Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5f402c67 authored by Park Ju Hyung's avatar Park Ju Hyung Committed by KakatkarAkshay
Browse files

exec: use bprm from the stack space



struct linux_binprm isn't big and is safe to use from the stack space

Signed-off-by: default avatarPark Ju Hyung <qkrwngud825@gmail.com>
[@0ctobot: Adapted for 4.19]
Signed-off-by: default avatarAdam W. Willis <return.of.octobot@gmail.com>
Signed-off-by: default avatarLibXZR <xzr467706992@163.com>
parent fd641941
Loading
Loading
Loading
Loading
+27 −32
Original line number Diff line number Diff line
@@ -1428,7 +1428,6 @@ static void free_bprm(struct linux_binprm *bprm)
	/* If a binfmt changed the interp, free it. */
	if (bprm->interp != bprm->filename)
		kfree(bprm->interp);
	kfree(bprm);
}

int bprm_change_interp(const char *interp, struct linux_binprm *bprm)
@@ -1716,7 +1715,7 @@ static int __do_execve_file(int fd, struct filename *filename,
			    int flags, struct file *file)
{
	char *pathbuf = NULL;
	struct linux_binprm *bprm;
	struct linux_binprm bprm;
	struct files_struct *displaced;
	int retval;

@@ -1743,16 +1742,13 @@ static int __do_execve_file(int fd, struct filename *filename,
	if (retval)
		goto out_ret;

	retval = -ENOMEM;
	bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
	if (!bprm)
		goto out_files;
	memset(&bprm, 0, sizeof(bprm));

	retval = prepare_bprm_creds(bprm);
	retval = prepare_bprm_creds(&bprm);
	if (retval)
		goto out_free;

	check_unsafe_exec(bprm);
	check_unsafe_exec(&bprm);
	current->in_execve = 1;

	if (!file)
@@ -1763,11 +1759,11 @@ static int __do_execve_file(int fd, struct filename *filename,

	sched_exec();

	bprm->file = file;
	bprm.file = file;
	if (!filename) {
		bprm->filename = "none";
		bprm.filename = "none";
	} else if (fd == AT_FDCWD || filename->name[0] == '/') {
		bprm->filename = filename->name;
		bprm.filename = filename->name;
	} else {
		if (filename->name[0] == '\0')
			pathbuf = kasprintf(GFP_KERNEL, "/dev/fd/%d", fd);
@@ -1784,43 +1780,43 @@ static int __do_execve_file(int fd, struct filename *filename,
		 * current->files (due to unshare_files above).
		 */
		if (close_on_exec(fd, rcu_dereference_raw(current->files->fdt)))
			bprm->interp_flags |= BINPRM_FLAGS_PATH_INACCESSIBLE;
		bprm->filename = pathbuf;
			bprm.interp_flags |= BINPRM_FLAGS_PATH_INACCESSIBLE;
		bprm.filename = pathbuf;
	}
	bprm->interp = bprm->filename;
	bprm.interp = bprm.filename;

	retval = bprm_mm_init(bprm);
	retval = bprm_mm_init(&bprm);
	if (retval)
		goto out_unmark;

	bprm->argc = count(argv, MAX_ARG_STRINGS);
	if ((retval = bprm->argc) < 0)
	bprm.argc = count(argv, MAX_ARG_STRINGS);
	if ((retval = bprm.argc) < 0)
		goto out;

	bprm->envc = count(envp, MAX_ARG_STRINGS);
	if ((retval = bprm->envc) < 0)
	bprm.envc = count(envp, MAX_ARG_STRINGS);
	if ((retval = bprm.envc) < 0)
		goto out;

	retval = prepare_binprm(bprm);
	retval = prepare_binprm(&bprm);
	if (retval < 0)
		goto out;

	retval = copy_strings_kernel(1, &bprm->filename, bprm);
	retval = copy_strings_kernel(1, &bprm.filename, &bprm);
	if (retval < 0)
		goto out;

	bprm->exec = bprm->p;
	retval = copy_strings(bprm->envc, envp, bprm);
	bprm.exec = bprm.p;
	retval = copy_strings(bprm.envc, envp, &bprm);
	if (retval < 0)
		goto out;

	retval = copy_strings(bprm->argc, argv, bprm);
	retval = copy_strings(bprm.argc, argv, &bprm);
	if (retval < 0)
		goto out;

	would_dump(bprm, bprm->file);
	would_dump(&bprm, bprm.file);

	retval = exec_binprm(bprm);
	retval = exec_binprm(&bprm);
	if (retval < 0)
		goto out;

@@ -1831,7 +1827,7 @@ static int __do_execve_file(int fd, struct filename *filename,
	rseq_execve(current);
	acct_update_integrals(current);
	task_numa_free(current, false);
	free_bprm(bprm);
	free_bprm(&bprm);
	kfree(pathbuf);
	if (filename)
		putname(filename);
@@ -1840,9 +1836,9 @@ static int __do_execve_file(int fd, struct filename *filename,
	return retval;

out:
	if (bprm->mm) {
		acct_arg_size(bprm, 0);
		mmput(bprm->mm);
	if (bprm.mm) {
		acct_arg_size(&bprm, 0);
		mmput(bprm.mm);
	}

out_unmark:
@@ -1850,10 +1846,9 @@ static int __do_execve_file(int fd, struct filename *filename,
	current->in_execve = 0;

out_free:
	free_bprm(bprm);
	free_bprm(&bprm);
	kfree(pathbuf);

out_files:
	if (displaced)
		reset_files_struct(displaced);
out_ret: