r4387 - in dists/trunk/linux-2.6/debian: . patches-debian
patches-debian/series
Frederik Schüler
fschueler-guest at costa.debian.org
Mon Oct 10 22:11:30 UTC 2005
Author: fschueler-guest
Date: 2005-10-10 22:11:21 +0000 (Mon, 10 Oct 2005)
New Revision: 4387
Added:
dists/trunk/linux-2.6/debian/patches-debian/patch-2.6.13.4
dists/trunk/linux-2.6/debian/patches-debian/series/2.6.13-2
Modified:
dists/trunk/linux-2.6/debian/changelog
Log:
Added patch-2.6.13.4.
Modified: dists/trunk/linux-2.6/debian/changelog
===================================================================
--- dists/trunk/linux-2.6/debian/changelog 2005-10-10 19:44:41 UTC (rev 4386)
+++ dists/trunk/linux-2.6/debian/changelog 2005-10-10 22:11:21 UTC (rev 4387)
@@ -25,8 +25,16 @@
[ Frederik Schüler ]
* deactivate FB_RIVA on all architectures.
+ * Added patch-2.6.13.4:
+ - key: plug request_key_auth memleak (CAN-2005-3119)
+ - Fix drm 'debug' sysfs permissions
+ - Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
+ - Fix userland FPU state corruption.
+ - BIC coding bug in Linux 2.6.13
+ - orinoco: Information leakage due to incorrect padding
+ - ieee1394/sbp2: fixes for hot-unplug and module unloading
- -- Frederik Schüler <fschueler at gmx.net> Mon, 10 Oct 2005 19:50:00 +0200
+ -- Frederik Schüler <fschueler at gmx.net> Mon, 10 Oct 2005 23:56:37 +0200
linux-2.6 (2.6.13-1) experimental; urgency=low
Added: dists/trunk/linux-2.6/debian/patches-debian/patch-2.6.13.4
===================================================================
--- dists/trunk/linux-2.6/debian/patches-debian/patch-2.6.13.4 2005-10-10 19:44:41 UTC (rev 4386)
+++ dists/trunk/linux-2.6/debian/patches-debian/patch-2.6.13.4 2005-10-10 22:11:21 UTC (rev 4387)
@@ -0,0 +1,369 @@
+diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S
+--- a/arch/sparc64/kernel/entry.S
++++ b/arch/sparc64/kernel/entry.S
+@@ -186,7 +186,7 @@ vmalloc_addr:
+ /* This is trivial with the new code... */
+ .globl do_fpdis
+ do_fpdis:
+- sethi %hi(TSTATE_PEF), %g4 ! IEU0
++ sethi %hi(TSTATE_PEF), %g4
+ rdpr %tstate, %g5
+ andcc %g5, %g4, %g0
+ be,pt %xcc, 1f
+@@ -203,18 +203,18 @@ do_fpdis:
+ add %g0, %g0, %g0
+ ba,a,pt %xcc, rtrap_clr_l6
+
+-1: ldub [%g6 + TI_FPSAVED], %g5 ! Load Group
+- wr %g0, FPRS_FEF, %fprs ! LSU Group+4bubbles
+- andcc %g5, FPRS_FEF, %g0 ! IEU1 Group
+- be,a,pt %icc, 1f ! CTI
+- clr %g7 ! IEU0
+- ldx [%g6 + TI_GSR], %g7 ! Load Group
+-1: andcc %g5, FPRS_DL, %g0 ! IEU1
+- bne,pn %icc, 2f ! CTI
+- fzero %f0 ! FPA
+- andcc %g5, FPRS_DU, %g0 ! IEU1 Group
+- bne,pn %icc, 1f ! CTI
+- fzero %f2 ! FPA
++1: ldub [%g6 + TI_FPSAVED], %g5
++ wr %g0, FPRS_FEF, %fprs
++ andcc %g5, FPRS_FEF, %g0
++ be,a,pt %icc, 1f
++ clr %g7
++ ldx [%g6 + TI_GSR], %g7
++1: andcc %g5, FPRS_DL, %g0
++ bne,pn %icc, 2f
++ fzero %f0
++ andcc %g5, FPRS_DU, %g0
++ bne,pn %icc, 1f
++ fzero %f2
+ faddd %f0, %f2, %f4
+ fmuld %f0, %f2, %f6
+ faddd %f0, %f2, %f8
+@@ -257,8 +257,10 @@ cplus_fptrap_insn_1:
+ add %g6, TI_FPREGS + 0xc0, %g2
+ faddd %f0, %f2, %f8
+ fmuld %f0, %f2, %f10
+- ldda [%g1] ASI_BLK_S, %f32 ! grrr, where is ASI_BLK_NUCLEUS 8-(
++ membar #Sync
++ ldda [%g1] ASI_BLK_S, %f32
+ ldda [%g2] ASI_BLK_S, %f48
++ membar #Sync
+ faddd %f0, %f2, %f12
+ fmuld %f0, %f2, %f14
+ faddd %f0, %f2, %f16
+@@ -269,7 +271,6 @@ cplus_fptrap_insn_1:
+ fmuld %f0, %f2, %f26
+ faddd %f0, %f2, %f28
+ fmuld %f0, %f2, %f30
+- membar #Sync
+ b,pt %xcc, fpdis_exit
+ nop
+ 2: andcc %g5, FPRS_DU, %g0
+@@ -286,8 +287,10 @@ cplus_fptrap_insn_2:
+ add %g6, TI_FPREGS + 0x40, %g2
+ faddd %f32, %f34, %f36
+ fmuld %f32, %f34, %f38
+- ldda [%g1] ASI_BLK_S, %f0 ! grrr, where is ASI_BLK_NUCLEUS 8-(
++ membar #Sync
++ ldda [%g1] ASI_BLK_S, %f0
+ ldda [%g2] ASI_BLK_S, %f16
++ membar #Sync
+ faddd %f32, %f34, %f40
+ fmuld %f32, %f34, %f42
+ faddd %f32, %f34, %f44
+@@ -300,7 +303,6 @@ cplus_fptrap_insn_2:
+ fmuld %f32, %f34, %f58
+ faddd %f32, %f34, %f60
+ fmuld %f32, %f34, %f62
+- membar #Sync
+ ba,pt %xcc, fpdis_exit
+ nop
+ 3: mov SECONDARY_CONTEXT, %g3
+@@ -311,7 +313,8 @@ cplus_fptrap_insn_3:
+ stxa %g2, [%g3] ASI_DMMU
+ membar #Sync
+ mov 0x40, %g2
+- ldda [%g1] ASI_BLK_S, %f0 ! grrr, where is ASI_BLK_NUCLEUS 8-(
++ membar #Sync
++ ldda [%g1] ASI_BLK_S, %f0
+ ldda [%g1 + %g2] ASI_BLK_S, %f16
+ add %g1, 0x80, %g1
+ ldda [%g1] ASI_BLK_S, %f32
+diff --git a/arch/sparc64/kernel/rtrap.S b/arch/sparc64/kernel/rtrap.S
+--- a/arch/sparc64/kernel/rtrap.S
++++ b/arch/sparc64/kernel/rtrap.S
+@@ -310,32 +310,33 @@ kern_fpucheck: ldub [%g6 + TI_FPDEPTH]
+ wr %g1, FPRS_FEF, %fprs
+ ldx [%o1 + %o5], %g1
+ add %g6, TI_XFSR, %o1
+- membar #StoreLoad | #LoadLoad
+ sll %o0, 8, %o2
+ add %g6, TI_FPREGS, %o3
+ brz,pn %l6, 1f
+ add %g6, TI_FPREGS+0x40, %o4
+
++ membar #Sync
+ ldda [%o3 + %o2] ASI_BLK_P, %f0
+ ldda [%o4 + %o2] ASI_BLK_P, %f16
++ membar #Sync
+ 1: andcc %l2, FPRS_DU, %g0
+ be,pn %icc, 1f
+ wr %g1, 0, %gsr
+ add %o2, 0x80, %o2
++ membar #Sync
+ ldda [%o3 + %o2] ASI_BLK_P, %f32
+ ldda [%o4 + %o2] ASI_BLK_P, %f48
+-
+ 1: membar #Sync
+ ldx [%o1 + %o5], %fsr
+ 2: stb %l5, [%g6 + TI_FPDEPTH]
+ ba,pt %xcc, rt_continue
+ nop
+ 5: wr %g0, FPRS_FEF, %fprs
+- membar #StoreLoad | #LoadLoad
+ sll %o0, 8, %o2
+
+ add %g6, TI_FPREGS+0x80, %o3
+ add %g6, TI_FPREGS+0xc0, %o4
++ membar #Sync
+ ldda [%o3 + %o2] ASI_BLK_P, %f32
+ ldda [%o4 + %o2] ASI_BLK_P, %f48
+ membar #Sync
+diff --git a/arch/sparc64/lib/VISsave.S b/arch/sparc64/lib/VISsave.S
+--- a/arch/sparc64/lib/VISsave.S
++++ b/arch/sparc64/lib/VISsave.S
+@@ -59,15 +59,17 @@ vis1: ldub [%g6 + TI_FPSAVED], %g3
+ be,pn %icc, 9b
+ add %g6, TI_FPREGS, %g2
+ andcc %o5, FPRS_DL, %g0
+- membar #StoreStore | #LoadStore
+
+ be,pn %icc, 4f
+ add %g6, TI_FPREGS+0x40, %g3
++ membar #Sync
+ stda %f0, [%g2 + %g1] ASI_BLK_P
+ stda %f16, [%g3 + %g1] ASI_BLK_P
++ membar #Sync
+ andcc %o5, FPRS_DU, %g0
+ be,pn %icc, 5f
+ 4: add %g1, 128, %g1
++ membar #Sync
+ stda %f32, [%g2 + %g1] ASI_BLK_P
+
+ stda %f48, [%g3 + %g1] ASI_BLK_P
+@@ -87,7 +89,7 @@ vis1: ldub [%g6 + TI_FPSAVED], %g3
+ sll %g1, 5, %g1
+ add %g6, TI_FPREGS+0xc0, %g3
+ wr %g0, FPRS_FEF, %fprs
+- membar #StoreStore | #LoadStore
++ membar #Sync
+ stda %f32, [%g2 + %g1] ASI_BLK_P
+ stda %f48, [%g3 + %g1] ASI_BLK_P
+ membar #Sync
+@@ -128,8 +130,8 @@ VISenterhalf:
+ be,pn %icc, 4f
+ add %g6, TI_FPREGS, %g2
+
+- membar #StoreStore | #LoadStore
+ add %g6, TI_FPREGS+0x40, %g3
++ membar #Sync
+ stda %f0, [%g2 + %g1] ASI_BLK_P
+ stda %f16, [%g3 + %g1] ASI_BLK_P
+ membar #Sync
+diff --git a/drivers/char/drm/drm_stub.c b/drivers/char/drm/drm_stub.c
+--- a/drivers/char/drm/drm_stub.c
++++ b/drivers/char/drm/drm_stub.c
+@@ -47,7 +47,7 @@ MODULE_PARM_DESC(cards_limit, "Maximum n
+ MODULE_PARM_DESC(debug, "Enable debug output");
+
+ module_param_named(cards_limit, drm_cards_limit, int, 0444);
+-module_param_named(debug, drm_debug, int, 0666);
++module_param_named(debug, drm_debug, int, 0600);
+
+ drm_head_t **drm_heads;
+ struct drm_sysfs_class *drm_class;
+diff --git a/drivers/ieee1394/sbp2.c b/drivers/ieee1394/sbp2.c
+--- a/drivers/ieee1394/sbp2.c
++++ b/drivers/ieee1394/sbp2.c
+@@ -596,6 +596,11 @@ static void sbp2util_mark_command_comple
+ spin_unlock_irqrestore(&scsi_id->sbp2_command_orb_lock, flags);
+ }
+
++static inline int sbp2util_node_is_available(struct scsi_id_instance_data *scsi_id)
++{
++ return scsi_id && scsi_id->ne && !scsi_id->ne->in_limbo;
++}
++
+
+
+ /*********************************************
+@@ -631,11 +636,23 @@ static int sbp2_remove(struct device *de
+ {
+ struct unit_directory *ud;
+ struct scsi_id_instance_data *scsi_id;
++ struct scsi_device *sdev;
+
+ SBP2_DEBUG("sbp2_remove");
+
+ ud = container_of(dev, struct unit_directory, device);
+ scsi_id = ud->device.driver_data;
++ if (!scsi_id)
++ return 0;
++
++ /* Trigger shutdown functions in scsi's highlevel. */
++ if (scsi_id->scsi_host)
++ scsi_unblock_requests(scsi_id->scsi_host);
++ sdev = scsi_id->sdev;
++ if (sdev) {
++ scsi_id->sdev = NULL;
++ scsi_remove_device(sdev);
++ }
+
+ sbp2_logout_device(scsi_id);
+ sbp2_remove_device(scsi_id);
+@@ -944,6 +961,7 @@ alloc_fail:
+ SBP2_ERR("scsi_add_device failed");
+ return PTR_ERR(sdev);
+ }
++ scsi_device_put(sdev);
+
+ return 0;
+ }
+@@ -2480,7 +2498,7 @@ static int sbp2scsi_queuecommand(struct
+ * If scsi_id is null, it means there is no device in this slot,
+ * so we should return selection timeout.
+ */
+- if (!scsi_id) {
++ if (!sbp2util_node_is_available(scsi_id)) {
+ SCpnt->result = DID_NO_CONNECT << 16;
+ done (SCpnt);
+ return 0;
+@@ -2683,6 +2701,18 @@ static void sbp2scsi_complete_command(st
+ }
+
+
++static int sbp2scsi_slave_alloc(struct scsi_device *sdev)
++{
++ ((struct scsi_id_instance_data *)sdev->host->hostdata[0])->sdev = sdev;
++ return 0;
++}
++
++static void sbp2scsi_slave_destroy(struct scsi_device *sdev)
++{
++ ((struct scsi_id_instance_data *)sdev->host->hostdata[0])->sdev = NULL;
++ return;
++}
++
+ static int sbp2scsi_slave_configure (struct scsi_device *sdev)
+ {
+ blk_queue_dma_alignment(sdev->request_queue, (512 - 1));
+@@ -2705,7 +2735,7 @@ static int sbp2scsi_abort(struct scsi_cm
+ SBP2_ERR("aborting sbp2 command");
+ scsi_print_command(SCpnt);
+
+- if (scsi_id) {
++ if (sbp2util_node_is_available(scsi_id)) {
+
+ /*
+ * Right now, just return any matching command structures
+@@ -2749,7 +2779,7 @@ static int __sbp2scsi_reset(struct scsi_
+
+ SBP2_ERR("reset requested");
+
+- if (scsi_id) {
++ if (sbp2util_node_is_available(scsi_id)) {
+ SBP2_ERR("Generating sbp2 fetch agent reset");
+ sbp2_agent_reset(scsi_id, 0);
+ }
+@@ -2817,7 +2847,9 @@ static struct scsi_host_template scsi_dr
+ .eh_device_reset_handler = sbp2scsi_reset,
+ .eh_bus_reset_handler = sbp2scsi_reset,
+ .eh_host_reset_handler = sbp2scsi_reset,
++ .slave_alloc = sbp2scsi_slave_alloc,
+ .slave_configure = sbp2scsi_slave_configure,
++ .slave_destroy = sbp2scsi_slave_destroy,
+ .this_id = -1,
+ .sg_tablesize = SG_ALL,
+ .use_clustering = ENABLE_CLUSTERING,
+diff --git a/drivers/net/wireless/orinoco.c b/drivers/net/wireless/orinoco.c
+--- a/drivers/net/wireless/orinoco.c
++++ b/drivers/net/wireless/orinoco.c
+@@ -502,9 +502,14 @@ static int orinoco_xmit(struct sk_buff *
+ return 0;
+ }
+
+- /* Length of the packet body */
+- /* FIXME: what if the skb is smaller than this? */
+- len = max_t(int,skb->len - ETH_HLEN, ETH_ZLEN - ETH_HLEN);
++ /* Check packet length, pad short packets, round up odd length */
++ len = max_t(int, ALIGN(skb->len, 2), ETH_ZLEN);
++ if (skb->len < len) {
++ skb = skb_padto(skb, len);
++ if (skb == NULL)
++ goto fail;
++ }
++ len -= ETH_HLEN;
+
+ eh = (struct ethhdr *)skb->data;
+
+@@ -556,8 +561,7 @@ static int orinoco_xmit(struct sk_buff *
+ p = skb->data;
+ }
+
+- /* Round up for odd length packets */
+- err = hermes_bap_pwrite(hw, USER_BAP, p, ALIGN(data_len, 2),
++ err = hermes_bap_pwrite(hw, USER_BAP, p, data_len,
+ txfid, data_off);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
+diff --git a/fs/namei.c b/fs/namei.c
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -1557,19 +1557,19 @@ do_link:
+ if (nd->last_type != LAST_NORM)
+ goto exit;
+ if (nd->last.name[nd->last.len]) {
+- putname(nd->last.name);
++ __putname(nd->last.name);
+ goto exit;
+ }
+ error = -ELOOP;
+ if (count++==32) {
+- putname(nd->last.name);
++ __putname(nd->last.name);
+ goto exit;
+ }
+ dir = nd->dentry;
+ down(&dir->d_inode->i_sem);
+ path.dentry = __lookup_hash(&nd->last, nd->dentry, nd);
+ path.mnt = nd->mnt;
+- putname(nd->last.name);
++ __putname(nd->last.name);
+ goto do_last;
+ }
+
+diff --git a/net/ipv4/tcp_bic.c b/net/ipv4/tcp_bic.c
+--- a/net/ipv4/tcp_bic.c
++++ b/net/ipv4/tcp_bic.c
+@@ -136,7 +136,7 @@ static inline void bictcp_update(struct
+ else if (cwnd < ca->last_max_cwnd + max_increment*(BICTCP_B-1))
+ /* slow start */
+ ca->cnt = (cwnd * (BICTCP_B-1))
+- / cwnd-ca->last_max_cwnd;
++ / (cwnd - ca->last_max_cwnd);
+ else
+ /* linear increase */
+ ca->cnt = cwnd / max_increment;
+diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
+--- a/security/keys/request_key_auth.c
++++ b/security/keys/request_key_auth.c
+@@ -96,6 +96,7 @@ static void request_key_auth_destroy(str
+ kenter("{%d}", key->serial);
+
+ key_put(rka->target_key);
++ kfree(rka);
+
+ } /* end request_key_auth_destroy() */
+
Added: dists/trunk/linux-2.6/debian/patches-debian/series/2.6.13-2
===================================================================
--- dists/trunk/linux-2.6/debian/patches-debian/series/2.6.13-2 2005-10-10 19:44:41 UTC (rev 4386)
+++ dists/trunk/linux-2.6/debian/patches-debian/series/2.6.13-2 2005-10-10 22:11:21 UTC (rev 4387)
@@ -0,0 +1 @@
++ patch-2.6.13.4
More information about the Kernel-svn-changes
mailing list