linux-hardened/init
Linus Torvalds c4ad8f98be execve: use 'struct filename *' for executable name passing
This changes 'do_execve()' to get the executable name as a 'struct
filename', and to free it when it is done.  This is what the normal
users want, and it simplifies and streamlines their error handling.

The controlled lifetime of the executable name also fixes a
use-after-free problem with the trace_sched_process_exec tracepoint: the
lifetime of the passed-in string for kernel users was not at all
obvious, and the user-mode helper code used UMH_WAIT_EXEC to serialize
the pathname allocation lifetime with the execve() having finished,
which in turn meant that the trace point that happened after
mm_release() of the old process VM ended up using already free'd memory.

To solve the kernel string lifetime issue, this simply introduces
"getname_kernel()" that works like the normal user-space getname()
function, except with the source coming from kernel memory.

As Oleg points out, this also means that we could drop the tcomm[] array
from 'struct linux_binprm', since the pathname lifetime now covers
setup_new_exec().  That would be a separate cleanup.

Reported-by: Igor Zhbanov <i.zhbanov@samsung.com>
Tested-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-05 12:54:53 -08:00
..
calibrate.c kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
do_mounts.c init/do_mounts.c: add maj:min syntax comment 2013-11-13 12:09:12 +09:00
do_mounts.h md: move lots of #include lines out of .h files and into .c 2009-03-31 14:33:13 +11:00
do_mounts_initrd.c usermodehelper: split remaining calls to call_usermodehelper_fns() 2013-04-30 17:04:06 -07:00
do_mounts_md.c init: disable sparse checking of the mount.o source files 2012-05-31 17:49:27 -07:00
do_mounts_rd.c cramfs: take headers to fs/cramfs 2014-01-25 03:13:02 -05:00
init_task.c sched/rt: Move rt specific bits into new header file 2013-02-07 20:51:08 +01:00
initramfs.c init: fix possible format string bug 2014-01-23 16:36:58 -08:00
Kconfig alpha: Enable system-call auditing support. 2014-01-31 09:21:55 -08:00
main.c execve: use 'struct filename *' for executable name passing 2014-02-05 12:54:53 -08:00
Makefile init_task: Replace CONFIG_HAVE_GENERIC_INIT_TASK 2012-05-05 13:00:46 +02:00
noinitramfs.c init: mark __user address space on string literals 2010-10-26 16:52:15 -07:00
version.c proc: Split the namespace stuff out into linux/proc_ns.h 2013-05-01 17:29:39 -04:00