Merge branch 'akpm' (Andrew's patch-bomb)
[~shefty/rdma-dev.git] / fs / exec.c
index b71b08ce71204824c7c66c8d101a7ebecdbb4db0..d8e1191cb112eb2d77154908a32699a06c4bda78 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1353,6 +1353,10 @@ int search_binary_handler(struct linux_binprm *bprm)
        struct linux_binfmt *fmt;
        pid_t old_pid, old_vpid;
 
+       /* This allows 4 levels of binfmt rewrites before failing hard. */
+       if (depth > 5)
+               return -ELOOP;
+
        retval = security_bprm_check(bprm);
        if (retval)
                return retval;
@@ -1377,12 +1381,8 @@ int search_binary_handler(struct linux_binprm *bprm)
                        if (!try_module_get(fmt->module))
                                continue;
                        read_unlock(&binfmt_lock);
+                       bprm->recursion_depth = depth + 1;
                        retval = fn(bprm);
-                       /*
-                        * Restore the depth counter to its starting value
-                        * in this call, so we don't have to rely on every
-                        * load_binary function to restore it on return.
-                        */
                        bprm->recursion_depth = depth;
                        if (retval >= 0) {
                                if (depth == 0) {