Date: Sat, 15 Jun 2002 05:02:44 -0700 (PDT) From: Peter Edwards <pmedwards@eircom.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/39326: execve() for ELF exe drops VTEXT when re-execing the current executable Message-ID: <200206151202.g5FC2ijv048554@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 39326
>Category: misc
>Synopsis: execve() for ELF exe drops VTEXT when re-execing the current executable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jun 15 05:10:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Peter Edwards
>Release: -STABLE at 4.6 -prerelease
>Organization:
>Environment:
FreeBSD rocklobster 4.6-RC FreeBSD 4.6-RC #17: Sat Jun 15 12:13:08 IST 2002 petere@rocklobster:/a/archie/host/pub/FreeBSD/stable/src/sys/compile/ROCKLOBSTER i386
>Description:
exec_elf_imgact() sets the VTEXT flag on the vnode that is being
loaded to stop it being changed while the kernel is setting up the
process with it. This is done before the call to
exec_new_vmspace(). If a running process execs the same executable
that it is currently running, the exec_new_vmspace() can eventually
end up deallocating the underlying pager for the vnode, via
vm_object_vndeallocate, which is where the VTEXT flag is stored.
The fix seems trivial. The intent of VTEXT is to stop the image
changing once the kernel starts to peer into it, but that only
happens _after_ the exec_new_vmspace(), anyway, so the setting of
VTEXT is just a little premature.
> simple_lock(&imgp->vp->v_interlock);
> imgp->vp->v_flag |= VTEXT;
> simple_unlock(&imgp->vp->v_interlock);
>How-To-Repeat:
petere@rocklobster$ cat > exectest.c << +++
> #include <sys/types.h>
> #include <err.h>
> #include <signal.h>
> #include <stdio.h>
> #include <unistd.h>
>
>
> void interrupt(int sig) { }
>
> int main(int argc, char *argv[])
> {
> struct sigaction sa;
>
> sigemptyset(&sa.sa_mask);
> sa.sa_handler = interrupt;
> sa.sa_flags = 0;
> sigaction(SIGINT, &sa, 0);
>
> if (argc != 2)
> errx(-1, "usage: %s <executable>", argv[0]);
>
> pause();
> fprintf(stderr, "exec...\n");
> if (execve(argv[1], argv, 0) == -1)
> err(-1, "...failed \n");
> return 0;
> }
> +++
petere@rocklobster$ make exectest
cc -O -pipe exectest.c -o exectest
petere@rocklobster$ ./exectest ./exectest&
[1] 1045
petere@rocklobster$ true > ./exectest
bash: ./exectest: Text file busy
petere@rocklobster$ kill -INT 1045
exec...
petere@rocklobster$ true > ./exectest
petere@rocklobster$
>Fix:
diff -u -r1.73.2.9 imgact_elf.c
--- imgact_elf.c 16 Dec 2001 18:26:16 -0000 1.73.2.9
+++ imgact_elf.c 15 Jun 2002 11:12:12 -0000
@@ -492,6 +492,11 @@
* From this point on, we may have resources that need to be freed.
*/
+ if ((error = exec_extract_strings(imgp)) != 0)
+ goto fail;
+
+ exec_new_vmspace(imgp);
+
/*
* Yeah, I'm paranoid. There is every reason in the world to get
* VTEXT now since from here on out, there are places we can have
@@ -501,11 +506,6 @@
simple_lock(&imgp->vp->v_interlock);
imgp->vp->v_flag |= VTEXT;
simple_unlock(&imgp->vp->v_interlock);
-
- if ((error = exec_extract_strings(imgp)) != 0)
- goto fail;
-
- exec_new_vmspace(imgp);
vmspace = imgp->proc->p_vmspace;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206151202.g5FC2ijv048554>