* [PATCH] Fix bug: flat binary loader doesn't check fd table full @ 2006-03-23 7:10 Luke Yang 2006-03-23 7:46 ` Andrew Morton 0 siblings, 1 reply; 7+ messages in thread From: Luke Yang @ 2006-03-23 7:10 UTC (permalink / raw) To: linux-kernel Hi all, In the binfmt_flat.c, the flat binary loader should check file descriptor table and install the fd on the file. diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index 108d56b..6388187 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -493,6 +493,13 @@ static int load_flat_file(struct linux_b if (data_len + bss_len > rlim) return -ENOMEM; + /* check file descriptor */ + int retval = get_unused_fd(); + if (retval < 0) + return -EMFILE; + get_file(bprm->file); + fd_install(retval, bprm->file); + /* Flush all traces of the currently running executable */ if (id == 0) { result = flush_old_exec(bprm); signed-off-by: Luke Yang <luke.adi@gmail.com> -- Best regards, Luke Yang magic.yyang@gmail.com; luke.adi@gmail.com ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix bug: flat binary loader doesn't check fd table full 2006-03-23 7:10 [PATCH] Fix bug: flat binary loader doesn't check fd table full Luke Yang @ 2006-03-23 7:46 ` Andrew Morton [not found] ` <489ecd0c0603230115h4dd2b16fg54cfd97739a8b339@mail.gmail.com> 0 siblings, 1 reply; 7+ messages in thread From: Andrew Morton @ 2006-03-23 7:46 UTC (permalink / raw) To: Luke Yang; +Cc: linux-kernel "Luke Yang" <luke.adi@gmail.com> wrote: > > Hi all, > > In the binfmt_flat.c, the flat binary loader should check file > descriptor table and install the fd on the file. > Please put the Signed-off-by: at the end of the changelog, not at the end of the email. By convention, Signed-off-by: starts with an upper-case 'S'. > diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c gmail mangles patches by replacing tabs with spaces. I don't think there's a fix for that apart from using text/plain attachments or switching mail setups. Using attachments is unpopular because it makes it harder to reply to the email, quoting parts of the patch. > index 108d56b..6388187 100644 > --- a/fs/binfmt_flat.c > +++ b/fs/binfmt_flat.c > @@ -493,6 +493,13 @@ static int load_flat_file(struct linux_b > if (data_len + bss_len > rlim) > return -ENOMEM; > > + /* check file descriptor */ > + int retval = get_unused_fd(); Please don't declare variables in the middle of functions like this. It's contrary to kernel style and some gcc versions will emit warnings. > + if (retval < 0) > + return -EMFILE; > + get_file(bprm->file); > + fd_install(retval, bprm->file); > + But if this function returns an error from this point on, we'll leak a reference on bprm->file. Note how load_elf_binary() does sys_close(elf_exec_fileno) in various places. You'll find it's a pain in the ass to fix this, because load_flat_file() has no fewer than 17 return statements in it. Here we learn why we shouldn't do that. The preferred fix would be to convert load_flat_file() to have a single exit-point (via gotos) (or maybe one return point for success and one for errors. No more). And to then layer this bugfix on top of that. All the gotos after the get_file() should be to a different label: one which does the sys_close() and then falls through to the final return statement. err, I did this really quickly. Please review and test: diff -puN fs/binfmt_flat.c~fix-bug-flat-binary-loader-doesnt-check-fd-table-full fs/binfmt_flat.c --- devel/fs/binfmt_flat.c~fix-bug-flat-binary-loader-doesnt-check-fd-table-full 2006-03-22 23:28:34.000000000 -0800 +++ devel-akpm/fs/binfmt_flat.c 2006-03-22 23:45:34.000000000 -0800 @@ -426,6 +426,8 @@ static int load_flat_file(struct linux_b int i, rev, relocs = 0; loff_t fpos; unsigned long start_code, end_code; + int ret; + int exec_fileno; hdr = ((struct flat_hdr *) bprm->buf); /* exec-header */ inode = bprm->file->f_dentry->d_inode; @@ -450,7 +452,8 @@ static int load_flat_file(struct linux_b */ if (strncmp(hdr->magic, "#!", 2)) printk("BINFMT_FLAT: bad header magic\n"); - return -ENOEXEC; + ret = -ENOEXEC; + goto err; } if (flags & FLAT_FLAG_KTRACE) @@ -458,14 +461,16 @@ static int load_flat_file(struct linux_b if (rev != FLAT_VERSION && rev != OLD_FLAT_VERSION) { printk("BINFMT_FLAT: bad flat file version 0x%x (supported 0x%x and 0x%x)\n", rev, FLAT_VERSION, OLD_FLAT_VERSION); - return -ENOEXEC; + ret = -ENOEXEC; + goto err; } /* Don't allow old format executables to use shared libraries */ if (rev == OLD_FLAT_VERSION && id != 0) { printk("BINFMT_FLAT: shared libraries are not available before rev 0x%x\n", (int) FLAT_VERSION); - return -ENOEXEC; + ret = -ENOEXEC; + goto err; } /* @@ -478,7 +483,8 @@ static int load_flat_file(struct linux_b #ifndef CONFIG_BINFMT_ZFLAT if (flags & (FLAT_FLAG_GZIP|FLAT_FLAG_GZDATA)) { printk("Support for ZFLAT executables is not enabled.\n"); - return -ENOEXEC; + ret = -ENOEXEC; + goto err; } #endif @@ -490,14 +496,27 @@ static int load_flat_file(struct linux_b rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; - if (data_len + bss_len > rlim) - return -ENOMEM; + if (data_len + bss_len > rlim) { + ret = -ENOMEM; + goto err; + } + + /* check file descriptor */ + exec_fileno = get_unused_fd(); + if (exec_fileno < 0) { + ret = -EMFILE; + goto err; + } + get_file(bprm->file); + fd_install(exec_fileno, bprm->file); /* Flush all traces of the currently running executable */ if (id == 0) { result = flush_old_exec(bprm); - if (result) - return result; + if (result) { + ret = result; + goto err_close; + } /* OK, This is the point of no return */ set_personality(PER_LINUX); @@ -527,7 +546,8 @@ static int load_flat_file(struct linux_b if (!textpos) textpos = (unsigned long) -ENOMEM; printk("Unable to mmap process text, errno %d\n", (int)-textpos); - return(textpos); + ret = textpos; + goto err_close; } down_write(¤t->mm->mmap_sem); @@ -542,7 +562,8 @@ static int load_flat_file(struct linux_b printk("Unable to allocate RAM for process data, errno %d\n", (int)-datapos); do_munmap(current->mm, textpos, text_len); - return realdatastart; + ret = realdatastart; + goto err_close; } datapos = realdatastart + MAX_SHARED_LIBS * sizeof(unsigned long); @@ -564,7 +585,8 @@ static int load_flat_file(struct linux_b printk("Unable to read data+bss, errno %d\n", (int)-result); do_munmap(current->mm, textpos, text_len); do_munmap(current->mm, realdatastart, data_len + extra); - return result; + ret = result; + goto err_close; } reloc = (unsigned long *) (datapos+(ntohl(hdr->reloc_start)-text_len)); @@ -582,7 +604,8 @@ static int load_flat_file(struct linux_b textpos = (unsigned long) -ENOMEM; printk("Unable to allocate RAM for process text/data, errno %d\n", (int)-textpos); - return(textpos); + ret = textpos; + goto err_close; } realdatastart = textpos + ntohl(hdr->data_start); @@ -627,7 +650,8 @@ static int load_flat_file(struct linux_b printk("Unable to read code+data+bss, errno %d\n",(int)-result); do_munmap(current->mm, textpos, text_len + data_len + extra + MAX_SHARED_LIBS * sizeof(unsigned long)); - return result; + ret = result; + goto err_close; } } @@ -690,8 +714,10 @@ static int load_flat_file(struct linux_b unsigned long addr; if (*rp) { addr = calc_reloc(*rp, libinfo, id, 0); - if (addr == RELOC_FAILED) - return -ENOEXEC; + if (addr == RELOC_FAILED) { + ret = -ENOEXEC; + goto err_close; + } *rp = addr; } } @@ -718,8 +744,10 @@ static int load_flat_file(struct linux_b relval = ntohl(reloc[i]); addr = flat_get_relocate_addr(relval); rp = (unsigned long *) calc_reloc(addr, libinfo, id, 1); - if (rp == (unsigned long *)RELOC_FAILED) - return -ENOEXEC; + if (rp == (unsigned long *)RELOC_FAILED) { + ret = -ENOEXEC; + goto err_close; + } /* Get the pointer's value. */ addr = flat_get_addr_from_rp(rp, relval, flags); @@ -731,8 +759,10 @@ static int load_flat_file(struct linux_b if ((flags & FLAT_FLAG_GOTPIC) == 0) addr = ntohl(addr); addr = calc_reloc(addr, libinfo, id, 0); - if (addr == RELOC_FAILED) - return -ENOEXEC; + if (addr == RELOC_FAILED) { + ret = -ENOEXEC; + goto err_close; + } /* Write back the relocated pointer. */ flat_put_addr_at_rp(rp, addr, relval); @@ -752,6 +782,10 @@ static int load_flat_file(struct linux_b stack_len); return 0; +err_close: + sys_close(exec_fileno); +err: + return ret; } _ ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <489ecd0c0603230115h4dd2b16fg54cfd97739a8b339@mail.gmail.com>]
* Re: [PATCH] Fix bug: flat binary loader doesn't check fd table full [not found] ` <489ecd0c0603230115h4dd2b16fg54cfd97739a8b339@mail.gmail.com> @ 2006-03-23 9:17 ` Andrew Morton 2006-03-25 4:53 ` Paul Jackson 0 siblings, 1 reply; 7+ messages in thread From: Andrew Morton @ 2006-03-23 9:17 UTC (permalink / raw) To: Luke Yang; +Cc: linux-kernel "Luke Yang" <luke.adi@gmail.com> wrote: > > Thanks, I tested you patch. Just one thing: syscall.h is needed to call > sys_close(). ah, yes. > Anyone knows how to avoid "tab to space" converting in gmail? If I knew, I'd put it in my .signature :( ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix bug: flat binary loader doesn't check fd table full 2006-03-23 9:17 ` Andrew Morton @ 2006-03-25 4:53 ` Paul Jackson 2006-03-25 15:26 ` Luke Yang 0 siblings, 1 reply; 7+ messages in thread From: Paul Jackson @ 2006-03-25 4:53 UTC (permalink / raw) To: Andrew Morton; +Cc: luke.adi, linux-kernel > > Anyone knows how to avoid "tab to space" converting in gmail? > > If I knew, I'd put it in my .signature :( If you use sendpatchset: http://www.speakeasy.org/~pj99/sgi/sendpatchset with the gmail SMTP server "smtp.gmail.com" you can send patches from your gmail account without tab destruction. The documentation for sendpatchset is within the script. Grep for 'gmail' in the script to see where to hack in your gmail account and password (low tech configuration ;) -- I won't rest till it's the best ... Programmer, Linux Scalability Paul Jackson <pj@sgi.com> 1.925.600.0401 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix bug: flat binary loader doesn't check fd table full 2006-03-25 4:53 ` Paul Jackson @ 2006-03-25 15:26 ` Luke Yang 2006-03-25 21:06 ` Andrew Morton 0 siblings, 1 reply; 7+ messages in thread From: Luke Yang @ 2006-03-25 15:26 UTC (permalink / raw) To: Paul Jackson; +Cc: Andrew Morton, linux-kernel On 3/25/06, Paul Jackson <pj@sgi.com> wrote: > > > Anyone knows how to avoid "tab to space" converting in gmail? > > > > If I knew, I'd put it in my .signature :( > > If you use sendpatchset: > > http://www.speakeasy.org/~pj99/sgi/sendpatchset > > with the gmail SMTP server "smtp.gmail.com" you can send patches from > your gmail account without tab destruction. > > The documentation for sendpatchset is within the script. Grep for > 'gmail' in the script to see where to hack in your gmail account and > password (low tech configuration ;) Thank you for your help. But my problem is that I can only access 80 and 443 ports behind the company firewall :(. So I guess that doesn't work for me. For now I'll put the patch both in the mail text and as the attachment, so maintainers can use the attached right-formatted patch and other can also reply my patch in the text. Andrew, is it acceptable? Any google guy here? Please, add this feature in gmail... -- Best regards, Luke Yang luke.adi@gmail.com ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix bug: flat binary loader doesn't check fd table full 2006-03-25 15:26 ` Luke Yang @ 2006-03-25 21:06 ` Andrew Morton 0 siblings, 0 replies; 7+ messages in thread From: Andrew Morton @ 2006-03-25 21:06 UTC (permalink / raw) To: Luke Yang; +Cc: pj, linux-kernel "Luke Yang" <luke.adi@gmail.com> wrote: > > On 3/25/06, Paul Jackson <pj@sgi.com> wrote: > > > > Anyone knows how to avoid "tab to space" converting in gmail? > > > > > > If I knew, I'd put it in my .signature :( > > > > If you use sendpatchset: > > > > http://www.speakeasy.org/~pj99/sgi/sendpatchset > > > > with the gmail SMTP server "smtp.gmail.com" you can send patches from > > your gmail account without tab destruction. > > > > The documentation for sendpatchset is within the script. Grep for > > 'gmail' in the script to see where to hack in your gmail account and > > password (low tech configuration ;) > Thank you for your help. But my problem is that I can only access 80 > and 443 ports behind the company firewall :(. So I guess that doesn't > work for me. > > For now I'll put the patch both in the mail text and as the > attachment, so maintainers can use the attached right-formatted patch > and other can also reply my patch in the text. Andrew, is it > acceptable? hm, yes I suppose that's OK. > Any google guy here? Plenty. Seems that half the people I've ever met are now working for google. > Please, add this feature in gmail... I wouldn't call "stop corrupting message bodies" a feature request. Would be nice. ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <5Tsh4-2q0-13@gated-at.bofh.it>]
[parent not found: <5TsTM-3aB-1@gated-at.bofh.it>]
[parent not found: <5Tuj1-5lw-31@gated-at.bofh.it>]
[parent not found: <5Tuj1-5lw-29@gated-at.bofh.it>]
[parent not found: <5U92I-6ki-11@gated-at.bofh.it>]
[parent not found: <5UiSm-3FG-17@gated-at.bofh.it>]
* Re: [PATCH] Fix bug: flat binary loader doesn't check fd table full [not found] ` <5UiSm-3FG-17@gated-at.bofh.it> @ 2006-03-26 11:34 ` Bodo Eggert 0 siblings, 0 replies; 7+ messages in thread From: Bodo Eggert @ 2006-03-26 11:34 UTC (permalink / raw) To: Luke Yang, Andrew Morton, linux-kernel, Paul Jackson Luke Yang <luke.adi@gmail.com> wrote: > On 3/25/06, Paul Jackson <pj@sgi.com> wrote: >> > > Anyone knows how to avoid "tab to space" converting in gmail? >> > >> > If I knew, I'd put it in my .signature :( >> >> If you use sendpatchset: >> >> http://www.speakeasy.org/~pj99/sgi/sendpatchset [...] > Thank you for your help. But my problem is that I can only access 80 > and 443 ports behind the company firewall :(. So I guess that doesn't > work for me. Ask the admin. Most probably he can grant you an account so you can use the internal email server. -- Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF verbreiteten Lügen zu sabotieren. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2006-03-26 11:35 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-23 7:10 [PATCH] Fix bug: flat binary loader doesn't check fd table full Luke Yang
2006-03-23 7:46 ` Andrew Morton
[not found] ` <489ecd0c0603230115h4dd2b16fg54cfd97739a8b339@mail.gmail.com>
2006-03-23 9:17 ` Andrew Morton
2006-03-25 4:53 ` Paul Jackson
2006-03-25 15:26 ` Luke Yang
2006-03-25 21:06 ` Andrew Morton
[not found] <5Tsh4-2q0-13@gated-at.bofh.it>
[not found] ` <5TsTM-3aB-1@gated-at.bofh.it>
[not found] ` <5Tuj1-5lw-31@gated-at.bofh.it>
[not found] ` <5Tuj1-5lw-29@gated-at.bofh.it>
[not found] ` <5U92I-6ki-11@gated-at.bofh.it>
[not found] ` <5UiSm-3FG-17@gated-at.bofh.it>
2006-03-26 11:34 ` Bodo Eggert
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox