• Andrea Arcangeli's avatar
    fs/exec: fix use after free in execve · 4cc46ead
    Andrea Arcangeli authored
    "file" can be already freed if bprm->file is NULL after
    search_binary_handler() return. binfmt_script will do exactly that for
    example. If the VM reuses the file after fput run(), this will result in
    a use ater free.
    
    So obtain d_is_su before search_binary_handler() runs.
    
    This should explain this crash:
    
    [25333.009554] Unable to handle kernel NULL pointer dereference at virtual address 00000185
    [..]
    [25333.009918] [2:             am:21861] PC is at do_execve+0x354/0x474
    
    Change-Id: I2a8a814d1c0aa75625be83cb30432cf13f1a0681
    Signed-off-by: 's avatarKevin F. Haggerty <haggertk@lineageos.org>
    4cc46ead
Name
Last commit
Last update
Documentation Loading commit data...
android/configs Loading commit data...
arch Loading commit data...
block Loading commit data...
chromeos Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt/kvm Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
NVIDIA-REVIEWERS Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...
commits Loading commit data...