On Sun, 7 Sep 2014 09:56:08 +0200
Mateusz Guzik <mguzik@xxxxxxxxxx> wrote:
> On Sat, Sep 06, 2014 at 11:44:32PM +0200, Piotr Karbowski wrote:
> > Hi,
> >
> > Starting with kernel 3.15 the 'exe' symlink under /proc/<pid>/ acts diffrent
> > than it used to in all the pre-3.15 kernels.
> >
> > The usecase:
> >
> > run /root/testbin (app that just sleeps)
> > cp /root/testbin /root/testbin.new
> > mv /root/testbin.new /root/testbin
> > ls -al /proc/`pidof testbin`/exe
> >
> > <=3.14: /root/testbin (deleted)
> > >=3.15: /root/testbin.new (deleted)
> >
> > Was the change intentional? It does render my system unusable and I failed
> > to find a information about such change in the ChangeLog.
> >
>
> It looks like this was already broken for "long" (> DNAME_INLINE_LEN)
> names.
>
> Short names share the problem since da1ce0670c14d8 "vfs: add
> cross-rename".
>
> The following change to switch_names is the culprit:
>
> - memcpy(dentry->d_iname, target->d_name.name,
> - target->d_name.len + 1);
> - dentry->d_name.len = target->d_name.len;
> - return;
> + unsigned int i;
> + BUILD_BUG_ON(!IS_ALIGNED(DNAME_INLINE_LEN, sizeof(long)));
> + for (i = 0; i < DNAME_INLINE_LEN / sizeof(long); i++) {
> + swap(((long *) &dentry->d_iname)[i],
> + ((long *) &target->d_iname)[i]);
> + }
>
>
> Dentries can have names from embedded structure or from an external buffer.
>
> If you take a look around you will see the code just swaps pointers for
> "both external" case. But this results in the same behavoiur you are seeing.
>
Looks like the real problem here is that __d_materialise_dentry() needs the
old behavior of switch_names() . At least that's how it got fixed in grsecurity.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
