rerevert s390 2.6.18.1 revert,

add upstream fix2 for the copy_from_user mem padding

svn path=/dists/trunk/linux-2.6/; revision=7696

debian/changelog

@@ -1,3 +1,12 @@
+linux-2.6 (2.6.18-5) UNRELEASE; urgency=low
+
+  * [s390] readd the fix for ""S390: user readable uninitialised kernel memory
+    (CVE-2006-5174)"
+  * [s390] temorarly add patch queued for 2.6.18.3 fixing 32 bit opcodes and
+    instructions.
+
+ -- maximilian attems <maks@sternwelten.at>  Sun,  5 Nov 2006 20:26:11 +0100
+
 linux-2.6 (2.6.18-4) unstable; urgency=low
 
   [ Norbert Tretkowski ]

debian/patches/bugfix/s390-copy_from_user_padding_take2.patch

@@ -0,0 +1,70 @@
+From chrisw@sous-sol.org Sun Nov  5 20:18:14 2006
+From: Chris Wright <chrisw@sous-sol.org>
+To: maximilian attems <maks@sternwelten.at>
+Cc: heiko.carstens@de.ibm.com, linux390@de.ibm.com,
+	debian-kernel@lists.debian.org, stable@kernel.org
+Subject: Re: [stable] s390 2.6.18.2 debian build failure
+
+* maximilian attems (maks@sternwelten.at) wrote:
+> as a future datapoint the problematic patch is from 2.6.18.1:
+> [S390] user readable uninitialised kernel memory.
+
+This should fix that up, and is queued for next -stable.
+
+thanks,
+-chris
+--
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+
+[S390] user readable uninitialised kernel memory, take 2.
+
+The previous patch to correct the copy_from_user padding is quite
+broken. The execute instruction needs to be done via the register %r4,
+not via %r2 and 31 bit doesn't know the instructions lgr and ahji.
+
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+
+
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+---
+ arch/s390/lib/uaccess.S   |   10 +++++-----
+ arch/s390/lib/uaccess64.S |    2 +-
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff -urpN linux-2.6.18.1/arch/s390/lib/uaccess64.S linux-2.6.18.1-s390/arch/s390/lib/uaccess64.S
+--- linux-2.6.18.1/arch/s390/lib/uaccess64.S	2006-10-14 05:34:03.000000000 +0200
++++ linux-2.6.18.1-s390/arch/s390/lib/uaccess64.S	2006-10-17 13:21:20.000000000 +0200
+@@ -49,7 +49,7 @@ __copy_from_user_asm:
+ 	la	%r2,256(%r2)
+ 8:	aghi	%r5,-256
+ 	jnm	7b
+-	ex	%r5,0(%r2)
++	ex	%r5,0(%r4)
+ 9:	lgr	%r2,%r3
+ 	br	%r14
+         .section __ex_table,"a"
+diff -urpN linux-2.6.18.1/arch/s390/lib/uaccess.S linux-2.6.18.1-s390/arch/s390/lib/uaccess.S
+--- linux-2.6.18.1/arch/s390/lib/uaccess.S	2006-10-14 05:34:03.000000000 +0200
++++ linux-2.6.18.1-s390/arch/s390/lib/uaccess.S	2006-10-17 13:21:06.000000000 +0200
+@@ -41,15 +41,15 @@ __copy_from_user_asm:
+ 5:	mvcp	0(%r5,%r2),0(%r4),%r0
+ 	slr	%r3,%r5
+ 	alr	%r2,%r5
+-6:	lgr	%r5,%r3		# copy remaining size
++6:	lr	%r5,%r3		# copy remaining size
+ 	ahi	%r5,-1		# subtract 1 for xc loop
+ 	bras	%r4,8f
+-	xc	0(1,%2),0(%2)
+-7:	xc	0(256,%2),0(%2)
++	xc	0(1,%r2),0(%r2)
++7:	xc	0(256,%r2),0(%r2)
+ 	la	%r2,256(%r2)
+-8:	ahji	%r5,-256
++8:	ahi	%r5,-256
+ 	jnm	7b
+-	ex	%r5,0(%r2)
++	ex	%r5,0(%r4)
+ 9:	lr	%r2,%r3
+ 	br	%r14
+         .section __ex_table,"a"
+

debian/patches/series/5

@@ -0,0 +1,2 @@
+- bugfix/s390-ftbfs-2.6.18.1.patch
++ bugfix/s390-copy_from_user_padding_take2.patch