--- /dev/null
+From de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 8 Jul 2013 15:59:40 -0700
+Subject: fanotify: info leak in copy_event_to_user()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f upstream.
+
+The ->reserved field isn't cleared so we leak one byte of stack
+information to userspace.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: Eric Paris <eparis@redhat.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Luis Henriques <luis.henriques@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/notify/fanotify/fanotify_user.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/notify/fanotify/fanotify_user.c
++++ b/fs/notify/fanotify/fanotify_user.c
+@@ -120,6 +120,7 @@ static int fill_event_metadata(struct fs
+ metadata->event_len = FAN_EVENT_METADATA_LEN;
+ metadata->metadata_len = FAN_EVENT_METADATA_LEN;
+ metadata->vers = FANOTIFY_METADATA_VERSION;
++ metadata->reserved = 0;
+ metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS;
+ metadata->pid = pid_vnr(event->tgid);
+ if (unlikely(event->mask & FAN_Q_OVERFLOW))
--- /dev/null
+From a59f4e079d19464eebb9b06513a1d4f55fdae5ba Mon Sep 17 00:00:00 2001
+From: Zhu Yanhai <gaoyang.zyh@taobao.com>
+Date: Tue, 8 Jan 2013 12:56:52 +0800
+Subject: sched: Fix the broken sched_rr_get_interval()
+
+From: Zhu Yanhai <gaoyang.zyh@taobao.com>
+
+commit a59f4e079d19464eebb9b06513a1d4f55fdae5ba upstream.
+
+The caller of sched_sliced() should pass se.cfs_rq and se as the
+arguments, however in sched_rr_get_interval() we gave it
+rq.cfs_rq and se, which made the following computation obviously
+wrong.
+
+The change was introduced by commit:
+
+ 77034937dc45 sched: fix crash in sys_sched_rr_get_interval()
+
+... 5 years ago, while it had been the correct 'cfs_rq_of' before
+the commit. The change seems to be irrelevant to the commit
+msg, which was to return a 0 timeslice for tasks that are on an
+idle runqueue. So I believe that was just a plain typo.
+
+Signed-off-by: Zhu Yanhai <gaoyang.zyh@taobao.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Paul Turner <pjt@google.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Link: http://lkml.kernel.org/r/1357621012-15039-1-git-send-email-gaoyang.zyh@taobao.com
+[ Since this is an ABI and an old bug, we'll test this via a
+ slow upstream route, to hopefully discover any app breakage. ]
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/fair.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -5511,7 +5511,7 @@ static unsigned int get_rr_interval_fair
+ * idle runqueue:
+ */
+ if (rq->cfs.load.weight)
+- rr_interval = NS_TO_JIFFIES(sched_slice(&rq->cfs, se));
++ rr_interval = NS_TO_JIFFIES(sched_slice(cfs_rq_of(se), se));
+
+ return rr_interval;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
