• Nick Piggin's avatar
    exec: fix remove_arg_zero · 4fc75ff4
    Nick Piggin authored
    Petr Tesarik discovered a problem in remove_arg_zero(). He writes:
    
     When a script is loaded, load_script() replaces argv[0] with the
     name of the interpreter and the filename passed to the exec syscall.
     However, there is no guarantee that the length of the interpreter
     name plus the length of the filename is greater than the length of
     the original argv[0]. If the difference happens to cross a page boundary,
     setup_arg_pages() will call put_dirty_page() [aka install_arg_page()]
     with an address outside the VMA.
    
     Therefore, remove_arg_zero() must free all pages which would be unused
     after the argument is removed.
    
    So, rewrite the remove_arg_zero function without gotos, with a few comments,
    and with the commonly used explicit index/offset. This fixes the problem
    and makes it easier to understand as well.
    
    [a.p.zijlstra@chello.nl: add comment]
    Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
    Cc: Petr Tesarik <ptesarik@suse.cz>
    Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    4fc75ff4
exec.c 35.5 KB