[kernel] r18527 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/features/all patches/series
Ben Hutchings
benh at alioth.debian.org
Sun Jan 15 03:37:14 UTC 2012
Author: benh
Date: Sun Jan 15 03:37:09 2012
New Revision: 18527
Log:
Refine the mainline fix for CVE-2011-4127, based on mainline Linux
Added:
dists/squeeze/linux-2.6/debian/patches/bugfix/all/add-scsi_cmd_blk_ioctl-wrapper-2.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices-2.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/all/treat-lvs-on-one-pv-like-a-partition-2.patch
dists/squeeze/linux-2.6/debian/patches/features/all/kernel.h-add-printk_ratelimited-and-pr_-level-_rl.patch
Modified:
dists/squeeze/linux-2.6/debian/changelog
dists/squeeze/linux-2.6/debian/patches/series/41
Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog Sat Jan 14 14:39:30 2012 (r18526)
+++ dists/squeeze/linux-2.6/debian/changelog Sun Jan 15 03:37:09 2012 (r18527)
@@ -19,6 +19,12 @@
For the complete list of changes, see:
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.54
and the bug report which this closes: #655816.
+ * Refine the fix for CVE-2011-4127, based on mainline Linux:
+ - Do not restrict processes that have CAP_SYS_RAWIO
+ - Log a warning when an ioctl is forbidden (with rate-limiting,
+ and excluding CDROM_GET_CAPABILITY)
+ - Fix the ide-floppy and ub drivers
+ - Fix the ub driver properly (not included in Debian configurations)
[ Ian Campbell ]
* xen: Set XEN_MAX_DOMAIN_MEMORY to 70G for 64 bit domains. (Closes: #645052)
Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/add-scsi_cmd_blk_ioctl-wrapper-2.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/add-scsi_cmd_blk_ioctl-wrapper-2.patch Sun Jan 15 03:37:09 2012 (r18527)
@@ -0,0 +1,163 @@
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Thu, 12 Jan 2012 16:01:27 +0100
+Subject: [PATCH 1/3] block: add and use scsi_blk_cmd_ioctl
+
+commit 577ebb374c78314ac4617242f509e2f5e7156649 upstream.
+
+Introduce a wrapper around scsi_cmd_ioctl that takes a block device.
+
+The function will then be enhanced to detect partition block devices
+and, in that case, subject the ioctls to whitelisting.
+
+Cc: linux-scsi at vger.kernel.org
+Cc: Jens Axboe <axboe at kernel.dk>
+Cc: James Bottomley <JBottomley at parallels.com>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+[bwh: Backport to 2.6.32 - adjust context]
+---
+ block/scsi_ioctl.c | 7 +++++++
+ drivers/block/cciss.c | 6 +++---
+ drivers/block/ub.c | 3 +--
+ drivers/block/virtio_blk.c | 4 ++--
+ drivers/cdrom/cdrom.c | 3 +--
+ drivers/ide/ide-floppy_ioctl.c | 3 +--
+ drivers/scsi/sd.c | 2 +-
+ include/linux/blkdev.h | 2 ++
+ 8 files changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
+index 1d5a780..114ee29 100644
+--- a/block/scsi_ioctl.c
++++ b/block/scsi_ioctl.c
+@@ -689,6 +689,13 @@ int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mod
+ }
+ EXPORT_SYMBOL(scsi_cmd_ioctl);
+
++int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
++ unsigned int cmd, void __user *arg)
++{
++ return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
++}
++EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
++
+ int __init blk_scsi_ioctl_init(void)
+ {
+ blk_set_cmd_filter_defaults(&blk_default_cmd_filter);
+diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
+index ca9c548..68b90d9 100644
+--- a/drivers/block/cciss.c
++++ b/drivers/block/cciss.c
+@@ -1583,7 +1583,7 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
+ return status;
+ }
+
+- /* scsi_cmd_ioctl handles these, below, though some are not */
++ /* scsi_cmd_blk_ioctl handles these, below, though some are not */
+ /* very meaningful for cciss. SG_IO is the main one people want. */
+
+ case SG_GET_VERSION_NUM:
+@@ -1594,9 +1594,9 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
+ case SG_EMULATED_HOST:
+ case SG_IO:
+ case SCSI_IOCTL_SEND_COMMAND:
+- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp);
++ return scsi_cmd_blk_ioctl(bdev, mode, cmd, argp);
+
+- /* scsi_cmd_ioctl would normally handle these, below, but */
++ /* scsi_cmd_blk_ioctl would normally handle these, below, but */
+ /* they aren't a good fit for cciss, as CD-ROMs are */
+ /* not supported, and we don't have any bus/target/lun */
+ /* which we present to the kernel. */
+diff --git a/drivers/block/ub.c b/drivers/block/ub.c
+index c739b20..c6ac1b2 100644
+--- a/drivers/block/ub.c
++++ b/drivers/block/ub.c
+@@ -1726,10 +1726,9 @@ static int ub_bd_release(struct gendisk *disk, fmode_t mode)
+ static int ub_bd_ioctl(struct block_device *bdev, fmode_t mode,
+ unsigned int cmd, unsigned long arg)
+ {
+- struct gendisk *disk = bdev->bd_disk;
+ void __user *usermem = (void __user *) arg;
+
+- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, usermem);
++ return scsi_cmd_blk_ioctl(bdev, mode, cmd, usermem);
+ }
+
+ /*
+diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
+index 51042f0ba7..44d019b 100644
+--- a/drivers/block/virtio_blk.c
++++ b/drivers/block/virtio_blk.c
+@@ -200,8 +200,8 @@ static int virtblk_ioctl(struct block_device *bdev, fmode_t mode,
+ if (!virtio_has_feature(vblk->vdev, VIRTIO_BLK_F_SCSI))
+ return -ENOTTY;
+
+- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd,
+- (void __user *)data);
++ return scsi_cmd_blk_ioctl(bdev, mode, cmd,
++ (void __user *)data);
+ }
+
+ /* We provide getgeo only to please some old bootloader/partitioning tools */
+diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
+index 614da5b..59cccc9 100644
+--- a/drivers/cdrom/cdrom.c
++++ b/drivers/cdrom/cdrom.c
+@@ -2684,12 +2684,11 @@ int cdrom_ioctl(struct cdrom_device_info *cdi, struct block_device *bdev,
+ {
+ void __user *argp = (void __user *)arg;
+ int ret;
+- struct gendisk *disk = bdev->bd_disk;
+
+ /*
+ * Try the generic SCSI command ioctl's first.
+ */
+- ret = scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp);
++ ret = scsi_cmd_blk_ioctl(bdev, mode, cmd, argp);
+ if (ret != -ENOTTY)
+ return ret;
+
+diff --git a/drivers/ide/ide-floppy_ioctl.c b/drivers/ide/ide-floppy_ioctl.c
+index 9c22882..05f024c 100644
+--- a/drivers/ide/ide-floppy_ioctl.c
++++ b/drivers/ide/ide-floppy_ioctl.c
+@@ -287,8 +287,7 @@ int ide_floppy_ioctl(ide_drive_t *drive, struct block_device *bdev,
+ * and CDROM_SEND_PACKET (legacy) ioctls
+ */
+ if (cmd != CDROM_SEND_PACKET && cmd != SCSI_IOCTL_SEND_COMMAND)
+- err = scsi_cmd_ioctl(bdev->bd_disk->queue, bdev->bd_disk,
+- mode, cmd, argp);
++ err = scsi_cmd_blk_ioctl(bdev, mode, cmd, argp);
+
+ if (err == -ENOTTY)
+ err = generic_ide_ioctl(drive, bdev, cmd, arg);
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
+index 160b47e..a5f3728 100644
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -840,7 +840,7 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode,
+ case SCSI_IOCTL_GET_BUS_NUMBER:
+ return scsi_ioctl(sdp, cmd, p);
+ default:
+- error = scsi_cmd_ioctl(disk->queue, disk, mode, cmd, p);
++ error = scsi_cmd_blk_ioctl(bdev, mode, cmd, p);
+ if (error != -ENOTTY)
+ return error;
+ }
+diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
+index 57da328..025b78b 100644
+--- a/include/linux/blkdev.h
++++ b/include/linux/blkdev.h
+@@ -779,6 +779,8 @@ extern void blk_plug_device(struct request_queue *);
+ extern void blk_plug_device_unlocked(struct request_queue *);
+ extern int blk_remove_plug(struct request_queue *);
+ extern void blk_recount_segments(struct request_queue *, struct bio *);
++extern int scsi_cmd_blk_ioctl(struct block_device *, fmode_t,
++ unsigned int, void __user *);
+ extern int scsi_cmd_ioctl(struct request_queue *, struct gendisk *, fmode_t,
+ unsigned int, void __user *);
+ extern int sg_scsi_ioctl(struct request_queue *, struct gendisk *, fmode_t,
+--
+1.7.8.2
+
Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices-2.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices-2.patch Sun Jan 15 03:37:09 2012 (r18527)
@@ -0,0 +1,162 @@
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Thu, 12 Jan 2012 16:01:28 +0100
+Subject: [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices
+
+commit 0bfc96cb77224736dfa35c3c555d37b3646ef35e upstream.
+
+Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
+will pass the command to the underlying block device. This is
+well-known, but it is also a large security problem when (via Unix
+permissions, ACLs, SELinux or a combination thereof) a program or user
+needs to be granted access only to part of the disk.
+
+This patch lets partitions forward a small set of harmless ioctls;
+others are logged with printk so that we can see which ioctls are
+actually sent. In my tests only CDROM_GET_CAPABILITY actually occurred.
+Of course it was being sent to a (partition on a) hard disk, so it would
+have failed with ENOTTY and the patch isn't changing anything in
+practice. Still, I'm treating it specially to avoid spamming the logs.
+
+In principle, this restriction should include programs running with
+CAP_SYS_RAWIO. If for example I let a program access /dev/sda2 and
+/dev/sdb, it still should not be able to read/write outside the
+boundaries of /dev/sda2 independent of the capabilities. However, for
+now programs with CAP_SYS_RAWIO will still be allowed to send the
+ioctls. Their actions will still be logged.
+
+This patch does not affect the non-libata IDE driver. That driver
+however already tests for bd != bd->bd_contains before issuing some
+ioctl; it could be restricted further to forbid these ioctls even for
+programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.
+
+Cc: linux-scsi at vger.kernel.org
+Cc: Jens Axboe <axboe at kernel.dk>
+Cc: James Bottomley <JBottomley at parallels.com>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+[ Make it also print the command name when warning - Linus ]
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+[bwh: Backport to 2.6.32 - ENOIOCTLCMD does not get converted to
+ ENOTTY, so we must return ENOTTY directly]
+---
+ block/scsi_ioctl.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ drivers/scsi/sd.c | 11 +++++++++--
+ include/linux/blkdev.h | 1 +
+ 3 files changed, 55 insertions(+), 2 deletions(-)
+
+diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
+index 114ee29..2be0a97 100644
+--- a/block/scsi_ioctl.c
++++ b/block/scsi_ioctl.c
+@@ -24,6 +24,7 @@
+ #include <linux/capability.h>
+ #include <linux/completion.h>
+ #include <linux/cdrom.h>
++#include <linux/ratelimit.h>
+ #include <linux/slab.h>
+ #include <linux/times.h>
+ #include <asm/uaccess.h>
+@@ -689,9 +690,53 @@ int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mod
+ }
+ EXPORT_SYMBOL(scsi_cmd_ioctl);
+
++int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
++{
++ if (bd && bd == bd->bd_contains)
++ return 0;
++
++ /* Actually none of these is particularly useful on a partition,
++ * but they are safe.
++ */
++ switch (cmd) {
++ case SCSI_IOCTL_GET_IDLUN:
++ case SCSI_IOCTL_GET_BUS_NUMBER:
++ case SCSI_IOCTL_GET_PCI:
++ case SCSI_IOCTL_PROBE_HOST:
++ case SG_GET_VERSION_NUM:
++ case SG_SET_TIMEOUT:
++ case SG_GET_TIMEOUT:
++ case SG_GET_RESERVED_SIZE:
++ case SG_SET_RESERVED_SIZE:
++ case SG_EMULATED_HOST:
++ return 0;
++ case CDROM_GET_CAPABILITY:
++ /* Keep this until we remove the printk below. udev sends it
++ * and we do not want to spam dmesg about it. CD-ROMs do
++ * not have partitions, so we get here only for disks.
++ */
++ return -ENOTTY;
++ default:
++ break;
++ }
++
++ /* In particular, rule out all resets and host-specific ioctls. */
++ printk_ratelimited(KERN_WARNING
++ "%s: sending ioctl %x to a partition!\n", current->comm, cmd);
++
++ return capable(CAP_SYS_RAWIO) ? 0 : -ENOTTY;
++}
++EXPORT_SYMBOL(scsi_verify_blk_ioctl);
++
+ int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
+ unsigned int cmd, void __user *arg)
+ {
++ int ret;
++
++ ret = scsi_verify_blk_ioctl(bd, cmd);
++ if (ret < 0)
++ return ret;
++
+ return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
+ }
+ EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
+index a5f3728..4219572 100644
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -819,6 +819,10 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode,
+ SCSI_LOG_IOCTL(1, printk("sd_ioctl: disk=%s, cmd=0x%x\n",
+ disk->disk_name, cmd));
+
++ error = scsi_verify_blk_ioctl(bdev, cmd);
++ if (error < 0)
++ return error;
++
+ /*
+ * If we are in the middle of error recovery, don't let anyone
+ * else try and use this device. Also, if error recovery fails, it
+@@ -998,6 +1002,11 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode,
+ unsigned int cmd, unsigned long arg)
+ {
+ struct scsi_device *sdev = scsi_disk(bdev->bd_disk)->device;
++ int ret;
++
++ ret = scsi_verify_blk_ioctl(bdev, cmd);
++ if (ret < 0)
++ return ret;
+
+ /*
+ * If we are in the middle of error recovery, don't let anyone
+@@ -1009,8 +1018,6 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode,
+ return -ENODEV;
+
+ if (sdev->host->hostt->compat_ioctl) {
+- int ret;
+-
+ ret = sdev->host->hostt->compat_ioctl(sdev, cmd, (void __user *)arg);
+
+ return ret;
+diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
+index 025b78b..09beade 100644
+--- a/include/linux/blkdev.h
++++ b/include/linux/blkdev.h
+@@ -779,6 +779,7 @@ extern void blk_plug_device(struct request_queue *);
+ extern void blk_plug_device_unlocked(struct request_queue *);
+ extern int blk_remove_plug(struct request_queue *);
+ extern void blk_recount_segments(struct request_queue *, struct bio *);
++extern int scsi_verify_blk_ioctl(struct block_device *, unsigned int);
+ extern int scsi_cmd_blk_ioctl(struct block_device *, fmode_t,
+ unsigned int, void __user *);
+ extern int scsi_cmd_ioctl(struct request_queue *, struct gendisk *, fmode_t,
+--
+1.7.8.2
+
Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/treat-lvs-on-one-pv-like-a-partition-2.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/treat-lvs-on-one-pv-like-a-partition-2.patch Sun Jan 15 03:37:09 2012 (r18527)
@@ -0,0 +1,65 @@
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Thu, 12 Jan 2012 16:01:29 +0100
+Subject: [PATCH 3/3] dm: do not forward ioctls from logical volumes to the
+ underlying device
+
+commit ec8013beddd717d1740cfefb1a9b900deef85462 upstream.
+
+A logical volume can map to just part of underlying physical volume.
+In this case, it must be treated like a partition.
+
+Based on a patch from Alasdair G Kergon.
+
+Cc: Alasdair G Kergon <agk at redhat.com>
+Cc: dm-devel at redhat.com
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+[bwh: Backport to 2.6.32 - drop change to drivers/md/dm-flakey.c]
+---
+ drivers/md/dm-linear.c | 12 +++++++++++-
+ drivers/md/dm-mpath.c | 6 ++++++
+ 2 files changed, 17 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/md/dm-linear.c b/drivers/md/dm-linear.c
+index 82f7d6e..7ab302d 100644
+--- a/drivers/md/dm-linear.c
++++ b/drivers/md/dm-linear.c
+@@ -116,7 +116,17 @@ static int linear_ioctl(struct dm_target *ti, unsigned int cmd,
+ unsigned long arg)
+ {
+ struct linear_c *lc = (struct linear_c *) ti->private;
+- return __blkdev_driver_ioctl(lc->dev->bdev, lc->dev->mode, cmd, arg);
++ struct dm_dev *dev = lc->dev;
++ int r = 0;
++
++ /*
++ * Only pass ioctls through if the device sizes match exactly.
++ */
++ if (lc->start ||
++ ti->len != i_size_read(dev->bdev->bd_inode) >> SECTOR_SHIFT)
++ r = scsi_verify_blk_ioctl(NULL, cmd);
++
++ return r ? : __blkdev_driver_ioctl(dev->bdev, dev->mode, cmd, arg);
+ }
+
+ static int linear_merge(struct dm_target *ti, struct bvec_merge_data *bvm,
+diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
+index b03cd39..4ec5fe2 100644
+--- a/drivers/md/dm-mpath.c
++++ b/drivers/md/dm-mpath.c
+@@ -1464,6 +1464,12 @@ static int multipath_ioctl(struct dm_target *ti, unsigned int cmd,
+
+ spin_unlock_irqrestore(&m->lock, flags);
+
++ /*
++ * Only pass ioctls through if the device sizes match exactly.
++ */
++ if (!r && ti->len != i_size_read(bdev->bd_inode) >> SECTOR_SHIFT)
++ r = scsi_verify_blk_ioctl(NULL, cmd);
++
+ return r ? : __blkdev_driver_ioctl(bdev, mode, cmd, arg);
+ }
+
+--
+1.7.8.2
+
Added: dists/squeeze/linux-2.6/debian/patches/features/all/kernel.h-add-printk_ratelimited-and-pr_-level-_rl.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/features/all/kernel.h-add-printk_ratelimited-and-pr_-level-_rl.patch Sun Jan 15 03:37:09 2012 (r18527)
@@ -0,0 +1,81 @@
+From: Joe Perches <joe at perches.com>
+Date: Mon, 14 Dec 2009 18:00:25 -0800
+Subject: [PATCH] kernel.h: add printk_ratelimited and pr_<level>_rl
+
+commit 8a64f336bc1d4aa203b138d29d5a9c414a9fbb47 upstream.
+
+Add a printk_ratelimited statement expression macro that uses a per-call
+ratelimit_state so that multiple subsystems output messages are not
+suppressed by a global __ratelimit state.
+
+[akpm at linux-foundation.org: coding-style fixes]
+[akpm at linux-foundation.org: s/_rl/_ratelimited/g]
+Signed-off-by: Joe Perches <joe at perches.com>
+Cc: Naohiro Ooiwa <nooiwa at miraclelinux.com>
+Cc: Ingo Molnar <mingo at elte.hu>
+Cc: Hiroshi Shimamoto <h-shimamoto at ct.jp.nec.com>
+Cc: Peter Zijlstra <a.p.zijlstra at chello.nl>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ include/linux/kernel.h | 44 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 44 insertions(+), 0 deletions(-)
+
+diff --git a/include/linux/kernel.h b/include/linux/kernel.h
+index 910db75..4d9c916 100644
+--- a/include/linux/kernel.h
++++ b/include/linux/kernel.h
+@@ -405,6 +405,50 @@ static inline char *pack_hex_byte(char *buf, u8 byte)
+ #endif
+
+ /*
++ * ratelimited messages with local ratelimit_state,
++ * no local ratelimit_state used in the !PRINTK case
++ */
++#ifdef CONFIG_PRINTK
++#define printk_ratelimited(fmt, ...) ({ \
++ static struct ratelimit_state _rs = { \
++ .interval = DEFAULT_RATELIMIT_INTERVAL, \
++ .burst = DEFAULT_RATELIMIT_BURST, \
++ }; \
++ \
++ if (!__ratelimit(&_rs)) \
++ printk(fmt, ##__VA_ARGS__); \
++})
++#else
++/* No effect, but we still get type checking even in the !PRINTK case: */
++#define printk_ratelimited printk
++#endif
++
++#define pr_emerg_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_EMERG pr_fmt(fmt), ##__VA_ARGS__)
++#define pr_alert_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_ALERT pr_fmt(fmt), ##__VA_ARGS__)
++#define pr_crit_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_CRIT pr_fmt(fmt), ##__VA_ARGS__)
++#define pr_err_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
++#define pr_warning_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
++#define pr_notice_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_NOTICE pr_fmt(fmt), ##__VA_ARGS__)
++#define pr_info_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
++/* no pr_cont_ratelimited, don't do that... */
++/* If you are writing a driver, please use dev_dbg instead */
++#if defined(DEBUG)
++#define pr_debug_ratelimited(fmt, ...) \
++ printk_ratelimited(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
++#else
++#define pr_debug_ratelimited(fmt, ...) \
++ ({ if (0) printk_ratelimited(KERN_DEBUG pr_fmt(fmt), \
++ ##__VA_ARGS__); 0; })
++#endif
++
++/*
+ * General tracing related utility functions - trace_printk(),
+ * tracing_on/tracing_off and tracing_start()/tracing_stop
+ *
+--
+1.7.8.2
+
Modified: dists/squeeze/linux-2.6/debian/patches/series/41
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/41 Sat Jan 14 14:39:30 2012 (r18526)
+++ dists/squeeze/linux-2.6/debian/patches/series/41 Sun Jan 15 03:37:09 2012 (r18527)
@@ -8,3 +8,13 @@
- debian/firmware-Avoid-ABI-change-in-2.6.32.17.patch
+ debian/firmware-Avoid-ABI-change-in-2.6.32.17-2.patch
+ bugfix/all/stable/2.6.32.54.patch
+
+# Use something closer to mainline fix for CVE-2011-4127
+- bugfix/all/revert-ub_bd_ioctl-removal.patch
+- bugfix/all/treat-lvs-on-one-pv-like-a-partition.patch
+- bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices.patch
+- bugfix/all/add-scsi_cmd_blk_ioctl-wrapper.patch
++ features/all/kernel.h-add-printk_ratelimited-and-pr_-level-_rl.patch
++ bugfix/all/add-scsi_cmd_blk_ioctl-wrapper-2.patch
++ bugfix/all/limit-ioctls-forwarded-to-non-scsi-devices-2.patch
++ bugfix/all/treat-lvs-on-one-pv-like-a-partition-2.patch
More information about the Kernel-svn-changes
mailing list