forked from luck/tmp_suning_uos_patched
exec: Factor bprm_stack_limits out of prepare_arg_pages
In preparation for implementiong kernel_execve (which will take kernel pointers not userspace pointers) factor out bprm_stack_limits out of prepare_arg_pages. This separates the counting which depends upon the getting data from userspace from the calculations of the stack limits which is usable in kernel_execve. The remove prepare_args_pages and compute bprm->argc and bprm->envc directly in do_execveat_common, before bprm_stack_limits is called. Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lkml.kernel.org/r/87365u6x60.fsf@x220.int.ebiederm.org Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
parent
0c9cdff054
commit
d8b9cd549e
23
fs/exec.c
23
fs/exec.c
|
@ -448,19 +448,10 @@ static int count(struct user_arg_ptr argv, int max)
|
|||
return i;
|
||||
}
|
||||
|
||||
static int prepare_arg_pages(struct linux_binprm *bprm,
|
||||
struct user_arg_ptr argv, struct user_arg_ptr envp)
|
||||
static int bprm_stack_limits(struct linux_binprm *bprm)
|
||||
{
|
||||
unsigned long limit, ptr_size;
|
||||
|
||||
bprm->argc = count(argv, MAX_ARG_STRINGS);
|
||||
if (bprm->argc < 0)
|
||||
return bprm->argc;
|
||||
|
||||
bprm->envc = count(envp, MAX_ARG_STRINGS);
|
||||
if (bprm->envc < 0)
|
||||
return bprm->envc;
|
||||
|
||||
/*
|
||||
* Limit to 1/4 of the max stack size or 3/4 of _STK_LIM
|
||||
* (whichever is smaller) for the argv+env strings.
|
||||
|
@ -1964,7 +1955,17 @@ static int do_execveat_common(int fd, struct filename *filename,
|
|||
goto out_ret;
|
||||
}
|
||||
|
||||
retval = prepare_arg_pages(bprm, argv, envp);
|
||||
retval = count(argv, MAX_ARG_STRINGS);
|
||||
if (retval < 0)
|
||||
goto out_free;
|
||||
bprm->argc = retval;
|
||||
|
||||
retval = count(envp, MAX_ARG_STRINGS);
|
||||
if (retval < 0)
|
||||
goto out_free;
|
||||
bprm->envc = retval;
|
||||
|
||||
retval = bprm_stack_limits(bprm);
|
||||
if (retval < 0)
|
||||
goto out_free;
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user