linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Fix error handling in begin_new_exec
@ 2021-06-06 10:41 Bernd Edlinger
  2021-06-06 19:34 ` Eric W. Biederman
  2024-01-15 19:22 ` [PATCH v2] " Bernd Edlinger
  0 siblings, 2 replies; 6+ messages in thread
From: Bernd Edlinger @ 2021-06-06 10:41 UTC (permalink / raw)
  To: Alexander Viro, Kees Cook, Eric W. Biederman, linux-fsdevel,
	linux-kernel

If get_unused_fd_flags() fails, the error handling is incomplete
because bprm->cred is already set to NULL, and therefore
free_bprm will not unlock the cred_guard_mutex.
Note there are two error conditions which end up here,
one before and one after bprm->cred is cleared.

Fixes: b8a61c9e7b4 ("exec: Generic execfd support")

Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
---
 fs/exec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/exec.c b/fs/exec.c
index 18594f1..d8af85f 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1396,6 +1396,9 @@ int begin_new_exec(struct linux_binprm * bprm)
 
 out_unlock:
 	up_write(&me->signal->exec_update_lock);
+	if (!bprm->cred)
+		mutex_unlock(&me->signal->cred_guard_mutex);
+
 out:
 	return retval;
 }
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] Fix error handling in begin_new_exec
  2021-06-06 10:41 [PATCH] Fix error handling in begin_new_exec Bernd Edlinger
@ 2021-06-06 19:34 ` Eric W. Biederman
  2023-10-30  5:50   ` Bernd Edlinger
  2024-01-15 19:22 ` [PATCH v2] " Bernd Edlinger
  1 sibling, 1 reply; 6+ messages in thread
From: Eric W. Biederman @ 2021-06-06 19:34 UTC (permalink / raw)
  To: Bernd Edlinger; +Cc: Alexander Viro, Kees Cook, linux-fsdevel, linux-kernel

Bernd Edlinger <bernd.edlinger@hotmail.de> writes:

> If get_unused_fd_flags() fails, the error handling is incomplete
> because bprm->cred is already set to NULL, and therefore
> free_bprm will not unlock the cred_guard_mutex.
> Note there are two error conditions which end up here,
> one before and one after bprm->cred is cleared.

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>

Yuck.  I wonder if there is a less error prone idiom we could be using
here than testing bprm->cred in free_bprm.  Especially as this lock is
expected to stay held through setup_new_exec.

Something feels too clever here.

> Fixes: b8a61c9e7b4 ("exec: Generic execfd support")
>
> Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
> ---
>  fs/exec.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index 18594f1..d8af85f 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1396,6 +1396,9 @@ int begin_new_exec(struct linux_binprm * bprm)
>  
>  out_unlock:
>  	up_write(&me->signal->exec_update_lock);
> +	if (!bprm->cred)
> +		mutex_unlock(&me->signal->cred_guard_mutex);
> +
>  out:
>  	return retval;
>  }

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] Fix error handling in begin_new_exec
  2021-06-06 19:34 ` Eric W. Biederman
@ 2023-10-30  5:50   ` Bernd Edlinger
  0 siblings, 0 replies; 6+ messages in thread
From: Bernd Edlinger @ 2023-10-30  5:50 UTC (permalink / raw)
  To: Eric W. Biederman
  Cc: Alexander Viro, Kees Cook, linux-fsdevel, linux-kernel,
	Christian Brauner, linux-mm

Ping...

On 6/6/21 21:34, Eric W. Biederman wrote:
> Bernd Edlinger <bernd.edlinger@hotmail.de> writes:
> 
>> If get_unused_fd_flags() fails, the error handling is incomplete
>> because bprm->cred is already set to NULL, and therefore
>> free_bprm will not unlock the cred_guard_mutex.
>> Note there are two error conditions which end up here,
>> one before and one after bprm->cred is cleared.
> 
> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Yuck.  I wonder if there is a less error prone idiom we could be using
> here than testing bprm->cred in free_bprm.  Especially as this lock is
> expected to stay held through setup_new_exec.
> 
> Something feels too clever here.
> 
>> Fixes: b8a61c9e7b4 ("exec: Generic execfd support")

Note, ./scripts/checkpatch.pl complains about the too
short commit hash here, I overlooked that previously: 
WARNING: Please use correct Fixes: style 'Fixes: <12 chars of sha1> ("<title line>")'
 - ie: 'Fixes: b8a61c9e7b4a ("exec: Generic execfd support")'

Could you please fix that before merging,
the correct Fixes reference would be:
Fixes: b8a61c9e7b4a ("exec: Generic execfd support")


Thanks
Bernd.

>>
>> Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
>> ---
>>  fs/exec.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/fs/exec.c b/fs/exec.c
>> index 18594f1..d8af85f 100644
>> --- a/fs/exec.c
>> +++ b/fs/exec.c
>> @@ -1396,6 +1396,9 @@ int begin_new_exec(struct linux_binprm * bprm)
>>  
>>  out_unlock:
>>  	up_write(&me->signal->exec_update_lock);
>> +	if (!bprm->cred)
>> +		mutex_unlock(&me->signal->cred_guard_mutex);
>> +
>>  out:
>>  	return retval;
>>  }

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH v2] Fix error handling in begin_new_exec
  2021-06-06 10:41 [PATCH] Fix error handling in begin_new_exec Bernd Edlinger
  2021-06-06 19:34 ` Eric W. Biederman
@ 2024-01-15 19:22 ` Bernd Edlinger
  2024-01-22 18:34   ` [PATCH v3] " Bernd Edlinger
  1 sibling, 1 reply; 6+ messages in thread
From: Bernd Edlinger @ 2024-01-15 19:22 UTC (permalink / raw)
  To: Alexander Viro, Christian Brauner, Kees Cook, Eric W. Biederman,
	linux-fsdevel, linux-mm, linux-kernel, Andrew Morton

If get_unused_fd_flags() fails, the error handling is incomplete
because bprm->cred is already set to NULL, and therefore
free_bprm will not unlock the cred_guard_mutex.
Note there are two error conditions which end up here,
one before and one after bprm->cred is cleared.

Fixes: b8a61c9e7b4a ("exec: Generic execfd support")

Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 fs/exec.c | 3 +++
 1 file changed, 3 insertions(+)

v2: rebased to v6.7, retested and updated the commit message
to fix a checkpatch.pl style nit about the too short sha1 hash
in the Fixes: statement.
And retained Eric's Acked-by from:
https://lore.kernel.org/lkml/87mts2kcrm.fsf@disp2133/


Thanks
Bernd.

diff --git a/fs/exec.c b/fs/exec.c
index 4aa19b24f281..6d9ed2d765ef 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1408,6 +1408,9 @@ int begin_new_exec(struct linux_binprm * bprm)
 
 out_unlock:
 	up_write(&me->signal->exec_update_lock);
+	if (!bprm->cred)
+		mutex_unlock(&me->signal->cred_guard_mutex);
+
 out:
 	return retval;
 }
-- 
2.39.2

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [PATCH v3] Fix error handling in begin_new_exec
  2024-01-15 19:22 ` [PATCH v2] " Bernd Edlinger
@ 2024-01-22 18:34   ` Bernd Edlinger
  2024-01-22 20:53     ` Kees Cook
  0 siblings, 1 reply; 6+ messages in thread
From: Bernd Edlinger @ 2024-01-22 18:34 UTC (permalink / raw)
  To: Alexander Viro, Christian Brauner, Kees Cook, Eric W. Biederman,
	linux-fsdevel, linux-mm, linux-kernel, Andrew Morton

If get_unused_fd_flags() fails, the error handling is incomplete
because bprm->cred is already set to NULL, and therefore
free_bprm will not unlock the cred_guard_mutex.
Note there are two error conditions which end up here,
one before and one after bprm->cred is cleared.

Fixes: b8a61c9e7b4a ("exec: Generic execfd support")
Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 fs/exec.c | 3 +++
 1 file changed, 3 insertions(+)

v2: rebased to v6.7, retested and updated the commit message
to fix a checkpatch.pl style nit about the too short sha1 hash
in the Fixes: statement.
And retained Eric's Acked-by from:
https://lore.kernel.org/lkml/87mts2kcrm.fsf@disp2133/

v3: removed empty lines after Fixes: and Signed-off-by: header.


Thanks
Bernd.

diff --git a/fs/exec.c b/fs/exec.c
index 8cdd5b2dd09c..e88249a1ce07 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1409,6 +1409,9 @@ int begin_new_exec(struct linux_binprm * bprm)
 
 out_unlock:
 	up_write(&me->signal->exec_update_lock);
+	if (!bprm->cred)
+		mutex_unlock(&me->signal->cred_guard_mutex);
+
 out:
 	return retval;
 }
-- 
2.39.2

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH v3] Fix error handling in begin_new_exec
  2024-01-22 18:34   ` [PATCH v3] " Bernd Edlinger
@ 2024-01-22 20:53     ` Kees Cook
  0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2024-01-22 20:53 UTC (permalink / raw)
  To: Bernd Edlinger
  Cc: Kees Cook, Alexander Viro, Christian Brauner, Eric W. Biederman,
	linux-fsdevel, linux-mm, linux-kernel, Andrew Morton

On Mon, 22 Jan 2024 19:34:21 +0100, Bernd Edlinger wrote:
> If get_unused_fd_flags() fails, the error handling is incomplete
> because bprm->cred is already set to NULL, and therefore
> free_bprm will not unlock the cred_guard_mutex.
> Note there are two error conditions which end up here,
> one before and one after bprm->cred is cleared.
> 
> 
> [...]

Applied to for-next/execve, thanks!

[1/1] Fix error handling in begin_new_exec
      https://git.kernel.org/kees/c/84c39ec57d40

Take care,

-- 
Kees Cook


^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-01-22 20:53 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-06 10:41 [PATCH] Fix error handling in begin_new_exec Bernd Edlinger
2021-06-06 19:34 ` Eric W. Biederman
2023-10-30  5:50   ` Bernd Edlinger
2024-01-15 19:22 ` [PATCH v2] " Bernd Edlinger
2024-01-22 18:34   ` [PATCH v3] " Bernd Edlinger
2024-01-22 20:53     ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).