Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp634635ybk; Sat, 9 May 2020 13:27:25 -0700 (PDT) X-Google-Smtp-Source: APiQypKNvUx+Sg/1p8B5N0F1P82iHAmfXDmEzCOj8mjsCTwa+fF2/kn6UWEhAtzzSrX6IOYS5P04 X-Received: by 2002:a17:907:9481:: with SMTP id dm1mr7661949ejc.268.1589056045844; Sat, 09 May 2020 13:27:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589056045; cv=none; d=google.com; s=arc-20160816; b=qXxfJG9eeldPvHfyxUtICbEOuXQLX4ywLaEbUIIM0e1uIbdT/M3epLrsjWSl9ke67X HjuH6nrUYgYR4PWFGKeL3Pa2l0i7Y+QOzaZU28uMpmMJ+Y7LW02PqqvZIymW+H0hoISw waOqIb2CNPfEnVJQLP9C7M5S01m/FP9seMFU9C7wc+BdAkhl5mAtGNjZMfgFj/Sqv2Al bTTYBLkKWtnaz/MB97oAlT1v9cR+J4Z00ynTgca6bkJXc1xANoslQXK8ATPAADz3Pbfv cJRZKS5n890/Tkt+4ayK9YuXO8kMnzEFJ+IIzcqQnltLOtk0m/cKlhs29x2PZmIRGLgd 6YeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=rq3EROYQxDfNBT0wVZ0AqkaD6tlVAw2P3CKf/Rs8tQg=; b=gYxDobT3qEYsYSz7AO5twKdN9TEZi/iryQYM0yzFJn4lqJKU6aAY5Uq78r2FdWk3LD Z/I6skhmOaaV2lqz48roPnNQufuwQSDOqNB/IkWafFW6cGGOiq5V4kfEhbpS4oDNLwYz UDAsCntMoi+sH0STA35Sr58YWaKT0XGZ9SsFabhMu0nnEb33hCJvZQdu1Bg67q/+hqoy L1Hlf7Nmw7REjPy3tJjaz30D97A2E+4h8ZuLo0n8Ftt8YY9ORf187rDLf2sUAHwn7i8L qZiFcI5mDzIX1zIZEKBkIuBXg5jZ/sDZgCwQK+bg5bU2SbslHSqKEjc4knHspReAijFq 2CgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Z96Q63QM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i10si3384388ejc.284.2020.05.09.13.27.03; Sat, 09 May 2020 13:27:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Z96Q63QM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728348AbgEIUZA (ORCPT + 99 others); Sat, 9 May 2020 16:25:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44582 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725960AbgEIUY7 (ORCPT ); Sat, 9 May 2020 16:24:59 -0400 Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A944C061A0C for ; Sat, 9 May 2020 13:24:58 -0700 (PDT) Received: by mail-ed1-x541.google.com with SMTP id s10so4332558edy.9 for ; Sat, 09 May 2020 13:24:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rq3EROYQxDfNBT0wVZ0AqkaD6tlVAw2P3CKf/Rs8tQg=; b=Z96Q63QMe9Gpsp6AeXzJLinw3niN6+LUAC3oCMCbateqa07K/sPjLmTGDwByhw59b9 UXCxV70CR0zudA48gJhwUKM8r72YcyACiVcdEj6M/nBu7IVXDtigWGZYpPDlWvyhkTlw m40LV53bx4dKUuBDMcU/qCxfUEgtlul3KpXxM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rq3EROYQxDfNBT0wVZ0AqkaD6tlVAw2P3CKf/Rs8tQg=; b=o8zNlV0Hwf06o4Y20/mJcdQoz/tIxGnLsvgj4cmYp1O9rMWsOFmZPdL1kgOanPdg02 NU8ErHV3JCy2e6BNfdrCvQJGqWr07Yr6UlRQxTxfWTlOg/sdUzR3WLPPUwNvQMNmq9GO +TvWr43E4gkORQGv1m2wKE3YdFRc7XHcGL4xpAOgpDsBLGXynZQ+JfjPphIcl5cOIqm6 zCpef4Ud2tRoD/AlT6HFCGT1C94VWhpgzqOBKQm/dsYFDB58J1Uq77BCQSK92lstox3c ETkTcbVKQiJBk1I+kUTKUmQo/4/LyaAshRAlaqlwi3F75g3Zeo1Fq3o6wVSK3AlejIrT lwzg== X-Gm-Message-State: AGi0Pubi8GG8JL7wUOwB5xkeKFqEIlykB1L5GYTQxH+2U7m0iuKXgrK4 UE3tE5vXFeWiQSpj4twU4jgvN/4OgT0= X-Received: by 2002:aa7:c9c9:: with SMTP id i9mr3317774edt.166.1589055896657; Sat, 09 May 2020 13:24:56 -0700 (PDT) Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com. [209.85.218.54]) by smtp.gmail.com with ESMTPSA id r4sm612641ejz.28.2020.05.09.13.24.56 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 09 May 2020 13:24:56 -0700 (PDT) Received: by mail-ej1-f54.google.com with SMTP id nv1so4372240ejb.0 for ; Sat, 09 May 2020 13:24:56 -0700 (PDT) X-Received: by 2002:a2e:8512:: with SMTP id j18mr5604536lji.201.1589055429344; Sat, 09 May 2020 13:17:09 -0700 (PDT) MIME-Version: 1.0 References: <87h7wujhmz.fsf@x220.int.ebiederm.org> <87sgga6ze4.fsf@x220.int.ebiederm.org> <87v9l4zyla.fsf_-_@x220.int.ebiederm.org> <87eerszyim.fsf_-_@x220.int.ebiederm.org> In-Reply-To: <87eerszyim.fsf_-_@x220.int.ebiederm.org> From: Linus Torvalds Date: Sat, 9 May 2020 13:16:53 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 3/5] exec: Remove recursion from search_binary_handler To: "Eric W. Biederman" Cc: Linux Kernel Mailing List , Oleg Nesterov , Jann Horn , Kees Cook , Greg Ungerer , Rob Landley , Bernd Edlinger , linux-fsdevel , Al Viro , Alexey Dobriyan , Andrew Morton , Casey Schaufler , LSM List , James Morris , "Serge E. Hallyn" , Andy Lutomirski Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 9, 2020 at 12:45 PM Eric W. Biederman wrote: > > Instead of recursing in search_binary_handler have the methods that > would recurse return a positive value, and simply loop in exec_binprm. > > This is a trivial change as all of the methods that would recurse do > so as effectively the last thing they do. Making this a trivial code > change. Looks good. I'd suggest doing that loop slightly differently: > - ret = search_binary_handler(bprm); > + do { > + depth++; > + ret = search_binary_handler(bprm); > + /* This allows 4 levels of binfmt rewrites before failing hard. */ > + if ((ret > 0) && (depth > 5)) > + ret = -ELOOP; > + } while (ret > 0); > if (ret >= 0) { That's really an odd way to write this. So honestly, if "ret < 0", then we can just return directly. So I think would make much more sense to do this loop something like for (depth = 0; depth < 5; depth++) { int ret; ret = search_binary_handler(bprm); if (ret < 0) return ret; /* Continue searching for the next binary handler? */ if (ret > 0) continue; /* Success! */ audit_bprm(bprm); trace_sched_process_exec(current, old_pid, bprm); ptrace_event(PTRACE_EVENT_EXEC, old_vpid); proc_exec_connector(current); return 0; } return -ELOOP; (if I read the logic of exec_binprm() right - I might have missed something). Linus