leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

execve fixes for v6.1-rc3

Browse Source 
- Fix an ancient signal action copy race. (Bernd Edlinger)
 
 - Fix a memory leak in ELF loader, when under memory pressure. (Li Zetao)
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmNa1xEWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJoLqD/927ZXWxVLQ0GygmNz3xSEZh+5c
 34flrZv4LUDQPw1rNXycWx2D5MQv5MehrpsMvF+11pu/M1EP3e3+R3bngFeFXtBo
 12ov3yEloe6yA8bOPPWEDB1fU8K7C9aODKMcJOoWFCk20g7uQGYS8+GCUGhLxjHs
 mZn5U8OuEGGvn4QuGknIps+Ddca2SHuJ7jBtsw8NVjuvtWcAhlw9PYNbLTJEgBzU
 0zsfK68idMpQHDPvWMmoRcwAXn3kiVzc3wKeR9Zdx9q2NyDIS+OxgynEAc3fM2rf
 ag19+Epn6GUGPMakS/zJNQS0wCA4+pJi60Z+Hlddy0WNUocg55uHd0zY7xcT3s75
 rsPtbTeabOrtzQMf7lSpsn5OUeCDJjc3KcZIlmILaZaVXUZv+jvysRwH7CRdDNNS
 gM2j9nu87I8TbSPXbY79KutvucfKAl88iWxRgFqnzyqzRYLWahwWSKsiVubH7OoU
 kUYdDdPmiZh7XAqTFUsMF4++wyx/PAwU7RdYuxaUvHZd6PT8J92AqIisPwRT9ojL
 oqLpgRoeYX3JY7aDyvBjYan2IKfIPhB0WZF9vCeHVoTXoEy/LVZeWVNoBXyO6ILl
 BYzBAjp5oJRLbJYVtjI4/gkDizdtpAu8YYRYX36TUvBAkFqpGYn9dvySpMGl24uJ
 g3IEqTj/kajeZleHnQ==
 =dHXB
 -----END PGP SIGNATURE-----

Merge tag 'execve-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull execve fixes from Kees Cook:

 - Fix an ancient signal action copy race (Bernd Edlinger)

 - Fix a memory leak in ELF loader, when under memory pressure (Li
   Zetao)

* tag 'execve-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  fs/binfmt_elf: Fix memory leak in load_elf_binary()
  exec: Copy oldsighand->action under spin-lock
This commit is contained in:
Linus Torvalds 2022-10-27 13:16:36 -07:00
commit 7dd257d02e
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fs/binfmt_elf.c
View File

@ -911,7 +911,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
if (!interp_elf_ex) {
retval = -ENOMEM;
goto out_free_ph;
goto out_free_file;
}
/* Get the exec headers */
@ -1354,6 +1354,7 @@ out:
out_free_dentry:
kfree(interp_elf_ex);
kfree(interp_elf_phdata);
out_free_file:
allow_write_access(interpreter);
if (interpreter)
fput(interpreter);

4
fs/exec.c
View File

@ -1197,11 +1197,11 @@ static int unshare_sighand(struct task_struct *me)
return -ENOMEM;
refcount_set(&newsighand->count, 1);
memcpy(newsighand->action, oldsighand->action,
sizeof(newsighand->action));
write_lock_irq(&tasklist_lock);
spin_lock(&oldsighand->siglock);
memcpy(newsighand->action, oldsighand->action,
sizeof(newsighand->action));
rcu_assign_pointer(me->sighand, newsighand);
spin_unlock(&oldsighand->siglock);
write_unlock_irq(&tasklist_lock);