Merge changes from 2.6.38-4
svn path=/dists/trunk/linux-2.6/; revision=17248
This commit is contained in:
commit
8e39faa55a
|
@ -11,6 +11,88 @@ linux-2.6 (2.6.39~rc4-1~experimental.1) UNRELEASED; urgency=low
|
|||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Wed, 06 Apr 2011 14:02:37 +0100
|
||||
|
||||
linux-2.6 (2.6.38-4) unstable; urgency=low
|
||||
|
||||
* usb-audio: Define another USB ID for a buggy USB MIDI cable
|
||||
(Closes: #617743)
|
||||
* net: Enable BATMAN_ADV as module (Closes: #622361)
|
||||
* Add stable 2.6.38.3, including:
|
||||
- eCryptfs: Unlock page in write_begin error path
|
||||
- irda: validate peer name and attribute lengths (CVE-2011-1180)
|
||||
- irda: prevent heap corruption on invalid nickname
|
||||
- nilfs2: fix data loss in mmap page write for hole blocks
|
||||
- ALSA: pcm: fix infinite loop in snd_pcm_update_hw_ptr0()
|
||||
- inotify: fix double free/corruption of stuct user
|
||||
- perf: Fix task_struct reference leak
|
||||
- ROSE: prevent heap corruption with bad facilities (CVE-2011-1493)
|
||||
- [x86] mtrr, pat: Fix one cpu getting out of sync during resume
|
||||
- Input: synaptics - fix crash in synaptics_module_init()
|
||||
- ath9k: fix a chip wakeup related crash in ath9k_start
|
||||
- mac80211: fix a crash in minstrel_ht in HT mode with no supported MCS
|
||||
rates
|
||||
- UBIFS: fix oops on error path in read_pnode
|
||||
- quota: Don't write quota info in dquot_commit()
|
||||
- mm: avoid wrapping vm_pgoff in mremap()
|
||||
- wl12xx: fix potential buffer overflow in testmode nvs push
|
||||
- Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
|
||||
- bridge: netfilter: fix information leak (CVE-2011-1080)
|
||||
- Bluetooth: bnep: fix buffer overflow (CVE-2011-1079)
|
||||
- netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
|
||||
- netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
|
||||
- [x86] Revert "x86: Cleanup highmap after brk is concluded"
|
||||
(Closes: #621072)
|
||||
- Squashfs: handle corruption of directory structure
|
||||
- ext4: fix a double free in ext4_register_li_request
|
||||
- ext4: fix credits computing for indirect mapped files
|
||||
- nfsd: fix auth_domain reference leak on nlm operations
|
||||
- nfsd4: fix oops on lock failure
|
||||
- char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
|
||||
- ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
|
||||
- econet: 4 byte infoleak to the network (CVE-2011-1173)
|
||||
- sound/oss: remove offset from load_patch callbacks
|
||||
(CVE-2011-1476, CVE-2011-1477)
|
||||
- inotify: fix double free/corruption of stuct user (CVE-2011-1479)
|
||||
For the complete list of changes, see:
|
||||
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3
|
||||
* Add stable 2.6.38.4, including:
|
||||
- vm: Fix vm_pgoff wrap in stack expansion
|
||||
- cifs: Always do is_path_accessible check in cifs_mount
|
||||
- cifs: Check for private_data before trying to put it
|
||||
- sn9c102: Restrict world-wirtable sysfs files
|
||||
- UBIFS: Restrict world-writable debugfs files
|
||||
- vm: Fix mlock() on stack guard page
|
||||
- UBIFS: Fix assertion warnings
|
||||
- perf: Fix task context scheduling
|
||||
- fib: Add rtnl locking in ip_fib_net_exit
|
||||
- l2tp: Fix possible oops on l2tp_eth module unload
|
||||
- ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.
|
||||
- net_sched: fix ip_tos2prio
|
||||
- pppoe: drop PPPOX_ZOMBIEs in pppoe_flush_dev
|
||||
- xfrm: Refcount destination entry on xfrm_lookup
|
||||
- vlan: Take into account needed_headroom
|
||||
- bridge: Reset IPCB when entering IP stack on NF_FORWARD
|
||||
- futex: Set FLAGS_HAS_TIMEOUT during futex_wait restart setup
|
||||
- oom-kill: Remove boost_dying_task_prio()
|
||||
- UBIFS: Fix oops when R/O file-system is fsync'ed
|
||||
- sched: Fix erroneous all_pinned logic
|
||||
- vmscan: all_unreclaimable() use zone->all_unreclaimable as a name
|
||||
- next_pidmap: fix overflow condition
|
||||
- proc: Do proper range check on readdir offset
|
||||
- [powerpc] Fix oops if scan_dispatch_log is called too early
|
||||
- ehci: Unlink unused QHs when the controller is stopped
|
||||
- USB: Fix formatting of SuperSpeed endpoints in /proc/bus/usb/devices
|
||||
- xhci: Fix math in xhci_get_endpoint_interval()
|
||||
- xhci: Also free streams when resetting devices
|
||||
- USB: Fix unplug of device with active streams
|
||||
- bluetooth: Fix HCI_RESET command synchronization
|
||||
- bridge: Reset IPCB in br_parse_ip_options
|
||||
- ip: ip_options_compile() resilient to NULL skb route
|
||||
For the complete list of changes, see:
|
||||
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.4
|
||||
* [s390] pfault: fix token handling (Closes: #622570)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sat, 23 Apr 2011 03:17:53 +0100
|
||||
|
||||
linux-2.6 (2.6.38-3) unstable; urgency=low
|
||||
|
||||
[ Ben Hutchings ]
|
||||
|
|
|
@ -2414,11 +2414,6 @@ CONFIG_STAGING=y
|
|||
##
|
||||
CONFIG_AUTOFS_FS=m
|
||||
|
||||
##
|
||||
## file: drivers/staging/batman-adv/Kconfig
|
||||
##
|
||||
# CONFIG_BATMAN_ADV is not set
|
||||
|
||||
##
|
||||
## file: drivers/staging/comedi/Kconfig
|
||||
##
|
||||
|
@ -3684,6 +3679,11 @@ CONFIG_NET_9P_VIRTIO=m
|
|||
CONFIG_NET_9P_RDMA=m
|
||||
# CONFIG_NET_9P_DEBUG is not set
|
||||
|
||||
##
|
||||
## file: net/batman-adv/Kconfig
|
||||
##
|
||||
CONFIG_BATMAN_ADV=m
|
||||
|
||||
##
|
||||
## file: net/bluetooth/Kconfig
|
||||
##
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
From: Heiko Carstens <heiko.carstens@de.ibm.com>
|
||||
Subject: [S390] pfault: fix token handling
|
||||
Date: Tue, 19 Apr 2011 08:34:01 +0200
|
||||
|
||||
f6649a7e "[S390] cleanup lowcore access from external interrupts" changed
|
||||
handling of external interrupts. Instead of letting the external interrupt
|
||||
handlers accessing the per cpu lowcore the entry code of the kernel reads
|
||||
already all fields that are necessary and passes them to the handlers.
|
||||
The pfault interrupt handler was incorrectly converted. It tries to
|
||||
dereference a value which used to be a pointer to a lowcore field. After
|
||||
the conversion however it is not anymore the pointer to the field but its
|
||||
content. So instead of a dereference only a cast is needed to get the
|
||||
task pointer that caused the pfault.
|
||||
|
||||
Fixes a NULL pointer dereference and a subsequent kernel crash:
|
||||
|
||||
Unable to handle kernel pointer dereference at virtual kernel address (null)
|
||||
Oops: 0004 [#1] SMP
|
||||
Modules linked in: nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc
|
||||
loop qeth_l3 qeth vmur ccwgroup ext3 jbd mbcache dm_mod
|
||||
dasd_eckd_mod dasd_diag_mod dasd_mod
|
||||
CPU: 0 Not tainted 2.6.38-2-s390x #1
|
||||
Process cron (pid: 1106, task: 000000001f962f78, ksp: 000000001fa0f9d0)
|
||||
Krnl PSW : 0404200180000000 000000000002c03e (pfault_interrupt+0xa2/0x138)
|
||||
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
|
||||
Krnl GPRS: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
|
||||
000000001f962f78 0000000000518968 0000000090000002 000000001ff03280
|
||||
0000000000000000 000000000064f000 000000001f962f78 0000000000002603
|
||||
0000000006002603 0000000000000000 000000001ff7fe68 000000001ff7fe48
|
||||
Krnl Code: 000000000002c036: 5820d010 l %r2,16(%r13)
|
||||
000000000002c03a: 1832 lr %r3,%r2
|
||||
000000000002c03c: 1a31 ar %r3,%r1
|
||||
>000000000002c03e: ba23d010 cs %r2,%r3,16(%r13)
|
||||
000000000002c042: a744fffc brc 4,2c03a
|
||||
000000000002c046: a7290002 lghi %r2,2
|
||||
000000000002c04a: e320d0000024 stg %r2,0(%r13)
|
||||
000000000002c050: 07f0 bcr 15,%r0
|
||||
Call Trace:
|
||||
([<000000001f962f78>] 0x1f962f78)
|
||||
[<000000000001acda>] do_extint+0xf6/0x138
|
||||
[<000000000039b6ca>] ext_no_vtime+0x30/0x34
|
||||
[<000000007d706e04>] 0x7d706e04
|
||||
Last Breaking-Event-Address:
|
||||
[<0000000000000000>] 0x0
|
||||
|
||||
For stable maintainers:
|
||||
the first kernel which contains this bug is 2.6.37.
|
||||
|
||||
Reported-by: Stephen Powell <zlinuxman@wowway.com>
|
||||
Cc: Jonathan Nieder <jrnieder@gmail.com>
|
||||
Cc: stable@kernel.org
|
||||
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
|
||||
---
|
||||
|
||||
arch/s390/mm/fault.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
|
||||
index 9217e33..4cf85fe 100644
|
||||
--- a/arch/s390/mm/fault.c
|
||||
+++ b/arch/s390/mm/fault.c
|
||||
@@ -558,9 +558,9 @@ static void pfault_interrupt(unsigned int ext_int_code,
|
||||
* Get the token (= address of the task structure of the affected task).
|
||||
*/
|
||||
#ifdef CONFIG_64BIT
|
||||
- tsk = *(struct task_struct **) param64;
|
||||
+ tsk = (struct task_struct *) param64;
|
||||
#else
|
||||
- tsk = *(struct task_struct **) param32;
|
||||
+ tsk = (struct task_struct *) param32;
|
||||
#endif
|
||||
|
||||
if (subcode & 0x0080) {
|
|
@ -44,3 +44,4 @@
|
|||
+ debian/sched-autogroup-disabled.patch
|
||||
+ bugfix/all/kconfig-Avoid-buffer-underrun-in-choice-input.patch
|
||||
+ bugfix/all/rt2800-disable-powersaving-as-default.patch
|
||||
+ bugfix/s390/S390-pfault-fix-token-handling.patch
|
||||
|
|
Loading…
Reference in New Issue