diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/futex.c | 17 | ||||
| -rw-r--r-- | kernel/kexec.c | 7 |
2 files changed, 8 insertions, 16 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index e7a35f1039e7..6a3a5fa1526d 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
| @@ -429,20 +429,11 @@ static void free_pi_state(struct futex_pi_state *pi_state) | |||
| 429 | static struct task_struct * futex_find_get_task(pid_t pid) | 429 | static struct task_struct * futex_find_get_task(pid_t pid) |
| 430 | { | 430 | { |
| 431 | struct task_struct *p; | 431 | struct task_struct *p; |
| 432 | const struct cred *cred = current_cred(), *pcred; | ||
| 433 | 432 | ||
| 434 | rcu_read_lock(); | 433 | rcu_read_lock(); |
| 435 | p = find_task_by_vpid(pid); | 434 | p = find_task_by_vpid(pid); |
| 436 | if (!p) { | 435 | if (p) |
| 437 | p = ERR_PTR(-ESRCH); | 436 | get_task_struct(p); |
| 438 | } else { | ||
| 439 | pcred = __task_cred(p); | ||
| 440 | if (cred->euid != pcred->euid && | ||
| 441 | cred->euid != pcred->uid) | ||
| 442 | p = ERR_PTR(-ESRCH); | ||
| 443 | else | ||
| 444 | get_task_struct(p); | ||
| 445 | } | ||
| 446 | 437 | ||
| 447 | rcu_read_unlock(); | 438 | rcu_read_unlock(); |
| 448 | 439 | ||
| @@ -564,8 +555,8 @@ lookup_pi_state(u32 uval, struct futex_hash_bucket *hb, | |||
| 564 | if (!pid) | 555 | if (!pid) |
| 565 | return -ESRCH; | 556 | return -ESRCH; |
| 566 | p = futex_find_get_task(pid); | 557 | p = futex_find_get_task(pid); |
| 567 | if (IS_ERR(p)) | 558 | if (!p) |
| 568 | return PTR_ERR(p); | 559 | return -ESRCH; |
| 569 | 560 | ||
| 570 | /* | 561 | /* |
| 571 | * We need to look at the task state flags to figure out, | 562 | * We need to look at the task state flags to figure out, |
diff --git a/kernel/kexec.c b/kernel/kexec.c index 474a84715eac..131b1703936f 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c | |||
| @@ -1089,9 +1089,10 @@ void crash_kexec(struct pt_regs *regs) | |||
| 1089 | 1089 | ||
| 1090 | size_t crash_get_memory_size(void) | 1090 | size_t crash_get_memory_size(void) |
| 1091 | { | 1091 | { |
| 1092 | size_t size; | 1092 | size_t size = 0; |
| 1093 | mutex_lock(&kexec_mutex); | 1093 | mutex_lock(&kexec_mutex); |
| 1094 | size = crashk_res.end - crashk_res.start + 1; | 1094 | if (crashk_res.end != crashk_res.start) |
| 1095 | size = crashk_res.end - crashk_res.start + 1; | ||
| 1095 | mutex_unlock(&kexec_mutex); | 1096 | mutex_unlock(&kexec_mutex); |
| 1096 | return size; | 1097 | return size; |
| 1097 | } | 1098 | } |
| @@ -1134,7 +1135,7 @@ int crash_shrink_memory(unsigned long new_size) | |||
| 1134 | 1135 | ||
| 1135 | free_reserved_phys_range(end, crashk_res.end); | 1136 | free_reserved_phys_range(end, crashk_res.end); |
| 1136 | 1137 | ||
| 1137 | if (start == end) | 1138 | if ((start == end) && (crashk_res.parent != NULL)) |
| 1138 | release_resource(&crashk_res); | 1139 | release_resource(&crashk_res); |
| 1139 | crashk_res.end = end - 1; | 1140 | crashk_res.end = end - 1; |
| 1140 | 1141 | ||