Commit 7dd257d0 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'execve-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull execve fixes from Kees Cook:

 - Fix an ancient signal action copy race (Bernd Edlinger)

 - Fix a memory leak in ELF loader, when under memory pressure (Li
   Zetao)

* tag 'execve-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  fs/binfmt_elf: Fix memory leak in load_elf_binary()
  exec: Copy oldsighand->action under spin-lock
parents 2eb72d85 594d2a14

fs/binfmt_elf.c

+2 −1
Original line number Diff line number Diff line
@@ -911,7 +911,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
		interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);

		if (!interp_elf_ex) {

			retval = -ENOMEM;

			goto out_free_ph;

			goto out_free_file;

		}



		/* Get the exec headers */
@@ -1354,6 +1354,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
out_free_dentry:

	kfree(interp_elf_ex);

	kfree(interp_elf_phdata);

out_free_file:

	allow_write_access(interpreter);

	if (interpreter)

		fput(interpreter);

fs/exec.c

+2 −2
Original line number Diff line number Diff line
@@ -1197,11 +1197,11 @@ static int unshare_sighand(struct task_struct *me) 
			return -ENOMEM;



		refcount_set(&newsighand->count, 1);

		memcpy(newsighand->action, oldsighand->action,

		       sizeof(newsighand->action));



		write_lock_irq(&tasklist_lock);

		spin_lock(&oldsighand->siglock);

		memcpy(newsighand->action, oldsighand->action,

		       sizeof(newsighand->action));

		rcu_assign_pointer(me->sighand, newsighand);

		spin_unlock(&oldsighand->siglock);

		write_unlock_irq(&tasklist_lock);