[kernel] r14548 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Nov 4 20:35:53 UTC 2009
Author: dannf
Date: Wed Nov 4 20:35:52 2009
New Revision: 14548
Log:
drm/r128: Add test for initialisation to all ioctls that require it
(CVE-2009-3620)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch
- copied, changed from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Wed Nov 4 20:21:47 2009 (r14547)
+++ dists/etch-security/linux-2.6.24/debian/changelog Wed Nov 4 20:35:52 2009 (r14548)
@@ -12,6 +12,8 @@
(CVE-2009-2908)
* fs: pipe.c null pointer dereference (CVE-2009-3547)
* AF_UNIX: Fix deadlock on connecting to shutdown socket (CVE-2009-3621)
+ * drm/r128: Add test for initialisation to all ioctls that require it
+ (CVE-2009-3620)
-- dann frazier <dannf at debian.org> Tue, 27 Oct 2009 22:41:25 -0600
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch Wed Nov 4 16:57:25 2009 (r14544, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch Wed Nov 4 20:35:52 2009 (r14548)
@@ -21,11 +21,11 @@
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
Signed-off-by: Dave Airlie <airlied at redhat.com>
-Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/drivers/char/drm/r128_cce.c linux-source-2.6.26/drivers/char/drm/r128_cce.c
---- linux-source-2.6.26.orig/drivers/char/drm/r128_cce.c 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/drivers/char/drm/r128_cce.c 2009-10-27 21:54:39.000000000 -0600
+diff -urpN linux-source-2.6.24.orig/drivers/char/drm/r128_cce.c linux-source-2.6.24/drivers/char/drm/r128_cce.c
+--- linux-source-2.6.24.orig/drivers/char/drm/r128_cce.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/drivers/char/drm/r128_cce.c 2009-11-04 13:24:07.000000000 -0700
@@ -353,6 +353,11 @@ static int r128_do_init_cce(struct drm_d
DRM_DEBUG("\n");
@@ -38,16 +38,16 @@
dev_priv = drm_alloc(sizeof(drm_r128_private_t), DRM_MEM_DRIVER);
if (dev_priv == NULL)
return -ENOMEM;
-@@ -651,6 +656,8 @@ int r128_cce_start(struct drm_device *de
+@@ -650,6 +655,8 @@ int r128_cce_start(struct drm_device *de
LOCK_TEST_WITH_RETURN(dev, file_priv);
+ DEV_INIT_TEST_WITH_RETURN(dev_priv);
+
if (dev_priv->cce_running || dev_priv->cce_mode == R128_PM4_NONPM4) {
- DRM_DEBUG("while CCE running\n");
+ DRM_DEBUG("%s while CCE running\n", __FUNCTION__);
return 0;
-@@ -673,6 +680,8 @@ int r128_cce_stop(struct drm_device *dev
+@@ -672,6 +679,8 @@ int r128_cce_stop(struct drm_device *dev
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -56,19 +56,19 @@
/* Flush any pending CCE commands. This ensures any outstanding
* commands are exectuted by the engine before we turn it off.
*/
-@@ -710,10 +719,7 @@ int r128_cce_reset(struct drm_device *de
+@@ -709,10 +718,7 @@ int r128_cce_reset(struct drm_device *de
LOCK_TEST_WITH_RETURN(dev, file_priv);
- if (!dev_priv) {
-- DRM_DEBUG("called before init done\n");
+- DRM_DEBUG("%s called before init done\n", __FUNCTION__);
- return -EINVAL;
- }
+ DEV_INIT_TEST_WITH_RETURN(dev_priv);
r128_do_cce_reset(dev_priv);
-@@ -730,6 +736,8 @@ int r128_cce_idle(struct drm_device *dev
+@@ -729,6 +735,8 @@ int r128_cce_idle(struct drm_device *dev
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -77,7 +77,7 @@
if (dev_priv->cce_running) {
r128_do_cce_flush(dev_priv);
}
-@@ -743,6 +751,8 @@ int r128_engine_reset(struct drm_device
+@@ -742,6 +750,8 @@ int r128_engine_reset(struct drm_device
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -86,9 +86,9 @@
return r128_do_engine_reset(dev);
}
-diff -urpN linux-source-2.6.26.orig/drivers/char/drm/r128_drv.h linux-source-2.6.26/drivers/char/drm/r128_drv.h
---- linux-source-2.6.26.orig/drivers/char/drm/r128_drv.h 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/drivers/char/drm/r128_drv.h 2009-10-27 21:53:33.000000000 -0600
+diff -urpN linux-source-2.6.24.orig/drivers/char/drm/r128_drv.h linux-source-2.6.24/drivers/char/drm/r128_drv.h
+--- linux-source-2.6.24.orig/drivers/char/drm/r128_drv.h 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/drivers/char/drm/r128_drv.h 2009-11-04 13:23:27.000000000 -0700
@@ -418,6 +418,14 @@ static __inline__ void r128_update_ring_
* Misc helper macros
*/
@@ -104,10 +104,10 @@
#define RING_SPACE_TEST_WITH_RETURN( dev_priv ) \
do { \
drm_r128_ring_buffer_t *ring = &dev_priv->ring; int i; \
-diff -urpN linux-source-2.6.26.orig/drivers/char/drm/r128_state.c linux-source-2.6.26/drivers/char/drm/r128_state.c
---- linux-source-2.6.26.orig/drivers/char/drm/r128_state.c 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/drivers/char/drm/r128_state.c 2009-10-27 21:53:37.000000000 -0600
-@@ -1244,14 +1244,18 @@ static void r128_cce_dispatch_stipple(st
+diff -urpN linux-source-2.6.24.orig/drivers/char/drm/r128_state.c linux-source-2.6.24/drivers/char/drm/r128_state.c
+--- linux-source-2.6.24.orig/drivers/char/drm/r128_state.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/drivers/char/drm/r128_state.c 2009-11-04 13:25:30.000000000 -0700
+@@ -1245,14 +1245,18 @@ static void r128_cce_dispatch_stipple(st
static int r128_cce_clear(struct drm_device *dev, void *data, struct drm_file *file_priv)
{
drm_r128_private_t *dev_priv = dev->dev_private;
@@ -127,7 +127,7 @@
if (sarea_priv->nbox > R128_NR_SAREA_CLIPRECTS)
sarea_priv->nbox = R128_NR_SAREA_CLIPRECTS;
-@@ -1312,6 +1316,8 @@ static int r128_cce_flip(struct drm_devi
+@@ -1313,6 +1317,8 @@ static int r128_cce_flip(struct drm_devi
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -136,7 +136,7 @@
RING_SPACE_TEST_WITH_RETURN(dev_priv);
if (!dev_priv->page_flipping)
-@@ -1331,6 +1337,8 @@ static int r128_cce_swap(struct drm_devi
+@@ -1332,6 +1338,8 @@ static int r128_cce_swap(struct drm_devi
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -145,31 +145,31 @@
RING_SPACE_TEST_WITH_RETURN(dev_priv);
if (sarea_priv->nbox > R128_NR_SAREA_CLIPRECTS)
-@@ -1354,10 +1362,7 @@ static int r128_cce_vertex(struct drm_de
+@@ -1355,10 +1363,7 @@ static int r128_cce_vertex(struct drm_de
LOCK_TEST_WITH_RETURN(dev, file_priv);
- if (!dev_priv) {
-- DRM_ERROR("called with no initialization\n");
+- DRM_ERROR("%s called with no initialization\n", __FUNCTION__);
- return -EINVAL;
- }
+ DEV_INIT_TEST_WITH_RETURN(dev_priv);
DRM_DEBUG("pid=%d index=%d count=%d discard=%d\n",
DRM_CURRENTPID, vertex->idx, vertex->count, vertex->discard);
-@@ -1410,10 +1415,7 @@ static int r128_cce_indices(struct drm_d
+@@ -1411,10 +1416,7 @@ static int r128_cce_indices(struct drm_d
LOCK_TEST_WITH_RETURN(dev, file_priv);
- if (!dev_priv) {
-- DRM_ERROR("called with no initialization\n");
+- DRM_ERROR("%s called with no initialization\n", __FUNCTION__);
- return -EINVAL;
- }
+ DEV_INIT_TEST_WITH_RETURN(dev_priv);
DRM_DEBUG("pid=%d buf=%d s=%d e=%d d=%d\n", DRM_CURRENTPID,
elts->idx, elts->start, elts->end, elts->discard);
-@@ -1476,6 +1478,8 @@ static int r128_cce_blit(struct drm_devi
+@@ -1477,6 +1479,8 @@ static int r128_cce_blit(struct drm_devi
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -178,7 +178,7 @@
DRM_DEBUG("pid=%d index=%d\n", DRM_CURRENTPID, blit->idx);
if (blit->idx < 0 || blit->idx >= dma->buf_count) {
-@@ -1501,6 +1505,8 @@ static int r128_cce_depth(struct drm_dev
+@@ -1502,6 +1506,8 @@ static int r128_cce_depth(struct drm_dev
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -187,7 +187,7 @@
RING_SPACE_TEST_WITH_RETURN(dev_priv);
ret = -EINVAL;
-@@ -1531,6 +1537,8 @@ static int r128_cce_stipple(struct drm_d
+@@ -1532,6 +1538,8 @@ static int r128_cce_stipple(struct drm_d
LOCK_TEST_WITH_RETURN(dev, file_priv);
@@ -196,24 +196,24 @@
if (DRM_COPY_FROM_USER(&mask, stipple->mask, 32 * sizeof(u32)))
return -EFAULT;
-@@ -1555,10 +1563,7 @@ static int r128_cce_indirect(struct drm_
+@@ -1556,10 +1564,7 @@ static int r128_cce_indirect(struct drm_
LOCK_TEST_WITH_RETURN(dev, file_priv);
- if (!dev_priv) {
-- DRM_ERROR("called with no initialization\n");
+- DRM_ERROR("%s called with no initialization\n", __FUNCTION__);
- return -EINVAL;
- }
+ DEV_INIT_TEST_WITH_RETURN(dev_priv);
- DRM_DEBUG("idx=%d s=%d e=%d d=%d\n",
+ DRM_DEBUG("indirect: idx=%d s=%d e=%d d=%d\n",
indirect->idx, indirect->start, indirect->end,
-@@ -1620,10 +1625,7 @@ static int r128_getparam(struct drm_devi
+@@ -1621,10 +1626,7 @@ static int r128_getparam(struct drm_devi
drm_r128_getparam_t *param = data;
int value;
- if (!dev_priv) {
-- DRM_ERROR("called with no initialization\n");
+- DRM_ERROR("%s called with no initialization\n", __FUNCTION__);
- return -EINVAL;
- }
+ DEV_INIT_TEST_WITH_RETURN(dev_priv);
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Nov 4 20:21:47 2009 (r14547)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Nov 4 20:35:52 2009 (r14548)
@@ -7,3 +7,4 @@
+ bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch
+ bugfix/all/fs-pipe-null-pointer-dereference.patch
+ bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch
++ bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch
More information about the Kernel-svn-changes
mailing list