Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
----
-/* v2 */
-- Christian Brauner <christian.brauner@ubuntu.com>:
- - Add more comments that explain what's going on.
- - Rename functions while changing them to better reflect what they are
- doing to make the code easier to understand.
- - In the first version when a specific binary type handler was removed
- either through a write to the entry's file or all binary type
- handlers were removed by a write to the binfmt_misc mount's status
- file all cleanup work happened during inode eviction.
- That includes removal of the relevant entries from entry list. While
- that works fine I disliked that model after thinking about it for a
- bit. Because it means that there was a window were someone has
- already removed a or all binary handlers but they could still be
- safely reached from load_misc_binary() when it has managed to take
- the read_lock() on the entries list while inode eviction was already
- happening. Again, that perfectly benign but it's cleaner to remove
- the binary handler from the list immediately meaning that ones the
- write to then entry's file or the binfmt_misc status file returns
- the binary type cannot be executed anymore. That gives stronger
- guarantees to the user.
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_misc.c | 216 ++++++++++++++++++++++++++++++++++++-----------
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
----
-/* v2 */
-- Christian Brauner <christian.brauner@ubuntu.com>:
- - Add more comments that explain what's going on.
- - Rename functions while changing them to better reflect what they are
- doing to make the code easier to understand.
- - In the first version when a specific binary type handler was removed
- either through a write to the entry's file or all binary type
- handlers were removed by a write to the binfmt_misc mount's status
- file all cleanup work happened during inode eviction.
- That includes removal of the relevant entries from entry list. While
- that works fine I disliked that model after thinking about it for a
- bit. Because it means that there was a window were someone has
- already removed a or all binary handlers but they could still be
- safely reached from load_misc_binary() when it has managed to take
- the read_lock() on the entries list while inode eviction was already
- happening. Again, that perfectly benign but it's cleaner to remove
- the binary handler from the list immediately meaning that ones the
- write to then entry's file or the binfmt_misc status file returns
- the binary type cannot be executed anymore. That gives stronger
- guarantees to the user.
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_misc.c | 216 ++++++++++++++++++++++++++++++++++++-----------
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
----
-/* v2 */
-- Christian Brauner <christian.brauner@ubuntu.com>:
- - Add more comments that explain what's going on.
- - Rename functions while changing them to better reflect what they are
- doing to make the code easier to understand.
- - In the first version when a specific binary type handler was removed
- either through a write to the entry's file or all binary type
- handlers were removed by a write to the binfmt_misc mount's status
- file all cleanup work happened during inode eviction.
- That includes removal of the relevant entries from entry list. While
- that works fine I disliked that model after thinking about it for a
- bit. Because it means that there was a window were someone has
- already removed a or all binary handlers but they could still be
- safely reached from load_misc_binary() when it has managed to take
- the read_lock() on the entries list while inode eviction was already
- happening. Again, that perfectly benign but it's cleaner to remove
- the binary handler from the list immediately meaning that ones the
- write to then entry's file or the binfmt_misc status file returns
- the binary type cannot be executed anymore. That gives stronger
- guarantees to the user.
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_misc.c | 216 ++++++++++++++++++++++++++++++++++++-----------
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
----
-/* v2 */
-- Christian Brauner <christian.brauner@ubuntu.com>:
- - Add more comments that explain what's going on.
- - Rename functions while changing them to better reflect what they are
- doing to make the code easier to understand.
- - In the first version when a specific binary type handler was removed
- either through a write to the entry's file or all binary type
- handlers were removed by a write to the binfmt_misc mount's status
- file all cleanup work happened during inode eviction.
- That includes removal of the relevant entries from entry list. While
- that works fine I disliked that model after thinking about it for a
- bit. Because it means that there was a window were someone has
- already removed a or all binary handlers but they could still be
- safely reached from load_misc_binary() when it has managed to take
- the read_lock() on the entries list while inode eviction was already
- happening. Again, that perfectly benign but it's cleaner to remove
- the binary handler from the list immediately meaning that ones the
- write to then entry's file or the binfmt_misc status file returns
- the binary type cannot be executed anymore. That gives stronger
- guarantees to the user.
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_misc.c | 216 ++++++++++++++++++++++++++++++++++++-----------
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
----
-/* v2 */
-- Christian Brauner <christian.brauner@ubuntu.com>:
- - Add more comments that explain what's going on.
- - Rename functions while changing them to better reflect what they are
- doing to make the code easier to understand.
- - In the first version when a specific binary type handler was removed
- either through a write to the entry's file or all binary type
- handlers were removed by a write to the binfmt_misc mount's status
- file all cleanup work happened during inode eviction.
- That includes removal of the relevant entries from entry list. While
- that works fine I disliked that model after thinking about it for a
- bit. Because it means that there was a window were someone has
- already removed a or all binary handlers but they could still be
- safely reached from load_misc_binary() when it has managed to take
- the read_lock() on the entries list while inode eviction was already
- happening. Again, that perfectly benign but it's cleaner to remove
- the binary handler from the list immediately meaning that ones the
- write to then entry's file or the binfmt_misc status file returns
- the binary type cannot be executed anymore. That gives stronger
- guarantees to the user.
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_misc.c | 216 ++++++++++++++++++++++++++++++++++++-----------
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
----
-/* v2 */
-- Christian Brauner <christian.brauner@ubuntu.com>:
- - Add more comments that explain what's going on.
- - Rename functions while changing them to better reflect what they are
- doing to make the code easier to understand.
- - In the first version when a specific binary type handler was removed
- either through a write to the entry's file or all binary type
- handlers were removed by a write to the binfmt_misc mount's status
- file all cleanup work happened during inode eviction.
- That includes removal of the relevant entries from entry list. While
- that works fine I disliked that model after thinking about it for a
- bit. Because it means that there was a window were someone has
- already removed a or all binary handlers but they could still be
- safely reached from load_misc_binary() when it has managed to take
- the read_lock() on the entries list while inode eviction was already
- happening. Again, that perfectly benign but it's cleaner to remove
- the binary handler from the list immediately meaning that ones the
- write to then entry's file or the binfmt_misc status file returns
- the binary type cannot be executed anymore. That gives stronger
- guarantees to the user.
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_misc.c | 216 ++++++++++++++++++++++++++++++++++++-----------
projects / thirdparty / kernel / stable-queue.git / commitdiff
