r3703 - in trunk/kernel/source/linux-2.6/debian: . patches-debian patches-debian/series

Frederik Schüler fschueler-guest at costa.debian.org
Sat Aug 6 11:52:04 UTC 2005 

Author: fschueler-guest
Date: 2005-08-06 11:52:04 +0000 (Sat, 06 Aug 2005)
New Revision: 3703

Added:
   trunk/kernel/source/linux-2.6/debian/patches-debian/patch-2.6.12.4
   trunk/kernel/source/linux-2.6/debian/patches-debian/series/2.6.12-2
Modified:
   trunk/kernel/source/linux-2.6/debian/changelog
Log:
Added 2.6.12.4 diff. 


Modified: trunk/kernel/source/linux-2.6/debian/changelog
===================================================================
--- trunk/kernel/source/linux-2.6/debian/changelog	2005-08-06 09:33:37 UTC (rev 3702)
+++ trunk/kernel/source/linux-2.6/debian/changelog	2005-08-06 11:52:04 UTC (rev 3703)
@@ -19,6 +19,21 @@
 
   * Add m68k support. (Christian T. Steigies) 
 
+  * Added 2.6.12.4 (Frederik Schüler)
+    - Fix powernow oops on dual-core athlon
+    - Fix early vlan adding leads to not functional device
+    - sys_get_thread_area does not clear the returned argument
+    - bio_clone fix
+    - Fix possible overflow of sock->sk_policy
+    - Wait until all references to ip_conntrack_untracked are dropped on
+      unload
+    - Fix potential memory corruption in NAT code (aka memory NAT)
+    - Fix deadlock in ip6_queue
+    - Fix signedness issues in net/core/filter.c
+    - x86_64 memleak from malicious 32bit elf program
+    - rocket.c: Fix ldisc ref count handling
+    - kbuild: build TAGS problem with O=
+
  -- Christian T. Steigies <cts at debian.org>  Sat,  6 Aug 2005 10:21:14 +0200
  
 linux-2.6 (2.6.12-1) unstable; urgency=low

Added: trunk/kernel/source/linux-2.6/debian/patches-debian/patch-2.6.12.4
===================================================================
--- trunk/kernel/source/linux-2.6/debian/patches-debian/patch-2.6.12.4	2005-08-06 09:33:37 UTC (rev 3702)
+++ trunk/kernel/source/linux-2.6/debian/patches-debian/patch-2.6.12.4	2005-08-06 11:52:04 UTC (rev 3703)
@@ -0,0 +1,203 @@
+@@ -1149,7 +1149,7 @@ endif # KBUILD_EXTMOD
+ #(which is the most common case IMHO) to avoid unneeded clutter in the big tags file.
+ #Adding $(srctree) adds about 20M on i386 to the size of the output file!
+ 
+-ifeq ($(KBUILD_OUTPUT),)
++ifeq ($(src),$(obj))
+ __srctree =
+ else
+ __srctree = $(srctree)/
+diff --git a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c
+--- a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c
++++ b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c
+@@ -44,7 +44,7 @@
+ 
+ #define PFX "powernow-k8: "
+ #define BFX PFX "BIOS error: "
+-#define VERSION "version 1.40.2"
++#define VERSION "version 1.40.4"
+ #include "powernow-k8.h"
+ 
+ /* serialize freq changes  */
+@@ -978,7 +978,7 @@ static int __init powernowk8_cpu_init(st
+ {
+ 	struct powernow_k8_data *data;
+ 	cpumask_t oldmask = CPU_MASK_ALL;
+-	int rc;
++	int rc, i;
+ 
+ 	if (!check_supported_cpu(pol->cpu))
+ 		return -ENODEV;
+@@ -1064,7 +1064,9 @@ static int __init powernowk8_cpu_init(st
+ 	printk("cpu_init done, current fid 0x%x, vid 0x%x\n",
+ 	       data->currfid, data->currvid);
+ 
+-	powernow_data[pol->cpu] = data;
++	for_each_cpu_mask(i, cpu_core_map[pol->cpu]) {
++		powernow_data[i] = data;
++	}
+ 
+ 	return 0;
+ 
+diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
+--- a/arch/i386/kernel/process.c
++++ b/arch/i386/kernel/process.c
+@@ -827,6 +827,8 @@ asmlinkage int sys_get_thread_area(struc
+ 	if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
+ 		return -EINVAL;
+ 
++	memset(&info, 0, sizeof(info));
++
+ 	desc = current->thread.tls_array + idx - GDT_ENTRY_TLS_MIN;
+ 
+ 	info.entry_number = idx;
+diff --git a/arch/x86_64/ia32/syscall32.c b/arch/x86_64/ia32/syscall32.c
+--- a/arch/x86_64/ia32/syscall32.c
++++ b/arch/x86_64/ia32/syscall32.c
+@@ -57,6 +57,7 @@ int syscall32_setup_pages(struct linux_b
+ 	int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
+ 	struct vm_area_struct *vma;
+ 	struct mm_struct *mm = current->mm;
++	int ret;
+ 
+ 	vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
+ 	if (!vma)
+@@ -78,7 +79,11 @@ int syscall32_setup_pages(struct linux_b
+ 	vma->vm_mm = mm;
+ 
+ 	down_write(&mm->mmap_sem);
+-	insert_vm_struct(mm, vma);
++	if ((ret = insert_vm_struct(mm, vma))) {
++		up_write(&mm->mmap_sem);
++		kmem_cache_free(vm_area_cachep, vma);
++		return ret;
++	}
+ 	mm->total_vm += npages;
+ 	up_write(&mm->mmap_sem);
+ 	return 0;
+diff --git a/drivers/char/rocket.c b/drivers/char/rocket.c
+--- a/drivers/char/rocket.c
++++ b/drivers/char/rocket.c
+@@ -277,7 +277,7 @@ static void rp_do_receive(struct r_port 
+ 		ToRecv = space;
+ 
+ 	if (ToRecv <= 0)
+-		return;
++		goto done;
+ 
+ 	/*
+ 	 * if status indicates there are errored characters in the
+@@ -359,6 +359,7 @@ static void rp_do_receive(struct r_port 
+ 	}
+ 	/*  Push the data up to the tty layer */
+ 	ld->receive_buf(tty, tty->flip.char_buf, tty->flip.flag_buf, count);
++done:
+ 	tty_ldisc_deref(ld);
+ }
+ 
+diff --git a/fs/bio.c b/fs/bio.c
+--- a/fs/bio.c
++++ b/fs/bio.c
+@@ -261,6 +261,7 @@ inline void __bio_clone(struct bio *bio,
+ 	 */
+ 	bio->bi_vcnt = bio_src->bi_vcnt;
+ 	bio->bi_size = bio_src->bi_size;
++	bio->bi_idx = bio_src->bi_idx;
+ 	bio_phys_segments(q, bio);
+ 	bio_hw_segments(q, bio);
+ }
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -1192,7 +1192,7 @@ static inline void *skb_header_pointer(c
+ {
+ 	int hlen = skb_headlen(skb);
+ 
+-	if (offset + len <= hlen)
++	if (hlen - offset >= len)
+ 		return skb->data + offset;
+ 
+ 	if (skb_copy_bits(skb, offset, buffer, len) < 0)
+diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
+--- a/net/8021q/vlan.c
++++ b/net/8021q/vlan.c
+@@ -578,6 +578,14 @@ static int vlan_device_event(struct noti
+ 			if (!vlandev)
+ 				continue;
+ 
++			if (netif_carrier_ok(dev)) {
++				if (!netif_carrier_ok(vlandev))
++					netif_carrier_on(vlandev);
++			} else {
++				if (netif_carrier_ok(vlandev))
++					netif_carrier_off(vlandev);
++			}
++
+ 			if ((vlandev->state & VLAN_LINK_STATE_MASK) != flgs) {
+ 				vlandev->state = (vlandev->state &~ VLAN_LINK_STATE_MASK) 
+ 					| flgs;
+diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
+--- a/net/ipv4/netfilter/ip_conntrack_core.c
++++ b/net/ipv4/netfilter/ip_conntrack_core.c
+@@ -1124,6 +1124,9 @@ void ip_conntrack_cleanup(void)
+ 		schedule();
+ 		goto i_see_dead_people;
+ 	}
++	/* wait until all references to ip_conntrack_untracked are dropped */
++	while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1)
++		schedule();
+ 
+ 	kmem_cache_destroy(ip_conntrack_cachep);
+ 	kmem_cache_destroy(ip_conntrack_expect_cachep);
+diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c
+--- a/net/ipv4/netfilter/ip_nat_proto_tcp.c
++++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c
+@@ -40,7 +40,8 @@ tcp_unique_tuple(struct ip_conntrack_tup
+ 		 enum ip_nat_manip_type maniptype,
+ 		 const struct ip_conntrack *conntrack)
+ {
+-	static u_int16_t port, *portptr;
++	static u_int16_t port;
++	u_int16_t *portptr;
+ 	unsigned int range_size, min, i;
+ 
+ 	if (maniptype == IP_NAT_MANIP_SRC)
+diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c
+--- a/net/ipv4/netfilter/ip_nat_proto_udp.c
++++ b/net/ipv4/netfilter/ip_nat_proto_udp.c
+@@ -41,7 +41,8 @@ udp_unique_tuple(struct ip_conntrack_tup
+ 		 enum ip_nat_manip_type maniptype,
+ 		 const struct ip_conntrack *conntrack)
+ {
+-	static u_int16_t port, *portptr;
++	static u_int16_t port;
++	u_int16_t *portptr;
+ 	unsigned int range_size, min, i;
+ 
+ 	if (maniptype == IP_NAT_MANIP_SRC)
+diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
+--- a/net/ipv6/netfilter/ip6_queue.c
++++ b/net/ipv6/netfilter/ip6_queue.c
+@@ -76,7 +76,9 @@ static DECLARE_MUTEX(ipqnl_sem);
+ static void
+ ipq_issue_verdict(struct ipq_queue_entry *entry, int verdict)
+ {
++	local_bh_disable();
+ 	nf_reinject(entry->skb, entry->info, verdict);
++	local_bh_enable();
+ 	kfree(entry);
+ }
+ 
+diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
+--- a/net/xfrm/xfrm_user.c
++++ b/net/xfrm/xfrm_user.c
+@@ -1180,6 +1180,9 @@ static struct xfrm_policy *xfrm_compile_
+ 	if (nr > XFRM_MAX_DEPTH)
+ 		return NULL;
+ 
++	if (p->dir > XFRM_POLICY_OUT)
++		return NULL;
++
+ 	xp = xfrm_policy_alloc(GFP_KERNEL);
+ 	if (xp == NULL) {
+ 		*dir = -ENOBUFS;

Added: trunk/kernel/source/linux-2.6/debian/patches-debian/series/2.6.12-2
===================================================================
--- trunk/kernel/source/linux-2.6/debian/patches-debian/series/2.6.12-2	2005-08-06 09:33:37 UTC (rev 3702)
+++ trunk/kernel/source/linux-2.6/debian/patches-debian/series/2.6.12-2	2005-08-06 11:52:04 UTC (rev 3703)
@@ -0,0 +1 @@
++ patch-2.6.12.3

More information about the Kernel-svn-changes mailing list