another .25 patch

diff --git a/queue-2.6.25/series b/queue-2.6.25/series
index 0fba041888835991146bb22f7096fa2436d55770..bb700f4ff7322887600f458a5611f3a0f09cfeb9 100644 (file)
--- a/queue-2.6.25/series
+++ b/queue-2.6.25/series
@@ -3,3 +3,4 @@ xen-mask-unwanted-pte-bits-in-__supported_pte_mask.patch
 futexes-fix-fault-handling-in-futex_lock_pi.patch
 ib-mthca-clear-icm-pages-before-handing-to-fw.patch
 drm-enable-bus-mastering-on-i915-at-resume-time.patch
+x86_64-ptrace-fix-sys32_ptrace-task_struct-leak.patch

diff --git a/queue-2.6.25/x86_64-ptrace-fix-sys32_ptrace-task_struct-leak.patch b/queue-2.6.25/x86_64-ptrace-fix-sys32_ptrace-task_struct-leak.patch
new file mode 100644 (file)
index 0000000..1297f7e
--- /dev/null
+++ b/queue-2.6.25/x86_64-ptrace-fix-sys32_ptrace-task_struct-leak.patch
@@ -0,0 +1,93 @@
+From stable-bounces@linux.kernel.org Fri Jun 27 14:44:11 2008
+From: Roland McGrath <roland@redhat.com>
+Date: Fri, 27 Jun 2008 13:48:29 -0700 (PDT)
+Subject: x86_64 ptrace: fix sys32_ptrace task_struct leak
+To: stable@kernel.org
+Cc: Pekka Enberg <penberg@cs.helsinki.fi>, Jeff Dike <jdike@addtoit.com>, Joris van Rantwijk <jorispubl@xs4all.nl>, linux-kernel@vger.kernel.org, Thorsten Knabe <linux@thorsten-knabe.de>
+Message-ID: <20080627204953.D7D8A154223@magilla.localdomain>
+
+From: Roland McGrath <roland@redhat.com>
+
+Commit 5a4646a4efed8c835f76c3b88f3155f6ab5b8d9b introduced a leak of
+task_struct refs into sys32_ptrace.  This bug has already gone away in
+for 2.6.26 in commit 562b80bafffaf42a6d916b0a2ee3d684220a1c10.
+
+Signed-off-by: Roland McGrath <roland@redhat.com>
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/ptrace.c |   45 ++++++++++++++++++++++++++-------------------
+ 1 file changed, 26 insertions(+), 19 deletions(-)
+
+--- a/arch/x86/kernel/ptrace.c
++++ b/arch/x86/kernel/ptrace.c
+@@ -1309,42 +1309,49 @@ asmlinkage long sys32_ptrace(long reques
+               break;
+ 
+       case PTRACE_GETREGS:    /* Get all gp regs from the child. */
+-              return copy_regset_to_user(child, &user_x86_32_view,
+-                                         REGSET_GENERAL,
+-                                         0, sizeof(struct user_regs_struct32),
+-                                         datap);
++              ret = copy_regset_to_user(child, &user_x86_32_view,
++                                        REGSET_GENERAL,
++                                        0, sizeof(struct user_regs_struct32),
++                                        datap);
++              break;
+ 
+       case PTRACE_SETREGS:    /* Set all gp regs in the child. */
+-              return copy_regset_from_user(child, &user_x86_32_view,
+-                                           REGSET_GENERAL, 0,
+-                                           sizeof(struct user_regs_struct32),
+-                                           datap);
++              ret = copy_regset_from_user(child, &user_x86_32_view,
++                                          REGSET_GENERAL, 0,
++                                          sizeof(struct user_regs_struct32),
++                                          datap);
++              break;
+ 
+       case PTRACE_GETFPREGS:  /* Get the child FPU state. */
+-              return copy_regset_to_user(child, &user_x86_32_view,
+-                                         REGSET_FP, 0,
+-                                         sizeof(struct user_i387_ia32_struct),
+-                                         datap);
++              ret = copy_regset_to_user(child, &user_x86_32_view,
++                                        REGSET_FP, 0,
++                                        sizeof(struct user_i387_ia32_struct),
++                                        datap);
++              break;
+ 
+       case PTRACE_SETFPREGS:  /* Set the child FPU state. */
+-              return copy_regset_from_user(
++              ret = copy_regset_from_user(
+                       child, &user_x86_32_view, REGSET_FP,
+                       0, sizeof(struct user_i387_ia32_struct), datap);
++              break;
+ 
+       case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */
+-              return copy_regset_to_user(child, &user_x86_32_view,
+-                                         REGSET_XFP, 0,
+-                                         sizeof(struct user32_fxsr_struct),
+-                                         datap);
++              ret = copy_regset_to_user(child, &user_x86_32_view,
++                                        REGSET_XFP, 0,
++                                        sizeof(struct user32_fxsr_struct),
++                                        datap);
++              break;
+ 
+       case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */
+-              return copy_regset_from_user(child, &user_x86_32_view,
++              ret = copy_regset_from_user(child, &user_x86_32_view,
+                                            REGSET_XFP, 0,
+                                            sizeof(struct user32_fxsr_struct),
+                                            datap);
++              break;
+ 
+       default:
+-              return compat_ptrace_request(child, request, addr, data);
++              ret = compat_ptrace_request(child, request, addr, data);
++              break;
+       }
+ 
+  out: