tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

exec: move the final allow_write_access/fput into free_bprm()

Both success/failure paths cleanup bprm->file, we can move this
code into free_bprm() to simlify and cleanup this logic.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Oleg Nesterov and committed by
Linus Torvalds 63e46b95 9e00cdb0

+5 -15
+5 -15
fs/exec.c
··· 1138 1138 1139 1139 /* An exec changes our domain. We are no longer part of the thread 1140 1140 group */ 1141 - 1142 1141 current->self_exec_id++; 1143 - 1144 1142 flush_signal_handlers(current, 0); 1145 1143 do_close_on_exec(current->files); 1146 1144 } ··· 1169 1171 if (bprm->cred) { 1170 1172 mutex_unlock(&current->signal->cred_guard_mutex); 1171 1173 abort_creds(bprm->cred); 1174 + } 1175 + if (bprm->file) { 1176 + allow_write_access(bprm->file); 1177 + fput(bprm->file); 1172 1178 } 1173 1179 /* If a binfmt changed the interp, free it. */ 1174 1180 if (bprm->interp != bprm->filename) ··· 1426 1424 ptrace_event(PTRACE_EVENT_EXEC, old_vpid); 1427 1425 current->did_exec = 1; 1428 1426 proc_exec_connector(current); 1429 - 1430 - if (bprm->file) { 1431 - allow_write_access(bprm->file); 1432 - fput(bprm->file); 1433 - bprm->file = NULL; /* to catch use-after-free */ 1434 - } 1435 1427 } 1436 1428 1437 1429 return ret; ··· 1488 1492 1489 1493 retval = bprm_mm_init(bprm); 1490 1494 if (retval) 1491 - goto out_file; 1495 + goto out_unmark; 1492 1496 1493 1497 bprm->argc = count(argv, MAX_ARG_STRINGS); 1494 1498 if ((retval = bprm->argc) < 0) ··· 1533 1537 if (bprm->mm) { 1534 1538 acct_arg_size(bprm, 0); 1535 1539 mmput(bprm->mm); 1536 - } 1537 - 1538 - out_file: 1539 - if (bprm->file) { 1540 - allow_write_access(bprm->file); 1541 - fput(bprm->file); 1542 1540 } 1543 1541 1544 1542 out_unmark: