From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Mon, 29 Jun 2009 23:53:38 +0000 (-0700)
Subject: .27 patches
X-Git-Tag: v2.6.27.26~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5feff0862c6e66e0beca28f12f598ba04e794817;p=thirdparty%2Fkernel%2Fstable-queue.git

.27 patches
---

diff --git a/queue-2.6.27/lockdep-select-frame-pointers-on-x86.patch b/queue-2.6.27/lockdep-select-frame-pointers-on-x86.patch
new file mode 100644
index 00000000000..ac5f41ee1c6
--- /dev/null
+++ b/queue-2.6.27/lockdep-select-frame-pointers-on-x86.patch
@@ -0,0 +1,34 @@
+From 00540e5d54be972a94a3b2ce6da8621bebe731a2 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Date: Fri, 12 Jun 2009 10:04:01 +0200
+Subject: lockdep: Select frame pointers on x86
+
+From: Peter Zijlstra <a.p.zijlstra@chello.nl>
+
+commit 00540e5d54be972a94a3b2ce6da8621bebe731a2 upstream.
+
+x86 stack traces are a piece of crap without frame pointers, and its not
+like the 'performance gain' of not having stack pointers matters when you
+selected lockdep.
+
+Reported-by: Andrew Morton <akpm@linux-foundation.org>
+LKML-Reference: <new-submission>
+Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ lib/Kconfig.debug |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/Kconfig.debug
++++ b/lib/Kconfig.debug
+@@ -394,7 +394,7 @@ config LOCKDEP
+ 	bool
+ 	depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
+ 	select STACKTRACE
+-	select FRAME_POINTER if !X86 && !MIPS && !PPC
++	select FRAME_POINTER if !MIPS && !PPC
+ 	select KALLSYMS
+ 	select KALLSYMS_ALL
+ 
diff --git a/queue-2.6.27/send_sigio_to_task-sanitize-the-usage-of-fown-signum.patch b/queue-2.6.27/send_sigio_to_task-sanitize-the-usage-of-fown-signum.patch
new file mode 100644
index 00000000000..3e6dd6ab0b3
--- /dev/null
+++ b/queue-2.6.27/send_sigio_to_task-sanitize-the-usage-of-fown-signum.patch
@@ -0,0 +1,68 @@
+From 8eeee4e2f04fc551f50c9d9847da2d73d7d33728 Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Wed, 17 Jun 2009 00:27:10 +0200
+Subject: send_sigio_to_task: sanitize the usage of fown->signum
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit 8eeee4e2f04fc551f50c9d9847da2d73d7d33728 upstream.
+
+send_sigio_to_task() reads fown->signum several times, we can race with
+F_SETSIG which changes ->signum lockless.  In theory, this can fool
+security checks or we can call group_send_sig_info() with the wrong
+->si_signo which does not match "int sig".
+
+Change the code to cache ->signum.
+
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fcntl.c |   16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+--- a/fs/fcntl.c
++++ b/fs/fcntl.c
+@@ -417,14 +417,20 @@ static inline int sigio_perm(struct task
+ }
+ 
+ static void send_sigio_to_task(struct task_struct *p,
+-			       struct fown_struct *fown, 
++			       struct fown_struct *fown,
+ 			       int fd,
+ 			       int reason)
+ {
+-	if (!sigio_perm(p, fown, fown->signum))
++	/*
++	 * F_SETSIG can change ->signum lockless in parallel, make
++	 * sure we read it once and use the same value throughout.
++	 */
++	int signum = ACCESS_ONCE(fown->signum);
++
++	if (!sigio_perm(p, fown, signum))
+ 		return;
+ 
+-	switch (fown->signum) {
++	switch (signum) {
+ 		siginfo_t si;
+ 		default:
+ 			/* Queue a rt signal with the appropriate fd as its
+@@ -433,7 +439,7 @@ static void send_sigio_to_task(struct ta
+ 			   delivered even if we can't queue.  Failure to
+ 			   queue in this case _should_ be reported; we fall
+ 			   back to SIGIO in that case. --sct */
+-			si.si_signo = fown->signum;
++			si.si_signo = signum;
+ 			si.si_errno = 0;
+ 		        si.si_code  = reason;
+ 			/* Make sure we are called with one of the POLL_*
+@@ -445,7 +451,7 @@ static void send_sigio_to_task(struct ta
+ 			else
+ 				si.si_band = band_table[reason - POLL_IN];
+ 			si.si_fd    = fd;
+-			if (!group_send_sig_info(fown->signum, &si, p))
++			if (!group_send_sig_info(signum, &si, p))
+ 				break;
+ 		/* fall-through: fall back on the old plain SIGIO signal */
+ 		case 0:
diff --git a/queue-2.6.27/series b/queue-2.6.27/series
index 6ddbc55af4e..854973987a5 100644
--- a/queue-2.6.27/series
+++ b/queue-2.6.27/series
@@ -15,3 +15,5 @@ floppy-provide-a-pnp-device-table-in-the-module.patch
 floppy-request-and-release-only-the-ports-we-actually-use.patch
 ib-mlx4-add-strong-ordering-to-local-inval-and-fast-reg-work-requests.patch
 x86-handle-initrd-that-extends-into-unusable-memory.patch
+lockdep-select-frame-pointers-on-x86.patch
+send_sigio_to_task-sanitize-the-usage-of-fown-signum.patch