From: Jan Kara <jack@suse.cz>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Amir Goldstein <amir73il@gmail.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Kees Cook <kees@kernel.org>,
Eric Biederman <ebiederm@xmission.com>,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH next] binfmt_elf: Fix potential Oops in load_elf_binary()
Date: Wed, 11 Dec 2024 17:48:21 +0100 [thread overview]
Message-ID: <20241211164821.ki4wy4ltffgx677t@quack3> (raw)
In-Reply-To: <5952b626-ef08-4293-8a73-f1496af4e987@stanley.mountain>
On Wed 11-12-24 12:21:39, Dan Carpenter wrote:
> This function call was changed from allow_write_access() which has a NULL
> check to exe_file_allow_write_access() which doesn't. Check for NULL
> before calling it.
>
> Fixes: 871387b27c20 ("fs: don't block write during exec on pre-content watched files")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Thanks for noticing! I've opted to change exe_file_allow_write_access() to
check for NULL instead to be 1:1 replacement for allow_write_access().
Because bugs like this one are very easy to introduce.
Honza
> ---
> fs/binfmt_elf.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 8054f44d39cf..db9cb4c20125 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1354,9 +1354,10 @@ static int load_elf_binary(struct linux_binprm *bprm)
> kfree(interp_elf_ex);
> kfree(interp_elf_phdata);
> out_free_file:
> - exe_file_allow_write_access(interpreter);
> - if (interpreter)
> + if (interpreter) {
> + exe_file_allow_write_access(interpreter);
> fput(interpreter);
> + }
> out_free_ph:
> kfree(elf_phdata);
> goto out;
> --
> 2.45.2
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
prev parent reply other threads:[~2024-12-11 16:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-11 9:21 Dan Carpenter
2024-12-11 16:48 ` Jan Kara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241211164821.ki4wy4ltffgx677t@quack3 \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=dan.carpenter@linaro.org \
--cc=ebiederm@xmission.com \
--cc=kees@kernel.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox