Andrew,
here is an incremental patch to fix a possible ref leak when users
do weird things with the ->sigev_notify flags.
Thanks Oleg for spotting this.
Sébastien.
From: Sébastien Dugué <[EMAIL PROTECTED]>
Fix AIO completion signal notification possible ref leak
Make sure we only accept valid sigev_notify values in aio_setup_sigevent(),
namely SIGEV_NONE, SIGEV_THREAD_ID or SIGEV_SIGNAL.
aio.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Signed-off-by: Sébastien Dugué <[EMAIL PROTECTED]>
Index: linux-2.6.20-rc6-mm3/fs/aio.c
===================================================================
--- linux-2.6.20-rc6-mm3.orig/fs/aio.c 2007-02-05 16:50:27.000000000 +0100
+++ linux-2.6.20-rc6-mm3/fs/aio.c 2007-02-05 16:53:43.000000000 +0100
@@ -939,7 +939,7 @@ static int aio_send_signal(struct aio_no
info->si_uid = 0;
info->si_value = notify->value;
- if (notify->notify & SIGEV_THREAD_ID)
+ if (notify->notify == SIGEV_THREAD_ID)
ret = send_sigqueue(notify->signo, sigq, notify->target);
else
ret = send_group_sigqueue(notify->signo, sigq, notify->target);
@@ -959,6 +959,10 @@ static long aio_setup_sigevent(struct ai
if (event.sigev_notify == SIGEV_NONE)
return 0;
+ if (event.sigev_notify != SIGEV_SIGNAL &&
+ event.sigev_notify != SIGEV_THREAD_ID)
+ return -EINVAL;
+
notify->notify = event.sigev_notify;
notify->signo = event.sigev_signo;
notify->value = event.sigev_value;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
