Merge /dists/sid/linux-2.6.
svn path=/dists/trunk/linux-2.6/; revision=6472
This commit is contained in:
parent
416228d3e4
commit
eb9e0c5274
|
@ -11,16 +11,16 @@ subarches:
|
|||
vserver
|
||||
|
||||
[apus]
|
||||
depends: mkvmlinuz (>= 19)
|
||||
depends: mkvmlinuz (>= 20)
|
||||
|
||||
[powerpc]
|
||||
depends: mkvmlinuz (>= 19)
|
||||
depends: mkvmlinuz (>= 20)
|
||||
|
||||
[powerpc-smp]
|
||||
depends: mkvmlinuz (>= 19)
|
||||
depends: mkvmlinuz (>= 20)
|
||||
|
||||
[powerpc-miboot]
|
||||
depends: mkvmlinuz (>= 19)
|
||||
depends: mkvmlinuz (>= 20)
|
||||
|
||||
[powerpc64]
|
||||
kpkg-subarch: powerpc64
|
||||
|
|
|
@ -7,7 +7,7 @@ flavours:
|
|||
recommends: util-vserver
|
||||
|
||||
[powerpc]
|
||||
depends: mkvmlinuz (>= 18)
|
||||
depends: mkvmlinuz (>= 20)
|
||||
|
||||
[powerpc64]
|
||||
kpkg-subarch: powerpc64
|
||||
|
|
|
@ -9,7 +9,52 @@ linux-2.6 (2.6.16-99experimental.1) UNRELEASED; urgency=low
|
|||
|
||||
-- maximilian attems <maks@sternwelten.at> Tue, 18 Apr 2006 02:09:27 +0200
|
||||
|
||||
linux-2.6 (2.6.16-7) UNRELEASED; urgency=low
|
||||
linux-2.6 (2.6.16-9) unstable; urgency=low
|
||||
|
||||
[ maximilian attems ]
|
||||
* Add stable release 2.6.16.8:
|
||||
- ip_route_input panic fix (CVE-2006-1525)
|
||||
* Add stable release 2.6.16.9:
|
||||
- i386/x86-64: Fix x87 information leak between processes (CVE-2006-1056)
|
||||
|
||||
[ Bastian Blank ]
|
||||
* Update vserver patch to 2.0.2-rc17.
|
||||
|
||||
-- Bastian Blank <waldi@debian.org> Thu, 20 Apr 2006 15:37:28 +0200
|
||||
|
||||
linux-2.6 (2.6.16-8) unstable; urgency=low
|
||||
|
||||
* Fix ABI-breakage introduced in -7. (closes: #363032)
|
||||
* Add stable release 2.6.16.6:
|
||||
- ext3: Fix missed mutex unlock
|
||||
- RLIMIT_CPU: fix handling of a zero limit
|
||||
- alpha: SMP boot fixes
|
||||
- m32r: security fix of {get, put}_user macros
|
||||
- m32r: Fix cpu_possible_map and cpu_present_map initialization for SMP kernel
|
||||
- shmat: stop mprotect from giving write permission to a readonly attachment (CVE-2006-1524)
|
||||
- powerpc: fix incorrect SA_ONSTACK behaviour for 64-bit processes
|
||||
- MPBL0010 driver sysfs permissions wide open
|
||||
- cciss: bug fix for crash when running hpacucli
|
||||
- fuse: fix oops in fuse_send_readpages()
|
||||
- Fix utime(2) in the case that no times parameter was passed in.
|
||||
- Fix buddy list race that could lead to page lru list corruptions
|
||||
- NETFILTER: Fix fragmentation issues with bridge netfilter
|
||||
- USB: remove __init from usb_console_setup
|
||||
- Fix suspend with traced tasks
|
||||
- isd200: limit to BLK_DEV_IDE
|
||||
- edac_752x needs CONFIG_HOTPLUG
|
||||
- fix non-leader exec under ptrace
|
||||
- sky2: bad memory reference on dual port cards
|
||||
- atm: clip causes unregister hang
|
||||
- powerpc: iSeries needs slb_initialize to be called
|
||||
- Fix block device symlink name
|
||||
- Incorrect signature sent on SMB Read
|
||||
* Add stable release 2.6.16.7:
|
||||
- fix MADV_REMOVE vulnerability (CVE-2006-1524 for real this time)
|
||||
|
||||
-- Bastian Blank <waldi@debian.org> Tue, 18 Apr 2006 16:22:31 +0200
|
||||
|
||||
linux-2.6 (2.6.16-7) unstable; urgency=low
|
||||
|
||||
[ Frederik Schüler ]
|
||||
* Add stable release 2.6.16.3:
|
||||
|
@ -33,7 +78,7 @@ linux-2.6 (2.6.16-7) UNRELEASED; urgency=low
|
|||
[ Christian T. Steigies ]
|
||||
* [m68k] update m68k patch and config to 2.6.16, temporarily disable atari
|
||||
|
||||
-- maximilian attems <maks@sternwelten.at> Thu, 13 Apr 2006 11:16:42 +0200
|
||||
-- Bastian Blank <waldi@debian.org> Sat, 15 Apr 2006 13:56:05 +0200
|
||||
|
||||
linux-2.6 (2.6.16-6) unstable; urgency=medium
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,14 @@
|
|||
diff --git a/mm/madvise.c b/mm/madvise.c
|
||||
index af3d573..4e19615 100644
|
||||
--- a/mm/madvise.c
|
||||
+++ b/mm/madvise.c
|
||||
@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_are
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
+ if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
|
||||
+ return -EACCES;
|
||||
+
|
||||
mapping = vma->vm_file->f_mapping;
|
||||
|
||||
offset = (loff_t)(start - vma->vm_start)
|
|
@ -0,0 +1,16 @@
|
|||
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
|
||||
index fca5fe0..a67955e 100644
|
||||
--- a/net/ipv4/route.c
|
||||
+++ b/net/ipv4/route.c
|
||||
@@ -2750,7 +2750,10 @@ int inet_rtm_getroute(struct sk_buff *in
|
||||
/* Reserve room for dummy headers, this skb can pass
|
||||
through good chunk of routing engine.
|
||||
*/
|
||||
- skb->mac.raw = skb->data;
|
||||
+ skb->mac.raw = skb->nh.raw = skb->data;
|
||||
+
|
||||
+ /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
|
||||
+ skb->nh.iph->protocol = IPPROTO_ICMP;
|
||||
skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
|
||||
|
||||
if (rta[RTA_SRC - 1])
|
|
@ -0,0 +1,178 @@
|
|||
diff --git a/arch/i386/kernel/cpu/amd.c b/arch/i386/kernel/cpu/amd.c
|
||||
index 0810f81..d2d50cb 100644
|
||||
--- a/arch/i386/kernel/cpu/amd.c
|
||||
+++ b/arch/i386/kernel/cpu/amd.c
|
||||
@@ -207,6 +207,8 @@ #define CBAR_KEY (0X000000CB)
|
||||
set_bit(X86_FEATURE_K7, c->x86_capability);
|
||||
break;
|
||||
}
|
||||
+ if (c->x86 >= 6)
|
||||
+ set_bit(X86_FEATURE_FXSAVE_LEAK, c->x86_capability);
|
||||
|
||||
display_cacheinfo(c);
|
||||
|
||||
diff --git a/arch/x86_64/kernel/process.c b/arch/x86_64/kernel/process.c
|
||||
index 22a05de..818ab9e 100644
|
||||
--- a/arch/x86_64/kernel/process.c
|
||||
+++ b/arch/x86_64/kernel/process.c
|
||||
@@ -527,8 +527,6 @@ __switch_to(struct task_struct *prev_p,
|
||||
int cpu = smp_processor_id();
|
||||
struct tss_struct *tss = &per_cpu(init_tss, cpu);
|
||||
|
||||
- unlazy_fpu(prev_p);
|
||||
-
|
||||
/*
|
||||
* Reload esp0, LDT and the page table pointer:
|
||||
*/
|
||||
@@ -591,6 +589,12 @@ __switch_to(struct task_struct *prev_p,
|
||||
prev->userrsp = read_pda(oldrsp);
|
||||
write_pda(oldrsp, next->userrsp);
|
||||
write_pda(pcurrent, next_p);
|
||||
+
|
||||
+ /* This must be here to ensure both math_state_restore() and
|
||||
+ kernel_fpu_begin() work consistently.
|
||||
+ And the AMD workaround requires it to be after DS reload. */
|
||||
+ unlazy_fpu(prev_p);
|
||||
+
|
||||
write_pda(kernelstack,
|
||||
task_stack_page(next_p) + THREAD_SIZE - PDA_STACKOFFSET);
|
||||
|
||||
diff --git a/arch/x86_64/kernel/setup.c b/arch/x86_64/kernel/setup.c
|
||||
index aa55e3c..a4a0bb5 100644
|
||||
--- a/arch/x86_64/kernel/setup.c
|
||||
+++ b/arch/x86_64/kernel/setup.c
|
||||
@@ -909,6 +909,10 @@ #endif
|
||||
if (c->x86 == 15 && ((level >= 0x0f48 && level < 0x0f50) || level >= 0x0f58))
|
||||
set_bit(X86_FEATURE_REP_GOOD, &c->x86_capability);
|
||||
|
||||
+ /* Enable workaround for FXSAVE leak */
|
||||
+ if (c->x86 >= 6)
|
||||
+ set_bit(X86_FEATURE_FXSAVE_LEAK, &c->x86_capability);
|
||||
+
|
||||
r = get_model_name(c);
|
||||
if (!r) {
|
||||
switch (c->x86) {
|
||||
diff --git a/include/asm-i386/cpufeature.h b/include/asm-i386/cpufeature.h
|
||||
index c4ec2a4..9d15eec 100644
|
||||
--- a/include/asm-i386/cpufeature.h
|
||||
+++ b/include/asm-i386/cpufeature.h
|
||||
@@ -70,6 +70,7 @@ #define X86_FEATURE_K7 (3*32+ 5) /* Ath
|
||||
#define X86_FEATURE_P3 (3*32+ 6) /* P3 */
|
||||
#define X86_FEATURE_P4 (3*32+ 7) /* P4 */
|
||||
#define X86_FEATURE_CONSTANT_TSC (3*32+ 8) /* TSC ticks at a constant rate */
|
||||
+#define X86_FEATURE_FXSAVE_LEAK (3*32+10) /* FXSAVE leaks FOP/FIP/FOP */
|
||||
|
||||
/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
|
||||
#define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */
|
||||
diff --git a/include/asm-i386/i387.h b/include/asm-i386/i387.h
|
||||
index 152d0ba..7b1f011 100644
|
||||
--- a/include/asm-i386/i387.h
|
||||
+++ b/include/asm-i386/i387.h
|
||||
@@ -13,6 +13,7 @@ #define __ASM_I386_I387_H
|
||||
|
||||
#include <linux/sched.h>
|
||||
#include <linux/init.h>
|
||||
+#include <linux/kernel_stat.h>
|
||||
#include <asm/processor.h>
|
||||
#include <asm/sigcontext.h>
|
||||
#include <asm/user.h>
|
||||
@@ -38,17 +39,38 @@ #define restore_fpu(tsk) \
|
||||
extern void kernel_fpu_begin(void);
|
||||
#define kernel_fpu_end() do { stts(); preempt_enable(); } while(0)
|
||||
|
||||
+/* We need a safe address that is cheap to find and that is already
|
||||
+ in L1 during context switch. The best choices are unfortunately
|
||||
+ different for UP and SMP */
|
||||
+#ifdef CONFIG_SMP
|
||||
+#define safe_address (__per_cpu_offset[0])
|
||||
+#else
|
||||
+#define safe_address (kstat_cpu(0).cpustat.user)
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* These must be called with preempt disabled
|
||||
*/
|
||||
static inline void __save_init_fpu( struct task_struct *tsk )
|
||||
{
|
||||
+ /* Use more nops than strictly needed in case the compiler
|
||||
+ varies code */
|
||||
alternative_input(
|
||||
- "fnsave %1 ; fwait ;" GENERIC_NOP2,
|
||||
- "fxsave %1 ; fnclex",
|
||||
+ "fnsave %[fx] ;fwait;" GENERIC_NOP8 GENERIC_NOP4,
|
||||
+ "fxsave %[fx]\n"
|
||||
+ "bt $7,%[fsw] ; jc 1f ; fnclex\n1:",
|
||||
X86_FEATURE_FXSR,
|
||||
- "m" (tsk->thread.i387.fxsave)
|
||||
- :"memory");
|
||||
+ [fx] "m" (tsk->thread.i387.fxsave),
|
||||
+ [fsw] "m" (tsk->thread.i387.fxsave.swd) : "memory");
|
||||
+ /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception
|
||||
+ is pending. Clear the x87 state here by setting it to fixed
|
||||
+ values. __per_cpu_offset[0] is a random variable that should be in L1 */
|
||||
+ alternative_input(
|
||||
+ GENERIC_NOP8 GENERIC_NOP2,
|
||||
+ "emms\n\t" /* clear stack tags */
|
||||
+ "fildl %[addr]", /* set F?P to defined value */
|
||||
+ X86_FEATURE_FXSAVE_LEAK,
|
||||
+ [addr] "m" (safe_address));
|
||||
task_thread_info(tsk)->status &= ~TS_USEDFPU;
|
||||
}
|
||||
|
||||
diff --git a/include/asm-x86_64/cpufeature.h b/include/asm-x86_64/cpufeature.h
|
||||
index 76bb619..662964b 100644
|
||||
--- a/include/asm-x86_64/cpufeature.h
|
||||
+++ b/include/asm-x86_64/cpufeature.h
|
||||
@@ -64,6 +64,7 @@ #define X86_FEATURE_CENTAUR_MCR (3*32+ 3
|
||||
#define X86_FEATURE_REP_GOOD (3*32+ 4) /* rep microcode works well on this CPU */
|
||||
#define X86_FEATURE_CONSTANT_TSC (3*32+5) /* TSC runs at constant rate */
|
||||
#define X86_FEATURE_SYNC_RDTSC (3*32+6) /* RDTSC syncs CPU core */
|
||||
+#define X86_FEATURE_FXSAVE_LEAK (3*32+7) /* FIP/FOP/FDP leaks through FXSAVE */
|
||||
|
||||
/* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
|
||||
#define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */
|
||||
diff --git a/include/asm-x86_64/i387.h b/include/asm-x86_64/i387.h
|
||||
index 876eb9a..cba8a3b 100644
|
||||
--- a/include/asm-x86_64/i387.h
|
||||
+++ b/include/asm-x86_64/i387.h
|
||||
@@ -72,6 +72,23 @@ #define set_fpu_cwd(t,val) ((t)->thread.
|
||||
#define set_fpu_swd(t,val) ((t)->thread.i387.fxsave.swd = (val))
|
||||
#define set_fpu_fxsr_twd(t,val) ((t)->thread.i387.fxsave.twd = (val))
|
||||
|
||||
+#define X87_FSW_ES (1 << 7) /* Exception Summary */
|
||||
+
|
||||
+/* AMD CPUs don't save/restore FDP/FIP/FOP unless an exception
|
||||
+ is pending. Clear the x87 state here by setting it to fixed
|
||||
+ values. The kernel data segment can be sometimes 0 and sometimes
|
||||
+ new user value. Both should be ok.
|
||||
+ Use the PDA as safe address because it should be already in L1. */
|
||||
+static inline void clear_fpu_state(struct i387_fxsave_struct *fx)
|
||||
+{
|
||||
+ if (unlikely(fx->swd & X87_FSW_ES))
|
||||
+ asm volatile("fnclex");
|
||||
+ alternative_input(ASM_NOP8 ASM_NOP2,
|
||||
+ " emms\n" /* clear stack tags */
|
||||
+ " fildl %%gs:0", /* load to clear state */
|
||||
+ X86_FEATURE_FXSAVE_LEAK);
|
||||
+}
|
||||
+
|
||||
static inline int restore_fpu_checking(struct i387_fxsave_struct *fx)
|
||||
{
|
||||
int err;
|
||||
@@ -119,6 +136,7 @@ #else
|
||||
#endif
|
||||
if (unlikely(err))
|
||||
__clear_user(fx, sizeof(struct i387_fxsave_struct));
|
||||
+ /* No need to clear here because the caller clears USED_MATH */
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -149,7 +167,7 @@ #else
|
||||
"i" (offsetof(__typeof__(*tsk),
|
||||
thread.i387.fxsave)));
|
||||
#endif
|
||||
- __asm__ __volatile__("fnclex");
|
||||
+ clear_fpu_state(&tsk->thread.i387.fxsave);
|
||||
}
|
||||
|
||||
static inline void kernel_fpu_begin(void)
|
|
@ -0,0 +1,18 @@
|
|||
diff -urN linux-2.6-2.6.16.old/include/linux/seccomp.h linux-2.6-2.6.16/include/linux/seccomp.h
|
||||
--- linux-2.6-2.6.16.old/include/linux/seccomp.h 2006-03-20 06:53:29.000000000 +0100
|
||||
+++ linux-2.6-2.6.16/include/linux/seccomp.h 2006-04-17 12:01:01.000000000 +0200
|
||||
@@ -26,9 +26,12 @@
|
||||
|
||||
#else /* CONFIG_SECCOMP */
|
||||
|
||||
-typedef struct { } seccomp_t;
|
||||
+typedef struct { int mode; } seccomp_t;
|
||||
+
|
||||
+static inline void secure_computing(int this_syscall)
|
||||
+{
|
||||
+}
|
||||
|
||||
-#define secure_computing(x) do { } while (0)
|
||||
/* static inline to preserve typechecking */
|
||||
static inline int has_secure_computing(struct thread_info *ti)
|
||||
{
|
|
@ -0,0 +1,3 @@
|
|||
+ include-linux-seccomp-abifix.patch
|
||||
+ 2.6.16.6
|
||||
+ 2.6.16.7
|
|
@ -0,0 +1,2 @@
|
|||
+ 2.6.16.8
|
||||
+ 2.6.16.9
|
|
@ -0,0 +1 @@
|
|||
+ vserver-vs2.0.2-rc17-update.patch *_vserver
|
|
@ -0,0 +1,75 @@
|
|||
diff -urN linux-2.6-2.6.16-vs2.0.2-rc16/fs/namei.c linux-2.6-2.6.16-vs2.0.2-rc17/fs/namei.c
|
||||
--- linux-2.6-2.6.16-vs2.0.2-rc16/fs/namei.c 2006-04-19 14:47:38.000000000 +0200
|
||||
+++ linux-2.6-2.6.16-vs2.0.2-rc17/fs/namei.c 2006-04-19 14:48:36.000000000 +0200
|
||||
@@ -242,7 +242,7 @@
|
||||
|
||||
vxwprintk(1, "xid=%d denied access to %p[#%d,%lu] »%s«.",
|
||||
vx_current_xid(), inode, inode->i_xid, inode->i_ino,
|
||||
- vxd_path(nd->dentry, nd->mnt));
|
||||
+ vxd_cond_path(nd));
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
diff -urN linux-2.6-2.6.16-vs2.0.2-rc16/include/linux/vserver/debug.h linux-2.6-2.6.16-vs2.0.2-rc17/include/linux/vserver/debug.h
|
||||
--- linux-2.6-2.6.16-vs2.0.2-rc16/include/linux/vserver/debug.h 2006-04-19 14:47:39.000000000 +0200
|
||||
+++ linux-2.6-2.6.16-vs2.0.2-rc17/include/linux/vserver/debug.h 2006-04-19 14:48:36.000000000 +0200
|
||||
@@ -60,11 +60,13 @@
|
||||
printk(VX_WARNLEVEL f "\n" , ##x); \
|
||||
} while (0)
|
||||
|
||||
-
|
||||
#define vxd_path(d,m) \
|
||||
({ static char _buffer[PATH_MAX]; \
|
||||
d_path((d), (m), _buffer, sizeof(_buffer)); })
|
||||
|
||||
+#define vxd_cond_path(n) \
|
||||
+ ((n) ? vxd_path((n)->dentry, (n)->mnt) : "<null>" )
|
||||
+
|
||||
#else /* CONFIG_VSERVER_DEBUG */
|
||||
|
||||
#define vx_debug_switch 0
|
||||
@@ -82,6 +84,7 @@
|
||||
#define vxwprintk(x...) do { } while (0)
|
||||
|
||||
#define vxd_path "<none>"
|
||||
+#define vxd_cond_path vxd_path
|
||||
|
||||
#endif /* CONFIG_VSERVER_DEBUG */
|
||||
|
||||
diff -urN linux-2.6-2.6.16-vs2.0.2-rc16/net/ipv4/devinet.c linux-2.6-2.6.16-vs2.0.2-rc17/net/ipv4/devinet.c
|
||||
--- linux-2.6-2.6.16-vs2.0.2-rc16/net/ipv4/devinet.c 2006-04-19 14:47:39.000000000 +0200
|
||||
+++ linux-2.6-2.6.16-vs2.0.2-rc17/net/ipv4/devinet.c 2006-04-19 14:48:37.000000000 +0200
|
||||
@@ -529,33 +529,6 @@
|
||||
return rc;
|
||||
}
|
||||
|
||||
-/*
|
||||
- Check that a device is not member of the ipv4root assigned to the process
|
||||
- Return true if this is the case
|
||||
-
|
||||
- If the process is not bound to specific IP, then it returns 0 (all
|
||||
- interface are fine).
|
||||
-*/
|
||||
-static inline int devinet_notiproot (struct in_ifaddr *ifa)
|
||||
-{
|
||||
- int ret = 0;
|
||||
- struct nx_info *nxi;
|
||||
-
|
||||
- if ((nxi = current->nx_info)) {
|
||||
- int i;
|
||||
- int nbip = nxi->nbipv4;
|
||||
- __u32 addr = ifa->ifa_local;
|
||||
- ret = 1;
|
||||
- for (i=0; i<nbip; i++) {
|
||||
- if(nxi->ipv4[i] == addr) {
|
||||
- ret = 0;
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
- return ret;
|
||||
-}
|
||||
-
|
||||
|
||||
int devinet_ioctl(unsigned int cmd, void __user *arg)
|
||||
{
|
Loading…
Reference in New Issue