[kernel] r20012 - in dists/sid/linux/debian: . patches patches/bugfix/all patches/bugfix/x86
Ben Hutchings
benh at alioth.debian.org
Sat May 4 17:21:58 UTC 2013
Author: benh
Date: Sat May 4 17:21:58 2013
New Revision: 20012
Log:
Update to 3.8.11
Deleted:
dists/sid/linux/debian/patches/bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch
dists/sid/linux/debian/patches/bugfix/all/kernel-signal.c-use-__ARCH_HAS_SA_RESTORER-instead-o.patch
dists/sid/linux/debian/patches/bugfix/all/signal-fix-use-of-missing-sa_restorer-field.patch
dists/sid/linux/debian/patches/bugfix/x86/KVM-x86-Convert-MSR_KVM_SYSTEM_TIME-to-use-gfn_to_hv.patch
dists/sid/linux/debian/patches/bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch
dists/sid/linux/debian/patches/bugfix/x86/drm-i915-add-quirk-to-invert-brightness-on-emachines-e725.patch
dists/sid/linux/debian/patches/bugfix/x86/drm-i915-add-quirk-to-invert-brightness-on-emachines-g725.patch
dists/sid/linux/debian/patches/bugfix/x86/drm-i915-add-quirk-to-invert-brightness-on-packard-bell-ncl20.patch
Modified:
dists/sid/linux/debian/changelog
dists/sid/linux/debian/patches/bugfix/all/efi_pstore-Introducing-workqueue-updating-sysfs.patch
dists/sid/linux/debian/patches/bugfix/all/efivars-Handle-duplicate-names-from-get_next_variabl.patch
dists/sid/linux/debian/patches/bugfix/all/efivars-explicitly-calculate-length-of-VariableName.patch
dists/sid/linux/debian/patches/series
Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog Sat May 4 02:44:36 2013 (r20011)
+++ dists/sid/linux/debian/changelog Sat May 4 17:21:58 2013 (r20012)
@@ -1,3 +1,108 @@
+linux (3.8.11-1) UNRELEASED; urgency=high
+
+ * New upstream stable update:
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.6
+ - sysfs: fix race between readdir and lseek
+ - sysfs: handle failure path correctly for readdir()
+ - rtlwifi: usb: add missing freeing of skbuff
+ - b43: A fix for DMA transmission sequence errors
+ - tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929)
+ - xen-blkback: fix dispatch_rw_block_io() error path
+ - net/irda: add missing error path release_sock call
+ - usb: xhci: Fix TRB transfer length macro used for Event TRB.
+ - Btrfs: fix locking on ROOT_REPLACE operations in tree mod log
+ - Btrfs: fix race between mmap writes and compression
+ - USB: serial: fix use-after-free in TIOCMIWAIT
+ - loop: prevent bdev freeing while device in use
+ - virtio: console: add locking around c_ovq operations
+ - nfsd4: reject "negative" acl lengths
+ - Btrfs: fix space leak when we fail to reserve metadata space
+ - net: remove a WARN_ON() in net_enable_timestamp()
+ - 8021q: fix a potential use-after-free
+ - unix: fix a race condition in unix_release()
+ - atl1e: drop pci-msi support because of packet corruption
+ (possibly fixes: #577747)
+ - ipv6: fix bad free of addrconf_init_net
+ - ipv6: don't accept multicast traffic with scope 0
+ - ipv6: don't accept node local multicast traffic from the wire
+ - pch_gbe: fix ip_summed checksum reporting on rx
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.7
+ - drm/nouveau: fix handling empty channel list in ioctl's
+ - drm/i915: Be sure to turn hsync/vsync back on at crt enable (v2)
+ (fixes regression in 3.8.3)
+ - drm: correctly restore mappings if drm_open fails
+ - mm: prevent mmap_cache race in find_vma()
+ - mwifiex: limit channel number not to overflow memory
+ - spinlocks and preemption points need to be at least compiler barriers
+ - crypto: gcm - fix assumption that assoc has one segment
+ - NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list
+ - vfio-pci: Fix possible integer overflow
+ - can: gw: use kmem_cache_free() instead of kfree()
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8
+ - ipc: set msg back to -EAGAIN if copy wasn't performed
+ - GFS2: Fix unlock of fcntl locks during withdrawn state
+ - cifs: Allow passwords which begin with a delimitor (fixes
+ regression in 3.8)
+ - [i386] Fix possible incomplete TLB invalidate with PAE pagetables
+ - sched_clock: Prevent 64bit inatomicity on 32bit systems
+ - [x86] mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
+ - tty: don't deadlock while flushing workqueue
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
+ - [powerpc] add a missing label in resume_kernel
+ - [powerpc] kvm/powerpc/e500mc: fix tlb invalidation on cpu migration
+ - kthread: Prevent unpark race which puts threads on the wrong cpu
+ - hrtimer: Don't reinitialize a cpu_base lock on CPU_UP
+ - hugetlbfs: add swap entry check in follow_hugetlb_page()
+ - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
+ - hfsplus: fix potential overflow in hfsplus_file_truncate()
+ - md: raid1,10: Handle REQ_WRITE_SAME flag in write bios
+ - [x86] KVM: Allow cross page reads and writes from cached translations.
+ (fixes regression in fix for CVE-2013-1796)
+ - hsched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s
+ - [armel] Fix kexec by setting outer_cache.inv_all for Feroceon
+ - ath9k_htc: accept 1.x firmware newer than 1.3
+ - mac80211: fix cfg80211 interaction on auth/assoc request
+ - crypto: algif - suppress sending source address information in recvmsg
+ (CVE-2013-3076)
+ - vm: add and use vm_iomap_memory() helper function
+ - Btrfs: make sure nbytes are right after log replay
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.10
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.11
+ - TTY: do not update atime/mtime on read/write
+ - TTY: fix atime/mtime regression
+ - [sparc] sparc64: Fix race in TLB batch processing.
+ - atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222)
+ - ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223)
+ - Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224)
+ - Bluetooth: RFCOMM - Fix missing msg_namelen update in
+ rfcomm_sock_recvmsg() (CVE-2013-3225)
+ - Bluetooth: SCO - Fix missing msg_namelen update in sco_sock_recvmsg()
+ - caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg()
+ (CVE-2013-3227)
+ - irda: Fix missing msg_namelen update in irda_recvmsg_dgram()
+ (CVE-2013-3228)
+ - [s390] iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
+ (CVE-2013-3229)
+ - l2tp: fix info leak in l2tp_ip6_recvmsg()
+ - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231)
+ - netrom: fix info leak via msg_name in nr_recvmsg()
+ - NFC: llcp: fix info leaks via msg_name in llcp_sock_recvmsg()
+ - rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234)
+ - tipc: fix info leaks via msg_name in recv_msg/recv_stream
+ (CVE-2013-3235)
+ - atl1e: limit gso segment size to prevent generation of wrong ip length
+ fields (Closes: #565404)
+ - af_unix: If we don't care about credentials coallesce all messages
+ - ipv6/tcp: Stop processing ICMPv6 redirect messages
+ - rtnetlink: Call nlmsg_parse() with correct header length
+ - tcp: incoming connections might use wrong route under synflood
+ - tcp: Reallocate headroom if it would overflow csum_start
+ - net: cdc_mbim: remove bogus sizeof()
+ - net: fix incorrect credentials passing (CVE-2013-1979)
+ - net: drop dst before queueing fragments
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 04 May 2013 03:45:10 +0100
+
linux (3.8.5-1~experimental.1) experimental; urgency=high
* New upstream stable update:
Modified: dists/sid/linux/debian/patches/bugfix/all/efi_pstore-Introducing-workqueue-updating-sysfs.patch
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/all/efi_pstore-Introducing-workqueue-updating-sysfs.patch Sat May 4 02:44:36 2013 (r20011)
+++ dists/sid/linux/debian/patches/bugfix/all/efi_pstore-Introducing-workqueue-updating-sysfs.patch Sat May 4 17:21:58 2013 (r20012)
@@ -61,8 +61,8 @@
*id = part;
return ret;
-@@ -1670,6 +1674,75 @@ static ssize_t efivar_delete(struct file
- return count;
+@@ -1717,6 +1721,75 @@ static unsigned long var_name_strnsize(e
+ return min(len, variable_name_size);
}
+static bool variable_is_present(efi_char16_t *variable_name, efi_guid_t *vendor)
@@ -137,7 +137,7 @@
/*
* Let's not leave out systab information that snuck into
* the efivars driver
-@@ -2000,6 +2073,8 @@ err_put:
+@@ -2087,6 +2160,8 @@ err_put:
static void __exit
efivars_exit(void)
{
Modified: dists/sid/linux/debian/patches/bugfix/all/efivars-Handle-duplicate-names-from-get_next_variabl.patch
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/all/efivars-Handle-duplicate-names-from-get_next_variabl.patch Sat May 4 02:44:36 2013 (r20011)
+++ dists/sid/linux/debian/patches/bugfix/all/efivars-Handle-duplicate-names-from-get_next_variabl.patch Sat May 4 17:21:58 2013 (r20012)
@@ -70,15 +70,14 @@
Tested-by: Lingzhu Xiang <lxiang at redhat.com>
Cc: Seiji Aguchi <seiji.aguchi at hds.com>
Signed-off-by: Matt Fleming <matt.fleming at intel.com>
+[bwh: Apply only the part not included in 3.8.6]
---
drivers/firmware/efivars.c | 48 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 47 insertions(+), 1 deletion(-)
-diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
-index 1e9d9b9..d64661f 100644
--- a/drivers/firmware/efivars.c
+++ b/drivers/firmware/efivars.c
-@@ -170,6 +170,7 @@ efivar_create_sysfs_entry(struct efivars *efivars,
+@@ -171,6 +171,7 @@ efivar_create_sysfs_entry(struct efivars
static void efivar_update_sysfs_entries(struct work_struct *);
static DECLARE_WORK(efivar_work, efivar_update_sysfs_entries);
@@ -86,7 +85,7 @@
/* Return the number of unicode characters in data */
static unsigned long
-@@ -1444,7 +1445,7 @@ static int efi_pstore_write(enum pstore_type_id type,
+@@ -1435,7 +1436,7 @@ static int efi_pstore_write(enum pstore_
spin_unlock_irqrestore(&efivars->lock, flags);
@@ -95,20 +94,10 @@
schedule_work(&efivar_work);
*id = part;
-@@ -1975,6 +1976,35 @@ void unregister_efivars(struct efivars *efivars)
- }
- EXPORT_SYMBOL_GPL(unregister_efivars);
-
-+/*
-+ * Print a warning when duplicate EFI variables are encountered and
-+ * disable the sysfs workqueue since the firmware is buggy.
-+ */
-+static void dup_variable_bug(efi_char16_t *s16, efi_guid_t *vendor_guid,
-+ unsigned long len16)
-+{
-+ size_t i, len8 = len16 / sizeof(efi_char16_t);
-+ char *s8;
-+
+@@ -1998,6 +1999,13 @@ static void dup_variable_bug(efi_char16_
+ size_t i, len8 = len16 / sizeof(efi_char16_t);
+ char *s8;
+
+ /*
+ * Disable the workqueue since the algorithm it uses for
+ * detecting new variables won't work with this buggy
@@ -116,41 +105,6 @@
+ */
+ efivar_wq_enabled = false;
+
-+ s8 = kzalloc(len8, GFP_KERNEL);
-+ if (!s8)
-+ return;
-+
-+ for (i = 0; i < len8; i++)
-+ s8[i] = s16[i];
-+
-+ printk(KERN_WARNING "efivars: duplicate variable: %s-%pUl\n",
-+ s8, vendor_guid);
-+ kfree(s8);
-+}
-+
- int register_efivars(struct efivars *efivars,
- const struct efivar_operations *ops,
- struct kobject *parent_kobj)
-@@ -2025,6 +2055,22 @@ int register_efivars(struct efivars *efivars,
- case EFI_SUCCESS:
- variable_name_size = var_name_strnsize(variable_name,
- variable_name_size);
-+
-+ /*
-+ * Some firmware implementations return the
-+ * same variable name on multiple calls to
-+ * get_next_variable(). Terminate the loop
-+ * immediately as there is no guarantee that
-+ * we'll ever see a different variable name,
-+ * and may end up looping here forever.
-+ */
-+ if (variable_is_present(variable_name, &vendor_guid)) {
-+ dup_variable_bug(variable_name, &vendor_guid,
-+ variable_name_size);
-+ status = EFI_NOT_FOUND;
-+ break;
-+ }
-+
- efivar_create_sysfs_entry(efivars,
- variable_name_size,
- variable_name,
+ s8 = kzalloc(len8, GFP_KERNEL);
+ if (!s8)
+ return;
Modified: dists/sid/linux/debian/patches/bugfix/all/efivars-explicitly-calculate-length-of-VariableName.patch
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/all/efivars-explicitly-calculate-length-of-VariableName.patch Sat May 4 02:44:36 2013 (r20011)
+++ dists/sid/linux/debian/patches/bugfix/all/efivars-explicitly-calculate-length-of-VariableName.patch Sat May 4 17:21:58 2013 (r20012)
@@ -37,45 +37,14 @@
Cc: Lingzhu Xiang <lxiang at redhat.com>
Cc: Seiji Aguchi <seiji.aguchi at hds.com>
Signed-off-by: Matt Fleming <matt.fleming at intel.com>
+[bwh: Apply only the part not included in 3.8.6]
---
drivers/firmware/efivars.c | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
--- a/drivers/firmware/efivars.c
+++ b/drivers/firmware/efivars.c
-@@ -1044,6 +1044,31 @@ static bool variable_is_present(efi_char
- return found;
- }
-
-+/*
-+ * Returns the size of variable_name, in bytes, including the
-+ * terminating NULL character, or variable_name_size if no NULL
-+ * character is found among the first variable_name_size bytes.
-+ */
-+static unsigned long var_name_strnsize(efi_char16_t *variable_name,
-+ unsigned long variable_name_size)
-+{
-+ unsigned long len;
-+ efi_char16_t c;
-+
-+ /*
-+ * The variable name is, by definition, a NULL-terminated
-+ * string, so make absolutely sure that variable_name_size is
-+ * the value we expect it to be. If not, return the real size.
-+ */
-+ for (len = 2; len <= variable_name_size; len += sizeof(c)) {
-+ c = variable_name[(len / sizeof(c)) - 1];
-+ if (!c)
-+ break;
-+ }
-+
-+ return min(len, variable_name_size);
-+}
-+
- static void efivar_update_sysfs_entries(struct work_struct *work)
- {
- struct efivars *efivars = &__efivars;
-@@ -1084,10 +1109,13 @@ static void efivar_update_sysfs_entries(
+@@ -1783,10 +1783,13 @@ static void efivar_update_sysfs_entries(
if (!found) {
kfree(variable_name);
break;
@@ -90,12 +59,3 @@
}
}
-@@ -1318,6 +1346,8 @@ int register_efivars(struct efivars *efi
- &vendor_guid);
- switch (status) {
- case EFI_SUCCESS:
-+ variable_name_size = var_name_strnsize(variable_name,
-+ variable_name_size);
- efivar_create_sysfs_entry(efivars,
- variable_name_size,
- variable_name,
Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series Sat May 4 02:44:36 2013 (r20011)
+++ dists/sid/linux/debian/patches/series Sat May 4 17:21:58 2013 (r20012)
@@ -70,21 +70,13 @@
bugfix/ia64/nouveau-ACPI-support-is-dependent-on-X86.patch
debian/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
-bugfix/x86/drm-i915-add-quirk-to-invert-brightness-on-emachines-g725.patch
-bugfix/x86/drm-i915-add-quirk-to-invert-brightness-on-emachines-e725.patch
-bugfix/x86/drm-i915-add-quirk-to-invert-brightness-on-packard-bell-ncl20.patch
bugfix/all/mm-Try-harder-to-allocate-vmemmap-blocks.patch
features/all/alx/alx-update-for-3.8.patch
bugfix/mips/mips-add-dependencies-for-have_arch_transparent_hugepage.patch
-bugfix/all/signal-fix-use-of-missing-sa_restorer-field.patch
-bugfix/all/kernel-signal.c-use-__ARCH_HAS_SA_RESTORER-instead-o.patch
debian/efi-autoload-efivars.patch
bugfix/all/efi_pstore-Introducing-workqueue-updating-sysfs.patch
bugfix/all/efivars-explicitly-calculate-length-of-VariableName.patch
bugfix/all/efivars-Handle-duplicate-names-from-get_next_variabl.patch
debian/efivars-remove-check-for-50-full-on-write.patch
-bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch
-bugfix/x86/KVM-x86-Convert-MSR_KVM_SYSTEM_TIME-to-use-gfn_to_hv.patch
-bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch
debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch
More information about the Kernel-svn-changes
mailing list