If de_thread() fails then we try to fail the execve().  That is a bad move,
because exec_mmap() has already switched the current process over to the new
mm.  exec_mmap() really is the point of no return.

Change it to call de_thread() before running exec_mmap().  


 fs/exec.c |   13 +++++++------
 1 files changed, 7 insertions(+), 6 deletions(-)

diff -puN fs/exec.c~exec_mmap-is-the-point-of-no-return fs/exec.c
--- 25/fs/exec.c~exec_mmap-is-the-point-of-no-return	2003-06-30 21:52:08.000000000 -0700
+++ 25-akpm/fs/exec.c	2003-06-30 21:52:26.000000000 -0700
@@ -758,12 +758,6 @@ int flush_old_exec(struct linux_binprm *
 	char * name;
 	int i, ch, retval;
 
-	/* 
-	 * Release all of the old mmap stuff
-	 */
-	retval = exec_mmap(bprm->mm);
-	if (retval)
-		goto out;
 	/*
 	 * Make sure we have a private signal table and that
 	 * we are unassociated from the previous thread group.
@@ -772,6 +766,13 @@ int flush_old_exec(struct linux_binprm *
 	if (retval)
 		goto out;
 
+	/* 
+	 * Release all of the old mmap stuff
+	 */
+	retval = exec_mmap(bprm->mm);
+	if (retval)
+		goto out;
+
 	/* This is the point of no return */
 
 	current->sas_ss_sp = current->sas_ss_size = 0;

_