From: Stas Sergeev <stsp@aknet.ru>
Date: Fri, 7 May 2004 02:35:35 +0000 (-0700)
Subject: [PATCH] Fix IO bitmap invalidate
X-Git-Tag: v2.6.6~19^2~1
X-Git-Url: http://git.neil.brown.name/?a=commitdiff_plain;h=037ebff3bb07cb660bf8f3bd2b6950d497d82354;p=history.git

[PATCH] Fix IO bitmap invalidate

There is a bug where if any process that obtained an IO access
permissions via ioperm() does not explicitly "drop" that permissions,
the IO permissions don't get properly invalidated on process exit.

The cause is that exit_thread() only invalidates the per-thread
io_bitmap pointer, but doesn't invalidate the per-TSS io_bitmap pointer
as well.

As the per-thread pointer is invalidated, __switch_to() doesn't take
care of that one either, so the per-TSS pointer stays valid as long as
some other process does ioperm().

This fixes the problem - it invalidates the per-TSS io_bitmap pointer
and the problem goes away.
---

diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
index 4cee7d1ae224..2e61c5d9a959 100644
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -293,8 +293,12 @@ void exit_thread(void)
 
 	/* The process may have allocated an io port bitmap... nuke it. */
 	if (unlikely(NULL != tsk->thread.io_bitmap_ptr)) {
+		int cpu = get_cpu();
+		struct tss_struct *tss = init_tss + cpu;
 		kfree(tsk->thread.io_bitmap_ptr);
 		tsk->thread.io_bitmap_ptr = NULL;
+		tss->io_bitmap_base = INVALID_IO_BITMAP_OFFSET;
+		put_cpu();
 	}
 }