• Andrew Morton's avatar
    [PATCH] fix double mmdrop() on exec path · 610a61e0
    Andrew Morton authored
    If load_elf_binary() (and the other binary handlers) fail after
    flush_old_exec() (for example, in setup_arg_pages()) then do_execve() will go
    through and do mmdrop(bprm.mm).
    
    But bprm.mm is now current->mm.  We've just freed the current process's mm.
    The kernel dies in a most ghastly manner.
    
    Fix that up by nulling out bprm.mm in flush_old_exec(), at the point where we
    consumed the mm.  Handle the null pointer in the do_execve() error path.
    
    Also: don't open-code free_arg_pages() in do_execve(): call it instead.
    610a61e0
exec.c 30 KB