netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()

[pandora-kernel.git] / fs / signalfd.c

diff --git a/fs/signalfd.c b/fs/signalfd.c
index 1c5a6ad..7ae2a57 100644 (file)
--- a/fs/signalfd.c
+++ b/fs/signalfd.c
@@ -30,6 +30,21 @@
 #include <linux/signalfd.h>
 #include <linux/syscalls.h>
 
+void signalfd_cleanup(struct sighand_struct *sighand)
+{
+       wait_queue_head_t *wqh = &sighand->signalfd_wqh;
+       /*
+        * The lockless check can race with remove_wait_queue() in progress,
+        * but in this case its caller should run under rcu_read_lock() and
+        * sighand_cachep is SLAB_DESTROY_BY_RCU, we can safely return.
+        */
+       if (likely(!waitqueue_active(wqh)))
+               return;
+
+       /* wait_queue_t->func(POLLFREE) should do remove_wait_queue() */
+       wake_up_poll(wqh, POLLHUP | POLLFREE);
+}
+
 struct signalfd_ctx {
        sigset_t sigmask;
 };
@@ -98,6 +113,16 @@ static int signalfd_copyinfo(struct signalfd_siginfo __user *uinfo,
                err |= __put_user((long) kinfo->si_addr, &uinfo->ssi_addr);
 #ifdef __ARCH_SI_TRAPNO
                err |= __put_user(kinfo->si_trapno, &uinfo->ssi_trapno);
+#endif
+#ifdef BUS_MCEERR_AO
+               /* 
+                * Other callers might not initialize the si_lsb field,
+                * so check explicitly for the right codes here.
+                */
+               if (kinfo->si_code == BUS_MCEERR_AR ||
+                   kinfo->si_code == BUS_MCEERR_AO)
+                       err |= __put_user((short) kinfo->si_addr_lsb,
+                                         &uinfo->ssi_addr_lsb);
 #endif
                break;
        case __SI_CHLD:
@@ -206,6 +231,7 @@ static const struct file_operations signalfd_fops = {
        .release        = signalfd_release,
        .poll           = signalfd_poll,
        .read           = signalfd_read,
+       .llseek         = noop_llseek,
 };
 
 SYSCALL_DEFINE4(signalfd4, int, ufd, sigset_t __user *, user_mask,