[kernel] r17184 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Ben Hutchings benh at alioth.debian.org
Sun Apr 3 04:14:13 UTC 2011 

Author: benh
Date: Sun Apr  3 04:14:00 2011
New Revision: 17184

Log:
appletalk: Fix bugs introduced when removing use of BKL

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/appletalk-Fix-OOPS-in-atalk_release.patch
   dists/sid/linux-2.6/debian/patches/bugfix/all/net-appletalk-fix-atalk_release-use-after-free.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/3

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Sun Apr  3 01:59:46 2011	(r17183)
+++ dists/sid/linux-2.6/debian/changelog	Sun Apr  3 04:14:00 2011	(r17184)
@@ -3,6 +3,7 @@
   [ Ben Hutchings ]
   * [ppc64] Add to linux-tools package architectures (Closes: #620124)
   * [amd64] Save cr4 to mmu_cr4_features at boot time (Closes: #620284)
+  * appletalk: Fix bugs introduced when removing use of BKL
 
   [ Aurelien Jarno ]
   * rtlwifi: fix build when PCI is not enabled.

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/appletalk-Fix-OOPS-in-atalk_release.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/appletalk-Fix-OOPS-in-atalk_release.patch	Sun Apr  3 04:14:00 2011	(r17184)
@@ -0,0 +1,49 @@
+From: David S. Miller <davem at davemloft.net>
+Date: Thu, 31 Mar 2011 18:59:10 -0700
+Subject: [PATCH 3/3] appletalk: Fix OOPS in atalk_release().
+
+commit c100c8f4c3c6f2a407bdbaaad2c4f1062e6a473a upstream.
+
+Commit 60d9f461a20ba59219fdcdc30cbf8e3a4ad3f625 ("appletalk: remove
+the BKL") added a dereference of "sk" before checking for NULL in
+atalk_release().
+
+Guard the code block completely, rather than partially, with the
+NULL check.
+
+Reported-by: Dave Jones <davej at redhat.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/appletalk/ddp.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
+index 206e771..956a530 100644
+--- a/net/appletalk/ddp.c
++++ b/net/appletalk/ddp.c
+@@ -1051,16 +1051,17 @@ static int atalk_release(struct socket *sock)
+ {
+ 	struct sock *sk = sock->sk;
+ 
+-	sock_hold(sk);
+-	lock_sock(sk);
+ 	if (sk) {
++		sock_hold(sk);
++		lock_sock(sk);
++
+ 		sock_orphan(sk);
+ 		sock->sk = NULL;
+ 		atalk_destroy_socket(sk);
+-	}
+-	release_sock(sk);
+-	sock_put(sk);
+ 
++		release_sock(sk);
++		sock_put(sk);
++	}
+ 	return 0;
+ }
+ 
+-- 
+1.7.4.1
+

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/net-appletalk-fix-atalk_release-use-after-free.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/net-appletalk-fix-atalk_release-use-after-free.patch	Sun Apr  3 04:14:00 2011	(r17184)
@@ -0,0 +1,43 @@
+From: Arnd Bergmann <arnd at arndb.de>
+Date: Mon, 21 Mar 2011 18:18:00 -0700
+Subject: [PATCH 2/3] net/appletalk: fix atalk_release use after free
+
+commit b20e7bbfc7a15a4182730f0936433145992b4b06 upstream.
+
+The BKL removal in appletalk introduced a use-after-free problem,
+where atalk_destroy_socket frees a sock, but we still release
+the socket lock on it.
+
+An easy fix is to take an extra reference on the sock and sock_put
+it when returning from atalk_release.
+
+Signed-off-by: Arnd Bergmann <arnd at arndb.de>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/appletalk/ddp.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
+index 3d4f4b0..206e771 100644
+--- a/net/appletalk/ddp.c
++++ b/net/appletalk/ddp.c
+@@ -1051,6 +1051,7 @@ static int atalk_release(struct socket *sock)
+ {
+ 	struct sock *sk = sock->sk;
+ 
++	sock_hold(sk);
+ 	lock_sock(sk);
+ 	if (sk) {
+ 		sock_orphan(sk);
+@@ -1058,6 +1059,8 @@ static int atalk_release(struct socket *sock)
+ 		atalk_destroy_socket(sk);
+ 	}
+ 	release_sock(sk);
++	sock_put(sk);
++
+ 	return 0;
+ }
+ 
+-- 
+1.7.4.1
+

Modified: dists/sid/linux-2.6/debian/patches/series/3
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/3	Sun Apr  3 01:59:46 2011	(r17183)
+++ dists/sid/linux-2.6/debian/patches/series/3	Sun Apr  3 04:14:00 2011	(r17184)
@@ -1,3 +1,5 @@
 + bugfix/all/rtlwifi-Let-rtlwifi-build-when-PCI-is-not-enabled.patch
 + bugfix/all/rtlwifi-remove-bogus-udelay-calls.patch
 + bugfix/x86/Save-cr4-to-mmu_cr4_features-at-boot-time.patch
++ bugfix/all/net-appletalk-fix-atalk_release-use-after-free.patch
++ bugfix/all/appletalk-Fix-OOPS-in-atalk_release.patch

More information about the Kernel-svn-changes mailing list