Commit 12c1bf07 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] after exec_mmap(), exec cannot fail

If de_thread() fails in flush_old_exec() then we try to fail the execve().

That is a bad move, because exec_mmap() has already switched the current
process over to the new mm.  The new process is not yet sufficiently set up
to handle the error and the kernel doublefaults and dies.  exec_mmap() is the
point of no return.

Change flush_old_exec() to call de_thread() before running exec_mmap() so the
execing program sees the error.  I added fault injection to both de_thread()
and exec_mmap() - everything now survives OK.
parent e34b0f53
...@@ -759,12 +759,6 @@ int flush_old_exec(struct linux_binprm * bprm) ...@@ -759,12 +759,6 @@ int flush_old_exec(struct linux_binprm * bprm)
char * name; char * name;
int i, ch, retval; int i, ch, retval;
/*
* Release all of the old mmap stuff
*/
retval = exec_mmap(bprm->mm);
if (retval)
goto out;
/* /*
* Make sure we have a private signal table and that * Make sure we have a private signal table and that
* we are unassociated from the previous thread group. * we are unassociated from the previous thread group.
...@@ -773,6 +767,13 @@ int flush_old_exec(struct linux_binprm * bprm) ...@@ -773,6 +767,13 @@ int flush_old_exec(struct linux_binprm * bprm)
if (retval) if (retval)
goto out; goto out;
/*
* Release all of the old mmap stuff
*/
retval = exec_mmap(bprm->mm);
if (retval)
goto out;
bprm->mm = NULL; /* We're using it now */ bprm->mm = NULL; /* We're using it now */
/* This is the point of no return */ /* This is the point of no return */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment