[PATCH 7/7] exec: Implement kernel_execve
Eric W. Biederman
ebiederm at xmission.com
Wed Jul 15 18:23:11 UTC 2020
Christoph Hellwig <hch at infradead.org> writes:
>> +static int count_strings_kernel(const char *const *argv)
>> +{
>> + int i;
>> +
>> + if (!argv)
>> + return 0;
>> +
>> + for (i = 0; argv[i]; ++i) {
>> + if (i >= MAX_ARG_STRINGS)
>> + return -E2BIG;
>> + if (fatal_signal_pending(current))
>> + return -ERESTARTNOHAND;
>> + cond_resched();
>
> I don't think we need a fatal_signal_pending and cond_resched() is
> needed in each step given that we don't actually do anything.
If we have a MAX_ARG_STRINGS sized argv passed in, that is 2^31
iterations of the loop. A processor at 2Ghz performs roughly 2^31
cycles per second. So this loop has the potential to run for an entire
second. That is long enough to need fatal_signal_pending() and
cond_resched checks.
In practice I don't think we have any argv arrays anywhere near that big
passed in from the kernel. However removing the logic that accounts for
long running loops is best handled as a separate change so that people
will analyze the patch based on that criterian, and so that in the
highly unlikely even something goes wrong people have a nice commit
to bisect things to.
Eric
More information about the Linux-security-module-archive
mailing list