[PATCH] binfmt_elf: fix return value in case of interpreter load failure

[Matthieu CASTET]

The current code return the address instead of using PTR_ERR.

Also the check is done after adding e_entry. This can cause weird behaviour
because -errno + loc->interp_elf_ex.e_entry can produce a valid address.

Add a check to test load error before adding entry address. Also in this
case send SIGKILL instead of SIGSEGV to match what is done when loading binary.

Signed-off-by: Matthieu CASTET <matthieu.castet@xxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
 fs/binfmt_elf.c |   21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 3939829..8397f80 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -900,18 +900,21 @@ static int load_elf_binary(struct linux_binprm *bprm)
 					    interpreter,
 					    &interp_map_addr,
 					    load_bias);
-		if (!IS_ERR((void *)elf_entry)) {
-			/*
-			 * load_elf_interp() returns relocation
-			 * adjustment
-			 */
-			interp_load_addr = elf_entry;
-			elf_entry += loc->interp_elf_ex.e_entry;
+		if (BAD_ADDR(elf_entry)) {
+			force_sig(SIGKILL, current);
+			retval = IS_ERR((void *)elf_entry) ?
+					PTR_ERR((void *)elf_entry) : -EINVAL;
+			goto out_free_dentry;
 		}
+		/*
+		 * load_elf_interp() returns relocation
+		 * adjustment
+		 */
+		interp_load_addr = elf_entry;
+		elf_entry += loc->interp_elf_ex.e_entry;
 		if (BAD_ADDR(elf_entry)) {
 			force_sig(SIGSEGV, current);
-			retval = IS_ERR((void *)elf_entry) ?
-					(int)elf_entry : -EINVAL;
+			retval = -EINVAL;
 			goto out_free_dentry;
 		}
 		reloc_func_desc = interp_load_addr;
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/