android_kernel_xiaomi_sm8350/fs
Pavel Emelyanov 3a2e7f47d7 binfmt_misc.c: avoid potential kernel stack overflow
This can be triggered with root help only, but...

Register the ":text:E::txt::/root/cat.txt:' rule in binfmt_misc (by root) and
try launching the cat.txt file (by anyone) :) The result is - the endless
recursion in the load_misc_binary -> open_exec -> load_misc_binary chain and
stack overflow.

There's a similar problem with binfmt_script, and there's a sh_bang memner on
linux_binprm structure to handle this, but simply raising this in binfmt_misc
may break some setups when the interpreter of some misc binaries is a script.

So the proposal is to turn sh_bang into a bit, add a new one (the misc_bang)
and raise it in load_misc_binary.  After this, even if we set up the misc ->
script -> misc loop for binfmts one of them will step on its own bang and
exit.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 08:06:04 -07:00
..
9p [PATCH] restore sane ->umount_begin() API 2008-04-25 09:23:25 -04:00
adfs adfs: work around bogus sparse warning 2008-04-29 08:05:59 -07:00
affs fs/affs/file.c: use BUG_ON 2008-04-29 08:06:02 -07:00
afs
autofs
autofs4 autofs4: fix sparse warning in root.c 2008-04-29 08:06:01 -07:00
befs befs: fix sparse warning in linuxvfs.c 2008-04-29 08:05:59 -07:00
bfs
cifs [PATCH] restore sane ->umount_begin() API 2008-04-25 09:23:25 -04:00
coda codafs: fix build warning 2008-04-29 08:06:04 -07:00
configfs
cramfs fs: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:16:44 -04:00
debugfs
devpts
dlm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm 2008-04-22 13:44:23 -07:00
ecryptfs
efs
exportfs
ext2 ext2: retry block allocation if new blocks are allocated from system zone 2008-04-28 08:58:43 -07:00
ext3 ext3: replace remaining __FUNCTION__ occurrences 2008-04-28 08:58:45 -07:00
ext4 quota: ext4: make ext4 handle quotaon on remount 2008-04-28 08:58:33 -07:00
fat fatfs: fix build warning with 64k PAGE_SIZE 2008-04-28 08:58:47 -07:00
freevxfs fs/freevxfs/: proper externs 2008-04-29 08:06:00 -07:00
fuse [PATCH] restore sane ->umount_begin() API 2008-04-25 09:23:25 -04:00
gfs2 mm: remove nopage 2008-04-28 08:58:18 -07:00
hfs hfs: handle match_strdup failure 2008-04-29 08:06:01 -07:00
hfsplus hfsplus: handle match_strdup failure 2008-04-29 08:06:02 -07:00
hostfs
hpfs
hppfs
hugetlbfs mempolicy: use struct mempolicy pointer in shmem_sb_info 2008-04-28 08:58:25 -07:00
isofs
jbd jbd: replace remaining __FUNCTION__ occurrences 2008-04-28 08:58:45 -07:00
jbd2
jffs2 [JFFS2] Introduce dbg_readinode2 log level, use it to shut read_dnode() up 2008-04-23 16:43:15 +01:00
jfs [PATCH] r/o bind mounts: elevate write count for ioctls() 2008-04-19 00:29:24 -04:00
lockd locks: don't call ->copy_lock methods on return of conflicting locks 2008-04-25 13:00:11 -04:00
minix
msdos fat: fat_notify_change() and check_mode() cleanup 2008-04-28 08:58:47 -07:00
ncpfs ncpfs: fix sparse warning in ncpsign_kernel.c 2008-04-28 08:58:29 -07:00
nfs [PATCH] restore sane ->umount_begin() API 2008-04-25 09:23:25 -04:00
nfs_common
nfsd nfsd: don't allow setting ctime over v4 2008-04-25 13:00:11 -04:00
nls
ntfs
ocfs2 [PATCH] r/o bind mounts: elevate write count for ioctls() 2008-04-19 00:29:24 -04:00
openpromfs
partitions fat: detect media without partition table correctly 2008-04-28 08:58:47 -07:00
proc smaps: account swap entries 2008-04-28 08:58:22 -07:00
qnx4
ramfs fs/ramfs/ extern cleanup 2008-04-29 08:06:00 -07:00
reiserfs reiserfs: unpack tails on quota files 2008-04-28 08:58:46 -07:00
romfs
smbfs
sysfs [SCSI] sysfs: make group is_valid return a mode_t 2008-04-22 15:16:31 -05:00
sysv
udf udf: fix sparse warning in namei.c 2008-04-28 08:58:46 -07:00
ufs ufs: replace __inline with inline 2008-04-28 08:58:45 -07:00
vfat fat: use __getname() 2008-04-28 08:58:47 -07:00
xfs Merge branch 'semaphore' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-04-21 15:41:27 -07:00
aio.c fs/aio.c: make 3 functions static 2008-04-29 08:06:00 -07:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c [PATCH] sanitize handling of shared descriptor tables in failing execve() 2008-04-25 09:23:53 -04:00
binfmt_em86.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_flat.c make BINFMT_FLAT a bool 2008-04-29 08:06:01 -07:00
binfmt_misc.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_script.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_som.c [PATCH] sanitize handling of shared descriptor tables in failing execve() 2008-04-25 09:23:53 -04:00
bio.c block: convert bio_copy_user to bio_copy_user_iov 2008-04-21 09:50:08 +02:00
block_dev.c
buffer.c make fs/buffer.c:cont_expand_zero() static 2008-04-29 08:06:01 -07:00
char_dev.c fs: remove unused fops from struct char_device_struct 2008-04-29 08:06:01 -07:00
compat_binfmt_elf.c
compat_ioctl.c
compat.c
dcache.c [patch 2/7] vfs: mountinfo: add seq_file_root() 2008-04-23 00:04:38 -04:00
dcookies.c
direct-io.c
dnotify.c
dquot.c quota: quota core changes for quotaon on remount 2008-04-28 08:58:33 -07:00
drop_caches.c fs/drop_caches.c: make 2 functions static 2008-04-29 08:06:00 -07:00
eventfd.c
eventpoll.c epoll: avoid kmemcheck warning 2008-04-29 08:05:59 -07:00
exec.c exec: remove argv_len from struct linux_binprm 2008-04-29 08:06:03 -07:00
fcntl.c [PATCH] sanitize locate_fd() 2008-04-25 09:24:05 -04:00
fifo.c
file_table.c [PATCH] r/o bind mounts: debugging for missed calls 2008-04-19 00:29:28 -04:00
file.c
filesystems.c
fs-writeback.c fs/fs-writeback.c: make 2 functions static 2008-04-29 08:06:00 -07:00
generic_acl.c
inode.c [PATCH] r/o bind mounts: write count for file_update_time() 2008-04-19 00:29:24 -04:00
inotify_user.c
inotify.c
internal.h [PATCH] move a bunch of declarations to fs/internal.h 2008-04-21 23:11:01 -04:00
ioctl.c make vfs_ioctl() static 2008-04-29 08:06:00 -07:00
ioprio.c
Kconfig Merge git://git.linux-nfs.org/projects/trondmy/nfs-2.6 2008-04-24 11:46:16 -07:00
Kconfig.binfmt make BINFMT_FLAT a bool 2008-04-29 08:06:01 -07:00
libfs.c
locks.c Export __locks_copy_lock() so modular lockd builds 2008-04-25 15:49:46 -07:00
Makefile
mbcache.c
mpage.c
namei.c [PATCH] r/o bind mounts: elevate write count for open()s 2008-04-19 00:29:25 -04:00
namespace.c quota: remove superfluous DQUOT_OFF() in fs/namespace.c 2008-04-28 08:58:33 -07:00
nfsctl.c
no-block.c
open.c xip: support non-struct page backed memory 2008-04-28 08:58:23 -07:00
pipe.c [PATCH] double-free of inode on alloc_file() failure exit in create_write_pipe() 2008-04-22 19:54:57 -04:00
pnode.c [patch 7/7] vfs: mountinfo: show dominating group id 2008-04-23 00:05:09 -04:00
pnode.h [patch 7/7] vfs: mountinfo: show dominating group id 2008-04-23 00:05:09 -04:00
posix_acl.c
quota_v1.c quota: do not allow setting of quota limits to too high values 2008-04-28 08:58:32 -07:00
quota_v2.c quota: do not allow setting of quota limits to too high values 2008-04-28 08:58:32 -07:00
quota.c quota: quota core changes for quotaon on remount 2008-04-28 08:58:33 -07:00
read_write.c fs: use loff_t type instead of long long 2008-04-22 15:17:11 -07:00
read_write.h
readdir.c
select.c trivial: small cleanups 2008-04-21 22:15:06 +00:00
seq_file.c [patch 2/7] vfs: mountinfo: add seq_file_root() 2008-04-23 00:04:38 -04:00
signalfd.c
splice.c
stack.c
stat.c
super.c make __put_super() static 2008-04-29 08:06:00 -07:00
sync.c
timerfd.c fs/timerfd.c should #include <linux/syscalls.h> 2008-04-29 08:06:01 -07:00
utimes.c [PATCH] r/o bind mounts: elevate write count for do_utimes() 2008-04-19 00:29:24 -04:00
xattr_acl.c
xattr.c [PATCH] remove unused label in xattr.c (noise from ro-bind) 2008-04-23 00:04:04 -04:00