[BUG] rename() from outside of the target dir breaks /proc exe symlink.

[Piotr Karbowski <piotr.karbowski@gmail.com>]

Hi,

There's something wrong about exe symlink that can be found insde 
/proc/<pid>/ directories. When the running binary is replaced with 
another, using rename() call, the symlink may point to wrong path.

As example let me use sshd. I have running sshd from /usr/sbin. If I 
replace /usr/sbin/sshd one could expect to see exe symlink pointing to 
'/usr/sbin/sshd (deleted)', it does work this way if the source of 
rename() was in the same directory or nested within, thus rename like:

rename("/usr/sbin/foo", "/usr/sbin/sshd")

and

rename("/usr/sbin/bar/sshd", "/usr/sbin/sshd")

ends with a proper '/usr/sbin/sshd (deleted)' symlink.

if however the source was outside of the target directory, the symlink 
will point to the source path of rename() calls with 'deleted' sufix.

Here's example:

sbin # for i in `pidof sshd`; do ls -l /proc/$i/exe; done
lrwxrwxrwx 1 root root 0 Dec 27 18:09 /proc/29047/exe -> /usr/sbin/sshd

sbin # cp sshd /root/foo

sbin # strace -f perl -e 'rename("/root/foo", "/usr/sbin/sshd")' 2>&1 | 
grep sshd
rename("/root/foo", "/usr/sbin/sshd")   = 0

sbin # for i in `pidof sshd`; do ls -l /proc/$i/exe; done
lrwxrwxrwx 1 root root 0 Dec 27 18:09 /proc/29047/exe -> /root/sshd 
(deleted)

I am unable to find kernel version where it worked as one could presume 
thus I cannot offer to bisect commits to find the bad one.

The environment was kernel 3.17.4 x86_64 and the filesystem ext4.

-- Piotr.