Bug 10856 - incorrect tracking of overwritten files of running processes in /proc/<pid>/
Summary: incorrect tracking of overwritten files of running processes in /proc/<pid>/
Status: RESOLVED WILL_NOT_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: VFS (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: fs_vfs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-04 13:57 UTC by Mike Frysinger
Modified: 2012-08-29 17:08 UTC (History)
4 users (show)

See Also:
Kernel Version: 2.6.25
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Mike Frysinger 2008-06-04 13:57:03 UTC 
as reported a while ago here: http://lkml.org/lkml/2007/6/6/512

looking at a simple program:
int main()
{
  if (fork()) return 0;
  printf("pid = %i\n", getpid());
  while (1) sleep(3600);
}
and where my / and /var/tmp are on the same partition:

# gcc test.c -o /usr/sbin/MOO
# /usr/sbin/MOO
pid = 17144
# readlink /proc/17144/exe
/usr/sbin/MOO

# gcc test.c -o /var/tmp/MOO
# mv /var/tmp/MOO /usr/sbin/MOO
# readlink /proc/17144/exe
/var/tmp/MOO (deleted)

i feel like the new exe link should actually read:
/usr/sbin/MOO (deleted)
otherwise people can easily get confused as they think their daemon was started in /var/tmp/ and their machine was compromised

while this example shows /proc/<pid>/exe, the same issue can be seen with the maps file and shared libraries.  a quick check on many systems by doing:
grep '(deleted)' /proc/*/maps
Comment 1 Andrew Morton 2008-06-04 14:04:31 UTC 
That's weird.  Might be hard to fix, I suspect.

Maybe Alexey has time to have a think about it?
Comment 2 Eric W. Biederman 2008-06-04 20:00:30 UTC 
bugme-daemon@bugzilla.kernel.org writes:

> http://bugzilla.kernel.org/show_bug.cgi?id=10856
>
>
> akpm@osdl.org changed:
>
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>                  CC|                            |akpm@osdl.org,
>                    |                            |ebiederm@xmission.com,
>                    |                            |adobriyan@gmail.com
>
>
>
>
> ------- Comment #1 from akpm@osdl.org  2008-06-04 14:04 -------
> That's weird.  Might be hard to fix, I suspect.
>
> Maybe Alexey has time to have a think about it?

The issue has everything to do with how d_move is implemented.
/proc/ itself is fine.

At first glance it appears this will require some serious
surgery in d_move, to fix.

Eric
Comment 3 Mike Frysinger 2012-05-21 17:20:20 UTC 
don't know why this was closed ... issue (as documented in summary) is still reproducible with a 3.4-rc6 kernel
Comment 4 Alan 2012-05-21 18:45:11 UTC 
Because reading through the threads beyond it there was no consensus it was even a bug, no agreement what should happen and no plan to fix it.

And its now four years later, so its both ABI and obsolete.

Make sense ?
Comment 5 Alan 2012-08-29 17:08:43 UTC 
It's very very hard to fix, and not worth the effort or impact on real code paths that actually get used

if you think otherwise - send patches to the vfs list!
Note You need to log in before you can comment on or make changes to this bug.