This is a follow up series for removing current->in_execve flag.
https://lkml.kernel.org/r/[email protected]
[PATCH v2 1/3] LSM: add security_execve_abort() hook
[PATCH v2 2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook
[PATCH v2 3/3] fs/exec: remove current->in_execve flag
fs/exec.c | 4 +---
include/linux/lsm_hook_defs.h | 1 +
include/linux/sched.h | 3 ---
include/linux/security.h | 5 +++++
security/security.c | 11 +++++++++++
security/tomoyo/tomoyo.c | 22 ++++++----------------
6 files changed, 24 insertions(+), 22 deletions(-)
Changes in v2:
Replace security_bprm_aborting_creds(const struct linux_binprm *bprm) with
security_execve_abort(void), suggested by Eric W. Biederman.
Addition of security_execve_abort() hook made it possible to remove
this flag.
Signed-off-by: Tetsuo Handa <[email protected]>
---
fs/exec.c | 3 ---
include/linux/sched.h | 3 ---
2 files changed, 6 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index d6d35a06fd08..c197573b2940 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1865,7 +1865,6 @@ static int bprm_execve(struct linux_binprm *bprm)
* where setuid-ness is evaluated.
*/
check_unsafe_exec(bprm);
- current->in_execve = 1;
sched_mm_cid_before_execve(current);
sched_exec();
@@ -1882,7 +1881,6 @@ static int bprm_execve(struct linux_binprm *bprm)
sched_mm_cid_after_execve(current);
/* execve succeeded */
current->fs->in_exec = 0;
- current->in_execve = 0;
rseq_execve(current);
user_events_execve(current);
acct_update_integrals(current);
@@ -1901,7 +1899,6 @@ static int bprm_execve(struct linux_binprm *bprm)
sched_mm_cid_after_execve(current);
current->fs->in_exec = 0;
- current->in_execve = 0;
return retval;
}
diff --git a/include/linux/sched.h b/include/linux/sched.h
index ffe8f618ab86..66ada87249b1 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -919,9 +919,6 @@ struct task_struct {
#ifdef CONFIG_RT_MUTEXES
unsigned sched_rt_mutex:1;
#endif
-
- /* Bit to tell TOMOYO we're in execve(): */
- unsigned in_execve:1;
unsigned in_iowait:1;
#ifndef TIF_RESTORE_SIGMASK
unsigned restore_sigmask:1;
--
2.18.4
On Sat, Feb 03, 2024 at 07:52:24PM +0900, Tetsuo Handa wrote:
> This is a follow up series for removing current->in_execve flag.
>
> https://lkml.kernel.org/r/[email protected]
>
> [PATCH v2 1/3] LSM: add security_execve_abort() hook
> [PATCH v2 2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook
> [PATCH v2 3/3] fs/exec: remove current->in_execve flag
>
> fs/exec.c | 4 +---
> include/linux/lsm_hook_defs.h | 1 +
> include/linux/sched.h | 3 ---
> include/linux/security.h | 5 +++++
> security/security.c | 11 +++++++++++
> security/tomoyo/tomoyo.c | 22 ++++++----------------
> 6 files changed, 24 insertions(+), 22 deletions(-)
>
> Changes in v2:
>
> Replace security_bprm_aborting_creds(const struct linux_binprm *bprm) with
> security_execve_abort(void), suggested by Eric W. Biederman.
It seems good to me, apart from the mistaken bprm arg mention in
tomoyo_execve_abort() comment in patch 2 which kernel-test-robot found.
Acked-by: Serge E. Hallyn <[email protected]>
thanks,
-serge
On Sat, Feb 03, 2024 at 07:53:39PM +0900, Tetsuo Handa wrote:
> Addition of security_execve_abort() hook made it possible to remove
> this flag.
>
> Signed-off-by: Tetsuo Handa <[email protected]>
Yay removal! :)
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook