Commit 12c1bf07 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] after exec_mmap(), exec cannot fail

If de_thread() fails in flush_old_exec() then we try to fail the execve().

That is a bad move, because exec_mmap() has already switched the current
process over to the new mm.  The new process is not yet sufficiently set up
to handle the error and the kernel doublefaults and dies.  exec_mmap() is the
point of no return.

Change flush_old_exec() to call de_thread() before running exec_mmap() so the
execing program sees the error.  I added fault injection to both de_thread()
and exec_mmap() - everything now survives OK.
parent e34b0f53
...@@ -760,16 +760,17 @@ int flush_old_exec(struct linux_binprm * bprm) ...@@ -760,16 +760,17 @@ int flush_old_exec(struct linux_binprm * bprm)
int i, ch, retval; int i, ch, retval;
/* /*
* Release all of the old mmap stuff * Make sure we have a private signal table and that
* we are unassociated from the previous thread group.
*/ */
retval = exec_mmap(bprm->mm); retval = de_thread(current);
if (retval) if (retval)
goto out; goto out;
/* /*
* Make sure we have a private signal table and that * Release all of the old mmap stuff
* we are unassociated from the previous thread group.
*/ */
retval = de_thread(current); retval = exec_mmap(bprm->mm);
if (retval) if (retval)
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment