From: Roland McGrath <roland@redhat.com>

Date: Wed, 8 Sep 2010 02:37:06 +0000 (-0700)

Subject: execve: make responsive to SIGKILL with large arguments

X-Git-Tag: v2.6.36-rc4~12

X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=9aea5a65aa7a1af9a4236dfaeb0088f1624f9919

execve: make responsive to SIGKILL with large arguments

An execve with a very large total of argument/environment strings

can take a really long time in the execve system call.  It runs

uninterruptibly to count and copy all the strings.  This change

makes it abort the exec quickly if sent a SIGKILL.

Note that this is the conservative change, to interrupt only for

SIGKILL, by using fatal_signal_pending().  It would be perfectly

correct semantics to let any signal interrupt the string-copying in

execve, i.e. use signal_pending() instead of fatal_signal_pending().

We'll save that change for later, since it could have user-visible

consequences, such as having a timer set too quickly make it so that

an execve can never complete, though it always happened to work before.

Signed-off-by: Roland McGrath <roland@redhat.com>

Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

---

diff --git a/fs/exec.c b/fs/exec.c

index 6f2d777..828dd24 100644

--- a/fs/exec.c

+++ b/fs/exec.c

@@ -376,6 +376,9 @@ static int count(const char __user * const __user * argv, int max)

 			argv++;

 			if (i++ >= max)

 				return -E2BIG;

+

+			if (fatal_signal_pending(current))

+				return -ERESTARTNOHAND;

 			cond_resched();

 		}

 	}

@@ -419,6 +422,10 @@ static int copy_strings(int argc, const char __user *const __user *argv,

 		while (len > 0) {

 			int offset, bytes_to_copy;

+			if (fatal_signal_pending(current)) {

+				ret = -ERESTARTNOHAND;

+				goto out;

+			}

 			cond_resched();

 			offset = pos % PAGE_SIZE;