diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-09-04 11:35:47 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-09-04 11:35:47 -0700 |
| commit | 49624efa65ac9889f4e7c7b2452b2e6ce42ba37d (patch) | |
| tree | 2ff7f446bf5d8459efc05d8a90d391a7e0452e92 /fs/exec.c | |
| parent | f7464060f7ab9a2424428008f0ee9f1e267e410f (diff) | |
| parent | 592ca09be8333bd226f50100328a905bfc377133 (diff) | |
| download | linux-49624efa65ac9889f4e7c7b2452b2e6ce42ba37d.tar.gz | |
Merge tag 'denywrite-for-5.15' of git://github.com/davidhildenbrand/linux
Pull MAP_DENYWRITE removal from David Hildenbrand:
"Remove all in-tree usage of MAP_DENYWRITE from the kernel and remove
VM_DENYWRITE.
There are some (minor) user-visible changes:
- We no longer deny write access to shared libaries loaded via legacy
uselib(); this behavior matches modern user space e.g. dlopen().
- We no longer deny write access to the elf interpreter after exec
completed, treating it just like shared libraries (which it often
is).
- We always deny write access to the file linked via /proc/pid/exe:
sys_prctl(PR_SET_MM_MAP/EXE_FILE) will fail if write access to the
file cannot be denied, and write access to the file will remain
denied until the link is effectivel gone (exec, termination,
sys_prctl(PR_SET_MM_MAP/EXE_FILE)) -- just as if exec'ing the file.
Cross-compiled for a bunch of architectures (alpha, microblaze, i386,
s390x, ...) and verified via ltp that especially the relevant tests
(i.e., creat07 and execve04) continue working as expected"
* tag 'denywrite-for-5.15' of git://github.com/davidhildenbrand/linux:
fs: update documentation of get_write_access() and friends
mm: ignore MAP_DENYWRITE in ksys_mmap_pgoff()
mm: remove VM_DENYWRITE
binfmt: remove in-tree usage of MAP_DENYWRITE
kernel/fork: always deny write access to current MM exe_file
kernel/fork: factor out replacing the current MM exe_file
binfmt: don't use MAP_DENYWRITE when loading shared libraries via uselib()
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/exec.c b/fs/exec.c index 2dc489c164fe..a098c133d8d7 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1272,7 +1272,9 @@ int begin_new_exec(struct linux_binprm * bprm) * not visibile until then. This also enables the update * to be lockless. */ - set_mm_exe_file(bprm->mm, bprm->file); + retval = set_mm_exe_file(bprm->mm, bprm->file); + if (retval) + goto out; /* If the binary is not readable then enforce mm->dumpable=0 */ would_dump(bprm, bprm->file); |