--- /dev/null
+From tony.luck@intel.com Mon Jun 20 20:53:10 2005
+Subject: [PATCH] ia64 ptrace + sigrestore_context (CAN-2005-1761)
+Date: Mon, 20 Jun 2005 20:53:01 -0700
+From: "Luck, Tony" <tony.luck@intel.com>
+To: "Chris Wright" <chrisw@osdl.org>, "Greg KH" <greg@kroah.com>
+
+From: Matthew Chapman <matthewc@hp.com>
+
+This patch fixes handling of accesses to ar.rsc via ptrace &
+restore_sigcontext
+
+Signed-off-by: Matthew Chapman <matthewc@hp.com>
+Acked-by: David Mosberger <davidm@hpl.hp.com>
+Acked-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+Index: arch/ia64/kernel/ptrace.c
+===================================================================
+--- 944bb3e49bfc40387c70686a68c4b90c7edf4549/arch/ia64/kernel/ptrace.c (mode:100644)
++++ uncommitted/arch/ia64/kernel/ptrace.c (mode:100644)
+@@ -945,6 +945,13 @@
+ *data = (pt->cr_ipsr & IPSR_MASK);
+ return 0;
+
++ case PT_AR_RSC:
++ if (write_access)
++ pt->ar_rsc = *data | (3 << 2); /* force PL3 */
++ else
++ *data = pt->ar_rsc;
++ return 0;
++
+ case PT_AR_RNAT:
+ urbs_end = ia64_get_user_rbs_end(child, pt, NULL);
+ rnat_addr = (long) ia64_rse_rnat_addr((long *)
+@@ -996,9 +1003,6 @@
+ case PT_AR_BSPSTORE:
+ ptr = pt_reg_addr(pt, ar_bspstore);
+ break;
+- case PT_AR_RSC:
+- ptr = pt_reg_addr(pt, ar_rsc);
+- break;
+ case PT_AR_UNAT:
+ ptr = pt_reg_addr(pt, ar_unat);
+ break;
+@@ -1234,7 +1238,7 @@
+ static long
+ ptrace_setregs (struct task_struct *child, struct pt_all_user_regs __user *ppr)
+ {
+- unsigned long psr, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
++ unsigned long psr, rsc, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
+ struct unw_frame_info info;
+ struct switch_stack *sw;
+ struct ia64_fpreg fpval;
+@@ -1267,7 +1271,7 @@
+ /* app regs */
+
+ retval |= __get_user(pt->ar_pfs, &ppr->ar[PT_AUR_PFS]);
+- retval |= __get_user(pt->ar_rsc, &ppr->ar[PT_AUR_RSC]);
++ retval |= __get_user(rsc, &ppr->ar[PT_AUR_RSC]);
+ retval |= __get_user(pt->ar_bspstore, &ppr->ar[PT_AUR_BSPSTORE]);
+ retval |= __get_user(pt->ar_unat, &ppr->ar[PT_AUR_UNAT]);
+ retval |= __get_user(pt->ar_ccv, &ppr->ar[PT_AUR_CCV]);
+@@ -1365,6 +1369,7 @@
+ retval |= __get_user(nat_bits, &ppr->nat);
+
+ retval |= access_uarea(child, PT_CR_IPSR, &psr, 1);
++ retval |= access_uarea(child, PT_AR_RSC, &rsc, 1);
+ retval |= access_uarea(child, PT_AR_EC, &ec, 1);
+ retval |= access_uarea(child, PT_AR_LC, &lc, 1);
+ retval |= access_uarea(child, PT_AR_RNAT, &rnat, 1);
+Index: arch/ia64/kernel/signal.c
+===================================================================
+--- 944bb3e49bfc40387c70686a68c4b90c7edf4549/arch/ia64/kernel/signal.c (mode:100644)
++++ uncommitted/arch/ia64/kernel/signal.c (mode:100644)
+@@ -94,7 +94,7 @@
+ static long
+ restore_sigcontext (struct sigcontext __user *sc, struct sigscratch *scr)
+ {
+- unsigned long ip, flags, nat, um, cfm;
++ unsigned long ip, flags, nat, um, cfm, rsc;
+ long err;
+
+ /* Always make any pending restarted system calls return -EINTR */
+@@ -106,7 +106,7 @@
+ err |= __get_user(ip, &sc->sc_ip); /* instruction pointer */
+ err |= __get_user(cfm, &sc->sc_cfm);
+ err |= __get_user(um, &sc->sc_um); /* user mask */
+- err |= __get_user(scr->pt.ar_rsc, &sc->sc_ar_rsc);
++ err |= __get_user(rsc, &sc->sc_ar_rsc);
+ err |= __get_user(scr->pt.ar_unat, &sc->sc_ar_unat);
+ err |= __get_user(scr->pt.ar_fpsr, &sc->sc_ar_fpsr);
+ err |= __get_user(scr->pt.ar_pfs, &sc->sc_ar_pfs);
+@@ -119,6 +119,7 @@
+ err |= __copy_from_user(&scr->pt.r15, &sc->sc_gr[15], 8); /* r15 */
+
+ scr->pt.cr_ifs = cfm | (1UL << 63);
++ scr->pt.ar_rsc = rsc | (3 << 2); /* force PL3 */
+
+ /* establish new instruction pointer: */
+ scr->pt.cr_iip = ip & ~0x3UL;
--- /dev/null
+From torvalds@osdl.org Sat Jun 18 13:15:48 2005
+Date: Sat, 18 Jun 2005 13:17:49 -0700 (PDT)
+From: Linus Torvalds <torvalds@osdl.org>
+To: stable@kernel.org, Chris Wright <chrisw@osdl.org>,
+ Greg KH <greg@kroah.com>, Andrew Morton <akpm@osdl.org>
+cc: Oleg Nesterov <oleg@tv-sign.ru>, Roland McGrath <roland@redhat.com>,
+ Ingo Molnar <mingo@elte.hu>, Steven Rostedt <rostedt@goodmis.org>,
+ Kernel security list <security@kernel.org>
+Subject: Clean up subthread exec (CAN-2005-1913)
+
+Make sure we re-parent itimers. If subthread exec's with timer pending,
+signal is delivered to old group-leader and can panic kernel.
+
+Signed-off-by: Linus Torvalds <torvalds@ppc970.osdl.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+diff --git a/fs/exec.c b/fs/exec.c
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -649,6 +649,7 @@ static inline int de_thread(struct task_
+ }
+ sig->group_exit_task = NULL;
+ sig->notify_count = 0;
++ sig->real_timer.data = (unsigned long)current;
+ spin_unlock_irq(lock);
+
+ /*
projects / thirdparty / kernel / stable-queue.git / commitdiff
