From: Eric W. Biederman <ebiederm@xmission.com>
Date: Mon, 30 Mar 2020 21:33:39 +0000 (-0500)
Subject: exec: Run sync_mm_rss before taking exec_update_mutex
X-Git-Tag: v5.8-rc1~144^2~6^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a28bf136e651e17d7e2c753aa140ce3cc1df36a0;p=thirdparty%2Flinux.git

exec: Run sync_mm_rss before taking exec_update_mutex

Like exec_mm_release sync_mm_rss is about flushing out the state of
the old_mm, which does not need to happen under exec_update_mutex.

Make this explicit by moving sync_mm_rss outside of exec_update_mutex.

Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/875zd66za3.fsf_-_@x220.int.ebiederm.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---

diff --git a/fs/exec.c b/fs/exec.c
index 82106241ed531..ecee0ebebf85f 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1051,13 +1051,14 @@ static int exec_mmap(struct mm_struct *mm)
 	tsk = current;
 	old_mm = current->mm;
 	exec_mm_release(tsk, old_mm);
+	if (old_mm)
+		sync_mm_rss(old_mm);
 
 	ret = mutex_lock_killable(&tsk->signal->exec_update_mutex);
 	if (ret)
 		return ret;
 
 	if (old_mm) {
-		sync_mm_rss(old_mm);
 		/*
 		 * Make sure that if there is a core dump in progress
 		 * for the old mm, we get out and die instead of going