r3318 - in trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian: . patches patches/series

Frederik Schüler fschueler-guest@costa.debian.org
Mon, 13 Jun 2005 11:51:40 +0000


Author: fschueler-guest
Date: 2005-06-13 11:51:39 +0000 (Mon, 13 Jun 2005)
New Revision: 3318

Added:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7
Modified:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
Log:
Merge 2.6.11.12


Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog	2005-06-12 22:07:08 UTC (rev 3317)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog	2005-06-13 11:51:39 UTC (rev 3318)
@@ -1,3 +1,19 @@
+kernel-source-2.6.11 (2.6.11-7) UNRELEASED; urgency=low
+
+  * Merged 2.6.11.12:
+    o x86_64: Fix ptrace boundary check
+    o x86_64: avoid SMP boot up race
+    o fix hfsplus oops, hfs and hfsplus leak
+    o Fix deadlock with ip_queue and tcp local input path.
+    o ext3: fix log_do_checkpoint() assertion failure
+    o Fix for bttv driver (v0.9.15) for Leadtek WinFast VC100 XP capture cards
+    o netem: duplication fix
+    o prevent bad forwarding table updates
+    o try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()
+    (Frederik Schüler)
+
+ -- Frederik Schüler <fschueler@gmx.net>  Mon, 13 Jun 2005 11:07:35 +0200
+
 kernel-source-2.6.11 (2.6.11-6) unstable; urgency=low
 
   * The megaraid legacy driver is around only to support AMI megaraid 1 and 2.

Added: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch	2005-06-12 22:07:08 UTC (rev 3317)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch	2005-06-13 11:51:39 UTC (rev 3318)
@@ -0,0 +1,281 @@
+diff --git a/arch/x86_64/kernel/apic.c b/arch/x86_64/kernel/apic.c
+--- a/arch/x86_64/kernel/apic.c
++++ b/arch/x86_64/kernel/apic.c
+@@ -775,9 +775,7 @@ void __init setup_boot_APIC_clock (void)
+ 
+ void __init setup_secondary_APIC_clock(void)
+ {
+-	local_irq_disable(); /* FIXME: Do we need this? --RR */
+ 	setup_APIC_timer(calibration_result);
+-	local_irq_enable();
+ }
+ 
+ void __init disable_APIC_timer(void)
+diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
+--- a/arch/x86_64/kernel/ptrace.c
++++ b/arch/x86_64/kernel/ptrace.c
+@@ -252,7 +252,7 @@ asmlinkage long sys_ptrace(long request,
+ 			break;
+ 
+ 		switch (addr) { 
+-		case 0 ... sizeof(struct user_regs_struct):
++		case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
+ 			tmp = getreg(child, addr);
+ 			break;
+ 		case offsetof(struct user, u_debugreg[0]):
+@@ -297,7 +297,7 @@ asmlinkage long sys_ptrace(long request,
+ 			break;
+ 
+ 		switch (addr) { 
+-		case 0 ... sizeof(struct user_regs_struct): 
++		case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
+ 			ret = putreg(child, addr, data);
+ 			break;
+ 		/* Disallows to set a breakpoint into the vsyscall */
+diff --git a/arch/x86_64/kernel/smpboot.c b/arch/x86_64/kernel/smpboot.c
+--- a/arch/x86_64/kernel/smpboot.c
++++ b/arch/x86_64/kernel/smpboot.c
+@@ -309,8 +309,6 @@ void __init smp_callin(void)
+ 	Dprintk("CALLIN, before setup_local_APIC().\n");
+ 	setup_local_APIC();
+ 
+-	local_irq_enable();
+-
+ 	/*
+ 	 * Get our bogomips.
+ 	 */
+@@ -324,8 +322,6 @@ void __init smp_callin(void)
+ 	 */
+  	smp_store_cpu_info(cpuid);
+ 
+-	local_irq_disable();
+-
+ 	/*
+ 	 * Allow the master to continue.
+ 	 */
+diff --git a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c
+--- a/drivers/media/video/bttv-cards.c
++++ b/drivers/media/video/bttv-cards.c
+@@ -1939,7 +1939,6 @@ struct tvcard bttv_tvcards[] = {
+         .no_tda9875     = 1,
+         .no_tda7432     = 1,
+         .tuner_type     = TUNER_ABSENT,
+-        .no_video       = 1,
+ 	.pll            = PLL_28,
+ },{
+ 	.name           = "Teppro TEV-560/InterVision IV-560",
+diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c
+--- a/fs/hfs/mdb.c
++++ b/fs/hfs/mdb.c
+@@ -333,6 +333,8 @@ void hfs_mdb_close(struct super_block *s
+  * Release the resources associated with the in-core MDB.  */
+ void hfs_mdb_put(struct super_block *sb)
+ {
++	if (!HFS_SB(sb))
++		return;
+ 	/* free the B-trees */
+ 	hfs_btree_close(HFS_SB(sb)->ext_tree);
+ 	hfs_btree_close(HFS_SB(sb)->cat_tree);
+@@ -340,4 +342,7 @@ void hfs_mdb_put(struct super_block *sb)
+ 	/* free the buffers holding the primary and alternate MDBs */
+ 	brelse(HFS_SB(sb)->mdb_bh);
+ 	brelse(HFS_SB(sb)->alt_mdb_bh);
++
++	kfree(HFS_SB(sb));
++	sb->s_fs_info = NULL;
+ }
+diff --git a/fs/hfs/super.c b/fs/hfs/super.c
+--- a/fs/hfs/super.c
++++ b/fs/hfs/super.c
+@@ -263,7 +263,7 @@ static int hfs_fill_super(struct super_b
+ 	res = -EINVAL;
+ 	if (!parse_options((char *)data, sbi)) {
+ 		hfs_warn("hfs_fs: unable to parse mount options.\n");
+-		goto bail3;
++		goto bail;
+ 	}
+ 
+ 	sb->s_op = &hfs_super_operations;
+@@ -276,7 +276,7 @@ static int hfs_fill_super(struct super_b
+ 			hfs_warn("VFS: Can't find a HFS filesystem on dev %s.\n",
+ 				hfs_mdb_name(sb));
+ 		res = -EINVAL;
+-		goto bail2;
++		goto bail;
+ 	}
+ 
+ 	/* try to get the root inode */
+@@ -306,10 +306,8 @@ bail_iput:
+ 	iput(root_inode);
+ bail_no_root:
+ 	hfs_warn("hfs_fs: get root inode failed.\n");
++bail:
+ 	hfs_mdb_put(sb);
+-bail2:
+-bail3:
+-	kfree(sbi);
+ 	return res;
+ }
+ 
+diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c
+--- a/fs/hfsplus/super.c
++++ b/fs/hfsplus/super.c
+@@ -207,7 +207,9 @@ static void hfsplus_write_super(struct s
+ static void hfsplus_put_super(struct super_block *sb)
+ {
+ 	dprint(DBG_SUPER, "hfsplus_put_super\n");
+-	if (!(sb->s_flags & MS_RDONLY)) {
++	if (!sb->s_fs_info)
++		return;
++	if (!(sb->s_flags & MS_RDONLY) && HFSPLUS_SB(sb).s_vhdr) {
+ 		struct hfsplus_vh *vhdr = HFSPLUS_SB(sb).s_vhdr;
+ 
+ 		vhdr->modify_date = hfsp_now2mt();
+@@ -223,6 +225,8 @@ static void hfsplus_put_super(struct sup
+ 	iput(HFSPLUS_SB(sb).alloc_file);
+ 	iput(HFSPLUS_SB(sb).hidden_dir);
+ 	brelse(HFSPLUS_SB(sb).s_vhbh);
++	kfree(sb->s_fs_info);
++	sb->s_fs_info = NULL;
+ }
+ 
+ static int hfsplus_statfs(struct super_block *sb, struct kstatfs *buf)
+diff --git a/fs/jbd/checkpoint.c b/fs/jbd/checkpoint.c
+--- a/fs/jbd/checkpoint.c
++++ b/fs/jbd/checkpoint.c
+@@ -339,8 +339,10 @@ int log_do_checkpoint(journal_t *journal
+ 			}
+ 		} while (jh != last_jh && !retry);
+ 
+-		if (batch_count)
++		if (batch_count) {
+ 			__flush_batch(journal, bhs, &batch_count);
++			retry = 1;
++		}
+ 
+ 		/*
+ 		 * If someone cleaned up this transaction while we slept, we're
+diff --git a/mm/rmap.c b/mm/rmap.c
+--- a/mm/rmap.c
++++ b/mm/rmap.c
+@@ -641,7 +641,7 @@ static void try_to_unmap_cluster(unsigne
+ 	pgd_t *pgd;
+ 	pud_t *pud;
+ 	pmd_t *pmd;
+-	pte_t *pte;
++	pte_t *pte, *original_pte;
+ 	pte_t pteval;
+ 	struct page *page;
+ 	unsigned long address;
+@@ -673,7 +673,7 @@ static void try_to_unmap_cluster(unsigne
+ 	if (!pmd_present(*pmd))
+ 		goto out_unlock;
+ 
+-	for (pte = pte_offset_map(pmd, address);
++	for (original_pte = pte = pte_offset_map(pmd, address);
+ 			address < end; pte++, address += PAGE_SIZE) {
+ 
+ 		if (!pte_present(*pte))
+@@ -710,7 +710,7 @@ static void try_to_unmap_cluster(unsigne
+ 		(*mapcount)--;
+ 	}
+ 
+-	pte_unmap(pte);
++	pte_unmap(original_pte);
+ 
+ out_unlock:
+ 	spin_unlock(&mm->page_table_lock);
+diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -54,6 +54,9 @@ int br_handle_frame_finish(struct sk_buf
+ 	struct net_bridge_fdb_entry *dst;
+ 	int passedup = 0;
+ 
++	/* insert into forwarding database after filtering to avoid spoofing */
++	br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+ 	if (br->dev->flags & IFF_PROMISC) {
+ 		struct sk_buff *skb2;
+ 
+@@ -108,8 +111,7 @@ int br_handle_frame(struct net_bridge_po
+ 	if (eth_hdr(skb)->h_source[0] & 1)
+ 		goto err;
+ 
+-	if (p->state == BR_STATE_LEARNING ||
+-	    p->state == BR_STATE_FORWARDING)
++	if (p->state == BR_STATE_LEARNING)
+ 		br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
+ 
+ 	if (p->br->stp_enabled &&
+diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -140,6 +140,9 @@ int br_stp_handle_bpdu(struct sk_buff *s
+ 	struct net_bridge *br = p->br;
+ 	unsigned char *buf;
+ 
++	/* insert into forwarding database after filtering to avoid spoofing */
++	br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+ 	/* need at least the 802 and STP headers */
+ 	if (!pskb_may_pull(skb, sizeof(header)+1) ||
+ 	    memcmp(skb->data, header, sizeof(header)))
+diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
+--- a/net/ipv4/netfilter/ip_queue.c
++++ b/net/ipv4/netfilter/ip_queue.c
+@@ -3,6 +3,7 @@
+  * communicating with userspace via netlink.
+  *
+  * (C) 2000-2002 James Morris <jmorris@intercode.com.au>
++ * (C) 2003-2005 Netfilter Core Team <coreteam@netfilter.org>
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License version 2 as
+@@ -14,6 +15,7 @@
+  *             Zander).
+  * 2000-08-01: Added Nick Williams' MAC support.
+  * 2002-06-25: Code cleanup.
++ * 2005-05-26: local_bh_{disable,enable} around nf_reinject (Harald Welte)
+  *
+  */
+ #include <linux/module.h>
+@@ -66,7 +68,15 @@ static DECLARE_MUTEX(ipqnl_sem);
+ static void
+ ipq_issue_verdict(struct ipq_queue_entry *entry, int verdict)
+ {
++	/* TCP input path (and probably other bits) assume to be called
++	 * from softirq context, not from syscall, like ipq_issue_verdict is
++	 * called.  TCP input path deadlocks with locks taken from timer
++	 * softirq, e.g.  We therefore emulate this by local_bh_disable() */
++
++	local_bh_disable();
+ 	nf_reinject(entry->skb, entry->info, verdict);
++	local_bh_enable();
++
+ 	kfree(entry);
+ }
+ 
+diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
+--- a/net/sched/sch_netem.c
++++ b/net/sched/sch_netem.c
+@@ -184,10 +184,15 @@ static int netem_enqueue(struct sk_buff 
+ 	/* Random duplication */
+ 	if (q->duplicate && q->duplicate >= get_crandom(&q->dup_cor)) {
+ 		struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
+-
+-		pr_debug("netem_enqueue: dup %p\n", skb2);
+-		if (skb2)
+-			delay_skb(sch, skb2);
++		if (skb2) {
++			struct Qdisc *rootq = sch->dev->qdisc;
++			u32 dupsave = q->duplicate;
++
++			/* prevent duplicating a dup... */
++			q->duplicate = 0;
++			rootq->enqueue(skb2, rootq);
++			q->duplicate = dupsave;
++		}
+ 	}
+ 
+ 	/* If doing simple delay then gap == 0 so all packets

Added: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7	2005-06-12 22:07:08 UTC (rev 3317)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7	2005-06-13 11:51:39 UTC (rev 3318)
@@ -0,0 +1,2 @@
++ patch-2.6.11.12.patch
+