[Devel] [PATCH RHEL7 COMMIT] prctl: remove one-shot limitation for changing exe link

Konstantin Khorenko khorenko at virtuozzo.com
Thu May 19 02:52:14 PDT 2016 

The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.4
------>
commit ea7c692043f673f595823e7cbf4c0870ab724cea
Author: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Date:   Thu May 19 13:52:14 2016 +0400

    prctl: remove one-shot limitation for changing exe link
    
    This limitation come with unclear explanation.
    And what is even worse: it doesn't allow to fix up processes, running on NFS
    after restore, because one change of exe link has been done by criu already.
    
    https://jira.sw.ru/browse/PSBM-26967
    
    Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
    Acked-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
    
    khorenko@: this is to be pushed to mainsteam as well later, task for that:
    https://jira.sw.ru/browse/PSBM-47315
---
 include/linux/sched.h |  4 +++-
 kernel/sys.c          | 10 ----------
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/include/linux/sched.h b/include/linux/sched.h
index 328408c..21775a2 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -388,7 +388,9 @@ extern int get_dumpable(struct mm_struct *mm);
 					/* leave room for more dump flags */
 #define MMF_VM_MERGEABLE	16	/* KSM may merge identical pages */
 #define MMF_VM_HUGEPAGE		17	/* set when VM_HUGEPAGE is set on vma */
-#define MMF_EXE_FILE_CHANGED	18	/* see prctl_set_mm_exe_file() */
+/* This ine-shot flag is droped due to necessivity of changing exe once again
+ * on NFS restore */
+//#define MMF_EXE_FILE_CHANGED	18	/* see prctl_set_mm_exe_file() */
 
 #define MMF_HAS_UPROBES		19	/* has uprobes */
 #define MMF_RECALC_UPROBES	20	/* MMF_HAS_UPROBES can be wrong */
diff --git a/kernel/sys.c b/kernel/sys.c
index 5746c61..91bced5 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2084,16 +2084,6 @@ static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
 		fput(exe_file);
 	}
 
-	/*
-	 * The symlink can be changed only once, just to disallow arbitrary
-	 * transitions malicious software might bring in. This means one
-	 * could make a snapshot over all processes running and monitor
-	 * /proc/pid/exe changes to notice unusual activity if needed.
-	 */
-	err = -EPERM;
-	if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
-		goto exit;
-
 	err = 0;
 	/* set the new file, lockless */
 	get_file(exe.file);

More information about the Devel mailing list