releases/2.6.32.16/posix_timer-fix-error-path-in-timer_create.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 45e0fffc8a7778282e6a1514a6ae3e7ae6545111 Mon Sep 17 00:00:00 2001
 From: Andrey Vagin <avagin@openvz.org>
 Date: Mon, 24 May 2010 12:15:33 -0700
 Subject: posix_timer: Fix error path in timer_create

 From: Andrey Vagin <avagin@openvz.org>

 commit 45e0fffc8a7778282e6a1514a6ae3e7ae6545111 upstream.

 Move CLOCK_DISPATCH(which_clock, timer_create, (new_timer)) after all
 posible EFAULT erros.

 *_timer_create may allocate/get resources.
 (for example posix_cpu_timer_create does get_task_struct)

 [ tglx: fold the remove crappy comment patch into this ]

 Signed-off-by: Andrey Vagin <avagin@openvz.org>
 Cc: Oleg Nesterov <oleg@tv-sign.ru>
 Cc: Pavel Emelyanov <xemul@openvz.org>
 Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

 --- a/kernel/posix-timers.c
 +++ b/kernel/posix-timers.c
 @@ -559,14 +559,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,
  	new_timer->it_id = (timer_t) new_timer_id;
  	new_timer->it_clock = which_clock;
  	new_timer->it_overrun = -1;
 -	error = CLOCK_DISPATCH(which_clock, timer_create, (new_timer));
 -	if (error)
 -		goto out;

 -	/*
 -	 * return the timer_id now.  The next step is hard to
 -	 * back out if there is an error.
 -	 */
  	if (copy_to_user(created_timer_id,
  			 &new_timer_id, sizeof (new_timer_id))) {
  		error = -EFAULT;
 @@ -597,6 +590,10 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,
  	new_timer->sigq->info.si_tid   = new_timer->it_id;
  	new_timer->sigq->info.si_code  = SI_TIMER;

 +	error = CLOCK_DISPATCH(which_clock, timer_create, (new_timer));
 +	if (error)
 +		goto out;
 +
  	spin_lock_irq(&current->sighand->siglock);
  	new_timer->it_signal = current->signal;
  	list_add(&new_timer->list, &current->signal->posix_timers);
	From 45e0fffc8a7778282e6a1514a6ae3e7ae6545111 Mon Sep 17 00:00:00 2001
	From: Andrey Vagin <avagin@openvz.org>
	Date: Mon, 24 May 2010 12:15:33 -0700
	Subject: posix_timer: Fix error path in timer_create

	From: Andrey Vagin <avagin@openvz.org>

	commit 45e0fffc8a7778282e6a1514a6ae3e7ae6545111 upstream.

	Move CLOCK_DISPATCH(which_clock, timer_create, (new_timer)) after all
	posible EFAULT erros.

	*_timer_create may allocate/get resources.
	(for example posix_cpu_timer_create does get_task_struct)

	[ tglx: fold the remove crappy comment patch into this ]

	Signed-off-by: Andrey Vagin <avagin@openvz.org>
	Cc: Oleg Nesterov <oleg@tv-sign.ru>
	Cc: Pavel Emelyanov <xemul@openvz.org>
	Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

	--- a/kernel/posix-timers.c
	+++ b/kernel/posix-timers.c
	@@ -559,14 +559,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,
	new_timer->it_id = (timer_t) new_timer_id;
	new_timer->it_clock = which_clock;
	new_timer->it_overrun = -1;
	- error = CLOCK_DISPATCH(which_clock, timer_create, (new_timer));
	- if (error)
	- goto out;

	- /*
	- * return the timer_id now. The next step is hard to
	- * back out if there is an error.
	- */
	if (copy_to_user(created_timer_id,
	&new_timer_id, sizeof (new_timer_id))) {
	error = -EFAULT;
	@@ -597,6 +590,10 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,
	new_timer->sigq->info.si_tid = new_timer->it_id;
	new_timer->sigq->info.si_code = SI_TIMER;

	+ error = CLOCK_DISPATCH(which_clock, timer_create, (new_timer));
	+ if (error)
	+ goto out;
	+
	spin_lock_irq(&current->sighand->siglock);
	new_timer->it_signal = current->signal;
	list_add(&new_timer->list, &current->signal->posix_timers);