V4L/DVB (6685): ir-keymaps.c: extra keys on winfast Y04G0033 remote

[sfrench/cifs-2.6.git] / fs / exec.c

diff --git a/fs/exec.c b/fs/exec.c
index 070ddf13cb719d62ead6233961c2bb9716beed02..282240afe99e5e223b1732c4c1b58245d90618d8 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -234,7 +234,7 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
        vma->vm_start = vma->vm_end - PAGE_SIZE;
 
        vma->vm_flags = VM_STACK_FLAGS;
-       vma->vm_page_prot = protection_map[vma->vm_flags & 0x7];
+       vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
        err = insert_vm_struct(mm, vma);
        if (err) {
                up_write(&mm->mmap_sem);
@@ -775,8 +775,8 @@ static int de_thread(struct task_struct *tsk)
         * Reparenting needs write_lock on tasklist_lock,
         * so it is safe to do it under read_lock.
         */
-       if (unlikely(tsk->group_leader == child_reaper(tsk)))
-               tsk->nsproxy->pid_ns->child_reaper = tsk;
+       if (unlikely(tsk->group_leader == task_child_reaper(tsk)))
+               task_active_pid_ns(tsk)->child_reaper = tsk;
 
        zap_other_threads(tsk);
        read_unlock(&tasklist_lock);
@@ -841,8 +841,8 @@ static int de_thread(struct task_struct *tsk)
                 */
                tsk->start_time = leader->start_time;
 
-               BUG_ON(leader->tgid != tsk->tgid);
-               BUG_ON(tsk->pid == tsk->tgid);
+               BUG_ON(!same_thread_group(leader, tsk));
+               BUG_ON(has_group_leader_pid(tsk));
                /*
                 * An exec() starts a new thread group with the
                 * TGID of the previous thread group. Rehash the
@@ -857,7 +857,7 @@ static int de_thread(struct task_struct *tsk)
                 */
                detach_pid(tsk, PIDTYPE_PID);
                tsk->pid = leader->pid;
-               attach_pid(tsk, PIDTYPE_PID,  find_pid(tsk->pid));
+               attach_pid(tsk, PIDTYPE_PID,  task_pid(leader));
                transfer_pid(leader, tsk, PIDTYPE_PGID);
                transfer_pid(leader, tsk, PIDTYPE_SID);
                list_replace_rcu(&leader->tasks, &tsk->tasks);
@@ -1433,7 +1433,7 @@ static int format_corename(char *corename, const char *pattern, long signr)
                        case 'p':
                                pid_in_pattern = 1;
                                rc = snprintf(out_ptr, out_end - out_ptr,
-                                             "%d", current->tgid);
+                                             "%d", task_tgid_vnr(current));
                                if (rc > out_end - out_ptr)
                                        goto out;
                                out_ptr += rc;
@@ -1513,7 +1513,7 @@ static int format_corename(char *corename, const char *pattern, long signr)
        if (!ispipe && !pid_in_pattern
             && (core_uses_pid || atomic_read(&current->mm->mm_users) != 1)) {
                rc = snprintf(out_ptr, out_end - out_ptr,
-                             ".%d", current->tgid);
+                             ".%d", task_tgid_vnr(current));
                if (rc > out_end - out_ptr)
                        goto out;
                out_ptr += rc;
@@ -1692,7 +1692,10 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
        if (!binfmt || !binfmt->core_dump)
                goto fail;
        down_write(&mm->mmap_sem);
-       if (!get_dumpable(mm)) {
+       /*
+        * If another thread got here first, or we are not dumpable, bail out.
+        */
+       if (mm->core_waiters || !get_dumpable(mm)) {
                up_write(&mm->mmap_sem);
                goto fail;
        }
@@ -1706,7 +1709,6 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
                flag = O_EXCL;          /* Stop rewrite attacks */
                current->fsuid = 0;     /* Dump root private */
        }
-       set_dumpable(mm, 0);
 
        retval = coredump_wait(exit_code);
        if (retval < 0)
@@ -1778,6 +1780,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
           but keep the previous behaviour for now. */
        if (!ispipe && !S_ISREG(inode->i_mode))
                goto close_fail;
+       /*
+        * Dont allow local users get cute and trick others to coredump
+        * into their pre-created files:
+        */
+       if (inode->i_uid != current->fsuid)
+               goto close_fail;
        if (!file->f_op)
                goto close_fail;
        if (!file->f_op->write)