linux/include
Oleg Nesterov 080344b988 hrtimer: fix *rmtp handling in hrtimer_nanosleep()
Spotted by Pavel Emelyanov and Alexey Dobriyan.

hrtimer_nanosleep() sets restart_block->arg1 = rmtp, but this rmtp points to
the local variable which lives in the caller's stack frame. This means that
if sys_restart_syscall() actually happens and it is interrupted as well, we
don't update the user-space variable, but write into the already dead stack
frame.

Introduced by commit 04c227140f
hrtimer: Rework hrtimer_nanosleep to make sys_compat_nanosleep easier

Change the callers to pass "__user *rmtp" to hrtimer_nanosleep(), and change
hrtimer_nanosleep() to use copy_to_user() to actually update *rmtp.

Small problem remains. man 2 nanosleep states that *rtmp should be written if
nanosleep() was interrupted (it says nothing whether it is OK to update *rmtp
if nanosleep returns 0), but (with or without this patch) we can dirty *rem
even if nanosleep() returns 0.

NOTE: this patch doesn't change compat_sys_nanosleep(), because it has other
bugs. Fixed by the next patch.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Alexey Dobriyan <adobriyan@sw.ru>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Pavel Emelyanov <xemul@sw.ru>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Toyo Abe <toyoa@mvista.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

 include/linux/hrtimer.h |    2 -
 kernel/hrtimer.c        |   51 +++++++++++++++++++++++++-----------------------
 kernel/posix-timers.c   |   14 +------------
 3 files changed, 30 insertions(+), 37 deletions(-)
2008-02-10 10:48:03 +01:00
..
acpi Merge branches 'release' and 'fluff' into release 2008-02-07 03:38:22 -05:00
asm-alpha CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-arm CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-avr32 CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-blackfin Add pgtable_t to remaining nommu architectures 2008-02-09 11:08:33 -08:00
asm-cris Merge branch 'cris' of git://www.jni.nu/cris 2008-02-08 10:01:28 -08:00
asm-frv Fix FRV cmpxchg_local 2008-02-08 15:33:32 -08:00
asm-generic asm-generic: remove fastcall 2008-02-08 09:22:31 -08:00
asm-h8300 Add pgtable_t to remaining nommu architectures 2008-02-09 11:08:33 -08:00
asm-ia64 Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 2008-02-08 15:40:28 -08:00
asm-m32r CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-m68k CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-m68knommu m68knommu: add pgtable_t 2008-02-09 11:08:34 -08:00
asm-mips CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-mn10300 mn10300: add the MN10300/AM33 architecture to the kernel 2008-02-08 09:22:30 -08:00
asm-parisc CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-powerpc Merge branch 'for-2.6.25' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-02-08 09:31:42 -08:00
asm-ppc CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-s390 [S390] dynamic page tables. 2008-02-09 18:24:41 +01:00
asm-sh CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-sparc [SPARC]: Merge asm-sparc{,64}/a.out.h 2008-02-09 22:25:50 -08:00
asm-sparc64 [SPARC]: Merge asm-sparc{,64}/a.out.h 2008-02-09 22:25:50 -08:00
asm-um uml: x86_64 should copy %fs during fork 2008-02-08 09:22:43 -08:00
asm-v850 Add pgtable_t to remaining nommu architectures 2008-02-09 11:08:33 -08:00
asm-x86 x86: introduce page pool in cpa 2008-02-09 23:24:09 +01:00
asm-xtensa fix xtensa timerfd breakage 2008-02-08 15:33:32 -08:00
crypto
keys
linux hrtimer: fix *rmtp handling in hrtimer_nanosleep() 2008-02-10 10:48:03 +01:00
math-emu
media include/media/: Spelling fixes 2008-02-03 17:19:47 +02:00
mtd Merge git://git.infradead.org/~dedekind/ubi-2.6 2008-02-03 22:07:40 +11:00
net Merge branch 'pending' of master.kernel.org:/pub/scm/linux/kernel/git/vxy/lksctp-dev 2008-02-09 03:44:25 -08:00
pcmcia pcmcia: replace kio_addr_t with unsigned int everywhere 2008-02-05 09:44:08 -08:00
rdma IB/core: Remove unused struct ib_device.flags member 2008-02-08 14:47:26 -08:00
rxrpc
scsi [SCSI] Small cleanups for scsi_host.h 2008-02-07 18:02:43 -06:00
sound [ALSA] version 1.0.16rc2 2008-01-31 17:40:18 +01:00
video atmel_lcdfb: backlight control 2008-02-06 10:41:16 -08:00
xen x86: page.h: make pte_t a union to always include 2008-01-30 13:32:57 +01:00
Kbuild