r3318 - in trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian: . patches patches/series
Frederik Schüler
fschueler-guest@costa.debian.org
Mon, 13 Jun 2005 11:51:40 +0000
Author: fschueler-guest
Date: 2005-06-13 11:51:39 +0000 (Mon, 13 Jun 2005)
New Revision: 3318
Added:
trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch
trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7
Modified:
trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
Log:
Merge 2.6.11.12
Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog 2005-06-12 22:07:08 UTC (rev 3317)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog 2005-06-13 11:51:39 UTC (rev 3318)
@@ -1,3 +1,19 @@
+kernel-source-2.6.11 (2.6.11-7) UNRELEASED; urgency=low
+
+ * Merged 2.6.11.12:
+ o x86_64: Fix ptrace boundary check
+ o x86_64: avoid SMP boot up race
+ o fix hfsplus oops, hfs and hfsplus leak
+ o Fix deadlock with ip_queue and tcp local input path.
+ o ext3: fix log_do_checkpoint() assertion failure
+ o Fix for bttv driver (v0.9.15) for Leadtek WinFast VC100 XP capture cards
+ o netem: duplication fix
+ o prevent bad forwarding table updates
+ o try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()
+ (Frederik Schüler)
+
+ -- Frederik Schüler <fschueler@gmx.net> Mon, 13 Jun 2005 11:07:35 +0200
+
kernel-source-2.6.11 (2.6.11-6) unstable; urgency=low
* The megaraid legacy driver is around only to support AMI megaraid 1 and 2.
Added: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch 2005-06-12 22:07:08 UTC (rev 3317)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/patch-2.6.11.12.patch 2005-06-13 11:51:39 UTC (rev 3318)
@@ -0,0 +1,281 @@
+diff --git a/arch/x86_64/kernel/apic.c b/arch/x86_64/kernel/apic.c
+--- a/arch/x86_64/kernel/apic.c
++++ b/arch/x86_64/kernel/apic.c
+@@ -775,9 +775,7 @@ void __init setup_boot_APIC_clock (void)
+
+ void __init setup_secondary_APIC_clock(void)
+ {
+- local_irq_disable(); /* FIXME: Do we need this? --RR */
+ setup_APIC_timer(calibration_result);
+- local_irq_enable();
+ }
+
+ void __init disable_APIC_timer(void)
+diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
+--- a/arch/x86_64/kernel/ptrace.c
++++ b/arch/x86_64/kernel/ptrace.c
+@@ -252,7 +252,7 @@ asmlinkage long sys_ptrace(long request,
+ break;
+
+ switch (addr) {
+- case 0 ... sizeof(struct user_regs_struct):
++ case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
+ tmp = getreg(child, addr);
+ break;
+ case offsetof(struct user, u_debugreg[0]):
+@@ -297,7 +297,7 @@ asmlinkage long sys_ptrace(long request,
+ break;
+
+ switch (addr) {
+- case 0 ... sizeof(struct user_regs_struct):
++ case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
+ ret = putreg(child, addr, data);
+ break;
+ /* Disallows to set a breakpoint into the vsyscall */
+diff --git a/arch/x86_64/kernel/smpboot.c b/arch/x86_64/kernel/smpboot.c
+--- a/arch/x86_64/kernel/smpboot.c
++++ b/arch/x86_64/kernel/smpboot.c
+@@ -309,8 +309,6 @@ void __init smp_callin(void)
+ Dprintk("CALLIN, before setup_local_APIC().\n");
+ setup_local_APIC();
+
+- local_irq_enable();
+-
+ /*
+ * Get our bogomips.
+ */
+@@ -324,8 +322,6 @@ void __init smp_callin(void)
+ */
+ smp_store_cpu_info(cpuid);
+
+- local_irq_disable();
+-
+ /*
+ * Allow the master to continue.
+ */
+diff --git a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c
+--- a/drivers/media/video/bttv-cards.c
++++ b/drivers/media/video/bttv-cards.c
+@@ -1939,7 +1939,6 @@ struct tvcard bttv_tvcards[] = {
+ .no_tda9875 = 1,
+ .no_tda7432 = 1,
+ .tuner_type = TUNER_ABSENT,
+- .no_video = 1,
+ .pll = PLL_28,
+ },{
+ .name = "Teppro TEV-560/InterVision IV-560",
+diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c
+--- a/fs/hfs/mdb.c
++++ b/fs/hfs/mdb.c
+@@ -333,6 +333,8 @@ void hfs_mdb_close(struct super_block *s
+ * Release the resources associated with the in-core MDB. */
+ void hfs_mdb_put(struct super_block *sb)
+ {
++ if (!HFS_SB(sb))
++ return;
+ /* free the B-trees */
+ hfs_btree_close(HFS_SB(sb)->ext_tree);
+ hfs_btree_close(HFS_SB(sb)->cat_tree);
+@@ -340,4 +342,7 @@ void hfs_mdb_put(struct super_block *sb)
+ /* free the buffers holding the primary and alternate MDBs */
+ brelse(HFS_SB(sb)->mdb_bh);
+ brelse(HFS_SB(sb)->alt_mdb_bh);
++
++ kfree(HFS_SB(sb));
++ sb->s_fs_info = NULL;
+ }
+diff --git a/fs/hfs/super.c b/fs/hfs/super.c
+--- a/fs/hfs/super.c
++++ b/fs/hfs/super.c
+@@ -263,7 +263,7 @@ static int hfs_fill_super(struct super_b
+ res = -EINVAL;
+ if (!parse_options((char *)data, sbi)) {
+ hfs_warn("hfs_fs: unable to parse mount options.\n");
+- goto bail3;
++ goto bail;
+ }
+
+ sb->s_op = &hfs_super_operations;
+@@ -276,7 +276,7 @@ static int hfs_fill_super(struct super_b
+ hfs_warn("VFS: Can't find a HFS filesystem on dev %s.\n",
+ hfs_mdb_name(sb));
+ res = -EINVAL;
+- goto bail2;
++ goto bail;
+ }
+
+ /* try to get the root inode */
+@@ -306,10 +306,8 @@ bail_iput:
+ iput(root_inode);
+ bail_no_root:
+ hfs_warn("hfs_fs: get root inode failed.\n");
++bail:
+ hfs_mdb_put(sb);
+-bail2:
+-bail3:
+- kfree(sbi);
+ return res;
+ }
+
+diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c
+--- a/fs/hfsplus/super.c
++++ b/fs/hfsplus/super.c
+@@ -207,7 +207,9 @@ static void hfsplus_write_super(struct s
+ static void hfsplus_put_super(struct super_block *sb)
+ {
+ dprint(DBG_SUPER, "hfsplus_put_super\n");
+- if (!(sb->s_flags & MS_RDONLY)) {
++ if (!sb->s_fs_info)
++ return;
++ if (!(sb->s_flags & MS_RDONLY) && HFSPLUS_SB(sb).s_vhdr) {
+ struct hfsplus_vh *vhdr = HFSPLUS_SB(sb).s_vhdr;
+
+ vhdr->modify_date = hfsp_now2mt();
+@@ -223,6 +225,8 @@ static void hfsplus_put_super(struct sup
+ iput(HFSPLUS_SB(sb).alloc_file);
+ iput(HFSPLUS_SB(sb).hidden_dir);
+ brelse(HFSPLUS_SB(sb).s_vhbh);
++ kfree(sb->s_fs_info);
++ sb->s_fs_info = NULL;
+ }
+
+ static int hfsplus_statfs(struct super_block *sb, struct kstatfs *buf)
+diff --git a/fs/jbd/checkpoint.c b/fs/jbd/checkpoint.c
+--- a/fs/jbd/checkpoint.c
++++ b/fs/jbd/checkpoint.c
+@@ -339,8 +339,10 @@ int log_do_checkpoint(journal_t *journal
+ }
+ } while (jh != last_jh && !retry);
+
+- if (batch_count)
++ if (batch_count) {
+ __flush_batch(journal, bhs, &batch_count);
++ retry = 1;
++ }
+
+ /*
+ * If someone cleaned up this transaction while we slept, we're
+diff --git a/mm/rmap.c b/mm/rmap.c
+--- a/mm/rmap.c
++++ b/mm/rmap.c
+@@ -641,7 +641,7 @@ static void try_to_unmap_cluster(unsigne
+ pgd_t *pgd;
+ pud_t *pud;
+ pmd_t *pmd;
+- pte_t *pte;
++ pte_t *pte, *original_pte;
+ pte_t pteval;
+ struct page *page;
+ unsigned long address;
+@@ -673,7 +673,7 @@ static void try_to_unmap_cluster(unsigne
+ if (!pmd_present(*pmd))
+ goto out_unlock;
+
+- for (pte = pte_offset_map(pmd, address);
++ for (original_pte = pte = pte_offset_map(pmd, address);
+ address < end; pte++, address += PAGE_SIZE) {
+
+ if (!pte_present(*pte))
+@@ -710,7 +710,7 @@ static void try_to_unmap_cluster(unsigne
+ (*mapcount)--;
+ }
+
+- pte_unmap(pte);
++ pte_unmap(original_pte);
+
+ out_unlock:
+ spin_unlock(&mm->page_table_lock);
+diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -54,6 +54,9 @@ int br_handle_frame_finish(struct sk_buf
+ struct net_bridge_fdb_entry *dst;
+ int passedup = 0;
+
++ /* insert into forwarding database after filtering to avoid spoofing */
++ br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+ if (br->dev->flags & IFF_PROMISC) {
+ struct sk_buff *skb2;
+
+@@ -108,8 +111,7 @@ int br_handle_frame(struct net_bridge_po
+ if (eth_hdr(skb)->h_source[0] & 1)
+ goto err;
+
+- if (p->state == BR_STATE_LEARNING ||
+- p->state == BR_STATE_FORWARDING)
++ if (p->state == BR_STATE_LEARNING)
+ br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
+
+ if (p->br->stp_enabled &&
+diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -140,6 +140,9 @@ int br_stp_handle_bpdu(struct sk_buff *s
+ struct net_bridge *br = p->br;
+ unsigned char *buf;
+
++ /* insert into forwarding database after filtering to avoid spoofing */
++ br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+ /* need at least the 802 and STP headers */
+ if (!pskb_may_pull(skb, sizeof(header)+1) ||
+ memcmp(skb->data, header, sizeof(header)))
+diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
+--- a/net/ipv4/netfilter/ip_queue.c
++++ b/net/ipv4/netfilter/ip_queue.c
+@@ -3,6 +3,7 @@
+ * communicating with userspace via netlink.
+ *
+ * (C) 2000-2002 James Morris <jmorris@intercode.com.au>
++ * (C) 2003-2005 Netfilter Core Team <coreteam@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+@@ -14,6 +15,7 @@
+ * Zander).
+ * 2000-08-01: Added Nick Williams' MAC support.
+ * 2002-06-25: Code cleanup.
++ * 2005-05-26: local_bh_{disable,enable} around nf_reinject (Harald Welte)
+ *
+ */
+ #include <linux/module.h>
+@@ -66,7 +68,15 @@ static DECLARE_MUTEX(ipqnl_sem);
+ static void
+ ipq_issue_verdict(struct ipq_queue_entry *entry, int verdict)
+ {
++ /* TCP input path (and probably other bits) assume to be called
++ * from softirq context, not from syscall, like ipq_issue_verdict is
++ * called. TCP input path deadlocks with locks taken from timer
++ * softirq, e.g. We therefore emulate this by local_bh_disable() */
++
++ local_bh_disable();
+ nf_reinject(entry->skb, entry->info, verdict);
++ local_bh_enable();
++
+ kfree(entry);
+ }
+
+diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
+--- a/net/sched/sch_netem.c
++++ b/net/sched/sch_netem.c
+@@ -184,10 +184,15 @@ static int netem_enqueue(struct sk_buff
+ /* Random duplication */
+ if (q->duplicate && q->duplicate >= get_crandom(&q->dup_cor)) {
+ struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
+-
+- pr_debug("netem_enqueue: dup %p\n", skb2);
+- if (skb2)
+- delay_skb(sch, skb2);
++ if (skb2) {
++ struct Qdisc *rootq = sch->dev->qdisc;
++ u32 dupsave = q->duplicate;
++
++ /* prevent duplicating a dup... */
++ q->duplicate = 0;
++ rootq->enqueue(skb2, rootq);
++ q->duplicate = dupsave;
++ }
+ }
+
+ /* If doing simple delay then gap == 0 so all packets
Added: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7 2005-06-12 22:07:08 UTC (rev 3317)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-7 2005-06-13 11:51:39 UTC (rev 3318)
@@ -0,0 +1,2 @@
++ patch-2.6.11.12.patch
+