[kernel] r17248 - in dists/trunk/linux-2.6: . debian debian/config debian/patches/bugfix/s390 debian/patches/series
Ben Hutchings
benh at alioth.debian.org
Sat Apr 23 17:39:45 UTC 2011
Author: benh
Date: Sat Apr 23 17:39:39 2011
New Revision: 17248
Log:
Merge changes from 2.6.38-4
Added:
dists/trunk/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch
- copied unchanged from r17247, dists/sid/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch
Modified:
dists/trunk/linux-2.6/ (props changed)
dists/trunk/linux-2.6/debian/changelog
dists/trunk/linux-2.6/debian/config/config
dists/trunk/linux-2.6/debian/patches/series/base
Modified: dists/trunk/linux-2.6/debian/changelog
==============================================================================
--- dists/trunk/linux-2.6/debian/changelog Sat Apr 23 17:33:58 2011 (r17247)
+++ dists/trunk/linux-2.6/debian/changelog Sat Apr 23 17:39:39 2011 (r17248)
@@ -11,6 +11,88 @@
-- Ben Hutchings <ben at decadent.org.uk> Wed, 06 Apr 2011 14:02:37 +0100
+linux-2.6 (2.6.38-4) unstable; urgency=low
+
+ * usb-audio: Define another USB ID for a buggy USB MIDI cable
+ (Closes: #617743)
+ * net: Enable BATMAN_ADV as module (Closes: #622361)
+ * Add stable 2.6.38.3, including:
+ - eCryptfs: Unlock page in write_begin error path
+ - irda: validate peer name and attribute lengths (CVE-2011-1180)
+ - irda: prevent heap corruption on invalid nickname
+ - nilfs2: fix data loss in mmap page write for hole blocks
+ - ALSA: pcm: fix infinite loop in snd_pcm_update_hw_ptr0()
+ - inotify: fix double free/corruption of stuct user
+ - perf: Fix task_struct reference leak
+ - ROSE: prevent heap corruption with bad facilities (CVE-2011-1493)
+ - [x86] mtrr, pat: Fix one cpu getting out of sync during resume
+ - Input: synaptics - fix crash in synaptics_module_init()
+ - ath9k: fix a chip wakeup related crash in ath9k_start
+ - mac80211: fix a crash in minstrel_ht in HT mode with no supported MCS
+ rates
+ - UBIFS: fix oops on error path in read_pnode
+ - quota: Don't write quota info in dquot_commit()
+ - mm: avoid wrapping vm_pgoff in mremap()
+ - wl12xx: fix potential buffer overflow in testmode nvs push
+ - Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
+ - bridge: netfilter: fix information leak (CVE-2011-1080)
+ - Bluetooth: bnep: fix buffer overflow (CVE-2011-1079)
+ - netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
+ - netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
+ - [x86] Revert "x86: Cleanup highmap after brk is concluded"
+ (Closes: #621072)
+ - Squashfs: handle corruption of directory structure
+ - ext4: fix a double free in ext4_register_li_request
+ - ext4: fix credits computing for indirect mapped files
+ - nfsd: fix auth_domain reference leak on nlm operations
+ - nfsd4: fix oops on lock failure
+ - char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
+ - ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
+ - econet: 4 byte infoleak to the network (CVE-2011-1173)
+ - sound/oss: remove offset from load_patch callbacks
+ (CVE-2011-1476, CVE-2011-1477)
+ - inotify: fix double free/corruption of stuct user (CVE-2011-1479)
+ For the complete list of changes, see:
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3
+ * Add stable 2.6.38.4, including:
+ - vm: Fix vm_pgoff wrap in stack expansion
+ - cifs: Always do is_path_accessible check in cifs_mount
+ - cifs: Check for private_data before trying to put it
+ - sn9c102: Restrict world-wirtable sysfs files
+ - UBIFS: Restrict world-writable debugfs files
+ - vm: Fix mlock() on stack guard page
+ - UBIFS: Fix assertion warnings
+ - perf: Fix task context scheduling
+ - fib: Add rtnl locking in ip_fib_net_exit
+ - l2tp: Fix possible oops on l2tp_eth module unload
+ - ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.
+ - net_sched: fix ip_tos2prio
+ - pppoe: drop PPPOX_ZOMBIEs in pppoe_flush_dev
+ - xfrm: Refcount destination entry on xfrm_lookup
+ - vlan: Take into account needed_headroom
+ - bridge: Reset IPCB when entering IP stack on NF_FORWARD
+ - futex: Set FLAGS_HAS_TIMEOUT during futex_wait restart setup
+ - oom-kill: Remove boost_dying_task_prio()
+ - UBIFS: Fix oops when R/O file-system is fsync'ed
+ - sched: Fix erroneous all_pinned logic
+ - vmscan: all_unreclaimable() use zone->all_unreclaimable as a name
+ - next_pidmap: fix overflow condition
+ - proc: Do proper range check on readdir offset
+ - [powerpc] Fix oops if scan_dispatch_log is called too early
+ - ehci: Unlink unused QHs when the controller is stopped
+ - USB: Fix formatting of SuperSpeed endpoints in /proc/bus/usb/devices
+ - xhci: Fix math in xhci_get_endpoint_interval()
+ - xhci: Also free streams when resetting devices
+ - USB: Fix unplug of device with active streams
+ - bluetooth: Fix HCI_RESET command synchronization
+ - bridge: Reset IPCB in br_parse_ip_options
+ - ip: ip_options_compile() resilient to NULL skb route
+ For the complete list of changes, see:
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.4
+ * [s390] pfault: fix token handling (Closes: #622570)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 23 Apr 2011 03:17:53 +0100
+
linux-2.6 (2.6.38-3) unstable; urgency=low
[ Ben Hutchings ]
Modified: dists/trunk/linux-2.6/debian/config/config
==============================================================================
--- dists/trunk/linux-2.6/debian/config/config Sat Apr 23 17:33:58 2011 (r17247)
+++ dists/trunk/linux-2.6/debian/config/config Sat Apr 23 17:39:39 2011 (r17248)
@@ -2415,11 +2415,6 @@
CONFIG_AUTOFS_FS=m
##
-## file: drivers/staging/batman-adv/Kconfig
-##
-# CONFIG_BATMAN_ADV is not set
-
-##
## file: drivers/staging/comedi/Kconfig
##
# CONFIG_COMEDI is not set
@@ -3685,6 +3680,11 @@
# CONFIG_NET_9P_DEBUG is not set
##
+## file: net/batman-adv/Kconfig
+##
+CONFIG_BATMAN_ADV=m
+
+##
## file: net/bluetooth/Kconfig
##
CONFIG_BT=m
Copied: dists/trunk/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch (from r17247, dists/sid/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch Sat Apr 23 17:39:39 2011 (r17248, copy of r17247, dists/sid/linux-2.6/debian/patches/bugfix/s390/S390-pfault-fix-token-handling.patch)
@@ -0,0 +1,73 @@
+From: Heiko Carstens <heiko.carstens at de.ibm.com>
+Subject: [S390] pfault: fix token handling
+Date: Tue, 19 Apr 2011 08:34:01 +0200
+
+f6649a7e "[S390] cleanup lowcore access from external interrupts" changed
+handling of external interrupts. Instead of letting the external interrupt
+handlers accessing the per cpu lowcore the entry code of the kernel reads
+already all fields that are necessary and passes them to the handlers.
+The pfault interrupt handler was incorrectly converted. It tries to
+dereference a value which used to be a pointer to a lowcore field. After
+the conversion however it is not anymore the pointer to the field but its
+content. So instead of a dereference only a cast is needed to get the
+task pointer that caused the pfault.
+
+Fixes a NULL pointer dereference and a subsequent kernel crash:
+
+Unable to handle kernel pointer dereference at virtual kernel address (null)
+Oops: 0004 [#1] SMP
+Modules linked in: nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc
+ loop qeth_l3 qeth vmur ccwgroup ext3 jbd mbcache dm_mod
+ dasd_eckd_mod dasd_diag_mod dasd_mod
+CPU: 0 Not tainted 2.6.38-2-s390x #1
+Process cron (pid: 1106, task: 000000001f962f78, ksp: 000000001fa0f9d0)
+Krnl PSW : 0404200180000000 000000000002c03e (pfault_interrupt+0xa2/0x138)
+ R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
+Krnl GPRS: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
+ 000000001f962f78 0000000000518968 0000000090000002 000000001ff03280
+ 0000000000000000 000000000064f000 000000001f962f78 0000000000002603
+ 0000000006002603 0000000000000000 000000001ff7fe68 000000001ff7fe48
+Krnl Code: 000000000002c036: 5820d010 l %r2,16(%r13)
+ 000000000002c03a: 1832 lr %r3,%r2
+ 000000000002c03c: 1a31 ar %r3,%r1
+ >000000000002c03e: ba23d010 cs %r2,%r3,16(%r13)
+ 000000000002c042: a744fffc brc 4,2c03a
+ 000000000002c046: a7290002 lghi %r2,2
+ 000000000002c04a: e320d0000024 stg %r2,0(%r13)
+ 000000000002c050: 07f0 bcr 15,%r0
+Call Trace:
+ ([<000000001f962f78>] 0x1f962f78)
+ [<000000000001acda>] do_extint+0xf6/0x138
+ [<000000000039b6ca>] ext_no_vtime+0x30/0x34
+ [<000000007d706e04>] 0x7d706e04
+Last Breaking-Event-Address:
+ [<0000000000000000>] 0x0
+
+For stable maintainers:
+the first kernel which contains this bug is 2.6.37.
+
+Reported-by: Stephen Powell <zlinuxman at wowway.com>
+Cc: Jonathan Nieder <jrnieder at gmail.com>
+Cc: stable at kernel.org
+Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
+---
+
+ arch/s390/mm/fault.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
+index 9217e33..4cf85fe 100644
+--- a/arch/s390/mm/fault.c
++++ b/arch/s390/mm/fault.c
+@@ -558,9 +558,9 @@ static void pfault_interrupt(unsigned int ext_int_code,
+ * Get the token (= address of the task structure of the affected task).
+ */
+ #ifdef CONFIG_64BIT
+- tsk = *(struct task_struct **) param64;
++ tsk = (struct task_struct *) param64;
+ #else
+- tsk = *(struct task_struct **) param32;
++ tsk = (struct task_struct *) param32;
+ #endif
+
+ if (subcode & 0x0080) {
Modified: dists/trunk/linux-2.6/debian/patches/series/base
==============================================================================
--- dists/trunk/linux-2.6/debian/patches/series/base Sat Apr 23 17:33:58 2011 (r17247)
+++ dists/trunk/linux-2.6/debian/patches/series/base Sat Apr 23 17:39:39 2011 (r17248)
@@ -44,3 +44,4 @@
+ debian/sched-autogroup-disabled.patch
+ bugfix/all/kconfig-Avoid-buffer-underrun-in-choice-input.patch
+ bugfix/all/rt2800-disable-powersaving-as-default.patch
++ bugfix/s390/S390-pfault-fix-token-handling.patch
More information about the Kernel-svn-changes
mailing list