[kernel] r17248 - in dists/trunk/linux-2.6: . debian debian/config debian/patches/bugfix/s390 debian/patches/series

Ben Hutchings benh at alioth.debian.org
Sat Apr 23 17:39:45 UTC 2011


Author: benh
Date: Sat Apr 23 17:39:39 2011
New Revision: 17248

Log:
Merge changes from 2.6.38-4

Added:
   dists/trunk/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch
      - copied unchanged from r17247, dists/sid/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch
Modified:
   dists/trunk/linux-2.6/   (props changed)
   dists/trunk/linux-2.6/debian/changelog
   dists/trunk/linux-2.6/debian/config/config
   dists/trunk/linux-2.6/debian/patches/series/base

Modified: dists/trunk/linux-2.6/debian/changelog
==============================================================================
--- dists/trunk/linux-2.6/debian/changelog	Sat Apr 23 17:33:58 2011	(r17247)
+++ dists/trunk/linux-2.6/debian/changelog	Sat Apr 23 17:39:39 2011	(r17248)
@@ -11,6 +11,88 @@
 
  -- Ben Hutchings <ben at decadent.org.uk>  Wed, 06 Apr 2011 14:02:37 +0100
 
+linux-2.6 (2.6.38-4) unstable; urgency=low
+
+  * usb-audio: Define another USB ID for a buggy USB MIDI cable
+    (Closes: #617743)
+  * net: Enable BATMAN_ADV as module (Closes: #622361)
+  * Add stable 2.6.38.3, including:
+    - eCryptfs: Unlock page in write_begin error path
+    - irda: validate peer name and attribute lengths (CVE-2011-1180)
+    - irda: prevent heap corruption on invalid nickname
+    - nilfs2: fix data loss in mmap page write for hole blocks
+    - ALSA: pcm: fix infinite loop in snd_pcm_update_hw_ptr0()
+    - inotify: fix double free/corruption of stuct user
+    - perf: Fix task_struct reference leak
+    - ROSE: prevent heap corruption with bad facilities (CVE-2011-1493)
+    - [x86] mtrr, pat: Fix one cpu getting out of sync during resume
+    - Input: synaptics - fix crash in synaptics_module_init()
+    - ath9k: fix a chip wakeup related crash in ath9k_start
+    - mac80211: fix a crash in minstrel_ht in HT mode with no supported MCS
+      rates
+    - UBIFS: fix oops on error path in read_pnode
+    - quota: Don't write quota info in dquot_commit()
+    - mm: avoid wrapping vm_pgoff in mremap()
+    - wl12xx: fix potential buffer overflow in testmode nvs push
+    - Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
+    - bridge: netfilter: fix information leak (CVE-2011-1080)
+    - Bluetooth: bnep: fix buffer overflow (CVE-2011-1079)
+    - netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
+    - netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
+    - [x86] Revert "x86: Cleanup highmap after brk is concluded"
+      (Closes: #621072)
+    - Squashfs: handle corruption of directory structure
+    - ext4: fix a double free in ext4_register_li_request
+    - ext4: fix credits computing for indirect mapped files
+    - nfsd: fix auth_domain reference leak on nlm operations
+    - nfsd4: fix oops on lock failure
+    - char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
+    - ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
+    - econet: 4 byte infoleak to the network (CVE-2011-1173)
+    - sound/oss: remove offset from load_patch callbacks
+      (CVE-2011-1476, CVE-2011-1477)
+    - inotify: fix double free/corruption of stuct user (CVE-2011-1479)
+    For the complete list of changes, see:
+     http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3
+  * Add stable 2.6.38.4, including:
+    - vm: Fix vm_pgoff wrap in stack expansion
+    - cifs: Always do is_path_accessible check in cifs_mount
+    - cifs: Check for private_data before trying to put it
+    - sn9c102: Restrict world-wirtable sysfs files
+    - UBIFS: Restrict world-writable debugfs files
+    - vm: Fix mlock() on stack guard page
+    - UBIFS: Fix assertion warnings
+    - perf: Fix task context scheduling
+    - fib: Add rtnl locking in ip_fib_net_exit
+    - l2tp: Fix possible oops on l2tp_eth module unload
+    - ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.
+    - net_sched: fix ip_tos2prio
+    - pppoe: drop PPPOX_ZOMBIEs in pppoe_flush_dev
+    - xfrm: Refcount destination entry on xfrm_lookup
+    - vlan: Take into account needed_headroom
+    - bridge: Reset IPCB when entering IP stack on NF_FORWARD
+    - futex: Set FLAGS_HAS_TIMEOUT during futex_wait restart setup
+    - oom-kill: Remove boost_dying_task_prio()
+    - UBIFS: Fix oops when R/O file-system is fsync'ed
+    - sched: Fix erroneous all_pinned logic
+    - vmscan: all_unreclaimable() use zone->all_unreclaimable as a name
+    - next_pidmap: fix overflow condition
+    - proc: Do proper range check on readdir offset
+    - [powerpc] Fix oops if scan_dispatch_log is called too early
+    - ehci: Unlink unused QHs when the controller is stopped
+    - USB: Fix formatting of SuperSpeed endpoints in /proc/bus/usb/devices
+    - xhci: Fix math in xhci_get_endpoint_interval()
+    - xhci: Also free streams when resetting devices
+    - USB: Fix unplug of device with active streams
+    - bluetooth: Fix HCI_RESET command synchronization
+    - bridge: Reset IPCB in br_parse_ip_options
+    - ip: ip_options_compile() resilient to NULL skb route
+    For the complete list of changes, see:
+     http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.4
+  * [s390] pfault: fix token handling (Closes: #622570)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Sat, 23 Apr 2011 03:17:53 +0100
+
 linux-2.6 (2.6.38-3) unstable; urgency=low
 
   [ Ben Hutchings ]

Modified: dists/trunk/linux-2.6/debian/config/config
==============================================================================
--- dists/trunk/linux-2.6/debian/config/config	Sat Apr 23 17:33:58 2011	(r17247)
+++ dists/trunk/linux-2.6/debian/config/config	Sat Apr 23 17:39:39 2011	(r17248)
@@ -2415,11 +2415,6 @@
 CONFIG_AUTOFS_FS=m
 
 ##
-## file: drivers/staging/batman-adv/Kconfig
-##
-# CONFIG_BATMAN_ADV is not set
-
-##
 ## file: drivers/staging/comedi/Kconfig
 ##
 # CONFIG_COMEDI is not set
@@ -3685,6 +3680,11 @@
 # CONFIG_NET_9P_DEBUG is not set
 
 ##
+## file: net/batman-adv/Kconfig
+##
+CONFIG_BATMAN_ADV=m
+
+##
 ## file: net/bluetooth/Kconfig
 ##
 CONFIG_BT=m

Copied: dists/trunk/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch (from r17247, dists/sid/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/trunk/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch	Sat Apr 23 17:39:39 2011	(r17248, copy of r17247, dists/sid/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch)
@@ -0,0 +1,73 @@
+From: Heiko Carstens <heiko.carstens at de.ibm.com>
+Subject: [S390] pfault: fix token handling
+Date: Tue, 19 Apr 2011 08:34:01 +0200
+
+f6649a7e "[S390] cleanup lowcore access from external interrupts" changed
+handling of external interrupts. Instead of letting the external interrupt
+handlers accessing the per cpu lowcore the entry code of the kernel reads
+already all fields that are necessary and passes them to the handlers.
+The pfault interrupt handler was incorrectly converted. It tries to
+dereference a value which used to be a pointer to a lowcore field. After
+the conversion however it is not anymore the pointer to the field but its
+content. So instead of a dereference only a cast is needed to get the
+task pointer that caused the pfault.
+
+Fixes a NULL pointer dereference and a subsequent kernel crash:
+
+Unable to handle kernel pointer dereference at virtual kernel address (null)
+Oops: 0004 [#1] SMP
+Modules linked in: nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc
+                   loop qeth_l3 qeth vmur ccwgroup ext3 jbd mbcache dm_mod
+                   dasd_eckd_mod dasd_diag_mod dasd_mod
+CPU: 0 Not tainted 2.6.38-2-s390x #1
+Process cron (pid: 1106, task: 000000001f962f78, ksp: 000000001fa0f9d0)
+Krnl PSW : 0404200180000000 000000000002c03e (pfault_interrupt+0xa2/0x138)
+           R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
+Krnl GPRS: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
+           000000001f962f78 0000000000518968 0000000090000002 000000001ff03280
+           0000000000000000 000000000064f000 000000001f962f78 0000000000002603
+           0000000006002603 0000000000000000 000000001ff7fe68 000000001ff7fe48
+Krnl Code: 000000000002c036: 5820d010            l       %r2,16(%r13)
+           000000000002c03a: 1832                lr      %r3,%r2
+           000000000002c03c: 1a31                ar      %r3,%r1
+          >000000000002c03e: ba23d010            cs      %r2,%r3,16(%r13)
+           000000000002c042: a744fffc            brc     4,2c03a
+           000000000002c046: a7290002            lghi    %r2,2
+           000000000002c04a: e320d0000024        stg     %r2,0(%r13)
+           000000000002c050: 07f0                bcr     15,%r0
+Call Trace:
+ ([<000000001f962f78>] 0x1f962f78)
+  [<000000000001acda>] do_extint+0xf6/0x138
+  [<000000000039b6ca>] ext_no_vtime+0x30/0x34
+  [<000000007d706e04>] 0x7d706e04
+Last Breaking-Event-Address:
+  [<0000000000000000>] 0x0
+
+For stable maintainers:
+the first kernel which contains this bug is 2.6.37.
+
+Reported-by: Stephen Powell <zlinuxman at wowway.com>
+Cc: Jonathan Nieder <jrnieder at gmail.com>
+Cc: stable at kernel.org
+Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
+---
+
+ arch/s390/mm/fault.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
+index 9217e33..4cf85fe 100644
+--- a/arch/s390/mm/fault.c
++++ b/arch/s390/mm/fault.c
+@@ -558,9 +558,9 @@ static void pfault_interrupt(unsigned int ext_int_code,
+ 	 * Get the token (= address of the task structure of the affected task).
+ 	 */
+ #ifdef CONFIG_64BIT
+-	tsk = *(struct task_struct **) param64;
++	tsk = (struct task_struct *) param64;
+ #else
+-	tsk = *(struct task_struct **) param32;
++	tsk = (struct task_struct *) param32;
+ #endif
+ 
+ 	if (subcode & 0x0080) {

Modified: dists/trunk/linux-2.6/debian/patches/series/base
==============================================================================
--- dists/trunk/linux-2.6/debian/patches/series/base	Sat Apr 23 17:33:58 2011	(r17247)
+++ dists/trunk/linux-2.6/debian/patches/series/base	Sat Apr 23 17:39:39 2011	(r17248)
@@ -44,3 +44,4 @@
 + debian/sched-autogroup-disabled.patch
 + bugfix/all/kconfig-Avoid-buffer-underrun-in-choice-input.patch
 + bugfix/all/rt2800-disable-powersaving-as-default.patch
++ bugfix/s390/S390-pfault-fix-token-handling.patch



More information about the Kernel-svn-changes mailing list