[kernel] r22502 - in dists/wheezy/linux/debian: . config patches patches/bugfix/all patches/bugfix/x86
Ben Hutchings
benh at moszumanska.debian.org
Mon Apr 13 00:59:52 UTC 2015
Author: benh
Date: Mon Apr 13 00:59:51 2015
New Revision: 22502
Log:
Add various security fixes
Added:
dists/wheezy/linux/debian/patches/bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch
dists/wheezy/linux/debian/patches/bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch
dists/wheezy/linux/debian/patches/bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch
dists/wheezy/linux/debian/patches/bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch
dists/wheezy/linux/debian/patches/bugfix/all/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_e.patch
dists/wheezy/linux/debian/patches/bugfix/all/xen-pciback-limit-guest-control-of-command-register.patch
dists/wheezy/linux/debian/patches/bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch
Modified:
dists/wheezy/linux/debian/changelog
dists/wheezy/linux/debian/config/defines
dists/wheezy/linux/debian/patches/series
Modified: dists/wheezy/linux/debian/changelog
==============================================================================
--- dists/wheezy/linux/debian/changelog Mon Apr 13 00:40:50 2015 (r22501)
+++ dists/wheezy/linux/debian/changelog Mon Apr 13 00:59:51 2015 (r22502)
@@ -1,3 +1,19 @@
+linux (3.2.68-2) UNRELEASED; urgency=medium
+
+ * IB/core: Prevent integer overflow in ib_umem_get address arithmetic
+ (CVE-2014-8159)
+ * netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
+ (CVE-2014-9715)
+ * net: llc: use correct size for sysctl timeout entries (CVE-2015-2041)
+ * net: rds: use correct size for max unacked packets and bytes
+ (CVE-2015-2042)
+ * xen-pciback: limit guest control of command register (CVE-2015-2150)
+ * [amd64] asm/entry: Remove a bogus 'ret_from_fork' optimization
+ (CVE-2015-2830)
+ * ipv6: Don't reduce hop limit for an interface (CVE-2015-2922)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 13 Apr 2015 00:33:14 +0100
+
linux (3.2.68-1) wheezy; urgency=medium
* New upstream stable update:
Modified: dists/wheezy/linux/debian/config/defines
==============================================================================
--- dists/wheezy/linux/debian/config/defines Mon Apr 13 00:40:50 2015 (r22501)
+++ dists/wheezy/linux/debian/config/defines Mon Apr 13 00:59:51 2015 (r22502)
@@ -71,6 +71,10 @@
tcp_put_md5sig_pool
module:sound/i2c/other/snd-ak4113
module:sound/i2c/other/snd-ak4114
+ module:net/ipv4/netfilter/nf_conntrac*
+ module:net/ipv4/netfilter/nf_nat
+ module:net/netfilter/ipvs/*
+ module:net/netfilter/nf_conntrac*
[base]
arches:
Added: dists/wheezy/linux/debian/patches/bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch Mon Apr 13 00:59:51 2015 (r22502)
@@ -0,0 +1,38 @@
+From: Shachar Raindel <raindel at mellanox.com>
+Date: Sun, 04 Jan 2015 18:30:32 +0200
+Subject: IB/core: Prevent integer overflow in ib_umem_get address arithmetic
+Origin: https://marc.info/?l=oss-security&m=142672196502144&w=2
+
+Properly verify that the resulting page aligned end address is larger
+than both the start address and the length of the memory area
+requested.
+
+Both the start and length arguments for ib_umem_get are controlled by
+the user. A misbehaving user can provide values which will cause an
+integer overflow when calculating the page aligned end address.
+
+This overflow can cause also miscalculation of the number of pages
+mapped, and additional logic issues.
+
+Signed-off-by: Shachar Raindel <raindel at mellanox.com>
+Signed-off-by: Jack Morgenstein <jackm at mellanox.com>
+Signed-off-by: Or Gerlitz <ogerlitz at mellanox.com>
+---
+
+--- a/drivers/infiniband/core/umem.c
++++ b/drivers/infiniband/core/umem.c
+@@ -94,6 +94,14 @@ struct ib_umem *ib_umem_get(struct ib_uc
+ if (dmasync)
+ dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+
++ /*
++ * If the combination of the addr and size requested for this memory
++ * region causes an integer overflow, return error.
++ */
++ if ((PAGE_ALIGN(addr + size) <= size) ||
++ (PAGE_ALIGN(addr + size) <= addr))
++ return ERR_PTR(-EINVAL);
++
+ if (!can_do_mlock())
+ return ERR_PTR(-EPERM);
+
Added: dists/wheezy/linux/debian/patches/bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch Mon Apr 13 00:59:51 2015 (r22502)
@@ -0,0 +1,44 @@
+From: "D.S. Ljungmark" <ljungmark at modio.se>
+Date: Wed, 25 Mar 2015 09:28:15 +0100
+Subject: ipv6: Don't reduce hop limit for an interface
+Origin: https://git.kernel.org/linus/6fd99094de2b83d1d4c8457f2c83483b2828e75a
+
+A local route may have a lower hop_limit set than global routes do.
+
+RFC 3756, Section 4.2.7, "Parameter Spoofing"
+
+> 1. The attacker includes a Current Hop Limit of one or another small
+> number which the attacker knows will cause legitimate packets to
+> be dropped before they reach their destination.
+
+> As an example, one possible approach to mitigate this threat is to
+> ignore very small hop limits. The nodes could implement a
+> configurable minimum hop limit, and ignore attempts to set it below
+> said limit.
+
+Signed-off-by: D.S. Ljungmark <ljungmark at modio.se>
+Acked-by: Hannes Frederic Sowa <hannes at stressinduktion.org>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+[bwh: Backported to 3.2: adjust ND_PRINTK() usage]
+---
+ net/ipv6/ndisc.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/ndisc.c
++++ b/net/ipv6/ndisc.c
+@@ -1279,7 +1279,14 @@ static void ndisc_router_discovery(struc
+ rt->rt6i_expires = jiffies + (HZ * lifetime);
+
+ if (ra_msg->icmph.icmp6_hop_limit) {
+- in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
++ /* Only set hop_limit on the interface if it is higher than
++ * the current hop_limit.
++ */
++ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
++ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
++ } else {
++ ND_PRINTK2(KERN_WARNING "RA: Got route advertisement with lower hop_limit than current\n");
++ }
+ if (rt)
+ dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
+ ra_msg->icmph.icmp6_hop_limit);
Added: dists/wheezy/linux/debian/patches/bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch Mon Apr 13 00:59:51 2015 (r22502)
@@ -0,0 +1,50 @@
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Fri, 23 Jan 2015 20:47:00 -0500
+Subject: net: llc: use correct size for sysctl timeout entries
+Origin: https://git.kernel.org/linus/6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
+
+The timeout entries are sizeof(int) rather than sizeof(long), which
+means that when they were getting read we'd also leak kernel memory
+to userspace along with the timeout values.
+
+Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/llc/sysctl_net_llc.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/llc/sysctl_net_llc.c
++++ b/net/llc/sysctl_net_llc.c
+@@ -17,28 +17,28 @@ static struct ctl_table llc2_timeout_tab
+ {
+ .procname = "ack",
+ .data = &sysctl_llc2_ack_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_ack_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+ {
+ .procname = "busy",
+ .data = &sysctl_llc2_busy_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_busy_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+ {
+ .procname = "p",
+ .data = &sysctl_llc2_p_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_p_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+ {
+ .procname = "rej",
+ .data = &sysctl_llc2_rej_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_rej_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
Added: dists/wheezy/linux/debian/patches/bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch Mon Apr 13 00:59:51 2015 (r22502)
@@ -0,0 +1,38 @@
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Tue, 3 Feb 2015 08:55:58 -0500
+Subject: net: rds: use correct size for max unacked packets and bytes
+Origin: https://git.kernel.org/linus/db27ebb111e9f69efece08e4cb6a34ff980f8896
+
+Max unacked packets/bytes is an int while sizeof(long) was used in the
+sysctl table.
+
+This means that when they were getting read we'd also leak kernel memory
+to userspace along with the timeout values.
+
+Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/rds/sysctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c
+index c3b0cd4..c173f69 100644
+--- a/net/rds/sysctl.c
++++ b/net/rds/sysctl.c
+@@ -71,14 +71,14 @@ static struct ctl_table rds_sysctl_rds_table[] = {
+ {
+ .procname = "max_unacked_packets",
+ .data = &rds_sysctl_max_unacked_packets,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "max_unacked_bytes",
+ .data = &rds_sysctl_max_unacked_bytes,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
Added: dists/wheezy/linux/debian/patches/bugfix/all/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_e.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_e.patch Mon Apr 13 00:59:51 2015 (r22502)
@@ -0,0 +1,48 @@
+From: Andrey Vagin <avagin at openvz.org>
+Date: Fri, 28 Mar 2014 13:54:32 +0400
+Subject: netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
+Origin: https://git.kernel.org/linus/223b02d923ecd7c84cf9780bb3686f455d279279
+
+"len" contains sizeof(nf_ct_ext) and size of extensions. In a worst
+case it can contain all extensions. Bellow you can find sizes for all
+types of extensions. Their sum is definitely bigger than 256.
+
+nf_ct_ext_types[0]->len = 24
+nf_ct_ext_types[1]->len = 32
+nf_ct_ext_types[2]->len = 24
+nf_ct_ext_types[3]->len = 32
+nf_ct_ext_types[4]->len = 152
+nf_ct_ext_types[5]->len = 2
+nf_ct_ext_types[6]->len = 16
+nf_ct_ext_types[7]->len = 8
+
+I have seen "len" up to 280 and my host has crashes w/o this patch.
+
+The right way to fix this problem is reducing the size of the ecache
+extension (4) and Florian is going to do this, but these changes will
+be quite large to be appropriate for a stable tree.
+
+Fixes: 5b423f6a40a0 (netfilter: nf_conntrack: fix racy timer handling with reliable)
+Cc: Pablo Neira Ayuso <pablo at netfilter.org>
+Cc: Patrick McHardy <kaber at trash.net>
+Cc: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
+Cc: "David S. Miller" <davem at davemloft.net>
+Signed-off-by: Andrey Vagin <avagin at openvz.org>
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+---
+ include/net/netfilter/nf_conntrack_extend.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/net/netfilter/nf_conntrack_extend.h
++++ b/include/net/netfilter/nf_conntrack_extend.h
+@@ -33,8 +33,8 @@ enum nf_ct_ext_id {
+ /* Extensions: optional stuff which isn't permanently in struct. */
+ struct nf_ct_ext {
+ struct rcu_head rcu;
+- u8 offset[NF_CT_EXT_NUM];
+- u8 len;
++ u16 offset[NF_CT_EXT_NUM];
++ u16 len;
+ char data[0];
+ };
+
Added: dists/wheezy/linux/debian/patches/bugfix/all/xen-pciback-limit-guest-control-of-command-register.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/xen-pciback-limit-guest-control-of-command-register.patch Mon Apr 13 00:59:51 2015 (r22502)
@@ -0,0 +1,150 @@
+From: Jan Beulich <JBeulich at suse.com>
+Date: Wed, 11 Mar 2015 13:51:17 +0000
+Subject: xen-pciback: limit guest control of command register
+Origin: https://git.kernel.org/linus/af6fc858a35b90e89ea7a7ee58e66628c55c776b
+
+Otherwise the guest can abuse that control to cause e.g. PCIe
+Unsupported Request responses by disabling memory and/or I/O decoding
+and subsequently causing (CPU side) accesses to the respective address
+ranges, which (depending on system configuration) may be fatal to the
+host.
+
+Note that to alter any of the bits collected together as
+PCI_COMMAND_GUEST permissive mode is now required to be enabled
+globally or on the specific device.
+
+This is CVE-2015-2150 / XSA-120.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
+Cc: <stable at vger.kernel.org>
+Signed-off-by: David Vrabel <david.vrabel at citrix.com>
+[bwh: Backported to 3.2: also change 'permissive' variable from int to bool]
+---
+ drivers/xen/xen-pciback/conf_space.c | 2 +-
+ drivers/xen/xen-pciback/conf_space.h | 2 +
+ drivers/xen/xen-pciback/conf_space_header.c | 61 +++++++++++++++++++++++------
+ 3 files changed, 51 insertions(+), 14 deletions(-)
+
+--- a/drivers/xen/xen-pciback/conf_space.c
++++ b/drivers/xen/xen-pciback/conf_space.c
+@@ -16,7 +16,7 @@
+ #include "conf_space.h"
+ #include "conf_space_quirks.h"
+
+-static int permissive;
++bool permissive;
+ module_param(permissive, bool, 0644);
+
+ /* This is where xen_pcibk_read_config_byte, xen_pcibk_read_config_word,
+--- a/drivers/xen/xen-pciback/conf_space.h
++++ b/drivers/xen/xen-pciback/conf_space.h
+@@ -64,6 +64,8 @@ struct config_field_entry {
+ void *data;
+ };
+
++extern bool permissive;
++
+ #define OFFSET(cfg_entry) ((cfg_entry)->base_offset+(cfg_entry)->field->offset)
+
+ /* Add fields to a device - the add_fields macro expects to get a pointer to
+--- a/drivers/xen/xen-pciback/conf_space_header.c
++++ b/drivers/xen/xen-pciback/conf_space_header.c
+@@ -9,6 +9,10 @@
+ #include "pciback.h"
+ #include "conf_space.h"
+
++struct pci_cmd_info {
++ u16 val;
++};
++
+ struct pci_bar_info {
+ u32 val;
+ u32 len_val;
+@@ -18,22 +22,36 @@ struct pci_bar_info {
+ #define is_enable_cmd(value) ((value)&(PCI_COMMAND_MEMORY|PCI_COMMAND_IO))
+ #define is_master_cmd(value) ((value)&PCI_COMMAND_MASTER)
+
+-static int command_read(struct pci_dev *dev, int offset, u16 *value, void *data)
++/* Bits guests are allowed to control in permissive mode. */
++#define PCI_COMMAND_GUEST (PCI_COMMAND_MASTER|PCI_COMMAND_SPECIAL| \
++ PCI_COMMAND_INVALIDATE|PCI_COMMAND_VGA_PALETTE| \
++ PCI_COMMAND_WAIT|PCI_COMMAND_FAST_BACK)
++
++static void *command_init(struct pci_dev *dev, int offset)
+ {
+- int i;
+- int ret;
++ struct pci_cmd_info *cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
++ int err;
+
+- ret = xen_pcibk_read_config_word(dev, offset, value, data);
+- if (!pci_is_enabled(dev))
+- return ret;
+-
+- for (i = 0; i < PCI_ROM_RESOURCE; i++) {
+- if (dev->resource[i].flags & IORESOURCE_IO)
+- *value |= PCI_COMMAND_IO;
+- if (dev->resource[i].flags & IORESOURCE_MEM)
+- *value |= PCI_COMMAND_MEMORY;
++ if (!cmd)
++ return ERR_PTR(-ENOMEM);
++
++ err = pci_read_config_word(dev, PCI_COMMAND, &cmd->val);
++ if (err) {
++ kfree(cmd);
++ return ERR_PTR(err);
+ }
+
++ return cmd;
++}
++
++static int command_read(struct pci_dev *dev, int offset, u16 *value, void *data)
++{
++ int ret = pci_read_config_word(dev, offset, value);
++ const struct pci_cmd_info *cmd = data;
++
++ *value &= PCI_COMMAND_GUEST;
++ *value |= cmd->val & ~PCI_COMMAND_GUEST;
++
+ return ret;
+ }
+
+@@ -41,6 +59,8 @@ static int command_write(struct pci_dev
+ {
+ struct xen_pcibk_dev_data *dev_data;
+ int err;
++ u16 val;
++ struct pci_cmd_info *cmd = data;
+
+ dev_data = pci_get_drvdata(dev);
+ if (!pci_is_enabled(dev) && is_enable_cmd(value)) {
+@@ -83,6 +103,19 @@ static int command_write(struct pci_dev
+ }
+ }
+
++ cmd->val = value;
++
++ if (!permissive && (!dev_data || !dev_data->permissive))
++ return 0;
++
++ /* Only allow the guest to control certain bits. */
++ err = pci_read_config_word(dev, offset, &val);
++ if (err || val == value)
++ return err;
++
++ value &= PCI_COMMAND_GUEST;
++ value |= val & ~PCI_COMMAND_GUEST;
++
+ return pci_write_config_word(dev, offset, value);
+ }
+
+@@ -282,6 +315,8 @@ static const struct config_field header_
+ {
+ .offset = PCI_COMMAND,
+ .size = 2,
++ .init = command_init,
++ .release = bar_release,
+ .u.w.read = command_read,
+ .u.w.write = command_write,
+ },
Added: dists/wheezy/linux/debian/patches/bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch Mon Apr 13 00:59:51 2015 (r22502)
@@ -0,0 +1,51 @@
+From: Andy Lutomirski <luto at amacapital.net>
+Date: Thu, 5 Mar 2015 01:09:44 +0100
+Subject: x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization
+Origin: https://git.kernel.org/linus/956421fbb74c3a6261903f3836c0740187cf038b
+
+'ret_from_fork' checks TIF_IA32 to determine whether 'pt_regs' and
+the related state make sense for 'ret_from_sys_call'. This is
+entirely the wrong check. TS_COMPAT would make a little more
+sense, but there's really no point in keeping this optimization
+at all.
+
+This fixes a return to the wrong user CS if we came from int
+0x80 in a 64-bit task.
+
+Signed-off-by: Andy Lutomirski <luto at amacapital.net>
+Cc: Borislav Petkov <bp at alien8.de>
+Cc: Denys Vlasenko <dvlasenk at redhat.com>
+Cc: H. Peter Anvin <hpa at zytor.com>
+Cc: Linus Torvalds <torvalds at linux-foundation.org>
+Cc: Oleg Nesterov <oleg at redhat.com>
+Cc: Thomas Gleixner <tglx at linutronix.de>
+Cc: <stable at vger.kernel.org>
+Link: http://lkml.kernel.org/r/4710be56d76ef994ddf59087aad98c000fbab9a4.1424989793.git.luto@amacapital.net
+[ Backported from tip:x86/asm. ]
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+---
+ arch/x86/kernel/entry_64.S | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/kernel/entry_64.S
++++ b/arch/x86/kernel/entry_64.S
+@@ -414,11 +414,14 @@ ENTRY(ret_from_fork)
+ testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
+ je int_ret_from_sys_call
+
+- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
+- jnz int_ret_from_sys_call
+-
+- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET
+- jmp ret_from_sys_call # go to the SYSRET fastpath
++ /*
++ * By the time we get here, we have no idea whether our pt_regs,
++ * ti flags, and ti status came from the 64-bit SYSCALL fast path,
++ * the slow path, or one of the ia32entry paths.
++ * Use int_ret_from_sys_call to return, since it can safely handle
++ * all of the above.
++ */
++ jmp int_ret_from_sys_call
+
+ CFI_ENDPROC
+ END(ret_from_fork)
Modified: dists/wheezy/linux/debian/patches/series
==============================================================================
--- dists/wheezy/linux/debian/patches/series Mon Apr 13 00:40:50 2015 (r22501)
+++ dists/wheezy/linux/debian/patches/series Mon Apr 13 00:59:51 2015 (r22502)
@@ -1156,3 +1156,11 @@
bugfix/all/nfsv4-minor-cleanups-for-nfs4_handle_exception-and-n.patch
bugfix/all/netfilter-ipset-Check-and-reject-crazy-0-input-param.patch
+
+bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch
+bugfix/all/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_e.patch
+bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch
+bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch
+bugfix/all/xen-pciback-limit-guest-control-of-command-register.patch
+bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch
+bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch
More information about the Kernel-svn-changes
mailing list