[PATCH] Fix IO bitmap invalidate

There is a bug where if any process that obtained an IO access
permissions via ioperm() does not explicitly "drop" that permissions,
the IO permissions don't get properly invalidated on process exit.

The cause is that exit_thread() only invalidates the per-thread
io_bitmap pointer, but doesn't invalidate the per-TSS io_bitmap pointer
as well.

As the per-thread pointer is invalidated, __switch_to() doesn't take
care of that one either, so the per-TSS pointer stays valid as long as
some other process does ioperm().

This fixes the problem - it invalidates the per-TSS io_bitmap pointer
and the problem goes away.

diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
index 4cee7d1ae2245edc671d70f1402821a8e53f5d79..2e61c5d9a9591bf53699e8c43d9f655883ed7773 100644 (file)
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -293,8 +293,12 @@ void exit_thread(void)
 
        /* The process may have allocated an io port bitmap... nuke it. */
        if (unlikely(NULL != tsk->thread.io_bitmap_ptr)) {
+               int cpu = get_cpu();
+               struct tss_struct *tss = init_tss + cpu;
                kfree(tsk->thread.io_bitmap_ptr);
                tsk->thread.io_bitmap_ptr = NULL;
+               tss->io_bitmap_base = INVALID_IO_BITMAP_OFFSET;
+               put_cpu();
        }
 }