Linux 3.8.8

[thirdparty/kernel/stable-queue.git] / releases / 3.8.8 / ipc-set-msg-back-to-eagain-if-copy-wasn-t-performed.patch

diff --git a/releases/3.8.8/ipc-set-msg-back-to-eagain-if-copy-wasn-t-performed.patch b/releases/3.8.8/ipc-set-msg-back-to-eagain-if-copy-wasn-t-performed.patch
new file mode 100644 (file)
index 0000000..97a2419
--- /dev/null
+++ b/releases/3.8.8/ipc-set-msg-back-to-eagain-if-copy-wasn-t-performed.patch
@@ -0,0 +1,35 @@
+From 2dc958fa2fe6987e7ab106bd97029a09a82fcd8d Mon Sep 17 00:00:00 2001
+From: Stanislav Kinsbursky <skinsbursky@parallels.com>
+Date: Mon, 1 Apr 2013 11:40:51 +0400
+Subject: ipc: set msg back to -EAGAIN if copy wasn't performed
+
+From: Stanislav Kinsbursky <skinsbursky@parallels.com>
+
+commit 2dc958fa2fe6987e7ab106bd97029a09a82fcd8d upstream.
+
+Make sure that msg pointer is set back to error value in case of
+MSG_COPY flag is set and desired message to copy wasn't found.  This
+garantees that msg is either a error pointer or a copy address.
+
+Otherwise the last message in queue will be freed without unlinking from
+the queue (which leads to memory corruption) and the dummy allocated
+copy won't be released.
+
+Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ ipc/msg.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/ipc/msg.c
++++ b/ipc/msg.c
+@@ -872,6 +872,7 @@ long do_msgrcv(int msqid, void __user *b
+                                                       goto out_unlock;
+                                               break;
+                                       }
++                                      msg = ERR_PTR(-EAGAIN);
+                               } else
+                                       break;
+                               msg_counter++;