Update to 3.14.10
svn path=/dists/sid/linux/; revision=21503
This commit is contained in:
Ben Hutchings
parent
3ce3637f68
commit
1f2cc7d276
|
|
@ -1,3 +1,63 @@
|
|||
linux (3.14.10-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.10
|
||||
- [s390] af_iucv: wrong mapping of sent and confirmed skbs
|
||||
- Staging: rtl8188eu: overflow in update_sta_support_rate()
|
||||
- USB: option: fix runtime PM handling
|
||||
- hugetlb: restrict hugepage_migration_support() to x86_64
|
||||
- kthread: fix return value of kthread_create() upon SIGKILL.
|
||||
- mm/memory-failure.c-failure: send right signal code to correct thread
|
||||
- mm/memory-failure.c: don't let collect_procs() skip over processes for
|
||||
MF_ACTION_REQUIRED
|
||||
- ptrace: fix fork event messages across pid namespaces
|
||||
- idr: fix overflow bug during maximum ID calculation at maximum height
|
||||
- [s390] time: cast tv_nsec to u64 prior to shift in update_vsyscall
|
||||
(regression in 3.13)
|
||||
- [s390] lowcore: reserve 96 bytes for IRB in lowcore
|
||||
- ext4: fix data integrity sync in ordered mode
|
||||
- ext4: fix zeroing of page during writeback
|
||||
- ext4: fix wrong assert in ext4_mb_normalize_request()
|
||||
- USB: usb_wwan: fix race between write and resume
|
||||
- USB: usb_wwan: fix write and suspend race
|
||||
- USB: usb_wwan: fix urb leak at shutdown
|
||||
- USB: sierra: fix use after free at suspend/resume
|
||||
- USB: sierra: fix remote wakeup
|
||||
- USB: serial: fix potential runtime pm imbalance at device remove
|
||||
- media: stk1160: Avoid stack-allocated buffer for control URBs
|
||||
- rtmutex: Detect changes in the pi lock chain
|
||||
- rtmutex: Handle deadlock detection smarter
|
||||
- rtmutex: Plug slow unlock race
|
||||
- media: uvcvideo: Fix clock param realtime setting
|
||||
- media: saa7134: fix regression with tvtime (regression in 3.14)
|
||||
- Bluetooth: Fix L2CAP deadlock
|
||||
- Target/iser: Wait for proper cleanup before unloading
|
||||
- target: Set CMD_T_ACTIVE bit for Task Management Requests
|
||||
- target: Use complete_all for se_cmd->t_transport_stop_comp
|
||||
- iscsi-target: Fix ABORT_TASK + connection reset iscsi_queue_req memory
|
||||
leak
|
||||
- target: Explicitly clear ramdisk_mcp backend pages
|
||||
- [x86] x86-32, espfix: Remove filter for espfix32 due to race
|
||||
- aio: fix aio request leak when events are reaped by userspace
|
||||
- aio: fix kernel memory disclosure in io_getevents() introduced in v3.10
|
||||
(CVE-2014-0206)
|
||||
- CIFS: Fix memory leaks in SMB2_open
|
||||
- Btrfs: fix double free in find_lock_delalloc_range
|
||||
- Btrfs: make sure there are not any read requests before stopping workers
|
||||
- Btrfs: mark mapping with error flag to report errors to userspace
|
||||
- Btrfs: set right total device count for seeding support
|
||||
- fs: btrfs: volumes.c: Fix for possible null pointer dereference
|
||||
- Btrfs: don't check nodes for extent items
|
||||
- Btrfs: fix scrub_print_warning to handle skinny metadata extents
|
||||
- btrfs: fix use of uninit "ret" in end_extent_writepage()
|
||||
- btrfs: allocate raid type kobjects dynamically
|
||||
- lz4: fix another possible overrun
|
||||
- epoll: fix use-after-free in eventpoll_release_file
|
||||
- builddeb: use $OBJCOPY variable instead of objcopy (regression in 3.12)
|
||||
- [i386] efi-pstore: Fix an overflow on 32-bit builds
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sun, 06 Jul 2014 18:42:50 +0100
|
||||
|
||||
linux (3.14.9-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
|
|
|
|||
|
|
@ -1,38 +0,0 @@
|
|||
From: James Bottomley <JBottomley@Parallels.com>
|
||||
Date: Fri, 28 Mar 2014 10:50:17 -0700
|
||||
Subject: [SCSI] Fix spurious request sense in error handling
|
||||
Origin: https://git.kernel.org/linus/d555a2abf3481f81303d835046a5ec2c4fb3ca8e
|
||||
|
||||
We unconditionally execute scsi_eh_get_sense() to make sure all failed
|
||||
commands that should have sense attached, do. However, the routine forgets
|
||||
that some commands, because of the way they fail, will not have any sense code
|
||||
... we should not bother them with a REQUEST_SENSE command. Fix this by
|
||||
testing to see if we actually got a CHECK_CONDITION return and skip asking for
|
||||
sense if we don't.
|
||||
|
||||
Tested-by: Alan Stern <stern@rowland.harvard.edu>
|
||||
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
|
||||
---
|
||||
drivers/scsi/scsi_error.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
|
||||
index 771c16b..d020149 100644
|
||||
--- a/drivers/scsi/scsi_error.c
|
||||
+++ b/drivers/scsi/scsi_error.c
|
||||
@@ -1157,6 +1157,15 @@ int scsi_eh_get_sense(struct list_head *work_q,
|
||||
__func__));
|
||||
break;
|
||||
}
|
||||
+ if (status_byte(scmd->result) != CHECK_CONDITION)
|
||||
+ /*
|
||||
+ * don't request sense if there's no check condition
|
||||
+ * status because the error we're processing isn't one
|
||||
+ * that has a sense code (and some devices get
|
||||
+ * confused by sense requests out of the blue)
|
||||
+ */
|
||||
+ continue;
|
||||
+
|
||||
SCSI_LOG_ERROR_RECOVERY(2, scmd_printk(KERN_INFO, scmd,
|
||||
"%s: requesting sense\n",
|
||||
current->comm));
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
From: Andy Lutomirski <luto@amacapital.net>
|
||||
Date: Mon, 23 Jun 2014 14:22:15 -0700
|
||||
Subject: x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/554086d85e71f30abe46fc014fea31929a7c6a8a
|
||||
|
||||
The bad syscall nr paths are their own incomprehensible route
|
||||
through the entry control flow. Rearrange them to work just like
|
||||
syscalls that return -ENOSYS.
|
||||
|
||||
This fixes an OOPS in the audit code when fast-path auditing is
|
||||
enabled and sysenter gets a bad syscall nr (CVE-2014-4508).
|
||||
|
||||
This has probably been broken since Linux 2.6.27:
|
||||
af0575bba0 i386 syscall audit fast-path
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Cc: Roland McGrath <roland@redhat.com>
|
||||
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
|
||||
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
|
||||
Link: http://lkml.kernel.org/r/e09c499eade6fc321266dd6b54da7beb28d6991c.1403558229.git.luto@amacapital.net
|
||||
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
|
||||
---
|
||||
arch/x86/kernel/entry_32.S | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/entry_32.S
|
||||
+++ b/arch/x86/kernel/entry_32.S
|
||||
@@ -431,9 +431,10 @@ sysenter_past_esp:
|
||||
jnz sysenter_audit
|
||||
sysenter_do_call:
|
||||
cmpl $(NR_syscalls), %eax
|
||||
- jae syscall_badsys
|
||||
+ jae sysenter_badsys
|
||||
call *sys_call_table(,%eax,4)
|
||||
movl %eax,PT_EAX(%esp)
|
||||
+sysenter_after_call:
|
||||
LOCKDEP_SYS_EXIT
|
||||
DISABLE_INTERRUPTS(CLBR_ANY)
|
||||
TRACE_IRQS_OFF
|
||||
@@ -688,7 +689,12 @@ END(syscall_fault)
|
||||
|
||||
syscall_badsys:
|
||||
movl $-ENOSYS,PT_EAX(%esp)
|
||||
- jmp resume_userspace
|
||||
+ jmp syscall_exit
|
||||
+END(syscall_badsys)
|
||||
+
|
||||
+sysenter_badsys:
|
||||
+ movl $-ENOSYS,PT_EAX(%esp)
|
||||
+ jmp sysenter_after_call
|
||||
END(syscall_badsys)
|
||||
CFI_ENDPROC
|
||||
/*
|
||||
|
|
@ -90,6 +90,4 @@ bugfix/mips/MIPS-Fix-branch-emulation-of-branch-likely-instructi.patch
|
|||
debian/drivers-base-platform-avoid-abi-change-in-3.14.6.patch
|
||||
debian/dma-avoid-abi-change-in-3.14.6.patch
|
||||
debian/vfs-avoid-abi-change-for-cve-2014-4014.patch
|
||||
bugfix/all/SCSI-Fix-spurious-request-sense-in-error-handling.patch
|
||||
debian/alsa-avoid-abi-change-for-cve-2014-4652-fix.patch
|
||||
bugfix/x86/x86_32-entry-Do-syscall-exit-work-on-badsys-CVE-2014.patch
|
||||
|
|
|
|||
Loading…
Reference in New Issue