From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77C2FC433E4 for ; Wed, 15 Jul 2020 06:36:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 56FA52068F for ; Wed, 15 Jul 2020 06:36:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ENl0X2Jw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728775AbgGOGgd (ORCPT ); Wed, 15 Jul 2020 02:36:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728170AbgGOGgb (ORCPT ); Wed, 15 Jul 2020 02:36:31 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B982C061755; Tue, 14 Jul 2020 23:36:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=STmyOs89LxpHb0F5OSNudUiRFW9c2EcqkeFgYnLnB1A=; b=ENl0X2JwlMxf23fbyDEM8eNMYl Vk2BFPtR9vmA8sWddmuCAh/dj5rGn9JNsJMBuePy5Jq/lOv9bVylQ6Dq2oZmcJmB0SnBvnsD0AfOk 0SSABCGaK8C0cnVVm+TldlGJ6+Bf9WU83lrUF3lnZ0BT+uHQoRG5Xb/0X2PflbRBTo2PKs2Rycd8I /v0ECpj4mYRV994DI6S5LWNETsQGCij1SZ53AedFAD9LOQtMdjwxFobBX3D8OuuheiwYXY/TTSVMK 18Lc0Mzaz4fbO63clZiaHN8Q3yTHROV94rMOMjic5FYBMF80UyodcWHrmGudf3d6WYxJd3OCtWbek JIJNhETQ==; Received: from hch by casper.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1jvb1p-0000vA-Id; Wed, 15 Jul 2020 06:36:29 +0000 Date: Wed, 15 Jul 2020 07:36:29 +0100 From: Christoph Hellwig To: "Eric W. Biederman" Cc: linux-kernel@vger.kernel.org, Linus Torvalds , Kees Cook , Andy Lutomirski , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Al Viro , Luis Chamberlain , linux-fsdevel@vger.kernel.org, Tetsuo Handa , linux-security-module@vger.kernel.org, "Serge E. Hallyn" , James Morris , Kentaro Takeda , Casey Schaufler , John Johansen , Christoph Hellwig Subject: Re: [PATCH 5/7] exec: Factor bprm_execve out of do_execve_common Message-ID: <20200715063629.GE32470@infradead.org> References: <871rle8bw2.fsf@x220.int.ebiederm.org> <878sfm6x6x.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <878sfm6x6x.fsf@x220.int.ebiederm.org> X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 14, 2020 at 08:30:30AM -0500, Eric W. Biederman wrote: > > Currently it is necessary for the usermode helper code and the code > that launches init to use set_fs so that pages coming from the kernel > look like they are coming from userspace. > > To allow that usage of set_fs to be removed cleanly the argument > copying from userspace needs to happen earlier. Factor bprm_execve > out of do_execve_common to separate out the copying of arguments > to the newe stack, and the rest of exec. > > In separating bprm_execve from do_execve_common the copying > of the arguments onto the new stack happens earlier. > > As the copying of the arguments does not depend any security hooks, > files, the file table, current->in_execve, current->fs->in_exec, > bprm->unsafe, or creds this is safe. > > Likewise the security hook security_creds_for_exec does not depend upon > preventing the argument copying from happening. > > In addition to making it possible to implement kernel_execve that > performs the copying differently, this separation of bprm_execve from > do_execve_common makes for a nice separation of responsibilities making > the exec code easier to navigate. > > Signed-off-by: "Eric W. Biederman" > --- > fs/exec.c | 108 +++++++++++++++++++++++++++++------------------------- > 1 file changed, 58 insertions(+), 50 deletions(-) > > diff --git a/fs/exec.c b/fs/exec.c > index afb168bf5e23..50508892fa71 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1856,44 +1856,16 @@ static int exec_binprm(struct linux_binprm *bprm) > /* > * sys_execve() executes a new program. > */ > -static int do_execveat_common(int fd, struct filename *filename, > - struct user_arg_ptr argv, > - struct user_arg_ptr envp, > - int flags) > +static int bprm_execve(struct linux_binprm *bprm, > + int fd, struct filename *filename, int flags) int fd easily fits onto the previous line. Otherwise looks good: Reviewed-by: Christoph Hellwig