From: Chris Wright <chrisw@osdl.org>
Date: Wed, 22 Jun 2005 20:15:12 +0000 (-0700)
Subject: Relase 2.6.12.1
X-Git-Tag: v2.6.12.1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=16fc93c61a14646a1c0e6eeca060cbf2c7e9879b;p=thirdparty%2Fkernel%2Fstable-queue.git

Relase 2.6.12.1
---

diff --git a/2.6.12.1/ia64-ptrace-sigrestore_context.patch b/2.6.12.1/ia64-ptrace-sigrestore_context.patch
new file mode 100644
index 00000000000..d00b99c9f72
--- /dev/null
+++ b/2.6.12.1/ia64-ptrace-sigrestore_context.patch
@@ -0,0 +1,101 @@
+From tony.luck@intel.com  Mon Jun 20 20:53:10 2005
+Subject: [PATCH] ia64 ptrace + sigrestore_context (CAN-2005-1761)
+Date: Mon, 20 Jun 2005 20:53:01 -0700
+From: "Luck, Tony" <tony.luck@intel.com>
+To: "Chris Wright" <chrisw@osdl.org>, "Greg KH" <greg@kroah.com>
+
+From: Matthew Chapman <matthewc@hp.com>
+
+This patch fixes handling of accesses to ar.rsc via ptrace &
+restore_sigcontext
+
+Signed-off-by: Matthew Chapman <matthewc@hp.com>
+Acked-by: David Mosberger <davidm@hpl.hp.com>
+Acked-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+Index: arch/ia64/kernel/ptrace.c
+===================================================================
+--- 944bb3e49bfc40387c70686a68c4b90c7edf4549/arch/ia64/kernel/ptrace.c  (mode:100644)
++++ uncommitted/arch/ia64/kernel/ptrace.c  (mode:100644)
+@@ -945,6 +945,13 @@
+ 				*data = (pt->cr_ipsr & IPSR_MASK);
+ 			return 0;
+ 
++		      case PT_AR_RSC:
++			if (write_access)
++				pt->ar_rsc = *data | (3 << 2); /* force PL3 */
++			else
++				*data = pt->ar_rsc;
++			return 0;
++
+ 		      case PT_AR_RNAT:
+ 			urbs_end = ia64_get_user_rbs_end(child, pt, NULL);
+ 			rnat_addr = (long) ia64_rse_rnat_addr((long *)
+@@ -996,9 +1003,6 @@
+ 		      case PT_AR_BSPSTORE:
+ 			ptr = pt_reg_addr(pt, ar_bspstore);
+ 			break;
+-		      case PT_AR_RSC:
+-			ptr = pt_reg_addr(pt, ar_rsc);
+-			break;
+ 		      case PT_AR_UNAT:
+ 			ptr = pt_reg_addr(pt, ar_unat);
+ 			break;
+@@ -1234,7 +1238,7 @@
+ static long
+ ptrace_setregs (struct task_struct *child, struct pt_all_user_regs __user *ppr)
+ {
+-	unsigned long psr, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
++	unsigned long psr, rsc, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
+ 	struct unw_frame_info info;
+ 	struct switch_stack *sw;
+ 	struct ia64_fpreg fpval;
+@@ -1267,7 +1271,7 @@
+ 	/* app regs */
+ 
+ 	retval |= __get_user(pt->ar_pfs, &ppr->ar[PT_AUR_PFS]);
+-	retval |= __get_user(pt->ar_rsc, &ppr->ar[PT_AUR_RSC]);
++	retval |= __get_user(rsc, &ppr->ar[PT_AUR_RSC]);
+ 	retval |= __get_user(pt->ar_bspstore, &ppr->ar[PT_AUR_BSPSTORE]);
+ 	retval |= __get_user(pt->ar_unat, &ppr->ar[PT_AUR_UNAT]);
+ 	retval |= __get_user(pt->ar_ccv, &ppr->ar[PT_AUR_CCV]);
+@@ -1365,6 +1369,7 @@
+ 	retval |= __get_user(nat_bits, &ppr->nat);
+ 
+ 	retval |= access_uarea(child, PT_CR_IPSR, &psr, 1);
++	retval |= access_uarea(child, PT_AR_RSC, &rsc, 1);
+ 	retval |= access_uarea(child, PT_AR_EC, &ec, 1);
+ 	retval |= access_uarea(child, PT_AR_LC, &lc, 1);
+ 	retval |= access_uarea(child, PT_AR_RNAT, &rnat, 1);
+Index: arch/ia64/kernel/signal.c
+===================================================================
+--- 944bb3e49bfc40387c70686a68c4b90c7edf4549/arch/ia64/kernel/signal.c  (mode:100644)
++++ uncommitted/arch/ia64/kernel/signal.c  (mode:100644)
+@@ -94,7 +94,7 @@
+ static long
+ restore_sigcontext (struct sigcontext __user *sc, struct sigscratch *scr)
+ {
+-	unsigned long ip, flags, nat, um, cfm;
++	unsigned long ip, flags, nat, um, cfm, rsc;
+ 	long err;
+ 
+ 	/* Always make any pending restarted system calls return -EINTR */
+@@ -106,7 +106,7 @@
+ 	err |= __get_user(ip, &sc->sc_ip);			/* instruction pointer */
+ 	err |= __get_user(cfm, &sc->sc_cfm);
+ 	err |= __get_user(um, &sc->sc_um);			/* user mask */
+-	err |= __get_user(scr->pt.ar_rsc, &sc->sc_ar_rsc);
++	err |= __get_user(rsc, &sc->sc_ar_rsc);
+ 	err |= __get_user(scr->pt.ar_unat, &sc->sc_ar_unat);
+ 	err |= __get_user(scr->pt.ar_fpsr, &sc->sc_ar_fpsr);
+ 	err |= __get_user(scr->pt.ar_pfs, &sc->sc_ar_pfs);
+@@ -119,6 +119,7 @@
+ 	err |= __copy_from_user(&scr->pt.r15, &sc->sc_gr[15], 8);	/* r15 */
+ 
+ 	scr->pt.cr_ifs = cfm | (1UL << 63);
++	scr->pt.ar_rsc = rsc | (3 << 2); /* force PL3 */
+ 
+ 	/* establish new instruction pointer: */
+ 	scr->pt.cr_iip = ip & ~0x3UL;
diff --git a/2.6.12.1/itimer-thread-exec.patch b/2.6.12.1/itimer-thread-exec.patch
new file mode 100644
index 00000000000..383de6a3550
--- /dev/null
+++ b/2.6.12.1/itimer-thread-exec.patch
@@ -0,0 +1,27 @@
+From torvalds@osdl.org  Sat Jun 18 13:15:48 2005
+Date: Sat, 18 Jun 2005 13:17:49 -0700 (PDT)
+From: Linus Torvalds <torvalds@osdl.org>
+To: stable@kernel.org, Chris Wright <chrisw@osdl.org>,
+        Greg KH <greg@kroah.com>, Andrew Morton <akpm@osdl.org>
+cc: Oleg Nesterov <oleg@tv-sign.ru>, Roland McGrath <roland@redhat.com>,
+        Ingo Molnar <mingo@elte.hu>, Steven Rostedt <rostedt@goodmis.org>,
+        Kernel security list <security@kernel.org>
+Subject: Clean up subthread exec (CAN-2005-1913)
+    
+Make sure we re-parent itimers.  If subthread exec's with timer pending,
+signal is delivered to old group-leader and can panic kernel.
+
+Signed-off-by: Linus Torvalds <torvalds@ppc970.osdl.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+diff --git a/fs/exec.c b/fs/exec.c
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -649,6 +649,7 @@ static inline int de_thread(struct task_
+ 	}
+ 	sig->group_exit_task = NULL;
+ 	sig->notify_count = 0;
++	sig->real_timer.data = (unsigned long)current;
+ 	spin_unlock_irq(lock);
+ 
+ 	/*
diff --git a/2.6.12.1/series b/2.6.12.1/series
new file mode 100644
index 00000000000..8fa7b0f8fed
--- /dev/null
+++ b/2.6.12.1/series
@@ -0,0 +1,2 @@
+itimer-thread-exec.patch
+ia64-ptrace-sigrestore_context.patch