of the bugs I have tried to make more apparent but left
in tact when moving the code into bprm_fill_uid.
Ref: ee67ae7ef6ff ("commoncap: Move cap_elevated calculation into
bprm_set_creds")
Fixes: 58319057b784 ("capabilities: ambient capabilities")
Signed-off-by: "Eric W. B
potential to make a gid change or if the
trancer needs permissions in addition to the permissions needed to
trace the process to trace the process through a gid change.
Fixes: v2.1.100
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
di
of the bugs I have tried to make more apparent but left
in tact when moving the code into bprm_fill_uid.
Ref: ee67ae7ef6ff ("commoncap: Move cap_elevated calculation into
bprm_set_creds")
Fixes: 58319057b784 ("capabilities: ambient capabilities")
Signed-off-by: "Eric W. B
ties, and add a small comment
about what cap_bprm_creds_from_file does.
Signed-off-by: "Eric W. Biederman"
---
fs/binfmt_misc.c | 2 +-
fs/exec.c | 65 +--
include/linux/binfmts.h | 12 ++-
include/linux/lsm_hoo
ATCH] NX: clean up legacy binary support")
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 7 ---
include/linux/binfmts.h | 3 +++
include/linux/lsm_hooks.h | 2 +-
security/commoncap.c | 2 +-
4 files changed, 9 insertions(+), 5 deletions(-)
diff --git
The bprm->per_clear field only takes the values 0 and
PER_CLEAR_ON_SETID. Reduce the field to a signle bit to make it clear
that the only question is should the dangerous personality bits be
cleared or not.
Update the documentation of the security lsm hooks.
Signed-off-by: "Eric W. B
be changed when ptraced, instead of attempting to
rollback the credential change.
Folks please give this code a review and let me know if you see
anything.
Eric W. Biederman (11):
exec: Reduce bprm->per_clear to a single bit
exec: Introduce active_per_clear the per file versio
Arnd Bergmann writes:
> The change to bprm->have_execfd was incomplete, leading
> to a build failure:
>
> fs/binfmt_elf_fdpic.c: In function 'create_elf_fdpic_tables':
> fs/binfmt_elf_fdpic.c:591:27: error: 'BINPRM_FLAGS_EXECFD' undeclared
>
> Change the last user of BINPRM_FLAGS_EXECFD in a corr
Alexey Dobriyan writes:
> On Wed, May 27, 2020 at 09:41:53AM -0500, Eric W. Biederman wrote:
>> Kaitao Cheng writes:
>>
>> > we don't need {len = PTR_ERR(pathname)} when IS_ERR(pathname) is false,
>> > it's better to move it into if(IS_ERR(pathname)){
Kaitao Cheng writes:
> we don't need {len = PTR_ERR(pathname)} when IS_ERR(pathname) is false,
> it's better to move it into if(IS_ERR(pathname)){}.
Please look at the generated code.
I believe you will find that your change will generate worse assembly.
Eric
> Signed-off-by: Kaitao Cheng
>
Linus Torvalds writes:
> On Tue, May 26, 2020 at 11:42 AM Eric W. Biederman
> wrote:
>>
>> While working on my exec cleanups I found a bug in exec that winds
>> up miscomputing the ambient credentials during exec. Andy appears
>> as to credentials are comput
Which is fixed with this trivial change.
Eric
From: "Eric W. Biederman"
Date: Mon, 25 May 2020 12:56:15 -0500
Subject: [PATCH] exec: Always set cap_ambient in cap_bprm_set_creds
An invariant of cap_bprm_set_creds is that every field in the new cred
structure that cap_bprm_set_creds m
Adrian Reber writes:
> On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
>> What are the other blockers? Are you going to suggest additional new
>> capabilities to clear them?
>
> As mentioned somewhere else access to /proc//map_files/ would be
> helpful. Right now I am testing wi
Rob Landley writes:
> On 5/21/20 10:28 PM, Eric W. Biederman wrote:
>>
>> Rob Landley writes:
>>
>>> On 5/20/20 11:05 AM, Eric W. Biederman wrote:
>>
>>>> The file descriptor is stored in mm->exe_file.
>>>> Probably the
Rob Landley writes:
> On 5/20/20 11:05 AM, Eric W. Biederman wrote:
> Toybox would _like_ proc mounted, but can't assume it. I'm writing a new
> bash-compatible shell with nommu support, which means in order to do subshell
> and background tasks if (!CONFIG_FORK) I need
Kees Cook writes:
> On Wed, May 20, 2020 at 05:12:10PM -0500, Eric W. Biederman wrote:
>>
>> I have pushed this out to:
>>
>> git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git
>> exec-next
>>
>> I have collected up the
Acked-by: Linus Torvalds
+Reviewed-by: Kees Cook
Signed-off-by: "Eric W. Biederman"
## kernel/cred.c ##
2: d3b3594be22f ! 2: b8bff599261c exec: Factor security_bprm_creds_for_exec
out of security_bprm_set_creds
@@ Commit message
A
Kees Cook writes:
> While working on commit b5372fe5dc84 ("exec: load_script: Do not exec
> truncated interpreter path"), I wrote a series of test scripts to verify
> corner cases. However, soon after, commit 6eb3c3d0a52d ("exec: increase
> BINPRM_BUF_SIZE to 256") landed, resulting in the tests
Kees Cook writes:
> On Tue, May 19, 2020 at 02:03:23PM -0500, Eric W. Biederman wrote:
>> Kees Cook writes:
>>
>> > On Mon, May 18, 2020 at 07:31:14PM -0500, Eric W. Biederman wrote:
>> >> [...]
>> >> diff --git a/include/linux/binfmts.h b/
Rob Landley writes:
> On 5/18/20 7:33 PM, Eric W. Biederman wrote:
>>
>> Most of the support for passing the file descriptor of an executable
>> to an interpreter already lives in the generic code and in binfmt_elf.
>> Rework the fields in binfmt_elf that deal with ex
Kees Cook writes:
> On Mon, May 18, 2020 at 07:29:00PM -0500, Eric W. Biederman wrote:
>> arch/alpha/kernel/binfmt_loader.c | 11 +
>> fs/binfmt_elf.c| 4 +-
>> fs/binfmt_elf_fdpic.c | 4 +-
>> fs/binfmt_em86.c
James Morris writes:
> On Mon, 18 May 2020, Eric W. Biederman wrote:
>
>> diff --git a/fs/exec.c b/fs/exec.c
>> index 9e70da47f8d9..8e3b93d51d31 100644
>> --- a/fs/exec.c
>> +++ b/fs/exec.c
>> @@ -1366,7 +1366,7 @@ int begin_new_exec(struct linux_binprm *
Linus Torvalds writes:
> On Tue, May 19, 2020 at 12:46 PM Kees Cook wrote:
>>
>> Though frankly, I wonder if interp_flags could just be removed in favor
>> of two new bit members, especially since interp_data is gone:
>
> Yeah, I think that might be a good cleanup - but please keep it as a
> sep
Kees Cook writes:
> On Mon, May 18, 2020 at 07:33:21PM -0500, Eric W. Biederman wrote:
>>
>> When replacing loops with next_non_spacetab and next_terminator care
>> has been take that the logic of the parsing code (short of replacing
>> characters by '\0')
Kees Cook writes:
> On Mon, May 18, 2020 at 07:31:51PM -0500, Eric W. Biederman wrote:
>>
>> Add a flag preserve_creds that binfmt_misc can set to prevent
>> credentials from being updated. This allows binfmt_misc to always
>> call prepare_binfmt. Allowing the cred
Kees Cook writes:
> On Mon, May 18, 2020 at 07:31:14PM -0500, Eric W. Biederman wrote:
>>
>> Rename bprm->cap_elevated to bprm->active_secureexec and initialize it
>> in prepare_binprm instead of in cap_bprm_set_creds. Initializing
>> bprm->active_secureex
Linus Torvalds writes:
> On Tue, May 19, 2020 at 11:03 AM Kees Cook wrote:
>>
>> One question, though: why add this, since the repeat calling of the caps
>> LSM hook will do this?
>
> I assume it's for the "preserve_creds" case where we don't even end up
> setting creds at all.
>
> Yeah, at some
Kees Cook writes:
> On Tue, May 19, 2020 at 12:41:27PM -0500, Eric W. Biederman wrote:
>> Kees Cook writes:
>> > and given the LSM hooks, I think the noexec check is too late as well.
>> > (This is especially true for the coming O_MAYEXEC series, which will
>&
Kees Cook writes:
> On Tue, May 19, 2020 at 10:06:32AM -0500, Eric W. Biederman wrote:
>> Kees Cook writes:
>>
>> > Hi,
>> >
>> > While looking at the code paths for the proposed O_MAYEXEC flag, I saw
>> > some things that looked like they sh
Kees Cook writes:
> Hi,
>
> While looking at the code paths for the proposed O_MAYEXEC flag, I saw
> some things that looked like they should be fixed up.
>
> exec: Change uselib(2) IS_SREG() failure to EACCES
> This just regularizes the return code on uselib(2).
>
> exec: Relocate S_IS
Christian Brauner writes:
> On Tue, May 19, 2020 at 07:28:46AM -0500, Eric W. Biederman wrote:
>> Andreas Schwab writes:
>>
>> > On Mai 19 2020, Eric W. Biederman wrote:
>> >
>> >> I am wondering if there are source trees for libc4 or libc5 around
Andreas Schwab writes:
> On Mai 19 2020, Eric W. Biederman wrote:
>
>> I am wondering if there are source trees for libc4 or libc5 around
>> anywhere that we can look at to see how usage of uselib evolved.
>
> libc5 is available from archive.debian.org.
>
> ht
Andreas Schwab writes:
> On Mai 18 2020, Eric W. Biederman wrote:
>
>> If it was only libc4 and libc5 that used the uselib system call then it
>> can probably be removed after enough time.
>
> Only libc4 used it, libc5 was already ELF.
binfmt_elf.c supports uselib. In a
to see if
bprm->executable is being reassigned.
In search_binary_handler remove the test for !bprm->file. With all
reassignments of bprm->file moved to exec_binprm bprm->file can never
be NULL in search_binary_handler.
Signed-off-by: "Eric W. Biederman"
---
arch/
his case exists and that no nesting of bprm->file is
currently supported.
In binfmt_misc the movement of fd_install into generic code means
that it's special error exit path is no longer needed.
Signed-off-by: "Eric W. Biederman"
---
fs/binfmt_elf.c | 4 ++--
fs
take that the logic of the parsing code (short of replacing
characters by '\0') remains the same.
Signed-off-by: "Eric W. Biederman"
---
fs/binfmt_script.c | 80 ++
1 file changed, 38 insertions(+), 42 deletions(-)
diff --git a/fs/b
)
Signed-off-by: "Eric W. Biederman"
---
fs/binfmt_misc.c| 15 +++
fs/exec.c | 19 ---
include/linux/binfmts.h | 2 ++
3 files changed, 17 insertions(+), 19 deletions(-)
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index cdb45829
The code in prepare_binary_handler needs to be run every time
search_binary_handler is called so move the call into search_binary_handler
itself to make the code simpler and easier to understand.
Signed-off-by: "Eric W. Biederman"
---
arch/alpha/kernel/binfmt_loader.c | 3 ---
fs/b
alizing
bprm->active_secureexec.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 8
include/linux/binfmts.h | 4 ++--
include/linux/lsm_hook_defs.h | 2 +-
include/linux/lsm_hooks.h | 4 ++--
include/linux/security.h | 8
security
nge of domains.
Signed-off-by: "Eric W. Biederman"
---
kernel/cred.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/cred.c b/kernel/cred.c
index 71a792616917..421b1149c651 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -315,6 +315,9 @@ struct cred *prepare_ex
o reflect this change.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 6 +++-
include/linux/binfmts.h| 18 +++
include/linux/lsm_hook_defs.h | 1 +
include/linux/lsm_hooks.h | 50 +-
that the search_binary_handler loop
could not continue. So I added a change to remove that naughtiness.
Eric W. Biederman (8):
exec: Teach prepare_exec_creds how exec treats uids & gids
exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
e
Christian Brauner writes:
> On Mon, May 18, 2020 at 04:43:20PM +0200, Jann Horn wrote:
>> On Mon, May 18, 2020 at 3:03 PM Christian Brauner
>> wrote:
>> > Also - gulp (puts on flame proof suit) - may I suggest we check if there
>> > are any distros out there that still set CONFIG_USELIB=y
>>
>>
Sargun Dhillon writes:
> This includes the thread group leader ID in the seccomp_notif. This is
> immediately useful for opening up a pidfd for the group leader, as
> pidfds only work on group leaders.
The code looks fine (except for the name of the test), but can you
please talk and think about
Alexey Gladkov writes:
> On Mon, May 18, 2020 at 07:08:57AM -0500, Eric W. Biederman wrote:
>> Alexey Gladkov writes:
>>
>> > The proc_pid_ns() can be used for both inode and dentry. To avoid making
>> > two identical functions, change the argument type of
Alexey Gladkov writes:
> The proc_pid_ns() can be used for both inode and dentry. To avoid making
> two identical functions, change the argument type of the proc_pid_ns().
>
> Link:
> https://lore.kernel.org/lkml/c3461e26-1407-2262-c709-dac0df3da...@i-love.sakura.ne.jp/
> Reported-by: syzbot+c1a
l bprm->file. I have been careful and
tested and verify this fix works.
Eric
---
>From f87d1c9559164294040e58f5e3b74a162bf7c6e8 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman"
Date: Sat, 16 May 2020 16:29:20 -0500
Subject: [PATCH] exec: Move would_dump into flush_old_exec
I
Al Viro writes:
> On Sat, May 16, 2020 at 12:36:28AM +0900, Tetsuo Handa wrote:
>> On 2020/05/16 0:18, Tetsuo Handa wrote:
>> > This is
>> >
>> > if (sb->s_magic == PROC_SUPER_MAGIC && *pos == '/') {
>> > char *ep;
>> > const pid_t pid = (pid_t) simple_str
Tetsuo Handa writes:
> This is
>
> if (sb->s_magic == PROC_SUPER_MAGIC && *pos == '/') {
> char *ep;
> const pid_t pid = (pid_t) simple_strtoul(pos + 1, &ep, 10);
> struct pid_namespace *proc_pidns =
> proc_pid_ns(d_inode(dentry)); // <= he
Casey Schaufler writes:
> On 5/14/2020 7:56 AM, Eric W. Biederman wrote:
>> Kees Cook writes:
>>
>>> On Tue, May 12, 2020 at 04:47:14PM -0700, Kees Cook wrote:
>>>> And now I wonder if qemu actually uses the resulting AT_EXECFD ...
>>> It does, thoug
Linus Torvalds writes:
> On Tue, May 12, 2020 at 11:46 AM Eric W. Biederman
> wrote:
>>
>> I am still thinking about this one, but here is where I am at. At a
>> practical level passing the file descriptor of the script to interpreter
>> seems like something w
Kees Cook writes:
> On Tue, May 12, 2020 at 04:47:14PM -0700, Kees Cook wrote:
>> And now I wonder if qemu actually uses the resulting AT_EXECFD ...
>
> It does, though I'm not sure if this is to support crossing mount points,
> dropping privileges, or something else, since it does fall back to j
Rob Landley writes:
> On 5/11/20 9:33 AM, Eric W. Biederman wrote:
>> What I do see is that interp_data is just a parameter that is smuggled
>> into the call of search binary handler. And the next binary handler
>> needs to be binfmt_elf for it to make much sense, as on
Luis Chamberlain writes:
> Certain symbols are not meant to be used by everybody, the security
> helpers for reading files directly is one such case. Use a symbol
> namespace for them.
>
> This will prevent abuse of use of these symbols in places they were
> not inteded to be used, and provides a
Luis Chamberlain writes:
> On Wed, May 13, 2020 at 08:42:30AM -0500, Eric W. Biederman wrote:
>> Luis Chamberlain writes:
>>
>> > On Tue, May 12, 2020 at 12:40:55PM -0500, Eric W. Biederman wrote:
>> >> Luis Chamberlain writes:
>> >>
>>
Luis Chamberlain writes:
> On Tue, May 12, 2020 at 12:40:55PM -0500, Eric W. Biederman wrote:
>> Luis Chamberlain writes:
>>
>> > On Tue, May 12, 2020 at 06:52:35AM -0500, Eric W. Biederman wrote:
>> >> Luis Chamberlain writes:
>> >>
Kees Cook writes:
> On Tue, May 12, 2020 at 01:42:53PM -0500, Eric W. Biederman wrote:
>> Kees Cook writes:
>> > Should binfmt_misc do the install, or can the consuming binfmt do it?
>> > i.e. when binfmt_elf sees bprm->execfd, does it perform the install
&
Kees Cook writes:
> On Mon, May 11, 2020 at 09:33:21AM -0500, Eric W. Biederman wrote:
>> Linus Torvalds writes:
>>
>> > On Sat, May 9, 2020 at 9:30 PM Tetsuo Handa
>> > wrote:
>> >>
>> >> Wouldn't this change cause
>>
Luis Chamberlain writes:
> On Tue, May 12, 2020 at 06:52:35AM -0500, Eric W. Biederman wrote:
>> Luis Chamberlain writes:
>>
>> > +static struct ctl_table fs_base_table[] = {
>> > + {
>> > + .procname = "fs",
>> &
Luis Chamberlain writes:
> On Mon, May 11, 2020 at 09:55:16AM +0800, Xiaoming Ni wrote:
>> On 2020/5/11 9:11, Stephen Rothwell wrote:
>> > Hi all,
>> >
>> > Today's linux-next merge of the vfs tree got a conflict in:
>> >
>> >kernel/sysctl.c
>> >
>> > between commit:
>> >
>> >b6522fa4
Kees Cook writes:
> On Sat, May 09, 2020 at 02:41:17PM -0500, Eric W. Biederman wrote:
>>
>> Now that security_bprm_set_creds is no longer responsible for calling
>> cap_bprm_set_creds, security_bprm_set_creds only does something for
>> the primary file that
Linus Torvalds writes:
> On Sat, May 9, 2020 at 9:30 PM Tetsuo Handa
> wrote:
>>
>> Wouldn't this change cause
>>
>> if (fd_binary > 0)
>> ksys_close(fd_binary);
>> bprm->interp_flags = 0;
>> bprm->interp_data = 0;
>>
>> not to be called when "Search for t
Linus Torvalds writes:
> On Sat, May 9, 2020 at 12:44 PM Eric W. Biederman
> wrote:
>>
>> Now that security_bprm_set_creds is no longer responsible for calling
>> cap_bprm_set_creds, security_bprm_set_creds only does something for
>> the primary file t
Linus Torvalds writes:
> On Fri, May 8, 2020 at 11:48 AM Eric W. Biederman
> wrote:
>>
>>
>> Oleg modified the code that did
>> "mutex_lock_interruptible(¤t->cred_guard_mutex)" to return
>> -ERESTARTNOINTR instead of -EINTR, so that usersp
The code in prepare_binary_handler needs to be run every time
search_binary_handler is called so move the call into search_binary_handler
itself to make the code simpler and easier to understand.
Signed-off-by: "Eric W. Biederman"
---
arch/alpha/kernel/binfmt_loader.c | 3 ---
fs/b
ter's
credentials")
Signed-off-by: "Eric W. Biederman"
---
fs/binfmt_misc.c| 15 +++
fs/exec.c | 14 +-
include/linux/binfmts.h | 2 ++
3 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/fs/binfmt_misc.c b/fs/binfmt_
-off-by: "Eric W. Biederman"
---
arch/alpha/kernel/binfmt_loader.c | 2 +-
fs/binfmt_em86.c | 2 +-
fs/binfmt_misc.c | 5 +
fs/binfmt_script.c| 2 +-
fs/exec.c | 20 +---
include/linux
prepare_binprm so that it is only called once, and
remove the now unnecessary called_set_creds field of struct binprm.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 11 +--
include/linux/binfmts.h| 6 --
security/apparmor/domain.c | 3 ---
securi
script.
The function cap_bprm_set_creds is also special in that it is called
even when CONFIG_SECURITY is unset.
So calling cap_bprm_set_creds separately to make these two cases explicit,
and allow future changes to take advantages of these differences
to simplify the code.
Signed-off-by: "E
in my changes is cap_bprm_set_creds propbably
needs a new name as I have taken it out of security_bprm_set_creds
but my imagination failed to come up with anything better.
Eric W. Biederman (5):
exec: Call cap_bprm_set_creds directly from prepare_binprm
exec: Directly call
Kees Cook writes:
> $ git grep exec_mm_release
> fs/exec.c: exec_mm_release(tsk, old_mm);
> include/linux/sched/mm.h:extern void exec_mm_release(struct task_struct *,
> struct mm_struct *);
> kernel/fork.c:void exec_mm_release(struct task_struct *tsk, struct mm_struct
> *mm)
>
> kernel/for
Kees Cook writes:
> On Fri, May 08, 2020 at 01:47:10PM -0500, Eric W. Biederman wrote:
>>
>> Move the handing of the point of no return from search_binary_handler
>> into __do_execve_file so that it is easier to find, and to keep
>> things robust in the face of change
nding fatal signal pending past
the point of no return. Further the only error returns from de_thread
and exec_mmap that can occur result in fatal signals being pending.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-
documenting
what the code is doing where it forces SIGSEGV if the
code is past the point of no return.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 15682a1dfee9..443eb960f
Like exec_mm_release sync_mm_rss is about flushing out the state of
the old_mm, which does not need to happen under exec_update_mutex.
Make this explicit by moving sync_mm_rss outside of exec_update_mutex.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 3 ++-
1 file changed, 2
ut it does it a little more cleanly.
Switch the code to mutex_lock_killable so that it is clearer what the
code is doing.
Ref: ad776537cc6b ("Add mutex_lock_killable")
Ref: 793285fcafce ("cred_guard_mutex: do not return -EINTR to user-space")
Signed-off-by: "Eric W
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/exec.c b/fs/exec.c
index d4387bc92292..82106241ed53 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1296,7 +1296,7 @@ void __set_task_comm(struct task_struct *tsk,
The comment describes work that now happens in unshare_sighand so
move the comment where it makes sense.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 3cc40048cc65..d4
k there is anything controversial in there but if you see
something please let me know.
Eric W. Biederman (6):
exec: Move the comment from above de_thread to above unshare_sighand
exec: Fix spelling of search_binary_handler in a comment
exec: Stop open coding mutex_lock_k
Kees Cook writes:
> On Tue, May 05, 2020 at 02:45:33PM -0500, Eric W. Biederman wrote:
>>
>> The current idiom for the callers is:
>>
>> flush_old_exec(bprm);
>> set_personality(...);
>> setup_new_exec(bprm);
>>
>> In 2010 Linus split flush
Kees Cook writes:
> On Wed, May 06, 2020 at 09:57:10AM -0500, Eric W. Biederman wrote:
>> Kees Cook writes:
>>
>> > On Tue, May 05, 2020 at 02:45:33PM -0500, Eric W. Biederman wrote:
>> >>
>> >> The current idiom for the callers is:
>>
Christoph Hellwig writes:
> On Tue, May 05, 2020 at 03:28:50PM -0500, Eric W. Biederman wrote:
>> We probably can. After introducing a kernel_compat_siginfo that is
>> the size that userspace actually would need.
>>
>> It isn't something I want to mess with u
Kees Cook writes:
> On Tue, May 05, 2020 at 02:45:33PM -0500, Eric W. Biederman wrote:
>>
>> The current idiom for the callers is:
>>
>> flush_old_exec(bprm);
>> set_personality(...);
>> setup_new_exec(bprm);
>>
>> In 2010 Linus split flush
Greg Ungerer writes:
> One small nit:
Good point.
> On 6/5/20 5:41 am, Eric W. Biederman wrote:
>> In 2016 Linus moved install_exec_creds immediately after
>> setup_new_exec, in binfmt_elf as a cleanup and as part of closing a
>> potential information leak.
>>
&
Linus Torvalds writes:
> On Tue, May 5, 2020 at 3:13 AM Christoph Hellwig wrote:
>>
>> this series gets rid of playing with the address limit in the exec and
>> coredump code. Most of this was fairly trivial, the biggest changes are
>> those to the spufs coredump code.
>
> Ack, nice, and looks
more accurately reflect
what this function does.
Signed-off-by: "Eric W. Biederman"
---
Documentation/trace/ftrace.rst | 2 +-
arch/x86/ia32/ia32_aout.c | 2 +-
fs/binfmt_aout.c | 2 +-
fs/binfmt_elf.c| 2 +-
fs/binfmt_elf_fdpic.c | 2 +-
fs/bin
code that doesn't depend upon the personality from
setup_new_exec into flush_old_exec. This is to facilitate future
changes by having as much code together in one function as possible.
Ref: 221af7f87b97 ("Split 'flush_old_exec' into two functions")
Signed-off-by: "Eric
and shorter assembly.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 93e40f865523..8c3abafb9bb1 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1391,6 +1391,7 @@ EXP
The two functions are now always called one right after the
other so merge them together to make future maintenance easier.
Signed-off-by: "Eric W. Biederman"
---
arch/x86/ia32/ia32_aout.c | 1 -
fs/binfmt_aout.c | 1 -
fs/binfmt_elf.c | 1 -
fs/binfmt_e
Update the comments and make the code easier to understand by
renaming this flag.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 12 ++--
include/linux/binfmts.h | 6 +++---
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/fs/exec.c b/fs/ex
from free_bprm.
Signed-off-by: "Eric W. Biederman"
---
fs/exec.c | 6 +++---
include/linux/binfmts.h | 3 +--
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 06b4c550af5d..6bd82a007bfc 100644
--- a/fs/exec.c
+++ b/fs/exec.c
reason about and easier to maintain.
The binfmt_flagt bits were tested by Greg Ungerer
Ref: 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm")
Signed-off-by: "Eric W. Biederman"
---
arch/x86/ia32/ia32_aout.c | 3 +--
fs/binfmt_aout.c | 2 +-
f
:
begin_new_exec();
/* set the personality */
setup_new_exec();
The intent is to make the code easier to follow and easier to change.
Eric W. Biederman (7):
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
exec: Make unlocking exec_update_mutex explict
Hari Bathini writes:
> On 05/05/20 3:29 am, Eric W. Biederman wrote:
>>
>> Recently a patch was proposed to kimage_alloc_page to slightly alter
>> the logic of how pages allocated with incompatible flags were
>> detected. The logic was being altered because t
, and handling of pages with different
gfp flags has been removed.
Signed-off-by: "Eric W. Biederman"
---
I have not done more than compile test this but I think this will remove
that tricky case in the kexec highmem support.
Any comments? Does anyone have a 32bit highmem system where the
Christian Brauner writes:
> On Mon, May 04, 2020 at 11:25:07AM -0500, Eric W. Biederman wrote:
>>
>> I am not thrilled about treating nstype as a flags fields when it is not
>> currently. It was my hope when I designed the interface that not
>> treating nstype as
I am not thrilled about treating nstype as a flags fields when it is not
currently. It was my hope when I designed the interface that not
treating nstype as a flags field would save us from the problem of bits
running out.
That aside. It would be very good if the default version of setting
eve
don't verify the kind of file descriptor
passed.
Quite frankly doing nstype & CLONE_XYZ is wrong. It always
needs to be nstype == CLONE_XYZ.
Maybe we change that in a later patch but here where you are just
upgrading the infrastructure semantics changes are not ok.
Eric
> Cc: Eric W.
I have added in the kexec mailling list.
Looking at the patch we are discussing it appears that the kexec code
could be doing much better in highmem situations today but is not.
Joonsoo Kim writes:
> 2020년 5월 1일 (금) 오후 11:06, Eric W. Biederman 님이 작성:
>>
>> js1...@g
Christian Brauner writes:
> On Sat, May 02, 2020 at 07:35:53AM -0500, Eric W. Biederman wrote:
>> Christian Brauner writes:
>>
>> > On Thu, Apr 30, 2020 at 01:09:30PM -0500, Eric W. Biederman wrote:
>> >> Christian Brauner writes:
>> >>
>&
401 - 500 of 4581 matches
Mail list logo