 7/8] exec: Distinguish in_execve from in_exec Pavel Machek
2024-02-22 12:36 ` Sasha Levin
2024-02-02 18:41 ` [PATCH AUTOSEL 5.10 8/8] ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240202184156.541981-7-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=bigeasy@linutronix.de \
--cc=brauner@kernel.org \
--cc=ebiederm@xmission.com \
--cc=hca@linux.ibm.com \
--cc=jack@suse.cz \
--cc=juri.lelli@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=michael.christie@oracle.com \
--cc=mingo@redhat.com \
--cc=mjguzik@gmail.com \
--cc=mst@redhat.com \
--cc=npiggin@gmail.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=surenb@google.com \
--cc=takedakn@nttdata.co.jp \
--cc=vincent.guittot@linaro.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zhangpeng.00@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.