[kernel] r20198 - in dists/wheezy/linux: . debian debian/config debian/patches debian/patches/bugfix/all

Ben Hutchings benh at alioth.debian.org
Wed Jun 5 01:41:26 UTC 2013 

Author: benh
Date: Wed Jun  5 01:41:25 2013
New Revision: 20198

Log:
Merge changes from wheezey-security up to 3.2.41-2deb7u2

Added:
   dists/wheezy/linux/debian/patches/bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch
      - copied unchanged from r20197, dists/wheezy-security/linux/debian/patches/bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch
   dists/wheezy/linux/debian/patches/bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch
      - copied unchanged from r20197, dists/wheezy-security/linux/debian/patches/bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch
Modified:
   dists/wheezy/linux/   (props changed)
   dists/wheezy/linux/debian/changelog
   dists/wheezy/linux/debian/config/defines
   dists/wheezy/linux/debian/patches/series

Modified: dists/wheezy/linux/debian/changelog
==============================================================================
--- dists/wheezy/linux/debian/changelog	Mon Jun  3 13:21:38 2013	(r20197)
+++ dists/wheezy/linux/debian/changelog	Wed Jun  5 01:41:25 2013	(r20198)
@@ -157,6 +157,44 @@
 
  -- Ben Hutchings <ben at decadent.org.uk>  Wed, 27 Mar 2013 14:10:40 +0000
 
+linux (3.2.41-2+deb7u2) wheezy-security; urgency=high
+
+  * s390/kvm: Ignore ABI changes, it should not be used OOT
+
+ -- dann frazier <dannf at debian.org>  Wed, 15 May 2013 12:07:33 -0600
+
+linux (3.2.41-2+deb7u1) wheezy-security; urgency=high
+
+  [ dann frazier ]
+  * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094)
+  * TTY: fix timing leak with /dev/ptmx (CVE-2013-0160)
+  * ext4: avoid hang when mounting non-journal filesystems with orphan list
+    (CVE-2013-2015)
+  * crypto: algif - suppress sending source address information in recvmsg
+    (CVE-2013-3076)
+  * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222)
+  * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223)
+  * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224)
+  * Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg()
+    (CVE-2013-3225)
+  * caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg()
+    (CVE-2013-3227)
+  * irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (CVE-2013-3228)
+  * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (CVE-2013-3229)
+  * llc: Fix missing msg_namelen update in  llc_ui_recvmsg() (CVE-2013-3231)
+  * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234)
+  * tipc: fix info leaks via msg_name in  recv_msg/recv_stream (CVE-2013-3235)
+  * tracing: Fix possible NULL pointer dereferences (CVE-2013-3301)
+  
+  [ Ben Hutchings ]
+  * [x86] KVM: Allow cross page reads and writes from cached translations.
+    (fixes regression in fix for CVE-2013-1796)
+  * net: fix incorrect credentials passing (CVE-2013-1979)
+  * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929)
+  * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
+
+ -- dann frazier <dannf at debian.org>  Tue, 14 May 2013 22:17:43 -0600
+
 linux (3.2.41-2) unstable; urgency=low
 
   * [ia64] udeb: Remove efi-modules package; make kernel-image provide

Modified: dists/wheezy/linux/debian/config/defines
==============================================================================
--- dists/wheezy/linux/debian/config/defines	Mon Jun  3 13:21:38 2013	(r20197)
+++ dists/wheezy/linux/debian/config/defines	Wed Jun  5 01:41:25 2013	(r20198)
@@ -49,6 +49,7 @@
  unregister_efivars
 # Should not be used from OOT
  module:drivers/usb/serial/*
+ module:arch/s390/kvm/kvm
 
 [base]
 arches:

Copied: dists/wheezy/linux/debian/patches/bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch (from r20197, dists/wheezy-security/linux/debian/patches/bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch	Wed Jun  5 01:41:25 2013	(r20198, copy of r20197, dists/wheezy-security/linux/debian/patches/bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch)
@@ -0,0 +1,46 @@
+From 0e9a9a1ad619e7e987815d20262d36a2f95717ca Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso at mit.edu>
+Date: Thu, 27 Dec 2012 01:42:50 -0500
+Subject: [PATCH] ext4: avoid hang when mounting non-journal filesystems with
+ orphan list
+
+When trying to mount a file system which does not contain a journal,
+but which does have a orphan list containing an inode which needs to
+be truncated, the mount call with hang forever in
+ext4_orphan_cleanup() because ext4_orphan_del() will return
+immediately without removing the inode from the orphan list, leading
+to an uninterruptible loop in kernel code which will busy out one of
+the CPU's on the system.
+
+This can be trivially reproduced by trying to mount the file system
+found in tests/f_orphan_extents_inode/image.gz from the e2fsprogs
+source tree.  If a malicious user were to put this on a USB stick, and
+mount it on a Linux desktop which has automatic mounts enabled, this
+could be considered a potential denial of service attack.  (Not a big
+deal in practice, but professional paranoids worry about such things,
+and have even been known to allocate CVE numbers for such problems.)
+
+Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
+Reviewed-by: Zheng Liu <wenqing.lz at taobao.com>
+Cc: stable at vger.kernel.org
+---
+ fs/ext4/namei.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
+index cac4482..8990165 100644
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -2648,7 +2648,8 @@ int ext4_orphan_del(handle_t *handle, struct inode *inode)
+ 	struct ext4_iloc iloc;
+ 	int err = 0;
+ 
+-	if (!EXT4_SB(inode->i_sb)->s_journal)
++	if ((!EXT4_SB(inode->i_sb)->s_journal) &&
++	    !(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_ORPHAN_FS))
+ 		return 0;
+ 
+ 	mutex_lock(&EXT4_SB(inode->i_sb)->s_orphan_lock);
+-- 
+1.7.10.4
+

Copied: dists/wheezy/linux/debian/patches/bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch (from r20197, dists/wheezy-security/linux/debian/patches/bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch	Wed Jun  5 01:41:25 2013	(r20198, copy of r20197, dists/wheezy-security/linux/debian/patches/bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch)
@@ -0,0 +1,50 @@
+From c9b92530a723ac5ef8e352885a1862b18f31b2f5 Mon Sep 17 00:00:00 2001
+From: Anatol Pomozov <anatol.pomozov at gmail.com>
+Date: Tue, 18 Sep 2012 13:38:59 -0400
+Subject: [PATCH] ext4: make orphan functions be no-op in no-journal mode
+
+Instead of checking whether the handle is valid, we check if journal
+is enabled. This avoids taking the s_orphan_lock mutex in all cases
+when there is no journal in use, including the error paths where
+ext4_orphan_del() is called with a handle set to NULL.
+
+Signed-off-by: Anatol Pomozov <anatol.pomozov at gmail.com>
+Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
+---
+ fs/ext4/namei.c |    7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
+index 37c03b3..8f4bda7 100644
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -2369,7 +2369,7 @@ int ext4_orphan_add(handle_t *handle, struct inode *inode)
+ 	struct ext4_iloc iloc;
+ 	int err = 0, rc;
+ 
+-	if (!ext4_handle_valid(handle))
++	if (!EXT4_SB(sb)->s_journal)
+ 		return 0;
+ 
+ 	mutex_lock(&EXT4_SB(sb)->s_orphan_lock);
+@@ -2443,8 +2443,7 @@ int ext4_orphan_del(handle_t *handle, struct inode *inode)
+ 	struct ext4_iloc iloc;
+ 	int err = 0;
+ 
+-	/* ext4_handle_valid() assumes a valid handle_t pointer */
+-	if (handle && !ext4_handle_valid(handle))
++	if (!EXT4_SB(inode->i_sb)->s_journal)
+ 		return 0;
+ 
+ 	mutex_lock(&EXT4_SB(inode->i_sb)->s_orphan_lock);
+@@ -2463,7 +2462,7 @@ int ext4_orphan_del(handle_t *handle, struct inode *inode)
+ 	 * transaction handle with which to update the orphan list on
+ 	 * disk, but we still need to remove the inode from the linked
+ 	 * list in memory. */
+-	if (sbi->s_journal && !handle)
++	if (!handle)
+ 		goto out;
+ 
+ 	err = ext4_reserve_inode_write(handle, inode, &iloc);
+-- 
+1.7.10.4

Modified: dists/wheezy/linux/debian/patches/series
==============================================================================
--- dists/wheezy/linux/debian/patches/series	Mon Jun  3 13:21:38 2013	(r20197)
+++ dists/wheezy/linux/debian/patches/series	Wed Jun  5 01:41:25 2013	(r20198)
@@ -629,3 +629,6 @@
 debian/inet_frag-avoid-abi-change-in-3.2.42.patch
 debian/x86-mm-avoid-abi-change-in-3.2.44.patch
 features/all/cpu-devices/cpufreq-Longhaul-Disable-driver-by-default.patch
+
+bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch
+bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch

More information about the Kernel-svn-changes mailing list