r4404 -
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches
Simon Horman
horms at costa.debian.org
Tue Oct 11 10:26:47 UTC 2005
Author: horms
Date: 2005-10-11 10:26:46 +0000 (Tue, 11 Oct 2005)
New Revision: 4404
Added:
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch
Log:
add missing patches
Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch 2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch 2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,189 @@
+From stable-bounces at linux.kernel.org Fri Oct 7 13:41:25 2005
+Date: Fri, 07 Oct 2005 13:41:17 -0700 (PDT)
+To: stable at kernel.org
+From: "David S. Miller" <davem at davemloft.net>
+Cc:
+Subject: [SPARC64]: Fix userland FPU state corruption.
+
+We need to use stricter memory barriers around the block
+load and store instructions we use to save and restore the
+FPU register file.
+
+Signed-off-by: David S. Miller <davem at davemloft.net>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ arch/sparc64/kernel/entry.S | 39 +++++++++++++++++++++------------------
+ arch/sparc64/kernel/rtrap.S | 7 ++++---
+ arch/sparc64/lib/VISsave.S | 8 +++++---
+ 3 files changed, 30 insertions(+), 24 deletions(-)
+
+Backported to Debian's 2.6.8 by Horms
+
+--- from-0001/arch/sparc64/kernel/entry.S
++++ to-work/arch/sparc64/kernel/entry.S 2005-10-11 18:42:25.000000000 +0900
+@@ -135,7 +135,7 @@ vmalloc_addr: ! vmalloc addr access
+ /* This is trivial with the new code... */
+ .globl do_fpdis
+ do_fpdis:
+- sethi %hi(TSTATE_PEF), %g4 ! IEU0
++ sethi %hi(TSTATE_PEF), %g4
+ rdpr %tstate, %g5
+ andcc %g5, %g4, %g0
+ be,pt %xcc, 1f
+@@ -152,18 +152,18 @@ do_fpdis:
+ add %g0, %g0, %g0
+ ba,a,pt %xcc, rtrap_clr_l6
+
+-1: ldub [%g6 + TI_FPSAVED], %g5 ! Load Group
+- wr %g0, FPRS_FEF, %fprs ! LSU Group+4bubbles
+- andcc %g5, FPRS_FEF, %g0 ! IEU1 Group
+- be,a,pt %icc, 1f ! CTI
+- clr %g7 ! IEU0
+- ldx [%g6 + TI_GSR], %g7 ! Load Group
+-1: andcc %g5, FPRS_DL, %g0 ! IEU1
+- bne,pn %icc, 2f ! CTI
+- fzero %f0 ! FPA
+- andcc %g5, FPRS_DU, %g0 ! IEU1 Group
+- bne,pn %icc, 1f ! CTI
+- fzero %f2 ! FPA
++1: ldub [%g6 + TI_FPSAVED], %g5
++ wr %g0, FPRS_FEF, %fprs
++ andcc %g5, FPRS_FEF, %g0
++ be,a,pt %icc, 1f
++ clr %g7
++ ldx [%g6 + TI_GSR], %g7
++1: andcc %g5, FPRS_DL, %g0
++ bne,pn %icc, 2f
++ fzero %f0
++ andcc %g5, FPRS_DU, %g0
++ bne,pn %icc, 1f
++ fzero %f2
+ faddd %f0, %f2, %f4
+ fmuld %f0, %f2, %f6
+ faddd %f0, %f2, %f8
+@@ -204,8 +204,10 @@ do_fpdis:
+ membar #Sync
+ faddd %f0, %f2, %f8
+ fmuld %f0, %f2, %f10
+- ldda [%g1] ASI_BLK_S, %f32 ! grrr, where is ASI_BLK_NUCLEUS 8-(
++ membar #Sync
++ ldda [%g1] ASI_BLK_S, %f32
+ ldda [%g2] ASI_BLK_S, %f48
++ membar #Sync
+ faddd %f0, %f2, %f12
+ fmuld %f0, %f2, %f14
+ faddd %f0, %f2, %f16
+@@ -217,7 +219,6 @@ do_fpdis:
+ faddd %f0, %f2, %f28
+ fmuld %f0, %f2, %f30
+ b,pt %xcc, fpdis_exit
+- membar #Sync
+ 2: andcc %g5, FPRS_DU, %g0
+ bne,pt %icc, 3f
+ fzero %f32
+@@ -230,8 +231,10 @@ do_fpdis:
+ add %g6, TI_FPREGS + 0x40, %g2
+ faddd %f32, %f34, %f36
+ fmuld %f32, %f34, %f38
+- ldda [%g1] ASI_BLK_S, %f0 ! grrr, where is ASI_BLK_NUCLEUS 8-(
++ membar #Sync
++ ldda [%g1] ASI_BLK_S, %f0
+ ldda [%g2] ASI_BLK_S, %f16
++ membar #Sync
+ faddd %f32, %f34, %f40
+ fmuld %f32, %f34, %f42
+ faddd %f32, %f34, %f44
+@@ -245,14 +248,13 @@ do_fpdis:
+ faddd %f32, %f34, %f60
+ fmuld %f32, %f34, %f62
+ ba,pt %xcc, fpdis_exit
+- membar #Sync
+ 3: mov SECONDARY_CONTEXT, %g3
+ add %g6, TI_FPREGS, %g1
+ ldxa [%g3] ASI_DMMU, %g5
+ mov 0x40, %g2
+ stxa %g0, [%g3] ASI_DMMU
+ membar #Sync
+- ldda [%g1] ASI_BLK_S, %f0 ! grrr, where is ASI_BLK_NUCLEUS 8-(
++ ldda [%g1] ASI_BLK_S, %f0
+ ldda [%g1 + %g2] ASI_BLK_S, %f16
+ add %g1, 0x80, %g1
+ ldda [%g1] ASI_BLK_S, %f32
+--- from-0001/arch/sparc64/kernel/rtrap.S
++++ to-work/arch/sparc64/kernel/rtrap.S 2005-10-11 18:45:26.000000000 +0900
+@@ -303,18 +303,20 @@ kern_fpucheck: ldub [%g6 + TI_FPDEPTH]
+ wr %g5, FPRS_FEF, %fprs
+ ldx [%o1 + %o5], %g5
+ add %g6, TI_XFSR, %o1
+- membar #StoreLoad | #LoadLoad
+ sll %o0, 8, %o2
+ add %g6, TI_FPREGS, %o3
+ brz,pn %l6, 1f
+ add %g6, TI_FPREGS+0x40, %o4
+
++ membar #Sync
+ ldda [%o3 + %o2] ASI_BLK_P, %f0
+ ldda [%o4 + %o2] ASI_BLK_P, %f16
++ membar #Sync
+ 1: andcc %l2, FPRS_DU, %g0
+ be,pn %icc, 1f
+ wr %g5, 0, %gsr
+ add %o2, 0x80, %o2
++ membar #Sync
+ ldda [%o3 + %o2] ASI_BLK_P, %f32
+ ldda [%o4 + %o2] ASI_BLK_P, %f48
+
+@@ -324,11 +326,11 @@ kern_fpucheck: ldub [%g6 + TI_FPDEPTH]
+ ba,pt %xcc, rt_continue
+ nop
+ 5: wr %g0, FPRS_FEF, %fprs
+- membar #StoreLoad | #LoadLoad
+ sll %o0, 8, %o2
+
+ add %g6, TI_FPREGS+0x80, %o3
+ add %g6, TI_FPREGS+0xc0, %o4
++ membar #Sync
+ ldda [%o3 + %o2] ASI_BLK_P, %f32
+ ldda [%o4 + %o2] ASI_BLK_P, %f48
+ membar #Sync
+--- from-0001/arch/sparc64/lib/VISsave.S
++++ to-work/arch/sparc64/lib/VISsave.S 2005-10-11 18:32:00.000000000 +0900
+@@ -59,15 +59,17 @@ vis1: ldub [%g6 + TI_FPSAVED], %g3
+ be,pn %icc, 9b
+ add %g6, TI_FPREGS, %g2
+ andcc %o5, FPRS_DL, %g0
+- membar #StoreStore | #LoadStore
+
+ be,pn %icc, 4f
+ add %g6, TI_FPREGS+0x40, %g3
++ membar #Sync
+ stda %f0, [%g2 + %g1] ASI_BLK_P
+ stda %f16, [%g3 + %g1] ASI_BLK_P
++ membar #Sync
+ andcc %o5, FPRS_DU, %g0
+ be,pn %icc, 5f
+ 4: add %g1, 128, %g1
++ membar #Sync
+ stda %f32, [%g2 + %g1] ASI_BLK_P
+
+ stda %f48, [%g3 + %g1] ASI_BLK_P
+@@ -83,7 +85,7 @@ vis1: ldub [%g6 + TI_FPSAVED], %g3
+ sll %g1, 5, %g1
+ add %g6, TI_FPREGS+0xc0, %g3
+ wr %g0, FPRS_FEF, %fprs
+- membar #StoreStore | #LoadStore
++ membar #Sync
+ stda %f32, [%g2 + %g1] ASI_BLK_P
+ stda %f48, [%g3 + %g1] ASI_BLK_P
+ membar #Sync
+@@ -121,8 +123,8 @@ VISenterhalf:
+ be,pn %icc, 4f
+ add %g6, TI_FPREGS, %g2
+
+- membar #StoreStore | #LoadStore
+ add %g6, TI_FPREGS+0x40, %g3
++ membar #Sync
+ stda %f0, [%g2 + %g1] ASI_BLK_P
+ stda %f16, [%g3 + %g1] ASI_BLK_P
+ membar #Sync
Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch 2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch 2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,130 @@
+From stable-bounces at linux.kernel.org Sat Oct 1 10:58:10 2005
+Date: Sat, 1 Oct 2005 19:57:47 +0200 (CEST)
+From: Stefan Richter <stefanr at s5r6.in-berlin.de>
+Subject: [PATCH] ieee1394/sbp2: fixes for hot-unplug and module unloading
+To: stable at kernel.org
+Cc: chrisw at osdl.org, bcollins at debian.org, greg at kroah.com
+
+Fixes for reference counting problems, deadlocks, and delays when SBP-2 devices
+are unplugged or unbound from sbp2, or when unloading of sbp2/ ohci1394/ pcilynx
+is attempted.
+
+Most often reported symptoms were hotplugs remaining undetected once a FireWire
+disk was unplugged since the knodemgrd kernel thread went to uninterruptible
+sleep, and "modprobe -r sbp2" being unable to complete because still being in
+use.
+
+Patch is equivalent to commit abd559b1052e28d8b9c28aabde241f18fa89090b in
+2.6.14-rc3 plus a fix which is necessary together with 2.6.13's scsi core API
+(linux1394.org commit r1308 by Ben Collins).
+
+Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
+Cc: Ben Collins <bcollins at debian.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ drivers/ieee1394/sbp2.c | 38 +++++++++++++++++++++++++++++++++++---
+ 1 file changed, 35 insertions(+), 3 deletions(-)
+
+--- linux-2.6.13.y.orig/drivers/ieee1394/sbp2.c
++++ linux-2.6.13.y/drivers/ieee1394/sbp2.c
+@@ -596,6 +596,11 @@ static void sbp2util_mark_command_comple
+ spin_unlock_irqrestore(&scsi_id->sbp2_command_orb_lock, flags);
+ }
+
++static inline int sbp2util_node_is_available(struct scsi_id_instance_data *scsi_id)
++{
++ return scsi_id && scsi_id->ne && !scsi_id->ne->in_limbo;
++}
++
+
+
+ /*********************************************
+@@ -631,11 +636,23 @@ static int sbp2_remove(struct device *de
+ {
+ struct unit_directory *ud;
+ struct scsi_id_instance_data *scsi_id;
++ struct scsi_device *sdev;
+
+ SBP2_DEBUG("sbp2_remove");
+
+ ud = container_of(dev, struct unit_directory, device);
+ scsi_id = ud->device.driver_data;
++ if (!scsi_id)
++ return 0;
++
++ /* Trigger shutdown functions in scsi's highlevel. */
++ if (scsi_id->scsi_host)
++ scsi_unblock_requests(scsi_id->scsi_host);
++ sdev = scsi_id->sdev;
++ if (sdev) {
++ scsi_id->sdev = NULL;
++ scsi_remove_device(sdev);
++ }
+
+ sbp2_logout_device(scsi_id);
+ sbp2_remove_device(scsi_id);
+@@ -944,6 +961,7 @@ alloc_fail:
+ SBP2_ERR("scsi_add_device failed");
+ return PTR_ERR(sdev);
+ }
++ scsi_device_put(sdev);
+
+ return 0;
+ }
+@@ -2480,7 +2498,7 @@ static int sbp2scsi_queuecommand(struct
+ * If scsi_id is null, it means there is no device in this slot,
+ * so we should return selection timeout.
+ */
+- if (!scsi_id) {
++ if (!sbp2util_node_is_available(scsi_id)) {
+ SCpnt->result = DID_NO_CONNECT << 16;
+ done (SCpnt);
+ return 0;
+@@ -2683,6 +2701,18 @@ static void sbp2scsi_complete_command(st
+ }
+
+
++static int sbp2scsi_slave_alloc(struct scsi_device *sdev)
++{
++ ((struct scsi_id_instance_data *)sdev->host->hostdata[0])->sdev = sdev;
++ return 0;
++}
++
++static void sbp2scsi_slave_destroy(struct scsi_device *sdev)
++{
++ ((struct scsi_id_instance_data *)sdev->host->hostdata[0])->sdev = NULL;
++ return;
++}
++
+ static int sbp2scsi_slave_configure (struct scsi_device *sdev)
+ {
+ blk_queue_dma_alignment(sdev->request_queue, (512 - 1));
+@@ -2705,7 +2735,7 @@ static int sbp2scsi_abort(struct scsi_cm
+ SBP2_ERR("aborting sbp2 command");
+ scsi_print_command(SCpnt);
+
+- if (scsi_id) {
++ if (sbp2util_node_is_available(scsi_id)) {
+
+ /*
+ * Right now, just return any matching command structures
+@@ -2749,7 +2779,7 @@ static int __sbp2scsi_reset(struct scsi_
+
+ SBP2_ERR("reset requested");
+
+- if (scsi_id) {
++ if (sbp2util_node_is_available(scsi_id)) {
+ SBP2_ERR("Generating sbp2 fetch agent reset");
+ sbp2_agent_reset(scsi_id, 0);
+ }
+@@ -2817,7 +2847,9 @@ static struct scsi_host_template scsi_dr
+ .eh_device_reset_handler = sbp2scsi_reset,
+ .eh_bus_reset_handler = sbp2scsi_reset,
+ .eh_host_reset_handler = sbp2scsi_reset,
++ .slave_alloc = sbp2scsi_slave_alloc,
+ .slave_configure = sbp2scsi_slave_configure,
++ .slave_destroy = sbp2scsi_slave_destroy,
+ .this_id = -1,
+ .sg_tablesize = SG_ALL,
+ .use_clustering = ENABLE_CLUSTERING,
Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch 2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch 2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,52 @@
+From stable-bounces at linux.kernel.org Tue Oct 4 20:36:20 2005
+Date: Tue, 04 Oct 2005 21:33:10 -0400
+From: Pavel Roskin <proski at gnu.org>
+To: orinoco-devel <orinoco-devel at lists.sourceforge.net>, NetDev <netdev at vger.kernel.org>
+Cc: Meder Kydyraliev <meder at o0o.nu>
+Subject: [PATCH] orinoco: Information leakage due to incorrect padding
+
+The orinoco driver can send uninitialized data exposing random pieces of
+the system memory. This happens because data is not padded with zeroes
+when its length needs to be increased.
+
+Reported by Meder Kydyraliev <meder at o0o.nu>
+
+Signed-off-by: Pavel Roskin <proski at gnu.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ drivers/net/wireless/orinoco.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+Backported to Debian's 2.6.8 by Horms
+
+--- from-0001/drivers/net/wireless/orinoco.c
++++ to-0003/drivers/net/wireless/orinoco.c 2005-10-11 15:26:22.000000000 +0900
+@@ -2358,9 +2358,14 @@ orinoco_xmit(struct sk_buff *skb, struct
+ return 0;
+ }
+
+- /* Length of the packet body */
+- /* FIXME: what if the skb is smaller than this? */
+- len = max_t(int,skb->len - ETH_HLEN, ETH_ZLEN - ETH_HLEN);
++ /* Check packet length, pad short packets, round up odd length */
++ len = max_t(int, ALIGN(skb->len, 2), ETH_ZLEN);
++ if (skb->len < len) {
++ skb = skb_padto(skb, len);
++ if (skb == NULL)
++ goto fail;
++ }
++ len -= ETH_HLEN;
+
+ eh = (struct ethhdr *)skb->data;
+
+@@ -2411,7 +2416,8 @@ orinoco_xmit(struct sk_buff *skb, struct
+ }
+
+ /* Round up for odd length packets */
+- err = hermes_bap_pwrite(hw, USER_BAP, p, RUP_EVEN(data_len), txfid, data_off);
++ err = hermes_bap_pwrite(hw, USER_BAP, p, data_len,
++ txfid, data_off);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
+ dev->name, err);
Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch 2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch 2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,51 @@
+From: Linus Torvalds <torvalds at osdl.org>
+Date: Fri, 7 Oct 2005 04:54:21 +0000 (-0700)
+Subject: [PATCH] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
+
+Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
+
+The nameidata "last.name" is always allocated with "__getname()", and
+should always be free'd with "__putname()".
+
+Using "putname()" without the underscores will leak memory, because the
+allocation will have been hidden from the AUDITSYSCALL code.
+
+Arguably the real bug is that the AUDITSYSCALL code is really broken,
+but in the meantime this fixes the problem people see.
+
+Reported by Robert Derr, patch by Rick Lindsley.
+
+Acked-by: Al Viro <viro at ftp.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ fs/namei.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Backported to Debian's 2.6.8 by Horms
+
+--- from-0001/fs/namei.c
++++ to-work/fs/namei.c 2005-10-11 18:21:45.000000000 +0900
+@@ -1469,18 +1469,18 @@ do_link:
+ if (nd->last_type != LAST_NORM)
+ goto exit;
+ if (nd->last.name[nd->last.len]) {
+- putname(nd->last.name);
++ __putname(nd->last.name);
+ goto exit;
+ }
+ error = -ELOOP;
+ if (count++==32) {
+- putname(nd->last.name);
++ __putname(nd->last.name);
+ goto exit;
+ }
+ dir = nd->dentry;
+ down(&dir->d_inode->i_sem);
+ dentry = __lookup_hash(&nd->last, nd->dentry, nd);
+- putname(nd->last.name);
++ __putname(nd->last.name);
+ goto do_last;
+ }
+
More information about the Kernel-svn-changes
mailing list