* [PATCH next] binfmt_elf: Fix potential Oops in load_elf_binary()
@ 2024-12-11 9:21 Dan Carpenter
2024-12-11 16:48 ` Jan Kara
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2024-12-11 9:21 UTC (permalink / raw)
To: Amir Goldstein
Cc: Alexander Viro, Christian Brauner, Jan Kara, Kees Cook,
Eric Biederman, linux-fsdevel, linux-mm, linux-kernel,
kernel-janitors
This function call was changed from allow_write_access() which has a NULL
check to exe_file_allow_write_access() which doesn't. Check for NULL
before calling it.
Fixes: 871387b27c20 ("fs: don't block write during exec on pre-content watched files")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
fs/binfmt_elf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 8054f44d39cf..db9cb4c20125 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1354,9 +1354,10 @@ static int load_elf_binary(struct linux_binprm *bprm)
kfree(interp_elf_ex);
kfree(interp_elf_phdata);
out_free_file:
- exe_file_allow_write_access(interpreter);
- if (interpreter)
+ if (interpreter) {
+ exe_file_allow_write_access(interpreter);
fput(interpreter);
+ }
out_free_ph:
kfree(elf_phdata);
goto out;
--
2.45.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH next] binfmt_elf: Fix potential Oops in load_elf_binary()
2024-12-11 9:21 [PATCH next] binfmt_elf: Fix potential Oops in load_elf_binary() Dan Carpenter
@ 2024-12-11 16:48 ` Jan Kara
0 siblings, 0 replies; 2+ messages in thread
From: Jan Kara @ 2024-12-11 16:48 UTC (permalink / raw)
To: Dan Carpenter
Cc: Amir Goldstein, Alexander Viro, Christian Brauner, Jan Kara,
Kees Cook, Eric Biederman, linux-fsdevel, linux-mm, linux-kernel,
kernel-janitors
On Wed 11-12-24 12:21:39, Dan Carpenter wrote:
> This function call was changed from allow_write_access() which has a NULL
> check to exe_file_allow_write_access() which doesn't. Check for NULL
> before calling it.
>
> Fixes: 871387b27c20 ("fs: don't block write during exec on pre-content watched files")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Thanks for noticing! I've opted to change exe_file_allow_write_access() to
check for NULL instead to be 1:1 replacement for allow_write_access().
Because bugs like this one are very easy to introduce.
Honza
> ---
> fs/binfmt_elf.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 8054f44d39cf..db9cb4c20125 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1354,9 +1354,10 @@ static int load_elf_binary(struct linux_binprm *bprm)
> kfree(interp_elf_ex);
> kfree(interp_elf_phdata);
> out_free_file:
> - exe_file_allow_write_access(interpreter);
> - if (interpreter)
> + if (interpreter) {
> + exe_file_allow_write_access(interpreter);
> fput(interpreter);
> + }
> out_free_ph:
> kfree(elf_phdata);
> goto out;
> --
> 2.45.2
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-12-11 16:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-12-11 9:21 [PATCH next] binfmt_elf: Fix potential Oops in load_elf_binary() Dan Carpenter
2024-12-11 16:48 ` Jan Kara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox