[kernel] r12550 - in dists/sid/linux-2.6/debian: . patches/bugfix/mips patches/series

Thu Jan 8 19:05:32 UTC 2009

Author: tbm
Date: Thu Jan  8 19:05:30 2009
New Revision: 12550

Log:
Add some patches from the Linux/MIPS linux-2.6.26-stable tree


Added:
   dists/sid/linux-2.6/debian/patches/bugfix/mips/add-missing-plat_unmap_dma_mem.patch
   dists/sid/linux-2.6/debian/patches/bugfix/mips/fix-potential-dos.patch
   dists/sid/linux-2.6/debian/patches/bugfix/mips/mips-r2-use-ei-di-irq.patch
   dists/sid/linux-2.6/debian/patches/bugfix/mips/mips64r2-fix-buggy-arch-swab64.patch
   dists/sid/linux-2.6/debian/patches/bugfix/mips/splice-fix-number-of-args.patch
   dists/sid/linux-2.6/debian/patches/bugfix/mips/sys32-return-enosys.patch
   dists/sid/linux-2.6/debian/patches/bugfix/mips/vmsplice-64-bit-compat-wrapper.patch
   dists/sid/linux-2.6/debian/patches/bugfix/mips/write-c0_framemask-only-when-supported.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/13

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================

--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Thu Jan  8 19:05:30 2009
@@ -24,6 +24,15 @@
   [ Martin Michlmayr ]
   * V4L/DVB: Fix initialization of URB list (Thomas Reitmayr) to address
     the oops reported at http://forum.qnap.com/viewtopic.php?f=147&t=10572
+  * Add some patches from the Linux/MIPS linux-2.6.26-stable tree:
+    - Fix potential DOS by untrusted user app (CVE-2008-5701)
+    - o32: Fix number of arguments to splice(2).
+    - 64-bit: vmsplice needs to use the compat wrapper for o32 and N32.
+    - Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere.
+    - Use EI/DI for MIPS R2.
+    - MIPS64R2: Fix buggy __arch_swab64
+    - Add missing calls to plat_unmap_dma_mem.
+    - Only write c0_framemask on CPUs which have this register.
 
  -- dann frazier <dannf at debian.org>  Tue, 06 Jan 2009 11:00:38 -0700
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/add-missing-plat_unmap_dma_mem.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/add-missing-plat_unmap_dma_mem.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,36 @@
+From: David Daney <ddaney at caviumnetworks.com>
+Date: Thu, 11 Dec 2008 02:14:45 +0000 (-0800)
+Subject: MIPS: Add missing calls to plat_unmap_dma_mem.
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=a406c54a983a5f5c8df8c9371f5067c4a857883b
+
+MIPS: Add missing calls to plat_unmap_dma_mem.
+
+dma_free_noncoherent() and dma_free_coherent() are missing calls to
+plat_unmap_dma_mem().  This patch adds them.
+
+Signed-off-by: David Daney <ddaney at caviumnetworks.com>
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit 78e85ea27a0a5f4ed93c1d2bb3365e9a29459a7b)
+---
+
+diff --git a/arch/mips/mm/dma-default.c b/arch/mips/mm/dma-default.c
+index 1b2d7cd..607e4f1 100644
+--- a/arch/mips/mm/dma-default.c
++++ b/arch/mips/mm/dma-default.c
+@@ -111,6 +111,7 @@ EXPORT_SYMBOL(dma_alloc_coherent);
+ void dma_free_noncoherent(struct device *dev, size_t size, void *vaddr,
+ 	dma_addr_t dma_handle)
+ {
++	plat_unmap_dma_mem(dma_handle);
+ 	free_pages((unsigned long) vaddr, get_order(size));
+ }
+ 
+@@ -121,6 +122,8 @@ void dma_free_coherent(struct device *dev, size_t size, void *vaddr,
+ {
+ 	unsigned long addr = (unsigned long) vaddr;
+ 
++	plat_unmap_dma_mem(dma_handle);
++
+ 	if (!plat_device_is_coherent(dev))
+ 		addr = CAC_ADDR(addr);
+ 

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/fix-potential-dos.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/fix-potential-dos.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,69 @@
+From: Vlad Malov <Vlad.Malov at caviumnetworks.com>
+Date: Tue, 18 Nov 2008 23:05:46 +0000 (-0800)
+Subject: MIPS: Fix potential DOS by untrusted user app.
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=9718dcd85e604007fcacfe9c6cf71f8a2ddb1c37
+
+MIPS: Fix potential DOS by untrusted user app.
+
+On a 64 bit kernel if an o32 syscall was made with a syscall number less
+than 4000, we would read the function from outside of the bounds of the
+syscall table.  This led to non-deterministic behavior including system
+crashes.
+
+While we were at it we reworked the 32 bit version as well to use fewer
+instructions.  Both 32 and 64 bit versions are use the same code now.
+
+Signed-off-by: Vlad Malov <Vlad.Malov at caviumnetworks.com>
+Signed-off-by: David Daney <ddaney at caviumnetworks.com>
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit 24f8c295c60d135ba058eecf9b85a521ed2d50a3)
+---
+
+diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
+index 6aa1400..fb116bf 100644
+--- a/arch/mips/kernel/scall32-o32.S
++++ b/arch/mips/kernel/scall32-o32.S
+@@ -270,18 +270,11 @@ bad_alignment:
+ 	subu	t0, a0, __NR_O32_Linux	# check syscall number
+ 	sltiu	v0, t0, __NR_O32_Linux_syscalls + 1
+ #endif
++	beqz	t0, einval		# do not recurse
+ 	sll	t1, t0, 3
+ 	beqz	v0, einval
+-
+ 	lw	t2, sys_call_table(t1)		# syscall routine
+ 
+-#if defined(CONFIG_BINFMT_IRIX)
+-	li	v1, 4000			# nr of sys_syscall
+-#else
+-	li	v1, 4000 - __NR_O32_Linux	# index of sys_syscall
+-#endif
+-	beq	t0, v1, einval			# do not recurse
+-
+ 	/* Some syscalls like execve get their arguments from struct pt_regs
+ 	   and claim zero arguments in the syscall table. Thus we have to
+ 	   assume the worst case and shuffle around all potential arguments.
+diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
+index 9a275ef..8dce4c2 100644
+--- a/arch/mips/kernel/scall64-o32.S
++++ b/arch/mips/kernel/scall64-o32.S
+@@ -174,14 +174,12 @@ not_o32_scall:
+ 	END(handle_sys)
+ 
+ LEAF(sys32_syscall)
+-	sltu	v0, a0, __NR_O32_Linux + __NR_O32_Linux_syscalls + 1
++	subu	t0, a0, __NR_O32_Linux	# check syscall number
++	sltiu	v0, t0, __NR_O32_Linux_syscalls + 1
++	beqz	t0, einval		# do not recurse
++	dsll	t1, t0, 3
+ 	beqz	v0, einval
+-
+-	dsll	v0, a0, 3
+-	ld	t2, (sys_call_table - (__NR_O32_Linux * 8))(v0)
+-
+-	li	v1, 4000		# indirect syscall number
+-	beq	a0, v1, einval		# do not recurse
++	ld	t2, sys_call_table(t1)		# syscall routine
+ 
+ 	move	a0, a1			# shift argument registers
+ 	move	a1, a2

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/mips-r2-use-ei-di-irq.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/mips-r2-use-ei-di-irq.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,37 @@
+From: David Daney <ddaney at caviumnetworks.com>
+Date: Wed, 10 Dec 2008 16:37:25 +0000 (-0800)
+Subject: MIPS: Use EI/DI for MIPS R2.
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=72b2d2e290e2f18ec810da2089b01e3096d7d332
+
+MIPS: Use EI/DI for MIPS R2.
+
+For MIPS R2, use the EI and DI instructions to enable and disable
+interrupts.
+
+Signed-off-by: Tomaso Paoletti <tpaoletti at caviumnetworks.com>
+Signed-off-by: David Daney <ddaney at caviumnetworks.com>
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit f15a6bca44fba50f62d0ebaa79a0db6bd72c2505)
+---
+
+diff --git a/include/asm-mips/asmmacro.h b/include/asm-mips/asmmacro.h
+index 7a88175..6c8342a 100644
+--- a/include/asm-mips/asmmacro.h
++++ b/include/asm-mips/asmmacro.h
+@@ -35,6 +35,16 @@
+ 	mtc0	\reg, CP0_TCSTATUS
+ 	_ehb
+ 	.endm
++#elif defined(CONFIG_CPU_MIPSR2)
++	.macro	local_irq_enable reg=t0
++	ei
++	irq_enable_hazard
++	.endm
++
++	.macro	local_irq_disable reg=t0
++	di
++	irq_disable_hazard
++	.endm
+ #else
+ 	.macro	local_irq_enable reg=t0
+ 	mfc0	\reg, CP0_STATUS

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/mips64r2-fix-buggy-arch-swab64.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/mips64r2-fix-buggy-arch-swab64.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,31 @@
+From: David Daney <ddaney at caviumnetworks.com>
+Date: Wed, 17 Dec 2008 21:28:39 +0000 (-0800)
+Subject: MIPS: MIPS64R2: Fix buggy __arch_swab64
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=83c620e2243110b5f6e952186d7fc4294ce3fb16
+
+MIPS: MIPS64R2: Fix buggy __arch_swab64
+
+The way the code is written it was assuming dshd has the function of a
+hypothetical dshw instruction ...
+
+Signed-off-by: David Daney <ddaney at caviumnetworks.com>
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit 21faa50ed9c335bdf6ad843dcc874eb00c6ea8bb)
+---
+
+diff --git a/include/asm-mips/byteorder.h b/include/asm-mips/byteorder.h
+index fe7dc2d..ddd7543 100644
+--- a/include/asm-mips/byteorder.h
++++ b/include/asm-mips/byteorder.h
+@@ -43,9 +43,8 @@ static __inline__ __attribute_const__ __u32 ___arch__swab32(__u32 x)
+ static __inline__ __attribute_const__ __u64 ___arch__swab64(__u64 x)
+ {
+ 	__asm__(
+-	"	dsbh	%0, %1			\n"
+-	"	dshd	%0, %0			\n"
+-	"	drotr	%0, %0, 32		\n"
++	"	dsbh	%0, %1\n"
++	"	dshd	%0, %0"
+ 	: "=r" (x)
+ 	: "r" (x));
+ 

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/splice-fix-number-of-args.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/splice-fix-number-of-args.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,28 @@
+From: Ralf Baechle <ralf at linux-mips.org>
+Date: Wed, 3 Dec 2008 16:33:17 +0000 (+0000)
+Subject: MIPS: o32: Fix number of arguments to splice(2).
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=532f50e0e56bab50d88d3056e2d69e8db5b1feea
+
+MIPS: o32: Fix number of arguments to splice(2).
+
+The syscall code was assuming splice only takes 4 arguments so no stack
+arguments were being copied from the userspace stack to the kernel stack.
+As the result splice was likely to fail with EINVAL.
+
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit 83a5a562925a5b606f9922b0c6888b64d067ceb0)
+---
+
+diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
+index fb116bf..9cc3e54 100644
+--- a/arch/mips/kernel/scall32-o32.S
++++ b/arch/mips/kernel/scall32-o32.S
+@@ -639,7 +639,7 @@ einval:	li	v0, -ENOSYS
+ 	sys	sys_pselect6		6
+ 	sys	sys_ppoll		5
+ 	sys	sys_unshare		1
+-	sys	sys_splice		4
++	sys	sys_splice		6
+ 	sys	sys_sync_file_range	7	/* 4305 */
+ 	sys	sys_tee			4
+ 	sys	sys_vmsplice		4

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/sys32-return-enosys.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/sys32-return-enosys.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,29 @@
+From: David Daney <ddaney at caviumnetworks.com>
+Date: Fri, 31 Oct 2008 18:23:09 +0000 (-0700)
+Subject: MIPS: Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere.
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=4fcface63ed4d71af1419d026821ed2f3983f3c1
+
+MIPS: Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere.
+
+When the o32 errno was changed to ENOSYS, we forgot to update the code
+for 64bit kernels.
+
+Signed-off-by: David Daney <ddaney at caviumnetworks.com>
+Acked-by: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit f18d0b1993f31e28eaf0e3b7e415788052985f95)
+---
+
+diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
+index e10d5c0..b56d88f 100644
+--- a/arch/mips/kernel/scall64-o32.S
++++ b/arch/mips/kernel/scall64-o32.S
+@@ -196,7 +196,7 @@ LEAF(sys32_syscall)
+ 	jr	t2
+ 	/* Unreached */
+ 
+-einval:	li	v0, -EINVAL
++einval:	li	v0, -ENOSYS
+ 	jr	ra
+ 	END(sys32_syscall)
+ 

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/vmsplice-64-bit-compat-wrapper.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/vmsplice-64-bit-compat-wrapper.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,37 @@
+From: Ralf Baechle <ralf at linux-mips.org>
+Date: Wed, 3 Dec 2008 17:03:27 +0000 (+0000)
+Subject: MIPS: 64-bit: vmsplice needs to use the compat wrapper for o32 and N32.
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=85940fa4e1f9d731287d8836bc8f4948447b3fb5
+
+MIPS: 64-bit: vmsplice needs to use the compat wrapper for o32 and N32.
+
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit 1d12d2db84099dfd180cc314a3d8543098b53b4e)
+---
+
+diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
+index 12940ec..72e1e9a 100644
+--- a/arch/mips/kernel/scall64-n32.S
++++ b/arch/mips/kernel/scall64-n32.S
+@@ -390,7 +390,7 @@ EXPORT(sysn32_call_table)
+ 	PTR	sys_splice
+ 	PTR	sys_sync_file_range
+ 	PTR	sys_tee
+-	PTR	sys_vmsplice			/* 6270 */
++	PTR	compat_sys_vmsplice		/* 6270 */
+ 	PTR	sys_move_pages
+ 	PTR	compat_sys_set_robust_list
+ 	PTR	compat_sys_get_robust_list
+diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
+index 8dce4c2..e10d5c0 100644
+--- a/arch/mips/kernel/scall64-o32.S
++++ b/arch/mips/kernel/scall64-o32.S
+@@ -510,7 +510,7 @@ sys_call_table:
+ 	PTR	sys_splice
+ 	PTR	sys32_sync_file_range		/* 4305 */
+ 	PTR	sys_tee
+-	PTR	sys_vmsplice
++	PTR	compat_sys_vmsplice
+ 	PTR	compat_sys_move_pages
+ 	PTR	compat_sys_set_robust_list
+ 	PTR	compat_sys_get_robust_list	/* 4310 */

Added: dists/sid/linux-2.6/debian/patches/bugfix/mips/write-c0_framemask-only-when-supported.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/mips/write-c0_framemask-only-when-supported.patch	Thu Jan  8 19:05:30 2009
@@ -0,0 +1,27 @@
+From: Ralf Baechle <ralf at linux-mips.org>
+Date: Tue, 6 Jan 2009 23:07:20 +0000 (+0000)
+Subject: MIPS: Only write c0_framemask on CPUs which have this register.
+X-Git-Url: http://www.linux-mips.org/git?p=linux.git;a=commitdiff_plain;h=75daa304755386ae7280d1738abd9df662bc97d3
+
+MIPS: Only write c0_framemask on CPUs which have this register.
+
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+(cherry picked from commit 9ad45359a5860e978a07845786148a4fdbce6f8d)
+---
+
+diff --git a/arch/mips/mm/tlb-r4k.c b/arch/mips/mm/tlb-r4k.c
+index 5ce2fa7..9619f66 100644
+--- a/arch/mips/mm/tlb-r4k.c
++++ b/arch/mips/mm/tlb-r4k.c
+@@ -478,7 +478,10 @@ void __cpuinit tlb_init(void)
+ 	probe_tlb(config);
+ 	write_c0_pagemask(PM_DEFAULT_MASK);
+ 	write_c0_wired(0);
+-	write_c0_framemask(0);
++	if (current_cpu_type() == CPU_R10000 ||
++	    current_cpu_type() == CPU_R12000 ||
++	    current_cpu_type() == CPU_R14000)
++		write_c0_framemask(0);
+ 	temp_tlb_entry = current_cpu_data.tlbsize - 1;
+ 
+         /* From this point on the ARC firmware is dead.  */

Modified: dists/sid/linux-2.6/debian/patches/series/13
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/13	(original)
+++ dists/sid/linux-2.6/debian/patches/series/13	Thu Jan  8 19:05:30 2009
@@ -10,3 +10,11 @@
 + bugfix/all/dvb-fix-init-of-urb-list.patch
 + bugfix/all/rt2500usb-disable-link-tuning.patch
 + bugfix/all/eata-fix-data-buffer-accessor-conversion-regression.patch
++ bugfix/mips/fix-potential-dos.patch
++ bugfix/mips/splice-fix-number-of-args.patch
++ bugfix/mips/vmsplice-64-bit-compat-wrapper.patch
++ bugfix/mips/sys32-return-enosys.patch
++ bugfix/mips/mips-r2-use-ei-di-irq.patch
++ bugfix/mips/mips64r2-fix-buggy-arch-swab64.patch
++ bugfix/mips/add-missing-plat_unmap_dma_mem.patch
++ bugfix/mips/write-c0_framemask-only-when-supported.patch

