--- /dev/null
+From 76595f79d76fbe6267a51b3a866a028d150f06d4 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Fri, 5 Mar 2010 13:44:16 -0800
+Subject: coredump: suppress uid comparison test if core output files are pipes
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+commit 76595f79d76fbe6267a51b3a866a028d150f06d4 upstream.
+
+Modify uid check in do_coredump so as to not apply it in the case of
+pipes.
+
+This just got noticed in testing. The end of do_coredump validates the
+uid of the inode for the created file against the uid of the crashing
+process to ensure that no one can pre-create a core file with different
+ownership and grab the information contained in the core when they
+shouldn' tbe able to. This causes failures when using pipes for a core
+dumps if the crashing process is not root, which is the uid of the pipe
+when it is created.
+
+The fix is simple. Since the check for matching uid's isn't relevant for
+pipes (a process can't create a pipe that the uermodehelper code will open
+anyway), we can just just skip it in the event ispipe is non-zero
+
+Reverts a pipe-affecting change which was accidentally made in
+
+: commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
+: Author: Ingo Molnar <mingo@elte.hu>
+: AuthorDate: Wed Nov 28 13:59:18 2007 +0100
+: Commit: Linus Torvalds <torvalds@woody.linux-foundation.org>
+: CommitDate: Wed Nov 28 10:58:01 2007 -0800
+:
+: vfs: coredumping fix
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Cc: Andi Kleen <andi@firstfloor.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: maximilian attems <max@stro.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/exec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1861,8 +1861,9 @@ void do_coredump(long signr, int exit_co
+ /*
+ * Dont allow local users get cute and trick others to coredump
+ * into their pre-created files:
++ * Note, this is not relevant for pipes
+ */
+- if (inode->i_uid != current_fsuid())
++ if (!ispipe && (inode->i_uid != current_fsuid()))
+ goto close_fail;
+ if (!file->f_op)
+ goto close_fail;
--- /dev/null
+From 19f48cb105b7fa18d0dcab435919a3a29b7a7c4c Mon Sep 17 00:00:00 2001
+From: Francesco Lavra <francescolavra@interfree.it>
+Date: Thu, 31 Dec 2009 08:47:11 -0300
+Subject: V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()
+
+From: Francesco Lavra <francescolavra@interfree.it>
+
+commit 19f48cb105b7fa18d0dcab435919a3a29b7a7c4c upstream.
+
+this patch fixes a memory leak which occurs when an em28xx card with DVB
+extension is unplugged or its DVB extension driver is unloaded. In
+dvb_fini(), dev->dvb must be freed before being set to NULL, as is done
+in dvb_init() in case of error.
+Note that this bug is also present in the latest stable kernel release.
+
+Signed-off-by: Francesco Lavra <francescolavra@interfree.it>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/em28xx/em28xx-dvb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/media/video/em28xx/em28xx-dvb.c
++++ b/drivers/media/video/em28xx/em28xx-dvb.c
+@@ -591,6 +591,7 @@ static int dvb_fini(struct em28xx *dev)
+
+ if (dev->dvb) {
+ unregister_dvb(dev->dvb);
++ kfree(dev->dvb);
+ dev->dvb = NULL;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
