exec: Merge install_exec_creds into setup_new_exec

The two functions are now always called one right after the
other so merge them together to make future maintenance easier.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index 37b36a8..8255fdc 100644 (file)
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -140,7 +140,6 @@ static int load_aout_binary(struct linux_binprm *bprm)
        set_personality_ia32(false);
 
        setup_new_exec(bprm);
-       install_exec_creds(bprm);
 
        regs->cs = __USER32_CS;
        regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 =

diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index ace587b..c8ba28f 100644 (file)
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -162,7 +162,6 @@ static int load_aout_binary(struct linux_binprm * bprm)
        set_personality(PER_LINUX);
 #endif
        setup_new_exec(bprm);
-       install_exec_creds(bprm);
 
        current->mm->end_code = ex.a_text +
                (current->mm->start_code = N_TXTADDR(ex));

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 13f25e2..e6b5866 100644 (file)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -858,7 +858,6 @@ out_free_interp:
                current->flags |= PF_RANDOMIZE;
 
        setup_new_exec(bprm);
-       install_exec_creds(bprm);
 
        /* Do this so that we can load the interpreter, if need be.  We will
           change some of these later */

diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 6c94c6d..9a1aa61 100644 (file)
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -353,7 +353,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
                current->personality |= READ_IMPLIES_EXEC;
 
        setup_new_exec(bprm);
-       install_exec_creds(bprm);
 
        set_binfmt(&elf_fdpic_format);
 

diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 1a1d1fc..2528789 100644 (file)
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -541,7 +541,6 @@ static int load_flat_file(struct linux_binprm *bprm,
                /* OK, This is the point of no return */
                set_personality(PER_LINUX_32BIT);
                setup_new_exec(bprm);
-               install_exec_creds(bprm);
        }
 
        /*

diff --git a/fs/exec.c b/fs/exec.c
index 71de9f5..93e40f8 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1443,6 +1443,31 @@ void setup_new_exec(struct linux_binprm * bprm)
           group */
        WRITE_ONCE(current->self_exec_id, current->self_exec_id + 1);
        flush_signal_handlers(current, 0);
+
+       /*
+        * install the new credentials for this executable
+        */
+       security_bprm_committing_creds(bprm);
+
+       commit_creds(bprm->cred);
+       bprm->cred = NULL;
+
+       /*
+        * Disable monitoring for regular users
+        * when executing setuid binaries. Must
+        * wait until new credentials are committed
+        * by commit_creds() above
+        */
+       if (get_dumpable(current->mm) != SUID_DUMP_USER)
+               perf_event_exit_task(current);
+       /*
+        * cred_guard_mutex must be held at least to this point to prevent
+        * ptrace_attach() from altering our determination of the task's
+        * credentials; any time after this it may be unlocked.
+        */
+       security_bprm_committed_creds(bprm);
+       mutex_unlock(&current->signal->exec_update_mutex);
+       mutex_unlock(&current->signal->cred_guard_mutex);
 }
 EXPORT_SYMBOL(setup_new_exec);
 
@@ -1458,7 +1483,7 @@ EXPORT_SYMBOL(finalize_exec);
 
 /*
  * Prepare credentials and lock ->cred_guard_mutex.
- * install_exec_creds() commits the new creds and drops the lock.
+ * setup_new_exec() commits the new creds and drops the lock.
  * Or, if exec fails before, free_bprm() should release ->cred and
  * and unlock.
  */
@@ -1504,35 +1529,6 @@ int bprm_change_interp(const char *interp, struct linux_binprm *bprm)
 }
 EXPORT_SYMBOL(bprm_change_interp);
 
-/*
- * install the new credentials for this executable
- */
-void install_exec_creds(struct linux_binprm *bprm)
-{
-       security_bprm_committing_creds(bprm);
-
-       commit_creds(bprm->cred);
-       bprm->cred = NULL;
-
-       /*
-        * Disable monitoring for regular users
-        * when executing setuid binaries. Must
-        * wait until new credentials are committed
-        * by commit_creds() above
-        */
-       if (get_dumpable(current->mm) != SUID_DUMP_USER)
-               perf_event_exit_task(current);
-       /*
-        * cred_guard_mutex must be held at least to this point to prevent
-        * ptrace_attach() from altering our determination of the task's
-        * credentials; any time after this it may be unlocked.
-        */
-       security_bprm_committed_creds(bprm);
-       mutex_unlock(&current->signal->exec_update_mutex);
-       mutex_unlock(&current->signal->cred_guard_mutex);
-}
-EXPORT_SYMBOL(install_exec_creds);
-
 /*
  * determine how safe it is to execute the proposed program
  * - the caller must hold ->cred_guard_mutex to protect against

diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 8f479da..2a8fddf 100644 (file)
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -145,7 +145,6 @@ extern int transfer_args_to_stack(struct linux_binprm *bprm,
 extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);
 extern int copy_strings_kernel(int argc, const char *const *argv,
                               struct linux_binprm *bprm);
-extern void install_exec_creds(struct linux_binprm *bprm);
 extern void set_binfmt(struct linux_binfmt *new);
 extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t);
 

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 633b4ae..169449b 100644 (file)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -12217,7 +12217,7 @@ static void perf_event_exit_task_context(struct task_struct *child, int ctxn)
  * When a child task exits, feed back event values to parent events.
  *
  * Can be called with exec_update_mutex held when called from
- * install_exec_creds().
+ * setup_new_exec().
  */
 void perf_event_exit_task(struct task_struct *child)
 {