Add more fixes currently in the patch queue for 3.2.24
svn path=/dists/sid/linux/; revision=19277
This commit is contained in:
parent
3eb84c68dc
commit
7bc48edffc
|
@ -44,6 +44,9 @@ linux (3.2.23-1) UNRELEASED; urgency=low
|
|||
* [x86] hwmon: Enable SENSORS_SCH5636 as module (Closes: #680934)
|
||||
* atl1c: fix issue of transmit queue 0 timed out
|
||||
* raid5: delayed stripe fix (Closes: #680366)
|
||||
* fs: Remove easily user-triggerable BUG from generic_setlease
|
||||
* tcp: drop SYN+FIN messages
|
||||
* fifo: Do not restart open() if it already found a partner (Closes: #678852)
|
||||
|
||||
[ Arnaud Patard ]
|
||||
* [mipsel] add r8169 to d-i udeb.
|
||||
|
|
110
debian/patches/bugfix/all/fifo-do-not-restart-open-if-it-already-found-a-partner.patch
vendored
Normal file
110
debian/patches/bugfix/all/fifo-do-not-restart-open-if-it-already-found-a-partner.patch
vendored
Normal file
|
@ -0,0 +1,110 @@
|
|||
From: Anders Kaseorg <andersk@MIT.EDU>
|
||||
Date: Sun, 15 Jul 2012 17:14:25 -0400
|
||||
Subject: fifo: Do not restart open() if it already found a partner
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
commit 05d290d66be6ef77a0b962ebecf01911bd984a78 upstream.
|
||||
|
||||
If a parent and child process open the two ends of a fifo, and the
|
||||
child immediately exits, the parent may receive a SIGCHLD before its
|
||||
open() returns. In that case, we need to make sure that open() will
|
||||
return successfully after the SIGCHLD handler returns, instead of
|
||||
throwing EINTR or being restarted. Otherwise, the restarted open()
|
||||
would incorrectly wait for a second partner on the other end.
|
||||
|
||||
The following test demonstrates the EINTR that was wrongly thrown from
|
||||
the parent’s open(). Change .sa_flags = 0 to .sa_flags = SA_RESTART
|
||||
to see a deadlock instead, in which the restarted open() waits for a
|
||||
second reader that will never come. (On my systems, this happens
|
||||
pretty reliably within about 5 to 500 iterations. Others report that
|
||||
it manages to loop ~forever sometimes; YMMV.)
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#define CHECK(x) do if ((x) == -1) {perror(#x); abort();} while(0)
|
||||
|
||||
void handler(int signum) {}
|
||||
|
||||
int main()
|
||||
{
|
||||
struct sigaction act = {.sa_handler = handler, .sa_flags = 0};
|
||||
CHECK(sigaction(SIGCHLD, &act, NULL));
|
||||
CHECK(mknod("fifo", S_IFIFO | S_IRWXU, 0));
|
||||
for (;;) {
|
||||
int fd;
|
||||
pid_t pid;
|
||||
putc('.', stderr);
|
||||
CHECK(pid = fork());
|
||||
if (pid == 0) {
|
||||
CHECK(fd = open("fifo", O_RDONLY));
|
||||
_exit(0);
|
||||
}
|
||||
CHECK(fd = open("fifo", O_WRONLY));
|
||||
CHECK(close(fd));
|
||||
CHECK(waitpid(pid, NULL, 0));
|
||||
}
|
||||
}
|
||||
|
||||
This is what I suspect was causing the Git test suite to fail in
|
||||
t9010-svn-fe.sh:
|
||||
|
||||
http://bugs.debian.org/678852
|
||||
|
||||
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
||||
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
fs/fifo.c | 9 ++++-----
|
||||
1 file changed, 4 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/fs/fifo.c b/fs/fifo.c
|
||||
index b1a524d..cf6f434 100644
|
||||
--- a/fs/fifo.c
|
||||
+++ b/fs/fifo.c
|
||||
@@ -14,7 +14,7 @@
|
||||
#include <linux/sched.h>
|
||||
#include <linux/pipe_fs_i.h>
|
||||
|
||||
-static void wait_for_partner(struct inode* inode, unsigned int *cnt)
|
||||
+static int wait_for_partner(struct inode* inode, unsigned int *cnt)
|
||||
{
|
||||
int cur = *cnt;
|
||||
|
||||
@@ -23,6 +23,7 @@ static void wait_for_partner(struct inode* inode, unsigned int *cnt)
|
||||
if (signal_pending(current))
|
||||
break;
|
||||
}
|
||||
+ return cur == *cnt ? -ERESTARTSYS : 0;
|
||||
}
|
||||
|
||||
static void wake_up_partner(struct inode* inode)
|
||||
@@ -67,8 +68,7 @@ static int fifo_open(struct inode *inode, struct file *filp)
|
||||
* seen a writer */
|
||||
filp->f_version = pipe->w_counter;
|
||||
} else {
|
||||
- wait_for_partner(inode, &pipe->w_counter);
|
||||
- if(signal_pending(current))
|
||||
+ if (wait_for_partner(inode, &pipe->w_counter))
|
||||
goto err_rd;
|
||||
}
|
||||
}
|
||||
@@ -90,8 +90,7 @@ static int fifo_open(struct inode *inode, struct file *filp)
|
||||
wake_up_partner(inode);
|
||||
|
||||
if (!pipe->readers) {
|
||||
- wait_for_partner(inode, &pipe->r_counter);
|
||||
- if (signal_pending(current))
|
||||
+ if (wait_for_partner(inode, &pipe->r_counter))
|
||||
goto err_wr;
|
||||
}
|
||||
break;
|
37
debian/patches/bugfix/all/remove-easily-user-triggerable-bug-from-generic_setlease.patch
vendored
Normal file
37
debian/patches/bugfix/all/remove-easily-user-triggerable-bug-from-generic_setlease.patch
vendored
Normal file
|
@ -0,0 +1,37 @@
|
|||
From: Dave Jones <davej@redhat.com>
|
||||
Date: Fri, 13 Jul 2012 13:35:36 -0400
|
||||
Subject: Remove easily user-triggerable BUG from generic_setlease
|
||||
|
||||
commit 8d657eb3b43861064d36241e88d9d61c709f33f0 upstream.
|
||||
|
||||
This can be trivially triggered from userspace by passing in something unexpected.
|
||||
|
||||
kernel BUG at fs/locks.c:1468!
|
||||
invalid opcode: 0000 [#1] SMP
|
||||
RIP: 0010:generic_setlease+0xc2/0x100
|
||||
Call Trace:
|
||||
__vfs_setlease+0x35/0x40
|
||||
fcntl_setlease+0x76/0x150
|
||||
sys_fcntl+0x1c6/0x810
|
||||
system_call_fastpath+0x1a/0x1f
|
||||
|
||||
Signed-off-by: Dave Jones <davej@redhat.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
fs/locks.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/fs/locks.c b/fs/locks.c
|
||||
index 814c51d..fce6238 100644
|
||||
--- a/fs/locks.c
|
||||
+++ b/fs/locks.c
|
||||
@@ -1465,7 +1465,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
|
||||
case F_WRLCK:
|
||||
return generic_add_lease(filp, arg, flp);
|
||||
default:
|
||||
- BUG();
|
||||
+ return -EINVAL;
|
||||
}
|
||||
}
|
||||
EXPORT_SYMBOL(generic_setlease);
|
|
@ -0,0 +1,32 @@
|
|||
From: Eric Dumazet <eric.dumazet@gmail.com>
|
||||
Date: Fri, 2 Dec 2011 23:41:42 +0000
|
||||
Subject: tcp: drop SYN+FIN messages
|
||||
|
||||
commit fdf5af0daf8019cec2396cdef8fb042d80fe71fa upstream.
|
||||
|
||||
Denys Fedoryshchenko reported that SYN+FIN attacks were bringing his
|
||||
linux machines to their limits.
|
||||
|
||||
Dont call conn_request() if the TCP flags includes SYN flag
|
||||
|
||||
Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
|
||||
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
net/ipv4/tcp_input.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
|
||||
index 78dd38c..0cbb440 100644
|
||||
--- a/net/ipv4/tcp_input.c
|
||||
+++ b/net/ipv4/tcp_input.c
|
||||
@@ -5811,6 +5811,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
|
||||
goto discard;
|
||||
|
||||
if (th->syn) {
|
||||
+ if (th->fin)
|
||||
+ goto discard;
|
||||
if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
|
||||
return 1;
|
||||
|
|
@ -379,8 +379,12 @@ features/all/fermi-accel/drm-nouveau-inform-userspace-of-relaxed-kernel-subch.pa
|
|||
features/all/fermi-accel/drm-nouveau-oops-increase-channel-dispc_vma-to-4.patch
|
||||
features/all/fermi-accel/drm-nvd0-disp-ignore-clock-set-if-no-pclk.patch
|
||||
features/all/fermi-accel/drm-nouveau-bump-version-to-1.0.0.patch
|
||||
|
||||
bugfix/all/net-e100-ucode-is-optional-in-some-cases.patch
|
||||
bugfix/x86/drm-i915-prefer-wide-slow-to-fast-narrow-in-DP-confi.patch
|
||||
bugfix/all/cipso-don-t-follow-a-NULL-pointer-when-setsockopt-is.patch
|
||||
bugfix/all/atl1c-fix-issue-of-transmit-queue-0-timed-out.patch
|
||||
bugfix/all/raid5-delayed-stripe-fix.patch
|
||||
bugfix/all/remove-easily-user-triggerable-bug-from-generic_setlease.patch
|
||||
bugfix/all/tcp-drop-syn-fin-messages.patch
|
||||
bugfix/all/fifo-do-not-restart-open-if-it-already-found-a-partner.patch
|
||||
|
|
Loading…
Reference in New Issue