From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C56AC47DD9 for ; Mon, 22 Jan 2024 20:53:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EF97B6B00A0; Mon, 22 Jan 2024 15:53:38 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EAC136B00A2; Mon, 22 Jan 2024 15:53:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D49496B00A3; Mon, 22 Jan 2024 15:53:38 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id C27616B00A0 for ; Mon, 22 Jan 2024 15:53:38 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 6AFFEA05A2 for ; Mon, 22 Jan 2024 20:53:38 +0000 (UTC) X-FDA: 81708148116.11.BA10350 Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) by imf11.hostedemail.com (Postfix) with ESMTP id 8FAC540003 for ; Mon, 22 Jan 2024 20:53:36 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Akn8EC7D; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf11.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.43 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705956816; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KHLpdc+s1DN3hjZ1+Wn70z3BiqgmQibATYm0MQ7joBo=; b=LM1S3afiJEmpYvcqE+D1/gCv+PA76+nU73sor4QYkVJqIMrwBqre6HtBa5aZM5HeGD486N r3U1qVodgYHjR3jC4nTbjz8aD/POwhMlXeh97+xvFa+xh40J4+an4i3eu0k8kNjezsYuMH WScrxb0dJ/CwIby5ejNy/XjoIj+joqg= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Akn8EC7D; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf11.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.43 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705956816; a=rsa-sha256; cv=none; b=s0ABkMlrGV8cEST5w3cYKjBf2aZyJoCCniD7v3pGp+E11O/mbtUzDwMvCSYwmh/VHHj9/9 PMC2HFRXLi/dw3hkxnVYiVtsJUms5Vh8lRgYs8kTsKOyL9ksXARPxkD98qtvB94gGIzbfr zg8QXa8C46alKZlNMjZBFUFjUn1/l14= Received: by mail-ot1-f43.google.com with SMTP id 46e09a7af769-6ddef319fabso2366737a34.1 for ; Mon, 22 Jan 2024 12:53:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1705956815; x=1706561615; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KHLpdc+s1DN3hjZ1+Wn70z3BiqgmQibATYm0MQ7joBo=; b=Akn8EC7DQ9alaRAeTfRskLyoy8PaXErEivVMIsuIzjCalDAZmZXRKE+EZ6pUOMU2bh L3P/vrWy5IvHVHfR6B0d4UG7Cbq1O+5tiDDqtO4myD4knWx1LxVJLVWqsiSf03CID51X eZMwxQOYfwLj5aTZ67jH2BREpSKIpwQGCyCfE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705956815; x=1706561615; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KHLpdc+s1DN3hjZ1+Wn70z3BiqgmQibATYm0MQ7joBo=; b=Jyj2WXOti+o431foC1q1ufSpldgmE2//DYq9BFwDY/8vUKS5cIjhoyo4iEuSaBppcY aaXHJLTZHS0wuEEZ1+Fb37ZTEcU7gbTlcbxSJPn47HsYmxApM7wLI7KAuuQBG4gVRCjL OVCedI+juL3HuW0AlOofc5ayRoEEoEXB4drTlXzw7mhYN5tbKz7US0q3LQTfKjZaNBHV U5yxjZpzOxvxRd6mJSj3D5o1ARFLdU6UUsnFxC8BL6tFMVJGbxTOkDCrj0DcYFySEXXv 5DcI/K6kK8XkxglkW0Tlc16Q0IOQA8SF58BKg4WVYwen7h3T5I+8u+jept9GrPvqkxdO /lTQ== X-Gm-Message-State: AOJu0YxP+5CKSj+M5B6W2XgiABzbR242V1GN7uv7fM3Xy3EeevW1K1mS ThF9qvy78JSvu5VjbptuavOISsPez4go9b2yKT2evAho/PJIe0Xm5STvGGe4Vcz7DzkUS+2Lr7E = X-Google-Smtp-Source: AGHT+IG/TsXyZtkk1k/hwUr+fNS9q+PRnByIwu5fpMOy5PEaaP0vT1BkK07OjchmNIFEHImbtVdfaA== X-Received: by 2002:a05:6358:3a1c:b0:175:c7bb:5bbb with SMTP id g28-20020a0563583a1c00b00175c7bb5bbbmr2203322rwe.42.1705956815668; Mon, 22 Jan 2024 12:53:35 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id k31-20020a634b5f000000b005cfb2c44a3esm6884300pgl.3.2024.01.22.12.53.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 12:53:34 -0800 (PST) From: Kees Cook To: Bernd Edlinger Cc: Kees Cook , Alexander Viro , Christian Brauner , "Eric W. Biederman" , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton Subject: Re: [PATCH v3] Fix error handling in begin_new_exec Date: Mon, 22 Jan 2024 12:53:03 -0800 Message-Id: <170595678126.1295697.13621931577825110324.b4-ty@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 8FAC540003 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: kxjkurnxeh5kkn8xtaqtbsebn63aqkah X-HE-Tag: 1705956816-858640 X-HE-Meta: U2FsdGVkX18/wb5ub8dLLlsvazHLmB9T4DsCqU6gwBjOuzxOS525M5Uf/6USzMmUSSXXoTJuB/RYoVAVsjX2V+8xQ4eBobhwn5MBZA1hXnGFAb9O8Wq2LrfT5WTefuQ67MFYgJWL8aoHX+dZxE/8W5hJSUYWq9zAE9GPEbR7QtIbFLGv9qQTy07hxi03h254DRdyY5QPnHe1uTiE7btccK9epRr2YZeMsyxfbQOVBKc6phMF9seeWQ4mVpGgxJ+AfsFDLtit99mh7pXfnJKO8LDNag3JxJECNyehAuqA4Q+UczzWMLWdcSatLuD0oTjUtNhR78WOh/35YkjtYprpFcc5RfFmcBaV3ku+lvJGxUIrYDjD7mHSwpahkFaPjeuW+8fyAmddc7VKacfU6LHUyybh/KzVLOxNhmpLOC3DqyrYa3WKjXHzixmOy1gEZYDHnGKGvx80Kv9gejzoZWmSfGlMcNk3Ld0oGlZ6AzrFnYJ5Gk3uQVwgINB/wmkfPEwBHYv4LkqBIBblnALuLRnkhmk0jWxA3rHDbWK8Mn3yxvfB/AvFpZKnPEdgX/mqjWvkeIzSSjm8KUOF5K5L6UmaSsWPDR7ElegY/9NBqX7WR6/nmZo25Jp6lVm0+9ArQfcXhrj1QiD0BCJQ1vci9HlSpGBkmnsw+4Oo343Dke6oFZ5aeGrLfMm1motUt9JCcWJy5KMOlCiV7IqoAyF+RBr1jlm1Lviw0v0zQLH6winGYQ8cED+mD1SSbrudyGf1z3nR5t0vT68ZvqfmGEHdIQy+mDetUFHnyvbpJD++Etq7rURPfyYF30eqjdY7YaA8dAcxJV9fATTOLQYCSYortNkB7a1ekhRcWggGLnD+G3yGjBjrALQ2GWur7dugxHh5W1hllgGwxvE4A8DJ4LVTz3TLOxvZRzsTgJdSlC0QyCY9Y5PHLHIxMtMP1uvz2PNSLOptzRXMmNdogGgFVAiq/2R egX9z79f 0UzBwwDu6tN0cTGVeChR1FY3bCjXhoLyf28gL4jmV+T1F1g4A5HsAtTX1A7MeGnWHh9SGMBmBIfjnLV0ASFITdhMGte75OI/loF2ABECDWw4lUcOxYFtSpD7U1UEWzNGUKUELbbtIex8ovN4nvchYLo/K8mAjcUxukKQgHE6cH8rA/tMNztjbfWry+YzY9DaOZ0AochfGf/d3A2wt4SJaTNQhnuII+LFJa2Oyw9JcvaQZTPvG7pACzAjYOCL/luIDfjD4or5QNQqUtio+j8Qya9fVCd1vpfPkJUTNWJsnPkgtR5XJTM502abVlT06uhucUJas9IIjX6BeR1KXIdbpvvCWIFfbtHGqD9mvIq1yYWCeMSLiLG6Wb8sNQ4QUAut97TcoSUlNRATUQUgWkfvL8h7aZbVlKS4wGFfBEzvfXLoCqKLQaBEFHulVnalJZLQZsDLoDTkvjDCLYfc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000806, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, 22 Jan 2024 19:34:21 +0100, Bernd Edlinger wrote: > If get_unused_fd_flags() fails, the error handling is incomplete > because bprm->cred is already set to NULL, and therefore > free_bprm will not unlock the cred_guard_mutex. > Note there are two error conditions which end up here, > one before and one after bprm->cred is cleared. > > > [...] Applied to for-next/execve, thanks! [1/1] Fix error handling in begin_new_exec https://git.kernel.org/kees/c/84c39ec57d40 Take care, -- Kees Cook